VMware News and Announcements – May 26, 2022

VMware News and Announcements – May 13, 2022

VMware News and Announcements – March 4, 2022

VMware news and announcements – Feb 18, 2022

VMware news and announcements – Jan 28, 2022

VMware Response to Apache Log4j Remote Code Execution Vulnerability

Here is latest VMware Advisory:

VMware Response to Apache Log4j Remote Code Execution Vulnerability (CVE-2021-44228)
https://www.vmware.com/security/advisories/VMSA-2021-0028.html

VMware VMSA-2021-0028: Questions & Answers for Apache Log4j Remote Code Execution Vulnerability (CVE-2021-44228)

https://core.vmware.com/vmsa-2021-0028-questions-answers-faq

This vulnerability is an industry-wide one, in a component called “log4j” that is used to log information from Java-based software. This vulnerability is critical, rated 10 out of 10 on the CVSS 3.1 scoring scale, because it is an unauthenticated remote code execution (RCE) vulnerability, allowing attackers to run commands on affected systems by simply getting them to log a specific string. 

Generally speaking, every piece of software that has ever used log4j is potentially vulnerable. VMware uses log4j as well, which is why we are reacting to this. However, this vulnerability also affects customer workloads, too. Customers need to assess their entire environment for use of log4j, in infrastructure and workloads, and remediate it as soon as possible either through patches or workarounds.

The vulnerability was announced by the Apache Foundation suddenly, as a “0-day” or “zero day” vulnerability, taking everybody by surprise. Normally a vulnerability is reported privately to the software maintainers who then have time to repair the issue and release an update so attackers don’t have a temporary advantage. That isn’t the case this time. Regardless of the timing, the ubiquitous use of log4j means that no matter when this vulnerability surfaced it was likely to have a huge impact. While disclosure going into a weekend is bad timing, it’s good that it did not happen later in the calendar year.

VMware Customers should subscribe to the VMSA mailing list and continue to monitor the VMSA page itself, as well as the linked resources like the QandA/FAQ. They also should be assessing everything else in their environment, because lots of other software incorporates log4j. This issue isn’t a VMware-specific problem, it’s an “everything everywhere” problem.

VMware news and announcements – December 3, 2021

VMware news and announcements – Nov 23, 2021

Happy Thanksgiving Week! Here is some recent VMware related news, announcements, and useful links.

VMware news and announcements – Oct 29, 2021

There’s a lot of great VMware information that comes out on a daily basis. I thought I’d share some recent VMware related news, announcements, and useful links from the past couple of weeks.

VMware Cloud – Continuing VMware’s Force-for-Good for Cloud Choices

One of VMware’s guiding principles is to be a force for good (VMware 2030 Agenda). VMware’s impact to reducing CO2 emissions for customers worldwide has been well documented (VMware Global Impact Report 2020). But in addition to that, VMware’s force for good has enabled customer choice, by liberating organizations from physical constraints. For many years, that meant a choice in hardware to run or access applications. Now, VMware Cloud means customers have a choice to run any application in any cloud with a consistent experience.

From an IT perspective, applications are the center of the universe. For years, IT operational staff have worked to perfect building, running, and managing compute, network, and storage. But none of that would matter if there weren’t applications to run a business.

If there’s a SaaS offering that meets your business needs like Salesforce.com, Workday, and Coupa, then go for it!

For all other applications, the choice is to use a common off-the-shelf software package or build your own. Regardless, that application has to run somewhere, either in the public cloud or in your private data center cloud. There are many factors leading to that choice.

I’ve worked with a large worldwide bank who’s proven that with VMware they can build, run, and manage their own data centers more cost effectively than current big name public cloud providers.

I’ve worked with another financial services company who sees the need for AWS and Azure public clouds so they can burst capacity on demand because having infrastructure on standby is not economically feasible in their own private cloud. However, they need to maintain private clouds to meet the security and performance requirements of some applications. Thus, they require a hybrid cloud and multi cloud strategy.

As you can see, there’s no single clear answer to where applications should reside. That’s why VMware offers choice. One thing is clear, of the organizations VMware studied this year, 90% of executives are prioritizing migration and modernization of their legacy apps. VMware understands that businesses need a range of modernization strategies and the 5R’s of app modernization; Retain, Rehost, Replatform, Refactor, and Retire is designed to do just that.

Retain – If applications must be Retained in a private cloud, then many companies have proven that with VMware Cloud Foundation and vRealize Suite, they can operate their own cloud to achieve the highest levels of performance, availability and efficiency and do it cost effectively, securely, and operationally simple.

Rehost/Migrate – Some customers are choosing to Rehost or Migrate their applications in a public cloud. The good news is that the same private cloud solution that has powered 85 million workloads for the most demanding businesses is available in over 4000 public clouds like VMware Cloud on AWS, Azure VMware Cloud, and 1000’s of our other cloud partners. Applications can be migrated instantly, without disruption or having to recode them and they can be secured and managed the same way as in their own private cloud. Once there, the native cloud service can be leveraged to add new functionality to existing apps.

Replatform – With vSphere 7, VMware brings native Kubernetes support to vSphere. This allows you to Replatform or repackage existing applications into containers and orchestrate them in Kubernetes.  In other words, you can run, observe, and manage containers in the same way you manage VMs.

Refactor/Build – VMware has a long history of supporting open-source applications for millions of developers. With VMware Tanzu, developers can build new digital services for the future by

rewriting and Refactoring existing apps to cloud native architecture, Building new ones, deploying them quickly, and operating them seamlessly. 

Retire – If you execute your application modernization strategy well, you’ll be able to Retire legacy applications that have been costly to maintain.

VMware believes the needs of your business and applications should drive your cloud strategy. VMware Cloud supports applications deployed across a range of private and public clouds that are unified with centralized management and operations and centralized governance and security. 

VMware’s force for good maintains your choice for your applications.

For more information on today’s VMware Cloud announcements, check out: The Distributed, Multi-Cloud Era Has Arrived