Skip to content

How to find Palo Alto Network firewalls running PAN-OS

Latest Palo Alto Networks vulnerabilities

Palo Alto Networks (PAN) released a security advisory with multiple vulnerabilities on PAN-OS firewalls that could lead to admin account takeover.

  • CVE-2024-9463 is rated critical with CVSS score of 9.9, is an OS command injection vulnerability and potentially allows for  and execution of OS commands as root.
  • CVE-2024-9464 is rated critical with CVSS score of 9.3, is an OS command injection vulnerability and potentially allows for the execution of OS commands as root.
  • CVE-2024-9465 is rated critical with CVSS score of 9.2, is a SQL injection vulnerability and potentially allows a remote unauthenticated attacker to read the contents of the Expedition database.
  • CVE-2024-9466 is rated high with CVSS score of 8.2, and potentially allows for an authenticated user to read sensitive information including passwords and API keys.
  • CVE-2024-9467 is rated high with CVSS score of 7.0, is an XSS vulnerability and potentially allows for execution of malicious JavaScript code that could result in session hijacking.

What is the impact?

If chained together through an exploit, a firewall running the vulnerable software could be completely taken over by an unauthenticated remote attacker. For more information, the team that disclosed the vulnerabilities to Palo Alto Networks, published a detailed analysis.

According to the vendor, there is no known malicious exploitation of vulnerable systems at this time.

Are updates or workarounds available?

According to Palo Alto Networks, “The fixes for all listed issues are available in Expedition 1.2.96, and all later Expedition versions.” They also recommended rotating all passwords and API keys after applying the latest patch to prevent future unauthorized access. Refer to the Workarounds and Mitigations section of the security advisory for information about potential workarounds and additional advice.

How to find potentially vulnerable PAN-OS systems with runZero

From the Asset Inventory you can use the following query to locate potentially vulnerable systems:

os:"PAN-OS"

CVE-2024-3400

Palo Alto Networks (PAN) disclosed that certain versions of their PAN-OS software has a vulnerability that allows for remote command injection.

CVE-2024-3400 is rated critical with CVSS score of 9.8 and indicates an unauthenticated attacker can execute arbitrary code with root privileges on the firewall. The vendor indicates that there is evidence of limited exploitation in the wild.

watchTowr has posted a detailed analysis including the details needed for exploitation. This analysis covers two separate vulnerabilities; an arbitrary file creation vulnerability in the session handler, and a shell metacharacter injection issue that leads to remote execution through the telemetry script. PAN has updated their guidance to state that “Disabling device telemetry is no longer an effective mitigation“.

What is the impact?

The following PAN-OS versions are affected by this vulnerability.

Version

Affected

Unaffected

PAN-OS 11.1

< 11.1.2-h3

>= 11.1.2-h3 (hotfix ETA: By 4/14)

PAN-OS 11.0

< 11.0.4-h1

>= 11.0.4-h1 (hotfix ETA: By 4/14)

PAN-OS 10.2

< 10.2.9-h1

>= 10.2.9-h1 (hotfix ETA: By 4/14)

Palo Alto Networks indicates that PAN-OS 11.1, 11.0, and 10.2 versions with the configurations for both GlobalProtect gateway and device telemetry enabled.

Customers may verify this by checking for entries in the firewall web interface (Network > GlobalProtect > Gateways) and verify whether device telemetry enabled by checking your firewall web interface (Device > Setup > Telemetry).

Are updates or workarounds available?

Palo Alto Networks recommends that customers with a Threat Prevention subscription can block attacks for this vulnerability by enabling Threat ID 95187 (introduced in Applications and Threats content version 8833-8682) and applying vulnerability protection to GlobalProtect interfaces.

It is also recommended that telemetry be disabled until devices can be upgraded to an unaffected version of PAN-OS.

How runZero users found potentially vulnerable PAN-OS systems

From the Asset Inventory, use the following query to locate systems running potentially vulnerable software:

os:"PAN-OS"

About runZero
runZero, a network discovery and asset inventory solution, was founded in 2018 by HD Moore, the creator of Metasploit. HD envisioned a modern active discovery solution that could find and identify everything on a network–without credentials. As a security researcher and penetration tester, he often employed benign ways to get information leaks and piece them together to build device profiles. Eventually, this work led him to leverage applied research and the discovery techniques developed for security and penetration testing to create runZero.

About Version 2 Limited
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

Storware Partners with Version 2

Storware Boosts APAC Presence with Version 2 Partnership

Storware has announced partnership with Version 2 Digital, one of the paramount IT distributors in APAC region. Cooperation between Storware and Version 2 is a sign of the right set of circumstances for scaling data protection direction to the diverse markets of the western Pacific Ocean.

With a local presence in Singapore, Hong Kong, Taiwan, and Mainland China, Version 2 has a portfolio of compatible and trusted solutions and distributes IT products, including communication systems, Internet software, security, network, and media products. Building strong relationships through a comprehensive network of channels, Version 2 deals with a variety of enterprise domains and government organizations.

 Partnership highlights:

  • Market awareness and local presence through major regional business centers of finance, trade and technology parks enhances capabilities to distribute data protection and recovery strategy to new customers.
  • Professional team with deep technical background increasingly helps APAC companies’ IT departments by delivering turnkey solutions among a large number of the world’s brands.
  • Assistance in building partners engagement and product essential knowledge of data safety.

Storware sees the growing interest and tremendous involvement in building digital environment in APAC region. We are excited to enlist the support of Version 2, our strategic partner, in establishing new opportunities for Storware Backup and Recovery on this market. Their robust expertise and confidence in product advocacy ensure comprehensive custody to deal with end-user challenges. Collaboration with Version 2 strengthens position into delivering confidence of data security and accessibility at all times to a wide range of businesses – comments Jan Sobieszczanski, CEO of Storware.

Cooperation between Storware and Version 2 reinforces assured leadership in the Asian Pacific’s technology landscape, creating new opportunities to reseller partners and confidence in delivering advanced data protection and recovery solution.

Storware’s innovative data protection solutions align perfectly with our mission to provide our clients with the most advanced and reliable technology solutions available. We look forward to working with Storware to help businesses in the APAC region safeguard their data and ensure business continuity – comments Carlos Cheng, Managing Director of Version 2 Digital. This distribution partnership combines Storware’s industry-leading data protection technology with Version 2 Digital’s regional expertise and customer-centric approach, creating a powerful synergy that will drive the adoption of best-in-class data protection solutions in the APAC market.

About Version 2 Limited
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Storware
Storware is a backup software producer with over 10 years of experience in the backup world. Storware Backup and Recovery is an enterprise-grade, agent-less solution that caters to various data environments. It supports virtual machines, containers, storage providers, Microsoft 365, and applications running on-premises or in the cloud. Thanks to its small footprint, seamless integration into your existing IT infrastructure, storage, or enterprise backup providers is effortless.

Activity Log API, Authopia, Editor’s Choice, and more: catch up with NordPass in Q3 of 2024

In the press 

In recent months, NordPass has made some appearances in the media. In some cases, we shared our knowledge and insights into cybersecurity developments. In others, NordPass was the one under the microscope.

PCMag Editor’s Choice

The team at NordPass always strives to grow and improve, bringing you the best password management experience. That’s why it’s been an honor to be selected as PCMag’s Editor’s Choice and take the top spot as the Best Premium Password Manager for 2024. NordPass’ ease of use, slick design, and additional cybersecurity features like Password Health and Data Breach Scanner were highlighted as some of the standouts of our product.

We’re not resting on our laurels, though. This recognition has only made us more determined to stay on top of the game and bring even more robust security features to our user base.

Discussing passkeys with Andrew Shikiar

Earlier this year, NordPass CEO Jonas Karklys sat down with Andrew Shikiar, Executive Director and CEO of the FIDO Alliance, to discuss all things passwordless. During the talk, they went over the early adoption of passkeys and their growth within the past couple of years, the public perception of this technology, and how it aligns with recent and upcoming compliance regulations.

NordPass has been a proud member of the FIDO Alliance since 2022, so the opportunity to discuss the developments in passwordless technology with the organization’s CEO has only strengthened our team’s understanding of what passkeys have to offer. Karklys went on to share his own insights about passkeys in his article on TechRadar.

Joining forces with Factory Berlin

Partnerships help keep our global community strong. That’s why we’re excited to start our partnership with Factory Berlin. Thanks to this new opportunity, we will be able to connect with up-and-coming startups, innovators, and creators.

Factory Berlin creates a space that helps support startups and grants access to resources and networking opportunities. We look forward to sharing our experiences, trading knowledge, and unlocking brand-new opportunities with this community.

Recent product news

It’s not just about talking the talk — we’re ready to walk the walk, too. These past few months have been very productive for us, with several new NordPass features and releases that we’re very excited about.

Detailed Shared Folders actions for Business

We want to bring efficiency and transparency to your organization’s data security by making our features easy to track and effortless to navigate. That’s why you may have noticed some changes and refinements to the NordPass Activity Log feature.

The Activity Log now displays all actions related to Shared Folders, such as when shared access was granted or revoked, what access level was set, which credentials were moved to or from the folder, and if the folder was renamed at any point. It provides more visibility into password management within your organization and offers insights similar to those of the NordPass Activity Log for your individual credentials.

Authenticator with autofill for Business

NordPass Authenticator allows users to add and store two-factor codes directly in their vaults alongside login credentials using NordPass, making it quick and easy to log in with multi-factor authentication when you are on a tight schedule. From now on, whenever you generate time-based one-time passwords (TOTPs) using NordPass Authenticator, you’ll have them autofilled in the login screen. 

By introducing this new mechanism to our Authenticator, we help you optimize multi-factor logins, bringing a higher security standard to your company account security. It resolves the long-standing problem of multi-factor authentication fatigue caused by using multiple apps and manually inputting security information to log in to an account. With the Authenticator, you don’t need to spend precious time switching apps or ensuring you’ve copied or memorized the right sequence before it refreshes and resets — NordPass handles it for you.

Splunk integration and Activity Log API for Enterprise

Clear and transparent documentation is crucial when a company works toward gaining compliance approvals. To make these management processes smoother, we’re excited to be joining forces with Splunk. This new partnership will allow NordPass customers who use Splunk to get automated activity analysis and generate reports for simpler data visualization.

As part of the optimization of data reports, NordPass now allows Admins to extract the full activity log information with the Activity Logs API. Using the API, organizations can monitor their employees’ actions and investigate company-wide activities for potential risks.

User and Group Provisioning via Okta for Enterprise

NordPass aims to make user and group management simpler without compromising security. If your organization’s provisioning system of choice is Okta, we have great news. You can now easily set up User and Group Provisioning in NordPass using your organization’s Okta account.

By combining Okta with NordPass, you can effectively handle onboarding and offboarding, manage access to resources as well as internal and third-party systems, and adhere to your organization’s cybersecurity policies.

Tweaks and improvements

While bringing new features to our users helps expand our cybersecurity capabilities, we haven’t forgotten what we’ve been working on so far. Consistency is key, and our goal is to continue improving and perfecting every feature that NordPass has to offer. We’re always eager to receive your feedback and work hard to improve your experience with NordPass, whether you’re with us for personal or business needs.

Adding dates to Custom Fields

With Custom Fields, we aim to give you more control and flexibility over how you store your sensitive information. We’re always thinking of new ways to expand Custom Fields to suit our customers’ needs — the most recent being the introduction of Date Fields.

From now on, you can select “Add date” and use the calendar to set it. Add a custom name to your date to know its function, for example, when a credential was created, when an ID document expires, or when an account needs updating. This addition will let you flexibly manage your sensitive data and offer a more convenient way to track time-sensitive information.

Authopia is here

Last but not least, we want to spotlight Authopia — a new tool developed by the team behind NordPass. Authopia lets you easily add a passkey widget to a login form on any website or service, making passwordless logins effortless and more accessible than ever before.

Authopia aims to offer companies a simpler passkey implementation method that requires minimal coding and is completely free, suiting organizations of all sizes and budgets. You can learn more about Authopia’s journey from development to launch from Sorin Manole, Head of Product, R&D at NordPass.

Bottom line

Overall, this has been an eventful quarter for NordPass, and we couldn’t be more proud of everything we’ve achieved. Our work for the year is far from over, though — we’ve still got a lot up our sleeves, and we’re not slowing down. We’re happy to have you with us on this journey so far, and we hope you’ll stay tuned and stay safe with NordPass.

About Version 2 Limited
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About NordPass
NordPass is developed by Nord Security, a company leading the global market of cybersecurity products.

The web has become a chaotic space where safety and trust have been compromised by cybercrime and data protection issues. Therefore, our team has a global mission to shape a more trusted and peaceful online future for people everywhere.

Exploring the Differences Between Community FOSS, Open Core, and Commercial OSS

Understanding the differences between community open source, open core, and commercial open source software is important when making choices that lay the foundation for systems and applications, as these decisions can have cascading effects on costs and flexibility for internal users and/or downstream customers.

In this blog, we break down the key differences between these three categories of open source software, and we’ll share some important considerations for teams deploying OSS both internal and external to the enterprise.

Editor’s Note: This blog was originally published in 2019 and was substantially updated and revised in 2024.

What Is Community Open Source Software?

Community open source software, also known as Free and Open Source Software (FOSS), is source code owned by a group of volunteers that have organized around a shared problem. Community open source projects are free and open to the public, and they’re bound by a permissive or restrictive license.

Related resource:How Does Open Source Licensing Work?

Open source communities bring people with shared interests together to collaboratively build something. Some of the most popular and widely used community open source projects are backed by nonprofit foundations such as the Apache FoundationLinux Foundation, or Cloud Native Computing Foundation. Foundations add an air of legitimacy and garner inherent trust among users who might otherwise worry about adopting software built by a disparate cohort of individual contributors.

There are millions of FOSS projects but in the 2024 State of Open Source Report, respondents mentioned Linux, Jakarta EE, Apache Server, Docker, Kubernetes, PHP, WordPress, Python, PostgreSQL, MySQL, Kafka, and Eclipse IDE as among the most business-critical for enterprise. 

FOSS logos

Back to top

What Is Open Core Software?

Open core is a commercial model of software delivery where a company creates (or contributes heavily) to a “core” version of open source software, allowing users to freely adopt, adapt, and distribute it under an open source license, and then wraps that core version with advanced features, extensions, or enterprise-level scaling and availability under a proprietary license.  

This approach allows a company to leverage the collaborative nature of open source to build a community around the free version, which benefits from diverse contributions and widespread adoption. At the same time, they generate revenue by monetizing premium features aimed at larger organizations. This sometimes quickens time-to-market for a more commercially sustainable product.

Examples of open core software include Cloudera Data Platform, Oracle Linux, SUSE Linux, Redis, Grafana, Confluent Kafka, MongoDB, and GitLab.

Back to top

What Is Commercial Open Source Software?

Commercial open source vendors provide professional services for fully open source software. All features and functionality of that software remain open and freely available, and the company generates revenue through consulting, hosting, and support. 

Like open core, the commercial open source software approach benefits from the community-built software as a foundation. Although COSS companies likely contribute to the software, they don’t license their contributions separately. Instead, they provide value to their customers by professionalizing the implementation and adoption phases. 

RHEL and Rancher by SUSE are examples of COSS.

Get the Latest State of Open Source Report

The State of Open Source Report includes insights, analysis, and trends from a global survey of OSS users working in industries like finance, technology, retail, manufacturing, government, and more.

Download

Back to top

A Note About Open Source Definitions

The above definitions draw clean lines for the purposes of comparing and contrasting open source models; however, some companies employ multiple models across their portfolio. As companies grow and add products, this gets more prolific. In some cases, the lines drawn between these models (particularly COSS and open core) become progressively more gray.

A good example would be Red Hat Enterprise Linux, which is sold under a proprietary license; however, it is made up of code from two upstream open source products (Fedora and CentOS Stream). In this case, it borrows from the open core model, but there isn’t a true single free version that it extends.

Back to top

How to Choose Between Community Open Source, Open Core, and COSS 

All these options are based on the open source model, so they all have the potential to benefit from the power of a collaborative and transparent development process. When compared to proprietary internal development or purchased vendor software, all these OSS models can fundamentally reduce cost and time-to-market, while increasing security, stability, and innovation.

With each of these open models, there are costs. The cost of commercial options, either open core or COSS, are more obvious, and come in the form of license fees, maintenance contracts, hosting costs, support subscriptions, and consulting services. However, Free and Open Source Software (FOSS) also has associated costs that are more hidden. Adopting FOSS requires organizations to dedicate internal staff and infrastructure to hiring, acquiring, and maintaining the skills necessary to install, configure, upgrade, and contribute to sustainable development of the free-to-use software. It’s important to not forget about these shadow costs when considering FOSS for enterprise use cases.

The “F” in FOSS stands for free as in freedom, not absence of cost.

Knowing there are costs associated with all options may help organizations focus on the value and predictability of each of those costs. 

Here are some questions that can help steer an organization toward a defensible return on the investment:

  • What features are included in the commercial edition? Do I need those features? Are there alternatives that can achieve the same result?
  • What license(s) are associated with the software? Are they permissive, restrictive, or proprietary?
  • Does my organization have the skill and bandwidth to implement, maintain, and support the product?
  • How mature is the product and the backing community or commercial support vendor?
  • Is there a single commercial vendor that can serve all my open source software needs?

The table below illustrates, at a high level, some of the benefits and drawbacks worth considering: 

Type of Software

Benefits

Drawbacks

FOSS

  • Ability to try various solutions without vendor lock-in, thus a low-stakes entry
  • Information is shared readily within the community
  • Responsiveness of the community for patches and potential vulnerabilities
  • OSS can lack funding to maintain the software and fix security vulnerabilities
  • It may only provide a partial solution for your requirements
  • Integrating multiple OSS products can be challenging

Open Core

  • Often more regular updates and patches
  • SLA-backed support options, up to 24/7 for mission-critical services
  • Legal indemnification and liability during crises
  • Vendor lock-in can happen based on reliance on enterprise features
  • License changes could restrict your use
  • Restricted contribution models can diminish the value of the community
  • Could encounter a liability risk if the product is not upgraded
  • Enterprise features, hosting, and monitoring can be costly

COSS

  • SLA-backed support options, up to 24/7 for mission-critical services
  • Legal indemnification and liability during crises
  • Maintain full value of the community model
  • Value of expert knowledge when you need it, without the associated cost when you don’t
  • Adoption of additional complimentary FOSS packages may be required to achieve Open Core equivalent feature sets

Back to top

Final Thoughts

The decision to choose community open source software vs. open core or commercial open source software comes down to the depth and breadth of the projects, budgets, and use cases, as well as the scale of the environment(s).  There are situations where it makes sense to invest in commercial backing for open source development and other times when it might be better to implement a community-based solution. The three models outlined in this article layout a spectrum options that cover most needs.

Perhaps the most fundamental consideration is whether to:

  1. Spend valuable internal staff time on the installation, configuration, troubleshooting, training, maintenance, and support of the OSS that lays the foundation for the applications needed to deliver value to the business or downstream customers
    or
  2. Engage a vendor to ensure the organization has a secure, stable, and performant platform that enables internal staff to focus their time and energy on developing and maintaining domain expertise in delivering top quality applications needed to drive value for the business or downstream customers.

About Version 2 Limited
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Perforce
The best run DevOps teams in the world choose Perforce. Perforce products are purpose-built to develop, build and maintain high-stakes applications. Companies can finally manage complexity, achieve speed without compromise, improve security and compliance, and run their DevOps toolchains with full integrity. With a global footprint spanning more than 80 countries and including over 75% of the Fortune 100, Perforce is trusted by the world’s leading brands to deliver solutions to even the toughest challenges. Accelerate technology delivery, with no shortcuts.

Perforce Announces Hadoop Service Bundle – a New Open Source Big Data Management Offering

MINNEAPOLIS, OCTOBER 1, 2024 – Perforce Software, the DevOps company for global teams requiring speed, quality, security and compliance at scale along the development lifecycle, today announced the Hadoop Service Bundle, a new professional services and support offering from OpenLogic by Perforce

This new solution offers enterprises a way to reduce Big Data management costs up to 60% by deploying an open source software-based Big Data stack and storing their data on-premises, in a public cloud, or a hybrid environment instead of in Cloudera’s Hadoop-based, public cloud platform.

“The Hadoop Service Bundle unlocks more options for enterprise organizations that want to own their Big Data infrastructure,” said Matthew Weier O’Phinney, Senior Product Manager at Perforce Software. “The Hadoop ecosystem has matured to the point where we can build a completely open source stack that is equivalent to the platform that Cloudera sells.”

In light of the fact that many Hadoop teams have invested in commercial, private cloud options to keep their most sensitive data secure, the Hadoop Service Bundle offers flexibility around where data is hosted. “No one should be forced to migrate to the public cloud if they don’t want to,” said Weier O’Phinney.

As part of the Hadoop Service Bundle, OpenLogic will oversee the base installation, data migration, and reference installation of customers’ Hadoop instances. For those organizations without the internal expertise required to fully manage a Hadoop implementation, technical support and administration is also included in the Hadoop Service Bundle.

Whereas the Cloudera Data Platform comes with a preset suite of software, the Hadoop Service Bundle allows teams to decide which tools and technologies to include in their Big Data stack based on their use case, potentially reducing deployment overhead.

“The Big Data landscape has evolved dramatically in recent years and the demand for more customizable, cost-effective solutions is what led us to develop the Hadoop Service Bundle,” said Rod Cope, Chief Technology Officer at Perforce Software. “For organizations that want to avoid vendor lock-in and keep costs low by storing their data in-house, in an open source stack built to accommodate their business needs, the Hadoop Service Bundle will be an appealing alternative.”

About Version 2 Limited
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Perforce
The best run DevOps teams in the world choose Perforce. Perforce products are purpose-built to develop, build and maintain high-stakes applications. Companies can finally manage complexity, achieve speed without compromise, improve security and compliance, and run their DevOps toolchains with full integrity. With a global footprint spanning more than 80 countries and including over 75% of the Fortune 100, Perforce is trusted by the world’s leading brands to deliver solutions to even the toughest challenges. Accelerate technology delivery, with no shortcuts.

Scalefusion Expands Device Management Platform with ChromeOS Management Support

ProMobi Technologies today announced that Scalefusion- its leading unified endpoint management solution (UEM), has now launched support for ChromeOS device management. This addition reinforces Scalefusion’s commitment to offering a versatile multi-OS management platform that caters to the diverse needs of modern businesses. 

With the integration of ChromeOS, Scalefusion enables IT administrators to streamline the management of ChromeOS devices alongside Windows, macOS, Android, and Linux, simplifying the complexities of multi-OS environments.

ChromeOS has seen significant adoption across industries, from education to enterprise, thanks to its balance of affordability, speed, and security. Recognizing this growing trend, Scalefusion’s new ChromeOS device management provides organizations with the ability to provision, secure, and monitor ChromeOS devices seamlessly through the same intuitive platform used for their existing device ecosystems.

Scalefusion’s ChromeOS management empowers businesses to streamline device management by integrating ChromeOS into their existing device strategy. With Scalefusion’s unified platform, IT administrators can boost productivity by providing a consistent, unified experience for users across all platforms. Whether organizations are deploying Chromebooks in educational settings or managing ChromeOS devices for remote workforces, Scalefusion makes it simple to provision, secure, and monitor these devices—all from a single dashboard. With the addition of ChromeFlex, businesses can repurpose existing PCs and Macs by converting them to ChromeOS devices, further extending the life of their hardware while maintaining seamless management through Scalefusion’s unified platform.

Sriram Kakarala, Chief Product Officer at Scalefusion, highlighted the importance of this new addition: “With the rise of ChromeOS in diverse sectors, we saw a clear opportunity to enhance the Scalefusion platform. By adding ChromeOS support, we are delivering on our promise to simplify device management for our customers, regardless of which operating systems they choose to deploy.”

Scalefusion’s integration aims to provide organizations with a straightforward approach to managing their multi-OS device ecosystems. Request a free trial of this release by setting up a demo of Scalefusion for ChromeOS here.

About Scalefusion

ProMobi Technologies provides a leading Unified Endpoint Management solution under the brand Scalefusion. Scalefusion UEM allows organizations to secure and manage endpoints, including smartphones, tablets, laptops, rugged devices, POS and digital signage, and apps and content. It supports the management of Android, iOS, macOS, Windows, Linux, and ChromeOS devices and ensures streamlined device management operations with Scalefusion Remote Troubleshooting.

More than 8000 companies worldwide are unlocking their true potential using Scalefusion, which is used across various industries, such as Transportation & Logistics, Retail, Education, Healthcare, Manufacturing, Construction & Real Estate, Hospitality, Software & Telecom, Financial Services, and others.

About Version 2 Limited
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Scalefusion
Scalefusion’s company DNA is built on the foundation of providing world-class customer service and making endpoint management simple and effortless for businesses globally. We prioritize the needs and feedback of our customers, making sure that they are at the forefront of all decision-making processes. We are dedicated to providing comprehensive customer support services, and place emphasis on customer-centric thinking throughout the organization.

Boosting cyber health: How vulnerability and patch management decrease threat exposure

 

The topic of vulnerabilities remains significant as new exploits emerge, underscoring the need for continuous vigilance and proactive defense strategies.

In a world that records on average at least 7,240 new vulnerabilities per quarter (based on 2023 data), patching critical vulnerabilities should be an immediate priority; otherwise, users might face anything from exposing confidential data all the way to opening their entire networks to ransomware or wiperware. The possible negative scenarios are unlimited.

Thus, focusing on your business’ cyber health matters, and with data breach costs climbing into several millions of dollars, patching all your devices/OSs grows considerably more critical.

A health check on vulnerabilities

First of all, doctors usually say that humans should support their health by ingesting a healthy dose of vitamins every day – lowering the chances of having compromised immune systems, leading to constant bouts of sickness. For organizations, the situation is much the same. Without investing in all-encompassing cybersecurity measures and awareness training, their body (business) will be left vulnerable to compromises (literally).

However, it seems that just like humans tend to underestimate their need for vitamins and health checks, so do businesses forgo important security checks and patching. There have been a plethora of cases where a business was breached due to a known vulnerability. For example, Equifax in 2017 was breached thanks to unpatched vulnerabilities1, which threat actors used to get their hands on the private records of 147.9 million Americans.

Overall, this catastrophic breach cost Equifax around 1.4 billion USD. For a smaller business, such costs, even in proportion to their revenues, would likely bury them completely. A larger enterprise might weather the storm, but there is a high chance that they could fold as well, and all because their patching was, well, “patchy.”

Recording vulnerabilities – are you immune enough?

The database of Common Vulnerabilities and Exposures (CVEs) recorded 28,961 vulnerabilities for 2023 alone, representing a 15% rise compared to the previous year. For Q1 2024, 8,697 have already been reported (for comparison, in Q1 2023 it was 7,015).

Endpoints such as servers or computers remain risky, as they can harbor unpatched systems and apps. The same research also highlights how ransomware gangs are becoming more skilled, using programming languages that can more easily cross-compile, simultaneously targeting Windows and Linux systems.

There’s an online myth that Linux is inherently more secure than other systems – since threat actors only target commonly used ones. Said myth is easily debunked though, as Linux is one of the most widely used systems globally. It makes up approximately 96% of web server infrastructure, while Android represents 72% of the global mobile market share.

Recently, ESET Research broke a story about the Ebury botnet compromising around 400K Linux servers for cryptocurrency theft and other criminal activities. ESET researchers have also exposed numerous OpenSSH backdoors, leading to the documentation of almost 21 Linux-based malware families with credential-stealing and backdoor functionalities. Additionally, threat actors target Linux-based high-performance computing (HPC) clusters with sophisticated malware like Kobalos.

Thus, threats targeting Linux-based systems are quite real and can pack quite a punch to the gut of business security.

The ABCs of vulnerability solutions

Why deal with vulnerabilities, specifically? For a business that could already consider its cyber posture “ready” or “full,” it could seem like its current security software can take care of everything.

That’s not an entirely accurate observation. Endpoint security products in and of themselves are usually made up of multiple layers guaranteeing strong protection – but that doesn’t mean that your endpoint product can protect against every single external threat. There’s a reason why detection and response or cloud security are a thing these days; it’s all about minimizing risk by shrinking the attack surface as much as one can.

Though security tools can remediate rather quickly (with ESET-managed services responding in as little as 20 minutes), every piece of a security stack plays a different and important part in the active protection process.

Keeping ahead of attackers by preventing them from finding that vulnerable spot is the key to your security. Said spots can be anywhere – in an app, device OS, or server infrastructure – presenting multiple potential entry points. However, the right vulnerability and patch management solution can provide the necessary tools to assess and provide patching opportunities for that unsecure spot – wherever it may be.

ESET Vulnerability and Patch Management (V&PM) – a healthy dose of vitamins

As illustrated previously, threat development is more flexible than before, and defenses need to be shored up to protect all devices that a business employs.

With ESET Vulnerability and Patch Management, which is now also offered as a separate add-on to ESET PROTECT Entry and ESET PROTECT Advanced, even the smallest firm can start its prevention-first journey, warding off tomorrow’s threats looking to infiltrate their premises.

The V&PM module is directly integrated into the ESET PROTECT Platform and is always on – making it easy to stay up to date – protecting against attacks, zero-days, and ransomware all at once. Thus, ensuring visibility and situational awareness, which the entirely new V&PM dashboard improves by giving instant overviews of the vulnerability and patching status across an entire business network.

Moreover, to answer the need for comprehensive vulnerability assessment and patching, ESET has expanded the V&PM module by adding further system treatment into its repertoire – now also covering Linux2 and macOS3.

For Windows and Linux servers, we understand that admins need full control, therefore, on these systems, the V&PM module is not automated and gives admins total control over the entire process, so that they don’t interrupt business workflows.

And if a security admin is growing suspicious about a particular system, on-demand vulnerability scanning will enable them to act quickly in case the need arises.

Sickness be gone!

With current security tools like the comprehensive ESET V&PM module, breaches traced to a vulnerability are no longer about bad luck – they are about inattentiveness and underestimation, both of which have enormous security and even existential consequences for organizations.

Upping the ante in this important area is compliance, with regulations such as NIS2 in Europe, and PCI DSS 4.0 globally, demanding transparent vulnerability disclosure and management. This all shouldn’t be surprising – with thousands of vulnerabilities being recorded quarterly, all it takes is one unpatched hole and tragedy awaits.

So please, take that health check and don’t underestimate your immune system – when you have those vitamins at hand, why not take them?

1The exploited vulnerability was related to a framework for creating web apps written in Java, enabling threat actors to run code remotely.

2Please check our website for desktop Linux compatibility.

3Additionally, Linux patch management, as well as operating system vulnerability scanning and patching in macOS, is on the roadmap.

For more information about ESET Vulnerability and Patch Management, please visit our page here.

Discover how V&PM helps in staying compliant with cyber insurance in our blog here.

About Version 2 Limited
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About ESET
For 30 years, ESET® has been developing industry-leading IT security software and services for businesses and consumers worldwide. With solutions ranging from endpoint security to encryption and two-factor authentication, ESET’s high-performing, easy-to-use products give individuals and businesses the peace of mind to enjoy the full potential of their technology. ESET unobtrusively protects and monitors 24/7, updating defenses in real time to keep users safe and businesses running without interruption. Evolving threats require an evolving IT security company. Backed by R&D facilities worldwide, ESET became the first IT security company to earn 100 Virus Bulletin VB100 awards, identifying every single “in-the-wild” malware without interruption since 2003.

What is a bastion host and does your business need it?

Summary: Bastion hosts differ from firewalls and VPNs, offering more control over assets. Read our article and see if your business needs one.

In a world of data breaches and cyber threats, data protection and business health are two sides of the same coin.

Bastion hosts are one of the most common security solutions, protecting data at the network edge. But these digital fortifications are widely seen as outdated by security experts. Are they still viable options for modern companies?

This blog will dive into the issue and come up with some answers. We will learn how bastion hosts work and why some companies use them, but we will also assess their security pros and cons.

You may prefer cutting-edge alternatives instead of traditional bastion hosts. Let’s find out more to help you decide.

Bastion host definition

A bastion host is a highly-secured server. Bastions reside on the network perimeter to control or manage traffic between trusted and untrusted network zones.

What is a bastion host?

A bastion host is a highly secured server placed at the network edge to protect against cyber attacks. It creates a bridge-like structure between the public internet and local devices. Traffic entering the network must cross this bridge, where tools can allow or deny entry.

Bastion hosts are hardened to withstand cyber attacks. They enhance network security by controlling what enters or leaves the network. In remote work contexts, bastion hosts act as SSH proxies, enabling secure SSH connections.

How does a bastion host work?

Historically, bastions were parts of fortresses or castles that projected away from the main building. Bastions were forward defenses designed to repel attacks before enemies could breach the perimeter.

The same principles apply to network bastions. Bastion hosts act like gatekeepers at the network edge or on the edge of secure zones. This gatekeeper decides who enters the “castle” and who remains outside.

Businesses position bastions strategically to withstand cyber attacks. They protect data or devices from harm through a range of features:

Security centralization

Bastions provide a way to centralize network security via SSH connections. The bastion host checks the device and user credentials. If users are on approved access lists, the bastion approves the connection and allows entry.

This solution is efficient but generally insecure. Most companies prefer to strengthen their defenses via VPNs, firewalls, and access management systems.

Jump servers

Jump servers are secure gateways that allow administrators to manage software or devices within protected network zones. The bastion acts as a jump server by requesting authentication credentials and controlling access, keeping attack surfaces as small as possible.

For instance, bastions may allow a firewall administrator to change filtering settings while denying requests from all other users.

Companies often use bastions as jump servers to maintain distributed network assets. Networks may extend across the world. Bastion hosts allow a centrally-located IT department to access distant office networks securely.

Access control

As the outer fortification, bastions enforce access control policies. They request multiple authentication factors and check user credentials against secure directories.

Bastions also provide a secure proxy gateway for SSH (Secure Shell) connections. SSH creates secure connections between remote devices and internal services. The SSH protocol encrypts data passing through the bastion. SSH agent forwarding allows users to access multiple servers via the bastion gateway.

Network logging

Finally, bastion hosts log user access and session activity. All users and data entering a private network must pass through the server. Logging tools track general information about user sessions. However, they do not track user activity in-depth, but these logs can be integrated with external security systems to create alerts about suspicious behavior.

Types of bastion hosts

In terms of network security, there are three main bastion host configurations: single, dual, and internal. Each version uses similar technologies. However, they operate differently, and security services differ as well.

Additionally, organizations can combine more than one configuration type. For example, you might use a single-bastion inline server for perimeter protection, alongside internal bastions to guard sensitive network zones.

Single-bastion inline

Single-Bastion inline hosts place a single fortified server between the untrusted networks (like the public internet) and internal network assets.

This bastion server type acts like a gateway for network traffic, filtering traffic before it reaches network devices. This filtering function may complement firewalls, intrusion detection systems (IDS), or additional proxy servers.

A single-bastion host can enhance network security. However, the use of one server creates a single point of failure. Concentrated attacks can overwhelm security tools on a single server, raising security risks for critical assets.

Dual-bastion inline

Dual-bastion host setups place two fortified servers between an untrusted external network and internal network assets. The two servers exist in series, creating a chain of network defenses.

In a dual-bastion inline arrangement, the first host directly faces the public internet. This host executes basic security tasks, including packet inspection and firewall filtering.

The second bastion faces internal network devices. This host adds extra layered security together with intrusion detection, deep packet inspection, or proxy server functions.

Layered bastion host setups are usually more secure than single host configurations. Attackers struggle to take down dual servers, and layered security neutralizes threats efficiently. This setup suits load balancing, where one bastion manages incoming traffic, and the other handles outbound connections. It also provides a backup if one server fails, ensuring continuous operations for critical data or sensitive applications.

On the negative side, dual-bastion host setups are more complex to configure. Dual bastions may increase network latency. Maintenance is also more complicated and resource-intensive.

Internal bastion host

Internal bastion hosts are fortified servers located within internal networks. These bastion servers operate behind network firewalls. They are not directly exposed to an external network.

Internal bastions are a preferred option when defending critically important servers or devices and sensitive internal resources. The internal bastion provides an extra line of defense and limits east-west traffic within the network. Security teams can use internal bastions to create secure zones and guard against insider threats.

Bastions create a perimeter around critical assets. Servers use authentication and IAM tools to allow secure access. They log activity and filter internal traffic while enabling legitimate access for network users.

Internal bastion hosts enhance security but may increase network complexity. Bastions can become traffic bottlenecks and can be compromised by some network attacks.

What are the security risks of using a bastion host?

When they function correctly, bastion hosts enhance network security. However, compromised bastions can expose networks to security risks. Compromised hosts become secure gateways for attackers — defeating the initial purpose.

Attackers gaining control of a bastion host can use their position to access other network resources. They may extract sensitive data from traffic flowing across the host, and use this data to gain further access.

Compromised hosts aren’t the only security issue to worry about. Other bastion host risks include:

  • Misconfiguration. Attackers can exploit improperly configured access control rules. A poorly configured bastion host can also obscure visibility into network activities. This makes it harder for security teams to ensure timely threat detection and response to attacks.
  • Maintenance. Bastion hosts are complex to deploy and manage. The IT department must deliver up-to-date patches and retire a deprecated operating system or security tools. Regular audits consume time and resources technicians can spend on other security tasks.
  • Single points of failure. Relying on a single bastion host creates a single target for attackers. Host failure can expose the private network to external threats. Bastion downtime can also take systems offline until technicians restore security features.
  • SSH key vulnerabilities. Extra security problems arise if you use your bastion host as an SSH proxy. Attackers obtaining SSH keys gain root-level network access. SSH is not designed for secure key management, creating a constant cybersecurity risk.

Bastion hosts are labor-intensive and carry significant risks. Consider alternative measures to counter external threats. If not, take care when adding bastion protection to your private network.

Best practices for securing bastion hosts

If you opt for bastion host protection, it’s important to do so safely. With that in mind, here are some best practices to follow when securing bastion hosts:

  • Minimize the attack surface. Large attack surfaces put bastion hosts at risk. Remove all unnecessary software or processes. Only retain protocols or tools that promote security. Use port scanning regularly to check for vulnerabilities.
  • Implement access control measures. Only authorized users should be able to access the bastion host. Use network-level controls to admit approved IP addresses and manage SSH connections. Update firewall settings to cover all relevant users.
  • Use SSH safely. As noted earlier, SSH creates security risks. Protect remote connections with multi-factor authentication. SSH does not reset keys automatically, so schedule regular SSH key updates.
  • Automate patch management processes. Take human error out of the equation. Automate patch deliveries to keep bastion host firmware up-to-date.

What is the difference between a firewall and a bastion host?

Now we know more about defending a bastion host, let’s clear up some misconceptions about what they are (and what they do).

For instance, people often confuse bastions and firewalls. This is understandable as bastion hosts often include firewall capabilities. Firewall appliances inspect and filter traffic passing across the entire network perimeter. Sometimes, firewalls provide sufficient protection. However, firewalls on their own have limited access management capabilities.

Bastions also operate at the network edge. Unlike firewalls, bastions protect and manage access to specific locations or assets. Onboard firewalls and security tools create a demilitarized zone outside the network perimeter.

This DMZ adds an extra layer of protection beyond firewall filters. Fortified bastion hosts offer greater control over internal network access. They are also hardened to cope with cyber threats, while firewalls are not.

VPN vs. bastion host

Another common point of confusion is between VPNs and bastion hosts. Again, this is understandable. Both technologies allow secure remote access and SSH connections. But they are very different.

VPNs create encrypted tunnels to transfer data. Users generally install a VPN client on their device. The client encrypts data and routes it via a VPN server, which assigns a new IP address and passes data to its destination.

Using a VPN solves some of the security problems we noted earlier. VPNs protect SSH keys beneath a layer of encryption. They shrink the attack surface by creating private connections without direct exposure to the public internet.

Bastion hosts are exposed to external networks, leaving security risks unaddressed. They also represent a single point of failure, which is less of a problem with VPNs.

On the other hand, administrators can harden bastions to minimize threats. Bastions also make it easier to prevent data extraction. VPN users can download data onto remote devices, and switching off the VPN can put this data at risk.

Hybrid VPN and bastion host setups are also possible. VPNs protect remote access connections in a user-friendly way, while bastions protect sensitive endpoints and create secure zones for high-value data.

Does your business need a bastion host?

Possibly, but probably not. Companies mainly use bastion hosts to lock down sensitive data. For instance, you may handle protected health information (PHI) or customer financial records. The bastion creates a DMZ around critical data only approved users can enter.

Bastion hosts are also useful for connecting different offices. Admins can safely manipulate software remotely, while the bastion excludes unauthorized users.

Some businesses use bastions in remote access systems. If you rely on SSH connections and are happy to risk a single point of failure, bastions provide robust protection for on-premises assets.

However, bastion server architecture is outdated and risky. Bastions are poorly suited to safeguarding cloud computing assets. Cloud-based firewall-as-a-service (FWaaS), remote access VPNs, Zero Trust Network Access (ZTNA) and access management tools provide a scalable and more secure alternative.

Maintaining bastion hosts is costly and complex, a problem for small and medium-sized enterprises that need to cut overheads. Larger businesses may find uses for bastion technology, but for many companies, the risks and costs are not worthwhile.

Find the right security solution with NordLayer

Bastion hosts are outdated and risky, but what is the best way to secure on-premises, remote, and cloud-hosted assets? NordLayer’s Zero Trust solutions provide a streamlined alternative.

NordLayer’s remote access VPN enables secure access to your private network and sensitive resources. Companies can create private gateways to replace bastion hosts, while site-to-site VPNs safely establish secure connections to hybrid networks.

Our Multiple Network Access Control (NAC) solutions let you control access to hybrid services at a granular leve. Threat prevention tools prevent access to malicious websites and unauthorized intrusion, and scan downloads for malware. Users do not need to configure bastion hosts. Flexible solutions plug every potential vulnerability.

Assess your network security needs and create a data protection strategy. When you do, go beyond bastions and outdated technology. Contact the NordLayer team to discuss next-generation remote access security.

About Version 2 Limited
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Nord Security
The web has become a chaotic space where safety and trust have been compromised by cybercrime and data protection issues. Therefore, our team has a global mission to shape a more trusted and peaceful online future for people everywhere.

About NordLayer
NordLayer is an adaptive network access security solution for modern businesses – from the world’s most trusted cybersecurity brand, Nord Security.

The web has become a chaotic space where safety and trust have been compromised by cybercrime and data protection issues. Therefore, our team has a global mission to shape a more trusted and peaceful online future for people everywhere.

Be more productive and save time with CloudM Migrate 4.0

 

Introducing CloudM Migrate 4 

Migrate 4 builds on the longstanding success of its predecessors, but makes bold strides to advance its feature set and user experience. 

Revamped UI 

Migrate 4 features a new and improved UI that is easier and more intuitive to navigate, enabling users to complete their work more quickly and efficiently. 

play_circle
Video: Migrate 4 sports a much cleaner UI.

Efficiency at the heart

The theme of boosting efficiency runs through this major release: with Migrate 4, we move away from the concept of having configurations and child configuration. Instead, migrations are now managed as projects with batches. This saves time and removes complexity as connections to source and destination platforms can be managed centrally, enabling you to use them across multiple projects, reducing the need for manual intervention and duplication.

Image: With Migrate 4, migrations are managed in batches to save time and remove complexity.

Incorporate multiple source platforms in one project

With Migrate 4, it is possible to add multiple source platforms to a project. This is a more holistic approach to migrations, making it easier and quicker to consolidate several source platforms into one productivity suite such as Google Workspace or Microsoft 365.

In addition, each source platform can have multiple batches. Batches can be created to only contain certain item types, making it easy to prioritize your data and organize the migration. 

Pick up incomplete projects

Focussing on ease of use, a new tab for incomplete projects allows users to create projects in stages. The project draft is saved, ready to be accessed and completed at a later date. 

Image: Migrate 4 enables you to create your projects in stages, allowing you to pick them back up via the incomplete projects tab.

Know your sources

Migrate’s environment scan has always been a key feature thanks to actionable insights it gives. With the new release, the scan can now be run at source platform level as well as batch level. The former enables users to scan the entire source at the very beginning of a migration project, while the latter gives better insight into how much data is in a batch and how long it will take to migrate. Both equip users with more visibility and insight into the project. 

Image: In Migrate 4, the environment scan can run at badge as well as source platform level.

There’s more!

There are a host of other improvements to CloudM Migrate that make it that much easier to manage migrations, such as added filters for migration batches and relocation of tabs to improve navigation. 

A full list of enhancements and improvements can be found in the release notes for Migrate 4.0. Check them out here.

About Version 2 Limited
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About CloudM
CloudM is an award-winning SaaS company whose humble beginnings in Manchester have grown into a global business in just a few short years.

Our team of tech-driven innovators have designed a SaaS data management platform for you to get the most from your digital workspace. Whether it’s Microsoft 365, Google Workspace or other SaaS applications, CloudM drives your business through a simple, easy-to-use interface, helping you to work smarter, not harder.

By automating time-consuming tasks like IT admin, onboarding & offboarding, archiving and migrations, the CloudM platform takes care of the day-to-day, allowing you to focus on the big picture.

With over 35,000 customers including the likes of Spotify, Netflix and Uber, our all-in-one platform is putting office life on auto-pilot, saving you time, stress and money.

Backup and Recovery for oVirt using Storware: A Comprehensive Guide

In today’s fast-paced digital world, maintaining the integrity and availability of your data is crucial. For businesses using oVirt—a widely adopted open-source virtualization solution—having a robust backup and recovery strategy is not just an option; it’s a necessity. Storware Backup and Recovery offers a powerful, reliable solution for backing up and restoring oVirt environments, ensuring business continuity and data protection. This guide explores how Storware Backup and Recovery can enhance your oVirt infrastructure by providing advanced backup and recovery features.

What is oVirt?

oVirt is an open-source virtualization management platform designed to manage large-scale, distributed server and desktop virtualization environments. Built on top of KVM (Kernel-based Virtual Machine), oVirt provides an enterprise-level solution for virtual machine (VM) management, complete with a web-based interface, robust APIs, and powerful features tailored for businesses of all sizes. However, like any virtualization environment, oVirt requires an effective backup and recovery plan to protect against data loss, system failures, and security threats.

Why Backup and Recovery are Essential for oVirt

→ Data Loss Prevention: Accidental deletions, hardware failures, or software glitches can lead to significant data loss. Backup and recovery ensure that your VMs and data are always recoverable.
→ Minimize Downtime: A well-structured backup and recovery plan minimizes downtime, keeping your critical applications running smoothly and without interruptions.
→ Protection Against Ransomware: Cybersecurity threats, including ransomware attacks, can compromise your data. Regular backups serve as a safety net, allowing you to restore your system to a pre-attack state.
→ Compliance and Audits: Many industries have strict data retention and recovery requirements. Backup solutions help meet these compliance standards by ensuring data integrity and availability.

Introducing Storware Backup and Recovery for oVirt

Storware Backup and Recovery is an enterprise-grade data protection solution designed to integrate seamlessly with oVirt environments. It offers comprehensive backup, recovery, and archiving capabilities, ensuring your virtual machines and associated data are protected, easily recoverable, and managed efficiently.

oVirt Support Matrix

 Disk-attachmentDisk Image TransferSSH TransferChanged-Block Tracking
Minimum version4.0+4.3+4.3+4.4+
StatusIn operationIn operationDeprecated (for hosts 4.5.0+)In operation (preferred)
Last snapshot kept on hypervisor for inc. backupsnoyesyesno
Hypervisor OS access needednonoyesno
Proxy VM neededyesnonono
Key Caveatsfull backup only
disk attachment process may be slow		data transfer via Manager (<4.4.3)access to the hypervisor neededincremental backup require QCOW2 disk format

 

Key Features of Storware Backup and Recovery

→ Agentless Backup: Storware provides agentless backup for oVirt, which simplifies the backup process by removing the need to install agents on each VM. This approach reduces overhead and simplifies management.
→ Incremental Backups: Storware uses incremental backup strategies to save only the data that has changed since the last backup, significantly reducing storage requirements and improving backup speeds.
→ Automated Backup Scheduling: Storware’s intuitive scheduling options allow you to automate your backup processes, reducing manual intervention and ensuring regular data protection.
→ Efficient Recovery: Fast and flexible recovery options enable you to restore entire VMs, individual files, or specific VM disks, providing a tailored recovery approach based on your needs.
→ Secure Data Encryption: Storware ensures that your backup data is protected with advanced encryption methods, securing it from unauthorized access both in transit and at rest.
→ Multi-Tier Storage: With Storware, backups can be stored across multiple storage tiers, including local storage, cloud storage, or even object storage systems, offering scalability and flexibility.
→ Centralized Management: Manage all your backup and recovery tasks from a single pane of glass, streamlining the administration of your data protection policies.

How Storware Backup and Recovery Enhances oVirt Environments

→ Simplified Backup Management: Storware’s centralized console allows administrators to manage backups across the entire oVirt environment, simplifying the complexity of backup management.
→ Scalability: As your oVirt environment grows, Storware scales with you, supporting hundreds of VMs without compromising performance or manageability.
→ Seamless Integration: Storware Backup and Recovery integrates seamlessly with oVirt’s architecture, making it a natural extension of your existing infrastructure.
→ Improved Performance: The use of incremental and differential backups optimizes performance, reducing backup windows and minimizing the impact on production workloads.
→ Comprehensive Reporting and Analytics: Storware provides detailed reports and analytics on backup performance, success rates, and storage utilization, allowing for proactive management and optimization.

Implementing Storware Backup and Recovery for oVirt: Step-by-Step

The easiest way is to use the Setup Wizard to make the process easier. However, the manual approach is not rocket science!

1. Installation and Configuration: Begin by installing the Storware Backup and Recovery software on a designated server. Configure the backup server to connect to your oVirt environment via API.

2. Define Backup Policies: Set up backup policies based on your business requirements. Define how often backups should occur, retention periods, and storage locations.

3. Automate Scheduling: Use Storware’s scheduling feature to automate the backup process, ensuring that backups are conducted regularly without manual intervention.

4. Test Recovery Procedures: Regularly test your recovery procedures to ensure that you can quickly restore VMs and data in the event of a failure.

5. Monitor and Optimize: Utilize Storware’s monitoring and reporting tools to keep an eye on backup performance. Optimize configurations based on insights to ensure the best possible performance.

Conclusion

Implementing a robust backup and recovery solution is essential for any organization using oVirt. Storware Backup and Recovery provides a powerful, efficient, and scalable way to protect your virtual environment, ensuring that data loss, downtime, and security threats are mitigated effectively. With features like agentless backups, encryption, and automated scheduling, Storware stands out as a preferred choice for enterprises seeking comprehensive data protection.

About Version 2 Limited
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Storware
Storware is a backup software producer with over 10 years of experience in the backup world. Storware Backup and Recovery is an enterprise-grade, agent-less solution that caters to various data environments. It supports virtual machines, containers, storage providers, Microsoft 365, and applications running on-premises or in the cloud. Thanks to its small footprint, seamless integration into your existing IT infrastructure, storage, or enterprise backup providers is effortless.