| Following up on the topic of Linux-based appliances from the previous digest, I wanted to share some additional data points from one of the readers who agreed with me wholeheartedly. I did not know these stats before - so apparently, I was spot on about open source patching situation in an average data center (or rather lack of one). Indeed, according to the latest Black Duck security report, the average unpatched vulnerability running on data center servers is 6 years old. Basically, just as I explained last week – the patching that is not forced on you automatically (like Windows Update is) will more often than not never happen. On the other hand, a growing number of open source vulnerabilities (134% YOY in 2017) means OSS is getting way more attention from security professionals (aka hackers) now that Windows became a much harder target. So hopefully this further shows why I consider the patching issue to be one of the biggest challenges with Linux-based appliances.
For ReFS users: last week, we spent quite some time researching multiple reports on ReFS fast cloning slow down after installing May Windows updates, and then actually reproducing one. Some customers were reporting synthetic fulls slowing down as much as 10x, and in our test lab we too saw a drop of over 3x. We then looked at ReFS driver versions in the actual update packages, and it became apparent that Microsoft did include the new versions of ReFS driver there – and did so without noting any changes in the release notes, which is really not cool. So I contacted the ReFS team at Microsoft, and they did not appear surprised of the new driver version presence – but they did suggest the performance drop could also be caused by Spectre/Meltdown related patches. Thus, we were asked to try and replace ReFS driver on a fully patched system with the one from February, which we did – and performance came almost back to normal, proving the main issue is with a new version of the driver. The ReFS team looking at this now with the servicing team – meanwhile, to avoid the performance impact, you can either simply don't install (or uninstall) May updates, or replace ReFS.sys driver on the fully patched system with the previous version 10.0.14393.2097.
For vSphere 5.5 users: last week, there were a lot of buzz with people talking about End of Life (EOL) coming for vSphere 5.5 in September this year. I have received the same email communication through our VMware partner channel, so I know exactly what has sparked all these discussions. Bottom line – they're not talking EOL yet, only the end of "General Support" phase, while EOL aka "End of Technical Guidance" is still 2 years away. Although end of General Support kinda stinks too, because it means no more updates, security patches or bug fixes. On the other hand, as of last month about 20% of all Veeam users were still using ESXi 5.5 – so in absolute numbers, we're talking tens of thousands of data centers worldwide – and that is Veeam customers alone, so only half of the entire vSphere install base. Perhaps VMware should reconsider - even just because 3 months is inadequate to perform an upgrade in larger, more regulated environments – especially when a bunch of people are on vacation! In any case, from Veeam perspective we got you covered, as we're intended to fully support ESXi 5.5 at least through its official EOL date in September 2020.
I didn't have a chance to evaluate this myself, but someone sent me the recorded videos of this in action, and it looked like magic > Veeam Cookbook 2.0 for CHEF. In short, this enables fully automated Veeam Backup & Replication deployment and upgrade. You just start this, and in less than 15 minutes you have fully deployed backup server ready – even including provisioning of additional backup proxies. Very cool, and this should be super useful for larger Veeam deployments and for our partners doing professional services. We also already have the same (actually, even more advanced) stuff built in-house for Ansible – let me know if anyone has interest, and if so I'll ask to make it publicly available as well.
Did you know your computer speakers and even headphones can be used as microphones to spy on you? Yep, it's real and this makes a lot of systems in the world vulnerable - because who ever disconnects headphones from their computer? And I keep wondering how do people even come up with these kind of ideas > Speakers can be used to jump air-gapped systems
Gotta love it when being almost 40, you find out something presumably obvious that can affect your everyday life so much. My last week's discovery started from me researching the use of that awkwardly placed sneakers lacing hole (don't ask why), which led me to this gem > running shoe lacing techniques. Yeah, everybody else knows this, I get it – except me! My mind was blown, because I struggled with the issue #2 and guess what – this fixed it. And how timely – right after my doctor told me I should not be running any longer because of my "frequent flyer knee" getting worse! Well, hopefully it's not too late for at least some of you... so, there you go – even if you don't remember me for good backup software, at least you will think of me each time you are putting your sneakers on! |
Komentáře
Okomentovat