Tag Archives: Endpoint

Sophos adds mobile threat defense app to Intercept X line

Security vendor Sophos this month expanded its endpoint protection lineup with Intercept X for Mobile. The new mobile security application extends the company’s Intercept security software to devices including phones, tablets and laptops.

The new offering is meant to bolster mobile threat defense for devices running on Android, iOS and Chrome. Features include:

  • Authenticator: Helps to manage multi-factor authentication passwords for sites like Google, Amazon and Facebook.
  • Secure QR code scanner: Scans target URLs for malicious content.
  • Privacy protection: Detects when personal data is accessed or if there are hidden costs associated with downloaded apps.

“The biggest unique point of the Intercept X model is that we are a security model, and we do security for different platforms and can be configured in one place,” said Petter Nordwall, director of product management at Sophos. “Intercept X, as a whole, can now protect Windows, Mac iOS, Chromebooks and servers. Regardless of what platform they use, they can use Intercept X.”

Sophos introduced Intercept X in 2016 as a cloud-based tool designed to enhance endpoint security already running in an environment. Intercept X for Server was introduced in December 2018; an update launched in May 2019 added endpoint protection and response features.

Mobile threats on the rise

In “Advance and Improve Your Mobile Security Strategy,” a recent report from Gartner, senior analyst Patrick Hevesi found that “mobile security products are becoming increasingly important as a rate of mobile attacks continues to grow.” Hevesi recommended tech professionals track new threats, build a mobile threat defense strategy and set minimum iOS and hardware versions.

He added that organizations should focus on training users on what threats actually look like, rather than letting the systems do all the work.

“Everyone is doing antiphishing training, but think about the application,” Hevesi said. “The user doesn’t think about mobile in the same way; they see a highly rated app and don’t think about why the app needs permission to my contact data.”

Pricing for Intercept X for Mobile ranges from $24.50 to $63 per 100 seats depending on the addition of Sophos’ mobile, a unified endpoint management system. Intercept X for Mobile is available free for download for individual use, from Google Play and the Apple App Store.

Go to Original Article
Author:

Jamf Protect offers visibility, protection for macOS admins

MINNEAPOLIS — Compliance and behavioral analysis features in endpoint security tool Jamf Protect may lessen IT concerns about adopting macOS devices in the enterprise.

Jamf Protect offers a kernel-less — or kextless — approach to endpoint security, which was announced here at Jamf Nation User Conference (JNUC) 2019, Jamf’s annual user conference. The platform offers day-one support of new macOS security features, insight into compliance across an organization’s fleet of macOS devices and behavior-based malware detection.

As the use of macOS in the enterprise increases, the landscape of security threats evolves, said David McIntyre, CISO and CTO of Build America Mutual, a financial services company in New York.

“There were so many more threats for Mac than I thought, so we had to add something to fight them off,” McIntyre said.

The origin of Jamf Protect

The announcement of a Jamf endpoint protection tool aligns with the company’s acquisition of Digita Security, a macOS endpoint security management company, earlier this year.

A lack of security management is one of the biggest hindrances to macOS adoption in the enterprise, said Patrick Wardle, co-founder at Digita Security and current principle security researcher at Jamf. Most enterprise organizations that consider deploying macOS devices have existing Windows machines that they manage, and as such they have a Windows-focused desktop management infrastructure.

“In an ideal world, the single pane of glass for Windows and Mac endpoint management would work, but feature parity is largely missing for the macOS components of these tools,” Wardle said.

What can Jamf Protect do?

Jamf Protect offers kextless management; instead of kernel extensions, it builds on the EndpointSecurity framework that Apple provides. Kext files extend Mac OS X kernels and can bloat a desktop with additional code. With the release of macOS 10.15 Catalina, Apple deprecated kernel extensions to encourage a kextless approach.

“It’ll be huge for us if we can get rid of apps that use kext files,” said Tom O’Mahoney, a systems support analyst at Home Advisor in Golden, Co. “Hopefully that’s the future of all desktop management.”

It’ll be huge for us if we can get rid of apps that use kext files — hopefully that’s the future of all desktop management.
Tom O’MahoneySystems support analyst, Home Advisor

Some kernel extensions only work with certain versions of Mac OS X and can prevent users from booting desktops after OS updates. Admins must troubleshoot this issue by searching through all of the OS’ kext files and determining which non-Apple kext file is causing the issue, as Apple automatically trusts kext files that have its developer ID.

“The kextless approach prevents a lot of issues that our current endpoint manager has with macOS updates,” said Brian Bocklett, IT engineer at Intercontinental Exchange, a financial services company in Atlanta, Ga.

Jamf Protect will also provide visibility into an organization’s entire macOS fleet. Admins can view the status of macOS devices’ security configurations and settings in the Insights tab of Jamf Protect and compare this data to endpoint security standards published by the Center for Internet Security (CIS).

Jamf Protect screenshot
Jamf Protect’s Insights tab

Michael Stover, a desktop engineer at Home Advisor, which has roughly a 90-10 split on Windows and macOS devices, said that macOS visibility is a common compliance issue.

“The CIS benchmarks are probably the biggest selling point for us,” he said. “It would be game-changing to see all that configuration data in one place and compare it to the benchmarks.”

The behavioral analysis style of macOS threat detection also drew some interest from JNUC 2019 attendees. This approach to malware detection identifies actions that files or software try to execute and searches for anomalies. If Jamf Protect finds instances of a phantom click, a common malware tactic, it can alert IT professionals to the suspicious behavior.

Jamf Protect forgoes attempts to recognize specific instances of malware; instead it recognizes the actions of potentially malicious software. Jamf Protect also detects software with an unfamiliar developer ID attempting to access data, install additional software or take actions that could invite malware onto a desktop.

“You don’t need to have every bank robber’s photo to know that someone running into a bank with a ski mask and a weapon is trying to rob that bank,” McIntyre said. 

Still, some aspects of Jamf Protect gave macOS admins pause, including the behavior analysis style of threat detection. In a Q&A after the Jamf Protect session ended, several attendees asked if the tool provides a more proactive approach for threat prevention and if Jamf Protect had any way to prevent false positives before they happen.

Spotify, for example, includes the suspicious phantom clicks as part of its UI, so users running Spotify could generate false positives. IT professionals can add exceptions to the behavioral analysis with Spotify and other similar cases, but it’s difficult to anticipate every exception they’ll need to add.

Additionally, some organizations require security standards far stricter than those of the CIS, and Jamf Protect doesn’t allow organizations to add their own benchmarks or customize the CIS benchmarks.

Jamf Protect is generally available as a paid subscription service for commerical U.S. customers, according to Jamf.

Go to Original Article
Author:

HP’s purchase of endpoint security vendor Bromium a win for IT

HP Inc. plans to acquire Bromium Inc., an endpoint security vendor that uses microvirtualization technology to isolate threats from untrusted sources.

Bromium, founded by Gaurav Banga, Simon Crosby and Ian Pratt in 2010, is known for its Microvisor software, which uses hardware virtualization to launch a virtual machine for every browser tab or email attachment opened. The idea is to trap malicious code before it can infect a user’s machine.

Analysts called the acquisition unsurprising. Not only has HP been reselling Bromium software as Sure Click since 2017, but the endpoint security vendor market has been in the throes of rapid consolidation. Just last month, VMware and Broadcom acquired Carbon Black and Symantec, respectively.

Analysts also labeled the news a good thing for IT admins. Brad LaPorte, an analyst at Gartner specializing in endpoint security and threat intelligence, said a deal like this “is a multiplier” for those in charge of HP devices.

“When you roll out a fleet of HP laptops, you’ll already have a centralized agent that is secure by default, which will greatly reduce the number of agents you have to install and manage,” he said. “The added security will also mean fewer alerts because your attack surface has been greatly reduced.”

But, he cautioned, while HP is headed in the right direction, not every company will benefit from the acquisition and there are steps HP still needs to take to round out its security program.

HP’s response to Dell

LaPorte described the acquisition as a safe bet for HP, one that could help the company stay relevant. “This is a play to compete against Dell’s Endpoint Security Suite that it’s had for a couple of years now,” he said.

Eric Parizo, senior analyst at Ovum, also pointed to the Dell rivalry as rationale behind the acquisition. He ticked off Dell’s growing endpoint security capabilities, which include its RSA NetWitness Endpoint security product, its ownership of managed security services provider SecureWorks, and its more recent go-to-market partnership with CrowdStrike.

Although Dell still has more [endpoint security] options, now at least, HP can say it has a viable alternative.
Eric ParizoSenior analyst, Ovum

“HP needed additional endpoint security technology to bolster the capabilities it can provide as a technical solution to secure its PCs and laptops, but also as a bundling option to increase the size of its sales opportunities,” Parizo said. “This move also helps counter the perception that Dell has more to offer in the way of endpoint security. Although Dell still has more options, now at least, HP can say it has a viable alternative.”

By acquiring rather than reselling the technology, HP can build out the Bromium functionality, something Paula Musich, security and risk management research director at Enterprise Management Associates Inc., fully expects to see.

“HP hasn’t offered a roadmap for where they plan to take the acquired technology, but it wouldn’t be a huge surprise to see them eventually extend the technology to HP’s vast printer portfolio,” she said. “Internet-connected printers are a target for attackers, and there’s a potentially huge addressable market in adapting the technology to HP printers.”

If Musich’s theory becomes practice, IT admins would benefit by having “a single source for protecting both printers and PCs/laptops,” she said.

Even in the short term, the acquisition will help IT admins better manage HP laptops and PCs, as well as provide an added layer of security. Bromium provides security “from the user in versus the network out,” said Zeus Kerravala, founder and principal analyst at ZK Research in Boston.

“The more distributed computing becomes and the more we do more things on more devices in more places, the more something like Bromium is needed,” he said.

LaPorte described Bromium as an endpoint security vendor whose product operates on a pre-OS layer, or hardware layer, rather than post-OS layer. Investing in such products is HP’s — and Dell’s, for that matter — attempt at getting ahead of attacks that target deeper layers of the computing stack.

‘Too many pizza shops’

Although the dollar figure HP will pay for Bromium was not disclosed, LaPorte described the acquisition as a likely cheap bet for HP. In a 2016 attempt to secure funding, Bromium’s valuation was cut almost in half; its growth and profitability had recently been in the single digits.

But the acquisition may not be a good fit for everyone. LaPorte said companies that use a golden image, or a preconfigured template for virtual machines, may miss out on the benefits that an endpoint security product provides. “When you remove these features to meet specific organizational needs, you are sacrificing security in lieu of efficiency,” he said. “Buyers need to consider these requirements before purchasing.”

And the buy still leaves HP’s security services and endpoint detection and response functionality lacking, especially compared to Dell. LaPorte believes HP will take its next steps in these areas.

On the whole, LaPorte expects consolidation of the endpoint security vendor market to continue on a weekly if not multiweekly basis. “There are too many pizza shops and not enough people buying pizza,” he said simply.

Clear leaders, such as CrowdStrike and Microsoft, control a significant portion of the market share, making it difficult for other endpoint security vendors to find decent footing in the market, according to LaPorte.

“The market share for the people who are not the leaders in this space is going down exponentially,” he said.

Although he has little insight into the Bromium acquisition, Steve Athanas, associate CIO of system architecture at UMASS Lowell and VMUG president, said it’s a market he is keeping an eye on.

“I’m very interested to see how this wave of security acquisitions and consolidation plays out,” he said.

Go to Original Article
Author:

Carbon Black acquisition bolsters VMware’s security play

VMware is continuing a string of acquisitions with the purchase of Carbon Black, an endpoint security company, with the aim of providing more secure cloud offerings.

The Carbon Black acquisition will be an all-cash transaction for $26 per share, which is a company valuation of $2.1 billion. VMware expects the acquisition to close in the second half of VMware’s fiscal year 2020, ending Jan. 31.

In VMware’s Q2 2020 earnings call, CEO Patrick Gelsinger noted that his company has been working with Carbon Black for the past two years on VMware’s AppDefense product, and said that time has been a way of “de-risking this acquisition” and “building a shared go-to-market with them.”

Gelsinger told reporters during the earnings call that the Carbon Black acquisition will address security challenges “as businesses move applications to the cloud and access it over distributed networks and from a diversity of endpoints.” He added that the acquisition will lead to integration through VMware’s “extensive endpoint footprint” and create a unified workspace solution covering both endpoint management and endpoint security. VMWare also plans to leverage partnerships with Dell and SecureWorks to “accelerate the adoption of Carbon Black in the enterprise.”

Gelsinger acknowledged that part of the impetus for the Carbon Black acquisition is due to VMWare’s plan to build a security cloud platform.

“Together VMware and Carbon Black we think will uniquely provide customers advanced threat detection, in-depth app behaviors, insight to prevent sophisticated attacks and accelerate responses across that platform,” Gelsinger said. “This idea of individual products that are bolted on and patched on is just ineffective for customers.”

The Carbon Black acquisition follows other moves by VMware to strengthen its presence in the security industry. Earlier this week, the company acquired Intrinsic, a startup focused on application runtime security, for an undisclosed amount and also confirmed its $1.45 billion purchase of software development firm Pivotal.

In addition to those deals and other security acquisitions this year, VMware introduced its Service-defined Firewall at RSA Conference 2019; the product is designed to secure traffic within a distributed environment by permitting only “known good” behavior of applications while blocking all other activity. At the conference, Gelsinger hinted at a larger cybersecurity play for VMware while criticizing the “nightmare” state of the market, which he said was overwhelmed with too many products that were chasing specific threats instead of reducing attack surfaces.

Gelsinger echoed those comments during VMware’s earnings call Thursday evening and said his company plans to fundamentally “fix” the security market. “As enterprises increasingly become digital, cyber security and protection of enterprise apps, data network endpoints and identity … is a primary concern across the C-suite and boards,” he said. “Yet, as I have said before, the current cyber security industry is simply broken and ineffective with a plethora of fragmented tools, bloatware agents and no cohesive platform architecture.”

Gelsinger added that current market disruptions, which are affecting “legacy players,” have opened up an opportunity for VMware. “We’re out to change the security industry,” he said.

Analyst response

Josh Zelonis, principal analyst serving security and risk professionals at Forrester, said rather than changing the security industry, VMWare’s Carbon Black acquisition was confirmation of a larger trend already under way.

“EDR is traditionally endpoint detection and response and traditional endpoints are workstations and laptops. This acquisition is part of a growing trend in the industry to make it something much bigger than that,” Zelonis told SearchSecurity. “What VMWare is doing is they’re now allowing you to build EDR products by default in all your virtual machines. So all your workloads that you’re managing through VMWare can now instantly be benefitting from what is essentially the logging and detection of an EDR product.”

J. Craig Lowery, a vice president analyst at Gartner, said the Carbon Black acquisition aligns with the strategy VMware set out on several years ago.

“[VMWare is] moving from a legacy virtualization business to a new business in cloud management software and services, specifically with an eye towards cloud-native solutions built on containers,” Lowery told SearchSecurity. “However, there are serious challenges to this strategy, as even these new additions to VMware’s portfolio will not likely significantly increase VMware’s appeal to developers. It will, however, be meaningful for those VMware customers that are looking for a more conservative path to cloud-native outcomes.”

Zelonis pointed out that both Palo Alto Networks and Trend Micro have recently started using the XDR branding to imply EDR plus integration with all of their other technologies. He also pointed out that Microsoft has the Intelligent Security Graph, which Zelonis described as tying together “all the intelligence that’s coming in from all their EDR products, all their email products and the Office products, [which] all have application level capabilities for detecting misuse.”

“Big picture is everything is moving toward leveraging this type of detection in every environment in your organization,” Zelonis said. “The bigger trend that everybody needs to look at is how we’re going to be moving forward with the security analytics and the SIEM space to be integrating these point solutions in a better fashion. My hope is to see that these SIEM products become so heavily focused on being able to ingest anything that we’re able to treat everything like a portfolio solution and not a bolt-on.”

Go to Original Article
Author:

Polycom VVX series adds four new desk phones

Polycom has expanded its VoIP endpoint portfolio with the release of four new open SIP phones. The vendor also launched a new cloud-based device management service to help partners provision and troubleshoot Polycom devices.

The release builds upon the Polycom VVX series of IP desk phones. The more advanced models include color LCD displays and gigabit Ethernet ports, unlike any of the previous phones in the Polycom VVX series.

The VVX 150 is the most basic of the new devices. Designed for home offices or common areas, the VVX 150 supports two lines and does not have a USB port or a color display.

The VVX 250 is targeted at small and midsize businesses, with a 2.8-inch color LCD display, HD audio, one USB port and support for up to four lines.

The VVX 350 is for cubicle workers, call centers and small businesses. It has a 3.5-inch color LCD display, two USB ports and support for six lines.

The most advanced of the four new models, the VVX 450, can host 12 lines and comes with a 4.3-inch color LCD display. Polycom said the phones are meant for front-line staff in small and midsize businesses.

The new phones rely on the same unified communications software as the rest of the Polycom VVX series, which should simplify the certification process for service providers, Polycom said. 8×8, Nextiva and The Voice Factory were the first voice providers to certify the devices.

Unlike traditional propriety phones, open SIP phones can connect to the IP telephony services of a wide range of vendors. This simplifies interoperability for businesses that get UC services from multiple vendors.

Polycom embraces cloud to help sell hardware

Polycom has launched two new cloud services in an attempt to make its hardware more attractive to enterprises and service providers.

Polycom Device Management Service for Service Providers, released this week, gives partners a web-based application for managing Polycom devices. This should help service providers improve uptimes and enhance end-user control panels. Polycom launched a similar service for enterprises earlier this year.

Polycom’s new cloud offering aligns well with the cloud management platform for headsets offered by Plantronics, which acquired Polycom in a $2 billion deal that closed last month. Polycom first announced the cloud services in May, prior to the acquisition being made final.

Eventually, Plantronics may look to combine its cloud management platform with Polycom’s, allowing partners to control phones and headsets from the same application, said Irwin Lazar, analyst at Nemertes Research, based in Mokena, Ill. This would give Plantronics and Polycom an advantage over competitors such as Yealink and AudioCodes.

“The endpoint market is fairly competitive, so wrapping management capabilities around the devices is an attractive means to provide a differentiated offering,” Lazar said.

Endpoint security threats force Windows to adapt

LAS VEGAS — Enterprise applications and data are increasingly moving to the cloud, but the endpoint remains the biggest security risk.

Ransomware, spear phishing and other emerging endpoint threats often fly under the radar of traditional security tools. And as they grow more sophisticated, they can trick even the most vigilant and well-educated user into clicking a malicious link or opening a malware-laden attachment.

In response to these endpoint security threats, Microsoft in Windows 10 has embraced the concept of micro-virtualization, which isolates applications and other system processes from each other. That way, if one process falls victim to an attack, it doesn’t affect the rest of the PC or the corporate network at large.

Microsoft also partners with Bromium, which developed micro-virtualization, to extend the technology’s capabilities further into Windows. In an interview at VMworld, Bromium co-founders Ian Pratt and Simon Crosby discuss that partnership and explain how organizations can protect themselves against emerging endpoint security threats. 

Is the hype around ransomware real?

Ian Pratt: The whole point of ransomware is that it announces its presence and demands money. If you think about it, it’s the easiest kind of thing to detect.

The malware which tries to be stealthy — hides in your machine, steals your intellectual property or credit card data or patient records — typically those kinds of attacks have far more cost to the organization.

It’s really kind of odd that so much of the behaviors are being driven around ransomware. It’s drawing attention away from bigger risks.

What are the major challenges your customers are facing?

Pratt: Windows is their biggest challenge, not because Windows is worse from a security point of view, but because it’s most attacked. That’s where most organizations’ intellectual property lives.

Blaming users … is ridiculous.
Ian Prattpresident, Bromium

It’s an impossible problem trying to secure Windows and all the applications. They’re just way too big of an attack surface. [Windows is] pushing 150 million lines of code, much of it written in the 1980s, when security was not what people focused on.

Simon Crosby: Out there on PCs, [organizations are] still doing arcane, silly stuff. A huge amount of the challenge is on legacy PCs.

What have been the effects of your partnership with Microsoft?

Crosby: The core capabilities of micro-virtualization are being adopted into Hyper-V, both on the Windows 10 client but also Windows Server. On the client side, in Windows 10, if you are running an enterprise license and you’re on the right hardware, then a couple of key Windows services move out of the operating system and into micro VMs. In particular, there is a service that manages locally maintained passwords and their hashes on the host. The goal there is to make the Windows kernel and progressively more and more applications protected and distrusted from each other.

How important is it to educate users about phishing and ransomware, compared to addressing these endpoint threats from a technical perspective?

Pratt: Blaming users, or hoping users will spot this stuff, is ridiculous. Some of the spear phishing attacks we’ve seen have been so well-crafted. We saw one, and the domain was a misspelling of Bromium. But if you looked at it, [you wouldn’t immediately notice]. You need to make it so that the user can click with confidence.

How can organizations find the right balance between security and user productivity?

Crosby: Why did [organizations] get more and more permissive on iPhones? Because they were actually pretty good with security. We see a lot of overly reactive stuff. ‘Let’s close everything down.’ That just isn’t the way forward, because ultimately users have to be productive and they’ll find a way around, and that’ll be a security loophole and the bad guy will find a way in again.

Symantec Endpoint Protection and the details for buyers to know

Symantec Endpoint Protection is a client-server software platform that provides layered security for physical and virtual endpoints aimed at environments with more than 250 users.

A similar product, Symantec Endpoint Protection Small Business Edition, is designed for smaller environments with more limited administrative support. A cloud-based version — Symantec Endpoint Protection Cloud — is also available for small to medium-sized organizations.

This article focuses on version 14 of Symantec Endpoint Protection.

Feature set

Symantec Endpoint Protection includes antivirus and antimalware, a firewall and intrusion prevention component, host integrity checking, external media control, application control, network access control, and website browsing protection. Behavioral monitoring uses machine learning to prevent most zero-day attacks, as well as to stop the spread of an infection if an attack breaches network or system security. The Power Eraser component enables administrators to scan an endpoint from the management console to remove an infection remotely, and System Lockdown handles application whitelisting and blacklisting.

Endpoint Protection does not protect mobile devices, and Endpoint Protection Small Business Edition does not include email protection, application control or support for virtual environments.

The Symantec Global Intelligence Network, one of the largest of its kind, analyzes data from hundreds of millions of users and sensors and works with Symantec’s Insight and SONAR (Symantec Online Network for Advanced Response) technologies to identify and categorize current threats.

To increase performance, Endpoint Protection uses scan elimination and deduplication techniques to reduce the number of files it must scan on each pass. Additional Endpoint Protection features then prevent malware and other threats from affecting customer endpoints.

Platform coverage

Symantec Endpoint Protection supports Microsoft Windows Vista through Microsoft Windows 10 client systems, macOS and several Linux distributions. Supported server systems include Microsoft Windows Server 2008 through Server 2016, Microsoft Windows Essential Business Server, Microsoft Windows Small Business Server and several flavors of Linux (Red Hat Linux Enterprise and SUSE Linux Enterprise, among others).

For virtual environments, the solution supports Amazon WorkSpaces, Citrix XenServer, VMware vSphere Server (ESXi), VMware ESX, Windows Azure, Microsoft Hyper-V and VirtualBox by Oracle.

Symantec Endpoint Protection Small Business Edition does not support Linux operating systems, virtual environments or mobile.

Performance

In tests conducted by AV-Test in November and December 2016 on Windows 10, Symantec Endpoint Security 14 scored 17 out of 18 when evaluated for protection, performance and usability.

The highest-ranking products during that period were Kaspersky Small Office Security and Bitdefender Endpoint Security, which both scored 18. Symantec Endpoint Security won the AV-Test Best Protection 2016 award for delivering outstanding protection performance.

Manageability

Symantec Endpoint Protection for on-premises includes a management console that runs on a server and pushes agent software to each client. Administrators can view and manage Windows, Mac, Linux and virtual machine clients and make policy configurations using the console.

Small Business Edition works similarly, but is designed for easier setup and administration. This product enables customers to use a cloud-based host, or to install the management console on an on-premises server.

Pricing and licensing

Symantec Endpoint Protection products are licensed per endpoint with essential support included. Customers can purchase licenses online at the Symantec Store or through a partner for quantities higher than those offered online. The following table lists the manufacturer’s suggested retail price per license; additional quantities are available at special pricing. Symantec offers a 45-day money-back guarantee on Endpoint Protection purchases.

Licensing and pricing

A free, fully functioning 30-day trial of Symantec Endpoint Security or Endpoint Protection Small Business Edition is available from each product’s respective website.

Support

General support for Symantec Endpoint Protection includes access to the company’s online knowledge base, eLibrary, support videos, a community forum, the SymDiag diagnostic tool, product documentation, and downloadable updates and upgrades.

Endpoint Protection customers may open a support ticket by visiting Symantec’s technical support website or by contacting a Symantec support technician by telephone 24/7. Paid support plans, which include direct access to support engineers, faster response times and so on, are available through Symantec resellers.

Support for Small Business Edition includes maintenance, service updates and 24/7 telephone support.

Powered by WPeMatico

Microsoft ReFS tuned for Hyper-V, but be aware of hazards

While Microsoft’s New Technology File System has long served as the cornerstone of endpoint and server-side data…

“;
}
});

/**
* remove unnecessary class from ul
*/
$(“#inlineregform”).find( “ul” ).removeClass(“default-list”);

/**
* Replace “errorMessageInput” class with “sign-up-error-msg” class
*/
function renameErrorMsgClass() {
$(“.errorMessageInput”).each(function() {
if ($(this).hasClass(“hidden”)) {
$(this).removeClass(“errorMessageInput hidden”).addClass(“sign-up-error-msg hidden”);
} else {
$(this).removeClass(“errorMessageInput”).addClass(“sign-up-error-msg”);
}
});
}

/**
* when validation function is called, replace “errorMessageInput” with “sign-up-error-msg”
* before return
*/
function validateThis(v, form) {
var validateReturn = urValidation.validate(v, form);
renameErrorMsgClass();
return validateReturn;
}

/**
* DoC pop-up window js – included in moScripts.js which is not included in responsive page
*/
$(“#inlineRegistration”).on(“click”,”a.consentWindow”, function(e) {
window.open(this.href, “Consent”, “width=500,height=600,scrollbars=1”);
e.preventDefault();
});

storage, the venerable technology is showing its age in the face of evolving compute and data storage demands.

In Windows Server 2012 and later releases, Microsoft added the Resilient File System (ReFS) to overcome some of the limitations with NTFS. Microsoft ReFS can increase resiliency and performance for storage volumes, but there are some drawbacks.

Microsoft ReFS isn’t fully compatible with NTFS — this can leave some enterprise utilities, services and workloads without proper support at the storage volume level. Measure the benefits and drawbacks to Microsoft ReFS before deploying this file system on storage systems.

ReFS vs. NTFS

Microsoft created ReFS to address the performance and integrity issues that have plagued the NTFS.

Microsoft created ReFS to address the performance and integrity issues that plagued NTFS. For example, disks formatted with NTFS require an administrator to manually run the chkdsk utility to check and repair disk errors. The reality of modern multi-terabyte storage arrays makes it impractical to take storage resources offline for granular, time-consuming troubleshooting sessions. Enterprises on storage hardware that use NTFS have adapted to its shortcomings by purchasing systems that provide data protection, integrity checking and redundancy.

Microsoft ReFS includes native features, including automatic integrity checks and data scrubbing. A system that runs on ReFS takes corrective action before an error manifests; it’s particularly effective when businesses use ReFS on mirrored (RAID 1) or parity (RAID 5 or RAID 6) volumes. These self-healing properties eliminate the need to run disks through a chkdsk maintenance schedule.

Microsoft ReFS works in conjunction with Storage Spaces — the software-defined feature that builds storage pools — to duplicate data during disk writes for better data resilience without a separate copy process. Microsoft ReFS supports long paths and file names, and it adds better support for storage virtualization and pooling — critical for software-defined data centers.

In addition to the protection measures, Microsoft ReFS received several enhancements to improve storage performance in Windows Server 2016, which include high-speed redeploying, reordering and cloning of blocks between files. Block cloning is particularly effective for virtualization to supply faster provisioning, file merges and storage performance tiering.

Microsoft ReFS in Windows Server 2016 includes parallelization, monitoring of unallocated space and a redo log for synchronous disk writes. The 2016 version collects small random writes and commits them to disk as a single larger write, which is far more efficient on I/O, targeting highly virtualized systems that can compete for storage I/O.

Limitations of Microsoft ReFS

ReFS can help organizations with large storage volumes improve resilience and performance.

ReFS handles a maximum volume size of 1 yobibyte — equivalent to 1.2 trillion terabytes — and supports a maximum file size of 16 exbibytes — or 1.1 million terabytes. Despite these advantages over NTFS, administrators should be aware of some limitations before Microsoft ReFS enters production.

Windows cannot boot from a ReFS volume. A Windows Server 2016 system needs an NTFS volume to boot and then uses the ReFS volumes for workload storage. ReFS also abandons some commonplace NTFS features such as traditional 8.3 filename structures, compression, Encrypting File System, extended attributes and disk quotas.

ReFS does not use data deduplication and Microsoft only added support for alternate data streams up to 128 KB with Windows 8.1 and Windows Server 2012 R2. ReFS is also unsuitable for removable storage devices.

A Microsoft ReFS volume could become inaccessible in certain scenarios. For example, a thin-provisioned ReFS volume can fail when used with Storage Spaces if the physical disks are near capacity. Also, because Storage Spaces handles blocks and ReFS handles files, ReFS might not reliably recover file errors.

Microsoft designed ReFS without tools for ReFS volume repair or recovery. If a fault occurs, the only option is to restore from a backup.

ReFS might not suit all data center tasks. Workloads or utilities that depend on NTFS capabilities might not work properly on ReFS volumes. For example, Windows Deployment Services requires NTFS to operate.

Microsoft ReFS future and appropriate uses

Until Microsoft can add key functionality, such as the ability to boot into Windows with an ReFS volume, ReFS might remain a niche technology. Administrators can use it for storage tasks where the file system’s unique benefits, such as resiliency and performance improvements, would be most effective — especially for virtual machines.

Currently, Microsoft ReFS is perhaps the best match for deployment scenarios that use Storage Spaces Direct, a feature in the Datacenter edition of Windows Server 2016 to build high-availability clusters with local direct-attached storage. Highly virtualized environments that use Hyper-V would benefit from using ReFS because of the performance optimizations for virtual hard disk and VHDX VMs.

While ReFS can be a solid foundation for many workload deployments based on Hyper-V, the lack of deduplication support might cause some organizations to avoid ReFS. In a VDI deployment that needs storage deduplication, expect to use NTFS.

The data integrity features of ReFS suit archival storage well. ReFS coupled with Storage Spaces provides even greater resiliency for critical, long-term data storage tasks.

ReFS isn’t a fit for everything. It doesn’t work on domain controllers; Microsoft does not recommend using a ReFS volume to store an Active Directory database, log files or the sysvol folder that resides on each domain controller within the domain. SQL Servers administrators can’t run tools such as DBCC CHECKDB or generate snapshots.

Next Steps

Is Microsoft ReFS a replacement for data backup?

The administrator’s essential guide to Windows Server 2016

Storage Spaces Direct is an inexpensive storage option

Powered by WPeMatico