Kicking YARA Series – YARA Post #1

For the last few years I have been working in Product Management at Rubrik. One of the offerings I recently launched was the ability to scan backups of different systems looking for Indicators of Compromise (IOCs). These IOCs are intended to help identify systems that have been compromised and are showing malicious activity. The IOC is an indicator of such activity.

When an IOC is file based, if you have access to the backups of the system, you essentially have a time-series history of that system that you can scan for those IOCs. This can helps you to identify details about the initial infection, when it first landed etc., without relying on the primary system being available. At Rubrik we introduced support for scanning for IOCs, using YARA rules (and hashes and file patterns), against the system backups.

You can begin learning more about YARA from the project page, and from the documentation. In this series of blog posts I will share a somewhat eclectic collection of tips, tricks and resources all about YARA and a few things I’ve picked up a long the way.

Stay tuned and I hope you had a Merry Christmas!

Managing Data at Scale in VMware and Hybrid Cloud Environments

Thanks to the VMware User Group I was recently able to share some of my thoughts on managing data at scale across VMware and Cloud environments. In the session I shared some stories covering how operators were managing data using VMware capabilities like vSphere’s DRS and Storage Policies, as well as concepts like Rubrik’s SLA Domains. I covered some interesting topics and customer stories, including:

  • Imperative and declarative automation approaches
  • Policy driven management
  • Application of machine learning to data security
  • Managing data across edge, core, and cloud

If this sounds like your kind of thing then watch the webinar on Managing Data at Scale in a VMware and Hybrid Cloud Environment on-demand.

VMworld 2018 Session Recommendations

VMworld 2018 is just a few short weeks away at this point. Many of those reading this post would no doubt have already filled out their schedule, for those of you who have procrastinated however here are a few sessions that I am looking forward to. To make it interesting I’m limiting my recommendations to one per day, while at the show I fully believe you should take advantage of mingling with others in the community and browsing the show floor to get a sense of some of the innovation that is happening around the ecosystem.

Sunday – Demystifying vSAN Management for the Traditional Storage Administrator [HCI1475QU]

As a fan of vSAN and having listened to Pete Koehler on many topics, I’m sure this will be a great session for anyone looking for to get a handle on how vSAN differs from traditional storage.

Monday – Application modernization with VMware Cloud on AWS [HYP2145BUS]

I don’t think I’m going to be able to watch this one live due to other commitments but will be eagerly watching the replay. I’ve presented with Wen before and also watched Aarthi present so I know this will be a great session for anyone attending.

Tuesday – VMware NSX for Service Providers: A Technical View [HYP2406BU]

Service providers networking is an interesting beast. If networking is your thing then this promises to be an interesting session and you can always trust Ray to get into the details and I expect Tina to bring the service provider perspective into the mix.

Wednesday – Confluent Platform: Introduction and Deployment on PKS [CODE5593U]

There’s a lot of excellent sessions happening on Wednesday, one that is a little out of my ordinary area though is this one on running confluent on top of Pivotal Container Services. Should be an interesting change from the usual VMworld topics.

Wednesday Bonus – Ransomware Threat Recovery Using Rubrik Polaris [SAI3712BUS]

I’m going to cheat and share another session on Wednesday just because I know it’s going to be cool and cover one of Rubrik (my employer’s) latest capabilities presented by a couple of excellent presenters. Promises to be enlightening!

If you’d like to learn more about Polaris before this session check out the Polaris announcement blog post

Thursday – Architecting at the Tactical Edge with VMware vSAN and vRealize [HCI1691BU]

I’ve had a bit of an inside view into what has been happening behind the scenes for this session. It’s going to be interesting to hear about some of the more challenging aspects of this project, and how they were addressed. Promises to be an informative and interesting session with some good presenters!

Other Sessions

If the sessions above aren’t enough to fill your schedule there are several more excellent sessions being presented at VMworld this year. Here are a few of my favorite speakers, any of their sessions should be worth your time if you like to skew a bit more technical in your tastes:

  • Rebecca Fitzhugh – has an awesome array of presentations this year, all of which will no doubt be amazing
  • Duncan Epping – let’s just say he knows how to present and is not shy of addressing both the technical details and high level perspectives
  • Christian Dickmann – enjoy listening to his thoughts on simplifying operational management
  • Cody Hosterman – if vSphere storage is your thing, you’ll be at home
  • Christos Karamanolis – always interesting to listen to his forward looking thoughts

There are of course many other great presenters, but hey this list is getting long already!

If you’re attending VMworld this year have a great time! If you want to connect  with me at the conference feel free to reach out to me on twitter @BenMeadowcroft.

Thoughts on Product Management

On my last day at VMware I was pulled aside by Glenn Sizemore who interviewed about me for the “career day” episode of the vSpeaking podcast. Glenn asked me a few questions about my role and I thought it would be helpful to write my responses and add a bit more detail for people who are interested in the Product Management role.

How would I describe Product Management?

Product Management for enterprise software is about building the right products, products that provide real, demonstrable, value to the customer. As a Product Manager you have to be able to get to grips with some of the underlying business challenges faced by customers. Keeping everyone aligned on that north star ensures that, as a team, we spend our effort building something that customers both value and are willing to pay to unlock that value.

How did I decide to get into Product?

I trace my Product Management roots back to my time at a small startup company in the UK called Mobysoft. When I joined as the first full-time employee the company was much smaller than it is now. Being involved at an early stage gave me the opportunity to take on a lot of responsibility, build the engineering team, and develop a new service called RentSense.

In the early days of developing the new service I got to work closely with customers to understand the challenges they were facing and ensure that the product my team were developing was going to hit the mark. That was my first experience on the Product side of the fence and I definitely wanted more.

I decided at this point I was interested in transitioning my career from engineering to Product Management. I made the move to the USA to pursue my MBA and began transition into Product Management.

3 things I love about Product Management?

First, I love the satisfaction of seeing something through from beginning to end. Being able to work with customers to identify their needs and then work on bringing to market technology solutions to solve those challenges and close that loop is hugely satisfying for me.

Second, is the people. I get to work with some incredibly intelligent peers across multiple disciplines. As a former engineer I always appreciate being able to work with high caliber engineers and I have been incredibly honored to have worked with some exceptionally talented people during my times at AWS, VMware, and now Rubrik. Being able to share the context of the customers pain points with the engineering teams is one of the things that I think Product Managers absolutely need to do. Ensuring that customer empathy is baked into the product throughout its execution is how good products are forged.

Third, as a self confessed data geek, I love the opportunity to dive into data. Direct customer interaction is critical to gathering insights, but the qualitative insight has to be married to quantitative analysis. Without this combination it’s all too easy to fall into the trap of building a great solution for just one customer and being a consultancy versus a Product company.

Something people don’t tell you before taking the job?

Probably the biggest surprise for me was the opportunity to work collaboratively across many different teams. Not just cross-functionally with the teams that were involved in delivering the same product, but also with teams across the company working on a variety of different initiatives. Ensuring that as a PM you remain focused is critical, but being open to working with adjacent teams (both within and outside the company) can bring a lot of leverage in delivering value to customers.

Some Thoughts on VMware Cloud on AWS Stretched Clusters

Companies are considering a variety of migration strategies as they are looking to leverage the cloud. For VMware Cloud on AWS (VMC) migration is one of the key use cases that VMware have promoted (alongside Disaster Recovery). A key benefit touted by VMware for their offering is the ability to re-host applications without having to re-platform or re-architect, however, this is not without caveats when it comes to availability and resiliency.

For a customer migrating to the cloud, delivering the right level of resiliency and availability is a key concern. On AWS the Availability Zone is a key building block for designing available architectures. For customers who are willing to re-architect their application, designing the application to ensure resiliency in the face of an AZ loss is critical, as well as ensuring customers are eligible for AWS SLA credits in the event of an EC2 outage! But what options are available for delivering multi-AZ availability when pursuing a re-host migration strategy?

For VMware Cloud on AWS, delivering this re-host capability this is also one of the most significant limitations with what is currently available. When customers provisioned a new SDDC it could only be placed within a single Availability Zone (AZ). The combination of vSphere HA, vSAN’s erasure coding, and VMC’s auto-remediation of failed hosts ensured that failures of the individual bare metal EC2 instances could be handled well. However, there remained an issue of protecting against failures of entire Availability Zones.

With the unveiling of a technology preview of their new stretched clustering capability, VMware is presenting a differentiated offering. Stretched networking, by NSX, and stretched storage, from vSAN, combine with vSphere’s HA to deliver a platform that delivers resiliency against AZ failure, without having to re-architect or re-platform your application to take advantage of multiple Availability Zones. On the vSAN side, the increased costs of mirroring the storage are now offset by the introduction of deduplication and compression support. More details were shared during VMware’s recent Cloud Briefing event and I also spoke about VMware’s plans here during my VMC storage deep-dive session at VMworld.

It will be interesting to see how VMware’s customers evaluate this new offering when it moves out of tech preview status and into General Availability.

VMware Site Recovery VMworld 2017 Session

During VMworld 2017 I shared a tech preview, with GS Khalsa, of the VMware Site Recovery service that’s now available as an add-on to VMware Cloud on AWS. While we’ve already made several enhancements to the service, over and above what you’ll see in the tech preview, I think it still illustrates many of the exciting new options available with VMware Site Recovery today!

Check out the session online

VMware Cloud on AWS Storage Deep-Dive

At VMworld earlier this year I presented a deep-dive on vSAN storage for VMware Cloud on AWS with Matt Amdur. This was an interesting topic as we’d had to deliver some enhancements to vSAN for deployment onto the Amazon EC2 Bare Metal instances, now that they’ve been released there are a few more public details that can be shared!

At VMworld we covered a few key topics including the host and cluster configuration on EC2 Bare Metal instances, how we were operating the storage in AWS that would be a little different from how on-premises customers would operate, and a few peaks into the unique features delivered for VMware Cloud on AWS and a look into our plans.

At the recent re:Invent conference, AWS launched their new EC2 Bare Metal instances. VMware were early customers of this instance and worked collaboratively with AWS to ensure the new bare metal platform was a good platform for running ESXi and vSAN. With the launch of the solution, AWS was more open about talking details on their platform. Check out the session by Aaron Blassius and Matt Wilson sharing details on the new platform we are using for VMware Cloud on AWS.

VMware Cloud on AWS – Disaster Recovery and other use cases

I was lucky enough to be able to share some details about the new VMware Site Recovery service at the AWS re:Invent conference alongside Wen Yu. In the VMware Cloud on AWS technical deep dive and native service integration session we covered some key use cases customers are looking to address with VMware Cloud on AWS including:

  • Disaster Recovery
  • Database Migration
  • Securing web/content management

Check out the session (recorded the day before the official launch) on Youtube

Launch Often! VMware Cloud on AWS

At VMworld, back in August, the first version of VMware Cloud on AWS was launched. Now three months later we’re doing it again! As the Product Manager owning the storage and disaster recovery initiatives it’s been a great experience to work with the joint VMware and AWS teams as we delivered the storage platform for VMware Cloud on AWS (built with vSAN), and are now delivering new Disaster Recovery (DR) capabilities with VMware Site Recovery.

Delivering improved resiliency and DR options has been an important focus for VMware Cloud on AWS. This new capability allows customers to protect their mission-critical workloads running on-premises to VMware Cloud on AWS, or vice-versa. We also support protection between VMware Cloud on AWS SDDCs. This enables customers to protect workloads across different AWS Availability Zones, or even between AWS Regions with the newly announced support for US East (N. Virginia).

It’s also been a great experience to work closely with some of our forward-looking customers as we’ve been developing VMware Cloud on AWS. Listen to one of these early customers share their view of the collaboration between VMware and AWS, and the new capabilities we’re delivering.

More details on the VMware Site Recovery solutions can be found on the VMware Cloud Services site: