voyager624 - Fotolia
Using virtualized disaster recovery to fight ransomware
When it comes to fighting and protecting against ransomware, there are some major features of virtual disaster recovery that top physical environments.
The recent wave of malware spreading over the internet has provided an excellent opportunity to showcase how dynamic and flexible virtual infrastructure can be and how organizations can avert issues using a virtualized environment.
The crown jewel of virtualized disaster recovery (DR) infrastructure is the point-in-time copy feature. Point-in-time copies are very similar to classic virtual machine snapshots but less weighty; they don't keep copies of the VM memory and other less important items. These copies allow an administrator to roll a virtualized system back to a point in time prior to when the malware hit.
The snapshot process in a virtualized disaster recovery environment is automated and keeps hundreds or thousands of point-in-time copies of the data that can span days and even weeks. While this may sound very inefficient, it is actually the opposite. Each copy just keeps track of the changes from how the block in question looked prior to the change written to it. Multiple changes to that block are not an issue. Essentially, this means that large amounts of changes can be represented by a tiny amount of copied block data. It is possible to go back to almost the exact minute prior to any infection.
Virtual vs. physical DR
This type of functionality isn't available on physical hosts. While physical hosts may have restore points provided by the inbuilt OS functionality (i.e., Windows restore points), modern malware removes the restore point protection. Because the restore functionality and point-in-time copies are isolated from the VM, the restore functionality can't be subverted from inside the VM. (That is assuming the underlying DR system is still available and not impacted.)
Compare this virtualized disaster recovery to a physical environment. There are tools such as Dell EMC's Symmetrix Remote Data Facility that allow replication, but they can be a bit cumbersome to use and require more in-depth support. These products also require dedicated storage LUNs to work correctly. There are manual tasks that need to be completed, such as breaking replication, mounting disks and reconfiguring the application. This is problematic enough with one server, but when there are dozens or more compromised machines, it becomes a huge task. The manual labor involved alone would be huge. Any DR failover should have as few steps and different groups as possible. Complexity adds risk, which is not something you want when trying to perform a failover.
Lastly, virtualized disaster recovery offers massive time savings. Top-flight DR products advertise the fact that a failover can be completed in less than 15 minutes.
An all-virtualized disaster recovery environment provides functionality that helps companies fight malware and ransomware attacks. Anyone not using it is missing a massive tactical advantage that is easy to use and implement.