In a recent post we’ve discussed how to leverage vRealize Operations to assess the performance & capacity impact of the Spectre and Meltdown patches. Though the situation around these patches continues to evolve let’s build upon gauging the infrastructure impact and move deeper into the stack. In addition to vRealize Operations we can leverage Log Insight and Wave Front to understand what the impact is on applications as well. The impact of these patches will vary for each use case and application. But answering questions like how are my users impacted by this is an extremely important part of the equation. Are you using Horizon Desktops or Published Applications for Healthcare providers? You might ask yourselves has their experience changed with patching? What about consumer facing web services, are they just as speedy as they used to be, or has there been an increase in response times with patching?

Monitoring the application impact is going to vary from application to application. The first question to ask is, does my application have response time data available? If yes, how is that data presented or accessed? If the answer is yes again, then getting that data into the right tool set and a little analysis is all you need. Below we will go through two examples of how to measure the impact.

To get started with this you will need a baseline system. Which is any system that is currently unpatched. Once we have that we can compare that baseline to a newly patched system. With both scenarios a pool concept can be leveraged to achieve your goals. For Horizon you will have two desktop pools one with all the patches and one without. For your web application the same concept, a set of web servers patched and another unpatched.

Let’s start by looking at a consumer facing web application built on top of Microsoft IIS. We know that IIS stores response time information in a log file. The best way to handle this is to install the IIS content pack available on the content pack market place, and to install the vRealize Log Insight agent on your IIS servers.

Be sure to pay attention to the page after this as it has important details about getting the right metrics out of IIS. The following kb http://support.microsoft.com/kb/313437 is referenced, and a great place to go.

Now that the content pack is ready, and your agent is installed and configured on your IIS servers you are set to start looking at IIS response times. Go to the Microsoft – IIS content pack General – Information dashboard. Here you will find a widget for Average IIS response-time. Open interactive analytics from that widget and you can now customize it to understand the patching impact.

In interactive analytics we are taken to search criteria that is looking for ms_iis_response_time > 0

There are a myriad of ways to create filters for the data you want. Hostname, IP address, website, etc. For this example, we are going to leverage a tag within the li_agent.ini file. In this example a new tag of meltdown_spectre_patched with a value of true or false.

To visualize this all add the tag to the graphing widget within interactive analytics.

Now that we have the data we are looking for we can analyze the impact and start to answer more difficult questions. Are your customers are seeing and feeling the impact, can it be mitigated by distributing the load of the web application across more servers, etc. The answer to that is difficult but now you have data to help guide those decisions, pairing it with our earlier post you can now gauge the end to end impact patching for Spectre and meltdown has for your environment.

Moving on to looking at logins on your RDS or Desktop pools it’s even easier. The vRealize Operations for Horizon Management solution has everything you need built in. Navigate to the appropriate VDI or RDS Pool Dashboard, select a pool and then look for Login Times. Within the dashboard you can quickly select the pool and view the corresponding login times. This dashboard enables you to easily look at the impact that patching has on your environment.

Want to learn more about how VMware is enabling you to better monitor and secure your environment? Join my colleagues Naman Sharma from the NSBU and Chris Vallee from the CMBU as they go more in depth in a webinar on 2/21.