Ransomware activity is on the rise, but you don’t have to be taken off guard. Combined with a solid security and disaster recovery strategy, VMware vSphere’s snapshot functionality can quickly and easily help your virtual environment to be protected against these malicious threats with little to no downtime by providing a safe method for testing patches.
A snapshot is a copy of a virtual machine’s disk file at a given point in time. It includes the entire state of all of the virtual machine’s virtual disks, settings, and memory. While a snapshot is smaller than the original virtual machine file, large numbers of snapshots can take up substantial amounts of disk space, be difficult to manage and are not protected in the event of hardware failure. This makes snapshots unreliable as a backup solution for disaster recovery, but ideal for testing and implementing patches and as well as maintaining an easy recovery path should the patch cause harm to your environment.
Testing environments is a common practice in today’s world. However, not every organization can support the resources required to maintain one. With virtualization and snapshots, you don’t need to you can test on a standard virtual machine running in your environment. Just remember to take the snapshot first and then proceed with testing on the virtual machine. Once your testing is complete, revert back to the pre-testing snapshot and it will be like it never happened. Furthermore, should something occur while testing that you wish to research further, you can also take a snapshot while the virtual machine is in that state and use that snapshot for more testing.
Once you have concluded testing your patches and would like to roll out to your environment, remember to take a snapshot of your virtual machine in a “known good” state. Should there be a failure with the patch, you can easily rollback the changes by reverting to the saved snapshot, saving time and stress for your team and downtime for the organization.
As a recap, the key takeaways for how to use snapshots to prevent against ransomware are:
- Always take a snapshot prior to patching and testing.
- Be sure to delete snapshots timely after it is confirmed that the system runs fine or once testing has completed. Excessive amounts of snapshots can take up excessive space and lead to decreased performance for both the virtual machine and host systems.
- If you’d like to monitor changes, take snapshots at various points in the testing process. You can switch between them and still revert back to the original when testing completes.