VMware Tanzu Application Service Delivers Operational Excellence During Log4Shell

January 25, 2022

Nick Kuhn and Mike Jarvis co-wrote this post.

On two occasions in December 2021, VMware Tanzu Application Service released remediations within 48 hours of critical CVEs being announced. These remediations were both in response to the Log4j saga, enabling VMware customers to defend against attack vectors quickly after the Day 0 event. This quick response is a reflection of the dedication of the VMware engineering teams working on Tanzu Application Service today.

Log4j is a library prevalent in Java ecosystems used by millions of applications everywhere, so the repercussions of this CVE, known as Log4Shell, have been massive. Proof of its impact is the high CVSS score given to this CVE: 10 out of 10.

The events around Log4Shell are burned into the IT community’s memory, as most of the industry scrambled to react to these critical vulnerabilities right before most organizations prepared to go on their end-of-year holiday breaks. With the rapid response and availability of remediations, customers using Tanzu Application Service were able to use the Tanzu Operations Manager to quickly roll out updates to their application platforms, which consist of more than 200 virtual machines in many cases.

Tanzu Operations Manager is powered by BOSH, the core infrastructure management tooling that allows Tanzu Application Service operators to rapidly perform mitigation of their platforms. BOSH will rebuild Tanzu Application Service in a highly automated fashion from known good states, without incurring platform downtime. Without BOSH, a platform mitigation effort could be quite time consuming from a core operational perspective.

VMware's efforts related to this critical vulnerability reinforce that Tanzu Application Service is truly the best place to run your mission-critical applications. Read more about Tanzu Application Service.

Previous
VMware Expands Cloud Foundry Investments for Tanzu Application Service
VMware Expands Cloud Foundry Investments for Tanzu Application Service

With a new board seat and long-term support, VMware continues its commitment to Cloud Foundry and Tanzu App...

Next Video
Log4j and VMware Tanzu Application Service
Log4j and VMware Tanzu Application Service

This video goes into detail on how to perform application and platform mitigation of the Log4j CVEs using V...