Over a million developers have joined DZone.
{{announcement.body}}
{{announcement.title}}

Meltdown Performance Impact on MongoDB: AWS, Azure, and DigitalOcean

DZone's Guide to

Meltdown Performance Impact on MongoDB: AWS, Azure, and DigitalOcean

In this article, you'll learn how the Meltdown and Spectre vulnerabilities will impact your database that is hosted in the cloud.

· Security Zone ·
Free Resource

Discover how to provide active runtime protection for your web applications from known and unknown vulnerabilities including Remote Code Execution Attacks.

Meltdown and Spectre Vulnerabilities

What are these new critical vulnerabilities? "Meltdown" and "Spectre" are vulnerabilities in the way many modern microprocessor designs implement speculative execution of instructions. Independently discovered last June, these vulnerabilities can be exploited by malicious programs to steal sensitive information from personal computers, mobile devices, and even cloud infrastructures where millions of businesses store their customer data profiles. More detailed information can be found at CVE-2017-5715 and CVE-2017-5754.

  • Meltdown

    Meltdown breaks the most fundamental isolation between user applications and the operating system. Read more.
  • Spectre

    Spectre breaks the isolation between different applications. Read more.

Over the past week, the ScaleGrid team has run performance tests to determine the impact of the Meltdown CPU kernel patch on our MongoDB servers. In this post, we'll cover the results of the Meltdown tests we ran for each of the three cloud platforms that we support - Amazon AWS, Microsoft Azure, and DigitalOcean (DO).

Test Rig

We used Yahoo! Cloud Serving Benchmark (YCSB) to run these tests, and run against our 'Large' instance type - typically with around 8GB of RAM. Here are the two primarily we ran:

  1. Insert workload
  2. Workload A/Balanced workload: 50% Reads, 50% Writes

For more details on the testing methodology, please refer to our post, How to Benchmark MongoDB with YCSB.

Cloud Meltdown Test Summary

  • AWS

    4%-5% hit on insert workload and 2-3% hit on the balanced workload (50% read, 50% write).
  • Azure

    10-20% hit on insert workload and a 20-25% hit on the balanced workload.
  • DigitalOcean

    30% hit on insert workload and ~30% hit on the balanced workload.

AWS Meltdown Tests

We use AWS Amazon Linux for all our MongoDB and Redis clusters on AWS. For more details on the patches, refer to the AWS Security Bulletin.

awsinsertperformanceAWSWorkloadAPerformance

AWS Tests Summary

On average, we're seeing a 4%-5% hit on AWS insert flow and 2-3% hit on the balanced workload. The underlying instance type for this type is an 'HVM type' (hardware virtual machine) - so the expected impact is minimal. With Paravirtual (PV) instance types, the impact will be much larger (closer to what we see and outline with Azure below).


Azure Meltdown Tests

We use CentOS 6 for all our MongoDB clusters on Azure. Here's where you can find more information about the Azure patches and the Microsoft Windows patches.

azureinsertperformance

AzureBalancedworkloadperformance

Azure Tests Summary

On average, we're seeing a 10-20% hit in the Azure insert workload and a 20-25% hit in the balanced workload.

DigitalOcean Meltdown Tests

We use CentOS 6 for all our MongoDB clusters on DigitalOcean. Here's where you can find more information on the patches available for your DigitalOcean droplets. digitaloceaninsertperformancedigitaloceanbalancedworkload

DigitalOcean Tests Summary

We see a 30% hit on insert performance and around 30% hit in the balanced workload.

We're committed to helping our customers keep their MongoDB servers patched and secure from vulnerabilities. To learn more about further protecting your MongoDB cloud deployments, check out our post, The Three A's of MongoDB Security - Authentication, Authorizing & Auditing.

Find out how Waratek’s award-winning application security platform can improve the security of your new and legacy applications and platforms with no false positives, code changes or slowing your application.

Topics:
mongodb ,aws ,security ,database security ,meltdown

Published at DZone with permission of

Opinions expressed by DZone contributors are their own.

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}