Jump to content
Welcome to our new Citrix community!
  • 0

Applying updates to xen hosts with different CPU features


jon yeargers

Question

I have a pool with two different 'series' of CPUs. (The servers were purchased several years apart) I'm wanting to apply XS76E004 et al to the pool but have a few questions:

 

1. Since I can't freely migrate VMs between these hosts - can I update one host at a time? 

2. Would I install the patch on every host and then restart them individually or do "install / restart" and then move to the next host?

3. Since I'm not experiencing any security issues - do I even need to do this patch?  (Naive - yes, I know)

4. I see that XS v 8.0 is available. Should I just skip ahead? Or do I need to patch everyone before I can upgrade?

Link to comment

3 answers to this question

Recommended Posts

  • 0

If they are in the same pool and have different CPU features, and a reboot is required, you likely will run into the issue that VMs cannot be automatically migrated as other CPU features may change.

 

I therefore recommend that you in any case always start with the pool master, and as needed, you use the CLI to force a migration of VMs to other hosts. I have had to do this a number of times. Even with hosts all the same, sometimes updates change the CPU masks in heterogeneous pools and you still run into this problem.

 

Something like this should work for between pools:

 

xe vm-migrate remote-master=x.x.x.x remote-username=root remote-password=******* vm=vm-name live=true power-state=live force=true

 

Otherwise, if within the same pool, you don't need to specify the remote-master (run "xe help vm-migrate" for more information).

 

As to patches, they are all there for a purpose and in general should always be applied. Note, however,  that in this case, this won't help unless you also disable hyperthreading.

That becomes for many administrators a problem in that performance is likely to be degraded quite a bit. Going to version 8.0 will not change that. Finally, in many caes you have no idea if you are really experiencing security issues until it is too late -- never assume!

 

-=Tobias

  • Like 1
Link to comment
  • 1

Read the fine print in https://support.citrix.com/article/CTX251995 :

 

Quote

What Customers Should Do

Full mitigation of these issues for systems with vulnerable CPUs requires all of:

Updates to Citrix Hypervisor

Updates to the CPU microcode

Disabling CPU hyper-threading (also known as simultaneous multi-threading)

 

The latest vulnerability affects the data flow between hyperthreads.

 

-=Tobias

  • Like 1
Link to comment

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...