Security criteria, the environment is connected back into production. Once VMs and data have explicitly satisfied all Later, SDDCs can be destroyed and recreated again as needed because Risk of compromise because they are immutable, and the IRE is actually accessing Even when the candidate recovery points (VMDKs)Īre accessible in the IRE, the original stored blocks in the SCFS are not at Recovery points can then be staged in these SDDCs for security These SDDCs are not only cost efficient, but also maintains the integrity of the on-premises production systems, preserving evidence for forensics. (A VMware Cloud DR pilot light environment can be isolated as well). VMware Cloud SDDCs are perfect for this purpose clean clusters can be created on-demand and isolated from the rest of the world. Recovery points must be initially staged in an IRE from which ransomware cannot
#2: Instantiating Isolated Recovery Environments (IREs)ĭuring the recovery process, all recovery points areĬonsidered infected/affected by ransomware until proven otherwise. A second perimeter of defense that protects the DR solution and repository is better than having a single set of credentials for production and DR environments.
Whereas on-premises production credentials are usually managed by the customer’s corporate AD or LDAP. VMware Cloud DR credentials are managed by VMware Cloud Services Platform (CSP). Ransomware cannot gain access to the VMware Cloud DR management domain simply by compromising the customer’s production management domain. Therefore, authentication, authorization, and role-based access controls are different from the customer’s production environment. (Again, see Sazzala’s blog which explains this more.) In addition, VMware Cloud DR’s replication transfer protocol is proprietary so ransomware cannot use common insecure network protocols (such as file shares) to ever access the recovery points in the first place.Īt the solution level, VMware Cloud DR itself is a SaaS service, fully operated and managed by VMware, with a different management domain than the customer’s production environment. Ransomware is unable to encrypt those existing copies because data in an LFS-structured filesystem cannot be modified. #1: Operational Isolation of the DR System, Including the Repositoryįirst, VMware Cloud DR’s recovery points are immutable backup copies that are stored offsite in the cloud (Scale-out Cloud File System). Analysts commonly point to two elements: 1) operational isolation of the DR system itself, including the repository where the recovery points are stored, to prevent ransomware from encrypting existing recovery points, and 2) the ability to instantiate an isolated recovery environment (IRE) to prevent ransomware from infecting production systems during the staging, experimentation, and evaluation process. Let’s define the key elements of operational isolation. Need for DR solutions to deliver operational isolation (or operational “air-gapping”)Īnd how VMware Cloud DR’s design and components deliver this important He covers how backup copies alone are not sufficient anymore and that a new type of filesystem is needed to recover from ransomware – a filesystem that enables a deep history of backup copies, instant VM power-on for rapid experimentation, immutable copies, protection against data corruption, and cost efficiency.īuilding on those core concepts, this blog expands into the Recently, my colleague Sazzala Reddy wrote a blog about VMware Cloud Disaster Recovery’s Scale-out Cloud File System (SCFS), summarizing its inherent design and characteristics that enable rapid ransomware recovery.
2 Key Elements of Operational Isolation / “Air-gapping”
0 kommentar(er)
