Worried about the security of your data? Did you know that SPARC+Solaris servers are not only Meltdown free, but also the ONLY platform that you can buy today that runs an Oracle Database that was not impacted by the Meltdown vulnerability.
The ONLY Architecture…
Meltdown attacks the divide between user application memory and operating system memory. This attack allows a program to access memory it would normally not access, leaking your data where users can see it. Except for Solaris/SPARC users! All V9 processors running Solaris are not susceptible to the Meltdown attack, this includes the T4, T5, M5, M6, S7, M7, M8, M10 and M12 processors… just to name a few.
But you run Solaris on x86.. sorry, like most other servers you are vulnerable as the attack requires architecture weakness found on Intel, AMD and IBM Power systems, to name a few.
This protection from Meltdown comes from the fact that Solaris and the SPARC processor manage memory differently verses Intel, AMD and IBM Power based servers. Simply put, Solaris isolates the memory between the OS and the Application. Other advantages to this different memory management model are seen by Oracle Database users and allows the database to change the memory footprint without a reboot of the database. This memory management advantage also greatly improves the startup time for large memory databases.
What is even worse for the Intel, AMD, is that the patches currently introduced to try to mask the CPU vulnerabilities are also introducing stability and driver issues into the Operating systems. Users are reporting that the patches are causing issues an an alarming rate, examples can be found here, here and here. Users are also reporting performance issues with these patches, as seen on TheRegister, Artstechnica and even business sites like Forbes! Imagine the impact to your production database when a server crashes due to a patch, or the long-term impact on your business due to the slower performance.
Running IBM Power, to my knowledge no patches have been released as of the date of this BLOG post.
Maybe it’s time to rethink this path to an x64 datacenter, and dust off your Solaris servers… not only are they faster per core than x64, but also more secure. SPARC process also include onboard crypto acceleration that allow you to encrypt data in motion AND data at rest with almost not performance impact. Other security abilities include role based accounting, integrated compliance reporting and more.
Worried about Spectre 1 and 2? While Oracle and Fujitsu has been quite about these systems, I have been unable to trigger S1 or S2 on the Fujitsu M12 processor. S1 and S2 are complex attacks, and being unable to trigger them does not mean that the systems are not safe. The final word must come from the manufacture.