David Marshall

Microsoft Acquires FSLogix to Enhance Virtual Desktop Capabilities in Office 365

Written by David Marshall

Microsoft announced today that is has acquired FSLogix, a company that launched back in 2012 with a focus on reducing the amount of hardware, time and labor required to support virtual desktop platforms.  FSLogix products solve real world problems in a straightforward, easy to deploy way.  From small businesses to very large global enterprises across numerous industries, their solutions enhance customer experience and productivity, while reducing support requirements for IT departments.

FSLogix co-founder and CTO Randy Cook said the company's first two products, FSLogix Apps and FSLogix Profile Container, "focused on addressing critical needs that have existed from the dawn of desktop virtualization" while their most recent product, Office 365 Container, "is designed to enhance the Microsoft Office 365 experience in those virtual desktop environments."

FSLogix Apps, one of its flagship solutions, provides a unique approach to managing applications that allows you to create a single master disk image while hiding applications from end users that are not entitled to them.  It can also be used to enforce device-based licensing.  FSLogix Profile Containers are getting rid of folder redirection, and optimizing login and application start times, and virtually eliminating profile corruption and login storms.
 

Oracle VirtualBox Zero-Day Vulnerability Leaked by Annoyed Researcher

 

 

Written by David Marshall

An independent researcher has discovered what he reports to be a zero-day vulnerability in VirtualBox, a popular general-purpose virtualization platform targeted at server, desktop and embedded use.

What's interesting here is that the researcher chose to publicly disclose the security hole rather than privately inform the vendor, which in the case of VirtualBox is Oracle.  He justified this act by calling it a reaction to his previous bad experience with Oracle.  Last year, he found and reported a vulnerability that took almost 15 months for the vendor to release a fix.  So this time, he took a different path of notification. 

Sergey Zelenyuk, the Russian researcher, said he discovered a security flaw in Oracle's VM VirtualBox that would allow someone to escape from the virtual environment of the guest machine to reach the Ring 3 privilege layer used for running code from most user programs with the least privileges.  The zero-day vulnerability could allow an attacker with root access to then gain access to the underlying OS.

The vulnerability is reported to exist in VirtualBox 5.2.20 and prior versions.

 

CloudHealth Technologies Is Now Part Of VMware

Written by David Marshall

On Thursday of last week, VMware closed its acquisition of CloudHealth Technologies, extending cloud management beyond VMware's previous capabilities in private and hybrid cloud and into the public cloud.  VMware partners will soon be able to offer the cloud management platform as an integrated offering to their clients.  While terms of the deal weren't discussed, Reuters put the price tag at approximately $500 million.

As part of the announcement, VMware stated:

VMware vSphere 5.5 End of General Support - What Now?

 

Written by David Marshall

VMware vSphere 5.5 was probably the most installed version of vSphere to date.  And many virtualization administrators have fond memories of this release.  vSphere 5.5 goes all the way back to 2013, and it was hands down the most stable, fast and reliable hypervisor around.  But all good things must come to an end.  VMware products typically undergo a few stages within its lifetime:

  • General Availability (or GA)
  • End of General Support (EOGS)
  • End of Technical Guidance (End of Supported Life)

"End of General Support" is the date, generally 5 years after GA, from which VMware will no longer support the product actively.  And back in February of this year, we warned you that vSphere 5.5 was nearing the End of General Support or EOGS stage.  Well, that time has come and gone.  On September 19, 2018, vSphere 5.5 officially exited the general support phase and has moved onto something else, "Technical Guidance."  If you're playing buzzword bingo at home and trying to follow along, we should probably try to clarify what this means.

US Signal and Cloudflare Collaborate for DDoS Protection

Written by David Marshall

Today, it was announced that US Signal and Cloudflare have launched a fully managed and customizable distributed denial-of-service (DDoS) protection service to market. 

The new service delivers powerful DDoS mitigation for network, transport and application layers and is backed by a 100 percent SLA. Powered by Cloudflare's global Anycast network, the service is implemented by US Signal's information security and provisioning team, with support and customization from its technical operations engineers. 

"US Signal's new DDoS protection service is ideal for companies looking to update their existing DDoS mitigation strategies or for businesses lacking the manpower or skills to manage these risks internally. It is aimed at all market sectors but is particularly beneficial to high-risk areas such as tech, government, finance and healthcare," said US Signal President Stephen Oyer. "But regardless of the economic sector in which your company operates, Cloudflare's 15Tbps plus network throughput should offer peace of mind, as it can handle 15 times more traffic than the largest DDoS attack has produced to date." 

Scale Computing and APC by Schneider Electric Launch 'Micro Data Center in a Box'

Written by David Marshall

Scale Computing has partnered with APC by Schneider Electric to deliver a Micro Data Center in a Box solution.

By utilizing Schneider Electric's award-winning Micro Data Center portfolio of infrastructure solutions, the Micro Data Center in a Box is able to deliver a fast, cost effective and resilient solution for channel partners, MSPs and end users while meeting the distinct challenges of big data and IoT faced by many businesses today.

The joint platform is built on a highly simplified but extremely effective and adaptable infrastructure. Micro Data Center in a Box offers a range of shared automated virtualization, compute, storage and power management resources. Under the terms of the agreement, Scale Computing supplies its HC3 HyperCore software while APC delivers a self-contained and secure enclosure. This solution allows organizations to simply and efficiently deliver a complete and highly energy efficient IT solution that is pre-tested, optimized and able to be rapidly deployed. This allows for a reliable and robust environment to leverage the best of on-premise and multi-cloud infrastructures.

The Micro Data Center in a Box requires minimal IT expertise and no additional infrastructure software. Instead, it is a highly available, self-managing platform for running applications at the edge. The added pay as you grow flexibility enables organizations to start small and grow their IT as and when needed. In addition, it has built-in redundancy to provide business continuity, even in remote edge locations. The solution is pre-packaged and ships ready to be deployed, providing a quick, turn-key and simple IT infrastructure, optimized to immediately support edge computing needs.

Gartner Says Public Cloud Revenue to Exceed $200 Billion in 2019



Written by David Marshall

In its latest forecast for the worldwide public cloud services market, analyst firm Gartner said it expects revenue to continue to grow by 17.3%, topping $206 billion next year.  That's up from $175.8 billion in 2018. 

The analyst firm points out that the fastest-growing segment of the market is cloud system infrastructure services (Infrastructure-as-a-service or IaaS), which includes the bulk of the public cloud services offered by companies such as Amazon Web Services Inc., adding that it will remain the fastest-growing individual segment in the market, growing by 27.6% in 2019 to reach $39.5 billion, up from $31 billion in 2018.

Moreover, Gartner said it expects that by 2022, 90% of organizations purchasing public cloud IaaS will do so from a company that integrates these offerings with platform-as-a-service products, using both capabilities from the same provider.

WhiteHat Adds Deeper Artifical Intelligence Capabilities for Sentinel DAST Solution for DevSecOps

Written by David Marshall

WhiteHat Security announced that new, artificial intelligence (AI) software is being added to WhiteHat Sentinel Dynamic, its dynamic application security testing (DAST) solution, which draws from a data lake of 95 million identified vulnerabilities.  The enhancements will enable WhiteHat to provide high levels of accuracy in the shortest timeframe, which can traditionally only be achieved through fully automated testing with additional human verification.  Though human verification is always available to WhiteHat clients, the company will now offer fully AI-enabled verification, taking just seconds.  This will allow developers to create secure web applications at the fast pace demanded by modern businesses. 

AppSec teams are constantly caught between the need for proper security testing and the ability to allow developer teams to meet strict deadlines. AI software will dramatically decrease threat vector identification times and improve the efficiency of false positive identification. As a result, businesses will increase the speed at which developers are made aware of potential application security vulnerabilities and deliver real-time security risk assessments.

VMware and Google Preview a New Plugin Unlocking More Hybrid Cloud Scenarios

Written by David Marshall

VMware and Google have announced a preview of a new Google Cloud Platform (GCP) plugin for VMware vRealize Orchestrator, and support for GCP resources in VMware vRealize Automation.

The vRealize Orchestrator is used to automate other VMware products like the vSphere virtualization platform and the vCloud suite.  This new GCP plugin for vRealize Orchestrator is said to provide customers with a consistent management and governance experience across on-premises and GCP-based IT environments.  As an example, Google and VMware said a user would be able to use Google-provided blueprints (or build their own blueprints for Google Compute Engine resources) and publish them to the vRealize service catalog.  This means a user could select and launch resources in a predictable manner that would be similar to how they would launch VMs in their on-premises VMware environment, using a tool with which they are already familiar.  

Google Cloud Introduces VPC Flow Logs to Cloud Customers for Network Visibility

Article Written by David Marshall

Enterprise users of Google's cloud platform have a new option for logging and monitoring network traffic for security and performance issues.  Google introduced VPC Flow Logs to the Google Cloud Platform (GCP), giving administrators a way to track network flows all the way down to an individual virtual interface, in near-real-time.

According to GCP Product Manager Ines Envid, VPC Flow Logs is like Cisco's NetFlow, "but with more features."  It provides responsive flow-level network telemetry for GCP environments, creating logs in five-second intervals. 

Organizations can use VPC Flow Logs to collect network telemetry at various levels and they can choose to collect telemetry for a particular VPC (virtual private cloud) network or subnet or drill down further to monitor a specific VM Instance or virtual interface.