A new Azure VM capability – “Disabling Hyperthreading” – has been released this week that may provide greater performance & security for folks using Virtual Machines in Azure.
- The origins of this feature are sourced from a new class of Intel CPU vulnerabilities which makes the use of hyperthreading potentially a risk for companies specifically using untrusted code.
- Additionally, as a side benefit for some, disabling hyperthreading may improve performance for certain heavy workloads.
Here’s the recently released process on how to disable hyperthreading:
[taken from Guidance for mitigating speculative execution side-channel vulnerabilities in Azure]
Disable hyperthreading on the VM – Customers running untrusted code on a hyperthreaded VM will need to disable hyperthreading or move to a non-hyperthreaded VM size. To check if your VM has hyperthreading enabled, please refer to the below script using the Windows command line from within the VM.
Type
wmicto enter the interactive interface. Then type the below to view the amount of physical and logical processors on the VM.
CPU Get NumberOfCores,NumberOfLogicalProcessors /Format:ListIf the number of logical processors is greater than physical processors (cores), then hyperthreading is enabled. If you are running a hyperthreaded VM, please contact Azure Support to get hyperthreading disabled. Once hyperthreading is disabled, support will require a full VM reboot.
[Thank you to Lee Reese & Raj Nemani for hunting this down for our customers]
kurtsh
Kurt Shintaku's Blog 