Flexera Cloud Migration and Modernization has upgraded the OS for RN150 and FlexDeploy to Debian 12. The VMware images based on Debian 12 are now available for download. 

Documentation : 

• Release Notes
• User Guide

Cloud Migration and Modernization: 2022 Q1 Release Summary

What’s in this release? Cloud Migration and Modernization has released 5 significant improvements to the Cloud Migration platform (formerly RISC) in Q1 2022, which consist of:

1. Container Reports
   1. Users of Cloud Migration and Modernization can now access a Container discovery report in the ‘Available Reports’ page following and inventory scan, along with a list of evidence for these verdicts. This allows users to unearth containerized workloads during the discovery process. This helps to save significant time and use less manual resources to map out these previously unmapped resources.
2. Performance Improvements
   1. The asset load view within Cloud Migration and Modernization has been optimized to a level of 1000% performance improvement, for more immediate actionable data on view in the product.
3. Navigation from Cloud Migration and Modernization to Flexera One
   1. Cloud Migration and Modernization (Formerly RISC) now offers an easy link in the top banner to navigate to the Flexera One UI, saving time when using multiple Flexera applications.

1. Business Service Mapping Log In within Flexera One
   1. IT Visibility customers will now see a ‘Business Services’ navigation option in the left-hand menu of Flexera one, so that customers who own this solution can easily log in from a single user interface.

1. Cloud Migration Log In within Flexera One
   1. Cloud Cost Optimization customers will now see a ‘Cloud Migration’ navigation option in the left-hand menu of Flexera one, so that customers who own this solution can easily log in from a single user interface.

What’s in this release? Cloud Migration and Modernization has released 4 significant improvements to the Cloud Migration platform (formerly RISC) in Q3/Q4 2021, which consist of:

1. RN150 Validation
   1. Users of Cloud Migration and Modernization can now validate the readings of the RN150 through a series of basic troubleshooting steps like ping, saving both manual effort time and ensuring accuracy for migration efforts.
2. Database Credential Import
   1. Users can now save significant time by bulk importing CSVs to be parsed, improving on the former method of one-by-one import.

1. Improved User Experience
   1. The UI in Cloud Migration and Modernization has been overhauled for a more modern look and feel. A major part of this is the new highlight of stack digest information after the first dashboard page break, for more relevant customer data on login.

1. Subnet Management
   1. Users can now manage multiple subnets at one time, as well as the new ability to remove unwanted subnets for a more manageable and effective cloud migration experience.

1. Solaris Device Discovery
   1. Users now have the ability to discover legacy solaris device technology within Cloud Migration and Modernization, so that they are able to prioritize EOL/EOS for these legacy technologies.

Summary

A high severity (CVSS score 8.1) vulnerability in Apache Log4j 1.2 has been publicly disclosed. The vulnerability has been assigned the identifier CVE-2021-4104. This Apache Log4j component is included in in the RISC Platform releases prior to SAAS-2021-12-29.

Additionally, two vulnerabilities with the identifiers CVE-2021-41527 and CVE-2021-41528 related to the User Interface have been addressed.

This article describes the potential impact of the vulnerabilities on the RISC Platform.

Vulnerability descriptions

The National Vulnerability Database describes the CVE-2021-4104 vulnerability at https://nvd.nist.gov/vuln/detail/CVE-2021-4104 as follows (current as of Jan 20, 2022):

JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration. The attacker can provide TopicBindingName and TopicConnectionFactoryBindingName configurations causing JMSAppender to perform JNDI requests that result in remote code execution in a similar fashion to CVE-2021-44228. Note this issue only affects Log4j 1.2 when specifically configured to use JMSAppender, which is not the default.

An error related to the 2-factor authorization (2FA) can potentially be exploited to bypass the 2FA. The vulnerability requires that the 2FA setup hasn’t been completed.

An error when handling authorization related to the import / export interfaces can potentially be exploited to access the import / export functionality with low privileges.

Mitigation options

1. Log4j 1.2 components in the RISC Platform are not configured to use JMSAppender by default, and so are not exposed to a potential attack through this vulnerability.

    

2. Out of an abundance of caution, Flexera has upgraded the Log4j components in the RISC Platform to version 2.17.0 that is not exposed to the vulnerability with the identifier CVE-2021-4104. This change is included in the saas-2021-12-29 release.

    

3. The changes for the vulnerabilities with the identifiers CVE-2021-41527 and CVE-2021-41528 are also included in the saas-2021-12-29 release.

    

Additional information

Flexera would like to thank Robert Gilbert (amroot) (https://www.linkedin.com/in/robertgilbert808 ) for helping to identify the vulnerabilities with the identifiers CVE-2021-41527 and CVE-2021-41528 under a responsible disclosure process.

Users can create customized business cases that include:

• multiple clouds
• custom instance choices
• buying types
• Predicted resource consumption

This will help build a complete picture of your future in cloud.

• 21% were idle
• 2% were zombies
• Combined, organizations are paying nearly $300 million dollars to just keep them running

The question you should ask yourself is how big is that pie slice in your environment?

Daily we are now tagging servers with their performance profile based on several key metrics collected.

You’ll be able to see where you’re at operational risk from servers performing poorly and where you can find savings by retiring devices.

Our new Executive Summary report samples data and visualizations from across the platform to produce a single, presentable, user experience.  Now you can take users on a quick tour of the platform and the value streams it provides by putting the analysis front and center.

The report can be used in conjunction with your own analysis done in the new Cloud Cost Views, Total Cost of Ownership, and the Migration Scorecard.  In this way you can produce customized presentations to send on to any interested executive sponsor.

• Our new help widget will give users a direct path within the platform to our customer success team. If you have any questions about:
  • how to use a certain report
  • how to accomplish a goal
  • just want to give us some feedback

New features designed to get you better data faster.

We're shipping new features to help prioritize migration and modernization opportunities, enrich geolocation details, and streamline the creation of deliverables for stakeholders.

Modern IT environments have scaled to the extent that human sorting and prioritization techniques are falling short. We put our team to work creating a new scorecard that will take many criteria of an IT estate and your input on the relative importance of those criteria and produce a priority list for whatever decisions you're trying to make.

Especially for solution providers and enterprises planning for cloud migration, they can now create a prioritized migration roadmap/plan in minutes. In addition to cloud migration, this feature will allow users to identify opportunities for containerization.

With the Optimization Scorecard, users can:

• Identify opportunities for application modernization
• Prioritize a DR plan based on your most sensitive/critical apps
• Understand storage consumption for public cloud migration
• Determine application users to build out SaaS opportunities

We've been listening to our users and understand there's a need for organizations to show increased value to executives. Many users were building business cases and summaries for various stakeholders in their organizations and we wanted to make that easier. Now, with a single click you can download a PowerPoint containing detailed metrics about an application stack.

No more taking screenshots and compiling tables into something that's presentable. No more reliance on formatting or exporting Excel sheets. Just press "Download Summary" and you'll be able to open and edit your PowerPoint directly, the way you want it.

Application Summary Exports will enable:

• Streamlined availability of deliverables
• Business case presentations for stakeholders
• Understanding of high-level application metrics

Stay tuned!

Expansion of this feature is coming later this year. What would you like to see in Application Summary Exports? Submit feedback to our team here .

Many of our users have asked for Reserved Instance pricing to better understand spend in cloud and build business cases. Due to this request, we are adding 1 and 3 year RIs for both AWS and Azure US East region.

Our team is currently heads down on a complete revamp of many of our cloud pricing features, so while this is a small step, it will become a giant leap for our CloudScape module!

Geolocation was one of the most popular features in our Balsam release. We received a lot of feedback on how to make it better and we're happy to announce that we have.

Users can easily see all of their geolocated IPs, filter, and find associated flow data with just a few button clicks.