In today’s fast-paced digital world, maintaining the integrity and availability of your data is crucial. For businesses using oVirt—a widely adopted open-source virtualization solution—having a robust backup and recovery strategy is not just an option; it’s a necessity. Storware Backup and Recovery offers a powerful, reliable solution for backing up and restoring oVirt environments, ensuring business continuity and data protection. This guide explores how Storware Backup and Recovery can enhance your oVirt infrastructure by providing advanced backup and recovery features.
What is oVirt?
oVirt is an open-source virtualization management platform designed to manage large-scale, distributed server and desktop virtualization environments. Built on top of KVM (Kernel-based Virtual Machine), oVirt provides an enterprise-level solution for virtual machine (VM) management, complete with a web-based interface, robust APIs, and powerful features tailored for businesses of all sizes. However, like any virtualization environment, oVirt requires an effective backup and recovery plan to protect against data loss, system failures, and security threats.
Why Backup and Recovery are Essential for oVirt
→ Data Loss Prevention: Accidental deletions, hardware failures, or software glitches can lead to significant data loss. Backup and recovery ensure that your VMs and data are always recoverable. → Minimize Downtime: A well-structured backup and recovery plan minimizes downtime, keeping your critical applications running smoothly and without interruptions. → Protection Against Ransomware: Cybersecurity threats, including ransomware attacks, can compromise your data. Regular backups serve as a safety net, allowing you to restore your system to a pre-attack state. → Compliance and Audits: Many industries have strict data retention and recovery requirements. Backup solutions help meet these compliance standards by ensuring data integrity and availability.
Introducing Storware Backup and Recovery for oVirt
Storware Backup and Recovery is an enterprise-grade data protection solution designed to integrate seamlessly with oVirt environments. It offers comprehensive backup, recovery, and archiving capabilities, ensuring your virtual machines and associated data are protected, easily recoverable, and managed efficiently.
oVirt Support Matrix
Disk-attachment
Disk Image Transfer
SSH Transfer
Changed-Block Tracking
Minimum version
4.0+
4.3+
4.3+
4.4+
Status
In operation
In operation
Deprecated (for hosts 4.5.0+)
In operation (preferred)
Last snapshot kept on hypervisor for inc. backups
no
yes
yes
no
Hypervisor OS access needed
no
no
yes
no
Proxy VM needed
yes
no
no
no
Key Caveats
full backup only disk attachment process may be slow
data transfer via Manager (<4.4.3)
access to the hypervisor needed
incremental backup require QCOW2 disk format
Key Features of Storware Backup and Recovery
→ Agentless Backup: Storware provides agentless backup for oVirt, which simplifies the backup process by removing the need to install agents on each VM. This approach reduces overhead and simplifies management. → Incremental Backups: Storware uses incremental backup strategies to save only the data that has changed since the last backup, significantly reducing storage requirements and improving backup speeds. → Automated Backup Scheduling: Storware’s intuitive scheduling options allow you to automate your backup processes, reducing manual intervention and ensuring regular data protection. → Efficient Recovery: Fast and flexible recovery options enable you to restore entire VMs, individual files, or specific VM disks, providing a tailored recovery approach based on your needs. → Secure Data Encryption: Storware ensures that your backup data is protected with advanced encryption methods, securing it from unauthorized access both in transit and at rest. → Multi-Tier Storage: With Storware, backups can be stored across multiple storage tiers, including local storage, cloud storage, or even object storage systems, offering scalability and flexibility. → Centralized Management: Manage all your backup and recovery tasks from a single pane of glass, streamlining the administration of your data protection policies.
How Storware Backup and Recovery Enhances oVirt Environments
→ Simplified Backup Management: Storware’s centralized console allows administrators to manage backups across the entire oVirt environment, simplifying the complexity of backup management. → Scalability: As your oVirt environment grows, Storware scales with you, supporting hundreds of VMs without compromising performance or manageability. → Seamless Integration: Storware Backup and Recovery integrates seamlessly with oVirt’s architecture, making it a natural extension of your existing infrastructure. → Improved Performance: The use of incremental and differential backups optimizes performance, reducing backup windows and minimizing the impact on production workloads. → Comprehensive Reporting and Analytics: Storware provides detailed reports and analytics on backup performance, success rates, and storage utilization, allowing for proactive management and optimization.
Implementing Storware Backup and Recovery for oVirt: Step-by-Step
The easiest way is to use the Setup Wizard to make the process easier. However, the manual approach is not rocket science!
1. Installation and Configuration: Begin by installing the Storware Backup and Recovery software on a designated server. Configure the backup server to connect to your oVirt environment via API.
2. Define Backup Policies: Set up backup policies based on your business requirements. Define how often backups should occur, retention periods, and storage locations.
3. Automate Scheduling: Use Storware’s scheduling feature to automate the backup process, ensuring that backups are conducted regularly without manual intervention.
4. Test Recovery Procedures: Regularly test your recovery procedures to ensure that you can quickly restore VMs and data in the event of a failure.
5. Monitor and Optimize: Utilize Storware’s monitoring and reporting tools to keep an eye on backup performance. Optimize configurations based on insights to ensure the best possible performance.
Conclusion
Implementing a robust backup and recovery solution is essential for any organization using oVirt. Storware Backup and Recovery provides a powerful, efficient, and scalable way to protect your virtual environment, ensuring that data loss, downtime, and security threats are mitigated effectively. With features like agentless backups, encryption, and automated scheduling, Storware stands out as a preferred choice for enterprises seeking comprehensive data protection.
About Version 2 Digital
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.
Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.
About Storware Storware is a backup software producer with over 10 years of experience in the backup world. Storware Backup and Recovery is an enterprise-grade, agent-less solution that caters to various data environments. It supports virtual machines, containers, storage providers, Microsoft 365, and applications running on-premises or in the cloud. Thanks to its small footprint, seamless integration into your existing IT infrastructure, storage, or enterprise backup providers is effortless.
Just-in-time (JIT) paradigm reforms the concept of identity and access management by emphasizing efficiency and security through time-sensitive access control and optimal resource provisioning.
It focuses on providing access and resources exactly when they are needed, rather than pre-allocating them in advance. This approach aligns with modern IT demands, where flexibility and precision are crucial.
Difference between Just-in-Time Provisioning vs Just-in-Time Privilege
JIT ensures that users receive permissions only for the duration necessary to complete their tasks. This minimizes the window of opportunity for unauthorized access and reduces the potential attack surface.
This blog will provide a comparative overview of JIT provisioning and JIT privileged access, highlighting how they work, their key components, benefits, and challenges.
What is Just-in-Time Provisioning?
Just-in-time (JIT) provisioning automates the creation of user accounts for single-sign-on (SSO) powered web applications using the security assertion markup language (SAML) protocol. When a new user attempts to log into an authorized app for the first time, JIT provisioning triggers the transfer of necessary information from the identity provider to the application.
This process of information transfer eliminates the need for manual account setup, significantly reducing administrative tasks and enhancing productivity. JIT provisioning ensures a seamless log-in experience for new users while maintaining high security and efficiency by streamlining account creation
How does it Work?
To establish just-in-time (JIT) provisioning IT admins need to configure an SSO connection between an identity provider and the target service provider (web application) and include the necessary user attributes that the service provider requires.
When a new user logs in, the identity provider sends the required information to the service provider via SAML assertions. This automatically creates the user’s account without manual intervention.
To implement JIT provisioning, administrators can use a centralized cloud identity provider or an SSO provider integrated with their existing directory. Moreover, the target service provider (web application) must also support JIT provisioning to ensure smooth operation.
JIT provisioning centralizes the application of authorization policies, providing log-in access based on user roles or groups. For instance, when a developer logs in, they automatically receive all the permissions associated with the developer role, ensuring they have immediate access to the required tools and resources.
Use Cases
Just-in-time (JIT) provisioning is particularly useful for industries with high turnover rates, a need for rapid onboarding, and significant user access management needs. JIT provisioning is most useful for the following industries:
Knowledge Worker: Just-in-Time (JIT) Provisioning serves knowledge workers by automating account creation enabling them to log into new web applications, tools and data across cross different teams or projects. With SSO integration, JIT Provisioning automatically grants access based on roles, ensuring knowledge workers have immediate access to the tools and resources they need, boosting productivity and security.
Retail: Retail environments often experience high employee turnover and need to quickly onboard new staff. JIT provisioning streamlines the process of user lifecycle management, ensuring that new hires can start working with minimal delays.
Healthcare: Healthcare organizations require strict access controls to ensure compliance with regulations such as HIPAA, and do rapid onboarding of new healthcare staff to provide them with immediate access to patient information. JIT provisioning helps maintain security and efficiency in managing healthcare professionals’ accounts.
Last mile delivery: The delivery sector frequently hires new drivers and needs to quickly integrate them into its systems. JIT provisioning facilitates rapid account creation and access to delivery management tools, improving operational efficiency and service speed.
Cab Aggregators: Ride-sharing companies experience high turnover and need to quickly onboard drivers. JIT provisioning helps manage driver accounts efficiently, ensuring that new drivers can start working as soon as possible.
What is Just-in-Time Privileged Access?
Just-in-time (JIT) privileged access is a security practice within privileged access management (PAM). It grants temporary privileged access to devices, applications, or systems, upon user request for a limited time frame. This method aligns with the principle of least privilege (PoLP), ensuring users receive just enough access to perform specific tasks, minimizing the risk of excessive or standing privileges that malicious actors could exploit.
JIT privileged access helps prevent unauthorized access and privilege creep by providing time-limited access, enhancing the overall security posture of an organization. This approach reduces the risks associated with giving users more than required privileges, creating a more secure and controlled environment.
How does it Work?
Just-in-time (JIT) privileged access is a security approach that optimizes control over user log-in based on three critical aspects: location, time, and actions. Here’s a closer look at how JIT access functions:
Location: Access is granted only to specific instances, network devices, servers, or virtual machines where the user needs to perform their tasks.
Time: Permissions are provided for a short, predefined duration, ensuring access is limited to the necessary timeframe.
Actions: Access is tailored to the user’s specific intent, allowing only the actions required for the task at hand.
In a typical JIT access workflow, a user submits a request to access a particular resource. This request is evaluated against established policies, or an administrator reviews and decides whether to grant or deny access.
Once approved, the user performs their tasks within the designated timeframe. After completion, the privileged access is automatically revoked until it is needed again in the future. This systematic approach enhances security and ensures efficient access management within an organization.
Use Case
Just-in-Time (JIT) Privileged Access is particularly useful for industries where sensitive data and systems need to be tightly controlled, and where temporary or task-specific access is common. JIT-privileged access is most beneficial for the following industries:
Banking, Financial Services, and Insurance (BFSI): JIT privileged access is extremely beneficial in the BFSI sector due to the high sensitivity of financial data and transactions. The principle of least privilege is crucial here to prevent fraud and data breaches. JIT access ensures that investigators, auditors, and IT staff only have access for the exact duration required, minimizing risk.
Healthcare: In healthcare, maintaining the confidentiality of patient data and securing medical devices is critical. JIT privileged access allows healthcare professionals to gain temporary access to sensitive information or systems for emergencies or specific tasks, enhancing security and ensuring compliance with data protection regulations.
Education: While JIT access is beneficial in educational institutions for managing IT system maintenance and administrative tasks, its impact may not be as critical compared to the BFSI and healthcare sectors. However, it still adds value by providing controlled, temporary access.
Hospitality: In the hospitality industry, JIT access helps manage and secure booking systems and guest information during special events or high-demand periods. While important, the need might not be as critical compared to industries with more stringent data protection requirements.
Knowledge Workers: Just-in-Time Privileged Access grants knowledge workers temporary elevated permissions for doing specific tasks, based on their location, time, and required actions. This ensures they only access what’s necessary for their job role within a limited timeframe, reducing the risk of excessive access while maintaining security.
Difference Between Just-in-Time Provisioning and Just-in-Time Privileged Access: Key Components, Benefits and Challenges
Just-in-Time Provisioning
Key components of JIT Provisioning
a. Real-time account creation: JIT provisioning enables the user to send a request to generate a user account in real time for accessing a web application.
b. Contextual user account: User accounts are granted according to the user’s role in the organization and the task that is to be performed.
c. Automated account management: JIT provisioning automates the process of managing account creation and deactivation without the intervention of IT admins.
What are the benefits of JIT Provisioning?
a. Efficient onboarding: JIT provisioning streamlines the onboarding process by automating user account creation. New users receive immediate access to necessary resources when they need them, enhancing overall efficiency.
b. Reduced IT workload: Automated provisioning of user accounts, minimizes the manual workload of IT teams. This allows them to focus on more strategic initiatives, saving time and reducing administrative burdens.
c. Enhanced security: JIT provisioning minimizes the risk of unnecessary or excessive access. Accounts are only created when users log in for the first time, ensuring that access levels are appropriate and creating a more secure environment.
d. Quick login experience: JIT provisioning facilitates a seamless user experience, with reduced friction during login. Users gain access to applications through Single Sign-On (SSO) avoiding unnecessary delays.
Challenges of JIT Provisioning
a. Dependency on SAML: JIT provisioning relies on the security assertion markup language (SAML) protocol. Any issues or complexities with SAML can disrupt the provisioning process and affect overall functionality.
b. Limited user assignment control: In some systems, such as project management tools, users can only be assigned roles after their initial login. This limitation can reduce control over user assignment and management.
c. Challenges with offboarding: JIT provisioning often lacks automated offboarding and account revocation features. This can make it difficult for users who no longer need it to deactivate access immediately.
d. Complexity of XML-based structure: The XML-based nature of SAML introduces complexity, which can impact the readability and ease of integration of provisioning processes.
e. Potential for SSO disruption: JIT provisioning is tied to the SAML protocol, making it vulnerable to disruptions in single sign-on (SSO) systems. Such disruptions can affect the overall authentication experience.
Just-in-Time Privileged Access
Key Components
a. Access policies and rules: Access policies and rules outline the conditions under which users can request access to specific resources, ensuring that access is granted only to authorized individuals for legitimate purposes, and complies with organizational security standards.
b. Identity verification mechanisms: Identity verification mechanisms authenticate the user requesting access to ensure that only legitimate individuals with valid credentials are granted entry, preventing unauthorized access to sensitive resources.
c. Time-limited access tokens: Users receive tokens with a set expiration time, allowing temporary access to perform tasks. Once the token expires, access is automatically revoked, reducing the risk of unauthorized privileges.
What are the benefits of JIT Privileged Access?
a. Reduces the attack surface: JIT privileged access reduces the attack surface by minimizing standing privileges, thereby minimizing the risk of malicious users exploiting privileged accounts. Once a task is completed, privileges expire and accounts are disabled, improving the overall security posture.
b. Streamlines access workflow: JIT privileged access automates the approval process for privileged access requests, streamlining workflows for administrators, operations teams, and end-users without compromising productivity. Access can be granted as needed, ensuring operational efficiency.
C. Simplified auditing: Just-in-time access controls privileged sessions and simplifies audits by keeping a detailed log of user activities carried out during the session.
d. Defines third-party access: JIT privileged access facilitates secure, time-bound access for third-party users such as contractors and vendors. Administrators can grant standard users elevated time-based privilege access for tasks like testing and maintenance. Once the time frame expires, the privileged access is automatically revoked.
e. Eases management of privileged accounts: JIT privileged access simplifies privileged user management by eliminating standing privileges, reducing the need for constant password resets and recoveries. Automated tasks include credential rotation, access expiration, and account deletion, with request approvals handled automatically.
Challenges of Just-in-Time Privileged Access
a. Violates zero-trust policy:Zero-trust security policies operate on the principle of “never trust, always verify.” Once JIT access is granted, there is an implicit trust that the user’s actions are legitimate during the active session. If an attacker gains access during this period, they can exploit the privileges without continuous verification.
b. Compliance breach: Implementing just-in-time privileged access can lead to compliance challenges. For instance, if a healthcare organization adopts JIT privilege access and a healthcare professional with JIT access leaks sensitive patient information, this breaches the Health Insurance Portability and Accountability Act (HIPAA) compliance policy which can result in legal and financial repercussions. Similarly, other compliance regulations such as the General Data Protection Regulation (GDPR) and Payment Card Industry Data Security Standard (PCI DSS) can also be violated.
c. User resistance: Due to the perceived inconvenience of frequently requesting access users might experience resistance using JIT privilege access. This resistance can hinder the effectiveness of the ongoing operations and impact overall productivity if users find the process cumbersome or disruptive to their workflow.
d. Implementation: JIT privileged access is a stand-alone feature. Its standalone nature makes it heavily dependent on a service provider such as an IAM or UEM solution. Organizations will need to adopt an IAM or a UEM solution with IAM capabilities to implement just-in-time privileged access within their organization.
Just-in-Time Provisioning vs Just-in-Time Privileged Access: A Tabular Comparison
Features
Just-in-Time Provisioning
Just-in-Time Privileged Access
Focus
Automated provision of user attributes or credentials.
Providing time-based privileged access.
Purpose
Ensures that necessary information is transferred from the identity provider to the service provider (web application).
Ensures users receive just enough access to perform specific tasks for a predefined time frame.
Best Used For
Managing temporary user profiles and accounts.
Elevating user access privilege.
Just-in-Time Provisioning and Just-in-Time Privileged Access: Leverage the Best of Both
Integrating just-in-time provisioning and just-in-time privileged access offers IT admins a balanced approach to managing users and their access. JIT provisioning optimizes resource allocation by providing them when needed, enhancing efficiency and scalability.
Simultaneously, JIT privileged access offers security by granting temporary, time-based access, minimizing the risk of unauthorized use. Together, these practices offer a comprehensive solution that enhances agility in business operations while safeguarding against potential security threats, making them best suited for modern IT environments.
Get in touch with our experts to book a demo and implement just-in-time privileged access with Scalefusion UEM.
About Version 2 Digital
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.
Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.
About Scalefusion Scalefusion’s company DNA is built on the foundation of providing world-class customer service and making endpoint management simple and effortless for businesses globally. We prioritize the needs and feedback of our customers, making sure that they are at the forefront of all decision-making processes. We are dedicated to providing comprehensive customer support services, and place emphasis on customer-centric thinking throughout the organization.
ESET researchers discovered a new China-aligned advanced persistence threat (APT) group, CeranaKeeper, targeting governmental institutions in Thailand. Some of its tools were previously attributed to Mustang Panda by other researchers.
Massive amounts of data have been exfiltrated in the attack against the Thai government.
The group constantly updates its backdoors to evade detection and diversifies its methods to aid massive data exfiltration.
CeranaKeeper abuses popular, legitimate cloud and file-sharing services such as Dropbox, GitHub, and OneDrive to implement custom backdoors and extraction tools.
MONTREAL, BRATISLAVA — October 2, 2024 — ESET researchers have discovered several targeted campaigns against governmental institutions in Thailand, starting in 2023, where massive amounts of data have been exfiltrated. The campaigns misused legitimate file-sharing services such as Dropbox, PixelDrain, GitHub, and OneDrive in the process. Based on the findings, ESET researchers decided to track this activity cluster as the work of a separate threat actor, which ESET named CeranaKeeper. The numerous occurrences of the string “bectrl” in the code of the group’s tools inspired the name: a wordplay between the word beekeeper and the bee species Apis Cerana, or the Asian honeybee. ESET presented its findings about CeranaKeeper and the compromise in Thailand at the 2024 Virus Bulletin conference.
The threat actor behind the attacks on the Thai government, CeranaKeeper, seems particularly relentless, as the plethora of tools and techniques used by the group keeps evolving at a rapid rate. The operators write and rewrite their toolset as needed and react rather quickly to avoid detection. This group’s goal is to harvest as many files as possible and it develops specific components to that end. CeranaKeeper uses cloud and file-sharing services for exfiltration and probably relies on the fact that traffic to these popular services would mostly seem legitimate and harder to block when identified.
CeranaKeeper has been active since at least the beginning of 2022, mainly targeting governmental entities in Asia such as Thailand, Myanmar, the Philippines, Japan, and Taiwan.
The Thai attacks leveraged revamped versions of components previously attributed by other researchers to the China-aligned APT group Mustang Panda, and later, a new set of tools that abuse service providers such as Pastebin, Dropbox, OneDrive, and GitHub to execute commands on compromised computers and exfiltrate sensitive documents. However, the review of the tactics, techniques and procedures, code, and infrastructure discrepancies leads ESET to believe that tracking CeranaKeeper and MustangPanda as two separate entities is necessary. Both China-aligned groups could be sharing information and a subset of tools in a common interest or through the same third party.
“Despite some resemblances in their activities like similar side-loading targets and archive format, ESET observed distinct organizational and technical differences between the two groups, such as differences in their toolsets, infrastructure, operational practices, and campaigns. We also noted differences in the way the two groups accomplish similar tasks,” explains ESET researcher Romain Dumont, who discovered CeranaKeeper.
CeranaKeeper is likely using the publicly documented toolset called “bespoke stagers” (or TONESHELL), which heavily relies on a side-loading technique, and uses a specific sequence of commands to exfiltrate files from a compromised network. In their operations, CeranaKeeper deploys components known to be unique to the group and are deployed in their operations. Furthermore, the group left some metadata in its code that provided ESET with insight into its development process, further solidifying our attribution to CeranaKeeper.
After gaining privileged access, the attackers installed the TONESHELL backdoor, deployed a tool to dump credentials, and used a legitimate Avast driver and a custom application to disable security products on the machine. From this compromised server, they used a remote administration console to deploy and execute their backdoor on other computers in the network. The group deployed a new BAT script across the network, extending their reach to other machines by exploiting the domain controller to gain Domain Admin privileges.
In the attack against the Thai government, the attackers found and selected a couple of compromised computers of sufficient interest to deploy previously undocumented, custom tools. These support tools were used not only to facilitate the exfiltration of documents to public storage services but also to act as alternative backdoors. One notable technique the group uses is GitHub’s pull request and issue comment features to create a stealthy reverse shell, leveraging GitHub, a popular online platform for sharing and collaborating on code, as a C&C server.
For a more detailed analysis and technical breakdown of CeranaKeeper’s tools, check out the latest ESET Research white paper “CeranaKeeper: A relentless, shape-shifting group targeting Thailand” on WeLiveSecurity.com. Make sure to follow ESET Research on Twitter (today known as X) for the latest news from ESET Research.
About Version 2 Digital
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.
Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.
About ESET For 30 years, ESET® has been developing industry-leading IT security software and services for businesses and consumers worldwide. With solutions ranging from endpoint security to encryption and two-factor authentication, ESET’s high-performing, easy-to-use products give individuals and businesses the peace of mind to enjoy the full potential of their technology. ESET unobtrusively protects and monitors 24/7, updating defenses in real time to keep users safe and businesses running without interruption. Evolving threats require an evolving IT security company. Backed by R&D facilities worldwide, ESET became the first IT security company to earn 100 Virus Bulletin VB100 awards, identifying every single “in-the-wild” malware without interruption since 2003.
The Enterprise Linux landscape has experienced no shortage of shakeups in the last couple of years. Now after CentOS 7 EOL, many teams are looking into CentOS alternatives and weighing the value of commercial Linux distros like RHEL, which comes with technical support included, to community-backed free alternatives like Rocky Linux.
Since they are functionally very similar, Rocky Linux vs. RHEL really comes down to differences in cost and support. In this blog, our expert compares the two distributions with consideration for not just upfront costs, but ongoing maintenance, and discusses why it’s wise to pair Rocky Linux with third-party support to reduce your risk.
Rocky Linux vs. Red Hat Enterprise Linux (RHEL)
The main difference between Rocky Linux vs. RHEL is that Rocky Linux is a community-developed, free alternative to RHEL, which is a commercial solution requiring a paid subscription.
Any discussion of Rocky Linux vs. RHEL should also consider the entities behind the projects: Red Hat, an IBM subsidiary since 2019, is the creator of RHEL, whereas Rocky Linux is owned by the Rocky Enterprise Software Foundation (RESF). RESF describes itself as a “self-imposed not-for-profit” company; while they are not a 501(c)3 or 501(c)6 nonprofit organization, they maintain that their designation as a Public Benefits Company (PBC) is to prevent any one corporation, individual, or group of individuals from having too much influence or control over the project.
It’s also worth mentioning that one of the founders of Rocky Linux is Gregory Kurtzer, who was also a founding contributor of CentOS Linux. When Red Hat acquired CentOS Linux and then discontinued it in favor of CentOS Stream, Kurtzer created Rocky Linux as a free alternative to RHEL, which is what CentOS had been.
In terms of functionality and features, Rocky Linux and RHEL are virtually identical. Rocky Linux formerly used the RHEL source code to build their own packages (as did AlmaLinux, Oracle Linux, and many others) but Red Hat’s move to restrict RHEL source code access changed the method by which they maintain compatibility.
Rocky Linux still maintains 1:1 compatibility, but in a different manner than AlmaLinux and Oracle Linux. In a statement from July 29, 2023, Rocky Linux said it obtains the “source code from multiple sources, including CentOS Stream, pristine upstream packages, and RHEL SRPMS.”
The table below illustrates how Rocky Linux and RHEL compare when it comes to factors like licensing, security, package management, and support.
At a glance, this is an easy one: As a community-managed distribution, Rocky Linux is free to install and run, so theoretically the cost is zero. RHEL is a commercial product sold by Red Hat, so users pay annual fees that are based on the number of servers (close to $400/server per year as of this writing).
Calculating the Total Cost of Ownership is a little less straightforward, since it encompasses things like commercial support, hardware costs, complexity, and personnel required to maintain.
Rocky Linux’s goal is to be completely compatible with RHEL, like CentOS was. The packages are all compiled from the same sources and patches. One of the few differences is branding. The redhat-* packages are replaced with rocky-* packages, and branding has been changed so that Rocky is present instead. Other than that, anything that can be installed and run on RHEL will be able to be run on Rocky with no changes.
Rocky Linux vs. RHEL Release Cadence and Lifecycle
Rocky Linux releases closely follow RHEL releases, usually by days or weeks. These brief delays are due to the rebuild process and community-driven development. For example, RHEL 9.3 was released on November 7, 2023, and Rocky Linux 9.3 was released on November 20, 2023.
Get the Decision Maker’s Guide to Enterprise Linux
Explore the top Linux distributions for enterprise in our recently updated guide. Includes in-depth comparisons of the top distros including RHEL, Rocky Linux, AlmaLinux, CentOS Stream, Oracle Linux, Debian, Ubuntu, and more.
Rocky Linux and RHEL have distinct licensing models. Rocky Linux is a community-driven, open source project. It is released under the BSD 3-Clause license, which allows free use, modification, and distribution. There are no licensing or subscription fees associated.
RHEL is a commercial product from Red Hat and requires a subscription license to use. This is generally based on the number of systems and the level of support needed.
Rocky Linux and RHEL offer different levels and types of support.
Rocky Linux doesn’t offer paid support itself. It has community support through forums and documentation. You can also purchase support through third-party vendors like OpenLogic.
RHEL comes with commercial support directly from Red Hat. This includes technical assistance, access to Red Hat Knowledgebase, and dedicated support channels.
Migrating from CentOS to Rocky Linux is relatively easy, at least from version 8 or 9. There is no Rocky Linux 7, so you would have to upgrade CentOS 7 to 8 first, then migrate.
There is a conversion script available from Rocky Linux called migrate2rocky.sh. This will migrate from CentOS 8 to Rocky Linux 8. There is another one called migrate2rocky9.sh for migrating from CentOS 8 to Rocky Linux 9.
This script does a bunch of things, but mainly, it replaces the CentOS repos with the equivalent Rocky Linux repos, then replaces a few specific packages, such as replacing centos-release with rocky-release.
CentOS Stream may have some higher package versions than the point releases due to it being a rolling distribution. The script saves the newer version, but disables the repos so any updates come from the current repos. A later point release should replace those as well.
Red Hat has a similar tool called convert2rhel. You do have to have a valid RHEL subscription to do this, though. There is even an instruqt lab that you are able to run that demonstrates migrating a CentOS system to RHEL. It will convert from CentOS to a current fully supported version of Red Hat.
There are several factors to consider when choosing between Rocky Linux and RHEL. Cost and support are probably the two biggest considerations. RHEL is not free, but the license includes 24/7 technical support from Red Hat, along with updates and patches.
Updates and patches for Rocky Linux are provided by the community, but without enterprise-grade, SLA-backed support. The community does not have SLAs, for example, so you may not get a fix or support for a problem in a time period that works for you or your customers. This is why some organizations may find it necessary to pair Rocky Linux with a commercial support offering, to ensure that any issues are addressed quickly.
About Version 2 Digital
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.
Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.
About Perforce The best run DevOps teams in the world choose Perforce. Perforce products are purpose-built to develop, build and maintain high-stakes applications. Companies can finally manage complexity, achieve speed without compromise, improve security and compliance, and run their DevOps toolchains with full integrity. With a global footprint spanning more than 80 countries and including over 75% of the Fortune 100, Perforce is trusted by the world’s leading brands to deliver solutions to even the toughest challenges. Accelerate technology delivery, with no shortcuts.
On July 19th, several Microsoft users woke up to a blue screen of death instead of a working Windows system. This failure caused a global outage that halted key operations worldwide, including airports, hospitals, and emergency services. There have been many theories about its cause, with some saying it was a cyber attack by Russia or China. However, this outage was unintentionally caused by Microsoft’s cyber security provider, CrowdStrike, one of the world’s leading cyber security companies.
What’s Behind Microsoft’s Global Outage?
In the wake of the event, CrowdStrike founder and CEO George Kurtz took to their blog to tender an apology, explaining the cause of the outage.
On July 19, at 04:09 UTC, CrowdStrike rolled out Falcon content, a sensor configuration update for Windows systems. This update protects the Falcon platform. The sensor configuration, called Channel Files, is usually updated several times a day to keep up with CrowdStrike’s discoveries of techniques and procedures.
However, the update contained a defect that they had missed. The defect triggered a logic error, which caused Windows systems to crash, leading to the system showcasing a blue screen of death. The outage affected users running Falcon sensors for Windows 7.11 and higher.
However, this failure doesn’t affect other operating systems like Linux and Mac. It only affected Microsoft Windows because the update was designed for it. So, while the fault was caused by the popular cybersecurity company CrowdStrike, Microsoft users bore the brunt of the failure. CrowdStrike also provided a detailed technical analysis of the incident.
About CrowdStrike
CrowdStrike is an American cybersecurity technology company located in Austin, Texas. The company provides several cyber security services including advanced malware detection, endpoint threat hunting, endpoint activity monitoring, endpoint lockdown and containment. They have helped to investigate major cyberattacks like the Sony Pictures hack in 2014 and Russian cyberattacks on the Democratic National Committee in 2015 and 2016.
CrowdStrike Falcon, one of its platforms, is a multipurpose platform that helps to stop breaches using a set of cloud-delivered technologies. Falcon utilizes robust solutions like next-generation antivirus (NGAV) and endpoint detection and response (EDR). CrowdStrike ranks first for endpoint security market share, making it the biggest provider, serving thousands of crucial organizations.
Besides the July 2024 failure, CrowdStrike has been involved in several small-scale failures, especially those involving Linux OS. This includes a May 2024 incident reported on the Rocky Linux forums where CrowdStrike software froze after an upgrade to Rocky Linux 9.4. There was also the Red Hat incident in June 2024.
The Effect of the Outage
Millions of people were affected following the Microsoft outage. However, according to Microsoft’s estimate, only 8.5 million Windows devices were affected, which represents less than 1% of Windows devices worldwide.
However, while this seems like a minute per cent, the outage effect was widespread because most critical infrastructure services and large organizations use CrowdStrike’s cyber security services, from hospitals to airports.
The most affected sectors were banking and aviation. Banks like the Bank of England couldn’t operate for hours, and airports worldwide, in Europe, Canada, the United States, and India, had to cancel flights or reschedule. Up to 3,000 flights were canceled and over 10,000 were delayed.
In addition to these, train services, restaurants, telecom companies, the stock exchange, and broadcast stations were also affected. Even emergency services experienced some issues, with some 911 services being operated manually. This outage affected tens of thousands of businesses.
Fixes to the Microsoft Outage
Hours after the crash, CrowdStrike released steps to fix the issue, with several users gaining access as early as that morning. However, the process is quite complex and may be difficult for regular users to perform.
This quick fix doesn’t work in all scenarios, and as a result, CrowdStrike and Microsoft engineers and experts have to manually fix some systems, leading to a slow recovery process. Meanwhile, some users have fixed theirs by continuously rebooting their systems.
A day after the outage, Microsoft also released a faster recovery tool than CrowdStrike. Two days later, CrowdStrike announced it was testing a faster recovery technique. The Department of Homeland Security said it has also been working hand in hand with CrowdStrike, Microsoft, and its critical infrastructure partners to address the system outages.
The Microsoft Recovery Tool was last updated on the 22nd as version 3.1. This tool has two repair options: ‘recover from WinPE,’ which produces boot media to help with the device repair, and ‘recover from safe mode,’ which produces boot media so the device can boot into safe mode.
On the other hand, CrowdStrike provided a dedicated hub, offering updated remediation guidance and best practices to resolve the error. Users can watch videos on how to use the host remediation.
For the latest updates, visit the CrowdStrike support portal or Microsoft Azure Status Dashboard. If the stated recovery method doesn’t work, CrowdStrike advises customers to contact their CrowdStrike representatives or Technical support.
Cybersecurity Threats Following the Outage
Several cybersecurity threats have emerged after the incident, as hackers have leveraged the outage to use social engineering techniques to deceive people. As a result of this cyber threat, the United States Cybersecurity and Infrastructure Security Agency (CISA) encouraged users to be vigilant and follow guidance for legitimate sources.
CrowdStrike, through its counter-adversary operations, also published a list of blogs on websites impersonating CrowdStrike and their methods.
Lessons Learnt From the Global Outage
The Microsoft global outage has raised several concerns, such as the effect of over-dependence on a single service provider.
Microsoft averages over one billion users per month, and following the global failure, it’s evident that thousands of organizations, including federal organizations, depend on Microsoft. Also, CrowdStrike owns about 24 percent of the endpoint security market share.
This overdependence is the reason for the system failure’s large-scale impact, grounding tens of thousands of organizations and creating millions of financial losses to several industries. Thus, organizations need to look into diversifying their tech infrastructure to prevent such a complete shutdown. There’s also the issue of cybersecurity’s vulnerability. While this outage resulted from an error, it presents the likely effect of a global cyberattack.
Such large-scale cyber attacks can shut down most of the world’s industries. Thus, there is a need to step up cybersecurity with rigorous methods to prevent malicious activities.
Another issue is the need for a thorough incident response plan to ensure quick recovery. There’s also a need for cyber insurance that considers losses besides cyberattacks, like unintentional acts. With organizations losing millions due to the crash, having cyber insurance will reduce the losses.
About Version 2 Digital
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.
Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.
About Storware Storware is a backup software producer with over 10 years of experience in the backup world. Storware Backup and Recovery is an enterprise-grade, agent-less solution that caters to various data environments. It supports virtual machines, containers, storage providers, Microsoft 365, and applications running on-premises or in the cloud. Thanks to its small footprint, seamless integration into your existing IT infrastructure, storage, or enterprise backup providers is effortless.
