This article peeked my interest due to the nature of it being a VMware vulnerability. Between the fact that I worked for VMware for many years and I was just working inside VMware Workstation Pro building out a Windows environment the last few days made me take a second look on this article.
The bigger company and more widely used your products, the more it makes you a target for hackers. This just proves no matter how much they may dedicate to securing software, there is always someone smarter and with the time and resources to find a way in!
Broadcom released security updates today to fix a high-severity authentication bypass vulnerability in VMware Tools for Windows.
VMware Tools is a suite of drivers and utilities designed to improve performance, graphics, and overall system integration for guest operating systems running in VMware virtual machines.
The vulnerability (CVE-2025-22230) is caused by an improper access control weakness and was reported by Sergey Bliznyuk of Positive Technologies (a sanctioned Russian cybersecurity company accused of trafficking hacking tools).
Local attackers with low privileges can exploit it in low-complexity attacks that don’t require user interaction to gain high privileges on vulnerable VMs.
“A malicious actor with non-administrative privileges on a Windows guest VM may gain ability to perform certain high-privilege operations within that VM,” VMware explains in a security advisory published on Tuesday.
Earlier this month, Broadcom also patched three VMware zero days (CVE-2025-22224, CVE-2025-22225, and CVE-2025-22226), which were tagged as exploited in attacks and reported by the Microsoft Threat Intelligence Center.
As the company explained at the time, attackers with privileged administrator or root access can chain these vulnerabilities to escape the virtual machine’s sandbox.
Ransomware gangs and state-sponsored hackers frequently target VMware vulnerabilities, as VMware products are widely used in enterprise operations to store or transfer sensitive corporate data.
For instance, in November, Broadcom warned that attackers were exploiting two VMware vCenter Server vulnerabilities: a privilege escalation to root (CVE-2024-38813) and a critical remote code execution flaw (CVE-2024-38812) identified during China’s 2024 Matrix Cup hacking contest.
In January 2024, Broadcom also disclosed that Chinese state hackers had used a critical vCenter Server zero-day vulnerability (CVE-2023-34048) since late 2021 to deploy VirtualPita and VirtualPie backdoors on affected ESXi systems.
March 4th, VMware quietly released patches for three ESXi zero day vulnerabilities: CVE-2025–22224, CVE-2025–22225, CVE-2025–22226.
Although the advisory doesn’t explicitly say it, this is a hypervisor escape (aka a VM Escape). A threat actor with access to run code on a virtual machine can chain the three vulnerabilities to elevate access to the ESX hypervisor.
This is backed up by VMware’s official Github, which says:
Yes, this is being actively exploited in the wild.
Once you have ESX access, you can access everything on the ESX server — which includes things such as VM data, and crucially ESX config and mounted storage. Using ESX config and mounted network storage, you can traverse the VMware environment.
My pretty diagram:
Feel free to use this carefully prepared graphic to brief your board or the public
For example, orgs use vMotion to allow virtual machines to automatically move across ESX hosts, to balance load and allow for maintenance without downtime (it’s how VMware security patching works). Because of this, a threat actor has direct access to storage of VMs both on and not on that host by design — they’re basically loose on the backend.
Areas of concern
ESXi is a ‘black box’ environment, where you don’t have EDR tools and such — it is locked down. As such, a hypervisor escape means a threat actor is outside of all security tooling and monitoring. They can, for example, access Active Directory Domain Controller databases without triggering any alerts anywhere in the stack, or delete data.
This is frequently seen in ransomware incidents, where people directly exploit the ESX server or vCenter server over the VMware management network using unpatched vulnerabilities. Once they reach ESX, they reach directly into storage across the whole cluster.
However, being able to reach the ESX server hypervisor directly from the Virtual Machine significantly raises the risk. For example, you don’t need to find the ESX server details, or reach a segregated network.
‘But Kevin’ you may say ‘if a threat actor gained access to a VM it’d be game over’. Well… not so much. Threat actors gain access to endpoints all the time in any large org, e.g. malware initial access on end user PCs. When you have VDIs on VMware, you have a problem. When you have shared servers on VMware, you have a problem. Compromise one of system in a company is not usually a big problem in the short term. Immediate compromise of all of them is a big problem.
Additionally, there are around 500 Managed VMware providers, who operate as effectively clouds, allowing SMBs to purchase fully managed VMs, on demand compute basically. A compromise of one customer VM would allow compromise of every customer VM in the same managed provider.
This also applies to companies who have built their own Private Clouds using VMware, and use VMware to segregate business units.
Versions impacted
The Broadcom advisory is currently incomplete for some reason. For example VMware’s Github lists versions 6.5 and 6.7 as impacted, and patches are available on VMware’s website — but VMware’s advisory on the Broadcom site doesn’t list them as impacted as of writing. Basically, every release of ESX is impacted.
I understand 5.5 is also impacted, however it is out of support so no patch is available.
In this post, we’ll show precisely how to chain round-trip attacks and namespace confusion to achieve unauthenticated admin access on GitLab Enterprise by exploiting the ruby-saml library.
While researching this, GitHub independently discovered and patched our vulnerabilities. However, their disclosure omits key technical details, including the specific mutation and how to exploit it without authentication.
We believe sharing the full details on how these attacks work is crucial for improving security by empowering everyone with the knowledge needed to identify, mitigate, and defend against such threats effectively.
This research began after we came across a fascinating post by Juho Forsén detailing an XML round-trip vulnerability. What started as curiosity quickly spiraled into a deep dive into the intricacies of SAML, uncovering far more than we initially expected. We spent months exploring various round-trip attacks with the goal of presenting our findings at Black Hat. However, as luck would have it, we ran into a research collision with Alexander Tan ( ahacker1 ), leading to our discoveries being patched before we could submit. Despite that twist, we believe this work is still worth sharing, and while it may not be hitting Black Hat this year, we hope you find it just as compelling.
Round-trip attacks 101
SAML libraries often parse an XML document, store it as a string, and later re-parse it. In Ruby-SAML, this process involves two different parsers: REXML, which is used to parse the document and validate the signature, and Nokogiri, which is used to access attributes. If any mutations occur during this process, the document may not be identical when parsed a second time.
For secure authorization, the document must be parsed and serialized consistently; otherwise, structural inconsistencies may arise. These inconsistencies can be exploited in a round-trip attack. By leveraging XML comments and CDATA sections, an attacker can manipulate the document’s structure during mutation, bypassing signature verification and effectively gaining unauthorized access by assuming another user’s identity.
Round-trip attack on Ruby SAML/REXML
To facilitate testing, we developed a testbed to identify round-trip vulnerabilities and efficiently evaluate multiple SAML libraries. I began by examining the document type definition (DOCTYPE), as similar vulnerabilities had been discovered in the past. My initial approach focused on analyzing how XML entities were parsed, so I conducted tests in that area.
In Juho’s original discovery, notation declarations were used to introduce inconsistencies in how quotes were interpreted. Building on this, I investigated whether any additional vulnerabilities had been overlooked. After extensive testing, I found that mutations could be introduced within the SYSTEM identifier.
Continue reading the rest of the article by Gareth Heyes below!
Threat actors are targeting a year-old server-side request forgery (SSRF) vulnerability in a third-party ChatGPT tool, mainly against financial entities and US government organizations, cybersecurity firm Veriti reports.
The affected tool is called ChatGPT, but it’s not made by OpenAI. Instead, it’s an open source tool created by a Chinese developer, designed to provide an interface for interacting with the ChatGPT gen-AI service.
The bug, tracked as CVE-2024-27564, is a medium-severity issue affecting the pictureproxy.php file. It allows attackers to inject crafted URLs in the url parameter and force the application to make arbitrary requests.
Reported in September 2023 and publicly disclosed one year ago, the flaw can be exploited without authentication, and has had proof-of-concept (PoC) exploit code available publicly for some time.
According to Veriti, at least one threat actor has added an exploit for CVE-2024-27564 to its arsenal, and has started probing the internet for vulnerable applications.
Within a single week, the cybersecurity firm observed over 10,000 attack attempts coming from a single IP address. Roughly one-third of the targeted organizations are potentially at risk of exploitation due to misconfigurations in their protection solutions, Veriti warns.
Most of the attacks were targeting organizations in the US, mainly in the government and financial sector. Financial and healthcare firms in Germany, Thailand, Indonesia, Colombia, and the UK were targeted as well.
“Banks and fintech firms depend on AI-driven services and API integrations, making them vulnerable to SSRF attacks that access internal resources or steal sensitive data,” Veriti notes.
Although a medium-severity issue, CVE-2024-27564 has become a real-world attack vector and organizations should address it as soon as possible. They should also check their intrusion prevention systems and firewalls for any misconfigurations and monitor logs for known attacker IP addresses.
“Ignoring medium-severity vulnerabilities is a costly mistake, particularly for high-value financial organizations,” Veriti says.
*updated to clarify that the ChatGPT tool impacted by CVE-2024-27564 is not in any way related to ChatGPT developer OpenAI.
OpenAI is forecasting a major shift in the next five years around who it gets most of its computing power from, The Information reported on Friday.
By 2030, OpenAI expects to get three-quarters of its data center capacity from Stargate, a project that’s expected to be heavily financed by SoftBank, one of OpenAI’s newest financial backers. That represents a major shift away from Microsoft, OpenAI’s biggest shareholder, who fulfills most of the startup’s power needs today.
The change won’t happen overnight. OpenAI still plans to increase its spending on Microsoft-owned data centers in the next few years.
During that time, OpenAI’s overall costs are set to grow dramatically. The Information reports that OpenAI projects to burn $20 billion in cash during 2027, far more than the $5 billion it reportedly burned through in 2024. By 2030, OpenAI reportedly forecasts that its costs around running AI models, also known as inference, will outpace what the startup spends on training AI models.
Chinese AI lab DeepSeek plans to open source portions of its online services’ code as part of an “open source week” event next week.
DeepSeek will open source five code repositories that have been “documented, deployed and battle-tested in production,” the company said in a post on X on Thursday.
Code repositories are storage locations for software development assets, and typically contain source code as well as configuration files and project documentation.
“As part of the open-source community, we believe that every line shared becomes collective momentum that accelerates the journey,” the company wrote. “Daily unlocks are coming soon. No ivory towers — just pure garage-energy and community-driven innovation.”
DeepSeek, which has a history of making its AI models openly available under permissive licenses, has lit a fire under AI incumbents like OpenAI. In recent social media posts, OpenAI CEO Sam Altman admitted DeepSeek has lessened OpenAI’s technological lead, and said that OpenAI would consider open sourcing more of its technology in the future.
To a phisher, one tiny hyphen can make a big mark.
SANS Technology Institute Dean of Research Johannes Ullrich alerted users to a “clever” phishing tactic that uses a URL containing a “com-” domain prefix. With that tiny, easy-to-miss hyphen, threat actors can disguise a malicious destination.
Ullrich noted on the SANS site that the phishing tactic was placed into fraudulent messages alerting a user of unpaid tolls. (The FBI warned the public of toll trolls in April 2024, when there were over 2,000 complaints of attacks using fake text messages.)
How the “.com-” tactic works. A legitimate site involving Florida’s toll system (SunPass) would involve a forward slash and look something like: “sunpass.com/tolls.”
In instances discovered by Ullrich and shared on the SANS site, the phisher registers for and receives a domain that begins with “com-,” followed by seemingly random letters, then ending with a top-level domain, like .info, .top, .xyz, and even .com.
To a reader, the phishy URL appears as something like: “sunpass.com-[random letters].top”—a tricky difference to notice when you’re quickly looking on a tiny phone screen and it appears that you owe toll money.
Fraud jobs. URL obfuscation is a favorite tactic of opportunistic threat actors, who register mimicking domains to trick fans of events like the Super Bowl or the Olympics. (Business administration company CSC identified 5,000 unique domain registrations mimicking well-known sportsbooks, between Jan. 1, 2023, and Dec. 24, 2024, for example.)
According to the FTC, government impersonation scammers led to $618 million in losses in 2023, up from $497 million in 2022 and $428 million in 2021.
Dash money. Ullrich told IT Brew that he continues to see “com-” domains registered: 315 on Feb. 11, 428 on Feb. 10, and 269 on Feb 9. (The sites are often short-lived and quickly shut down as fraudulent, he added.)
Many of the questionable domains point to the same IP address, Ullrich said, suggesting one actor is registering and rotating between them.
Ullrich also shared with IT Brew a new twist on the hyphen-ishing trend: A “com.-” domain prefix with a “.com” ending to the URL, and a “case number” in between to convince targeted users that the sender is from an IT support team.
“They can use any prefix for the domain to impersonate arbitrary .com domains,” Ullrich told us in an email.
In his Feb. 5 post, Ullrich advised IT pros to review DNS queries for these kinds of prefixes.
A rootkit is malware whose main objective and purpose is to maintain persistence within a system, remain completely hidden, hide processes, hide directories, etc., in order to avoid detection.
This makes its detection very complex, and its mitigation even more complex, since one of the main objectives of a rootkit is to remain hidden.
A rootkit, it changes the system’s default behavior to what it wants.
1.1 What is a kernel? Userland and kernel land differences
The kernel is the core of the operating system, responsible for managing system resources and facilitating communication between hardware and software. It operates at the lowest layer of the system, for example components that operate in kernel land include the kernel itself, device drivers and kernel modules (which we call Loadable Kernel Module, short for LKM).
On the other hand, the userland or userspace is the layer where user programs and applications are executed. This is the part of the OS that interacts with the user, including browsers, text editors, games, common programs that the user uses, etc.
1.2 What is a system call?
System calls (syscalls) are fundamental in OS, they allow running processes to request services from the kernel
These services include operations such as file management, inter-process communication, process creation and management, among others.
A very practical example is when we write code in C, a simple hello world, if we analyze it with strace for example, you will notice that it uses sys_write to be able to write Hello world.
Palo Alto Networks warns that a file read vulnerability (CVE-2025-0111) is now being chained in attacks with two other flaws (CVE-2025-0108 with CVE-2024-9474) to breach PAN-OS firewalls in active attacks.
The vendor first disclosed the authentication bypass vulnerability tracked as CVE-2025-0108 on February 12, 2025, releasing patches to fix the vulnerability. That same day, Assetnote researchers published a proof-of-concept exploit demonstrating how CVE-2025-0108 and CVE-2024-9474 could be chained together to gain root privileges on unpatched PAN-OS firewalls.
A day later, network threat intel firm GreyNoise reported that threat actors had begun actively exploiting the flaws, with attempts coming from two IP addresses.
CVE-2024-9474 is a privilege escalation flaw in PAN-OS fixed in November 2024 that allows a PAN-OS administrator to execute commands on firewalls with root privileges. Palo Alto Networks warned at the disclosure that the vulnerability was exploited as a zero-day.
CVE-2025-0111 is a file read vulnerability in PAN-OS, allowing authenticated attackers with network access to the management web interface to read files that are readable by the “nobody” user.
The CVE-2025-0111 flaw was also fixed on February 12, 2025, but the vendor updated its bulletin today to warn that it is also now being used in an exploit chain with the other two vulnerabilities in active attacks.
“Palo Alto Networks has observed exploit attempts chaining CVE-2025-0108 with CVE-2024-9474 and CVE-2025-0111 on unpatched and unsecured PAN-OS web management interfaces,” reads the updated bulletin.
While Palo Alto Networks has not shared how the exploit chain is being abused, BleepingComputer has been told they could be chained together to download configuration files and other sensitive information.
There are plenty of phish in the sea, and the latest ones have little interest in your email inbox.
In 2024, Malwarebytes detected more than 22,800 phishing apps on Android, according to the recent 2025 State of Malware report. Of those malicious apps, 5,200 could subvert one of the strongest security practices available today, called “multifactor authentication,” by prying into basic text messages sent to a device. Another 4,800 could even read information from an Android device’s “Notifications” bar to obtain the same info.
These “Android phishing apps” may sound high-tech, but they are not. They don’t crack into password managers or spy on passwords entered for separate apps. Instead, they present a modern wrapper on a classic form of theft: Phishing.
By disguising themselves as legitimate apps—including for services like TikTok, Spotify, and WhatsApp—Android phishing apps can trick victims into typing in their real usernames and passwords on bogus login screens that are controlled entirely by cybercriminals. If enough victims unwittingly send their passwords, the cyber thieves may even bundle the login credentials for sale on the dark web. Once the passwords are sold, the new, malicious owners will attempt to use individual passwords for a variety of common online accounts—testing whether, say, an email account password is the same one used for a victim’s online banking system, their mortgage payment platform, or their Social Security portal.
The volume of these apps and their capabilities underscore the importance of securing yourself and your devices. With vigilance, safe behavior, and some extra support, you can avoid Android phishing apps and protect your accounts from cybercriminals.
Same trick, new delivery
For more than a decade, phishing was often understood as an email threat. Cybercriminals would send emails disguised as legitimate communications from major businesses, such as Netflix, Uber, Instagram, Google, and more. These emails would frequently warn recipients about a problem with their accounts—a password needed to be updated, or a policy change required a login.
But when victims followed the links within these malicious emails, they’d be brought to a website that, while appearing genuine, would actually be in complete control of cybercriminals. Fooled by similar color schemes, company logos, and familiar layouts, victims would “log in” to their account by entering their username and password. In reality, those usernames and passwords would just be delivered to cybercriminals on the other side of the website.
There never was a problem with a user’s account, and there never was a real request for information from the company. Instead, the entire back-and-forth was a charade.
Over time, phishing emails have advanced—cybercriminals have stolen credit card details by posing as charities—but so, too, have phishing protections from major email providers, sending many cybercriminal efforts into people’s “spam” inboxes, where the emails are, thankfully, never retrieved.
Apple has released an emergency security update for a vulnerability which it says may have been exploited in an “extremely sophisticated attack against specific targeted individuals.”
The update is available for:
iOS 18.3.1 and iPadOS 18.3.1 – iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later
iPadOS 17.7.5 – iPad Pro 12.9-inch 2nd generation, iPad Pro 10.5-inch, and iPad 6th generation
If you use any of these then you should install updates as soon as you can. To check if you’re using the latest software version, go to Settings (or System Settings) > General > Software Update. It’s also worth turning on Automatic Updates if you haven’t already, which you can do on the same screen.
Technical details
The new-found zero-day vulnerability is tracked as CVE-2025-24200. When exploited, the vulnerability would allow an attacker to disable USB Restricted Mode on a locked device. The attack would require physical access to your device
The introduction of USB Restricted Mode feature came with iOS 11.4.1 in July 2018. The feature was designed to make it more difficult for attackers to unlock your iPhone. When USB Restricted Mode is active, your device’s Lightning port (where you plug in the charging cable) will only allow charging after the device has been locked for more than an hour. This means that if someone tries to connect your locked iPhone to a computer or other device to access its data, they won’t be able to do so unless they have your passcode.
To enhance data security, especially when traveling or in public places, it is recommended that you enable USB Restricted Mode in your device settings. If your iPhone, iPad or iPod Touch is running iOS 11.4.1 or later, USB Restricted Mode is automatically on by default, but if you want to check and enable USB Restricted Mode, this can be done by going to Settings > Face ID & Passcode or Touch ID & Passcode > (USB) Accessories and toggling off (grey) the (USB) Accessories option. Enabling this setting adds an extra layer of protection against unauthorized data access.
Please note: toggling the option to green turns this feature off.
Vulnerabilities like these typically target specific individuals as deployed by commercial spyware vendors like Pegasus and Paragon. This means the average user does not need to fear attacks as long as the details are not published. But once they are, other cybercriminals will try to copy them.
The free-to-play game, PirateFi, infects users with malware that steals browser cookies, enabling the malware’s creator to hijack access to various online accounts.
Original story: A hacker published a PC game on Steam to infect users with Windows-based malware.
The free-to-play game, PirateFi, was released on Thursday. Days later, Valve was spotted sending out a message to affected users, warning them about the threat to their computers.
“We strongly encourage you to run a full-system scan using an antivirus product that you trust or use regularly, and inspect your system for unexpected or newly installed software,” Steam said.
PirateFi was published as a beta. However, according to Steam forum posts, one user noticed something was off when their antivirus software prevented them from running the game, flagging it as carrying “Trojan.Win32.Lazzzy.gen.”
“The essence of the virus: When you launch the ‘game,’ the virus unpacks into /AppData/Temp/****/ and looks like Howard.exe,” the user wrote in Rusian. The malware then appears to steal browser cookies, enabling the malware’s creator to hijack access to various online accounts.
Another gamer who downloaded the title wrote on Tuesday: “Most of my stuff has either been hacked and passwords changed or being signed in using cookies that’ve been stolen!”
Bob Woodward and Carl Bernstein would be of limited use with this 21st-century breach though.
The Watergate Hotel in the District suffered a data breach last year and has recently notified those affected online and via mail.
The hackers targeted personal and financial information.
The hotel noticed suspicious activity on its network on April 6, 2024. After securing the network and investigating, the hotel found that the cyber-burglars had gotten access to hotel computers and were therefore able to see and download certain files, the hotel said on its website.
About 2,220 people were affected by the data breach, according to a data breach database maintained by the Office of the Maine Attorney General.
The data stolen varies by individual, the Watergate said, but includes names, financial account and credit card information, health insurance and medical information, and Social Security, government identification and driver’s license numbers.
A high-severity SQL injection bug in the PostgreSQL interactive tool was exploited alongside the zero-day used to break into the US Treasury in December, researchers say.
Rapid7’s principal security researcher, Stephen Fewer, disclosed CVE-2025-1094 (8.1) on Thursday, saying it was a key part of the exploit chain that also included the BeyondTrust zero-day (CVE-2024-12356).
In fact, CVE-2025-1094 was so important to the chain that the BeyondTrust attack couldn’t have been pulled off without it, we’re told.
“Rapid7 discovered that in every scenario we tested, a successful exploit for CVE-2024-12356 had to include exploitation of CVE-2025-1094 in order to achieve remote code execution,” said Fewer.
“While CVE-2024-12356 was patched by BeyondTrust in December 2024, and this patch successfully blocks exploitation of both CVE-2024-12356 and CVE-2025-1094, the patch did not address the root cause of CVE-2025-1094, which remained a zero-day until Rapid7 discovered and reported it to PostgreSQL.”
According to Rapid7’s director of vulnerability intelligence, Caitlin Condon, CVE-2025-1094 affects all versions of the PostgreSQL interactive tool, but, fortunately, it isn’t particularly simple to exploit. Given the complexity of the exploit pattern, Rapid7 doesn’t expect attacks to be carried out away from the BeyondTrust versions already known to be vulnerable.
She said via Mastodon: “But with the above said, it’s clear that the adversaries who perpetrated the December attack really knew the target technology, which is yet another example of a zero-day exploit trend Rapid7 started tracking in 2023.”
The vulnerability in the PostgreSQL interactive tool (psql) can lead to arbitrary code execution (ACE) and there is also a technique to exploit it independently from CVE-2024-12356. Rapid7 said BeyondTrust’s patch for its zero-day didn’t address the root cause of the psql bug, but it does prevent the two from being exploited together.
The psql vulnerability can be exploited because of an incorrect assumption that a SQL injection attack can’t be carried out when a malicious input is safely escaped via PostgreSQL’s string escaping routines, Fewer said.
It has been several years since I was actively posting on this site. The last three or so years I stepped away from hands-on keyboard type of work and staying up-to-date on IT related information. I was focused on creating a quarterly enablement plan for all VMware Field Sales/Technical folks had the latest information related to VMware solutions. I did this on a global scale working with all the Program Managers of our solutions as well as the field sales managers ensuring field personnel were getting the proper ongoing enablement.
VMware was acquired a little over a year ago by Broadcom. As usual with acquisitions, positions get eliminated as mine did. So I am back looking for a new opportunity and have decided I want to get into Cyber Security and use my years of experience in IT and technology to support this new venture.
I had my CompTIA Security+ in the past but has expired so I am working on that now to re-certify and help with breaking into the security side of the house. After I finish that I will be doing the Certified Information Systems Professional (CISSP) and Certified Ethical Hacker (CEH) certifications over the next few months.
My hope is with these security focused certifications under my belt, I can break into a Cyber Security role. I know I will have to get an entry-level position, but I am willing to do what it takes.
Needless to say, my posts moving forward will be security focused to support my new career. I plan to post relevant security information related to IT. Hopefully as I learn, my readers will learn as well!
I also would love to hear from any of you in the industry with any suggestions as far as what to post here as well as for myself in my Cyber Security learning journey.
Cohesity has just announced the (LTS) Long Term Supported release of their DataPlatform version 6.5.1c. It is now available for Cohesity customers to upgrade their clusters and gain all the added benefits of the new LTS version. Below is the list of the added features and enhancements for both (GA) Generally Available and Tech Preview features.
(GA) Generally Available Features:
Backup/Recover to secondary VMware network
VMware VM Recovery with Copy Recovery
File Level Recovery with VMware Tools
NetApp DataProtect Volume Backup
NFS/SMB Encryption Support for NAS Backups
Blacklist IPs for NAS Protection Groups
Download NAS Backup Error Logs
NAS Backup with File DataLock
NAS Exclusions – Regular Expression Patterns
MegaFile Restore Support for Physical Agents
Auto Upgrade Agents after Cluster Upgrade
Protect All Local Volumes
Parallel File/Folder Data Protection
Fault Tolerance – New 6:2/8:2 (EC) Erasure Coding Configurations
Account/Security Related:
“Cohesity” User Account No Longer Used
Removed Bash SSH Access to Accounts
Both SSH/Remote Logins are Disabled by Default
“root” User Access from the Physical Console Removed
Support Account:
No User Account Anymore
Now Uses “User Security Token” Which Cohesity Support Needs to Connect to Your Cluster via the Remote Tunnel
Can be set to On/Off/Temporary for a Set Amount of Time
Only Cohesity Employees Can Access the Remote Tunnel
If Password Forgotten, Support Must be Contacted to Change Password
(2) Person Rule:
Cohesity Administrator Enables It
Password Set by a Different Cohesity Administrator – The First Administrator Does Not Set the Password
Administrator Controls the “sudo ” Access
a
Oracle:
Backup with “sysbackup” Privilege
Backup Support for TDE Databases
Pfile Control via UI During Restore/Clone
Log Backup Archival & PIT Restore from Archive
AWS:
Specify VPC for Fleet on Source Registration
AWS Cloud Edition – Deployment Using IAM Roles & Source/External Target Registration
Azure:
Filter Users Based on Azure Attributes
Use Incremental APIs for Managed Disk VMs
Support for Hyper-V Gen2 VMs
Cohesity Cloud Edition – Cost Optimization with XL Node
Next Generation User Interface Enhancements:
Quick Protect & Quick Policy
One-Time Protect
Dashboard Enhancements with Heat Maps
Metrics on Data Transferred to External Targets
A New Health Dashboard
Password Management Enhancements
Multi-Tenancy:
Enable “Restricted Access to Specific Object” Workflow for Organization User
Guardrail for Supported Workload
Protected Objects Heatmap Report for Tenants
Restore to vCloud Director Storage Profile
Support for VMware’s VCD version 10.1
VMware’s VCD Plug-In – Cross Launch to Cohesity Web GUI
Support for VMware’s vRealize Automation Workflows
SmartFiles (NAS):
Intent Based Views
SMB SuperUser Account
Audit Log – Filer Tab
NIS Support
External NAS Tiering – Uptiering
Hardware:
Cohesity C6055 with 16TB Drive Support
Cohesity “Compute” Nodes – For Use With NoSQL & Hadoop Only
Cohesity (VE) Virtual Edition
Cisco UCS C220 M5
HPE DL360
Dell R640
(BYOH) Bring Your Own Hardware (check for hardware requirements)
Support for SAN transport (Fibre channel or iSCSI) for VMware backups
NAS Backup with File DataLock
SharePoint Online Backups
Oracle:
VLAN Selection
Backup Databases on Windows Servers
SAP on Oracle Using BRTOOLs
SQL:
Exclude a SQL DB from a Protection Group
Resume Recovery After Fail
NoSQL & Hadoop Adapters
Automated Deployment of Cohesity Agent
DataProtection Continuity Across Cohesity Clusters
As always, we highly recommend that you lock down your Cohesity clusters using our Security Whitepaper and Hardening Guide to ensure you are protected as best as possible against Ransomware and other malicious attacks!
NOTE: The below links require you to have a Cohesity account to log into either the Cohesity Documents site.
On September 28, 2020 Cohesity announced Cohesity SiteContinuity, an automated disaster recovery solution that is integrated with the company’s backup and continuous data protection capabilities — making it the only web-scale, converged solution to protect applications across tiers, service levels, and locations on a single platform.
NOTE: (GA) General Availability will be in version 6.6 which will be released potentially in December 2020.
Cohesity is making this announcement as organizations are concerned about losing data to ransomware attacks, natural disasters, or human error. This new integrated solution will help companies ensure data isn’t lost, applications are available, costs are reduced — by eliminating redundant or unnecessary infrastructure — and that strict service-level agreements (SLAs) are met.
SiteContinuity uses our existing (CDP) Continuous Data Protection feature to deliver near-zero (RPOs) Recovery Point Objectives for your mission-critical virtual machines. Near-zero RPOs means every change and every I/O is protected, and in the case of disaster, minimizing your data loss and downtime.
Leveraging vSphere APIs for I/O filtering (VAIO), Cohesity intercepts I/Os between the protected VM and its underlining storage. This approach captures changes and helps reconstructing a copy of your VM directly on Cohesity. As a journal-based solution, Cohesity maintains a journal of all I/Os received from the VM. Built-in intelligence allows the periodic consolidation of log deltas and the foundational VMDK. The implication: fullyhydrated recovery points, at any point in time—ensuring near-zero RPOs and rapid RTOs.
Continuous Data Protection (CDP) ensures that you recover all of your data, not just most of it. CDP delivers real-time protection for VMware vSphere virtual machines, augmenting your existing snapshot-backups data protection strategy.
The CDP Solution offers:
Enterprise-class data resiliency
Operational simplicity with high fault tolerance
Efficient flexibility
Cohesity’s SiteContinuity converged backup and disaster recovery solution provides:
Simplified Operations: Consolidate backup, continuous data protection and automated disaster recovery on a single platform, managed through one global UI and a unified policy framework, across application tiers, service levels, and environments.
Near-zero Application Downtime and Data Loss: With just a few clicks, automatically orchestrate failover and failback of a single application or an entire site, ensuring minimum data loss and downtime as business applications are rapidly recovered in a disaster scenario.
Flexible Recovery: Journal-based recovery helps to meet varying service levels across application tiers by restoring to any point in time — including days or even seconds before the disaster hit, on-premises or to the public cloud.
Machine Learning-Based Ransomware Detection and Recommendation: At the time of failover and/or restore, Cohesity Helios’ machine learning algorithm helps identify a clean point in time to restore. This helps protect the DR site from malware impact during the failover process.
Disaster Testing: Meet DR compliance objectives with confidence through end-to-end automated non-disruptive disaster recovery testing, including complete audit trail reporting.
Reduced TCO: Reduce costs by converging backup and DR, eliminating the need for separate point products and driving better storage efficiency. Further reduce data footprint and costs with global variable-length deduplication and compression across workloads. Additionally, there is no need to deploy dedicated virtual machines to support recovery of each ESXi host.
Limitless Scalability: The underlying web-scale architecture of the Cohesity platform enables organizations to scale BCDR capabilities limitlessly and painlessly.
On August 17th, Cohesity announced the release of their new platform version 6.5.1! This release is packed with over 75 enhancements since the last release. Since there are so many, we can’t really go through them in any detail. However, below is a very long and distinguished bulleted list of most of the enhancements in the 6.5.1 release.
NOTE: The below list of enhancements in version 6.5.1 are (GA) Generally Available with the exception of the individual listed items marked with either BETA or TECH PREVIEW.
CLOUD:
Microsoft 365 –
(TECH PREVIEW) SharePoint Online support
(TECH PREVIEW) SharePoint Online site documents
(GA) OneDrive
(GA) Exchange
(GA) Filter users based on Azure Active Directory Attributes
Azure –
Incremental APIs for Managed Disk VMs
Support for Hyper-V GEN2 VMs
AWS –
A backup admin can specify a VPC and Subnet for fleet instances at the source level for backup
Helios On-Prem & Global Policies –
On-premise multi-cluster management: single pane of glass experience for customers with many dark sites (Tech Preview)
Global policies: Enable policies at a global level for global and standardized governance and data management
New storage impact simulation and enhanced ransomware detection
SOFTWARE INTEGRATIONS:
(TECH PREVIEW) Exchange DAG Awareness –
Active/Active DAG configuration and automating DP for Exchange server mailboxes
Simplifies Server and Exchange DAG discovery and registration
Helps backup admins reorder backup priority of Exchange mailboxes base on their own requirements
Strengthening our NoSQL and Hadoop solution by unifying the comprehensive backup and recovery solution into a single framework
Unified protection and experience for your traditional and modern NoSQL databases
All workflows of DataProtect apply to NoSQL and Hadoop: a simple and comprehensive solution that’s a differentiator
Oracle –
Backup with “sysbackup” privilege
(TECH PREVIEW) Secondary VLAN for registration, backups, recovery, and cloning support
(TECH PREVIEW) Backup Oracle on Windows Servers support
Backup support for TDE databases
Pfile control during restore/clone functions
Log backup archival and PIT restore from archive
Enhanced Oracle pre-check utility
SQL –
(GA) Error message handling framework
(TECH PREVIEW) Exclude a SQL DB from a protection group
(TECH PREVIEW) Resume recovery after fail
SAP HANA 2.0 –
(GA) SAP HANA On Power
(BETA) Oracle on Linux
(GA) Uses native API for backup, recovery, enquiry, and delete
(GA) New RPM is downloadable from UI
Secondary NetApp –
Back up data protection volumes from secondary NetApp
Save space and no impact to their primary by backing up from the snapmirror copy and help reduce TCO
VMware Enhancements –
VMware SAN Transport via FC for better bandwidth/performance
File-level recovery with VMTools
Register vCenter on secondary network
VMware VM Recovery with Copy Recovery
PHYSICAL:
Compute-Only Nodes –
Options –
Cisco UCS C220 M5
HPE DL360
Dell R640
Also some (BYOH) Bring-Your-Own-Hardware options with Cisco, HPE, Dell, Fujitsu, and Lenovo
Dedicated nodes for computing in a Cohesity cluster for running resource-intensive apps
Customers now have the flexibility to independently scale compute or storage resources
Experience better performance for resource intensive workloads
New Cohesity C6055 Nodes –
C6055 Node –
High capacity 1U node
Cost competitive dense node for lower TCO for replication and archives
New expanded platform support: Fujitsu, Dell ROBO
CX8405 Node –
Dense All-Flash platform (92.16 TB RAW per node)
New Fujitsu RX2540 M5 Node –
New OEM partner hardware
(2) Options –
8TB RAW/5.3TB Usable
16TB RAW/10.6TB Usable
New Cisco Configurations –
Cisco UCS S3260 – 14TB drive integration
(2) Options –
Half-populated drives – 294TB RAW/194TB Usable
Fully-populated drives – 588TB RAW/388TB Usable
Cisco UCS C220 M5 –
4TB drives – 12TB RAW/8TB Usable
New Dell R640 ROBO Node –
(2) Options –
46TB RAW/42TB Usable
96TB RAW/64TB Usable
Physical Agent –
Auto upgrade agent after cluster upgrade
Directive-file backup support
Protect all local volumes support option in protection group
Auto deployment of agent
Parallel file/folder data protection
Support registering physical server on (2) Cohesity clusters
PLATFORM:
SmartFiles (NAS) –
Intent-Based views
New SMB SuperUser for share level permissions of SMB views
Audit Log – filter tab
Support for NIS environments
User mapping between Active Directory and NIS Provider
External NAS Tiering – Uptiering
(TECH PREVIEW) MegaFile Restores for Physical Data Sources –
Backup/Restore large files faster, help meet SLAs
Support for AIX, Linux, Windows for files > 64GB
3x faster restores for physical data source files > 64GB
(TECH PREVIEW) Service Providers – Pay-Per-Use Consumption –
Introducing a consumption-based pricing model for service providers
Traditional licensing locks service providers into multi-year license cycles and flat-fee monthly subscriptions
Cohesity is the only vendor that allows SPs to choose their own monthly commit and pay only for the software they consume through metered pricing for multiple SP offerings
Fault Tolerance –
New (EC) Erasure Coding configurations – EC 6:2/EC 8:2
As most of you are aware, 2020 has been especially riddled with Ransomware attacks against large corporations. However, large corporations are not the only ones under attack. These attacks are against all types of businesses from the largest corporations all the way down to the small mom and pop businesses. Government agencies to include federal, state, and local are under constant attack as well.
NOTE: For 2021 statistics on Ransomware attacks, see the first link at the bottom of this blog called “Ransomware Statistics“.
Most of the data protection solutions on the market (especially the legacy solutions) today have fallen pray to the above list of recent Ransomware attacks as well as many others.
To this day, not one Cohesity customer has had a successful ransomware attack to where they gained access to their Cohesity backups to delete or encrypt themand where they have followed our security hardening guidelines. That means that our customers have been able to detect, prevent, and/or recover and not have to pay any ransom whatsoever.
Here is an example of what can happen in your typical ransomware attack of today:
Employee clicks on link in an email and hackers gain access to your network.
Hacker then installs a key logger and gets an administrators credentials to systems (including your data protection system) on the network.
Hackers delete your backups of systems to ensure you can’t recover from backups and have to pay them the ransom.
If they don’t get administrator credentials to backup solution, they encrypt the backs first to again make sure you can’t recover any systems from backups and force you to pay the ransom.
If the company has any CCPA, GDPR, or other compliance related requirements and associated data, they collect that data.
They then encrypt the systems on the network.
Hackers notify the company that they have encrypted their systems and tell them they must pay a ransom to get the encryption keys to decrypt their systems. If they obtained any compliance related data, they also tell the company that they will publicly post the private data. If they do that, the company by law then has to publicly announce that they had a data breach. They then can be fined a very large amount of money for breaking compliance itself. This is a separate cost from the ransom.
Hackers typically give the company a certain time frame to pay the ransom or lose everything after that date as well as post any compliance related information on the internet.
If the company pays the ransom, it typically requires payment in Bitcoin because it is private and untraceable. Most companies don’t have a Bitcoin account, so they will need to pay a 3rd party company to convert the payment to Bitcoin in which the hackers will accept.
Once the ransom is paid, the hackers will provide all the decryption keys for every system that was encrypted.
The customer then has to randomly associate each decryption key to each server which can take days to do. The hackers don’t tell them which key goes to what specific server. If you have thousands of servers, that is a painfully long process all while your IT systems are still down.
Each virtual machine has to have twice the size of space on it in order to decrypt the system. Otherwise if there is not enough room on drive, decryption will fail until additional drive space is added. The time to go through this process can be painfully long based on how many systems need to be configured with additional storage.
At this point, this entire process from start to finish could be from days to weeks or more for a company to fully recover IF they pay the ransom.
For the company that has been attacked, if they have to pay the ransom due to being unable to restore from backups, this could mean a huge revenue loss for the company long term.
There are numerous costs associated to the attack:
The ransom itself.
The cost for 3rd party company to convert payment to Bitcoin.
Potential fines for breaking compliance due to leaked data if ransom not paid.
The associated cost of lost revenue due to systems being down for days, weeks, or more due to attack and recovery time frame of IT internal and externally facing services.
The associated cost of lost revenue due to bad reputation after personal data leaked.
The associated cost of massive increased hours worked by IT staff and any other employees to recover systems until they are back to normal operations.
Cost of new hardware/software implementation and associated man hours to implement new security measure to keep from being attacked again.
Legal actions against company for personal data leaked and other various reasons.
NEW (10/5/20) – US Department of the Treasury’s Office fines!
There are numerous precautions that can be taken to minimize the risk of your organization being attacked as well as recover easily and quickly to get your IT services up and running again. With that, securing your data protection (backup) solution becomes critical to protecting yourself against ransomware attacks.
How Cohesity Protects You Against Ransomware:
Cohesity takes security very serious and has extensive integrated cybersecurity in our solution. Listed below are the ways in which we protect your backups in our platform with the below principles and capabilities.
CyberScan App – Uncover cyber exposures and blind spots within your production environment by running on-demand and automated scans on backup snapshots against known vulnerabilities.
Advanced Threat Detection:
SentinalOne App – AI-powered prevention engine to Cohesity storage clusters, delivering the highest efficacy, lowest false positives, and most performant prevention technology. 100% signature-free and relies on machine learning models to deliver next-generation prevention.
ClamAV App – Scan the files stored in the Cohesity DataPlatform directly, without sending the files to an external scanner.
On August 12, 2020, Cohesity has officially announced the partnership with Pure Storage for their joint solution called Pure FlashRecover – Powered by Cohesity which is the industry’s first jointly-engineered all-flash modern data protection solution for rapid recovery, ransomware protection, and reuse of data.
Pure and Cohesity have formed this partnership based on strong customer demand for an integrated all-flash data protection solution that empowers customers to easily, quickly, and reliably back up and recover their data at scale. The companies have also formed this partnership at a time when more customers are embracing cloud services and are seeking ransomware protection.
Pure FlashRecover, Powered by Cohesity delivers all-flash data backup and recovery capabilities that enterprises require for restoring data rapidly in the face of a disaster or a ransomware attack. It enables flash-to-flash-to-cloud data protection and allows rapid, independent scaling of processing, throughput, and storage capacity for the most efficient use of all resources.
The solution also empowers organizations to future-proof data center investments and realize new levels of performance to meet growing petabyte-level recovery requirements. In addition, the solution enables backup data to be reused for analytics and DevOps, allowing multiple applications to leverage data stores on the high-performance, unified fast file and object FlashBlade™ platform.
By combining Cohesity DataProtect software with Pure’s unified fast file and object FlashBlade platform, the integrated solution delivers:
Performance: up to 3x faster backup and restore throughput than disk-based alternatives, capable of recovering thousands of virtual machines and up to 1PB of data a day to meet large-scale disaster recovery needs.
Integration: single-point purchasing, deployment and support all delivered through Pure, eliminating the need for customers to go through two vendors. Pure is now a Cohesity Technology Partner and the companies have committed to joint innovation.
Scalability: disaggregated compute and storage to enable independent scaling for backup / recovery processing, throughput, and storage capacity for the most efficient use of resources.
Simplicity: ease of management provided by cloud integration that enables flash-to-flash-to-cloud backup and recovery, low-cost public cloud storage for long-term retention, and non-disruptive upgrades.
Availability Pure FlashRecover, Powered by Cohesity is being tested by joint customers today and will be generally available in the United States in Q4 CY2020 and in countries outside the United States in the coming quarters.
For More Information To find out how your organization can leverage the benefits of Pure FlashRecover, Powered by Cohesity, visit:
In this demo, I do a quick run through of the Cohesity 6.4.1 user interface related to the Data Protection use case specifically. This is not meant to be a complete demo of the entire interface and functionality, just a quick overview for the Data Protection use case only.
I start off by showing the types of sources you can connect to such as External Cloud Providers (AWS, Azure, GCP, etc.) as well as hypervisors, physical servers, databases, O365, Active Directory, NAS, etc.
Then I show how simple it is to create policies so that you can do local and long term retention, replication to other clusters, archive to the cloud, database logs, and much more.
The next step is to create a protection jobs for the various sources we mentioned above. We select the appropriate policy to associate to this protection job, and set various other settings such as QOA policy, SLA time frame, priority, etc.
If you would like to see a complete demo of the entire interface of our new 6.5.0 version, see my other video titled “Cohesity 6.5 User Interface Overview (DEMO)“…Click Here!
Want to know more about the new Cohesity 6.5 (UI) User Interface and all the core capabilities, watch the below video of the demo. Not all capabilities (old and new) are covered in this demo, it is meant to provide an overview of the core capabilities.
Topics covered in this demo:
Registering Sources
Registering External Sources
Creating Policies
Creating Protection Jobs
Restores (File & Virtual Machine)
Clone Virtual Machine
Creating Views/Shares (SMB/NFS/S3)
Cohesity Marketplace Apps
Reporting
System Information
What’s New in 6.5:
Comprehensive Protection for Kubernetes Namespaces
(CDP) Continuous Data Protection for Mission-Critical Virtual Machines
In this video, I quickly run through how to connect to (AD) Active Directory as a source and register it as an Active Directory server using our latest software version 6.5. Then I show a Active Directory protection job I had already ran previously. And finally, I show how easy it is to perform a Active Directory restore of a user account in which I deleted at the beginning of the video.
Cohesity has an agent install that allows us to do granular backups and recoveries of Microsoft’s Active Directory objects. Anyone that has had to do an “Authoritative AD Restore” in their day knows how painful that can be after someone has deleted an entire (OU) Organizational Unit from Active Directory!
With Cohesity, you are able to backup the entire Active Directory database. Then do a granular restore of a single or multiple AD objects. The user interface presents you a comparison screen to show what AD objects are missing compared to a previous backup snapshot making it easy to see what has been deleted.
If you have enabled the AD Recycle Bin feature, we will restore it from there to ensure all the properties of the AD object are restored with it. If you do not have AD Recycling Bin enabled, we will restore the object but may be missing some properties in the same way it would with an Authoritative Restore after the Tombstone period has passed.
So system administrators can celebrate…no more are the days of doing an “Authoritative Restore” on your Domain Controllers! It is now quick and easy to restore an object.
In this video, I will show you how to register SQL servers as a source in the Cohesity version 6.4.1 user interface. Then I show how to create two protection jobs, one for a stand-alone SQL server and another for a SQL AAG.
Then we walk through how to recover the SQL (AAG) Always on Availability Groups database to the stand-alone SQL server as well as clone it. The we wrap up by taking a quick look at the SQL Dashboard.
Cohesity has an agent install that allows us to do more granular backups and restores to SQL databases. You can protect stand-alone, clustered and (AAG) Always on Availability Groups SQL servers. You can use our “Auto-Protect” feature so that when a new SQL server has been added to a SQL cluster or AAG, it automatically gets backed up as they are added. The agent also allows you to selectively pick which databases you want to protect.
In this video, I walk you through enabling the use of apps on the Cohesity platform, installing, configuring and running the Clam AV app to protect file shares located on the Cohesity platform.
The Cohesity platform can act as a File/Object store (NAS) to replace your existing NAS or Windows File Shares. We also run Cohesity and 3rd party applications as containers on our platform. See our Marketplace for a full list of the available apps.
ClamAV App Description:
Protecting data on your file storage against viruses is important but relying on antivirus sitting outside of your NAS environment is inefficient. Moving data over the network for antivirus scans outside of your NAS servers adds unnecessary overhead and makes data vulnerable.
Now, with the integrated Clam AV app offered by Cohesity, users can scan the files stored in the Cohesity DataPlatform directly, without sending the files to an external scanner.
In this video, I walk through the process of downloading, installing, configuring and running the Cohesity Insight application on the Cohesity platform. I show the power of the app and how it can search for text patterns in numerous file types. See below for additional information on the Cohesity Insight application.
Insight App Description:
As backup and unstructured data grows exponentially, customers are often unaware of what data is stored, who has access to it and for how long. Customers need to retrieve or take action on files that contain specific information to gain business insights or for compliance purposes.
The Cohesity Insight app can help you easily perform an interactive text search on data stored on the Cohesity DataPlatform. The file types covered include office, text, pdf’s and zipped folders of these file types. The app can be pointed to Cohesity file shares (Views) as well as backed up objects.
As of October 30th, 2019, I started a new professional journey as a pre-sales Sr systems engineer with Cohesity. After six years working for VMware doing the same thing, I decided I needed a change. So far I have been very impressed with the company and our solutions.
So here is my second enablement video with Cohesity content where I provide a basic overview of an initial configuration of a Cohesity environment (version 6.1.1).
As of October 30th, 2019, I started a new professional journey as a pre-sales Sr systems engineer with Cohesity. After six years working for VMware doing the same thing, I decided I needed a change. So far I have been very impressed with the company and our solutions.
So in true fashion, I have learned enough to be dangerous and have created my first set of enablement videos with Cohesity content. Check out my first official video I created with Cohesity where I provide an overview of the Cohesity (UI) User Interface (version 6.1.1).
VMware’s annual VMworld US conference is upon us again starting August 24th, 2019 in San Francisco, CA! For those of you technical individuals that have attended previous years, you most likely know about the main attraction at the conference. The main attraction at the conference every year is the (HOL) Hands On Labs!
Our Hands-on Labs demonstrate the real value of VMware solutions in real time. As a VMworld attendee, you’ll gain special access to our latest technologies and explore a wide range of today’s most exciting topics. You can use a VMware-provided machine or your own device; either way, product experts will be available to provide one-on-one guidance. Hands-on Labs will be located in Moscone West, Level 3.
I have been a part of the Hands On Labs staff for the last six years and it has been an incredible ride! It has been hard work, but has been the most rewarding experience in my IT career. I started out as a proctor the first few years, then became a lab captain and have been one for three years now.
As a lab captain, we take what features/capabilities our content leads want to showcase in the lab, then we put it all together. We figure out what VMware solutions we need in the lab environment and what use cases, features, etc. to show. Then it all comes together into the lab manual that we build from scratch. The development cycle for us takes months of work, but again it is very satisfying!
This year I am the captain of the “HOL-2001-01: What’s New in vRealize Operations 7.5” lab. So if you are interested in learning about what’s new in vRealize Operations 7.5, take my lab and let me know how I did. Feedback is always greatly appreciated! We create these for you and want you to get the best experience out of them, so feedback is important to us and we act on all your feedback.
Hands On Labs – VMworld 2019 Information:
At this years conference, attendees will have a variety of options in the Hands On Labs. Below are the optional experiences that we will have to offer. I have also provided tips for each one of the below options to enhance your experience and maybe walk away with a cool prize or two!
Self-Passed Labs: This is our popular service where you can interact with the latest VMware products at your own pace at a traditional workstation. Many product experts are in the room ready to assist. These flexible labs have 15- to 60-minute consumable modules that you can take incrementally throughout the week at VMworld. You can complete an entire lightning lab in just 30 minutes. Self-paced labs are delivered on a first-come, first-served basis and do not need to be scheduled in advance.
Self-Passed Tip: Make sure you complete the survey after you finish taking a lab. That is how we continually improve the customer experience. Not to mention, for every so many surveys taken (e.g. 100), we give away cool prizes (Echo Dot, wireless headsets, etc.)
(ELW) Expert-Led Workshop: These sessions are presented by the VMware product experts who develop lab content, creating an engaging, instructional environment. Workshops require advance sign-up through the VMworld US Content Catalog, now available online. Join us to get your questions answered and discuss solutions in a group setting.
ELW TIP: Even if the ELW is full, get there early and get on the waiting list. Many attendees register for the ELW and don’t show up, so there is still a good chance you can get into one!
Lab Tour: These 30-minute tours provide a behind-the-scenes peek at what it takes to run our labs. The tour covers both business and technical topics focused on VMware products and solutions. You will meet lab creators and engineers running our multiple clouds.
TOUR TIP: At this point, many of the tours are already booked up. But we sometimes add additional tours as needed, so keep checking for availability!
(NEW!) VMware Odyssey: We are taking Hands-on Labs to the next level by adding gamification elements to the labs you know and love. Cheer your favorite team as they showcase their expertise across the VMware portfolio and compete to be the grand prize winner. Visit VMware Odyssey™ in Moscone West, Level 3 to learn more and enter for a chance to win prizes.
Odyssey TIP: The teams have already been selected, but come and support the teams anyway. They are giving away some prizes to viewers as well!
IMPORTANT TIP:
There is one final tip I would like to share with you, especially for those who are unable to attend the conference. In case you didn’t know, there is a “public-facing” Hands on Lab environment (https://labs.hol.vmware.com) that you can access from anywhere at any time.
Prior to the VMworld conference, you can access last years content which will have the versions of our solutions at that time. Within a month or so after the conference, we will start to release the brand new labs with the “most recent” versions of the labs to the public-facing HOL site. They get released little by little, so if you don’t see the one your looking for, keep checking back.
The first two digits of the lab numbers are the fiscal year they were developed for. So last years lab which you will see on the public site today start with “19**-00”. The new labs that will be showcased for this year start with “20**-**”. So that is how you can tell which labs are this years as they slowly get released to the public site.
Hopefully this post was helpful in providing you some basic information on what the Hands On Labs are, the benefits, what’s available this year, and helpful tips for attendees.
If you are attending the conference this year, take in all the information that is available to you in the sessions, take some of our labs, but most of all have some fun while you are there!
In April of 2019, we released vRealize Operations 7.5. There have been significant enhancements and new capabilities that have been added to the solution. If you are currently running a previous version, I highly recommend updating to version 7.5 to take advantage of them!
With that in mind, I have collected numerous links to the VMware product page, VMware documents page, as well as to VMware blog posts related to what’s new in vRealize Operations 7.5.
The below links will provide you with a solid base knowledge on what’s new in vRealize Operations 7.5.
I currently work for VMware in which anyone that works in the IT field is familiar with and has potentially worked with one or more of our solutions during their career. I am going on six years with the company and have worked as a field pre-sales engineer for the last two plus years. Just in these last two years of talking to my customers, I have seen the growth in companies moving some of their workloads to the cloud. Not only that, they aren’t using a single cloud provider, but multiple clouds.
The realistic aspect of moving applications to the cloud is that not all applications are equal. I have found that some applications can be moved to the cloud, but others are better off staying in your private cloud for cost and other reasons. Some customers have the hopes of “getting out of the datacenter business and going 100% to the cloud“. This is not a reality for 99% of companies. I have heard this several times, but in reality, it is typically too costly and in many cases not technically feasible do to the numerous legacy goliath applications that won’t run in the cloud.
More and more I see where most companies have a multi-cloud approach to moving their workloads. If they currently don’t have this strategy, they are definitely looking at it! This is the trend I see every day and all the news articles, blogs, and posts reflect this as well. This is a very smart business move for the fact that each cloud provider offers different features, capabilities and cost benefits. One workload may run better and cheaper in a specific cloud that it would in another. So the approach to putting certain workloads in certain clouds is actually a very smart and beneficial move. However, this can be a little cumbersome for your IT folks since each provider has their own administrative interfaces you have to learn to use. It can create increased cost for training and workload for the learning curve for your IT personnel.
Because of this multi-cloud trend, VMware is investing continuously by acquiring companies that further our multi-cloud solution strategy and portfolio. This is evident in our most recent intent to acquire AVI Networks who is a leader in multi-cloud application delivery services. This is an important step forward in VMware’s networking and cloud strategies as we extend the application services we offer that help customers operate in a multi-cloud world. Another recent acquisition in May of 2019 is Bitnami, which offers a suite of products and projects that accelerate the delivery of applications to multiple clouds including Kubernetes environments. Today, Bitnami delivers and maintains a catalog of 130+ ready-to-run server applications and development environments in partnership with the world’s leading cloud providers. There have been other acquisitions to expand and advance VMware’s multi-cloud strategy, these were just the ones from recent months. Others include the acquisitions of CloudHealth, Wavefront, VeloCloud, etc. Let’s not forget they also continue to partner with the major providers in endeavors such as our Enterprise PKS solution which is a partnership with Google Cloud to provide an enterprise class Kubernetes solution.
For a detailed list of VMware’s acquisitions, refer to here.
As you can see, multi-cloud is not just a passing phase of IT, it is real! So much so that VMware is acquiring multi-cloud focused companies to advance our multi-cloud strategy. We can see this is well with all of our continued partnerships with the major cloud providers such as AWS, Microsoft Azure, IBM Cloud, and Google Cloud Platform. We started out by announcing our partnership with AWS with our VMware Cloud on AWS (VMC on AWS) solution. This solution is wonderful because it gives you a true Hybrid Cloud environment. VMC on AWS is running our VMware stack of vSphere, (vSAN) Virtual SAN, and NSX on AWS hardware servers. The three solutions combined are also another offering called VMware Cloud Foundation. It is the three solutions, but also adds the SDDC Manager which manages the bring-up of the Cloud Foundation system, creates and manages workload domains, and performs lifecycle management to ensure the software components remain up-to-to date. SDDC Manager also monitors the logical and physical resources of Cloud Foundation.
This means you are running the same vSphere stack in AWS as you are in your on-premise private cloud. So your virtual administrators using the exact same management tools that they are currently using in their private cloud as they do to manage VMC onAWS resources. The vCenter server in the VMC on AWS instance shows up in your on-premise vCenter Server Web Client as just another vCenter server in enhanced linked mode. There is a huge advantage to this of no new tools, skills, or training that have to be used or learned for administrators saving the company time and money! And best of all, since it is all a vSphere infrastructure, this allows you to do live migrations of (VM) virtual machines to and from your private cloud to the VMC on AWS instance. Now that is impressive, think of the implications of being able to do that for (DR) Disaster Recovery, etc. Because of VMC on AWS running completely on the vSphere stack, it allows us to have a true Hybrid Cloud ability and experience.
VMware has also joined in partnership with the other major cloud providers such as Microsoft Azure, IBM Softlayer, Google Cloud, and have nearly 4,000 VSPP cloud providers. The (VSPP) VMware Solution Provider Program is comprised of VMware software-as-a-service offerings and our global ecosystem of VMware Service Provider Partners. It is the ideal solution for all companies that offer hosted services to third parties, including infrastructure as a service (IaaS) providers, cloud service providers (CSPs), application service providers (ASPs), Internet service providers (ISPs) and platform as a service (PaaS) providers.
So as you see, VMware has made huge bets by acquiring numerous cloud focused companies to advance our cloud strategy. In my humble opinion, the multi-cloud strategy is hear to stay and will only get more interesting as the years go by!
If you are looking for some great resources to VMware documentation, then you should check out my co-worker Nick Lorte’s blog titled “The Extensive Guide to Using VMware Documentation Like a Pro“!
Nick is a VMware field Solutions Engineer like myself and also has a large social media presence. I highly recommend that you bookmark his blog site! Many of the links in this post I also have listed in my “Useful Links” section of my site. However, his post is a nice condensed list of reference links that I know you will find useful.
What’s New With vRealize Automation 7.5 (On-Demand Webinar)
On September 20th, 2018, VMware released vRealize Automation version 7.5. VMware vRealize Automation is a cloud automation tool that accelerates the delivery of IT services through automation and pre-defined policies, providing high level of agility and flexibility for developers, while enabling IT teams to maintain frictionless governance and control.
What vRealize Automation Delivers:
Agility through cloud automation Orchestration – Accelerate the end-to-end delivery and management of infrastructure and applications.
Governance through frictionless governess policies – Ensure that users receive the right-size resources or applications from the right cloud at the appropriate service level for the jobs they need to perform.
Choice through flexibility – Provision and manage multi-vendor, multi-cloud infrastructure, and stateful / stateless applications by leveraging new and existing infrastructure, tools, and processes.
Cost savings through efficiency – Reduce operational cost by replacing time-consuming, manual processes and gain additional cost savings through automated reclamation of inactive resources.
If you are looking to learn what’s new in vRealize Automation 7.5, you can check out the on-demand webinar at the link below.
To clarify whether products are announced or released, please read the following statement from this press release:“VMware vSphere Platinum Edition, VMware vSphere 6.7 Update 1, VMware vSAN 6.7 Update 1, VMware vRealize Suite 2018, VMware vRealize Operations 7.0, VMware vRealize Automation 7.5, and vRealize Network Insight 3.9 are expected to become available by the end of VMware’s Q3 FY19 (November 2, 2018).”
This is a new edition of vSphere, adding in AppDefense to go along with all current capabilities in the Enterprise Plus license. Also included in this edition is a vCenter plug-in that tightly integrates AppDefense and vCenter Services for ease of administration and enhanced visibility for vSphere administrators.
Simplified operations and better support resolution
Driver and firmware updates using VUM
Better VROPS integration
TRIM/UNMAP support
Enhanced stretch cluster flexibility
vRealize Suite 2018 –The announcement of vRealize Suite 2018 is aimed at helping IT deliver developer- ready infrastructure, with batch of enhancements to our already-existing platforms.
Global Availability – In addition to being included in VMware Premier Support Services contracts, Skyline is now available to Production Support customers.
Skyline Advisor – Skyline Advisor provides a self-service portal for customers to access real-time dashboards, proactive recommendations from VMware’s library of knowledge, and suggested upgrades to prevent potential issues.
Skyline Log Assist – Skyline Assist, available before the end of the year, automatically uploads desired log files to VMware Technical Support once an issue is identified to help resolve support requests more quickly.
Additional Product Support – Support for VMware vSAN
Project Magna will make possible a self-driving data center based on machine learning. It is focused on applying reinforcement learning to a data center environment to drive greater performance and efficiencies.
VMware demonstrated ESXi on 64-bit ARM running on a windmill farm at the Edge. VMware sees an opportunity to work with selected embedded OEMs to scope and explore opportunities for focused, ARM-enabled offering at the edge.
VMware demonstrated a highly scalable, energy-efficient decentralized trust infrastructure for digital consensus and smart contract execution. Project Concord may be used to power distributed trust infrastructures, including blockchains. It is available immediately as an open source project.
SAAS Support: Customers will be able to consume Pulse IoT Center as an on premise or SaaS solution depending on their needs. SaaS services will be hosted by VMware and VCPP partners.
Low-touch Secure Enrollment: Minimal touch enrollment and configuration capabilities will be supported for select gateways.
Deeper Edge System Management: Ability to perform Gateway configuration through the action framework (sshd, turn on/off port, IP address table, etc.) as well as provide complete firmware and BIOS updates for selected gateways.
Richer Alerts and Notifications Capabilities: Alerts can now be set for individual managed object or a group of managed objects. Notifications for alerts can be received via email or SMS integration, and through an API into a third-party system.
Enhanced Over-the-air (OTA) Updates: Customers now have more granular control over OTA scheduling, activation, progress status, package type and failure handling
More Extensibility: RESTful APIs will be available for all functionalities for customer and partner integration, improving extensibility.
Additional Security Features: Customers will be able to leverage role-based user access and multi- tenancy restrict access for different organizations and use cases.
VMware Cloud Services:
VMware Cloud Operations Services – The initial availability of VMware Automation Services (formerly known as Project Tango) was announced to help tackle the challenge of managing and deploying workloads in multi-cloud environments. There is an excellent blog that was published on this pagethat delivers a high- level overview of the initial three components:
VMware Cloud Assembly: With Cloud Assembly, IT and cloud operations teams can orchestrate and expedite infrastructure and application delivery in line with DevOps principles, improving the overall developer experience, developers get an experience equivalent to provisioning resources from native public clouds.
VMware Service Broker: Service Broker provides simple, self-service access to multi-cloud infrastructure and application resources from a single catalog, without requiring disparate tools. With Service Broker, operations teams can more effectively govern resource access, and use and enforce security, deployment and business policies across multi-cloud environments.
VMware Code Stream: Code Stream automates the code and application release process with a comprehensive set of capabilities for application deployment, testing, and troubleshooting.
This is a key acquisition that will bolster VMware’s multi-cloud management capabilities as we enter a time when that concept becomes more and more of a core operating requirement in enterprises. This platform delivers benefits to VMware customers in terms of public cloud cost management, resource optimization, granular visibility and reporting.
This release includes scalability and security enhancements, serverless instrumentation capabilities (AWS Lambda SDK and Delta Counters), and deeper integration with AWS services, and VMware Pivotal Container Services (PKS).
A VMware technology preview that will extend the VMware Cloud to the data center, branch offices and the edge. Project Dimension will combine VMware Cloud Foundation, in a hyperconverged form factor, with VMware Cloud managed service to deliver an SDDC infrastructure as an end-to-end service, operated by VMware. Project Dimension will dramatically simplify operational complexity and cost and offers built-in security and isolation, allowing customers to focus on innovating and differentiating their businesses.
VMware Cloud on AWS:
Expanding Global Reach– VMware Cloud (VMC) on AWS will growing to Asia Pacific, Canada, Europe and China in 2019 and has new enterprise capabilities.
VMC on AWS is now available in five regions worldwide.
US West (Oregon)
US East (N. Virginia)
Europe (London)
Europe (Frankfurt)
Asia (Sydney)
Advanced NSX – full integration with AWS Direct Connect, extension of micro-segmentation to individual VMs for follow-me security policies
Amazon Elastic Block Storage (EBS) integration
New minimum SDDC configuration – lowered to three nodes
50% lower cost of entry pricing – now get three hosts for the price of two
Vendor license optimizations – new features for vendor license compliance
Amazon Web Services’ RDS service will soon be able to run on VMware in a private data center or in a public cloud, thus offering developers a familiar RDS functionality available to them.
Industry standard Center for Internet Security (CIS) policy templates
Over-the-Air configuration of Group Policies
GPO coverage beyond limited native MDM policies
Workspace ONE Sensors – a capability that allows admins to query using PowerShell scripts any asset attribute such as system information, custom hardware inventory, registry and app data and even custom WMI data, and perform actions to remediate the endpoint to a desired state.
MacOS and iOS management enhancements
Android and ChromeOS management enhancements
Peripherals and rugged device management enhancements
Here’s a helpful script to Export VMware Licensing From vCenter Server, which I wrote this back a bit ago and many of my VMware peers have found quite useful in the field. I finally got asked…Read More
Check out the newest release of vRealize Log Insight 4.6! This release includes new features for the Log Insight server and agent, resulting in improvements in scalability, usability, and user access management. Improved Scalability Log Insight is now more scalable and supports up to 15 vCenters per node. It also supports sending SYSLOG over UPD. The post vRealize Log Insight 4.6 – April 2018 New Release appeared first on VMware Cloud Management .
This video demonstrates how the “Site Recovery” add-on feature in VMware Cloud on AWS enables us to overcome the “complexities” or relocating workloads between/among datacenters, and satisfy the dependencies requirement. Site Recovery enables us to migrate workloads and to also protect and recover from disaster events impacting one datacenter, and restore services and functionalities at the designated DR site. In our demonstration, our SDDC is the target DR site.
Empowering employees by providing them with access to the apps they need—when and where they need them—is key to a company’s digital transformation success. However, as the number of apps, endpoints, and networks accessing company data grows, so does the risk of cyberattacks to a company’s expanding security perimeter. All too often, organizations respond to […] The post VMware Acquires E8 Security: Leveraging Behavior Analytics to Secure the Digital Workspace appeared first on VMware…Read More
Making Clouds Invisible – Usability and Time to Value (TTV) Take a Front seat Fasten your seatbelt – What’s New in vRealize Automation 7.4 Hybrid cloud is a reality that imposes the need to be app-aware, self-driving and fully automated. The advent of containers, PaaS, and FaaS frameworks are driving faster, scalable and portable application development. Infrastructure and The post What’s New in vRealize Automation 7.4 appeared first on VMware Cloud Management .
VMware vRealize Operation 6.7: Self Driving Operations for the Data Center Today, VMware announced the upcoming release of vRealize Operations 6.7, introducing several new and enhanced performance and capacity optimization capabilities to help customers adopt a ‘self-driving’ approach to operations management. This upcoming release of vRealize Operations will deliver continuous performance optimization based on operational The post Self-driving Operations: See What’s New in vRealize…Read More
 - Week Recap (1)/Image_001.png){kind=small}
