What is the Mac Evaluation Utility tool?

Pure Storage And VMware On Azure: Easy, Performant, Cost-Effective

Pure Storage seems to be everywhere in its market, and it is continuously pushing boundaries—in a good way. At this week’s VMware Explore event (still known as VMWorld to me) in Las Vegas, the company has leveraged its strong partnerships to deliver what should be a high-value solution to enterprise IT. Working with VMware and Microsoft Azure, the company announced Cloud Block Store for Azure VMware Solution (AVS). Initially available in Preview in 16 Azure regions, this solution will eventually be generally available across all Azure regions. It’s another strong move from Pure Storage that complements the announcements from its Accelerate conference several weeks ago, which I covered here.

What exactly is Cloud Block Store for AVS, and why should enterprise IT care? Read on, and I'll explain.

VMware in the cloud: Good, but it could be better

Pardon the pun in advance: VMware is used virtually everywhere. Every enterprise IT executive I speak with not only talks about maintaining their current VMware environment, but also views VMware as a strategic piece of the puzzle for the future of their IT deployments. Because of this, VMware spans the enterprise environment, from the datacenter to the edge and the cloud(s).

Expanding the VMware estate from the on-premises datacenter to the cloud has been happening for some time. VMware delivered its first solution for driving a hybrid environment back in 2013. AWS partnered with VMware to launch VMware Cloud on AWS in 2017, and Azure followed suit with AVS in 2020.

AVS is a popular cloud destination for enterprise VMware environments.

The use cases for expanding the VMware environment to the Azure cloud via AVS should be no surprise. Because VMware is so often regarded as strategic to the enterprise, it serves as a foundational part of all enterprise IT operations. As such, the expansion to AVS mirrors what sits on the premises. To put it another way, AVS customers want to span all operations seamlessly from the datacenter to Azure in a cost-effective manner.

AVS has a proven track record for delivering seamless integration of environments. Microsoft has done an excellent job of enabling the on-prem-to-cloud movement of most apps and data. However, I do hear a few challenges from customers, especially around cost and complexity. Specifically, migrating database environments can be challenging, and costs can escalate due to the inability to scale storage separately from compute. Some of the challenges on the database side can prevent users from deploying their dev/test environments to AVS.

If only a storage software solution could enable more seamless integration. Especially if it were a solution that decoupled storage from compute. If only.

Pure Cloud Block Store for AVS: Good becomes great

Cloud Block Store for AVS is designed to drive greater balance for hybrid VMware environments while reducing costs. According to Pure Storage, the design goals of the solution are to:

One of the keys to the success of Pure's AVS approach is all the work the company did with Microsoft to optimize Pure’s data management solution for Azure. This has meant much more than simply deploying Pure's data management software in the Azure cloud; it has required years of understanding how AVS supports VMware and which areas can be improved, along with a sustained joint development effort to achieve the design goals mentioned above.

For example, the work between Pure and Azure to enable Pure's software to fully exploit the recently launched Premium SSDv2 storage environment delivers both performance gains and considerable cost savings. So, not only can customers decouple this storage-compute relationship that leads to wasted cost (and wasted compute cycles), but they can do so on high-performing storage.

The cost savings Pure Block Store delivers speak for themselves

The above graphic highlights just how big the savings are that Pure can deliver. If I'm an IT executive facing increased demand to drive digital transformation projects—while also seeing my budgets slashed—deploying Pure should be one of my top priorities.

The other area I find compelling is how Pure’s Cloud Block Store has enabled database migration. "Data drives the enterprise" is a line I've written too many times to count. But this statement has become a truism because it’s actually true, and in practical terms it is rooted in an organization's database environment. The challenges around managing database environments prevent many IT organizations from fully leveraging the cloud.

With Pure, a couple of specific functions remove the challenges IT organizations face. First, the company's solution for copy data management (CDM) takes the existing process of database snapshots, which typically takes hours in a VMware environment, and delivers it . . . instantaneously. It’s not often that any vendor is able to completely remove a headache like this.

Second, Pure’s software enables the real-time cloning and restoration of a database environment—a task that typically takes somewhere between hours and days. Even better, Pure offers this with dedicated database professionals working to support the process. Think about what this means for dev/test environments in organizations that are looking to iterate quickly. DBAs and database pros are freed up, and dev/test cycles are shortened to minutes versus days.

What this means for enterprise IT

When considering the challenges enterprise IT faces, I see Cloud Block Store for AVS as enabling IT to further drive the cloud operating model organization-wide. Pure delivers the final mile of the Microsoft-VMware partnership that led to the creation of AVS in the first place. Every IT executive I speak with talks about the challenge of fully realizing the promise of the cloud while controlling costs. This includes direct costs tied to instances, data, and so on as well as indirect costs arising from operational inefficiencies around people and processes.

If I were still managing enterprise IT operations and saw a solution that promised to drive down costs considerably while improving my ability to deliver better-performing services, I’d be tempted to think it was too good to be true. But Pure has been telling this story—and delivering on the promise—for as long as it’s been around.

My take

If my views on Pure’s announcement weren’t clear before, let me be clear now: I think it has a clear winner with Cloud Block Store for AVS. Like all storage companies, the company is moving from a pure (pardon the pun) storage play to more of a data management solution. And this makes sense—the lines between storage, data and compute are blurred, and collective IT thinking is shifting to account for focusing on data first.

The benefits for Pure customers are both evident and significant. Beyond that, advances like this make Pure more compelling for non-customers, too. In an ever-competitive market for storage and data management, I’m optimistic about adoption of Pure Block Store for AVS—and beyond.

Moor Insights & Strategy provides or has provided paid services to technology companies like all research and tech industry analyst firms. These services include research, analysis, advising, consulting, benchmarking, acquisition matchmaking, and video and speaking sponsorships. The company has had or currently has paid business relationships with 8×8, Accenture, A10 Networks, Advanced Micro Devices, Amazon, Amazon Web Services, Ambient Scientific, Ampere Computing, Anuta Networks, Applied Brain Research, Applied Micro, Apstra, Arm, Aruba Networks (now HPE), Atom Computing, AT&T, Aura, Automation Anywhere, AWS, A-10 Strategies, Bitfusion, Blaize, Box, Broadcom, C3.AI, Calix, Cadence Systems, Campfire, Cisco Systems, Clear Software, Cloudera, Clumio, Cohesity, Cognitive Systems, CompuCom, Cradlepoint, CyberArk, Dell, Dell EMC, Dell Technologies, Diablo Technologies, Dialogue Group, Digital Optics, Dreamium Labs, D-Wave, Echelon, Ericsson, Extreme Networks, Five9, Flex, Foundries.io, Foxconn, Frame (now VMware), Fujitsu, Gen Z Consortium, Glue Networks, GlobalFoundries, Revolve (now Google), Google Cloud, Graphcore, Groq, Hiregenics, Hotwire Global, HP Inc., Hewlett Packard Enterprise, Honeywell, Huawei Technologies, HYCU, IBM, Infinidat, Infoblox, Infosys, Inseego, IonQ, IonVR, Inseego, Infosys, Infiot, Intel, Interdigital, Jabil Circuit, Juniper Networks, Keysight, Konica Minolta, Lattice Semiconductor, Lenovo, Linux Foundation, Lightbits Labs, LogicMonitor, LoRa Alliance, Luminar, MapBox, Marvell Technology, Mavenir, Marseille Inc, Mayfair Equity, Meraki (Cisco), Merck KGaA, Mesophere, Micron Technology, Microsoft, MiTEL, Mojo Networks, MongoDB, Multefire Alliance, National Instruments, Neat, NetApp, Nightwatch, NOKIA, Nortek, Novumind, NVIDIA, Nutanix, Nuvia (now Qualcomm), NXP, onsemi, ONUG, OpenStack Foundation, Oracle, Palo Alto Networks, Panasas, Peraso, Pexip, Pixelworks, Plume Design, PlusAI, Poly (formerly Plantronics), Portworx, Pure Storage, Qualcomm, Quantinuum, Rackspace, Rambus, Rayvolt E-Bikes, Red Hat, Renesas, Residio, Samsung Electronics, Samsung Semi, SAP, SAS, Scale Computing, Schneider Electric, SiFive, Silver Peak (now Aruba-HPE), SkyWorks, SONY Optical Storage, Splunk, Springpath (now Cisco), Spirent, Splunk, Sprint (now T-Mobile), Stratus Technologies, Symantec, Synaptics, Syniverse, Synopsys, Tanium, Telesign,TE Connectivity, TensTorrent, Tobii Technology, Teradata,T-Mobile, Treasure Data, Twitter, Unity Technologies, UiPath, Verizon Communications, VAST Data, Ventana Micro Systems, Vidyo, VMware, Wave Computing, Wellsmith, Xilinx, Zayo, Zebra, Zededa, Zendesk, Zoho, Zoom, and Zscaler. Moor Insights & Strategy founder, CEO, and Chief Analyst Patrick Moorhead is an investor in dMY Technology Group Inc. VI, Fivestone Partners, Frore Systems, Groq, MemryX, Movandi, and Ventana Micro., MemryX, Movandi, and Ventana Micro.

How Ukraine became a test bed for cyberweaponry

KIEV — To see the warfare of the future, head to the top floor of a nondescript office tower on a potholed street on the scruffy outskirts of Ukraine's capital. There, next to a darkened conference room, engineers sit at dark gray monitors, waging war with lines of code.

“Attacks are happening every day,” says Oleh Derevianko, founder of the Ukrainian cybersecurity firm that employs them, Information Systems Security Partners. "We never thought they were going to be the front line of cyber and hybrid war."

There may be no better place to witness cyber conflict in action than Ukraine today. Open warfare with Russia, a highly skilled, computer-literate pool of talent and a uniquely vulnerable political, economic and IT environment have made the country the perfect sandbox for those looking to test new cyberweapons, tactics and tools.

"Ukraine is live-fire space," says Kenneth Geers, a veteran cybersecurity expert and senior fellow at the Atlantic Council who advises NATO's Tallinn cyber center and spent time on the ground in Ukraine to study the country’s cyber conflict. Much like global powers fought proxy wars in the Middle East or Africa during the Cold War, Ukraine has become a battleground in a cyberwar arms race for global influence.

Derevianko's outfit works closely with the Ukrainian government and its U.S. and European allies to fend off onslaughts against the country’s networks. On the other side of the virtual front line: Not just sophisticated Russian-affiliated hacker groups like Fancy Bear, Cozy Bear and Sandworm — the group behind “NotPetya,” the most devastating cyberattack to date — but also hosts of other governmental, nongovernmental and criminal players testing out their capabilities on the country’s networks.

“They’re not only testing destruction but also testing your reflexes" — Oleh Derevianko, founder of Information Systems Security Partners

Activity has spiked ahead of presidential elections in March, says Derevianko. Since November, hacker groups have been shelling Ukrainian magistrates, government officials, attorneys and others with emails that contain attachments with malware and viruses — sometimes disguised as Christmas greetings, or as messages from the prime minister’s office — in what Derevianko describes as “mass phishing.”

Russian hacker groups are repeatedly attempting to get into the country’s systems, Ukraine’s national security service told POLITICO. Critical infrastructure and election systems are under constant stress, it said.

“They’re not only testing destruction but also testing your reflexes,” says Derevianko.

The war in eastern Ukraine has given Russian-affiliated hackers the opportunity to perfect their ability to launch cyberattacks with a series of major intrusions in Ukraine over the past few years.

“The annexation of Crimea and war in Donbas, it has created a volatile political environment," says Merle Maigre, the former head of NATO’s cyberdefense center in Tallinn who is now executive vice president at the Estonian cybersecurity firm CybExer.

Even as Russian tanks crossed the physical border into eastern Ukraine in the spring of 2014, Russian-affiliated hackers were sending malicious code onto Ukraine’s IT systems, providing political chaos as a smokescreen.

Three days before the presidential election in May 2014, hackers broke into Ukraine’s Central Election Commission and disabled parts of the network using advanced cyberespionage malware, according to a report by the International Foundation of Electoral Systems funded by the U.S. and U.K. and seen by POLITICO. The Central Election Commission was hit again later that year, when hackers took down its website ahead of a parliamentary vote in October.

Large-scale attacks followed the next year, and again in 2016. The targets, this time, were companies running Ukraine’s power grid. In 2015, hackers used so-called BlackEnergy malware, dropped on companies’ networks using spear phishing attacks that tricked employees into downloading from mock emails. So-called KillDisk malware later destroyed parts of the grid.

The resulting blackouts — the world’s first known successful cyberattack on an energy company at scale — affected about 230,000 Ukrainians for up to six hours. A year later, in December 2016, hackers relied on even more sophisticated tools to successfully turn off the lights in large parts of the Ukrainian capital yet again.

But the widest-reaching attack — and the world’s most financially damaging to date — took place in 2017, when hackers combined code tested in the power grid attacks with malware known as “Petya” and a security vulnerability initially discovered by the U.S. National Security Agency called EternalBlue.

Danish shipping behemoth Maersk was crippled by a 2017 malware attack | Leon Neal/Getty Images

The resulting malware — "NotPetya” — compromised the software of a small tech firm called Linkos Group, providing it access to the computers of utility companies, banks, airports and government agencies in Ukraine. It also crippled multinationals like the Danish shipping giant Maersk, logistics giant FedEx, pharma company Merck and other major corporations.

The NotPetya attack — which cost an estimated $10 billion to clean up — was “as close to cyberwar” as we’ve come, says Geers. “This was the most damaging attack in history, of a scale and cost that would far exceed a missile fired from the Donbas into Kiev."

The free-for-all environment of a country at war has turned Ukraine into a magnet for players of all types looking to test their cyber capabilities. In addition to hostile Russian hackers, the country has attracted cybersecurity firms looking to get close to the action, Western intelligence agencies seeking to understand the nature of modern conflict and criminals looking to make a buck.

“Donbas is basically lit up with malware. That’s intelligence services trying to figure out what Russia is going to do next in Donbas, trying to figure out what [Russian President Vladimir] Putin is up to,” says Geers, the Atlantic Council’s cybersecurity expert. “The U.S., China, Russia, Israel, Turkey, Iran — it’s coming from everywhere.”

In addition to the ongoing military conflict, Ukraine offers a tempting target because so many of the country’s computers run pirated software, which doesn’t receive standard security patches. And, because it is well integrated with Western European internet networks, the country offers a backdoor to hack the rest of Europe.

Russian President Vladimir Putin | Mikhail Klimentyev/AFP via Getty Images

Constant attempted attacks by hacker groups such as Fancy Bear, Cozy Bear and Turla are putting critical infrastructure and election systems under constant stress, Ukraine’s national security told POLITICO.

The goal, say experts, is to test the West’s defenses. The U.S. and other intelligence agencies have responded by moving into the Ukrainian networks to pick up the signals.

“Getting intelligence ahead of time is important,” says Dymtro Shymkiv, the former head of Microsoft in Ukraine and President Petro Poroshenko’s chief adviser on cyber between 2014 and 2018. “Some of the viruses and malware in the energy blackouts in Ukraine were later found in the U.S. and Israel.”

Ukrainian authorities, he says, exchange cyber intel for help in fending off the hackers.

“Whenever they identified malware, they uploaded it to special services where manufacturers of anti-virus could analyze it,” says Shymkiv. His cyber team sometimes worked with expert communities on platforms like Hybrid Analysis or ANY.RUN, a technique known as “cloud-based sandboxing,” where researchers can access the data and get in touch with those affected by malware, he says.

"U.S. counterparts, they are requesting a lot of information and interacting very productively" — Roman Boyarchuk, head of Ukraine’s State Cyber Protection Center

Washington has invested heavily in cyber resilience in Ukraine since 2014. USAID alone freed up a pot of $10 million (€8.9 million) for cybersecurity defenses, and a sizeable part of its much larger budget to support Ukraine goes to securing IT systems in the country.

U.S. companies, such as tech giant Microsoft, have also beefed up their presence in the country. Hardware leader Cisco has a strong foothold that includes its renowned cyberintelligence unit Talos. And U.S. cyber firm CrowdStrike, known for bullishly calling out state-sponsored hacks, is also active in the country, as are many others.

The U.S. and Europe are also investing in seminars and training for Ukrainian cybersecurity staff, and are involved in day-to-day assistance via the International Foundation for Electoral Systems (IFES), an international organization backed by democracies worldwide to help out with holding elections, and other channels.

"U.S. counterparts, they are requesting a lot of information and interacting very productively," says Roman Boyarchuk, the head of Ukraine’s State Cyber Protection Center, the authority tasked with fending off attackers from government networks. American and European cybersecurity authorities regularly ask for more details about his agency’s analysis of major threats, he says.

Hackers are ramping up their activity ahead of Ukraine's March election | Tomohiro Ohsumi/Getty Images

Activity has increased ahead of Ukraine’s national election in March, experts say, as smaller groups and individual hackers and criminals look for financial gain.

"They're scanning the networks and sending a lot of malware in order to find the breaches, the vulnerabilities,” says Boyarchuck, of the national cyber emergency team. “They are taking control, recording this control, putting it into databases and selling it.”

The hackers then find buyers for these credentials or access into confidential networks. Large data sets are sold on dark web marketplaces to anyone willing to pay the price.

"Everyone is buying it," says Boyarchuk. "Corporate competitors, state actors, anybody."

For Kiev’s cyber helpers, the goal is not just to help out a developing country under pressure. As Ukraine becomes ever more integrated with the West, there’s a strong fear of contagion. A successful cyberattack in Kiev, they fear, can easily slip the country’s borders and infect computers across the globe.

That’s become especially true following Ukraine's shift toward the West, which triggered Russia’s aggression. The country’s 2014 Association Agreement with the EU came with a "deep and comprehensive free-trade agreement" in place since 2016 that has strengthened economic ties. And with the increase in trade has come added data flows and interactions in its internet networks.

The 2017 “NotPetya” attack was a painful example of the risks that come with this kind of entanglement: An attack starting in a small tech firm in Ukraine spread to companies and government agencies across the world, grinding the business of international heavy-hitters to a halt.

"We provided them with political support, we've supported Ukraine in providing guns and ammo. Now we're moving to cyber" — Edvinas Kerza, Lithuania's vice minister of national defense

NotPetya "was when everybody realized how vulnerable they are when Ukraine gets hit," says Maigre, the former head of NATO’s cyberdefense center. "It easily blows over to Europe and beyond."

For the EU, in particular, the attack underlined the urgency of beefing up Ukraine’s cyberdefenses.

Since then, European countries have set up bilateral assistance deals. Estonia, for example, is heavily involved in helping Ukrainian authorities set up a secure electoral IT system. Lithuania is also active, according to Edvinas Kerza, the country's vice minister of national defense.

"We provided them with political support, we've supported Ukraine in providing guns and ammo," says Kerza. "Now we're moving to cyber."

The EU's eye is now on securing the upcoming presidential election at the end of March.

March's vote in Ukraine could provide valuable insight on cyberweaponry for the EU | John MacDougall/AFP via Getty Images

“We strongly expect Russia will try to influence the course of Ukraine’s presidential and parliamentary elections in 2019,” Ukraine’s security service said in an email, adding that the greatest threat comes from special services launching “purposeful, long-term cyberattacks with state interests in mind.”

Above all, the March vote could provide valuable insight for the EU, as it braces for cyberattacks on its European election at the end of May. That vote — in which voters in 27 countries will choose a new European Parliament and by extension decide who sits at the helm of the EU’s top institutions — is uniquely vulnerable to interference.

What happens in Kiev today could easily happen in Berlin, Rome or Amsterdam tomorrow, experts say. Ukraine "is sort of like a litmus test," says Maigre. The stream of phishing emails, the data sold on the dark web, the new types of malware — all of it can pop up west of Ukraine at any time. "That's why it is interesting to see how it all plays out in the elections," she says.