• While it comes with a high upfront cost, virtualization reduces IT costs and requires less management.
• Virtualization is highly scalable. However, because of how easy it is to create a new server, many companies end up managing more servers than necessary.
• Not all software and hardware are virtualization-friendly.
• This article is for small business owners who want to learn whether virtualization may be right for them.

Virtualization has several benefits. For businesses with limited funds, virtualization helps them stay on budget by eliminating the need to invest in tons of hardware. Virtual work environments also help businesses with limited IT staff automate and outsource routine tasks and centralize resource management. Plus, employees can access their data anytime, anywhere, with any device.

However, virtualized environments have drawbacks too. Here are the major pros and cons of virtualization.

Pros of virtualization

1. Reduced IT costs

Virtualization helps businesses reduce costs in several ways, according to Mike Adams, vice president of product and technical marketing at Ivanti.

• Capital expenditure savings: Virtualization lets you reduce your IT costs by requiring fewer hardware servers and related resources to achieve the same level of computing performance, availability, and scalability. [Related: How to Cut Business Costs]
• Operational expenditure savings: Once servers are virtualized, your IT staff can greatly reduce the ongoing administration and management of manual, time-consuming processes by automating operations, thus resulting in lower operational expenses.
• Data center and energy savings: As you shrink your company’s hardware and server footprint, you lower your energy consumption by cooling power and data center square footage, which results in lower costs. Learn how to make sustainability part of your business model.

Did you know? According to Spiceworks, enterprises with over 1,000 employees have been adopting application virtualization twice as much as small businesses.

2. Efficient resource utilization

Virtualization enables your business to get the most out of your investments in hardware and resources.

“As customer data center environments grow in size and complexity, managing it becomes a burden,” Adams said. “Virtualization can greatly help reduce this complexity by offering resource management capabilities to help increase efficiencies in these virtual environments.”

In contrast, traditional infrastructures that use multiple servers don’t make the most of their setups.

“Many of those servers would typically not utilize more than 2% to 10% of the server hardware resources,” said John Livesay, vice president of Infranet Technologies, a network infrastructure services provider. “With virtualization, we can now run multiple virtual servers on a single virtual host [and make] better use of the resources available.”

3. Scalability

Virtualization is highly scalable. It lets you easily create additional resources as required by many applications, such as by adding extra servers – all on an as-needed basis, without any significant investments in time or money.

IT admins can create new servers quickly because they do not need to purchase new hardware each time they need a new server, Livesay said. “If the resources are available, we can create a new server in a few clicks of a mouse.”

The ease of creating additional resources also helps businesses scale as they grow. “This scenario might be good for small businesses that are growing quickly, or businesses using their data center for testing and software development,” Livesay said.

“Workloads such as Hadoop, SQL databases, Spark, and containers often start off on bare-metal hardware but present new opportunities to be virtualized later on,” Adams said. “Virtualization can now support many new applications and workloads within the first 60 to 90 days on the market.”

Cons of virtualization

1. The upfront costs are hefty.

If you’re transitioning a legacy system to a virtualized one, upfront costs are likely to be high. Be prepared to spend upward of $10,000 for the servers and software licenses. However, as virtualization technology improves and becomes more commonplace, costs will go down.

2. Not all hardware or software can be virtualized.

Not all servers and applications are virtualization-friendly, Livesay said. “Typically, the main reason you may not virtualize a server or application is only because the application vendor may not support it yet, or recommend it.”

Although more software applications are adapting to virtualization situations, there may be licensing complications due to multiple hosts and migrations. Regarding performance and licensing issues, you should check if your business’s essential applications work well in a virtualized environment.

3. It’s easy to get carried away with adding servers.

Keep in mind that one of the main goals and advantages of virtualization is the efficient use of resources. You should be careful not to let the effortlessness of creating servers result in the carelessness of allocating resources.

“Server sprawl is one of the unintended consequences of virtualization,” Livesay said. “Once administrators realize how easy it is to add new servers, they start adding a new server for everything. Soon you find that, instead of six to 10 servers, you are now managing 20 to 30 servers.”

Key takeaway: Virtualization can be extremely beneficial for a business owner looking to scale their company or save on resources. However, make sure your hardware and software are capable of virtualization before making any changes.

Virtualization solutions for small businesses

VMware

VMware offers a wide range of virtualization products and services that make IT less costly and easier to manage for all types of companies, including small businesses. Its end-to-end solutions include vSphere, a virtualization platform known for its high reliability and used by businesses around the world. It delivers powerful computing that can handle multiple workloads with maximum uptime and optimum performance.

Citrix

Citrix offers several virtualization solutions suitable for small businesses. One such solution is VDI-in-a-Box, a scalable desktop virtualization service that is easy to deploy and manage. Anyone with Windows expertise can centrally manage the service and grant user access, reducing desktop management costs like hiring IT certified and purchasing extra equipment and multiple software. Another option is XenApp Fundamentals, a turnkey solution that lets a small business instantly and securely virtualize applications for the entire organization.

IBM

IBM offers many types of virtualization solutions that lower costs and maximize agility for small businesses. Using VMware’s virtualization platform, IBM’s virtualization services provide an enterprise-class IT infrastructure for a small business budget. You can choose from four plans based on your needs: the popular IBM System x, the easy-to-deploy IBM Power Systems, the multi-server IBM BladeCenter, and the advanced IBM PureFlex System Express.

Virtualization certifications

VMware certification

Because VMware certifications are based on its proprietary technology, most notably vSphere, the certifications change as the technology advances. Those who are interested in a VMware Associate certification must pass a single exam, while Professional and Advanced Professional certifications require training courses or a prerequisite certification and an exam. Design Expert certifications are even more extensive.

Citrix certification

For professionals interested in Citrix certification, it offers credentials for virtualization at the associate, professional and expert levels. Associate credentials are earned by passing a single exam, and training is not required. From there, you can work your way up to professional and expert certifications, which require more involved testing.

Cisco certification

The Cisco Career Certification program offers a wide range of certifications, from entry to architect level. Depending on the certification you’re looking to earn, there are various exams and prerequisites. Certifications are valid for two to five years, depending on the type. After that timeframe, you need to recertify by either passing a recertification test or advancing upward in Cisco’s certification program.

Azure certification

Like many other certifications, Microsoft Azure credentials are earned by passing an exam. Azure certification requires a strong understanding of virtual machines, Azure subscriptions, identity management, and six months of experience administering Azure. You can earn various certification levels, from associate to expert. For those looking to earn the Microsoft Certified: Azure Administrator Associate credential, Microsoft offers various self-study materials to help you prepare for the exam.

Sean Peek and Sara Angeles contributed to the writing and reporting in this article. Source interviews were conducted for a previous version of this article.

• Workspace virtualization can increase efficiency and productivity by running all the tools and software an employee may need from a data center rather than a single PC. 
• Businesses can virtualize all devices they use, such as virtualized desktops and VoIP phones. 
• Workspace virtualization can reduce costs and increase the efficiency of IT departments by allowing for the standardization and easy deployment of data and applications to all employees across a company.  
• This article is for business owners and managers who are curious about workspace virtualization and whether it fits their business needs. 

Are you meeting your employees’ tech needs? Workspace virtualization can help. Employees are demanding more from their devices, and IT staff are struggling to meet expectations. Workspace virtualization allows small businesses that want cutting-edge technology but have a limited budget to better fulfill users’ tech expectations while preventing IT staff from becoming overwhelmed.

Workspace virtualization can provide significant benefits to SMBs. Whether a business is looking for greater flexibility for its employees, reduced costs or better IT efficiency, workspace virtualization, if successfully deployed, can help. We’ve put together the following primer explaining how virtualization works and how businesses can benefit. 

What is workspace virtualization?

“Workspace virtualization is the ability to abstract a user’s workflow and untie it from the constraints of the physical desktop,” said Joe Stone, network engineer at Boice.net, a networking and collaboration solutions provider. This means that employees get the same working experience, regardless of their device or location. “A user’s desktop, applications and data can be available to them anywhere because it is no longer dependent upon a single workstation or operating system.” 

One example is desktop virtualization, in which a user’s full Windows workstation can be run from the data center rather than from a single PC, Stone said. “The desktop experience can be accessed from almost any physical device,” he said.  Such is the case at a hospital or clinic, where a doctor can receive a patient’s record in their office, close their session and resume it from a tablet in an test room, Stone noted. “The very same session that was started in the office can be picked back up right where it was left off, even though the location and device used to access it has changed,” he said. [Related article: Virtualization vs. Cloud Computing: What’s the Difference?]

Similarly, workspace virtualization can extend beyond desktops to all the devices that a small business uses.

“You could [virtualize the entire office space by] using laptops, high-speed Internet, video cameras and VoIP [Voice over Internet Protocol] phones,” said Michael Thompson, also a network engineer at Boice.net. “An employee could be sitting at their kitchen table but, through the use of technology, have access to everything that they would normally have access to in the office.” 

Workspace virtualization can also be used by employees outside the office. For instance, most Boice.net engineers are in the field every day with just a laptop, cell phone and, when available, an internet connection, Thompson said. The tools they rely on include virtual private networks (VPNs); externally available email through Microsoft Exchange’s Outlook Anywhere protocol, which is accessible via Webmail, cell phones and Outlook; instant messaging client Jabber; and web conferencing, desktop sharing and online collaboration software Webex.

“These tools allow us to stay in contact with the main office, as well as other engineers [who] may be able to lend a helping hand,” Thompson said.

Key takeaway: With workspace virtualization, a business can host everything an employee needs for their work in a data center. This allows an employee to log in and access their desktop environment, along with all data and applications, from any physical device. 

What are the benefits of workspace virtualization?

Workspace virtualization offers several benefits, such as greater IT efficiency, reduced costs and a better employee experience. 

Greater IT efficiency

Workspace virtualization provides greater efficiency for IT administrators because it streamlines the management of devices while meeting employee expectations.

“Workspace virtualization centrally manages the key elements of a user’s computing experience,” said Sean Donahue, lead account director at Ivanti, an IT solutions provider. It ensures that users have the right mix of IT services based on key elements, such as their location and devices, he said.

It also simplifies IT management for all users so IT personnel don’t have to tend to individual machines. “By centrally managing the personalization, data and settings separately from the underlying operating systems, devices and delivery platforms, IT is able to reduce the complexity often associated with managing users,” Donahue said.

Workspace virtualization can have a major impact when it comes to changing operating systems (OSs). For instance, with Microsoft ending support for Windows XP, companies that have workspace virtualization in place have likely already migrated successfully, Donahue said. “That’s because one of the largest challenges of a migration is restoring a user’s personalization and settings, which, in many cases, must be manually reconfigured when changing OS or devices.” 

However, with workspace virtualization, when a user logs in to a new device or updated OS, all of their settings and customizations will be applied automatically, Donahue noted. “To a user, the migration is seamless, and because of that, the barrage of service-desk calls often associated with a major migration project [is] extremely limited because the experience is familiar and users can continue working as usual.” 

The same holds true for other infrastructure changes, thus making the process much faster and more cost-effective, Donahue said.

Did you know?: Workspace virtualization allows IT personnel to test out system changes or updates on a test virtual machine before rolling it out to the wider company. After confirming an update doesn’t break anything, IT personnel can roll out the change to employee virtual machines easily without any employee interaction

Reduced costs

Workspace virtualization can also lower IT costs for small businesses. It offers not only a platform for centralized management of many resources, but also standardization of equipment and services. Thompson said this results in reduced IT personnel overhead, as they no longer have to support as many desktop or laptop machines, which can be taxing on a small IT staff.

Workspace virtualization also lets businesses have a mobile and agile workforce, which can reduce the cost of office space, Thompson added.

Better employee experience

Workspace virtualization also benefits small businesses because it improves employees’ satisfaction with the company’s technology, including the devices themselves and the benefits of anytime, anywhere access.

“Workspace virtualization allows your workforce to work more efficiently and in a manner that more closely resembles the way they use technology in their personal lives,” Stone said. “People have grown accustomed to instant access to data and applications from anywhere at any time, and can grow frustrated when they don’t have the same access when it comes to their jobs.”

How does a business know if it needs workspace virtualization?

Although workspace virtualization offers many benefits to small businesses, it’s not the right solution for every company. A small business’s decision whether to employ workspace virtualization depends on individual requirements, such as the number and type of users and IT capabilities. [Related article: The Pros and Cons of Virtualization] 

“Complexity is a major driver for implementing workspace virtualization technologies,” Donahue said. “In most cases, as a small business grows past a few hundred users, meeting those users’ expectations can grow more challenging.”

There is also the issue of remote workers, for whom businesses may be looking at desktop virtualization solutions that offer flexibility, he said. “In most cases, the added personalization and security benefits that workspace virtualization can offer for these deployments make the investment worthwhile.”

Tip: If your business doesn’t have dedicated IT staff, or is seeking to free up personnel for other duties, an IT managed service provider (MSP) might be a good fit for you. An MSP can handle a variety of operations, including setting up workspace virtualization.

IT strategy is also increasingly being driven by the need to keep users satisfied and productive, Donahue said. Workspace virtualization can help businesses that fall into this category. “IT departments that are having trouble keeping up with the demand from users can use workspace virtualization as a springboard for improving how IT services are managed.”

This is especially the case for small businesses with limited IT staff and budget.

“Many smaller companies don’t have dedicated IT staff to deal with the daily issues of traditional physical desktop deployment,” Stone said. “There are many desktop or software-as-a-service options available to small businesses that remove the support burden from the organization and turn it into a predictable service fee that is easy to budget for. Small businesses that have a mobile workforce and little to no internal IT support are perfect candidates for these options.” [Related article: What Is SaaS (Software as a Service)?]

Jeremy Bender contributed to the writing and reporting in this article. Source interviews were conducted for a previous version of this article.

Steven S. Warren lives in sunny Florida. His articles and blogs have appeared on websites such as CIO Update, DevX, TechRepublic, SearchTechTarget, Datamation and DatabaseJournal. With more than 15 years of experience writing about technology, Warren's computer certifications include MCDBA, MCSE, MCSA, MCTS, CCA, CIW-SA, CIW-MA, Network+ and i-Net+. He also holds a Bachelor of Arts in English from Florida State University.

(1) The term may erroneously refer to traditional virtualization methods rather than the technique described below (see virtual machine).

(2) A method for splitting a server into multiple partitions called "containers" or "virtual environments" (VEs) in order to prevent applications from interfering with each other. A server running OS virtualization is also called a "virtual private server" (VPS).

The OS virtualization method differs from the traditional "virtual machine" (VM) method, because it shares one operating system just as in the typical user's computer. Decades ago, OS virtualization was built into various Unix operating systems, and it migrated into the Linux world in the mid-2000s. Microsoft also built in containers in Windows Server 2016. Docker is the most prominent software for setting up and managing containers (see Docker).

Advantages Over Virtual Machines (VMs)

In the traditional virtual machine method, each partition includes its own guest operating system, which communicates with the hardware through a virtual machine monitor (VMM). The more VMs running in the server at the same time, the more the entire system slows. However, containers communicate directly to the host operating system just as in a non-virtualized computer, and RAM and CPU cycles are minimized. Depending on the size of the app and required components in each container, hundreds of containers can exist in a single machine.

Most cloud computing providers only support virtual machines; however, containers can be deployed in this environment by running within a virtual machine. See virtual machine, Docker, Kubernetes, Virtuozzo and microservices.

By Joe Mullich

One of the fastest-growing areas of computing, virtualization provides a big payback that until recently was restricted only to big companies. Over the past year, though, small companies have rapidly embraced virtualization as technology advances made it easier to implement.

Virtualization is simple in concept. Traditionally, companies used one physical server to house one operating system and one business software application. This one-to-one matching meant that 90 percent of a server could go unused — a costly waste. Virtualization decouples the software from the hardware, allowing the workloads to be spread more efficiently among fewer physical servers. Storage and computing devices can be virtualized as well.

Here are five ways virtualization gives small and medium businesses (SMBs) an advantage:

1. Save money no matter what your size

Jonathan Hilland, CEO and president of Mindwave Research, was tired of paying $4,000 a month to a data center to house his company’s underutilized servers. The basic business of the 35-employee Mindwave is synthesizing — it consolidates insights from focus groups, interviews and online surveys. And so Hilland wanted to consolidate the company’s IT infrastructure as well.

Implementing a virtualization plan using Dell PowerEdge R710 servers with Intel® Xeon® processors Series 5500, Mindwave consolidated its 25 physical servers down to seven. With less equipment, the company was able to move its servers from the data center into their own 2,000-square-foot office. In addition to the savings in hardware and floor space, the company was able to slash its power and cooling costs by 50 percent partly because the servers are designed to conserve power, with features like fans that speed up and slow down according to the server’s internal temperature. The 
Intel processor automatically puts servers into the lowest available power state while maintaining performance.

Many small businesses think they’re too small for virtualization, but it can make economic sense for companies with as few as three or four servers. Indeed, a study by Principled Technologies, an IT consulting firm, found that virtualizing with one PowerEdge R710 with Intel® Xeon® processors can replace up to seven PowerEdge 2850 servers, resulting in a payback in less than 17 months.

2. Free up staff and grow your business

Time and money are two of the scarcest resources at any small business. Virtualization can save both, preserving precious IT resources and freeing staff from putting out security fires so they can focus on more strategic activities like growing the business.

Hennecke, a 380-employee manufacturer of polyurethane processing equipment, runs its virtualization infrastructure from a single console, which automatically alerts IT whenever it needs to allocate additional resources to a server. “As a result, we save around 50 percent on routine maintenance, which means that we don’t have to do as much overtime and have more resources available for strategic tasks such as developing new applications and supporting end users,” says Peter Ruttka, the company’s network and server systems administrator.

With virtualization, IT staff can respond to business growth by provisioning virtual servers in minutes. For example, when Hennecke needed two new web servers for its sales and finance function, the IT team had the virtual machines ready with just a few clicks of a mouse.

New virtualization advances also help SMBs prepare for growth. For example, Intel® Virtualization Technology FlexMigration gives you the flexibility to virtualize different generations of Intel® Xeon® processor-based servers within the same virtualization pool, giving you the ability to migrate workloads to fewer servers at night to save energy. And if you’re building a data center from the ground up, next-generation virtualization with Intel® Trusted Execution Technology also provides hardware-based resistance to malicious software attacks before the virtual machine boots.

3. Respond to the ebb and flow of business needs

A key advantage SMBs have is their fleet-footedness in responding to changing business conditions. Virtualization enhances this natural agility by creating a flexible IT infrastructure that allows companies to leap on new opportunities immediately and scale back if necessary.

Such flexibility is crucial for Thinkwell Group, a company that designs “immersive entertainment experiences,” like the amusement areas of Snow Dubai, a 24-story indoor ski resort. To create fantastic projects like this, the company’s 70-employee workforce can swell threefold for a short period. Twenty new employees might join a project team for a few weeks to put the finishing touches on, say, the Ice Age Adventure dark ride for MGM’s European theme park, featuring more than 50 animatronic and static characters based on the movie.

Thinkwell relies on virtualization to provide the quick bursts of computing power that its up-and-down workforce needs to meet rigid deadlines. “We can scale to our temporary employment spikes and avoid significant capital expenditures,” says Thinkwell CEO Joe Zenas. “We don’t have to expand our server room every time we have a big project come in. We can get the server power we need by expanding with virtual machines.”

This allows Thinkwell to maintain a lean IT department — just three people — while having global capabilities. With virtualization, small companies have ready access to huge technology resources without paying for a lot of hardware that may not always be needed.

4. Better protection for your crucial data

Virtualization sharply reduces the cost and complexity of disaster recovery (DR), providing peace of mind that key applications and crucial data can be recovered quickly if the worst happens.

Consider HotSchedules, a company that provides tools that helps restaurant managers and employees check schedules, submit requests and exchange shifts using a Web interface, mobile device or toll-free phone service.

“Restaurant managers and their staffs have come to rely on our solutions on a daily basis,” says Ray Pawlikowski, HotSchedules’ president and CEO. “We need to be sure that systems are available 24 hours a day, seven days a week.”

HotSchedules used Dell PowerEdge servers with Intel® Xeon® processors to consolidate its IT 
infrastructure from 50 physical servers to just three. The IT group replicates “snapshot” data (copies of data from a particular point in time) from its virtualized applications and databases and sends it to a secondary site. This helps to ensure customers have continued access to schedule 
information even in the event of a disaster.

With backup happening more frequently and in smaller portions, recovery time can be reduced from hours and days to minutes. Another benefit: HotSchedules can now commit to the stringent service level agreements necessary for attracting and retaining large-scale businesses.

High availability is another key benefit of a virtualized environment that leads to greater customer satisfaction. “Three times in the past month I have had to do maintenance on physical machines. I was able to do it with zero software downtime just by moving a virtual machine over to a host that was running live, and users were never aware of it,” says Jason Snook, vice president of IT for Mindwave. “In the past that was never a possibility.”

5. Untether your business

SMBs whose staff includes road warriors, contract employees and field personnel understand the costs and challenges of a highly mobile workforce. Software updates are a chore to manage across a diverse range of mobile devices. Lost laptops could put critical company data at risk.

Virtualization offers numerous benefits over other forms of remote computing. With software called client hypervisors, which is placed on a tablet or other mobile device, workers can access their desktops and use the same programs on the road as in the office. Meanwhile, IT can control the data and apply patches and other maintenance faster from a centrally managed console.

A major productivity plus: Hypervisor software running on a mobile device captures and stores work locally, which means an employee who loses connectivity can still access his data up to the point that connection was lost. This can be a boon for those who travel to areas with iffy wireless access.

And with more employees carrying crucial data on their mobile devices, virtualization also provides heightened security. Because hypervisor software “encases” data in a protective barrier, people without proper authorization would have difficulty gaining access to the customer files and other important information if a device is lost or stolen.

In turbulent economic times, SMBs need to be ready for anything — from embracing emerging technology that gives you an edge to jumping on new business opportunities. Virtualization allows your IT department to be as flexible and responsive as your business needs to be.

Forward this news to your friends & colleague

Organizations using older versions of VMWare ESXi hypervisors are learning a hard lesson about staying up-to-date with vulnerability patching, as a global ransomware attack on what VMware has deemed "End of General Support (EOGS) and/or significantly out-of-date products" continues.

However, the onslaught also points out wider problems in locking down virtual environments, the researchers say.

VMware confirmed in a statement Feb. 6 that a ransomware attack first flagged by the French Computer Emergency Response Team (CERT-FR) on Feb. 3 is not exploiting an unknown or "zero-day" flaw, but rather previously identified vulnerabilities that already have been patched by the vendor.

Indeed, it was already believed that the chief avenue of compromise in an attack propagating a novel ransomware strain dubbed "ESXiArgs" is an exploit for a 2-year-old remote code execution (RCE) security vulnerability (CVE-2021-21974), which affects the hypervisor's Open Service Location Protocol (OpenSLP) service.

"With this in mind, we are advising customers to upgrade to the latest available supported releases of vSphere components to address currently known vulnerabilities," VMware told customers in the statement.

The company also recommended that customers disable the OpenSLP service in ESXi, something VMware began doing by default in shipped versions of the project starting in 2021 with ESXi 7.0 U2c and ESXi 8.0 GA, to mitigate the issue.

Unpatched Systems Again in the Crosshairs

VMware's confirmation means that the attack by as-yet unknown perpetrators that's so far compromised thousands of servers in Canada, France, Finland, Germany, Taiwan, and the US may have been avoided by something that all organizations clearly need to do better — patch vulnerable IT assets — security experts said.

"This just goes to show how long it takes many organizations to get around to patching internal systems and applications, which is just one of many reasons why the criminals keep finding their way in," notes Jan Lovmand, CTO for ransomware protection firm BullWall.

It's a "sad truth" that known vulnerabilities with an exploit available are often left unpatched, concurs Bernard Montel, EMEA technical director and security strategist for security exposure management firm Tenable.

"This puts organizations at incredible jeopardy of being successfully penetrated," he tells Dark Reading. "In this case, with the … VMWare vulnerability, the threat is immense given the active exploitation."

However, even given the risks of leaving vulnerable systems unpatched, it remains a complex issue for organizations to balance the need to update systems with the effect the downtime required to do so can have on a business, Montel acknowledges.

"The issue for many organizations is evaluating uptime, versus taking something offline to patch," he says. "In this case, the calculation really couldn’t be more straightforward — a few minutes of inconvenience, or days of disruption."

Virtualization Is Inherently a Risk

Other security experts don't believe the ongoing ESXi attack is as straightforward as a patching issue. Though lack of patching may solve the problem for some organizations in this case, it's not as simple as that when it comes to protecting virtualized environments in general, they note.

The fact of the matter is that VMware as a platform and ESXi in particular are complex products to manage from a security perspective, and thus easy targets for cybercriminals, says David Maynor, senior director of threat intelligence at cybersecurity training firm Cybrary. Indeed, multiple ransomware campaigns have targeted ESXi in the past year alone, demonstrating that savvy attackers recognize their potential for success.

Attackers get the added bonus with the virtualized nature of an ESXi environment that if they break into one ESXi hypervisor, which can control/have access to multiple virtual machines (VMs), "it could be hosting a lot of other systems that could also be compromised without any additional work," Maynor says.

Indeed, this virtualization that's at the heart of every cloud-based environment has made the task of threat actors easier in many ways, Montel notes. This is because they only have to target one vulnerability in one instance of a particular hypervisor to gain access to an entire network.

"Threat actors know that targeting this level with one arrow can allow them to elevate their privileges and grant access to everything," he says. "If they are able to gain access, they can push malware to infiltrate the hypervisor level and cause mass infection."

How to Protect VMware Systems When You Can't Patch

As the latest ransomware attack persists — with its operators encrypting files and asking for around 2 Bitcoin (or $23,000 at press time) to be delivered within three days of compromise or risk the release of sensitive data — organizations grapple with how to resolve the underlying issue that creates such a rampant attack.

Patching or updating any vulnerable systems immediately may not be entirely realistic, other approaches may need to be implemented, notes Dan Mayer, a threat researcher at Stairwell. "The truth is, there are always going to be unpatched systems, either due to a calculated risk taken by the organizations or due to resource and time constraints," he says.

The risk of having an unpatched system in and of itself may be mitigated then by other security measures, such as continuously monitoring enterprise infrastructure for malicious activity and being prepared to respond quickly and segment areas of attack if a problem arises.

Indeed, organizations need to act on the assumption that preventing ransomware "is all but impossible," and focus on putting tools in place "to lessen the impact, such as disaster recovery plans and context-switched data," notes Barmak Meftah, founding partner at cybersecurity venture capital firm Ballistic Ventures.

However, the ongoing VMware ESXi ransomware attack highlights another issue that contributes to an inherent inability for many organizations to take the necessary preventative measures: the skill and income gaps across the globe in the IT security realm, Mayer says.

"We do not have enough skilled IT professionals in nations where wealthy companies are targets," he tells Dark Reading. "At the same time, there are threat actors across the globe who are able to make a better living leveraging their skills to extort money from others than if they took legitimate cybersecurity work."

Mayer cites a report by the international cybersecurity nonprofit (ICS²) that said to secure assets effectively, the cybersecurity workforce needs 3.4 million cybersecurity workers. Until that happens, "we need to ramp up training these workers, and while the gap still exists, pay those with the skills around the world what they are worth, so they don’t turn to being part of the problem," Mayer says.

The MarketWatch News Department was not involved in the creation of this content.

Feb 10, 2023 (The Expresswire) -- Desktop Virtualization in Manufacturing Market Size 2023-2029 | New Report (127 Pages) | In This Reports Desktop Virtualization in Manufacturing Market and its business scene, significant issues, answers for relieving the upgrading risk, methodologies, future lookout, and possibilities, Other than the standard design reports, Top Desktop Virtualization in Manufacturing Companies (Parallels International GmbH, Liquidware, Ericom Software Inc., Microsoft Corporation, Tems, Inc.,, Stratodesk, Dell Inc., Huawei Technologies Co. Ltd, Citrix Systems Inc., NComputing, IBM, Red Hat Inc., VMware Inc., Toshiba Corporation) with the best facts and figures, definitions, SWOT and PESTAL analysis, expert opinions and the latest trends around the world.

The MarketWatch News Department was not involved in the creation of this content.

February 07, 2023, 03:24 PM EST

Thousands of servers running older versions of the VMware hypervisor are vulnerable to attacks by the ‘ESXiArgs’ ransomware, according to researchers.

Cybersecurity firm Wiz disclosed research on Tuesday showing that more than one in 10 servers running the VMware ESXi hypervisor are unpatched against a two-year-old vulnerability that is now being exploited in a widespread ransomware attack.

In a blog post, Wiz said that its data shows that 12 percent of VMware ESXi servers remain unpatched against the flaw, and are therefore still vulnerable to an attack from the “ESXiArgs” ransomware.

[Related: Patching Urged For ‘Critical’ VMware vRealize Vulnerabilities]

“Attacks utilizing this vulnerability to install ransomware have been discovered worldwide, though mostly in Europe,” Wiz said in the post.

The targets are “primarily” VMware ESXi servers that run versions of the hypervisor prior to 7.0 U3i, “which are accessible through the OpenSLP port 427.” The vulnerability — first disclosed in 2021 and tracked at CVE-2021-21974 — specifically affects the OpenSLP service in older versions of ESXi, and can be exploited to enable remote execution of code.

The ESXiArgs ransomware campaign has struck thousands of VMware ESXi servers over the past few days, researchers have disclosed.

Data from cybersecurity firm Censys, which was initially reported by Bleeping Computer, shows that 308 servers in the U.S. and 211 servers in Canada are currently impacted by the ransomware. That’s down from 362 U.S. servers and 240 Canadian servers as of Monday evening.

The U.S. and Canada continue to rank second and fourth, respectively, in terms of the countries hardest hit by the ESXiArgs ransomware campaign.

VMware noted that there’s a correlation between the cyberattacks and servers that are either at end-of-support or “significantly out-of-date.”

The OpenSLP service was disabled in ESXi in 2021 starting with ESXi 7.0 U2c and ESXi 8.0 GA, VMware said.

The company said Monday that it’s “advising customers to upgrade to the latest available supported releases of vSphere components to address currently known vulnerabilities,” and that it also continues to recommend that customers disable the OpenSLP service in ESXi.

“VMware has not found evidence that suggests an unknown vulnerability (0-day) is being used to propagate the ransomware used in these latest attacks,” the company said.