Protecting Workloads with Global Network Backing Using Site Recovery Manager

Many thanks to Dimitri Desmidt from VMware, NSBU for providing the Design details of Multi-Location and Federation.

Preface

Starting NSX-T version 3.0.2 workloads with NSX-T global network backing (L2 stretched segment) can be protected and recovered using Site Recovery Manager (SRM). More details on Multi-Locations with Federation are available here.

Note: This post does not contain the installation and configuration details of NSX-T federation, vSphere Replication and Site Recovery Manager. Hence, it is necessary to meet the following pre-requisite to achieve the goal of protecting workloads with global segments using SRM.

Pre-requisite

• Understanding of NSX-T Federation and its configuration is necessary.
• Understanding the installation and configuration of vSphere Replication and Site Recovery Manager (SRM) is necessary.

Limitations

SRM is not currently supported with Federation with VM Tags, Segment Ports, or Segment Ports Tags. As mentioned in the Design Guide for Multi-Locations here:

• Currently recovered VMs via SRM does not recover their NSX VM Tags.
• Recovered VMs will receive new Segment Ports on the new LM.
• If the Federation Security is based on VM Tags, Segment Ports or Segment Ports Tags then the recovered compute VMs in another location (London in our example here) do not have their Continue reading

Navigating Supply-Chain Vulnerabilities with a Zero-Trust Architecture

In light of the SolarWinds breach, we want to help our customers who may have questions on how a Zero Trust Architecture can act as an effective approach to limit the impact of such attacks. VMware has been steadfastly monitoring the evolving situation as we learn more about the supply chain compromise.  

The SolarWinds Compromise 

At this point, the consensus is that organizations with a SolarWinds product that downloaded the SolarWinds-Core-v2019.4.5220-Hotfix5.msp update package should consider themselves breached and start an investigation. In addition, given the extent of the breach, every organization that uses SolarWinds products should be on alert for the possibility of an intrusion.   

Note that the update package was signed on March 24, 2020, which means that the victims of this attacks might have been compromised in late March or early April 2020. Once the attackers successfully compromised the SolarWinds Orion hosts, they may have moved laterally to the hosts monitored by the tool, and possibly beyond those hosts by using additional credentials collected in the exploitation process. Some actions to be taken in order to address this breach are provided by DHS CISA’s Continue reading

Declare Your Application State with Tanzu Service Mesh

YES! You can declare your application resiliency state and keep it like that with a combination of Kubernetes and the new application resiliency capabilities in Tanzu Service Mesh.

First things first: what is Tanzu Service Mesh?

Tanzu Service Mesh allows you to create and isolate a logical structure in a Kubernetes cluster, or across different clusters, to achieve an application layer 7 networking and security fabric that you can add values on top of. Just by connecting the dots, we get service discovery, observability, security, and encrypted connectivity for all objects in that global namespace structure. More about TSM global namespaces in excellent blogs here and here.

In this blog, I focus on a new feature that (in my opinion) is a real game-changer for the way we operate and manage application resiliency. As background, I used to work on the customer side for most of my technical career, in operations and infrastructure roles, and the thing I was mostly concerned with was the application and user experience. We had multiple application monitoring solutions that continuously tested user experience via methods such as synthetic transactions (not real user ones) or tap the transaction to get the live experience. Once we Continue reading

Phorpiex-Powered BitRansomware Targets APAC Universities

By: Jason Zhang, Stefano Ortolani – VMware Threat Analysis Unit

BitRansomware (also known as DCryptSoft or Readme) is a — you guessed it — ransomware program that first surfaced in July 2020. Initially targeting English-speaking users¹ this threat actor recently expanded its attack to the APAC region, focusing in particular on universities in Japan and Hong Kong.

The BitRansomware malware encrypts victims’ files and then appends the suffix .ReadMe to each filename. Like the Nemty ransomware attack we reported on earlier this year², the BitRansomware attack was delivered via a massive email campaign carried out again by the Phorpiex botnet^3,4. The malspam campaign distributed a swarm of ZIP archive files containing ransomware downloaders in malicious executables.

In this blog post, we detail some of VMware NSX’s telemetry around the magnitude of the BitRansomware campaign, and we then provide a brief overview of the most distinctive aspects of the attack.

The Spam Campaign

The chart below shows the detection timeline of the campaign as it affected some of our customers in the APAC region. As we can see, the campaign started on November 3, and peaked at over 28,000 email instances on November 4 before Continue reading

Adapt Business Agility with Modern Load Balancing

It’s no secret that enterprises are rapidly automating the modern network across compute, storage, and network environments. What you may not know is that load balancing is being left behind. Traditional legacy architectures were conceived decades ago and were not designed with the needs of the modern enterprise in mind. They are simply not scalable, agile, or flexible enough. As a result, enterprises have had to overprovision their load balancers — whether physical or virtual — resulting in complexity and waste.

We all know that waste and complexity are the enemy of the modern enterprise, and, thankfully, the cloud offers a solution. Cloud-native load balancers provide automation and elasticity, but they do not come with a rich feature set or provide consistency between on-premises and cloud environments. It’s a tricky trade off that prevents enterprises from truly achieving their digital transformation goals.

But don’t fret. There is a viable solution. VMware NSX Advanced Load Balancer (ALB) gives enterprises the best of both worlds — an adaptable, flexible, and scalable load balancer that combines the simplicity of the public cloud with the rich features inherent in an enterprise-grade solution. Check out Ashish Shah’s VMworld breakout session on the need for a Continue reading

Operationalizing Advanced East-West Security at Scale in the Datacenter

East-west security is the new battleground for keeping enterprises safe from malicious actors. As we all know, perimeters will be breached. That’s a given. The massive scale of data center infrastructure makes it too easy for bad actors to find a vulnerable, unpatched server, penetrate it, and hide out — often for months and years — stealing your information, monitoring your communications, and causing disruptions.

According to Ambika Kapur, vice president of product marketing for VMware’s networking and security business unit, it’s imperative that enterprises come to the realization that bad actors will get into the network — and focus more on blocking their lateral movement once they make that initial breach. She spent years in the firewalling space at Cisco and learned how vulnerable perimeter security can be. Now, at VMware, Kapur is helping to lead the effort to make east-west security a viable option through a software-based approach that is scalable and cost-efficient.

Check out Kapur’s VMworld breakout session on operationalizing east-west security at scale to learn exactly how we are able to stop the lateral spread of threats and ultimately harden enterprise security:

Rather than hairpinning traffic to a dedicated physical appliance, VMware breaks up the firewall Continue reading

Explore VMware’s Virtual Cloud Network Vision with Tom Gillis

The past year has been filled with challenges. It’s been difficult to adapt to the new realities of how we work, how users access applications, and how we build out and scale our network infrastructures. But challenges lead to opportunities. In his Virtual Cloud Network keynote at VMworld 2020, Tom Gillis, general manager of the networking and security business unit at VMware, urged participants to rethink how they operate and then come up with new processes and approaches that will help them move faster into the future.

In his presentation, Gillis describes how forward-thinking companies are able to:

1. Take the corporate network and stretch it into remote users’ living rooms,
2. Deliver public cloud experiences to on-premises data centers, and
3. Bridge the virtual and physical worlds in a true hybrid cloud environment with consistent policy and management enforcement.

With these capabilities (and there are VMware customers doing this today!), organizations can deploy a completed workload to any user across any infrastructure, including all the necessary networking and security bells and whistles, with a single click.

VMware enables this new approach via its Virtual Cloud Networking (VCN) portfolio. Whether through our SD-WAN technology delivering a LAN-like experience to distributed users, or Continue reading

NSX-T Data Center Migration Coordinator – Modular Migration

NSX-T 3.1

For a point release, VMware NSX-T 3.1 is packed with a bunch of major features. One of these is modular migration, which is making its debut with this release. Customers had asked for an automated way to migrate just firewall rules and groups; modular migration, a new feature of Migration Coordinator, addresses exactly that request. 

What’s Migration Coordinator?  

Taking a step back, Migration Coordinator is a tool that was introduced almost 18 months ago, with NSX-T 2.4, to enable customers to migrate from NSX for vSphere to NSX-T Data Center. It’s a free tool built into NSX-T Data Center that enables customers to migrate everything — from edges, to compute, to workloads — in an automated fashion and with a workflow that is similar to an in-place upgrade on existing hardware. This model of migration is called “in-place.” 

From a resource perspective, in-place migration only needs enough resources to host NSX-T manager appliances and edges along with enough capacity per cluster to be Continue reading

Securing Modern Applications

Modern applications are changing enterprise security. Apps today are comprised of dozens, or even hundreds, of microservices. They can be spun up and down in real time and may span multiple clouds (on–premises, private cloud, and public cloud). Traditional security stacks just aren’t suited to protecting these applications consistently.  

To effectively secure modern apps, we start by identifying unique application assets across clouds—such as users, services, and data. We then continuously evaluate their risk and automatically make authorization decisions to adjust our application security and compliance posture based on asset identity—regardless of where they are or where they have moved.  

Security professionals can learn how to use VMware network and security solutions to secure modern applications in the following VMworld sessions: 

Security Policies for Modern Applications: An Evolution from Micro-segmentation (ISCS2240) 

Enterprises are embracing cloud native transformation and modernizing traditional applications, from monolithic to microservices architectures. As applications transform and span multiple clouds (on–premises, private cloud, and public cloud), it’s essential to Continue reading

VMware is Not New to Enterprise Security

By: Keith Luck

None of us can stop thinking about how 2020 has changed the way we go about our daily tasks. Going to school, going to the store, going out to eat — going anywhere at all. But now, for the first time, we are not even going to work! Everyone has been pushed to work from home. This change has a wide-ranging set of variables that need to be addressed, from the business limits on resources for connectivity to the employee’s limits on remote resources of space, privacy, and uninterrupted concentration. 

The overnight reliance on remote, personal, shared services for connectivity from the worker to the corporation has forever put an end to the idea of a security perimeter. Zero Trust Architecture (ZTA) has moved from being an academic discussion to a persistent customer requests for solutions. This shift is furthered by the timely release of the US National Institute of Standards and Technology’s NIST Special Publication 800-207 ZTA Guide. At the same time, we now see numerous security industry vendors claiming their products will provide Zero Trust. 

Naturally, many VMware customers want Continue reading

Advanced Threat Intelligence Begins with Network Visibility

The current reality has pushed users, applications, and data to the edge of the network —where traditional perimeter security solutions have historically fallen short. Threat actors know this, of course, and have spent the past nine months targeting the weakest link in the security stack: the user. 

Email and web browsing continue to be popular attack vectors. Security vendors have beefed up web and email security, but issues with legacy architectures are letting some attacks slip through. Information and context derived from advanced threat intelligence remain the most powerful weapons in a security team’s arsenal. Advanced technologies such as artificial intelligence and machine learning can help scan, detect, and warn at scale, but they’re not bulletproof. Increasingly sophisticated threat actors, powered by AI and ML, are finding ways to evade threat detection.

Security professionals interested in learning more about the current state of advanced threat inspection, threat intelligence, and the emerging technologies that power these capabilities should check out the following sessions: 

The Promise and Peril of AI for Cybersecurity (ISNS2794) 

Artificial intelligence and machine learning are powerful, indeed essential, components of security  Continue reading

Encrypted VelvetSweatshop Password Still a Threat to Excel Files

Office documents, such as Word and Excel files, can be password-protected using a symmetric key encryption mechanism involving one password which is the key to both encrypt and decrypt a file. Malware writers use this key as an additional evasion technique to hide malicious code from anti-virus (AV) scanning engines. The problem is that encrypting a file introduces the disadvantage of requiring a potential victim to enter a password (which is normally included in the phishing or spam email containing the encrypted attachment). This makes the email and the attachment very suspicious, thus greatly reducing the chance that the intended victim will open the encrypted malicious attachment.

The good news (for the attackers) is that Microsoft Excel can automatically decrypt a given encrypted spreadsheet without asking for a password if the password for encryption happens to be VelvetSweatshop. This is a default key stored in Microsoft Excel program code for decryption. It’s a neat trick that attackers can leverage to encrypt malicious Excel files in order to evade static-analysis-based detection systems, while eliminating the need for a potential victim to enter a password.

The embedded VelvetSweatshop key in Excel is not a secret. It has been widely reported for many Continue reading

Threat Intelligence Report: Targeted Snake Ransomware

To learn more, read our Targeted Snake Ransomware Report.

The post Threat Intelligence Report: Targeted Snake Ransomware appeared first on Network and Security Virtualization.

Network, It’s Time to Modernize!

The network is a critical component of any IT environment. When it works, it’s “normal” and few notice it. But the smallest glitch can have devastating business impacts.  For over a decade, networking has been adapting to become more programmable, closer to applications, and easier to use. At the same, the number of devices increased drastically while and applications exponentially. More than ever, there is a need to adapt the network to the new paradigm of multi-cloud environments, and to make it on-demand, easy to use, and simple. The network should be transparent to applications and users, yet allow the most complex environments to communicate reliably.

Let’s dig into the three pillars of a Modern Network framework.

Modern App Connectivity Services

User experience is paramount in today’s world. Applications and data are increasingly distributed across multiple on-premises data centers and public, private, and multi-cloud environments. At the same time, users and devices (including IoT) are spreading out from a centralized corporate headquarters to branch offices, remote worksites, and, increasingly, home offices. This new reality means that, more and more, machines are talking to machines and applications are talking to applications, creating network complexity that can only be mitigated by Continue reading

Achieve Multi-Cloud Application Scalability for Modern Apps

The Case for Self-Healing Networks

Digital transformation has changed the way applications are deployed and consumed. The end-user to application journey has become increasingly complex and is a key objective for the Modern Network.  End-users are more distributed, and applications run on heterogenous infrastructure often delivered from on-prem data centers, IaaS, SaaS, and public cloud locations.  On average, enterprises use hundreds of applications.  The number of end-user and IoT devices have also increased exponentially. They include infusion pumps in hospitals to Point of Sale systems in retail.  These devices access applications from manufacturing floor, carpeted offices, homes or while users are on the move. As more devices and applications are enabled, the network increases in both complexity and value to the enterprise.

What has become increasingly clear is the need for advanced self-healing solutions that compensate for this complexity by helping IT teams shift to a proactive mode of operating a network.  Several tools exist that provide domain or service-specific insights, but it is left to the IT teams to make sense of the volumes of data generated by these fragmented solutions to detect issues and perform root cause analysis.  The dynamic nature of the network, device density, and the volume of data and Continue reading

Fault Tolerant Network Design for Application High Availability

Enterprises are growing increasingly dependent on modern distributed applications to innovate and respond quickly to new market challenges.  As applications grow in significance, the end-user experience of the application has become a key differentiator for most businesses.  Understanding what kind of application performance the end-users experience, optimizing the infrastructure, and quickly identifying the source of any issues has become extremely critical.

The Modern Network framework puts the end-user experience at the forefront.  It helps our customers provide the public cloud experience on-premise with an on-demand network that enforces secure connectivity and service objectives across on-premise and cloud environments.  As applications become more distributed, the increased application resiliency and efficiency often comes at the cost of increased contention for shared resources.  The dynamic nature of the network, device density, and the volume of data and transactions generated makes this even more challenging. Managing network complexity and simplifying network operations in such environments requires a well architected network with support for modern cloud concepts such as availability zones that provide fault tolerance.  Similarly, effective network-level fault isolation requires the ability to create self-contained fault domains that facilitate network resiliency, disaster recovery and avoidance, and end-to-end root cause(s) analysis throughout the Continue reading

Network Automation Can Relieve Network Engineers Stretched Thin by Covid-19

The network has never been more vulnerable. Covid-19 has flung users out from the data center to home offices—where they are accessing critical systems, applications, and other users from unsecured devices and WiFi connections. As a result, it’s all hands on deck for IT, with network engineers deputized as IT support staff in a mad rush to give remote users fast and reliable, yet secure, access to the tools and information they need.

But what of the regular duties of these engineers? They are being pushed back in favor of new priorities—stretching network engineering resources, already spread thin, to the breaking point.

Enter network automation. VMware NSX-T allows organizations to automate and simplify operations in the age of Covid. Tasks that were once performed manually through the UI or CLI can now be automated with the NSX API—creating the foundation for dynamic, flexible and responsive network architectures that can support a world where users, devices, applications and data connect across private, public and hybrid cloud environments.  

Networking professionals who want to learn more about how to automate operations should check out the following on-demand sessions from VMworld: 

NSX-T Network Automation: What To Do When You Have Continue reading

Mark Your Calendars – The Modern Network for a Future Ready Business

Applications are going through a major transformation – they are becoming more dynamic, complex, and distributed.  They are often built on cloud-native principles and run on-premises and in the cloud.  As we speak with our customers and industry analysts, we consistently hear about the need to rethink how the network supports this transformation and why it is so important for the business.

VMware is hosting a global online event – The Modern Network for a Future Ready Business.  VMware executives will join industry analysts, customers, and partners to create an event that will be memorable and worthwhile, whether you are a business leader, an architect, a developer, or part of enterprise IT.

In this virtual event, we will take a look at the traditional networking model, carefully identify its shortcomings when it comes to servicing the application and the end user and make the case for a new framework – the Modern Network.  Traditional networking takes a bottom up approach – focusing on connecting boxes in the campus, branch and data center with little attention paid to the apps running on top of the infrastructure. In contrast, the Modern Network keeps the end user application experience front Continue reading

COVID-19 Cyberthreat and Malware Updates

It has been over three months since our last report on COVID-19–themed attacks [1]. During this period, the tragedy of the COVID-19 pandemic has continued to dominate our daily livesfe. On the digital virus side, sSince our lastthat report [1, ] we’ have been closely tracking the cyberthreat landscape that leveraging leverages the COVID-19 themes. In the last report, we discovered that the majority of the attacks were involved infostealers. The oIn observations made from over the past two months,  witnessed similar infostealers1 as reported in [ again played a key role1]. HoweverIn the meanwhile, we also detected other threats not that we hadn’t seen earlier, such as the Emotet campaign and remote access Trojan (RAT) attacks.  

In this blog post, we first present the our most recent telemetry data, as reported by some VMware customers,, in order to exhibit highlight the diversity and magnitude of the attacks. Next, we investigate the Emotet campaign, as it is the most dominant wave seen in this period. More specifically, we analyze one of the samples from the campaign to reveal the tactics, techniques, and procedures (TTPs) used in the attack, and discuss how the Emotet payload variant is different from the one we reported recently [2].2 

The post COVID-19 Cyberthreat and Malware Updates appeared first on Network and Security Virtualization.