Hardening changes in DCOM were required for CVE-2021-26414. Therefore, we recommended that you verify if client or server applications in your environment that use DCOM or RPC work as expected with the hardening changes enabled.
To address the vulnerability described in CVE-2021-26414, you must install updates released September 14, 2021 or later and enable the registry key described below in your environment. We recommended that you complete testing in your environment and enable these hardening changes as soon as possible. If you find issues during testing, you must contact the vendor for the affected client or server software for an update or workaround before early 2022.
Note We recommend that you update your devices to the latest security update available to take advantage of the advanced protections from the latest security threats.
Timeline
Update release
Behavior change
June 8, 2021
Hardening changes disabled by default but with the ability to enable them using a registry key.
June 14, 2022
Hardening changes enabled by default but with the ability to disable them using a registry key.
March 14, 2023
Hardening changes enabled by default with no ability to disable them. By this point, you must resolve any compatibility issues with the hardening changes and applications in your environment.
Registry setting to enable or disable the hardening changes
During the timeline phases in which you can enable or disable the hardening changes for CVE-2021-26414, you can use the following registry key:
Value Name: “RequireIntegrityActivationAuthenticationLevel”
Type: dword
Value Data: default = 0x00000000 means disabled. 0x00000001 means enabled. If this value is not defined, it will default to enabled.
Note You must enter Value Data in hexadecimal format.
Important You must restart your device after setting this registry key for it to take effect.
Note Enabling the registry key above will make DCOM servers enforce an Authentication-Level of RPC_C_AUTHN_LEVEL_PKT_INTEGRITY or higher for activation.
Note This registry value does not exist by default; you must create it. Windows will read it if it exists and will not overwrite it.
New DCOM error events
To help you identify the applications that might have compatibility issues after we enable DCOM security hardening changes, we added new DCOM error events in the System log; see the tables below. The system will log these events if it detects that a DCOM client application is trying to activate a DCOM server using an authentication level that is less than RPC_C_AUTHN_LEVEL_PKT_INTEGRITY. You can trace to the client device from the server-side event log and use client-side event logs to find the application.
Server events
Event ID
Message
10036
“The server-side authentication level policy does not allow the user %1\%2 SID (%3) from address %4 to activate DCOM server. Please raise the activation authentication level at least to RPC_C_AUTHN_LEVEL_PKT_INTEGRITY in client application.”(%1 – domain, %2 – user name, %3 – User SID, %4 – Client IP Address)
Client events
Event ID
Message
10037
“Application %1 with PID %2 is requesting to activate CLSID %3 on computer %4 with explicitly set authentication level at %5. The lowest activation authentication level required by DCOM is 5(RPC_C_AUTHN_LEVEL_PKT_INTEGRITY). To raise the activation authentication level, please contact the application vendor.”
10038
“Application %1 with PID %2 is requesting to activate CLSID %3 on computer %4 with default activation authentication level at %5. The lowest activation authentication level required by DCOM is 5(RPC_C_AUTHN_LEVEL_PKT_INTEGRITY). To raise the activation authentication level, please contact the application vendor.”(%1 – Application Path, %2 – Application PID, %3 – CLSID of the COM class the application is requesting to activate, %4 – Computer Name, %5 – Value of Authentication Level)
Availability
These error events are only available for a subset of Windows versions; see the table below.
Exactly how vulnerable is VMware infrastructure to Ransomware?
Historically and like most malware, ransomware has been targeting Windows operating systems primarily. However, cases of Linux and MacOS being infected are being seen as well. Attackers are being more proficient and keep evolving in their attacks by targeting critical infrastructure components leading to ransomware attacks on VMware ESXi. In this article, you’ll learn how Ransomware targets VMware infrastructure and what you can do to protect yourself.
What is Ransomware?
Ransomware are malicious programs that work by taking the user’s data hostage in exchange for a hefty ransom.
There are essentially 2 types of Ransomware (arguably 3):
Crypto Ransomware: Encrypts files so that the user cannot access them. This is the one we are dealing with in this blog.
Locker Ransomware: Lock the user out of his computer by encrypting system files.
Scareware: Arguably a third type of ransomware that is actually a fake as it only locks the screen by displaying the ransom page. Scanning the system with an Antivirus LiveCD will get rid of it quite easily.
A user computer on the corporate network is usually infected through infected USB drives or social engineering techniques such as phishing emails and shady websites. Another occurrence includes attacking a remote access server publicly exposed through brute-force attacks.
The malware then uses a public key to encrypt the victim’s data, which can span to mapped network drives as well. After which the victim is asked to make a payment to the attacker using bitcoin or some other cryptocurrency in exchange for the private key to unlock the data, hence the term Ransomware. If the victim doesn’t pay in time, the data will be lost forever.
As you can imagine, authorities advise against paying the ransom as there is no guaranty the bad actor will deliver on his end of the deal so you may end up paying the big bucks and not recover your data at all.
Can Ransomware affect VMware?
While infecting a Windows computer may yield a reward if the attacker gets lucky, chances are the OS will simply be reinstalled, no ransom is paid and the company will start tightening security measures. Game over for the bad guys.
Rather than burning bridges by locking a user’s workstation, they now try to make a lateral move from the infected workstation and target critical infrastructure components such as VMware ESXi. That way they hit a whole group of servers at once.
“VMware ESXi ransomware impact all the VMs running on the hypervisor”
From the standpoint of an attacker, infesting a vSphere host, or any hypervisor for that matter, is an “N birds, 1 stone” type of gig. Instead of impacting one workstation or one server, all the virtual machines running on the host become unavailable. Such an attack will wreak havoc in any enterprise environment!
How does a Ransomware Attack Work?
In the case of targeted attacks, the bad actor works to gain remote access to a box in the local network (LAN), usually a user computer, and then make a lateral move to access the management subnet and hit critical infrastructure components such as VMware ESXi.
There are several ways a ransomware attack on VMware ESXi can happen but reports have described the following process.
“The ransomware attack on VMware ESXi described in this blog is broken down into 5 stages”
Stage 1: Access local network
Gaining access to the LAN usually goes either of 2 ways:
A malware is downloaded in a phishing email or from a website. It can also come from an infected USB stick.
The attacker performs a Brute force attack against a remote access server exposed to the internet. This seems more unusual as it involves more resources and knowledge of the target. Brute force attacks are also often caught by DDoS protection mechanisms.
“Ransomware spread through malicious email attachments, websites, USB sticks”
Stage 2: Escalate privileges
Once the attacker has remote access to a machine on the local network, be it a workstation or a remote desktop server, he will try to escalate privileges to open doors for himself.
Several reports mentioned attackers leveraging CVE-2020-1472 which is a vulnerability in how the Netlogon secure channel connections are done. The attacker would use the Netlogon Remote Protocol (MS-NRPC) to connect to a domain controller and gain domain administrator access.
Stage 3: Access management network
Once the bad actors have domain administrator privileges, they can already deal a large amount of damage to the company. In the case of a ransomware attack on VMware ESXi, they will use it to gain access to machines on the management network, in which the vCenter servers and vSphere ESXi servers live.
Note that they might even skip this step if the company made the mistake to give user workstations access to the management network.
Stage 4: VMware ESXi vulnerabilities
When the attackers are in the management network, you can only hope that all the components in your infrastructure have the latest security patches installed and strong password policies. At this point, they are the last line of defense, unless a zero-day vulnerability is being leveraged in which case there isn’t much you can do about it.
Several remote code execution vulnerabilities have been exploited over the last year or so against VMware ESXi servers and vCenter servers.
The two critical vulnerabilities that give attackers access to vSphere hosts relate to the Service Location Protocol (SLP) used by vSphere to discover devices on the same network. By sending malicious SLP commands, the attacker can execute remote code on the host.
CVE-2019-5544: Heap overwrite issue in the OpenSLP protocol in VMware ESXi.
CVE-2020-3992: Use-after-free issue in the OpenSLP protocol in VMware ESXi.
CVE-2021-21985: Although no attack mentions it, we can assume the vCenter Plug-in vulnerability discovered in early 2021 can be a vector of attack as well. Accessing vSphere hosts is fairly easy once the vCenter is compromised.
They can then enable SSH to obtain interactive access and sometimes even change the root password or SSH keys of the hosts.
Note that the attacker may not even need to go through all that trouble if he manages to somehow recover valid vCenter of vSphere credentials. For instance, if they are stored in the web browser or retrieved from the memory of the infected workstation.
Stage 5: Encrypt datastore and request ransom
Now that the attacker has access to the VMware ESXi server, he will go through the following steps to lock your environment for good.
Uninstall Fault Domain Manager or fdm (HA agent) used to reboot VMs in case of failure.
Shut down all the virtual machines.
Encrypt all virtual machine files using an ELF executable, derived from an encrypting script that targets Linux machines. This file is usually named svc-new and stored in /tmp.
Write a ransom file to the datastore for the administrator to find.
Note that there are variations of the ransomware attack on VMware ESXi, which themselves are ever-evolving. Meaning the steps described above represent one way things can happen but your mileage may very well vary.
How to protect yourself from ransomware attacks on VMware ESXi
If you look online for testimonies, you will find that the breach never comes from a hooded IT mastermind in an ill-lit room that goes through your firewalls by frantically typing on his keyboard like in the movies.
The reality is nowhere near as exciting. 9 times out of 10, it will be an infected attachment in a phishing email or a file downloaded on a shady website. This is most often the doing of a distracted user that didn’t check the link and executed the payload without thinking twice.
Ensure at least the following general guidelines are being enforced in your environment to establish a first solid line of defense:
VMware environment-related recommendations
If you need to open internet access on your vCenter, enforce strong edge firewall rules and proxy access to specific domains. Do not expose vCenter on the internet!!! (Yes, it’s been done).
Set VMware ESXi shell and SSH to manual start and stop.
Don’t use the same password on all the hosts and out-of-band cards.
Some recommend not to add Active Directory as an Identity Source in vCenter Server. While this certainly removes a vector of attack, configuring Multi-Factor Authentication also mitigates this risk.
Industry standards
Educate your users and administrators through educational campaigns.
Ensure the latest security patches are installed as soon as possible on all infrastructure components as well as backups servers, workstations…
Segregate the management subnets from other subnets.
Connect to the management network through a jump server. It is critical that the jump server must:
Be secured and up to date
Accessible only through Multifactor authentication (MFA)
Must only allow a specific IP range.
Restrict network access to critical resources only to trained administrators.
Ensure AD is secured and users/admins are educated on phishing attacks.
Apply least privilege policy.
Use dedicated and named accounts.
Enforce strong password policies.
Segregate Admin and Domain admin accounts on AD.
Log out users on inactivity on Remote Desktop Servers.
Don’t save your infrastructure password in the browser.
Use Multi-Factor Authentication (MFA) where possible, at least on admin accounts.
Forward infrastructure logs to a Syslog server for trail auditing.
Ensure all the workstations and servers have a solid antivirus with regularly updated definitions.
Where do backups fit in all this?
While there are decryption tools out there, they will not always work. In fact, they almost never will.
Restoring from backup is essentially the only way known to date that you can use to recover from a ransomware attack on VMware ESXi. You can use Altaro VM Backup to ensure your environment is protected.
Because attackers know this well, they will try to take down the backup infrastructure and erase all the files so your only option left is to pay the ransom. Which, as mentioned previously, is no guaranty that you get your files back.
Because of it, it is paramount to ensure your backup infrastructure is protected and secure by following best practices:
Avoid Active Directory Domain integration or use multi-factor authentication (MFA).
Do not use the same credentials for access to the VMware and Backup infrastructures.
NIST controls for data integrity (National Institute of Standards and Technology)
VMware documents solutions for combatting ransomware by incorporating the National Institute of Standards and Technology (NIST) controls specific to data integrity. You can find VMware’s recommendations and implementation of the NIST in this dedicated document:
“National Institute of Standards and Technology logo”
The NIST framework is broken down into 5 functions:
In the VMware document linked above, you will find Detect, Protect and Respond recommendations that apply to various environments such as private cloud, hybrid cloud or end-user endpoints.
So How Worried Should I be?
Ransomware have always been one of the scary malware as they can deal a great amount of damage to a company, up to the point of causing some of them to go into bankruptcy. However, let us not get overwhelmed by these thoughts as you are not powerless against them. It is always best to act than to react.
In fact, there is no reason for your organization to get hit by a ransomware as long as you follow all the security best practices and you don’t cut corners. It might be tempting at some point to add an ALLOW ALL/ALL firewall rule to test something, give a user or service account full admin rights, patch a server into an extra VLAN or whatever action you know for a fact would increase your security officer’s blood pressure. In such a case, even if there is a 99.9% chance things are fine, think of the consequences it could have on the company as a whole should you hit that 0.1% lurking in the back.
If you are reading this and you have any doubts regarding the security of your infrastructure, run a full audit of what is currently in place and draw a plan to bring it into compliance with the current industry best practices as soon as possible. In any case, patch your systems as soon as possible, especially if you are behind!
The Internet of Things (IoT) is here, and we’re using it for everything from getting instant answers to random trivia questions to screening visitors at the door. According to Gartner, we were expected to use more than 25 billion internet-connected devices by the end of 2021. But as our digital lives have become more convenient, we might not yet have considered the risks involved with using IoT devices.
How can you keep yourself secure in today’s IoT world, where hackers aim to outsmart your smart home? First we’ll look at how hackers infiltrate the IoT, and then we’ll look at what you can do right now to make sure the IoT is working for you – not against you.
How hackers are infiltrating the Internet of Things
While we’ve become comfortable asking voice assistants to give us the weather forecast while we prep our dinners, hackers have been figuring out how to commandeer our IoT devices for cyber attacks. Here are just a few examples of how cyber criminals are already infiltrating the IoT.
Gaining access to and control of your camera
Have you ever seen someone with a sticker covering the camera on their laptop or smartphone? There’s a reason for that. Hackers have been known to gain access to these cameras and spy on people. This has become an even more serious problem in recent years, as people have been relying on videoconferencing to safely connect with friends and family, participate in virtual learning, and attend telehealth appointments during the pandemic. Cameras now often come with an indicator light that lets you know whether they’re being used. It’s a helpful protective measure, but not a failsafe one.
Using voice assistants to obtain sensitive information
According to Statista, 132 million Americans used a digital voice assistant once a month in 2021. Like any IoT gadget, however, they can be vulnerable to attack. According to Ars Technica, academic researchers have discovered that the Amazon Echo can be forced to take commands from itself, which opens the door to major mischief in a smart home. Once an attacker has compromised an Echo, they can use it to unlock doors, make phone calls and unauthorized purchases, and control any smart home appliances that the Echo manages.
Many bad actors prefer the quiet approach, however, slipping in undetected and stealing information. They can piggyback on a voice assistant’s privileged access to a victim’s online accounts or other IoT gadgets and make off with any sensitive information they desire. With the victim being none the wiser, the attackers can use that information to commit identity fraud or stage even more ambitious cyber crimes.
Hacking your network and launching a ransomware attack
Any device that is connected to the internet, whether it’s a smart security system or even a smart fridge, can be used in a cyber attack. Bad actors know that most people aren’t keeping their IoT gadgets’ software up to date in the same way they do their computers and smartphones, so they take advantage of that false sense of security. Once cyber criminals have gained access to an IoT device, they can go after other devices on the same network. (This is because most home networks are designed to trust devices that are already connected to them.) When these malicious actors are ready, they can launch a ransomware attack that brings your entire digital life to a halt – unless you agree to fork over a hefty sum in bitcoin, that is.
Using bots to launch a DDOS attack
Although most people never notice it, hackers can and do infect IoT devices with malware en masse, gaining control over them in the process. Having turned these zombie IoT devices into bots, the hackers then collectively use them to stage what’s called a botnet attack on their target of choice. This form of assault is especially popular for launching distributed denial of service (DDOS) attacks, in which all the bots in a botnet collectively flood a target with network requests until it buckles and goes offline.
How you can keep your Internet of Things gadgets safe from hackers
So how can you protect your IoT devices from these determined hackers? Fortunately, you can take back control by becoming just a little more cyber smart. Here are a few ways to keep your IoT gadgets safe from hackers:
Never use the default settings on your IoT devices. Although IoT devices are designed to be plug-and-play so you can start enjoying them right away, their default settings are often not nearly as secure as they should be. With that in mind, set up a unique username and strong password combination before you start using any new IoT technology. While you’re at it, see if there’s an option to encrypt the traffic to and from your IoT device. If there is, turn it on.
Keep your IoT software up to date. Chances are, you regularly install the latest software updates on your computer and phone. Hackers are counting on you to leave your IoT gadgets unpatched, running outdated software with vulnerabilities they can exploit, so be sure to keep the software on your IoT devices up to date as well.
Practice good password hygiene. We all slip into bad password habits from time to time – it’s only human – but they put our IoT security at risk. With this in mind, avoid re-using passwords and be sure to set unique, strong passwords on each of your IoT devices. Update those passwords from time to time, too. Don’t store your passwords in a browser, and don’t share them via email. A password manager can help you securely store and share your passwords, so hackers never have a chance to snatch them.
Use secure, password-protected WiFi. Cyber criminals are notorious for sneaking onto open, insecure WiFi networks. Once they’re connected, they can spy on any internet activity that happens over those networks, steal login credentials, and launch cyber attacks if they feel like it. For this reason, make sure that you and your IoT devices only use secure, password-protected WiFi.
Use multi-factor authentication as an extra layer of protection. Multi-factor authentication (MFA), gives you extra security on top of all the other measures we mentioned above. It asks you to provide one more credential, or factor, in addition to a password to confirm you are who you say you are. If you have MFA enabled and a hacker tries to log in as you, you’ll get a notification that a login attempt is in progress. Whenever you have the option to enable MFA on any account or technology, take advantage of it.
Protect your Internet of Things devices with smart password security
The IoT is making our lives incredibly convenient, but that convenience can be a little too seductive at times. It’s easy to forget that smart home devices, harmless-looking and helpful as they are, can be targeted in cyber attacks just like our computers and phones. Hackers are counting on you to leave your IoT gadgets unprotected so they can use them to launch damaging attacks. By following these smart IoT security tips, you can have the best of both worlds, enjoying your smart life and better peace of mind at the same time.
Learn how LastPass Premium helps you strengthen your password security.
QR codes link the offline to the online. What started as a way to streamline manufacturing in the automotive industry is now a widespread technology helping connect the physical world to digital content. And as the world embraced remote, no-touch solutions during the Covid pandemic, QR codes became especially popular. QR codes offer convenience and immediacy for businesses and consumers, but cybercriminals also take advantage of them. Here’s what you need to know about QR codes and how to stay safe when using them.
Why QR codes?
Due to their size and structure, the two-dimensional black and white barcodes we call QR codes are very versatile. And since most people carry a smartphone everywhere, they can quickly scan QR codes with their phone’s camera. Moreover, since QR codes are relatively easy to program and accessible for most smartphone users, they can be an effective communication tool.
They also have many uses. For example, QR codes may link to a webpage, start an app or file download, share contact information, initiate a payment, and more. Covid forced businesses to be creative with touchless experiences, and QR codes provide a convenient way to transform a physical touchpoint into a digital interaction. During Covid, QR codes became a popular way to look at restaurant menus, communicate Covid policies, check in for an appointment, and view marketing promotions, among other scenarios.
As a communication tool, QR codes can transmit a lot of information from one person to another, making it easy for someone to take action online and interact further with digital content.
What hackers do with QR codes
QR codes are inherently secure, and no personally identifiable information (PII) is transmitted while you’re scanning them. However, the tricky part about QR codes is that you don’t know what information they contain until you scan them. So just looking at the QR code won’t tell you if it’s entirely trustworthy or not.
For example, cybercriminals may try to replace or sticker over a QR code in a high-traffic, public place. Doing so can trick people into scanning a malicious QR code. Or, hackers might send malicious QR codes digitally by email, text, or social media. The QR code scam might target a specific individual, or cybercriminals may design it to attract as many scans as possible from a large number of people.
Once scanned, a malicious QR code may take you to a phishing website, lead you to install malware on your device, redirect a payment to the wrong account, or otherwise compromise the security of your private information.
In the same way that cybercriminals try to get victims to click phishing links in email or social media, they lure people into scanning a QR code. These bad actors may be after account credentials, financial information, PII, or even company information. With that information, they can steal your identity or money or even break into your employer’s network for more valuable information (in other words, causing a data breach).
Pay attention to context. Where is the code available? What does the code claim to do (e.g., will it send you to a landing page)? Is there someone you can ask to confirm the purpose of the QR code? Did someone send it unprompted? Is it from a business or individual you’ve never heard of? Just like with phishing links, throw it out when in doubt.
Look closely at the code. Some codes may have specific colors or branding to indicate the code’s purpose and destination. Many codes are generic black and white designs, but sometimes there are clues about who made the code.
Check the link before you click. If you scan the QR code and a link appears, double-check it before clicking. Is it a website URL you were expecting? Is it a shortened link that masks the full URL? Is the webpage secure (HTTPS)? Do you see signs of a phishing attack (branding is slightly off, strange URL, misspelled words, etc.)? If it autogenerates an email or text message, who is the recipient and what information is it sending them? If it’s a payment form, who is receiving the payment? Read carefully before taking action.
Practice password security. Passwords and account logins remain one of the top targets of cyber attacks. Stolen credentials give cybercriminals access to valuable personal and financial information. Generate every password for every account with a random password generator, ideally built into a password manager for secure storage and autofill. Following password best practices ensures one stolen password results in minimal damage.
Layer with MFA. Adding multi-factor authentication to logins further protects against phishing attacks that steal passwords. With MFA in place, a hacker still can’t access an account after using a stolen password. By requiring additional login data, MFA can prevent cybercriminals from gaining access to personal or business accounts.
QR codes remain a popular marketing and communication tool. They’re convenient and accessible, so you can expect to encounter them occasionally. Though cyber attacks via QR codes are less common, you should still stay vigilant for signs of phishing and social engineering via QR codes. To prevent and mitigate attacks via QR codes, start by building a solid foundation of digital security with a trusted password manager.
A VMware vSphere environment includes many components to deliver business-critical workloads and services. However, there is a feature of today’s modern VMware vSphere infrastructure that is arguably underutilized – the VMware Content Library. Nevertheless, it can be a powerful tool that helps businesses standardize the workflow using files, templates, ISO images, vApps, scripts, and other resources to deploy and manage virtual machines. So how can organizations manage resources across sites with the VMware Content Library?
What is the VMware Content Library?
Most VI admins will agree with multiple vCenter Servers in the mix, managing files, ISOs, templates, vApps, and other resources can be challenging. For example, have you ever been working on one cluster and realized you didn’t have the ISO image copied to a local datastore that is accessible, and you had to “sneakernet” the ISO where you could mount and install it? What about virtual machine templates? What if you want to have the virtual machine templates in one vCenter Server environment available to another vCenter Server environment?
The VMware Content Library is a solution introduced in vSphere 6.0 that allows customers to keep their virtual machine resources synchronized in one place and prevent the need for manual updates to multiple templates and copying these across between vCenter Servers. Instead, administrators can create a centralized repository using the VMware Content Library from which resources can be updated, shared, and synchronized between environments.
Using the VMware Content Library, you essentially create a container that can house all of the important resources used in your environment, including VM-specific objects like templates and other files like ISO image files, text files, and other file types.
The VMware Content Library stores the content as a “library item.” Each VMware Content Library can contain many different file types and multiple files. VMware gives the example of the OVF file that you can upload to your VMware Content Library. As you know, the OVF file is a bundle of multiple files. However, when you upload the OVF template, you will see a single library entry.
VMware has added some excellent new features to the VMware Content Library features in the past few releases. These include the ability to add OVF security policies to a content library. The new OVF security policy was added in vSphere 7.0 Update 3. It allows implementing strict validation for deploying and updating content library items and synchronizing templates. One thing you can do is make sure a trusted certificate signs the templates. To do this, you can deploy a signing certificate for your OVFs from a trusted CA to your content library.
Another recent addition to the VMware Content Library functionality introduced in vSphere 6.7 Update 1 is uploading a VM template type directly to the VMware Content Library. Previously, VM templates were converted to an OVF template type. Now, you can work directly with virtual machine templates in the VMware Content Library.
VMware Content Library types
VMware Content Library enables managing resources across sites using two different types of content libraries. These include the following:
Local Content Library – A local content library is a VMware Content Library used to store and manage content residing in a single vCenter Server environment. Suppose you work in a single vCenter Server environment and want to have various resources available across all your ESXi hosts to deploy VMs, vAPPs, install from ISO files, etc. In that case, the local content library allows doing that. With the local content library, you can choose to Publish the local content library. When you publish the Content Library, you are making it available to be subscribed to or synchronized.
Subscribed Content Library – The other type of Content Library is the subscribed content library. When you add a subscribed VMware Content Library type, you are essentially downloading published items from a VMware Content Library type that has published items as mentioned in the Local Content Library section. In this configuration, you are only a consumer of the VMware Content Library that someone else has published. It means when creating the Content Library, the publish option was configured. You can’t add templates and other items to the subscribed VMware Content Library type as you can only synchronize the content of the subscribed Content Library with the content of the published Content Library.
With a subscribed library, you can choose to download all the contents of the published Content Library immediately once the subscribed Content Library is created. You can also choose to download only the metadata for items in the published Content Library and download the entire contents of the items you need. You can think of this as a “files on-demand” type feature that only downloads the resources when these are required.
Below is an example of the screen when configuring a content library that allows creating either a Local Content Library or the Subscribed Content Library:
Choosing the content library type
Create a local or subscription Content Library in vSphere 7
Creating a new VMware Content Library is a relatively straightforward and intuitive process you can accomplish in the vSphere Client. Let’s step through the process to create a new VMware Content Library. We will use the vSphere Web Client to manage and configure the Content Library Settings.
Using the vSphere Web Client to manage the Content Library
First, click the upper left-hand “hamburger” menu in the vSphere Client. You will see the option Content Libraries directly underneath the Inventory menu when you click the menu.
Choosing the Content Libraries option to create a manage Content Libraries
Under the Content Libraries screen, you can Create new Content Libraries.
Creating a new Content Library in the vSphere Client
It will launch the New Content Library wizard. In the Name and Location screen, name the new VMware Content Library.
New Content Library name and location
On the Configure content library step, you configure the content library type, including configuring a local content library or a subscribed content library. Under the configuration for Local content library, you can Enable publishing. If publishing is enabled, you can also enable authentication.
Configuring the Content Library type
When you configure publishing and authentication, you can configure a password on the content library.
Step 3 is the Apply security policy step. It allows applying the OVF default policy to protect and enforce strict validation while importing and synchronizing OVF library items.
Choosing to apply the OVF default policy
The VMware Content Library needs to have a storage location that will provide the storage for the content library itself. First, select the datastore you want to use for storing your content library. The beauty of the content library is that it essentially publishes and shares the items in the content library itself, even though they may be housed on a particular datastore.
Select the storage to use for storing items in the VMware Content Library
Finally, we are ready to complete the creation of the Content Library. Click Finish.
Finishing the creation of the VMware Content Library
Once the VMware Content Library is created, you can see the details of the library, including the Publication section showing the Subscription URL.
Viewing the settings of a newly created VMware Content Library
As a note. If you click the Edit Settings hyperlink under the Publication settings pane, you can go in and edit the settings of the Content Library, including the publishing options, authentication, changing the authentication password, and applying a security policy.
Editing the settings of a VMware Content Library
Creating a subscribed VMware Content Library
As we mentioned earlier, configuring a subscribed content library means synchronizing items from a published content library. In the New Content Library configuration wizard, you choose the Subscribed content library option to synchronize with a published content library. Then, enter the subscription URL for the published content library when selected. As shown above, this URL is found in the settings of the published content library.
You will need to also place a check in the Enable authentication setting if the published content library was set up with authentication. Then, enter the password configured for the published content library. Also, note the configuration for downloading content. As detailed earlier, you can choose to synchronize items immediately, meaning the entire content library will be fully downloaded. Or, you can select when needed, which acts as a “files on demand” configuration that only downloads the resources when needed.
Configuring the subscribed content library
Choose the storage for the subscribed Content Library.
Add storage for the subscribed VMware Content Library
Ready to complete adding a new subscribed VMware Content Library. Click Finish.
Ready to complete adding a subscribed VMware Content Library
Interestingly, you can add a subscribed VMware Content Library that is subscribed to the same published VMware Content Library on the same vCenter Server.
Published and subscribed content library on the same vCenter Server
What is Check-In/Check-Out?
A new feature included with VMware vSphere 7 is versioning with the VMware Content Library. So often, with virtual machine templates, these are frequently changed, updated, and configured. As a result, it can be easy to lose track of the changes made, the user making the modifications, and track the changes efficiently.
Now, VMware vSphere 7 provides visibility into the changes made to virtual machine templates with a new check-in/check-out process. This change embraces DevOps workflows with a way for IT admins to check in and check out virtual machine templates in and out of the Content Library.
Before the new check-in/check-out feature, VI admins might use a process similar to the following to change a virtual machine template:
Convert a virtual machine template to a virtual machine
Place a snapshot on the converted template to machine VM
Make whatever changes are needed to the VM
Power the VM off and convert it back to a template
Re-upload the VM template back to the Content Library
Delete the old template
Internally notify other VI admins of the changes
Now, VI admins can use a new capability in vSphere 7.0 and higher to make changes to virtual machine templates more seamlessly and track those changes effectively.
Clone as template to Library
The first step is to house the virtual machine template in the Content Library. Right-click an existing virtual machine to use the new functionality and select Clone as Template to Library.
Clone as Template to Library functionality to use the check-in and check-out feature
As a note, if you see the Clone to Library functionality instead of Clone as Template to Library, it means you have not converted the VM template to a virtual machine. If you right-click a VM template, you only get the Clone to Library option. If you select Clone to Template, it only allows cloning the template in a traditional way to another template on a datastore.
Right-clicking and cloning a VM template only gives the option to Clone to Library
Continuing with the Clone to Library process, you will see the Clone to Template in Library dialog box open. Select either New template or Update the existing template.
Clone to Template in Library
In the vCenter Server tasks, you will see the process begin to Upload files to a Library and Transfer files.
Uploading a virtual machine template to the Content Library
When you right-click a virtual machine and not a virtual machine template, you will see the additional option of Clone as Template to Library.
Clone as Template to Library
It then brings up a more verbose wizard for the Clone Virtual Machine To Template process. The first screen is the Basic information where you define the Template type (can be OVF or VM Template), the name of the template, notes, and select a folder for the template.
Configuring basic information for the clone virtual machine to template process
On the Location page, you select the VMware Content Library you want to use to house the virtual machine template.
Select the VMware Content Library to house the virtual machine template
Select a compute resource to house your cloned VM template.
Select the compute resource for the virtual machine template
Select the storage for the virtual machine template.
Select storage to house the VM template
Finish the Clone Virtual Machine to Template process.
Finish the clone of the virtual machine to template in the VMware Content Library
If you navigate to the Content Library, you will see the template listed under the VM Templates in the Content Library.
Viewing the VM template in the Content Library
Checking templates in and out
If you select the radio button next to the VM template, the Check Out VM From This Template button will appear to the right.
Launching the Check out VM from this template
When you click the button, it will launch the Check out VM from VM Template wizard. First, name the new virtual machine that will be created in the check-out process.
Starting the Check out VM from VM template
Select the compute resource to house the checked-out virtual machine.
Selecting a compute resource
Review and finish the Check out VM from VM template process. You can select to power on VM after check out.
Review and Finish the Check out VM from VM Template
The checked-out virtual machine will clone from the existing template in the Content Library. Also, you will see an audit trail of the check-outs from the Content Library. You are directed to Navigate to the checked-out VM to make updates. Note you then have the button available to Check In VM to Template.
Virtual machine template is checked out and deployed as a virtual machine in inventory
If you navigate to the Inventory view in the vSphere Client, you will see the machine has a tiny blue dot in the lower left-hand corner of the virtual machine icon.
Viewing the checked-out VM template as a virtual machine in vSphere inventory
After making one small change, such as changing the virtual network the virtual machine is connected to, we see the option appear to Check In VM to Template.
Check In VM to Template
It will bring up the Check In VM dialog box, allowing you to enter notes and then click the Check In button.
Check In the VM
We see the audit trail of changes reflected in the Content Library with the notes we entered in the Check in notes.
Virtual machine template checked back in with the notes entered in the check-in process
You will also see a new Versioning tab displayed when you view the virtual machine template in the inventory view.
Viewing the versioning of a virtual machine template in the inventory view
VMware Content Library Roles
There are various privileges related to Content Library privileges. VMware documents the following privileges that can be assigned to a custom VMware Content Library Role.
Privilege Name
Description
Required On
Content library.Add library item
Allows addition of items in a library.
Library
Content library.Add root certificate to trust store
Allows addition of root certificates to the Trusted Root Certificates Store.
vCenter Server
Content library.Check in a template
Allows checking in of templates.
Library
Content library.Check out a template
Allows checking out of templates.
Library
Content library.Create a subscription for a published library
Allows creation of a library subscription.
Library
Content library.Create local library
Allows creation of local libraries on the specified vCenter Server system.
vCenter Server
Content library.Create or delete a Harbor registry
Allows creation or deletion of the VMware Tanzu Harbor Registry service.
vCenter Server for creation. Registry for deletion.
Content library.Create subscribed library
Allows creation of subscribed libraries.
vCenter Server
Content library.Create, delete or purge a Harbor registry project
Allows creation, deletion, or purging of VMware Tanzu Harbor Registry projects.
Registry
Content library.Delete library item
Allows deletion of library items.
Library. Set this permission to propagate to all library items.
Content library.Delete local library
Allows deletion of a local library.
Library
Content library.Delete root certificate from trust store
Allows deletion of root certificates from the Trusted Root Certificates Store.
vCenter Server
Content library.Delete subscribed library
Allows deletion of a subscribed library.
Library
Content library.Delete subscription of a published library
Allows deletion of a subscription to a library.
Library
Content library.Download files
Allows download of files from the content library.
Library
Content library.Evict library item
Allows eviction of items. The content of a subscribed library can be cached or not cached. If the content is cached, you can release a library item by evicting it if you have this privilege.
Library. Set this permission to propagate to all library items.
Content library.Evict subscribed library
Allows eviction of a subscribed library. The content of a subscribed library can be cached or not cached. If the content is cached, you can release a library by evicting it if you have this privilege.
Library
Content library.Import Storage
Allows a user to import a library item if the source file URL starts with ds:// or file://. This privilege is disabled for content library administrator by default. Because an import from a storage URL implies import of content, enable this privilege only if necessary and if no security concern exists for the user who performs the import.
Library
Content library.Manage Harbor registry resources on specified compute resource
Allows management of VMware Tanzu Harbor Registry resources.
Compute cluster
Content library.Probe subscription information
This privilege allows solution users and APIs to probe a remote library’s subscription info including URL, SSL certificate, and password. The resulting structure describes whether the subscription configuration is successful or whether there are problems such as SSL errors.
Library
Content library.Publish a library item to its subscribers
Allows publication of library items to subscribers.
Library. Set this permission to propagate to all library items.
Content library.Publish a library to its subscribers
Allows publication of libraries to subscribers.
Library
Content library.Read storage
Allows reading of content library storage.
Library
Content library.Sync library item
Allows synchronization of library items.
Library. Set this permission to propagate to all library items.
Content library.Sync subscribed library
Allows synchronization of subscribed libraries.
Library
Content library.Type introspection
Allows a solution user or API to introspect the type support plug-ins for the content library service.
Library
Content library.Update configuration settings
Allows you to update the configuration settings.
Library
No vSphere Client user interface elements are associated with this privilege.
Content library.Update files
Allows you to upload content into the content library. Also allows you to remove files from a library item.
Library
Content library.Update library
Allows updates to the content library.
Library
Content library.Update library item
Allows updates to library items.
Library. Set this permission to propagate to all library items.
Content library.Update local library
Allows updates of local libraries.
Library
Content library.Update subscribed library
Allows you to update the properties of a subscribed library.
Library
Content library.Update subscription of a published library
Allows updates of subscription parameters. Users can update parameters such as the subscribed library’s vCenter Server instance specification and placement of its virtual machine template items.
Library
Content library.View configuration settings
Allows you to view the configuration settings.
Library
No vSphere Client user interface elements are associated with this privilege.
Advanced Content Library settings
Several advanced configuration settings are configurable with the VMware Content Library. You can get to these by navigating to Content Libraries > Advanced.
This setting enables automatic synchronization of subscribed content libraries.
Library Auto Sync Refresh Interval (minutes)
The Interval between two consequent automatic synchronizations of the subscribed content library. This interval is measured in minutes.
Library Auto Sync Setting Refresh Interval (seconds)
This is the Interval after which the refresh interval for the automatic synchronization settings of the subscribed library will be updated if it has been changed. It is measured in seconds. A change in the refresh interval requires a restart of vCenter Server.
Library Auto Sync Start Hour
This setting refers to the time of day when the automatic synchronization of a subscribed content library begins
Library Auto Sync Stop Hour
This setting refers to the time of day when the automatic synchronization of a subscribed content library stops. Automatic synchronization stops until the start hour.
Library Maximum Concurrent Sync Items
The maximum number of items concurrently synchronizing for each subscribed library.
Max concurrent NFC transfers per ESX host
The maximum concurrent NFC transfers per ESXi host limit
Maximum Bandwidth Consumption
The bandwidth usage threshold. It is measured in Mbps across all transfers where 0 means unlimited bandwidth.
Maximum Number of Concurrent Priority Transfers
The Concurrent transfer limit for priority files. Tranfers are queued if the bandwidth limit is exceeded. This threadpool is used only to transfer priority objects. For example, if you change the concurrent transfer limit for priority files, such as OVF, you must restart vCenter Server.
Maximum Number of Concurrent Transfers
Concurrent transfer limit. When exceeded, the transfers are queued. If you change the concurrent transfer limit, it requires a restart of vCenter Server.
To properly protect your VMware environment, use Altaro VM Backup to securely backup and replicate your virtual machines. We work hard perpetually to give our customers confidence in their VMware backup strategy.
To keep up to date with the latest VMware best practices, become a member of the VMware DOJO now (it’s free).
Wrapping up
The VMware Content Library provides a centralized repository that allows keeping required file resources, virtual machine templates, ISO images vApps, and other files synchronized and available across the vSphere datacenter. In vSphere 7, the Content Library allows organizations to have a better way to keep up with and track changes to virtual machine templates. Using the new check-in/check-out process, VI admins can track changes made with each check-out and ensure these are documented and synchronized back to the Content Library.
It effectively provides a solution to remove the need to copy files between ESXi hosts or vSphere clusters and have what you need to install guest operating systems or deploy virtual machine templates. In addition, the subscribed Content Library allows synchronizing vCenter Server content libraries so that many other vCenter Servers can take advantage of the files already organized in the published Content Library.
The VMware Content Library is one of the more underutilized tools in the VI admin’s toolbelt that can bring about advantages in workflow, efficiency, and time spent finding and organizing files for deploying VMs and OS’es. In addition, the recent feature additions and improvements, such as check-ins/check-outs, have provided a more DevOps approach to tracking and working with deployment resources.
New survey reveals lack of staff, skills, and resources driving smaller teams to outsource security.
As business begins its return to normalcy (however “normal” may look), CISOs at small and medium-size enterprises (500 – 10,000 employees) were asked to share their cybersecurity challenges and priorities, and their responses were compared the results with those of a similar survey from 2021.
Here are the 5 key things we learned from 200 responses:
1 — Remote Work Has Accelerated the Use of EDR Technologies
In 2021, 52% of CISOs surveyed were relying on endpoint detection and response (EDR) tools. This year that number has leapt to 85%. In contrast, last year 45% were using network detection and response (NDR) tools, while this year just 6% employ NDR. Compared to 2021, double the number of CISOs and their organizations are seeing the value of extended detection and response (XDR) tools, which combine EDR with integrated network signals. This is likely due to the increase in remote work, which is more difficult to secure than when employees work within the company’s network environment.
2 — 90% of CISOs Use an MDR Solution
There is a massive skills gap in the cybersecurity industry, and CISOs are under increasing pressure to recruit internally. Especially in small security teams where additional headcount is not the answer, CISOs are turning to outsourced services to fill the void. In 2021, 47% of CISOs surveyed relied on a Managed Security Services Provider (MSSP), while 53% were using a managed detection and response (MDR) service. This year, just 21% are using an MSSP, and 90% are using MDR.
3 — Overlapping Threat Protection Tools are the #1 Pain Point for Small Teams
The majority (87%) of companies with small security teams struggle to manage and operate their threat protection products. Among these companies, 44% struggle with overlapping capabilities, while 42% struggle to visualize the full picture of an attack when it occurs. These challenges are intrinsically connected, as teams find it difficult to get a single, comprehensive view with multiple tools.
4 — Small Security Teams Are Ignoring More Alerts
Small security teams are giving less attention to their security alerts. Last year 14% of CISOs said they look only at critical alerts, while this year that number jumped to 21%. In addition, organizations are increasingly letting automation take the wheel. Last year, 16% said they ignore automatically remediated alerts, and this year that’s true for 34% of small security teams.
5 — 96% of CISOs Are Planning to Consolidate Security Platforms
Almost all CISOs surveyed have consolidation of security tools on their to-do lists, compared to 61% in 2021. Not only does consolidation reduce the number of alerts – making it easier to prioritize and view all threats – respondents believe it will stop them from missing threats (57%), reduce the need for specific expertise (56%), and make it easier to correlate findings and visualize the risk landscape (46%). XDR technologies have emerged as the preferred method of consolidation, with 63% of CISOs calling it their top choice.
The OpenSSL Technical Committee (OTC) was recently made aware of several potential attacks against the OpenSSL libraries which might permit information leakage via the Spectre attack.1 Although there are currently no known exploits for the Spectre attacks identified, it is plausible that some of them might be exploitable.
Local side channel attacks, such as these, are outside the scope of our security policy, however the project generally does introduce mitigations when they are discovered. In this case, the OTC has decided that these attacks will not be mitigated by changes to the OpenSSL code base. The full reasoning behind this is given below.
The Spectre attack vector, while applicable everywhere, is most important for code running in enclaves because it bypasses the protections offered. Example enclaves include, but are not limited to:
The reasoning behind the OTC’s decision to not introduce mitigations for these attacks is multifold:
Such issues do not fall under the scope of our defined security policy. Even though we often apply mitigations for such issues we do not mandate that they are addressed.
Maintaining code with mitigations in place would be significantly more difficult. Most potentially vulnerable code is extremely non-obvious, even to experienced security programmers. It would thus be quite easy to introduce new attack vectors or fix existing ones unknowingly. The mitigations themselves obscure the code which increases the maintenance burden.
Automated verification and testing of the attacks is necessary but not sufficient. We do not have automated detection for this family of vulnerabilities and if we did, it is likely that variations would escape detection. This does not mean we won’t add automated checking for issues like this at some stage.
These problems are fundamentally a bug in the hardware. The software running on the hardware cannot be expected to mitigate all such attacks. Some of the in-CPU caches are completely opaque to software and cannot be easily flushed, making software mitigation quixotic. However, the OTC recognises that fixing hardware is difficult and in some cases impossible.
Some kernels and compilers can provide partial mitigation. Specifically, several common compilers have introduced code generation options addressing some of these classes of vulnerability:
GCC has the -mindirect-branch, -mfunction-return and -mindirect-branch-register options
LLVM has the -mretpoline option
MSVC has the /Qspectre option
Nicholas Mosier, Hanna Lachnitt, Hamed Nemati, and Caroline Trippel, “Axiomatic Hardware-Software Contracts for Security,” in Proceedings of the 49th ACM/IEEE International Symposium on Computer Architecture (ISCA), 2022.↩
Posted by OpenSSL Technical Committee May 13th, 2022 12:00 am
Altaro VM Backup has a number of services, handing different types of operations and in certain cases it’s important to know the role of a specific service.
Below you can find an extensive list of each service’s responsibility.
Services on the Altaro VM Backup Console
The list below can also be used for services running on an Altaro Offsite Server machine only.
Display Name
Description
Altaro VM Backup Engine
Management of backup schedules and configuration
Altaro VM Backup Deduplication Service
Performs deduplication of data during backup operations
Altaro Offsite Server 6
Altaro Offsite Server for v5 & v6 Offsite Copies
Altaro Offsite Server 8
Altaro Offsite Server for Offsite Copies
Altaro Offsite Server 8 Controller
Provides an interface between the Offsite Server Management Console UI and the Altaro Offsite Server
Altaro VM Backup API Service
Enables a RESTful API interface to Altaro VM Backup
Altaro VM Backup Hyper-V Host Agent – N1
Facilitates backup and restore operations for Virtual machines on a Hyper-V Host and/or a VMware Host using VDDK 5.5
Altaro VM Backup Hyper-V Host Agent – N2
Facilitates backup and restore operations for Virtual machines on a VMware Host using VDDK 6.5 & 6.7
Altaro VM Backup Controller
Provides an interface between the Management Console UI and the Altaro VM Backup Service
Services on a Hyper-V Host added to Altaro VM Backup
DisplayName
Description
Altaro VM Backup Hyper-V Host Agent – N1
Facilitates backup and restore operations for Virtual machines on a Hyper-V Host and/or a VMware Host using VDDK 5.5
Altaro VM Backup Hyper-V Host Agent – N2
Facilitates backup and restore operations for Virtual machines on a VMware Host using VDDK 6.5 & 6.7
The U.S. Cybersecurity and Infrastructure Security Agency (CISA), along with the Coast Guard Cyber Command (CGCYBER), on Thursday released a joint advisory warning of continued attempts on the part of threat actors to exploit the Log4Shell flaw in VMware Horizon servers to breach target networks.
“Since December 2021, multiple threat actor groups have exploited Log4Shell on unpatched, public-facing VMware Horizon and [Unified Access Gateway] servers,” the agencies said. “As part of this exploitation, suspected APT actors implanted loader malware on compromised systems with embedded executables enabling remote command-and-control (C2).”
In one instance, the adversary is said to have been able to move laterally inside the victim network, obtain access to a disaster recovery network, and collect and exfiltrate sensitive law enforcement data.
Log4Shell, tracked as CVE-2021-44228 (CVSS score: 10.0), is a remote code execution vulnerability affecting the Apache Log4j logging library that’s used by a wide range of consumers and enterprise services, websites, applications, and other products.
Successful exploitation of the flaw could enable an attacker to send a specially-crafted command to an affected system, enabling the actors to execute malicious code and seize control of the target.
Based on information gathered as part of two incident response engagements, the agencies said that the attackers weaponized the exploit to drop rogue payloads, including PowerShell scripts and a remote access tool dubbed “hmsvc.exe” that’s equipped with capabilities to log keystrokes and deploy additional malware.
“The malware can function as a C2 tunneling proxy, allowing a remote operator to pivot to other systems and move further into a network,” the agencies noted, adding it also offers a “graphical user interface (GUI) access over a target Windows system’s desktop.”
The PowerShell scripts, observed in the production environment of a second organization, facilitated lateral movement, enabling the APT actors to implant loader malware containing executables that include the ability to remotely monitor a system’s desktop, gain reverse shell access, exfiltrate data, and upload and execute next-stage binaries.
Furthermore, the adversarial collective leveraged CVE-2022-22954, a remote code execution vulnerability in VMware Workspace ONE Access and Identity Manager that came to light in April 2022, to deliver the Dingo J-spy web shell.
Ongoing Log4Shell-related activity even after more than six months suggests that the flaw is of high interest to attackers, including state-sponsored advanced persistent threat (APT) actors, who have opportunistically targeted unpatched servers to gain an initial foothold for follow-on activity.
According to cybersecurity company ExtraHop, Log4j vulnerabilities have been subjected to relentless scanning attempts, with financial and healthcare sectors emerging as an outsized market for potential attacks.
“Log4j is here to stay, we will see attackers leveraging it again and again,” IBM-owned Randori said in an April 2022 report. “Log4j buried deep into layers and layers of shared third-party code, leading us to the conclusion that we’ll see instances of the Log4j vulnerability being exploited in services used by organizations that use a lot of open source.”
In late May we announced our agreement to acquire VMware. Since that time, we’ve been meeting with many VMware customers and partners to tell them more about how this combination will deliver compelling benefits to them. We’ve also kicked off planning efforts for the post-closing company.
VMware is an iconic software company with a vibrant ecosystem, including hyperscalers, system integrators and channel partners. We don’t want to change any of that, and in fact, we want to embrace those relationships. We have tremendous respect for what VMware has built, supported by a skilled team of engineering talent. It is for all these reasons and more that we’ve committed to rebrand Broadcom Software Group as VMware.
Bringing VMware’s multi-cloud offerings and Broadcom’s software portfolio together after the deal closes will enable customers greater choice and flexibility to build, run, manage, connect and protect traditional and modern applications at scale across diversified, distributed environments. Simply put, this combination will help customers better meet the demands of the incredibly complex IT landscape head on. We share VMware’s commitment to working in close partnership with customers on joint engineering and innovation initiatives to drive enhanced value and performance.
The existing Broadcom Software business – including our portfolio of Value Stream Management, AIOps and Observability, Cybersecurity, Enterprise Automation and Continuous Delivery solutions – will be offered alongside the VMware solutions for cloud infrastructure, modern applications and anywhere workspace after the deal closes. Following the anticipated rebrand, customers will have the ability to purchase from the new VMware a broad portfolio of solutions that help enterprises build, manage and secure a wide variety of applications – from mainframe to client server to cloud-native via Kubernetes – and more securely deliver amazing end user experiences to any device anywhere. All of this means we will be placing more choice in customers’ hands.
Broadcom’s commitment
Delivering on this value proposition has never been more critical, and we recognize that enterprise customers are relying on both companies for high-performing and ubiquitous access to their critical applications. We have been listening closely to customer and partner feedback, and we are committed to getting it right.
We are approaching the post-closing planning phase of the transaction process with an open mind, while drawing from the lessons learned from our previous acquisitions of CA and Symantec Enterprise. This means that we’ll be working in close coordination with VMware to learn more about their go-to-market, product portfolio, approach to innovation, engineering talent, partner network and, of course, strong customer footprint.
The insights we’re gaining are only strengthening our confidence in the future of a combined Broadcom Software and VMware. VMware has great technology and respected products that will remain a source of significant value to the combined company going forward after the deal closes. And we recognize the central role that VMware’s deep customer relationships play in its success. Broadcom wants to preserve and grow these relationships – we’ll be investing in both the direct sales force across all key verticals as well as the partners that support the broader customer base.
From a product portfolio standpoint, this transaction presents a tremendous opportunity to advance our mutual focus on innovation. We recognize that customers value VMware because of its strong history of innovation and technology leadership. Broadcom also has a proud track record of significant R&D investment – as a company, we’ve grown total R&D spending 24x since 2009 – and this will remain a top priority after the deal closes with VMware as part of Broadcom. A key pillar of the combined company’s innovation roadmap will be to retain and support VMware’s engineering and R&D talent, and we are committed to this effort as we progress toward closing the transaction and thereafter.
All this said, we are still in the early days of this exciting journey. We will be carefully evaluating the proposed combined footprint and operating model of Broadcom Software plus VMware, and we will be approaching each decision with a commitment to transparency, innovation, value creation and maintaining the highest-quality experience for customers and partners. We will continue to welcome input from VMware leadership, employees, customers and partners as we plan for this next chapter, and we look forward to keeping you updated.
Additional Information about the Transaction and Participants in the Solicitation: Broadcom Inc. (‘Broadcom”) intends to file with the SEC a Registration Statement on Form S-4 that will include a proxy statement of VMware, Inc. (“VMware”) and that also constitutes a prospectus of Broadcom, as well as other relevant documents concerning the proposed transaction. We urge investors to read the proxy statement/prospectus and any other documents filed with the SEC in connection with the proposed transaction or incorporated by reference in the proxy statement/prospectus, if and when they become available, because they will contain important information. Investors may obtain these documents free of charge at the SEC’s web site (www.sec.gov). In addition, the documents filed with the SEC by Broadcom may be obtained free of charge on Broadcom’s website at https://investors.broadcom.com. Copies of the documents filed with the SEC by VMware will be available free of charge on VMware’s website at ir.vmware.com. The directors, executive officers, and certain other members of management and employees of VMware and Broadcom may be deemed to be participants in the solicitation of proxies in favor of the proposed transactions. Information about the directors and executive officers of Broadcom, including a description of their direct or indirect interests, by security holdings or otherwise, is set forth in Broadcom’s proxy statement for its 2022 Annual Meeting of Stockholders, which was filed with the SEC on February 18, 2022, and Broadcom’s Annual Report on Form 10-K for the fiscal year ended October 31, 2021, which was filed with the SEC on December 17, 2021. Information about the directors and executive officers of VMware, including a description of their direct or indirect interests, by security holdings or otherwise, is set forth in VMware’s proxy statement for its 2022 Annual Meeting of Stockholders, which was filed with the SEC on May 27, 2022, VMware’s Annual Report on Form 10-K for the fiscal year ended January 28, 2022, which was filed with the SEC on March 24, 2022, a Form 8-K filed by VMware on April 22, 2022 and a Form 8-K filed by VMware on May 2, 2022.
