DPX | Catalogic Software

Category: DPX

How GuardMode Ransomware Detection Secures Your Backup Solution

Introduction

A backup strategy in place is essential for protecting your data against a ransomware attack. However, relying solely on backups is not enough to ensure complete protection from continuously more sophisticated risks.

The thing to remember is that backups can be an effective defense against ransomware only if they are done regularly and stored securely. Regular backups ensure that you have the most recent versions of your data available in case of an attack. Storing backups securely, such as on an offline or off-site location, can prevent the ransomware from accessing and encrypting them. Remember the 3-2-1 rule!

However, there are still some scenarios where backups may not be enough to protect against ransomware. For example:

If the ransomware can infect and encrypt the backed-up files before you notice the attack.
If the backups are not set up correctly or not being tested regularly, which may lead to data loss or the inability to restore the data.
If the backup process or systems are themselves compromised.

This is why we’ve decided to enhance the protection against data loss due to ransomware attacks by adding GuardMode, a ransomware detection module specifically designed to further protect your data and backup solution against ransomware.

GuardMode Detection Strategies

Three fundamental types of ransomware detection allow for a precise and early detection of suspicious activity for your backup and storage admins:

Threshold-based ransomware detection is a method of identifying ransomware attacks by monitoring file access patterns and setting predefined thresholds. It works by identifying when ransomware is attempting to encrypt a large number of files quickly or change file extensions
Honeypot file-based ransomware detection involves creates fake files that look like real data but are designed to trigger an alert when accessed or modified.
Blocklist-based ransomware detection is a method of identifying ransomware by comparing file name patterns against a known list of ransomware-specific patterns.

A combination of these three mechanisms provides an effective way for early detection of ransomware, and in combination with a data protection solution like DPX, they significantly enhance the security posture of your team to be more proactive.

Benefits of Ransomware Detection for Backup Solutions

Avoid Paying Ransom Demands

First, taking a proactive security posture can help your organization avoid paying ransom demands. If ransomware infects your system and your backups are encrypted, you may have no other option but to pay the ransom to get your data back. However, with GuardMode, you can prevent the attack from encrypting your backups, and you can restore your data from a clean backup copy.

Minimize Downtime and Decrease Recovery Time

Another advantage of ransomware detection in backup solutions is that it can minimize downtime. Ransomware attacks can cause significant downtime, which can result in lost revenue and productivity. With GuardMode ransomware detection, you can quickly identify and isolate infected systems, preventing the malware from spreading to other systems and minimizing the time it takes to recover from a ransomware attack. This is because you can get early notification to take action quickly to isolate the affected systems and restore data from backups.

Improve Overall Cybersecurity

The early detection mechanisms of GuardMode in combination with REST APIs and syslog integration helps your backup and storage teams improve your overall cybersecurity posture. By implementing measures to detect ransomware and ransomware-like attacks, you can enhance your existing security posture and you’re well equipped for automating actions to take upon detection like:

Making shares read-only instantaneously
Blocking suspiciously behaving accounts
Invoking immediate snapshot/backup on the affected system

It also important to take additional steps to protect against ransomware, such as implementing strong cybersecurity measures and training employees on how to recognize and avoid ransomware using antivirus and anti-malware software.

Why You Need to Add GuardMode Today

Ransomware attacks can cause significant damage to your business. Having a reliable backup solution is crucial to be able to recover data and systems, but backup solution are not immune to ransomware attacks. Ransomware can encrypt files on source systems before they are backed up, and if unnoticed, making them useless for recovery in the event of a data loss. This is where ransomware detection offered by GuardMode comes in handy. Providing early detection of ransomware attacks allows you to take immediate action to limit the spread and prevent the attack from encrypting your files unnoticed before they are backed up.

Contact us to learn more about GuardMode and how it can seamlessly integrate with your existing infrastructure and enhance your security posture. We can demonstrate GuardMode in action, and help you integrate and fine-tune GuardMode to fully utilize its potential using your existing infrastructure.

03/22/2023 0 Comments

DPXGuardModeRansomware

Real-Life Ransomware Attacks and How GuardMode Helps to Mitigate the Damage

According to Statista reports, total enterprise data volume was estimated to increase significantly, rising from approximately 1 petabyte to 2.02 petabytes, which represents an average annual growth of 42.2% (Expected enterprise data volume by location 2022 | Statista ). It’s important to note that the majority of this data will be stored in internally managed data centers.

This is a lot of enterprise data. With the fast pace of cloud storage adoption, that is in some cases entirely transparent to the end user, we don’t even realize how much data we collect … and how much we have to protect.

Unfortunately, with the growing amount of data, and its importance, ransomware attacks continue to be a growing concern for businesses of all sizes. In recent years, the number of ransomware attacks has skyrocketed, causing significant damage to businesses and individuals alike. While traditional antivirus and anti-malware software can provide some level of protection, these solutions are often limited in their ability to detect early and track these types of attacks.

GuardMode is a solution that provides an additional layer of protection to a backup and recovery solution, specifically for ransomware and ransomware-like threat detection. GuardMode helps detect and alert administrators about suspicious activity in real-time, minimize the impact of an attack on the user’s data and systems, and help roll back just the affected data, without having to revert to a full point-in-time snapshot. In this blog post, we’ll explore two real-life examples of ransomware attacks and how GuardMode detects their abnormal behavior and then helps to mitigate and recovery from the damage.

WannaCry Ransomware

WannaCry is one of the most famous ransomware attacks of all time. This strain of ransomware was discovered in May of 2017, and it quickly spread across the globe, infecting hundreds of thousands of computers in over 150 countries. The WannaCry attack used a vulnerability in Microsoft Windows to spread rapidly and infect systems. Reporter Connor Jones of ITPro points out in a recent article that many fail to realize that after 5 years, WannaCry’s ghost, still actively lurks on the ransomware landscape.

GuardMode, with its real-time monitoring’ and behavior-based detection techniques, as well as built-in decoy files deployment, is able to detect the abnormal file access patterns and unusual process execution associated with WannaCry. The software would then alert the backup admin and IT operations team immediately, allowing them to take action before the ransomware had the chance to encrypt their files.

With support for both Windows and Linux machines, GuardMode can detect suspicious patterns and ransomware-specific extensions on file shares. Repeated alerts trigger an automation that would lock down file-shares to read-only and would alert the IT and Security teams to take action immediately.

Furthermore, by integrating GuardMode with a backup and recovery solution such as Catalogic DPX, the orginazation gains an additional layer of recovery. Through the usage of a REST API and syslog, administrators get an option to automate on-demand snapshots or backups, and gain the ability to roll back just the affected data, given GuardMode is tracking all the encrypted files on the system.

Ryuk Ransomware

Ryuk is another well-known strain of ransomware that has been responsible for significant damage in recent years. Ryuk is typically used in targeted attacks against large organizations, and it is known for its ability to cause substantial damage in a short amount of time. It’s important to remember that typically during a malware attack, the attackers map the network, identify critical systems and gather information about the target’s infrastructure, so later they can use techniques such as Remote Desktop Protocol (RDP) or Server Message Block (SMB) to move from one compromised system to another, escalating privileges and expanding their control over the network. Once the attackers have control over the target network, they run the Ryuk ransomware and encrypt files on the file shares, workstations, and servers. The ransomware will typically also delete shadow or backup copies of files and stop certain critical services.

With GuardMode in place, the software is able detect the abnormal behavior associated with Ryuk. With the ability to track file activity, GuardMode could be configured to detect new binaries being installed on systems where no installations should be performed. This allows IT admins to take action before the ransomware had the chance to encrypt their data. Additionally, as Ryuk is a rapid encryption ransomware, GuardMode can quickly detect typical thresholds being surpassed and send an alert allowing Administrators to take immediate action. Ryuk is known to place a RyukReadMe.txt file that contains detailed information about ransom payment – that is yet another thing that GuardMode is looking for to warn users as soon as possible. Furthermore, by integrating with a backup solution, GuardMode can make a copy of backup data available for recovery through a guided recovery mechanism, even if the ransomware was successful in encrypting files.

Conclusion

Ransomware attacks are a growing concern for businesses of all sizes, and traditional antivirus and anti-malware software can only do so much. Recent research from IBM (Cost of a data breach 2022) found that the average breach lifecycle takes 287 days, with organizations taking 212 days to initially detect a breach and 75 days to contain it. The same study revealed there was a 94.34% reduction in the average duration of ransomware attacks between 2019 and 2021, from over two months to just a little more than three days. Taking the above into account, it’s clear that with the advanced and more sophisticated ways of avoiding heuristic-based detection mechanisms, it’s more challenging to detect and block malicious software. GuardMode, with its real-time monitoring and behavior-based detection techniques, provides an additional layer of data protection that can do early detection and alert the administrator or other systems of these types of malware attacks.

By integrating GuardMode with a backup and recovery solution like Catalogic DPX, businesses can minimize the impact of a ransomware attack and ensure the rapid and precise recovery of their data. DPX offers an integrated web-based management console for GuardMode, allowing for easier configuration, maintenance, and alerting.

Contact us to learn more about GuardMode and how it can enhance your security posture and how can it seamlessly integrate with your existing infrastructure. We will demonstrate GuardMode in action, and help you integrate and fine-tune GuardMode to fully utilize its potential using your existing infrastructure.

02/13/2023 0 Comments

DPXGuardModeRansomware

Ensuring the Data Integrity of your Backups with GuardMode

The Case for Ensuring Data Integrity

While writing a long term paper, I accidentally overwrote and replaced a long passage with a single character – the unintended consequence of a Select All and an accidental keyboard press. I didn’t realize that a good portion of my paper was gone until I went back to proofread it, and I had to go back through multiple versions only to discover that the error had been saved in those versions as well. While it took me another couple of hours to rewrite the section, it taught a valuable of lesson in that just because you have a saved copy, the data contained within it may not be the data you expect or want.

Such is true in today’s environment where unscrupulous actors encrypt data for ransom and even your backup copies may not spare you from the fallout when those copies were affected with ransomware as well. Data protection has always been multi-faceted by concerns regarding recovery point objective (how often to backup, how long to retain the backup) and recovery time objective (how quick to recover in the event of data loss). There are very few solutions that look at the data integrity and data validity − is the data that is being restored the data that I want?

GuardMode is an add-on feature set to DPX that was built to address this concern and help ensure the data integrity of your backups.

What does GuardMode do?

DPX GuardMode actively monitors filesystem activity on the backup clients that you are protecting within DPX and identifies data that may have been compromised. From an architectural perspective, there is a GuardMode agent that needs to be installed on the client server that will be monitored.

As users interact with the filesystem on the server, the GuardMode agent will detect this activity and alert administrators on violations to configurable rulesets defined by the system administrator.

Early Detection Strategies

In addition to default behaviors that alert based on file properties like file entropy, the value associated with randomness of a file where higher entropy values could signify encrypted data. Backup admins are able to customize what they classify as violations via:

Blocklist– The blocklist is a list of file types/extensions that a user does not want on their filesystem. It can be automatically updated and populated directly from the Catalogic support webserver and exceptions can defined within the DPX user interface. By using a blocklist, administrators can receive alerts when these files (most of them are known ransomware file types) land on the filesystem.

Honey Pots – A honey pot is like a booby trap, put in place to alert an administrator when users are making modifications to a folder location that has been designated as a honey pot. When a file modification occurs to a honey pot, the trap is sprung and an administrator is notified that someone is making changes to files that should not change.

GuardMode Proactive Detection Strategies

Threshold Monitoring

Threshold violations occur when I/O operations exceed a limit. Users can configure these limits based on frequency, interval scanning, and other parameters that sum to a weighted value. For example, a server which typically doesn’t have much activity in terms of filesystem changes suddenly has over 100K file writes in 30 secs should raise an alarm that something outside of the ordinary is occurring. This type of monitoring can raise a flag and allow an administrator to investigate more deeply and follow-up with the appropriate user making those changes.

Restoring the Data You Need

Data protection is more than just backup and restore. It needs to be multi-faceted to address the many ways in which data can be backed up and how quickly that data can be restored and reused. DPX addressed these concerns by providing a block level incremental backup and a disk to disk to tape/cloud (3-2-1) backup strategy as well as multiple options for restoring data like Instant Access, Bare Metal Recovery, and Instant Virtualization. Now with GuardMode, DPX can help ensure the integrity of the data that is being protected so that the data you restore is the data you want.

Come check out some videos on the YouTube page for an overview and demonstration of GuardMode.

GuardMode is continually evolving and becoming even more tightly integrated with DPX. In the future, we will tie early detection and recovery capabilities even further by using analytics and metadata from GuardMode to help with guided restore capabilities in DPX. Then you too can hopefully avoid having to put on another pot of coffee at 2AM trying to finish a project due the next morning.

02/01/2023 0 Comments

DPXGuardModeRansomware

DPX 4.9 Adds Proactive Ransomware Shield for Linux and Improves Quality of Alerts for Backup Admins

We are pleased to announce the release of Catalogic DPX 4.9, where we continue to build upon our commitment to providing one of the most cyber resilient data protection and backup coverage matrices for private, public, and hybrid-cloud environments. This release adds to our industry leading ransomware recovery and cyber resilience features by building on the DPX GuardMode for Windows capability made available in DPX 4.8.1.

GuardMode provides proactive monitoring for early detection and notification of suspicious activity along with identifying and enabling the recovery of any affected data. Before DPX 4.9, this feature was limited to Windows, but DPX 4.9 now offers GuardMode for Linux servers and Samba shares. In addition, backup administrators can now benefit from increased quality of alerts, where GuardMode measures the level of file entropy and compares known magic signatures on files suspected to be impacted. GuardMode uses active, live forensic techniques instead of analyzing backup data that lags security incidents by several hours, days, and even weeks.

DPX 4.9 also delivered improvements to the web-based HTML UI, including support for Block Backup, Restore, and support for archival of those block-based backups. We also added several improvements to different DPX services, including reporting and event service monitoring.

We have also added several improvements to the use of DPX vStor in this release. This includes the ability to archive backup copies from a replicated vStor, multi-factor authentication, and an easier way to install vStor on a physical server.

And finally, DPX 4.9 includes many general improvements to existing DPX features. All new features of our DPX 4.9 product are listed below:

DPX Cyber Resilience

GuardMode for Linux

Adds a Linux ransomware detection agent with the ability to detect and notify an administrator of possible suspicious activity on the host. This is an upgrade to the already present Windows agent that adds a layer of ransomware detection and alerting to the DPX enterprise.

Encrypted Files Detection and Encryption Tracking

Adds an agent feature that detects encrypted files and tracks the encryption process to provide a list of affected files through a REST API. This allows administrators to improve their understanding of the infection scope as well as provides a list of affected files to restore.

Syslog Support

Adds syslog as a notification target for notifications. This allows administrators to plug in GuardMode agent notifications into their existing security event collection workflows (for example, into a SIEM solution.)

DPX Services

Support for Block Backup and Restore in HTML UI

Adds the option of scheduling Block Backups and all corresponding restore options (File Restore, Instant Access Mapping, Backup Virtualization, Application) to HTML UI. Now, the user can run block backup and restore workloads without relying on the Java GUI by using the HTML UI or REST API, which is faster and opens up new automation or integrations possibility.

Support for Double Protection for Block Backup

Adds option of Double Protection in the HTML UI. The Administrator can now configure Double Protection (Archiving) via the HTML UI more responsively and intuitively. REST APIs are available for this feature as well.

Reporting Improvements

Adds the ability to generate PDF versions of the reports, scheduling of reports, and the option to send them via email. Also introduces a new report for 24-hour job status overview.

Event Service Improvements

Adds more Master Server events to be received by the DPX event service. This allows an administrator to configure granular email notifications for more types of events from DPX services, including backup jobs, status changes and more.

Appliance Operating System Update to Alma Linux 8.7

Migrated the appliance operating system to a downstream Linux distribution from Red Hat and upgraded to a current release.

DPX Core

Archive from Alternate/Replicated DPX vStor

Adds the ability to archive from a replicated vStor. This allows the Administrator the flexibility to configure backup to a primary DPX vStor at a branch office then replicate to a central site vStor, and to also archive data from the secondary vStor to Cloud/Tape/DiskDirectory, and then restore to any location.

Microsoft Azure Blob and Alibaba Object Storage support

Adds Microsoft Azure Blob and Alibaba Object Storage support as Archive/NDMP cloud targets.

Catalog Condense Improvements

Catalog Condense now cleans up Cloud and DiskDirectory storage.

Integrating DPX Core Services to Linux systemd Service Manager

Uses systemd to manage cmagent/nibbler services on RedHat/CentOS 7.6+ and SUSE 12+.

Adding New Platforms for Agentless VMware Backup Proxies

Support RHEL, CentOS, OEL, and AlmaLinux 8.0~8.3 as proxy nodes for Agentless VMware backup.

New BMR ISO for Linux kernel v4.18

New Linux BMR ISO to support Linux kernel v4.18.

DPX vStor – Software-Defined Backup Appliance

Addition of MFA

Adds a Multi-Factor Authentication (MFA) to both UI and console access.

Password Reset Improvements

Adds the ability to reset password on HTML UI.

Physical Installation ISO

Creates ISO installation image that can be used to install vStor on physical appliances.

Summary

For further information on DPX 4.9, see the What’s New in DPX 4.9 document and other resources on the DPX products page. Customers with support can access more detailed information in the release notes on the Support page. For more information on Microsoft 365 and Open VM backups, please see DPX vPlus.

Whether it is ransomware attacks, human error or IT outages, every business needs an affordable and reliable data protection solution like Catalogic DPX to backup and instantly recover data to ensure business continuity. Have a question or want a live demo? Contact us today!

12/14/2022 0 Comments

DPXGuardModeRansomware

Active Ransomware Protection for Your Backup and Recovery Team

Catalogic DPX GuardMode, a new free capability announced in July 2022, provides early detection of ransomware. Combined with the comprehensive workload coverage of DPX and instant recoveries, backup and storage teams using DPX GuardMode will be among the best prepared to recover from a cyberattack. DPX GuardMode is complementary to endpoint and edge protection, monitoring file shares and file system behavior, even over the network, instead of relying on a specific binary fingerprint. GuardMode maintains, and regularly updates over 4000 known ransomware threat patterns, and assesses affected files. Backing up this extensive forensic layer of protection are honeypots as a deception layer to catch ever-evolving types of ransomware strains. GuardMode increases confidence in ransomware detection while identifying and enabling recovery of only the affected data.

GuardMode can:

Proactively monitor file shares and file system behavior, even over the network.
Notify backup and storage teams of suspicious activity and pinpoint the extent of potential damage caused by cyber incidents.
Identify and enable recovery of only the affected data.

Watch this 3-minute demonstration to learn how DPX GuardMode works.

If you would like to learn more about DPX GuardMode, you can request a live demo or contact us.

09/29/2022 0 Comments

DPX

Hyperscalers and Catalogic Partner for Data Protection and Migration

We are excited to announce our partnership with Hyperscalers for delivering a pre-engineered, out-of-the-box appliance for data protection, migration and recovery.

We have been working together for the past 6 months to form this partnership, with Hyperscalers hard at work discovering and testing the extensive capabilities of DPX. Out of this effort Hyperscalers has developed a detailed data protection and migration whitepaper on how to utilise Hyperscalers Storage Servers with Catalogic DPX to deliver an enterprise data protection and migration solution.

Data protection and recovery has for a long time been the Achilles heel of enterprise business continuity. Stories abound of well-known brand names unable to recover from data loss or damage in a timely manner. Exacerbating this problem is the new era of rapid infrastructure flexibility across multi-cloud operations, and the accelerated functional responsiveness made possible via DevOps.

Catalogic and Hyperscalers have observed the increasing overlap of protection and migration activities generally within the industry and have understood that a critical relationship exists between the two. Consequently, we have partnered to develop the DPX Enterprise Data Protection and Migration Appliance. This is a pre-engineered, out-of-the-box solution for protection, migration and recovery that provides a unified range of data management, infrastructure management and risk mitigation capabilities that is unmatched by any other product in the marketplace.

By partnering with Hyperscalers we can offered pre-engineered appliances for data protection, migration and recovery. The data protection appliances scale from 78TB (1U) to 1.4PB (4U) and they are readily available with customers consuming these as building blocks. These building blocks with DPX and vStor integrated deliver next-gen data protection and migration capabilities such as flexible backup and recovery, instant access recovery to meet the most stringent RTOs and built-in ransomware protection.

Working with the team at Hyperscalers has been a pleasure. Just like ourselves they clearly pride themselves on delivering continuous innovation, an awesome customer experience and delivering IT solutions that deliver the best total cost of ownership and value. If you want to learn more about what Catalogic and Hyperscalers can do for your data protection, migration and recovery capabilities? Get in contact with us via info@catalogicsoftware.com

08/25/2022 0 Comments

DPXDPX vPlusRansomware

DPX 4.8.1 Builds on Cyber Resilience with Proactive Early Detection

We are pleased to announce the release of Catalogic DPX 4.8.1, where we have taken a major step forward to enable our DPX customers to be amongst the best prepared to recovery from a cyberattack. This release builds on our foundational ransomware recovery and cyber resilience features to add a ground breaking new capability called DPX GuardMode, that provides proactive monitoring for early detection and notification of suspicious activity along with identifying and enabling the recovery of any affected data.

We also added many customer-driven enhancements including to DPX vStor, and we continued our theme of adding more foundational product resilience to enhance reliability and ability to respond rapidly to any vulnerabilities discovered at a later stage in the lifecycle.

We also announced DPX vPlus for Microsoft 365, a powerful data protection solution for Microsoft 365 and each of its components – Exchange Online, SharePoint Online, OneDrive for Business, and Teams – and DPX vPlus for Open VMs supports platforms such as Citrix Hypervisors, KVM, Nutanix Acropolis or AHV, Oracle VM, Proxmox, RHEV/oVirt, Scale Computing HyperCore/HC3, and XenServer, along with Amazon EC2. DPX vPlus delivers greater workload coverage for an organization’s edge and cloud data.

Let’s review the major new features of our DPX 4.8.1 product. We’ll cover DPX vPlus in a future blog.

DPX GuardMode

With the new DPX GuardMode agent, we added the ability to change your security posture to be more proactive against ransomware posture by providing the ability to detect and get notified of suspicious behavior in your file systems and what files are potentially affected. Initially, this is for Windows only, and we’ll be adding Linux soon. To learn more, please watch this on-demand webinar, Adding Cyber Resilience to your Data Protection Strategy with Early Detection, with industry analyst Evaluator Group and Sathya Sankaran, COO of Catalogic Software.

Foundational Cyber Resilience

We migrated the DPX appliances to a different Linux distribution called AlmaLinux OS, an open-source, community-driven distribution that fills the gap left by CentOS when it discontinued stable releases. We updated the version of the distribution to the 8.5 release, which is 1:1 binary compatible with Red Hat Enterprise Linux.

All the JREs and Java stacks DPX uses have updated to OpenJDK 17.

These changes provide us with the ability to respond more rapidly to any future vulnerabilities discovered at a later stage in the lifecycle.

DPX vStor Management Updates

vStor Updater

This new feature adds the ability to update the appliance from within the vStor UI to new versions without having to interact with the underlying operating system CLI.

Relationship Grouping

One of the areas in which our customers are often commenting is the need to configure synchronization to a secondary vStor on a per-volume basis and not having a clear overview of the health of these individual synchronization sessions.

With this release of vStor, we have added a replication applet on the vStor Dashboard, which provides a graphical of the session status. We have also added the ability to group volumes in replication groups, where each volume will inherit the groups’ replication settings and schedule.

Virtualization Proxy

We released a pre-configured VMware Proxy virtual appliance to ease the deployment of a proxy server in the correct locations for optimized data transfer of the backup data. This is for VMware environments where DPX agentless for VMware is in use.

Deploying DPX and vStor Virtual Appliances in Hyper-V

The DPX and vStor appliances can now be deployed from a mounted ISO on the Hyper-V host and are completely installer driven.

Legal Hold for Amazon S3 Object Lock

You can now add a legal hold on your data on Amazon S3 to protect this data from being overwritten, even after the associated backup job has expired.

Report Enhancements

All reports visible in the HTML5 GUI of DPX have been enhanced and now report on the full dataset of DPX.

Summary

The DPX 4.8.1 release also contains other enhancements and bug fixes of course. For further information on DPX 4.8 and earlier releases, see the What’s New in DPX 4.8 and What’s New in DPX 4.8.1 document and other resources on the DPX products page. Customers with support can access more detailed information on release notes on the Support page. For more information on Microsoft 365 backup and Open VM backups, please see DPX vPlus.

07/13/2022 0 Comments

DPXMicro Focus OES

Granular File Restore and Ransomware Protection for Micro Focus OES Backups

Catalogic DPX and Micro Focus OES Backup

Catalogic Software is not one of those data protection vendors that have abandoned Micro Focus Open Enterprise Server (OES) backups. Catalogic DPX has provided industry-leading Novell backup and recovery for OES and Groupwise products since 1997, and we even pioneered many data protection features such as OES cluster-support and deep integration for GroupWise backup. And unlike many other OES backup vendors, we are still committed to the Micro Focus OES, including full support for Micro Focus OES 2018 SP3 and OES 2023 release.

Unitrends and Micro Focus OES Backup

For decades, Novell and more recently Micro Focus OES customers have relied on Unitrends for OES backup and granular recovery. Using its OES agent, Unitrends allowed users to protect all aspects of their OES environment, including files, directories, and web-application management tools like eDirectory, iFolder and iManager. It also offered the ability to granularly restore individual files and folders, which is extremely important for OES customers since applications like eDirectory are responsible for identity-based management, networked storage, and file directories for employees, clients, and/or students. Though recovery of an entire OES server due to corruption or a disaster is necessary at times, the majority of recovery jobs are lost or accidently deleted files from these directories.

Disappointed and Surprised Unitrends Customers

Unitrends customers have recently been discovering some upsetting news – oftentimes receiving this surprise after they notice their backup jobs have been failing and have opened a support ticket. Post its acquisition by Kaseya, Unitrends has published a list of unsupported operating system agents, including the agent that supports OES backup. Unitrends is treating OES servers like any other virtual or physical machine. It provides server-level backups and restores but without an agent, it has lost the file and object-level granularity that is needed for OES data protection.

What this means for legacy Unitrends customers is that when an administrator receives a request from an employee who accidently deleted an important file, they can no longer recover the individual file. Instead, they need to restore the entire virtual machine and then figure out how to migrate or copy the specific OES object like eDirectory to its original location. This is difficult enough for those customer using OES in a virtual environment and it is near impossibility for those who run their OES on physical machines.

This change in direction by Unitrends is forcing hundreds of customers to either seek alternative backup solutions, or to move away from Micro Focus OES and other operation systems altogether. In fact per their unsupported agent notice: “Unitrends strongly recommends pursuing alternate methods of protecting data residing on these Operating Systems.”

DPX is That Alternative Micro Focus OES Backup Solution

If you are one of those Micro Focus OES or GroupWise customers searching to find that replacement for Unitrends, look no further than Catalogic DPX. DPX has provided industry leading backup and recovery for Novell products since 1997. We have even pioneered many data protection features such as OES cluster-support and deep GroupWise integration. And unlike Unitrends and many other vendors, we have never backed away from our commitment to the Novell family of products, even after the acquisition by Micro Focus.

Catalogic DPX support for OES includes cluster configuration, GroupWise environments, and backup of standalone and shared volumes, eDirectory, etc. It provides the ability to perform full, incremental, and differential backups, and these backups, unlike with Unitrends, can be at the volume, directory, and even individual file level. Then, more importantly, files can be restored with security, metadata, and file-attributes/trustee rights still intact. For more information on OES cluster and GroupWise support, please see Catalogic DPX is the Smart Choice for Micro Focus OES Customers.

DPX even has its own software-defined storage repository called DPX vStor that can act as a flexible and scalable disk directory for your OES backups. Built on open source components, vStor can use any block storage without restrictions, freeing you from expensive Unitrends backup appliances and vendor lock-in. vStor supports data reduction in the form of both deduplication and compression for efficiency and provides point-to-point replication for DR or remote office support.

Protecting your Micro Focus OES Backups from Ransomware

Data Protection is often the last line of defense when it comes to ransomware attacks. DPX delivers a secure data protection solution with instant recoverability to help ensure you can protect your backup data set from ransomware and recover data in an instant when you need it.

With DPX, you have integrated ransomware protection:

Support for the 3-2-1-1 rule provides a robust data protection solution with verified scheduled recoveries for automated recovery testing.
3 copies of your data
2 copies stored on different storage media types
1 of the copies offsite or in the cloud on immutable media
1 copy verified as recoverable
Encryption of backup data in transit over the network and at rest via DPX vStor volume encryption

To learn more, please see Recommendations From FBI Cyber Division on How to Reduce Risk from Ransomware Attacks and watch this free webinar: Protect and Recover Micro Focus OES from Ransomware Attacks.

Now is the Time to Change Your OES Backup Vendor

Just because Unitrends and others are no longer providing the backup and recovery capabilities that you need, it does not mean OES customers are out of options. Catalogic DPX is a proven, cost-effective and reliable alternative, and Catalogic is committed to providing effective, granular Micro Focus OES backup and recovery for all aspects of their environment.

Regarding ransomware protection, if your OES backup solution is not hardened against recent vulnerabilities with all the required patches and updates (remember log4j?), or if it does not provide you with immutable backups with granular recovery, now is the time to make a change.

If you would like to learn more about Catalogic DPX, you can request a live demo or even get a 30-day trial copy to try it for yourself. We’ll be happy to provide a review of your data protection environment and help you set up a proof of concept.

06/29/2022 0 Comments

DPX

vStor – The Ever Beating Heart of a Data Protection Solution

At the heart of every data protection solution is the backup repository where the backup data that the protection solution is protecting resides. The ever beating heart of Catalogic DPX is vStor, a virtual storage appliance. The vStor backup repository is a software-defined, flexible and scalable backup target that frees you from expensive backup appliances and vendor lock-in, unlike many of the current market players.

DPX vStor Backup Repository Architecture

Built on open source components, vStor can use any block storage without restrictions. It supports data reduction in the form of both deduplication and compression for efficiency and provides point-to-point replication for DR or remote office support.

Data Protection Solution

Figure 1. DPX vStor Architecture

vStor can be configured to meet your needs – your choice of physical or virtual servers, any form of block storage and all the leading cloud storage providers, as shown in Figure 2.

Backup Repository

Figure 2. DPX vStor Provides Choice of Server and Storage

With DPX vStor, you can build different backup targets to meet your performance needs. For example, a single vStor virtual appliance to support a ROBO or small environment, or a high-performance vStor built on all-flash storage for your most critical workloads. For backups to and recoveries from a vStor server, both block backups and agentless backups are fully supported.

Once your backup data is safe and sound in the vStor, you then have a choice of options for enabling DR and archive. You can replicate the content to a secondary vStor, and offload to tape or to cloud storage providers such as Amazon S3, Microsoft Azure Blob storage, Backblaze B2, Cloudian, Scality, and MinIO.

Ransomware Protection with vStor and S3 Object Lock

We are all aware ransomware is a growing industry with it being nearly impossible to go a day without seeing an attack impact a business and hit the news headlines. So what can you do?
Please review and follow these recommendations on how to reduce risk from ransomware attacks for ensuring you have integrated ransomware protection and recovery via Catalogic DPX.

With DPX vStor, backups are stored as immutable snapshots and can be offloaded as offline, air-gapped copies of backups. For copies going to cloud object storage, you can enable S3 Object Lock meaning you can store your backup data sets using a write-once-read-many (WORM) model.

S3 Object Lock can prevent your backup data from being deleted or overwritten for a fixed amount of time or indefinitely. You can use S3 Object Lock to help meet regulatory requirements that require WORM storage, or to simply add another layer of protection against unauthorized changes and deletion.

Support for S3 Object Lock is provided for leading cloud storage providers including Amazon S3, Microsoft Azure Blob Storage, Backblaze B2, Wasabi, and more. It’s a really simple process to configure:

Run agentless or agent based backups to vStor
vStor offloads to S3 object storage
S3 Object lock configured within DPX prevents ransomware from tampering with your backup data

Immutable copies can then be restored from the cloud storage in the event of a cyber-attack.

Figure 3. DPX vStor Supports S3 Object Lock

DPX vStor Deployment and Management

Deploying DPX vStor is very slick and simple. Once your DPX data protection solution has been correctly architected and sized you can deploy your vStor in a few minutes and start backing up your data into the vStor.

Day to day management has been designed to be as easy as possible via the vStor user interface which shows the following via the interactive dashboard:

vStor health status
Capacity allocated and free
Compression ratio
Deduplication ratio
Backed up data history for the last day, week or month
Backup storage trend for the last day, week or month
Replication session details per source volume
Type of shared volumes
Disks in use

Figure 4. DPX vStor Day to Day Management

Your Next Data Protection Step

Want to learn more about DPX data protection and the vStor backup repository? Please contact us by form or email and we can quickly provide a product demonstration, our guaranteed low pricing, and a free proof of concept.

05/31/2022 0 Comments

DPXMicro Focus OES

Catalogic DPX is the Smart Choice for Micro Focus OES Customers in Education

In 2014, Micro Focus acquired Novell, in a move that extended the mainframe software provider’s reach into Linux. This acquisition included Novell’s Open Enterprise Server (OES). Micro Focus OES is a server operating system that provides a virtual computing environment and shared network resources, giving it the functionality of an enterprise-scale server operating system. OES consists of multiple modules and components around files, storage, directory, and web application management which are essential for shared files, print networks, driver deployment, identity-based management, and network connectivity for Windows, Mac, and Linux client devices.

Protecting Micro Focus OES Data in an Education Environment

All these things make OES a very useful tool for school districts, universities, and colleges around the world. Having the ability to provide shared network resources to faculty and staff, as well as to students, provides benefits for school administrators. Due to the reliance on these shared resources, protecting the shared files is extremely important.

For a specific school district and an art university, having the need to recover lost or deleted files became an everyday occurrence. For years, they had relied on Unitrends to provide them with granular backup and recovery of their OES data. However, for both organizations, the administrators arrived to work one day and realized that their scheduled backup jobs had failed. As they usually would in these instances, they opened a support ticket with Unitrends. But this time, they were told that OES-specific backups are no longer supported.

Replacing Unitrends with Catalogic DPX for Micro Focus OES

Given Unitrends no longer supports their OES backup agent, these customers would have to instead utilize Unitrends virtual machine snapshots to protect their OES data. With this workaround, they would lose the ability to perform single-file recovery of an OES resource, something they previously did on a regular basis.

Luckily for them, Catalogic DPX provides a replacement for Unitrends that is fully committed to supporting Micro Focus OES. DPX has provided industry leading protection and recovery for Novell products since 1997, and we are committed to continuing that. We have even pioneered many data protection features such as OES cluster-support and deep GroupWise integration. And unlike Unitrends and other data protection vendors, Catalogic has never backed away from our commitment to the Novell family of products, even after the acquisition by Micro Focus. DPX customers will be able to continue to perform granular backup and restores of their Micro Focus OES data.

DPX Cluster-level and GroupWise Support for OES

In Figure 1, the virtual node is labeled as “cluster.” The item “V1” represents the shared resource. Objects oes-lx-c1, oes-lx-C2, and oes-lx-C3 are the server nodes in the cluster.DPX provides intelligent data protection for OES, which begins with being cluster-aware. This means that by using a virtual node concept, where all individual server nodes are represented together as a single entity, DPX is able to ensure that data is not backed up twice (from two different nodes in the cluster), and if a cluster node fails during backup of a shared resource, DPX continues to execute the backup by switching the task through the failover node. This ensures that critical infrastructure information is always protected.

Then, when it comes to recovery, restore of OES data is simplified. The user needs only to select the virtual node object and DPX is smart enough to restore the correct volume. The operator does not need to know the source of the data, or which node performed the backup. This avoids confusion and ensures a quicker, trouble-free recovery process.

DPX support for Open Enterprise Server includes cluster configuration, GroupWise environments, and backup of standalone and shared volumes, eDirectory, etc. It provides the ability to perform full, incremental, and differential backups, and these backups, unlike with Unitrends, can be targeted at the volume, directory, and even individual file level. Then, more importantly, files can be restored with security, metadata, and file-attributes/trustee rights still intact.

Figure 1. DPX OES Cluster

Figure 2. DPX GroupWise Environment

In Figure 2, you can see the layout for DPX GroupWise environment:

(Po) shows Post Office resources
(Dom) shows Domain Objects
(DMS) Document Management Systems Library
Other objects can include Binary Large Objects (Blb), and even (TMP) which are any other directories referenced by /HOME flags

DPX even has its own software-defined storage repository called vStor that can act as a disk directory for your OES backups. vStor will then perform deduplication and com-pression so that your storage is maximized.

DPX is Committed to Micro Focus OES Support

This school district and this art university are just two examples of the many Micro Focus OES customers who have been surprised by Unitrends dropping support for OES. By no longer supporting granular backup and recovery for OES, school administrators would have to resort to full VM restores, to recover a single lost or deleted file. This is simply inefficient and a waste of their time and resources. DPX, on the other hand, is committed to continuing to provide enterprise-level data protection, including the granularity needed for these school districts, universities, and colleges using Micro Focus OES.

If you are like many others and have been left out in the cold with no OES support by your backup vendor, give DPX a try. If you would like to learn more about DPX, you can request a live demo or even get a 30-day trial copy to try it for yourself. We’ll be happy to help you with the trial and provide our expertise to assess your backup environment for ransomware recovery.

05/11/2022 0 Comments