One of the most critical actions an organization can take is to keep software updated. Updates and patches do not only fix issues that might lead to downtime or improve performance; they often fix security vulnerabilities. There is tremendous collaboration within the security community. VxRail being co-engineered with VMware, we are notified early on plans for security fixes, which enables the VxRail team to validate and prepare pre-qualified security patches quickly.
VxRail HCI system is the only system where all software components are engineered, tested, and released as a bundle. VxRail software bundles may include updates to BIOS, firmware, hypervisor, vSphere, or any included management components. When vulnerabilities are discovered, fixes are quickly developed to mitigate threats regardless of where they are. Update bundles are extensively tested on VxRail hardware platform and the entire VxRail software stack before being released to customers. When VMware makes a patch generally available (GA) for a critical level vulnerability, the VxRail team targets 14 days to validate and release a new VxRail update package and often provides them more quickly. See the following KB article for more information, (requires login to view). Administrators are notified through the HCI System Software when updates are available and can also subscribe to Product and Security Advisories on the . The administrator can download the update bundle directly and initiate or schedule an orchestrated update process. Updates are performed as rolling processes while the system remains online, serving the business. If a reboot is required, the VMs are automatically migrated to other nodes in the cluster before continuing.
Once our customers receive their Dell product, the security program does not end there because new vulnerabilities—particularly software and firmware-related—are discovered regularly across the industry. For this reason, Dell established a Product Security Incident Response Team (PSIRT), responsible for coordinating the response and disclosure for all identified product vulnerabilities per . Dell strives to provide customers with timely information, guidance, and mitigation options to minimize risks associated with security vulnerabilities.
Typically, security updates are released to customers as new threats are encountered. Dell's Security Advisories and Notices are posted on the site. Like the rest of our product security practices, Dell Vulnerability Response Practices are aligned to the , and international standards efforts involving vulnerability disclosure and handling, such as ISO 29147 and ISO 30111.