Worried about the security of your data? Did you know that SPARC+Solaris servers are not only Meltdown free, but also the ONLY platform that you can buy today that runs an Oracle Database that was not impacted by the Meltdown vulnerability.
The ONLY Architecture…
Meltdown attacks the divide between user application memory and operating system memory. This attack allows a program to access memory it would normally not access, leaking your data where users can see it. Except for Solaris/SPARC users! All V9 processors running Solaris are not susceptible to the Meltdown attack, this includes the T4, T5, M5, M6, S7, M7, M8, M10 and M12 processors… just to name a few.
But you run Solaris on x86.. sorry, like most other servers you are vulnerable as the attack requires architecture weakness found on Intel, AMD and IBM Power systems, to name a few.
This protection from Meltdown comes from the fact that Solaris and the SPARC processor manage memory differently verses Intel, AMD and IBM Power based servers. Simply put, Solaris isolates the memory between the OS and the Application. Other advantages to this different memory management model are seen by Oracle Database users and allows the database to change the memory footprint without a reboot of the database. This memory management advantage also greatly improves the startup time for large memory databases.
What is even worse for the Intel, AMD, is that the patches currently introduced to try to mask the CPU vulnerabilities are also introducing stability and driver issues into the Operating systems. Users are reporting that the patches are causing issues an an alarming rate, examples can be found here, here and here. Users are also reporting performance issues with these patches, as seen on TheRegister, Artstechnica and even business sites like Forbes! Imagine the impact to your production database when a server crashes due to a patch, or the long-term impact on your business due to the slower performance.
Running IBM Power, to my knowledge no patches have been released as of the date of this BLOG post.
Maybe it’s time to rethink this path to an x64 datacenter, and dust off your Solaris servers… not only are they faster per core than x64, but also more secure. SPARC process also include onboard crypto acceleration that allow you to encrypt data in motion AND data at rest with almost not performance impact. Other security abilities include role based accounting, integrated compliance reporting and more.
Worried about Spectre 1 and 2? While Oracle and Fujitsu has been quite about these systems, I have been unable to trigger S1 or S2 on the Fujitsu M12 processor. S1 and S2 are complex attacks, and being unable to trigger them does not mean that the systems are not safe. The final word must come from the manufacture.
This is not news. My Dell rep said Intel processors can be patched.
Actual all modern Intel and AMD processors are vulnerable. Manufacturers like Dell, HP, Oracle, Microsoft, Red Hat etc. are all working on patches that attempt to mask this vulnerability, but this is just a band-aid. As with any temporary fix, there are challenges ( like stability and performance) that are introduced into the systems.
You state Solaris/SPARC is more sure, can you elaborate on this? Isn’t Linux more secure because it’s open source?
Thanks for the BLOG post idea Mike. Take a look here: http://talesfromthedatacenter.com/2018/01/solaris-11-4-a-secure-os-for-your-cloud/
Why does open source imply better security? The most common fallacy I hear is “because we can read the source”. Really? And how many lines have you read? I can assure you the bad guys have read much more of the source than the well-intentioned IT professional or developer. Access to the source is generally best used in remediation *after* an incident for the good guys.
As for its liabilities? Code developed from disparate sources of unknown origin, quality, and intentions — despite the best efforts of the moderators and resellers to scrutinize and patch the code. Subsystems built on the random “you got chocolate in my peanut butter” principle is not optimal and offers plenty of room for performance and security vulnerabilities. Many other liabilities.
Not saying your “Open Source” operating system isn’t useful, usable, reliable, etc just that, by its very nature, it does not have an advantage in security. There’s also a reason Solaris and SPARC were *the* platform for security for decades despite not being open source.
SPARC/Solaris architecture has multiple TLB(Translation Lookaside Buffer).
TLB is separated on user data,user instruction, Kernel data,Kernel instruction.
User instruction cannot access kernel instruction and kernel data.
User instruction can only access limited kernel data area.
Only Solaris OS can control these access.
It’s depend on SPARC v9 hardware architecture and Solaris OS.
This architecture make very higher level security barrier.
Windows /Linux update cannot reach SPARC/Solaris level security barrier.
This technology is designed by Sun microsystems in 1980th.
I love Sun microsystems architecture.