Meltdown and Spectre Effects on vRealize Operations Manager 6.7
book
Article ID: 319639
calendar_today
Updated On:
Products
VMware Aria Suite
Issue/Introduction
vRealize Operations Manager is not effected by Meltdown or Spectre.
In the interest of compliance and security protocols, Page Table Isolation (PTI) has been enabled in vRealize Operations Manager 6.7 for the underlying SLES Operating System. Due to other performance optimizations in vRealize Operations Manager 6.7, there is no performance degradation with PTI enabled.
PTI can still be disabled on vRealize Operations Manager 6.7 by following the steps in the Resolution section.
Environment
VMware vRealize Operations Manager 6.7.x
Cause
Meltdown and Spectre vulnerabilities both require access to the server; this is critical for systems that have unprivileged user accounts and allow unprivileged users to login. vRealize Operations Manager does not have unprivileged user accounts The only way to log into a vRealize Operations Manager node is by using the root or admin accounts.
Resolution
PTI on vRealize Operations Manager 6.7 can be disabled at your own risk by following the steps below:
Log into the Admin UI as admin.
Click the Take Offline button to take the vRealize Operations Manager cluster offline.
Enter a Reason, and click OK.
Log into the Primary node as root via SSH or Console.
Open /boot/grub/menu.lst in a text editor.
In the line(s) starting with kernel, change pti=on to pti=off.