According to several reports, one of the biggest challenges businesses face is falling victim to ransomware attacks. Nowadays it is more common than ever, leading to various complications such as reinfection during recovery, prolonged recovery time, etc.
One of the most efficient ways to combat this is to implement an effective disaster recovery policy. It significantly increases the chances that the infected workloads are not completely lost.
Many cloud providers that offer IaaS based on VMware Cloud Director also provide DRaaS to their tenants thanks to the powerful native integration with VMware Cloud Director Availability.
To provide you with technical guidance on adding ransomware recovery functionality to your typical DRaaS service, we published the Ransomware recovery for cloud providers White paper. It contains some sample topologies and configurations as well as a recommended course of action.
The proposed solution can be applied in several cases – when an uninfected instance of the workload needs to be immediately migrated back to the on-premises data center or when it needs to continue running in the cloud for some time.
It can be deployed in different scenarios – fully tenant-operated (self-service), fully managed by the cloud provider (managed service), or in a hybrid mode that fits the cloud provider’s offering.
As a standalone product, VMware Cloud Director Availability only covers the protection and recovery portion of the process. It does not offer antivirus or threat detection and therefore a special tool is required. Our recommendation is to use VMware Carbon Black Cloud. However, VMware Carbon Black Cloud is available for Cloud Service Providers – SaaS Providers (CSP-SaaS), which may require additional measures for Cloud Service Providers – Cloud Builder (CSP-Cloud Builder) providers to use it.
This means that the following tools will be part of the cloud setup with their respective roles:
- VMware Cloud Director – multi-tenant infrastructure
- VMware Cloud Director Availability – Disaster recovery for VMware Cloud Director
- VMware NSX – general purpose networking
- VMware Carbon Black Cloud – Threat Detection
Addressing ransomware recovery with VMware Cloud Director Availability does not require significant changes to the typical VMware Cloud Director cloud infrastructure.
VMware Carbon Black Cloud has been added to handle ransomware detection.
To make the process more comprehensive, find a diagram that shows the different actions, their exact order and where they are performed.
Using VMware Cloud Director Availability as a ransomware recovery tool is possible and not complicated as a process. Although many manual actions are currently required, these can be successfully automated using each product’s API.
Remember: To get the latest updates, check this blog regularly. You can also find us here Relaxed, Facebook, Twitter, LinkedIn as well as many demo videos and activation Youtubeespecially ours Feature Fridays series!