According to multiple reports, one of the biggest challenges for organizations is being targeted by Ransomware attacks. It is now happening more frequently than ever, which leads to several complications such as re-infection during recovery, prolonged recovery period, etc.
One of the most efficient ways to counteract this is to implement an effective Disaster Recovery policy. It significantly improves the chances of not completely losing the infected workloads.
Many Cloud Providers who offer IaaS based on VMware Cloud Director also provide DRaaS to their tenants thanks to its powerful native integration with VMware Cloud Director Availability.
To provide them with technical guidance on extending their typical DRaaS service with a Ransomware recovery capability, we published the Ransomware Recovery for Cloud Providers whitepaper. It includes some example topologies and configurations as well as a recommended flow of actions.
Use Cases
The suggested solution can be applied in multiple cases – when a non-infected instance of the workload should be immediately migrated back to the on-premises data center or when it should continue running in the cloud for some time.
It can serve in different scenarios – fully operated by the tenants (self-service), entirely handled by the Cloud Provider (managed service), or in a hybrid mode that suits the Cloud Provider offering.
Products in Scope
As a standalone product, VMware Cloud Director Availability covers only the protection and recovery part of the process. It does not offer any antivirus or threat detection, and because of that, a specialized tool is required. Our recommendation is to use VMware Carbon Black Cloud. However, VMware Carbon Black Cloud is available to Cloud Services Providers–SaaS (CSP-SaaS) providers, which might require additional actions for Cloud Services Providers-Cloud Builder (CSP-Cloud Builder) Providers to utilize it.
This means the following tools will be part of the cloud setup with their respective roles:
- VMware Cloud Director – multi-tenant infrastructure
- VMware Cloud Director Availability – Disaster Recovery for VMware Cloud Director
- VMware NSX – general networking
- VMware Carbon Black Cloud – threat detection
High-Level Architecture
Addressing Ransomware recovery with VMware Cloud Director Availability does not require any significant changes to the typical VMware Cloud Director cloud infrastructure.
VMware Carbon Black Cloud has been added to handle Ransomware detection.
Recovery Flow
To make the process more comprehensive, you can find a diagram representing the different actions, their precise sequence, and the location where they are performed.
Summary
Utilizing VMware Cloud Director Availability as a Ransomware recovery tool is possible and not complicated as a process. Even though it involves many manual actions at the moment, they might be successfully automated using each product’s API.
Reference
Ransomware Recovery for Cloud Providers Whitepaper
Remember, to get the latest updates, check this blog regularly, you also can find us on Slack, Facebook, Twitter, LinkedIn as well as many demo videos and enablement YouTube, especially our Feature Fridays series!