Wednesday, May 9, 2018

Inconsistent LUN mapping related issues on ESXi hosts

Lately came across this issue, where for some reason storage team unmapped and re-mapped few RDM LUNs to VM host group (from Storage array side) and now the respective RDM disks connected to VMs get disappeared.
We had already re-scanned the hosts to storage change and Luns were showing as mounted on all the hosts and after spending two hours with VMware support we had also rebooted the host but that didn't make any difference.

Finally when we rebooted the cluster nodes then I found this has something to do with consistent mapping of rdm Luns across VM hosts (where the cluster nodes residing).

In order to check if a LUN is consistently mapped on all VM hosts in cluster, one need to have a look at Lun's canonical name's ( corresponding

One can check the's corresponding by running following cmd  on host (over ssh, using putty),
esxcli storage core device list -d

So, if the is naa.60060480000190104063533030353445 then the command would be,

esxcli storage core device list -d naa.60060480000190104063533030353445

For example,  vml.02000500006006048000019010406353303035344553594d4d4554

One need to look at the fifth and sixth digits (see highlighted) of, this is hexadecimal number which represents the LUN number. On converting to decimal it should match to actual Lun number.

Now to fix this issue what we can do is,  remove the affected RDM disk from the both nodes and then delete the RDM pointer file from Datastore (this doesn’t affect your actual data on LUN). Now after re-scanning the hosts for Datastores, re-add the LUN as RDM drive on both nodes. Now you would be able to power on the affected node.

If due to any reason above doesn’t work then as above after removing the affected RDM drives from both nodes, follow these steps,
  1. Note the NAA_ID of the LUN.
  2. Detach RDM using vSphere client.
  3. Un-present  the LUN from host on storage array. 
  4. Rescan host storage. 
  5. Remove LUN from detached list using these commands:

    #esxcli storage core device detached list
    #esxcli storage core device detached remove -d
  6. Rescan the host storage. 
  7. Re-present LUN to host. 
  8. Now again rescan the hosts for datastores
Now cross check the on hosts and it should be same and after adding the RDM drive on nodes you will be able to power on the VM nodes.

Note: If the LUN has been flagged as perennially reserved, this can prevent the removal from succeeding and step 5 would fail.

Run this command to remove the flag:

#esxcli storage core device setconfig -d --perennially-reserved=false

Now the command to remove the device should work.

# esxcli storage core device detached remove -d

I had faced a related issue in past and discussed about that in following post, 

After unexpacted host reboot, Powering on a RDM attached virtual machine fails with the error: Incompatible device backing specified for device '0

That's it... :)

Friday, April 6, 2018

AWS Public IP vs Elastic IP and how can we assign one to EC2 instance

In my previous post I mentioned that in order to make an EC2 instance internet accessible, it should have a Public or Elastic IP assigned. Here anyone new to AWS may wonder that, what is this Elastic IP and How its different from Public IP.

In this post we will discuss about the similarities and differences between these two and how one can assign a Public or Elastic IP to an EC2 instance.

If you are looking from a functional point of view then they both are publicly routable IP addresses and can be used to connect your instance to internet but are different how they persist and the way you can assign one to your instance.

public IP address is assigned to your instance from Amazon's pool of public IPv4 addresses, and is not associated with your AWS account. When a public IP address is disassociated from your instance, it is released back into the public IPv4 address pool, and you cannot reuse it.

If we put it in simple word then, Public IP addresses are dynamic, which means if you stop/start your instance you get reassigned a new public IP however it would persist if you just reboot the ec2 instance.

Public IP addresses are free and you will not be charged anything for using them.

An Elastic IP address is a static public IPv4 address, designed for dynamic cloud computing. If your instance does not have a public IPv4 address, you can associate an Elastic IP address with your instance to enable communication with the internet.

An Elastic IP address is associated with your AWS account and with it, you can mask the failure of an instance or software by rapidly remapping the address to another instance in your account.
While your instance is running, you are not charged for one Elastic IP address associated with the instance, but you are charged for any additional Elastic IP addresses which is not in use.

Now let’s look at the difference between these two IP types.

1. Elastic IPs are assigned to AWS accounts which you can attach to instances. Public IPs assigned to instances directly.
2. You cannot manually attach or detach public IP from the instance. It’s auto allocated from the pool. Elastic IP can be manually attached and detach from the instance.

3. When an instance is stopped and started again, public IP gets changed. But if the instance is assigned with elastic IP, it will remain the same even if the instance is stopped and started again.

4. If elastic IP is allocated to your account and not in use then you will be charged for it on an hourly basis.

5. Public IP released once your instance is stopped so no question of getting charged for not using it.

6. You won’t be able to re-use same public IP since its allocated from free IP pool. You can always re-use, re-attach elastic IP to other instance when it is released from current instance.

7. You can have maximum 5 elastic IP to your account per region. But, you can have as many public IPs as EC2 instances you spin up.

8. You can have either of them for an instance. If you assign elastic IP to instance then its currently assigned public IP will be released to the free pool.

How would be assign Public or Elastic IP to an instance: 

Public IP: It can be assigned to an instance only during the instance creation time and there are two ways of doing that.

  • Edit the Subnet setting and enable Auto-assign Public IP to any EC2 instanced launched in this Subnet.

To do so, From AWS Console => Under Networking & Content Delivery, Select VPC => Now Click on Subnet Tab => Select the intended Subnet and either right Click or from Actions => Select Modify auto-assign IP address

That will open the following Modify auto-assign IP address pop-up, now as shown enable auto-assigning Public IP address.

Now any EC2 instance which would be launched in this subnet would have a public IP assigned.

  • You can also assign the Public IP during EC2 instance launch time, you can also alter the default public IP assignment in a subnet from here.

Whatever you select here would over right the default IP assignment settings.

Elastic IP: We need to allocate the Elastic IP address to our AWS account before making use of it.

You can go to Elascic IP windows either from EC2 instance or VPC Dashboard, once you are there then => Select Elastic IP address => Allocate new address

There is not much to discuss here, once you would click on allocate in next screen, It would allocate you an Elastic IP.

Now if you want to assign this IP to any instance, just select it and either click on Actions or Right click on it and Select Allocate address.

That would open the following Associate Address window, from here you can select the intended EC2 instance or specific network interface.

Once select the intended instance, the elastic IP would get associated with the selected instance.

Note: As mentioned in above screenshot, if you associate an Elastic IP address to an EC2 instance which already has a public IP assigned, the public IP is released.

That's it ... :)

Tuesday, April 3, 2018

Launching your first AWS EC2 instance and making it internet accessible

I assume this is your first EC2 instance and you just have the default VPC with default Security groups, Network Access list and Routing table etc.

As this EC2 is being created in default VPC, which by default has an Internet Gateway attached with a route specified to internet gateway in attached route table so, one only need to complete following steps to make it internet accessible,

  • Create this EC2 instance with a Public IP

  • If the instance was not created with a public IP then create an Elastic IP and attach it to the EC2 instance

  • Identify the attached security group and create a custom inbound rule to allow traffic (RDP and ICMP etc) from an specific IP/Network or from anywhere (

Here you don’t need to create any outbound rule because Security groups are state full and on the other hand Network access lists by default allow all the traffic.

Note: If you didn’t select a security group during ec2 launch then the ec2 instance would have a new security group name Launch-Wizard-x created and attached, then you need to create custom inbound rules to allow RDP or ICMP traffic for this group.

If required, you can change the attached security group for an instance from here EC2 Dashboard => Network & Security =>Network interfaces.

That's it... :)

Monday, March 26, 2018

Amazon Web Services: A short description of some of the AWS services

As I am planning to sit in my next AWS Certification exam which is Architect Professional in next few months so, thought of starting from scratch and make a note of all common AWS services with their short description (Actually at times I find it hard to recall what service is there for a particular use case so...from next time, I can have a look here).

Amazon Web Services offers a broad set of global cloud-based products including compute, storage, databases, analytics, networking, mobile, developer tools, management tools, IoT, security and enterprise applications. These services help organizations move faster, lower IT costs, and scale.

Compute Services :-

Amazon EC2 : Virtual Servers in the Cloud

Amazon EC2 Auto Scaling : Scale Compute Capacity to Meet Demand

Amazon Container Service : Run and Manage Docker Containers

Amazon Lightsail : Launch and Manage Virtual Private Servers

AWS Batch : Run Batch Jobs at any Scale

AWS Elastic Beanstalk : Run and Manage Web Apps

AWS Lambda : Run your code in Response to events

VMware Cloud on AWS : Build a Hybrid Cloud without Custom Hardware

Storage Services :-

Amazon S3 : Scalable Storage in the Cloud

Amazon EBS : Block Storage for EC2

Amazon EFS : Managed File Storage for EC2

Amazon Glacier : Low cost Archive Storage in Cloud

AWS Storage Gateway : Hybrid Storage Integration

Database Services :-

Amazon RDS :  Managed Relational Database Service For MySQL, PostgreSQL, Oracle, SQL Server and MariaDB

Amazon Aurora : High Performance Relational Database

Amazon DynamoDB : Managed NoSQL Database

Amazon Redshift : Fast, Simple, Cost-effective Data Warehousing

Amazon ElastiCache : In-memory Data Store and Cache

Amazon Neptune :  Fully Managed Graph Database Service

Migration Services :-

AWS Database Migration Service : Migrate Database with Minimal Downtime

AWS Application Discovery Service : Discover On-Premises Application to Streamline Migration

AWS Server Migration Service : Migrate On-Premises Servers to AWS

AWS Snowball : Petabyte-scale Data Transport

AWS Snowball Edge : Petabyte-scale Data Transport with On-board Compute

AWS Snowmobile : Exabyte-scale Data Transport

AWS Migration Hub : Track Migrations from a single place

Networking and Content Delivery Services :-

Amazon VPC : Isolated Cloud Resources

Amazon Route 53 : Scalable Domain Name System

AWS Direct Connect : Dedicated Network Connection to AWS

AWS CloudFront : Global Content Delivery Network

Elastic Load Balancing : High Scale Load Balancing

Amazon API Gateway : Build, Deploy and Manage APIs

Management Tools :-

AWS CloudWatch : Monitor Resources and Application

AWS Auto Scaling : Scale Multiple Resources to Meet Demand

AWS CloudFormation : Create and Manage Resources from Templates

AWS CloudTrail : Track User Activity and API Usage

AWS Config : Track Resources and Inventory

AWS OpsWorks : Automate Operations With Chef and Puppet

AWS Service Catalog : Create and Manage Standardized Products

AWS System Manager : Gain Operational Insight and Track Action

AWS Trusted Advisor : Optimize Performance and Security

AWS Personal Health Dashboard : Personalized View of AWS Service Health

Analytics :-

Amazon EMR : Hosted Hadoop Framework

Amazon Kinesis : Work With Realtime Streaming Data

Amazon Redshift : Simple, Fast, Cost-effective Data Warehousing

Amazon CloudSearch :  Managed Search Service

Amazon Elasticsearch Service :  Run and Scale Elasticsearch Cluster

Amazon Quicksight : Fast Business Analytics Services

AWS Data Pipeline : Orchestration Service for Periodic, Data-driven Workflow

AWS Glue : Prepare and Load Data

Amazon Athena : Query Data in S3 using SQL

Security, Identity & Compliance :-

AWS Identity & Access Management : Manage User Access and Access Keys

AWS Single Sign-On : Aloud SSO Service

AWS Organizations : Policy-based Management for multiple AWS accounts

AWS Key Management Service : Managed Creation and Control Of Encryption Keys

Amazon Inspector : Analyzed Application Security

AWS Shield : DDoS Protection

AWS Guard Duty : Managed Threat Detection Service

AWS WAF : Filter Malicious Web Traffic

My previous AWS exam related posts can be fond here,

Hope this would be useful for others as well...That's it for now :)

Saturday, March 10, 2018

VMware vExpert 2018 award Announced

After lots of delay VMware finally announced the list of vExpert 2018…. I am very honored to be named a VMware vExpert again, this is my fourth vExpert award…..

Congrats to all those who named as a 

Here is the full list of vExpert 2018... 

vExpert 2018 Announcement on VMTN Blog,

That's it... :)

Sunday, March 4, 2018

Unable to power-on a VM in nested ESXi, hanging at some random point with a question in the events

I would say this is the most weird issue I ever faced, it took me so long to find a solution so thought of making a note of it.

My setup is all nested, VMware workstation on my Lab Windows PC and then ESXi, vCenter and everything else as VMs running on workstation.

After building a vSphere 6.5 lab environment, when I deployed my first VM and tried to power it on it got stuck at a some point, after waiting for few minutes when checked the task and events, found following info event there,
"Running VMware ESX in a virtual machine will result in degraded performance. Do you want to continue"

Then I created few other VMs but they all got stuck at some random point during power-on operation and the same event was there in events.

However there is no way to answer the question, nothing in VM summary and no pop-up nothing.

A quick search about the issue lead me to VMwareb# 2108739 however adding msg.autoAnswer = "FALSE" in host .vmx file or /etc/vmware/config didn't make any difference.

Initially I thought this is something related to ESXi 6.5 so, just to check deployed another VM with ESXi 6.0 but even on nested ESXi 6.0, VM power-on operation stuck at random point.

Earlier, I had a working vSphere 5.5 nested lab on this system so, thought of checking with ESXi 5.5 but to my surprise VM power-on operation got stuck with same "Running VMware ESX in a virtual machine will result in degraded performance. Do you want to continue" question (without any way to answer it) for ESXi 5.5 too.

Then I thought this is something related to VMware workstation so, downgraded it from version 14 Pro to 12 Pro but there was no difference.

This is when I started looking at other things and eventually found that its my antivirus which was causing this issue.....Avast Antivirus...... enabling or disabling the features in the software did nothing however uninstalling Avast worked like a charm and now everything working again as expected.

Hope this would help...

That's it ...:)

Saturday, March 3, 2018

How to Check, Start, Stop or Restart Windows version of vCenter 6.x Services

Today while working on something I rebooted my vCenter server and post reboot when tried to connect to vCenter using Web client, end up with following error,

This error is something which usually occurs when there there is some issue with vCenter Web client, probably the service is set to manual or somehow got stopped.

Ideally Web client service should have startup type set as Automatic and in start state.

To verify this, opened Services and to my surprise couldn't find the vCenter Web Client Service listed there, even vCenter service was not there (ideally this shouldn't be the case).

So, here how would you check the status of Web Client Service or for any other service not listed in Services.

For Windows version of vCenter, to list the vCenter Server and/or Platform Services Controller services,
  • Open command prompt as Administrator and change the directory to C:\Program Files\VMware\vCenter Server\bin (or any other relevant path, if you didn't install vCenter on default location)
  Now we will use Service-control utility, available here to check the status of service or perform a related operation on it.
      To view the available option, run service-control --help
  • Run following command to list vCenter Server and/or Platform Services Controller services,
          service-control --list-services
  • Run this command to view the current status of all vCenter Server and/or Platform Services Controller services: 
    service-control --status

     To check the status of individual services, use this,

      For Web client Service:
    service-control --status vsphere-client

  For vCenter service:
         service-control --status vpxd

 From here, you can start, stop any of vCenter Server and/or Platform Services Controller   services using below cmd,

service-control --start 'Service Name'

Or to start all services,

service-control --start --all

Note:To perform a dry run of the command, add the option --dry-run to the command, doing so will display what actions the command will run without executing the actions. 

Hope this would be helpful.

Reference: VMware kb# 2121043 & 2109881
Related Post: VMware vCenter Server 6.x Appliance services: how to find service status or start/stop

That's it... :)

Sunday, February 25, 2018

How to find and install VMware PowerCLI Module

As most of us would be already aware that, VMware PowerCLI is now available as a PS module and can be installed directly from Microsoft Powershell Gallery, in this post I'll summaries the process of online and offline installation of PowerCLI.

PS commands to be used:

Get-Module : To list the available/already installed modules on you local machine
Find-Module : To find the available modules in an Online PS Gallery
Install-Module : To download and install the specified module from an online gallery
Save-Module : To download and sad save a PS module for offline use

Online installation of PowerCLI : To install the PowerCLI from Microsoft PS gallery, follow these steps,

  • If you are not sure about the name of the actual VMware PowerCLI module, use below cmd to find the same,

Find-Module -name *VMware*

  • Once you have identified the module name, use Install-Module CMD to install it.
          Here we will install VMware "VMware.PowerCLI"

Install-Module -Name VMware.PowerCLI

Press Y [yes] or A[yes to all], when prompted.

Depending upon your internet connection speed, it would take some time in downloading and installing the requested PS module, once done then close the current Powershell sessions and restart it, now newly installed PowerCLI module will load and you can use it.

In case if you want to limit the scope of this module to current-user only then use following command instead, 

Install-Module -Name VMware.PowerCLI –Scope CurrentUser

Offline installation of PowerCLI: To download and install VMware PowerCLI Module follow these steps,
  • On a a system which is connected to internet, you can save the VMware PowerCLI module to your desired location using Save-Module cmd.
  • Now, we can copy this module (downloaded folders) to a system which is not connected to internet, and place them in a location where PowerShell can find them, modules folders can be confirmed by typing $ENV:PSModulePath at the PowerShell prompt.
Local User: $home\Documents\WindowsPowerShell\Modules 
All Users: $pshome\Modules

Once you copied these folder to the the modules folders and restarted the PowerShell window, the modules will automatically load this time and you can use them now.

That's it... :)

Thursday, February 22, 2018

How to reset iLO login password from within ESXi Shell

This is something could be useful if you are unable to recall the HP iLO login password.

Follow these steps to reset iLO password from esxi host
Create a file named reset_ilo_pwd.xml in tmp folder under root with the below info and add the new password in the password section:

<ribcl VERSION=”2.0″>
<login USER_LOGIN=”Administrator” PASSWORD=”password“>
<user_INFO MODE=”write”>
<mod_USER USER_LOGIN=”Administrator”>
<password value=”YOUR-NEW-PASSWORD”/>

Alternatively you can create this file by copying these lines to notepad and then saving it as reset_ilo_pwd.xml file, now upload it to /tmp directory of your ESXi host using any ftp client like Winscp.

Now use the following command to commit the administrator password information from the file (reset_ilo_pwd.xml) to iLO using the below command

./hponcfg -f /tmp/reset_ilo_pwd.xml

This is it, now you should be able to login to iLO of your ESXi host using the password specified in the above xml file.

Additional Info: HPE offers support for the iLO features available on ProLiant servers with the HP Online iLO Configuration aka HPONCFG utility. HPONCFG can be used to set up and reconfigure the iLO (Integrated Lights-Out) management controller of a server.

HPONCFG is an online configuration tool used to set up and reconfigure iLO without requiring a reboot of the server operating system. The utility runs in a command-line mode and must be executed from an operating system command line on the local server. HPONCFG enables you to initially configure features exposed through the RBSU or iLO.
You can also use HPONCFG to reset the ILO from ESXi host and many other things.
Browse to /opt/hp/tools and execute the below command to reset the HP ILO configuration.

./hponcfg -r 

Before using HPONCFG, the iLO Management Interface Driver must be loaded on the server. HPONCFG displays a warning if the driver is not installed.
In case if its not already present on the server, you may download and install from following links: 
* HPE ESXi Utilities Offline Bundle for VMware vSphere 6.0 *

* HPE ESXi Utilities Offline Bundle for VMware vSphere 6.5 *

That's it... :)

Wednesday, February 7, 2018

How to reset HP iLO over ssh or remotely

Lately I faced this issue, where I was unable to login to iLO of one of my HP ProLiant server instead there was a ssh connection related error on login page.

I had seen this error during the iLO firmware upgrade in past but not any other time.

As I did upgrade this ProLiant server’s Firmware/Drivers last day using the latest HP Service Pack forProLiant (aka HP SPP) so, it had the latest iLO firmware ver 2.55 installed and I was sure everything was working as expected post SPP upgrade.

We tried few things to resolve the issue and eventually resting the iLO fixed the issue, as iLO web login was not available so we had to reset it via command line by connecting to iLO over ssh.

You would be able to access iLO over ssh only if you didn’t disable it during the initial iLO configuration (By default iLO ssh access is enabled).

The steps to reset the HP iLO over ssh are follows:-
  1. Open Putty (or any other ssh client) and connect to the iLO controller using its IP address or FQDN
  2. Login with iLO administrator credentails (or an account with equivalent rights)
  3. Once connected to iLO, issue the following command:
   cd /map1

Press Enter
  1. Then type

Press Enter

Command and its output would be something like this on CLI:

hpiLO-> cd /map1


hpiLO-> reset


Resetting iLO.

CLI session stopped

The iLO controller will begin to reset itself. Resetting the controller fixes a lot of hung-up and freezes issues on the interface.

Note: In case of any issue, HPE always recommends upgrading the firmware on the iLO controller as the first thing and as it doesn’t require reboots or downtime so can be done anytime.

Additional resources:   

That's it... :)

Saturday, February 3, 2018

Extended LUN size but unable to increase the datastore size from vCenter

You might have seen this issue where in vCenter managed environment, you want to expand the datastore size and Storage team has confirmed that they have increased the respective LUN size and the same is reflecting in datastore properties under Device capacity however when you click on increase under Volume Properties, there is no extent available.

I had seen such issue in past but when adding additional extents, not when increasing datastore size.

vCenter Server calls a specific function to get all the available extents for that datastore. After getting extents, vCenter Server displays the extents as available if they meet these criteria filters:
  • LUNS are not used as datastores on that host or on any other host (with exceptions to force mounted volumes).
  • LUNS are not used as Raw Device Maps(RDMs) on that host or any other host.
vCenter Server applies these filters to stop any possible data corruption on already used LUNs by other host.
VMware recommends you to not to turn off the filters. Before making any changes to the LUN filters, contact the VMware Support team. 

When you connect directly to the ESX host, these filters do not exist and hence you can see the extents.
To work around this issue, you need to connect to the ESXi directly using 'root' credentials and then increase the volume size from there, once done then re-scan all ESxi hosts for storage. 
Once you do that the expended datastore would be visible to all other ESXi hosts as well. 

Related VMware KB article :- 1011754

That's it... :)

Conflicting VIBs error during ESXi upgrade using ISO image

You might have came across this error where, trying to upgrade the ESXi host using OEM provided Custom ESXi image or may be with VMware provided ESXi image and the upgrade got aborted with the CONFLICTING_VIBs ERROR.

In order to successfully complete the ESXi upgrade, one need to to do the following:

  • Connect to host over ssh using putty and run the following command find the exact name of vib

       # esxcli software vib list | grep “displayed conflicting vib”
  •  Once you identified the exact vib name, then just remove it by using following command

       #esxcli software vib remove -n “actual name of conflicting vib”

Note: Please do an impact analysis before you proceed with vib removal.

Now you boot up the host using ESXi ISO image and complete the upgrade (this time you shouldn’t see earlier previous conflicting vib error).

That's it... :)

Friday, January 5, 2018

Intel / AMD processor vulnerability: Meltdown-Spectre and VMware Esxi

Most of us would be aware about this by now...if not, there were serious security flaws named Meltdown and Spectre discovered in processors designed by Intel, AMD and ARM, these flaws could let attackers steal your sensitive data.

These flaws were discovered by security researchers at Google’s Project Zero in conjunction with academic and industry researchers from several countries. Combined they affect virtually every modern computer, including smartphones, tablets and PCs from all vendors and running almost any operating system like Windows, macOS and Linux etc.

The two ‘bugs’ stem from design flaws of microprocessors that have the potential to allow applications, malware, and JavaScript running in web browsers, to obtain information from the operating system kernel’s private memory areas.

So here you may think how would it affect the Vmware Esxi platform and the VMs running on it.

VMware has issued a Security Advisory (VMSA-2018-0002) for the same and according it, CPU data cache timing can be abused to efficiently leak information out of miss-speculated CPU execution, leading to (at worst) arbitrary virtual memory read vulnerabilities across local security boundaries in various contexts. (Speculative execution is an automatic and inherent CPU performance optimization used in all modern processors.) ESXi, Workstation and Fusion are vulnerable to Bounds Check Bypass and Branch Target Injection issues resulting from this vulnerability.

Result of exploitation may allow for information disclosure from one Virtual Machine to another Virtual Machine that is running on the same host.

To remediate the observed vulnerability (known variants of the Bounds Check Bypass and Branch Target Injection issues) in each in different versions of Esxi releases, one need to install a corresponding patch from the list.

VMware Patches for different  ESXi Versions:

  • ESXi 6.5 – ESXi650-201712101-SG,    There are new patches available,
  • ESXi 6.0 – ESXi600-201711101-SG,    Refer to following Advisory VMSA-2018-0004
  • ESXi 5.5 – ESXi550-201709101-SG *
* This patch has remediation against CVE-2017-5715 but not against CVE-2017-5753.

Downloads:, Search with the patch name.

Whilst this will secure the risk of data leakage between virtual machines it will not mitigate against the risk of data leakage within individual virtual machines. To protect against this threat operating system specific security updates must be installed.
Microsoft has already released a patch on Jan 3rd, 2018 to fix this issue on systems running on Windows OSs.

Also Apply the applicable firmware update provided by your server/device manufacturer, Useful Link.

Note: It has been speculated that patching the flaws would cause performance hit. At this time, it’s still unclear what would be the degree of performance hit, currently the details available varying with the source of information.

Related Read:

That’s it…. 😊