This article peeked my interest due to the nature of it being a VMware vulnerability. Between the fact that I worked for VMware for many years and I was just working inside VMware Workstation Pro building out a Windows environment the last few days made me take a second look on this article.
The bigger company and more widely used your products, the more it makes you a target for hackers. This just proves no matter how much they may dedicate to securing software, there is always someone smarter and with the time and resources to find a way in!
Broadcom released security updates today to fix a high-severity authentication bypass vulnerability in VMware Tools for Windows.
VMware Tools is a suite of drivers and utilities designed to improve performance, graphics, and overall system integration for guest operating systems running in VMware virtual machines.
The vulnerability (CVE-2025-22230) is caused by an improper access control weakness and was reported by Sergey Bliznyuk of Positive Technologies (a sanctioned Russian cybersecurity company accused of trafficking hacking tools).
Local attackers with low privileges can exploit it in low-complexity attacks that don’t require user interaction to gain high privileges on vulnerable VMs.
“A malicious actor with non-administrative privileges on a Windows guest VM may gain ability to perform certain high-privilege operations within that VM,” VMware explains in a security advisory published on Tuesday.
Earlier this month, Broadcom also patched three VMware zero days (CVE-2025-22224, CVE-2025-22225, and CVE-2025-22226), which were tagged as exploited in attacks and reported by the Microsoft Threat Intelligence Center.
As the company explained at the time, attackers with privileged administrator or root access can chain these vulnerabilities to escape the virtual machine’s sandbox.
Ransomware gangs and state-sponsored hackers frequently target VMware vulnerabilities, as VMware products are widely used in enterprise operations to store or transfer sensitive corporate data.
For instance, in November, Broadcom warned that attackers were exploiting two VMware vCenter Server vulnerabilities: a privilege escalation to root (CVE-2024-38813) and a critical remote code execution flaw (CVE-2024-38812) identified during China’s 2024 Matrix Cup hacking contest.
In January 2024, Broadcom also disclosed that Chinese state hackers had used a critical vCenter Server zero-day vulnerability (CVE-2023-34048) since late 2021 to deploy VirtualPita and VirtualPie backdoors on affected ESXi systems.
March 4th, VMware quietly released patches for three ESXi zero day vulnerabilities: CVE-2025–22224, CVE-2025–22225, CVE-2025–22226.
Although the advisory doesn’t explicitly say it, this is a hypervisor escape (aka a VM Escape). A threat actor with access to run code on a virtual machine can chain the three vulnerabilities to elevate access to the ESX hypervisor.
This is backed up by VMware’s official Github, which says:
Yes, this is being actively exploited in the wild.
Once you have ESX access, you can access everything on the ESX server — which includes things such as VM data, and crucially ESX config and mounted storage. Using ESX config and mounted network storage, you can traverse the VMware environment.
My pretty diagram:
Feel free to use this carefully prepared graphic to brief your board or the public
For example, orgs use vMotion to allow virtual machines to automatically move across ESX hosts, to balance load and allow for maintenance without downtime (it’s how VMware security patching works). Because of this, a threat actor has direct access to storage of VMs both on and not on that host by design — they’re basically loose on the backend.
Areas of concern
ESXi is a ‘black box’ environment, where you don’t have EDR tools and such — it is locked down. As such, a hypervisor escape means a threat actor is outside of all security tooling and monitoring. They can, for example, access Active Directory Domain Controller databases without triggering any alerts anywhere in the stack, or delete data.
This is frequently seen in ransomware incidents, where people directly exploit the ESX server or vCenter server over the VMware management network using unpatched vulnerabilities. Once they reach ESX, they reach directly into storage across the whole cluster.
However, being able to reach the ESX server hypervisor directly from the Virtual Machine significantly raises the risk. For example, you don’t need to find the ESX server details, or reach a segregated network.
‘But Kevin’ you may say ‘if a threat actor gained access to a VM it’d be game over’. Well… not so much. Threat actors gain access to endpoints all the time in any large org, e.g. malware initial access on end user PCs. When you have VDIs on VMware, you have a problem. When you have shared servers on VMware, you have a problem. Compromise one of system in a company is not usually a big problem in the short term. Immediate compromise of all of them is a big problem.
Additionally, there are around 500 Managed VMware providers, who operate as effectively clouds, allowing SMBs to purchase fully managed VMs, on demand compute basically. A compromise of one customer VM would allow compromise of every customer VM in the same managed provider.
This also applies to companies who have built their own Private Clouds using VMware, and use VMware to segregate business units.
Versions impacted
The Broadcom advisory is currently incomplete for some reason. For example VMware’s Github lists versions 6.5 and 6.7 as impacted, and patches are available on VMware’s website — but VMware’s advisory on the Broadcom site doesn’t list them as impacted as of writing. Basically, every release of ESX is impacted.
I understand 5.5 is also impacted, however it is out of support so no patch is available.
In this post, we’ll show precisely how to chain round-trip attacks and namespace confusion to achieve unauthenticated admin access on GitLab Enterprise by exploiting the ruby-saml library.
While researching this, GitHub independently discovered and patched our vulnerabilities. However, their disclosure omits key technical details, including the specific mutation and how to exploit it without authentication.
We believe sharing the full details on how these attacks work is crucial for improving security by empowering everyone with the knowledge needed to identify, mitigate, and defend against such threats effectively.
This research began after we came across a fascinating post by Juho Forsén detailing an XML round-trip vulnerability. What started as curiosity quickly spiraled into a deep dive into the intricacies of SAML, uncovering far more than we initially expected. We spent months exploring various round-trip attacks with the goal of presenting our findings at Black Hat. However, as luck would have it, we ran into a research collision with Alexander Tan ( ahacker1 ), leading to our discoveries being patched before we could submit. Despite that twist, we believe this work is still worth sharing, and while it may not be hitting Black Hat this year, we hope you find it just as compelling.
Round-trip attacks 101
SAML libraries often parse an XML document, store it as a string, and later re-parse it. In Ruby-SAML, this process involves two different parsers: REXML, which is used to parse the document and validate the signature, and Nokogiri, which is used to access attributes. If any mutations occur during this process, the document may not be identical when parsed a second time.
For secure authorization, the document must be parsed and serialized consistently; otherwise, structural inconsistencies may arise. These inconsistencies can be exploited in a round-trip attack. By leveraging XML comments and CDATA sections, an attacker can manipulate the document’s structure during mutation, bypassing signature verification and effectively gaining unauthorized access by assuming another user’s identity.
Round-trip attack on Ruby SAML/REXML
To facilitate testing, we developed a testbed to identify round-trip vulnerabilities and efficiently evaluate multiple SAML libraries. I began by examining the document type definition (DOCTYPE), as similar vulnerabilities had been discovered in the past. My initial approach focused on analyzing how XML entities were parsed, so I conducted tests in that area.
In Juho’s original discovery, notation declarations were used to introduce inconsistencies in how quotes were interpreted. Building on this, I investigated whether any additional vulnerabilities had been overlooked. After extensive testing, I found that mutations could be introduced within the SYSTEM identifier.
Continue reading the rest of the article by Gareth Heyes below!
Threat actors are targeting a year-old server-side request forgery (SSRF) vulnerability in a third-party ChatGPT tool, mainly against financial entities and US government organizations, cybersecurity firm Veriti reports.
The affected tool is called ChatGPT, but it’s not made by OpenAI. Instead, it’s an open source tool created by a Chinese developer, designed to provide an interface for interacting with the ChatGPT gen-AI service.
The bug, tracked as CVE-2024-27564, is a medium-severity issue affecting the pictureproxy.php file. It allows attackers to inject crafted URLs in the url parameter and force the application to make arbitrary requests.
Reported in September 2023 and publicly disclosed one year ago, the flaw can be exploited without authentication, and has had proof-of-concept (PoC) exploit code available publicly for some time.
According to Veriti, at least one threat actor has added an exploit for CVE-2024-27564 to its arsenal, and has started probing the internet for vulnerable applications.
Within a single week, the cybersecurity firm observed over 10,000 attack attempts coming from a single IP address. Roughly one-third of the targeted organizations are potentially at risk of exploitation due to misconfigurations in their protection solutions, Veriti warns.
Most of the attacks were targeting organizations in the US, mainly in the government and financial sector. Financial and healthcare firms in Germany, Thailand, Indonesia, Colombia, and the UK were targeted as well.
“Banks and fintech firms depend on AI-driven services and API integrations, making them vulnerable to SSRF attacks that access internal resources or steal sensitive data,” Veriti notes.
Although a medium-severity issue, CVE-2024-27564 has become a real-world attack vector and organizations should address it as soon as possible. They should also check their intrusion prevention systems and firewalls for any misconfigurations and monitor logs for known attacker IP addresses.
“Ignoring medium-severity vulnerabilities is a costly mistake, particularly for high-value financial organizations,” Veriti says.
*updated to clarify that the ChatGPT tool impacted by CVE-2024-27564 is not in any way related to ChatGPT developer OpenAI.
OpenAI is forecasting a major shift in the next five years around who it gets most of its computing power from, The Information reported on Friday.
By 2030, OpenAI expects to get three-quarters of its data center capacity from Stargate, a project that’s expected to be heavily financed by SoftBank, one of OpenAI’s newest financial backers. That represents a major shift away from Microsoft, OpenAI’s biggest shareholder, who fulfills most of the startup’s power needs today.
The change won’t happen overnight. OpenAI still plans to increase its spending on Microsoft-owned data centers in the next few years.
During that time, OpenAI’s overall costs are set to grow dramatically. The Information reports that OpenAI projects to burn $20 billion in cash during 2027, far more than the $5 billion it reportedly burned through in 2024. By 2030, OpenAI reportedly forecasts that its costs around running AI models, also known as inference, will outpace what the startup spends on training AI models.
Chinese AI lab DeepSeek plans to open source portions of its online services’ code as part of an “open source week” event next week.
DeepSeek will open source five code repositories that have been “documented, deployed and battle-tested in production,” the company said in a post on X on Thursday.
Code repositories are storage locations for software development assets, and typically contain source code as well as configuration files and project documentation.
“As part of the open-source community, we believe that every line shared becomes collective momentum that accelerates the journey,” the company wrote. “Daily unlocks are coming soon. No ivory towers — just pure garage-energy and community-driven innovation.”
DeepSeek, which has a history of making its AI models openly available under permissive licenses, has lit a fire under AI incumbents like OpenAI. In recent social media posts, OpenAI CEO Sam Altman admitted DeepSeek has lessened OpenAI’s technological lead, and said that OpenAI would consider open sourcing more of its technology in the future.
To a phisher, one tiny hyphen can make a big mark.
SANS Technology Institute Dean of Research Johannes Ullrich alerted users to a “clever” phishing tactic that uses a URL containing a “com-” domain prefix. With that tiny, easy-to-miss hyphen, threat actors can disguise a malicious destination.
Ullrich noted on the SANS site that the phishing tactic was placed into fraudulent messages alerting a user of unpaid tolls. (The FBI warned the public of toll trolls in April 2024, when there were over 2,000 complaints of attacks using fake text messages.)
How the “.com-” tactic works. A legitimate site involving Florida’s toll system (SunPass) would involve a forward slash and look something like: “sunpass.com/tolls.”
In instances discovered by Ullrich and shared on the SANS site, the phisher registers for and receives a domain that begins with “com-,” followed by seemingly random letters, then ending with a top-level domain, like .info, .top, .xyz, and even .com.
To a reader, the phishy URL appears as something like: “sunpass.com-[random letters].top”—a tricky difference to notice when you’re quickly looking on a tiny phone screen and it appears that you owe toll money.
Fraud jobs. URL obfuscation is a favorite tactic of opportunistic threat actors, who register mimicking domains to trick fans of events like the Super Bowl or the Olympics. (Business administration company CSC identified 5,000 unique domain registrations mimicking well-known sportsbooks, between Jan. 1, 2023, and Dec. 24, 2024, for example.)
According to the FTC, government impersonation scammers led to $618 million in losses in 2023, up from $497 million in 2022 and $428 million in 2021.
Dash money. Ullrich told IT Brew that he continues to see “com-” domains registered: 315 on Feb. 11, 428 on Feb. 10, and 269 on Feb 9. (The sites are often short-lived and quickly shut down as fraudulent, he added.)
Many of the questionable domains point to the same IP address, Ullrich said, suggesting one actor is registering and rotating between them.
Ullrich also shared with IT Brew a new twist on the hyphen-ishing trend: A “com.-” domain prefix with a “.com” ending to the URL, and a “case number” in between to convince targeted users that the sender is from an IT support team.
“They can use any prefix for the domain to impersonate arbitrary .com domains,” Ullrich told us in an email.
In his Feb. 5 post, Ullrich advised IT pros to review DNS queries for these kinds of prefixes.
A rootkit is malware whose main objective and purpose is to maintain persistence within a system, remain completely hidden, hide processes, hide directories, etc., in order to avoid detection.
This makes its detection very complex, and its mitigation even more complex, since one of the main objectives of a rootkit is to remain hidden.
A rootkit, it changes the system’s default behavior to what it wants.
1.1 What is a kernel? Userland and kernel land differences
The kernel is the core of the operating system, responsible for managing system resources and facilitating communication between hardware and software. It operates at the lowest layer of the system, for example components that operate in kernel land include the kernel itself, device drivers and kernel modules (which we call Loadable Kernel Module, short for LKM).
On the other hand, the userland or userspace is the layer where user programs and applications are executed. This is the part of the OS that interacts with the user, including browsers, text editors, games, common programs that the user uses, etc.
1.2 What is a system call?
System calls (syscalls) are fundamental in OS, they allow running processes to request services from the kernel
These services include operations such as file management, inter-process communication, process creation and management, among others.
A very practical example is when we write code in C, a simple hello world, if we analyze it with strace for example, you will notice that it uses sys_write to be able to write Hello world.
Palo Alto Networks warns that a file read vulnerability (CVE-2025-0111) is now being chained in attacks with two other flaws (CVE-2025-0108 with CVE-2024-9474) to breach PAN-OS firewalls in active attacks.
The vendor first disclosed the authentication bypass vulnerability tracked as CVE-2025-0108 on February 12, 2025, releasing patches to fix the vulnerability. That same day, Assetnote researchers published a proof-of-concept exploit demonstrating how CVE-2025-0108 and CVE-2024-9474 could be chained together to gain root privileges on unpatched PAN-OS firewalls.
A day later, network threat intel firm GreyNoise reported that threat actors had begun actively exploiting the flaws, with attempts coming from two IP addresses.
CVE-2024-9474 is a privilege escalation flaw in PAN-OS fixed in November 2024 that allows a PAN-OS administrator to execute commands on firewalls with root privileges. Palo Alto Networks warned at the disclosure that the vulnerability was exploited as a zero-day.
CVE-2025-0111 is a file read vulnerability in PAN-OS, allowing authenticated attackers with network access to the management web interface to read files that are readable by the “nobody” user.
The CVE-2025-0111 flaw was also fixed on February 12, 2025, but the vendor updated its bulletin today to warn that it is also now being used in an exploit chain with the other two vulnerabilities in active attacks.
“Palo Alto Networks has observed exploit attempts chaining CVE-2025-0108 with CVE-2024-9474 and CVE-2025-0111 on unpatched and unsecured PAN-OS web management interfaces,” reads the updated bulletin.
While Palo Alto Networks has not shared how the exploit chain is being abused, BleepingComputer has been told they could be chained together to download configuration files and other sensitive information.
There are plenty of phish in the sea, and the latest ones have little interest in your email inbox.
In 2024, Malwarebytes detected more than 22,800 phishing apps on Android, according to the recent 2025 State of Malware report. Of those malicious apps, 5,200 could subvert one of the strongest security practices available today, called “multifactor authentication,” by prying into basic text messages sent to a device. Another 4,800 could even read information from an Android device’s “Notifications” bar to obtain the same info.
These “Android phishing apps” may sound high-tech, but they are not. They don’t crack into password managers or spy on passwords entered for separate apps. Instead, they present a modern wrapper on a classic form of theft: Phishing.
By disguising themselves as legitimate apps—including for services like TikTok, Spotify, and WhatsApp—Android phishing apps can trick victims into typing in their real usernames and passwords on bogus login screens that are controlled entirely by cybercriminals. If enough victims unwittingly send their passwords, the cyber thieves may even bundle the login credentials for sale on the dark web. Once the passwords are sold, the new, malicious owners will attempt to use individual passwords for a variety of common online accounts—testing whether, say, an email account password is the same one used for a victim’s online banking system, their mortgage payment platform, or their Social Security portal.
The volume of these apps and their capabilities underscore the importance of securing yourself and your devices. With vigilance, safe behavior, and some extra support, you can avoid Android phishing apps and protect your accounts from cybercriminals.
Same trick, new delivery
For more than a decade, phishing was often understood as an email threat. Cybercriminals would send emails disguised as legitimate communications from major businesses, such as Netflix, Uber, Instagram, Google, and more. These emails would frequently warn recipients about a problem with their accounts—a password needed to be updated, or a policy change required a login.
But when victims followed the links within these malicious emails, they’d be brought to a website that, while appearing genuine, would actually be in complete control of cybercriminals. Fooled by similar color schemes, company logos, and familiar layouts, victims would “log in” to their account by entering their username and password. In reality, those usernames and passwords would just be delivered to cybercriminals on the other side of the website.
There never was a problem with a user’s account, and there never was a real request for information from the company. Instead, the entire back-and-forth was a charade.
Over time, phishing emails have advanced—cybercriminals have stolen credit card details by posing as charities—but so, too, have phishing protections from major email providers, sending many cybercriminal efforts into people’s “spam” inboxes, where the emails are, thankfully, never retrieved.
Apple has released an emergency security update for a vulnerability which it says may have been exploited in an “extremely sophisticated attack against specific targeted individuals.”
The update is available for:
iOS 18.3.1 and iPadOS 18.3.1 – iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later
iPadOS 17.7.5 – iPad Pro 12.9-inch 2nd generation, iPad Pro 10.5-inch, and iPad 6th generation
If you use any of these then you should install updates as soon as you can. To check if you’re using the latest software version, go to Settings (or System Settings) > General > Software Update. It’s also worth turning on Automatic Updates if you haven’t already, which you can do on the same screen.
Technical details
The new-found zero-day vulnerability is tracked as CVE-2025-24200. When exploited, the vulnerability would allow an attacker to disable USB Restricted Mode on a locked device. The attack would require physical access to your device
The introduction of USB Restricted Mode feature came with iOS 11.4.1 in July 2018. The feature was designed to make it more difficult for attackers to unlock your iPhone. When USB Restricted Mode is active, your device’s Lightning port (where you plug in the charging cable) will only allow charging after the device has been locked for more than an hour. This means that if someone tries to connect your locked iPhone to a computer or other device to access its data, they won’t be able to do so unless they have your passcode.
To enhance data security, especially when traveling or in public places, it is recommended that you enable USB Restricted Mode in your device settings. If your iPhone, iPad or iPod Touch is running iOS 11.4.1 or later, USB Restricted Mode is automatically on by default, but if you want to check and enable USB Restricted Mode, this can be done by going to Settings > Face ID & Passcode or Touch ID & Passcode > (USB) Accessories and toggling off (grey) the (USB) Accessories option. Enabling this setting adds an extra layer of protection against unauthorized data access.
Please note: toggling the option to green turns this feature off.
Vulnerabilities like these typically target specific individuals as deployed by commercial spyware vendors like Pegasus and Paragon. This means the average user does not need to fear attacks as long as the details are not published. But once they are, other cybercriminals will try to copy them.
The free-to-play game, PirateFi, infects users with malware that steals browser cookies, enabling the malware’s creator to hijack access to various online accounts.
Original story: A hacker published a PC game on Steam to infect users with Windows-based malware.
The free-to-play game, PirateFi, was released on Thursday. Days later, Valve was spotted sending out a message to affected users, warning them about the threat to their computers.
“We strongly encourage you to run a full-system scan using an antivirus product that you trust or use regularly, and inspect your system for unexpected or newly installed software,” Steam said.
PirateFi was published as a beta. However, according to Steam forum posts, one user noticed something was off when their antivirus software prevented them from running the game, flagging it as carrying “Trojan.Win32.Lazzzy.gen.”
“The essence of the virus: When you launch the ‘game,’ the virus unpacks into /AppData/Temp/****/ and looks like Howard.exe,” the user wrote in Rusian. The malware then appears to steal browser cookies, enabling the malware’s creator to hijack access to various online accounts.
Another gamer who downloaded the title wrote on Tuesday: “Most of my stuff has either been hacked and passwords changed or being signed in using cookies that’ve been stolen!”
Bob Woodward and Carl Bernstein would be of limited use with this 21st-century breach though.
The Watergate Hotel in the District suffered a data breach last year and has recently notified those affected online and via mail.
The hackers targeted personal and financial information.
The hotel noticed suspicious activity on its network on April 6, 2024. After securing the network and investigating, the hotel found that the cyber-burglars had gotten access to hotel computers and were therefore able to see and download certain files, the hotel said on its website.
About 2,220 people were affected by the data breach, according to a data breach database maintained by the Office of the Maine Attorney General.
The data stolen varies by individual, the Watergate said, but includes names, financial account and credit card information, health insurance and medical information, and Social Security, government identification and driver’s license numbers.
A high-severity SQL injection bug in the PostgreSQL interactive tool was exploited alongside the zero-day used to break into the US Treasury in December, researchers say.
Rapid7’s principal security researcher, Stephen Fewer, disclosed CVE-2025-1094 (8.1) on Thursday, saying it was a key part of the exploit chain that also included the BeyondTrust zero-day (CVE-2024-12356).
In fact, CVE-2025-1094 was so important to the chain that the BeyondTrust attack couldn’t have been pulled off without it, we’re told.
“Rapid7 discovered that in every scenario we tested, a successful exploit for CVE-2024-12356 had to include exploitation of CVE-2025-1094 in order to achieve remote code execution,” said Fewer.
“While CVE-2024-12356 was patched by BeyondTrust in December 2024, and this patch successfully blocks exploitation of both CVE-2024-12356 and CVE-2025-1094, the patch did not address the root cause of CVE-2025-1094, which remained a zero-day until Rapid7 discovered and reported it to PostgreSQL.”
According to Rapid7’s director of vulnerability intelligence, Caitlin Condon, CVE-2025-1094 affects all versions of the PostgreSQL interactive tool, but, fortunately, it isn’t particularly simple to exploit. Given the complexity of the exploit pattern, Rapid7 doesn’t expect attacks to be carried out away from the BeyondTrust versions already known to be vulnerable.
She said via Mastodon: “But with the above said, it’s clear that the adversaries who perpetrated the December attack really knew the target technology, which is yet another example of a zero-day exploit trend Rapid7 started tracking in 2023.”
The vulnerability in the PostgreSQL interactive tool (psql) can lead to arbitrary code execution (ACE) and there is also a technique to exploit it independently from CVE-2024-12356. Rapid7 said BeyondTrust’s patch for its zero-day didn’t address the root cause of the psql bug, but it does prevent the two from being exploited together.
The psql vulnerability can be exploited because of an incorrect assumption that a SQL injection attack can’t be carried out when a malicious input is safely escaped via PostgreSQL’s string escaping routines, Fewer said.
It has been several years since I was actively posting on this site. The last three or so years I stepped away from hands-on keyboard type of work and staying up-to-date on IT related information. I was focused on creating a quarterly enablement plan for all VMware Field Sales/Technical folks had the latest information related to VMware solutions. I did this on a global scale working with all the Program Managers of our solutions as well as the field sales managers ensuring field personnel were getting the proper ongoing enablement.
VMware was acquired a little over a year ago by Broadcom. As usual with acquisitions, positions get eliminated as mine did. So I am back looking for a new opportunity and have decided I want to get into Cyber Security and use my years of experience in IT and technology to support this new venture.
I had my CompTIA Security+ in the past but has expired so I am working on that now to re-certify and help with breaking into the security side of the house. After I finish that I will be doing the Certified Information Systems Professional (CISSP) and Certified Ethical Hacker (CEH) certifications over the next few months.
My hope is with these security focused certifications under my belt, I can break into a Cyber Security role. I know I will have to get an entry-level position, but I am willing to do what it takes.
Needless to say, my posts moving forward will be security focused to support my new career. I plan to post relevant security information related to IT. Hopefully as I learn, my readers will learn as well!
I also would love to hear from any of you in the industry with any suggestions as far as what to post here as well as for myself in my Cyber Security learning journey.
Cohesity has just announced the (LTS) Long Term Supported release of their DataPlatform version 6.5.1c. It is now available for Cohesity customers to upgrade their clusters and gain all the added benefits of the new LTS version. Below is the list of the added features and enhancements for both (GA) Generally Available and Tech Preview features.
(GA) Generally Available Features:
Backup/Recover to secondary VMware network
VMware VM Recovery with Copy Recovery
File Level Recovery with VMware Tools
NetApp DataProtect Volume Backup
NFS/SMB Encryption Support for NAS Backups
Blacklist IPs for NAS Protection Groups
Download NAS Backup Error Logs
NAS Backup with File DataLock
NAS Exclusions – Regular Expression Patterns
MegaFile Restore Support for Physical Agents
Auto Upgrade Agents after Cluster Upgrade
Protect All Local Volumes
Parallel File/Folder Data Protection
Fault Tolerance – New 6:2/8:2 (EC) Erasure Coding Configurations
Account/Security Related:
“Cohesity” User Account No Longer Used
Removed Bash SSH Access to Accounts
Both SSH/Remote Logins are Disabled by Default
“root” User Access from the Physical Console Removed
Support Account:
No User Account Anymore
Now Uses “User Security Token” Which Cohesity Support Needs to Connect to Your Cluster via the Remote Tunnel
Can be set to On/Off/Temporary for a Set Amount of Time
Only Cohesity Employees Can Access the Remote Tunnel
If Password Forgotten, Support Must be Contacted to Change Password
(2) Person Rule:
Cohesity Administrator Enables It
Password Set by a Different Cohesity Administrator – The First Administrator Does Not Set the Password
Administrator Controls the “sudo ” Access
a
Oracle:
Backup with “sysbackup” Privilege
Backup Support for TDE Databases
Pfile Control via UI During Restore/Clone
Log Backup Archival & PIT Restore from Archive
AWS:
Specify VPC for Fleet on Source Registration
AWS Cloud Edition – Deployment Using IAM Roles & Source/External Target Registration
Azure:
Filter Users Based on Azure Attributes
Use Incremental APIs for Managed Disk VMs
Support for Hyper-V Gen2 VMs
Cohesity Cloud Edition – Cost Optimization with XL Node
Next Generation User Interface Enhancements:
Quick Protect & Quick Policy
One-Time Protect
Dashboard Enhancements with Heat Maps
Metrics on Data Transferred to External Targets
A New Health Dashboard
Password Management Enhancements
Multi-Tenancy:
Enable “Restricted Access to Specific Object” Workflow for Organization User
Guardrail for Supported Workload
Protected Objects Heatmap Report for Tenants
Restore to vCloud Director Storage Profile
Support for VMware’s VCD version 10.1
VMware’s VCD Plug-In – Cross Launch to Cohesity Web GUI
Support for VMware’s vRealize Automation Workflows
SmartFiles (NAS):
Intent Based Views
SMB SuperUser Account
Audit Log – Filer Tab
NIS Support
External NAS Tiering – Uptiering
Hardware:
Cohesity C6055 with 16TB Drive Support
Cohesity “Compute” Nodes – For Use With NoSQL & Hadoop Only
Cohesity (VE) Virtual Edition
Cisco UCS C220 M5
HPE DL360
Dell R640
(BYOH) Bring Your Own Hardware (check for hardware requirements)
Support for SAN transport (Fibre channel or iSCSI) for VMware backups
NAS Backup with File DataLock
SharePoint Online Backups
Oracle:
VLAN Selection
Backup Databases on Windows Servers
SAP on Oracle Using BRTOOLs
SQL:
Exclude a SQL DB from a Protection Group
Resume Recovery After Fail
NoSQL & Hadoop Adapters
Automated Deployment of Cohesity Agent
DataProtection Continuity Across Cohesity Clusters
As always, we highly recommend that you lock down your Cohesity clusters using our Security Whitepaper and Hardening Guide to ensure you are protected as best as possible against Ransomware and other malicious attacks!
NOTE: The below links require you to have a Cohesity account to log into either the Cohesity Documents site.
On September 28, 2020 Cohesity announced Cohesity SiteContinuity, an automated disaster recovery solution that is integrated with the company’s backup and continuous data protection capabilities — making it the only web-scale, converged solution to protect applications across tiers, service levels, and locations on a single platform.
NOTE: (GA) General Availability will be in version 6.6 which will be released potentially in December 2020.
Cohesity is making this announcement as organizations are concerned about losing data to ransomware attacks, natural disasters, or human error. This new integrated solution will help companies ensure data isn’t lost, applications are available, costs are reduced — by eliminating redundant or unnecessary infrastructure — and that strict service-level agreements (SLAs) are met.
SiteContinuity uses our existing (CDP) Continuous Data Protection feature to deliver near-zero (RPOs) Recovery Point Objectives for your mission-critical virtual machines. Near-zero RPOs means every change and every I/O is protected, and in the case of disaster, minimizing your data loss and downtime.
Leveraging vSphere APIs for I/O filtering (VAIO), Cohesity intercepts I/Os between the protected VM and its underlining storage. This approach captures changes and helps reconstructing a copy of your VM directly on Cohesity. As a journal-based solution, Cohesity maintains a journal of all I/Os received from the VM. Built-in intelligence allows the periodic consolidation of log deltas and the foundational VMDK. The implication: fullyhydrated recovery points, at any point in time—ensuring near-zero RPOs and rapid RTOs.
Continuous Data Protection (CDP) ensures that you recover all of your data, not just most of it. CDP delivers real-time protection for VMware vSphere virtual machines, augmenting your existing snapshot-backups data protection strategy.
The CDP Solution offers:
Enterprise-class data resiliency
Operational simplicity with high fault tolerance
Efficient flexibility
Cohesity’s SiteContinuity converged backup and disaster recovery solution provides:
Simplified Operations: Consolidate backup, continuous data protection and automated disaster recovery on a single platform, managed through one global UI and a unified policy framework, across application tiers, service levels, and environments.
Near-zero Application Downtime and Data Loss: With just a few clicks, automatically orchestrate failover and failback of a single application or an entire site, ensuring minimum data loss and downtime as business applications are rapidly recovered in a disaster scenario.
Flexible Recovery: Journal-based recovery helps to meet varying service levels across application tiers by restoring to any point in time — including days or even seconds before the disaster hit, on-premises or to the public cloud.
Machine Learning-Based Ransomware Detection and Recommendation: At the time of failover and/or restore, Cohesity Helios’ machine learning algorithm helps identify a clean point in time to restore. This helps protect the DR site from malware impact during the failover process.
Disaster Testing: Meet DR compliance objectives with confidence through end-to-end automated non-disruptive disaster recovery testing, including complete audit trail reporting.
Reduced TCO: Reduce costs by converging backup and DR, eliminating the need for separate point products and driving better storage efficiency. Further reduce data footprint and costs with global variable-length deduplication and compression across workloads. Additionally, there is no need to deploy dedicated virtual machines to support recovery of each ESXi host.
Limitless Scalability: The underlying web-scale architecture of the Cohesity platform enables organizations to scale BCDR capabilities limitlessly and painlessly.
On August 17th, Cohesity announced the release of their new platform version 6.5.1! This release is packed with over 75 enhancements since the last release. Since there are so many, we can’t really go through them in any detail. However, below is a very long and distinguished bulleted list of most of the enhancements in the 6.5.1 release.
NOTE: The below list of enhancements in version 6.5.1 are (GA) Generally Available with the exception of the individual listed items marked with either BETA or TECH PREVIEW.
CLOUD:
Microsoft 365 –
(TECH PREVIEW) SharePoint Online support
(TECH PREVIEW) SharePoint Online site documents
(GA) OneDrive
(GA) Exchange
(GA) Filter users based on Azure Active Directory Attributes
Azure –
Incremental APIs for Managed Disk VMs
Support for Hyper-V GEN2 VMs
AWS –
A backup admin can specify a VPC and Subnet for fleet instances at the source level for backup
Helios On-Prem & Global Policies –
On-premise multi-cluster management: single pane of glass experience for customers with many dark sites (Tech Preview)
Global policies: Enable policies at a global level for global and standardized governance and data management
New storage impact simulation and enhanced ransomware detection
SOFTWARE INTEGRATIONS:
(TECH PREVIEW) Exchange DAG Awareness –
Active/Active DAG configuration and automating DP for Exchange server mailboxes
Simplifies Server and Exchange DAG discovery and registration
Helps backup admins reorder backup priority of Exchange mailboxes base on their own requirements
Strengthening our NoSQL and Hadoop solution by unifying the comprehensive backup and recovery solution into a single framework
Unified protection and experience for your traditional and modern NoSQL databases
All workflows of DataProtect apply to NoSQL and Hadoop: a simple and comprehensive solution that’s a differentiator
Oracle –
Backup with “sysbackup” privilege
(TECH PREVIEW) Secondary VLAN for registration, backups, recovery, and cloning support
(TECH PREVIEW) Backup Oracle on Windows Servers support
Backup support for TDE databases
Pfile control during restore/clone functions
Log backup archival and PIT restore from archive
Enhanced Oracle pre-check utility
SQL –
(GA) Error message handling framework
(TECH PREVIEW) Exclude a SQL DB from a protection group
(TECH PREVIEW) Resume recovery after fail
SAP HANA 2.0 –
(GA) SAP HANA On Power
(BETA) Oracle on Linux
(GA) Uses native API for backup, recovery, enquiry, and delete
(GA) New RPM is downloadable from UI
Secondary NetApp –
Back up data protection volumes from secondary NetApp
Save space and no impact to their primary by backing up from the snapmirror copy and help reduce TCO
VMware Enhancements –
VMware SAN Transport via FC for better bandwidth/performance
File-level recovery with VMTools
Register vCenter on secondary network
VMware VM Recovery with Copy Recovery
PHYSICAL:
Compute-Only Nodes –
Options –
Cisco UCS C220 M5
HPE DL360
Dell R640
Also some (BYOH) Bring-Your-Own-Hardware options with Cisco, HPE, Dell, Fujitsu, and Lenovo
Dedicated nodes for computing in a Cohesity cluster for running resource-intensive apps
Customers now have the flexibility to independently scale compute or storage resources
Experience better performance for resource intensive workloads
New Cohesity C6055 Nodes –
C6055 Node –
High capacity 1U node
Cost competitive dense node for lower TCO for replication and archives
New expanded platform support: Fujitsu, Dell ROBO
CX8405 Node –
Dense All-Flash platform (92.16 TB RAW per node)
New Fujitsu RX2540 M5 Node –
New OEM partner hardware
(2) Options –
8TB RAW/5.3TB Usable
16TB RAW/10.6TB Usable
New Cisco Configurations –
Cisco UCS S3260 – 14TB drive integration
(2) Options –
Half-populated drives – 294TB RAW/194TB Usable
Fully-populated drives – 588TB RAW/388TB Usable
Cisco UCS C220 M5 –
4TB drives – 12TB RAW/8TB Usable
New Dell R640 ROBO Node –
(2) Options –
46TB RAW/42TB Usable
96TB RAW/64TB Usable
Physical Agent –
Auto upgrade agent after cluster upgrade
Directive-file backup support
Protect all local volumes support option in protection group
Auto deployment of agent
Parallel file/folder data protection
Support registering physical server on (2) Cohesity clusters
PLATFORM:
SmartFiles (NAS) –
Intent-Based views
New SMB SuperUser for share level permissions of SMB views
Audit Log – filter tab
Support for NIS environments
User mapping between Active Directory and NIS Provider
External NAS Tiering – Uptiering
(TECH PREVIEW) MegaFile Restores for Physical Data Sources –
Backup/Restore large files faster, help meet SLAs
Support for AIX, Linux, Windows for files > 64GB
3x faster restores for physical data source files > 64GB
(TECH PREVIEW) Service Providers – Pay-Per-Use Consumption –
Introducing a consumption-based pricing model for service providers
Traditional licensing locks service providers into multi-year license cycles and flat-fee monthly subscriptions
Cohesity is the only vendor that allows SPs to choose their own monthly commit and pay only for the software they consume through metered pricing for multiple SP offerings
Fault Tolerance –
New (EC) Erasure Coding configurations – EC 6:2/EC 8:2
As most of you are aware, 2020 has been especially riddled with Ransomware attacks against large corporations. However, large corporations are not the only ones under attack. These attacks are against all types of businesses from the largest corporations all the way down to the small mom and pop businesses. Government agencies to include federal, state, and local are under constant attack as well.
NOTE: For 2021 statistics on Ransomware attacks, see the first link at the bottom of this blog called “Ransomware Statistics“.
Most of the data protection solutions on the market (especially the legacy solutions) today have fallen pray to the above list of recent Ransomware attacks as well as many others.
To this day, not one Cohesity customer has had a successful ransomware attack to where they gained access to their Cohesity backups to delete or encrypt themand where they have followed our security hardening guidelines. That means that our customers have been able to detect, prevent, and/or recover and not have to pay any ransom whatsoever.
Here is an example of what can happen in your typical ransomware attack of today:
Employee clicks on link in an email and hackers gain access to your network.
Hacker then installs a key logger and gets an administrators credentials to systems (including your data protection system) on the network.
Hackers delete your backups of systems to ensure you can’t recover from backups and have to pay them the ransom.
If they don’t get administrator credentials to backup solution, they encrypt the backs first to again make sure you can’t recover any systems from backups and force you to pay the ransom.
If the company has any CCPA, GDPR, or other compliance related requirements and associated data, they collect that data.
They then encrypt the systems on the network.
Hackers notify the company that they have encrypted their systems and tell them they must pay a ransom to get the encryption keys to decrypt their systems. If they obtained any compliance related data, they also tell the company that they will publicly post the private data. If they do that, the company by law then has to publicly announce that they had a data breach. They then can be fined a very large amount of money for breaking compliance itself. This is a separate cost from the ransom.
Hackers typically give the company a certain time frame to pay the ransom or lose everything after that date as well as post any compliance related information on the internet.
If the company pays the ransom, it typically requires payment in Bitcoin because it is private and untraceable. Most companies don’t have a Bitcoin account, so they will need to pay a 3rd party company to convert the payment to Bitcoin in which the hackers will accept.
Once the ransom is paid, the hackers will provide all the decryption keys for every system that was encrypted.
The customer then has to randomly associate each decryption key to each server which can take days to do. The hackers don’t tell them which key goes to what specific server. If you have thousands of servers, that is a painfully long process all while your IT systems are still down.
Each virtual machine has to have twice the size of space on it in order to decrypt the system. Otherwise if there is not enough room on drive, decryption will fail until additional drive space is added. The time to go through this process can be painfully long based on how many systems need to be configured with additional storage.
At this point, this entire process from start to finish could be from days to weeks or more for a company to fully recover IF they pay the ransom.
For the company that has been attacked, if they have to pay the ransom due to being unable to restore from backups, this could mean a huge revenue loss for the company long term.
There are numerous costs associated to the attack:
The ransom itself.
The cost for 3rd party company to convert payment to Bitcoin.
Potential fines for breaking compliance due to leaked data if ransom not paid.
The associated cost of lost revenue due to systems being down for days, weeks, or more due to attack and recovery time frame of IT internal and externally facing services.
The associated cost of lost revenue due to bad reputation after personal data leaked.
The associated cost of massive increased hours worked by IT staff and any other employees to recover systems until they are back to normal operations.
Cost of new hardware/software implementation and associated man hours to implement new security measure to keep from being attacked again.
Legal actions against company for personal data leaked and other various reasons.
NEW (10/5/20) – US Department of the Treasury’s Office fines!
There are numerous precautions that can be taken to minimize the risk of your organization being attacked as well as recover easily and quickly to get your IT services up and running again. With that, securing your data protection (backup) solution becomes critical to protecting yourself against ransomware attacks.
How Cohesity Protects You Against Ransomware:
Cohesity takes security very serious and has extensive integrated cybersecurity in our solution. Listed below are the ways in which we protect your backups in our platform with the below principles and capabilities.
CyberScan App – Uncover cyber exposures and blind spots within your production environment by running on-demand and automated scans on backup snapshots against known vulnerabilities.
Advanced Threat Detection:
SentinalOne App – AI-powered prevention engine to Cohesity storage clusters, delivering the highest efficacy, lowest false positives, and most performant prevention technology. 100% signature-free and relies on machine learning models to deliver next-generation prevention.
ClamAV App – Scan the files stored in the Cohesity DataPlatform directly, without sending the files to an external scanner.
On August 12, 2020, Cohesity has officially announced the partnership with Pure Storage for their joint solution called Pure FlashRecover – Powered by Cohesity which is the industry’s first jointly-engineered all-flash modern data protection solution for rapid recovery, ransomware protection, and reuse of data.
Pure and Cohesity have formed this partnership based on strong customer demand for an integrated all-flash data protection solution that empowers customers to easily, quickly, and reliably back up and recover their data at scale. The companies have also formed this partnership at a time when more customers are embracing cloud services and are seeking ransomware protection.
Pure FlashRecover, Powered by Cohesity delivers all-flash data backup and recovery capabilities that enterprises require for restoring data rapidly in the face of a disaster or a ransomware attack. It enables flash-to-flash-to-cloud data protection and allows rapid, independent scaling of processing, throughput, and storage capacity for the most efficient use of all resources.
The solution also empowers organizations to future-proof data center investments and realize new levels of performance to meet growing petabyte-level recovery requirements. In addition, the solution enables backup data to be reused for analytics and DevOps, allowing multiple applications to leverage data stores on the high-performance, unified fast file and object FlashBlade™ platform.
By combining Cohesity DataProtect software with Pure’s unified fast file and object FlashBlade platform, the integrated solution delivers:
Performance: up to 3x faster backup and restore throughput than disk-based alternatives, capable of recovering thousands of virtual machines and up to 1PB of data a day to meet large-scale disaster recovery needs.
Integration: single-point purchasing, deployment and support all delivered through Pure, eliminating the need for customers to go through two vendors. Pure is now a Cohesity Technology Partner and the companies have committed to joint innovation.
Scalability: disaggregated compute and storage to enable independent scaling for backup / recovery processing, throughput, and storage capacity for the most efficient use of resources.
Simplicity: ease of management provided by cloud integration that enables flash-to-flash-to-cloud backup and recovery, low-cost public cloud storage for long-term retention, and non-disruptive upgrades.
Availability Pure FlashRecover, Powered by Cohesity is being tested by joint customers today and will be generally available in the United States in Q4 CY2020 and in countries outside the United States in the coming quarters.
For More Information To find out how your organization can leverage the benefits of Pure FlashRecover, Powered by Cohesity, visit:
In this demo, I do a quick run through of the Cohesity 6.4.1 user interface related to the Data Protection use case specifically. This is not meant to be a complete demo of the entire interface and functionality, just a quick overview for the Data Protection use case only.
I start off by showing the types of sources you can connect to such as External Cloud Providers (AWS, Azure, GCP, etc.) as well as hypervisors, physical servers, databases, O365, Active Directory, NAS, etc.
Then I show how simple it is to create policies so that you can do local and long term retention, replication to other clusters, archive to the cloud, database logs, and much more.
The next step is to create a protection jobs for the various sources we mentioned above. We select the appropriate policy to associate to this protection job, and set various other settings such as QOA policy, SLA time frame, priority, etc.
If you would like to see a complete demo of the entire interface of our new 6.5.0 version, see my other video titled “Cohesity 6.5 User Interface Overview (DEMO)“…Click Here!
Want to know more about the new Cohesity 6.5 (UI) User Interface and all the core capabilities, watch the below video of the demo. Not all capabilities (old and new) are covered in this demo, it is meant to provide an overview of the core capabilities.
Topics covered in this demo:
Registering Sources
Registering External Sources
Creating Policies
Creating Protection Jobs
Restores (File & Virtual Machine)
Clone Virtual Machine
Creating Views/Shares (SMB/NFS/S3)
Cohesity Marketplace Apps
Reporting
System Information
What’s New in 6.5:
Comprehensive Protection for Kubernetes Namespaces
(CDP) Continuous Data Protection for Mission-Critical Virtual Machines
In this video, I quickly run through how to connect to (AD) Active Directory as a source and register it as an Active Directory server using our latest software version 6.5. Then I show a Active Directory protection job I had already ran previously. And finally, I show how easy it is to perform a Active Directory restore of a user account in which I deleted at the beginning of the video.
Cohesity has an agent install that allows us to do granular backups and recoveries of Microsoft’s Active Directory objects. Anyone that has had to do an “Authoritative AD Restore” in their day knows how painful that can be after someone has deleted an entire (OU) Organizational Unit from Active Directory!
With Cohesity, you are able to backup the entire Active Directory database. Then do a granular restore of a single or multiple AD objects. The user interface presents you a comparison screen to show what AD objects are missing compared to a previous backup snapshot making it easy to see what has been deleted.
If you have enabled the AD Recycle Bin feature, we will restore it from there to ensure all the properties of the AD object are restored with it. If you do not have AD Recycling Bin enabled, we will restore the object but may be missing some properties in the same way it would with an Authoritative Restore after the Tombstone period has passed.
So system administrators can celebrate…no more are the days of doing an “Authoritative Restore” on your Domain Controllers! It is now quick and easy to restore an object.
In this video, I will show you how to register SQL servers as a source in the Cohesity version 6.4.1 user interface. Then I show how to create two protection jobs, one for a stand-alone SQL server and another for a SQL AAG.
Then we walk through how to recover the SQL (AAG) Always on Availability Groups database to the stand-alone SQL server as well as clone it. The we wrap up by taking a quick look at the SQL Dashboard.
Cohesity has an agent install that allows us to do more granular backups and restores to SQL databases. You can protect stand-alone, clustered and (AAG) Always on Availability Groups SQL servers. You can use our “Auto-Protect” feature so that when a new SQL server has been added to a SQL cluster or AAG, it automatically gets backed up as they are added. The agent also allows you to selectively pick which databases you want to protect.
In this video, I walk you through enabling the use of apps on the Cohesity platform, installing, configuring and running the Clam AV app to protect file shares located on the Cohesity platform.
The Cohesity platform can act as a File/Object store (NAS) to replace your existing NAS or Windows File Shares. We also run Cohesity and 3rd party applications as containers on our platform. See our Marketplace for a full list of the available apps.
ClamAV App Description:
Protecting data on your file storage against viruses is important but relying on antivirus sitting outside of your NAS environment is inefficient. Moving data over the network for antivirus scans outside of your NAS servers adds unnecessary overhead and makes data vulnerable.
Now, with the integrated Clam AV app offered by Cohesity, users can scan the files stored in the Cohesity DataPlatform directly, without sending the files to an external scanner.
In this video, I walk through the process of downloading, installing, configuring and running the Cohesity Insight application on the Cohesity platform. I show the power of the app and how it can search for text patterns in numerous file types. See below for additional information on the Cohesity Insight application.
Insight App Description:
As backup and unstructured data grows exponentially, customers are often unaware of what data is stored, who has access to it and for how long. Customers need to retrieve or take action on files that contain specific information to gain business insights or for compliance purposes.
The Cohesity Insight app can help you easily perform an interactive text search on data stored on the Cohesity DataPlatform. The file types covered include office, text, pdf’s and zipped folders of these file types. The app can be pointed to Cohesity file shares (Views) as well as backed up objects.
As of October 30th, 2019, I started a new professional journey as a pre-sales Sr systems engineer with Cohesity. After six years working for VMware doing the same thing, I decided I needed a change. So far I have been very impressed with the company and our solutions.
So here is my second enablement video with Cohesity content where I provide a basic overview of an initial configuration of a Cohesity environment (version 6.1.1).
As of October 30th, 2019, I started a new professional journey as a pre-sales Sr systems engineer with Cohesity. After six years working for VMware doing the same thing, I decided I needed a change. So far I have been very impressed with the company and our solutions.
So in true fashion, I have learned enough to be dangerous and have created my first set of enablement videos with Cohesity content. Check out my first official video I created with Cohesity where I provide an overview of the Cohesity (UI) User Interface (version 6.1.1).
VMware’s Project Pacific is a re-configuration of vSphere that integrates Kubernetes as it’s control plane to allow for a higher level of abstraction that dramatically simplifies how we build, deploy, and manage modern applications and streamlines IT Operations and Development in today’s cloud-native and hybrid cloud world.
This demo shows how VMware NSX Advanced Load Balancer (Avi Networks) can be used in VMware Cloud on AWS software-defined data centers (SDDCs). NSX Advanced Load Balancer is a full blown Application Delivery Controller (ADC) and includes capabilities for load balancing, web application firewall (WAF), analytics, and monitoring. Speaker: Humair Ahmed, Senior Technical Product Manager, VMware Networking and Security Business Unit Learn More: https://bit.ly/2lF59SO Follow us on Twitter https://twitter.com/vmwarensx Like us on Facebook https://www.facebook.com/vmwarensx/ Keep up to date on the latest VMware NSX product releases and news on the Network Virtualization blog: https://bit.ly/2F5WX4O
As pre-announced last week at VMworld, VMware Cloud Foundation 3.8.1 is GA as of September 3, 2019! What’s New?The VMware Cloud Foundation 3.8.1 release includes the following: Automated deployment of PKS: Enables the automated deployment and the configuration of VMware Enterprise PKS on an NSX-T workload domain. Dual Authentication Support: Provides the two-factor authentication for The post Announcing General Availability of VMware Cloud Foundation 3.8.1 appeared first on Cloud Foundation.
With Project Pacific, we have integrated Kubernetes natively into vSphere. This new control plane allows you to manage both VMs and containers side-by-side in the vCenter you know and love. As mentioned in our technical overview post, there are two types of Kubernetes clusters that now run natively in vSphere: a “Supervisor Kubernetes cluster” control The post Infrastructure self-service with Project Pacific appeared first on VMware vSphere Blog.
At VMworld 2018, Pat Gelsinger made reference to a project that was looking to use Artificial Intelligence and Machine Learning to create self driving operations for the vSphere stack. At VMworld 2019 last week, we were given a tech preview of the first iteration of this effort, called Project Magna. There were a number of VMworld break-out sessions dedicated to this effort, and I will reference them near the end of this post. However, this first tech preview is focused solely on…Read More
Introduction Today we’re introducing Project Pacific as a Technology Preview and we think it’s going to change the way you think about the cloud. Project Pacific is a re-architecture of vSphere with Kubernetes as its control plane. To a developer, Project Pacific looks like a Kubernetes cluster where they can use Kubernetes declarative syntax to The post Project Pacific – Technical Overview appeared first on VMware vSphere Blog.
Today VMware announced Project Pacific, what I believe to be the biggest evolution of vSphere in easily the last decade. Simply put, we are rearchitecting vSphere to deeply integrate and embed Kubernetes. Project Pacific evolves vSphere to be a native Kubernetes platform. What’s driving this shift? Fundamentally it goes to what constitutes a modern application. The post Introducing Project Pacific appeared first on VMware vSphere Blog.
Last Thursday, I wrote about VMware’s definitive agreement to acquire Pivotal. We’re really excited to fully join forces, but as I foreshadowed it is one element in our larger strategy to help customers build modern applications, run Kubernetes consistently across environments and manage it all from a single point of control. On Monday at VMworld, The post VMware Tanzu Completes the Modern Applications Picture appeared first on Cloud Native Apps Blog.
Embrace the momentum of today’s rapidly changing IT environment and accelerate your journey to the cloud with VMware. From the latest in cloud, networking and security, and digital workspaces, to IoT and emerging trends, make your mark with the new technologies and products announced at VMworld 2019.
VMware’s annual VMworld US conference is upon us again starting August 24th, 2019 in San Francisco, CA! For those of you technical individuals that have attended previous years, you most likely know about the main attraction at the conference. The main attraction at the conference every year is the (HOL) Hands On Labs!
Our Hands-on Labs demonstrate the real value of VMware solutions in real time. As a VMworld attendee, you’ll gain special access to our latest technologies and explore a wide range of today’s most exciting topics. You can use a VMware-provided machine or your own device; either way, product experts will be available to provide one-on-one guidance. Hands-on Labs will be located in Moscone West, Level 3.
I have been a part of the Hands On Labs staff for the last six years and it has been an incredible ride! It has been hard work, but has been the most rewarding experience in my IT career. I started out as a proctor the first few years, then became a lab captain and have been one for three years now.
As a lab captain, we take what features/capabilities our content leads want to showcase in the lab, then we put it all together. We figure out what VMware solutions we need in the lab environment and what use cases, features, etc. to show. Then it all comes together into the lab manual that we build from scratch. The development cycle for us takes months of work, but again it is very satisfying!
This year I am the captain of the “HOL-2001-01: What’s New in vRealize Operations 7.5” lab. So if you are interested in learning about what’s new in vRealize Operations 7.5, take my lab and let me know how I did. Feedback is always greatly appreciated! We create these for you and want you to get the best experience out of them, so feedback is important to us and we act on all your feedback.
Hands On Labs – VMworld 2019 Information:
At this years conference, attendees will have a variety of options in the Hands On Labs. Below are the optional experiences that we will have to offer. I have also provided tips for each one of the below options to enhance your experience and maybe walk away with a cool prize or two!
Self-Passed Labs: This is our popular service where you can interact with the latest VMware products at your own pace at a traditional workstation. Many product experts are in the room ready to assist. These flexible labs have 15- to 60-minute consumable modules that you can take incrementally throughout the week at VMworld. You can complete an entire lightning lab in just 30 minutes. Self-paced labs are delivered on a first-come, first-served basis and do not need to be scheduled in advance.
Self-Passed Tip: Make sure you complete the survey after you finish taking a lab. That is how we continually improve the customer experience. Not to mention, for every so many surveys taken (e.g. 100), we give away cool prizes (Echo Dot, wireless headsets, etc.)
(ELW) Expert-Led Workshop: These sessions are presented by the VMware product experts who develop lab content, creating an engaging, instructional environment. Workshops require advance sign-up through the VMworld US Content Catalog, now available online. Join us to get your questions answered and discuss solutions in a group setting.
ELW TIP: Even if the ELW is full, get there early and get on the waiting list. Many attendees register for the ELW and don’t show up, so there is still a good chance you can get into one!
Lab Tour: These 30-minute tours provide a behind-the-scenes peek at what it takes to run our labs. The tour covers both business and technical topics focused on VMware products and solutions. You will meet lab creators and engineers running our multiple clouds.
TOUR TIP: At this point, many of the tours are already booked up. But we sometimes add additional tours as needed, so keep checking for availability!
(NEW!) VMware Odyssey: We are taking Hands-on Labs to the next level by adding gamification elements to the labs you know and love. Cheer your favorite team as they showcase their expertise across the VMware portfolio and compete to be the grand prize winner. Visit VMware Odyssey™ in Moscone West, Level 3 to learn more and enter for a chance to win prizes.
Odyssey TIP: The teams have already been selected, but come and support the teams anyway. They are giving away some prizes to viewers as well!
IMPORTANT TIP:
There is one final tip I would like to share with you, especially for those who are unable to attend the conference. In case you didn’t know, there is a “public-facing” Hands on Lab environment (https://labs.hol.vmware.com) that you can access from anywhere at any time.
Prior to the VMworld conference, you can access last years content which will have the versions of our solutions at that time. Within a month or so after the conference, we will start to release the brand new labs with the “most recent” versions of the labs to the public-facing HOL site. They get released little by little, so if you don’t see the one your looking for, keep checking back.
The first two digits of the lab numbers are the fiscal year they were developed for. So last years lab which you will see on the public site today start with “19**-00”. The new labs that will be showcased for this year start with “20**-**”. So that is how you can tell which labs are this years as they slowly get released to the public site.
Hopefully this post was helpful in providing you some basic information on what the Hands On Labs are, the benefits, what’s available this year, and helpful tips for attendees.
If you are attending the conference this year, take in all the information that is available to you in the sessions, take some of our labs, but most of all have some fun while you are there!
At this point, most people in the networking space know what SD-WAN is, the benefits it brings to a business, and how to determine which vendor to use. If not, it’s easy to do a Google search and find more information than you could possibly digest in a week. Having lived and breathed SD-WAN for…Read More
