In this article we describe how SkillsWorkflow mitigated the industry-wide CPU vulnerabilities known as "speculative execution side-channel attacks" also known as Meltdown and Spectre.
SkillsWorkflow cloud offering runs on Microsoft Azure on top of Azure's PaaS services.
More specifically, SkillsWorkflow is comprised by a set of services and background workers running on Azure App Services.
As we don't directly run any Virtual Machines we rely on Azure to roll out patches to the underlying operating systems that support SkillsWorkflow's App Services to mitigate these vulnerabilities.
Azure has rolled out updates to its infrastructure to address these issues, as described here and on Azure internal issue G8DX-Z50.
According to this article by the Azure team, actions have been taken to ensure the updated systems do not suffer any significant performance impact.
We have been monitoring our services closely and have not observed any noticeable impact on system performance.
Some integration agents run on premises on our customers' infrastructure.
These agents are:
- AD Blocker - Active Directory blocking agent;
- SkillsWorkflow.Sap - SAP integration agent.
From our testing of running the agents on updated systems we don't expect any impact.
Our agents are mostly I/O bound, so eventual CPU overhead introduced by the fixes should not have any significant impact.