Significant concern exists about the impact on VMS servers and video surveillance systems of patching the Meltdown and Spectre flaws. Generally, reports have claimed a significant increase in CPU loads, though the amounts have varied depending on the source and services being used. This could be very problematic for VMS servers as it risks problems in recording, watching or playing back video.
Meltdown / Spectre Summary
Meltdown is a flaw in protections allowing unauthorized applications to access OS kernel protected memory. Spectre allows unauthorized applications to trick other programs into divulging private data. For technical details on these, see The Meltdown and Spectre CPU Bugs, Explained or various other online tech sources.
How To Patch
Users may see if their Windows machine is vulnerable using PowerShell, following the steps in this guide.
If so, in order to avoid both of these vulnerabilities, users must install two updates:
- Windows Update KB4056892: This update should have been included in regular Windows Updates as of early January. This fixes the Meltdown vulnerability.
- BIOS update: To fix the Spectre vulnerability, users must update their system BIOS, provided by their hardware manufacturer.
However, many devices have not yet received a BIOS update. Out of four different hardware manufacturers we checked (Acer, Asus, HP, and Intel NUCs), only Intel had released a BIOS update for our machines.
IPVM measured CPU load of server and client processes prior to applying Windows and BIOS updates, and again after updating, using two configurations:
- Recording only, 25 cameras, ~150 Mb/s
- Recording and viewing, 10 cameras, ~30 Mb/s
Test Machine Specs
IPVM tested on three separate machines, all with the same hardware configuration, as follows:
Operating System: Windows 10 Pro 64-bit (10.0, Build 16299) (16299.rs3_release.170928-1534)
BIOS: RYBDWi35.86A.0350.2015.0812.1722 (pre-update)/RYBDWi35.86A.0368.2017.1220.0950 (post-update)
Processor: Intel(R) Core(TM) i7-5557U CPU @ 3.10GHz (4 CPUs), ~3.1GHz
Memory: 8192MB RAM
Note that these machines are fairly high spec, with relatively new processors (1-2 generations old). Older generation processors and lower spec machines are likely to see a greater impact.
Inside this report, we examine the results achieved across Avigilon, Exacq and Milestone plus our recommendations.