VMware AppDefense takes a new approach to application security. What if, instead of “chasing bad” we started by “ensuring good”?

Here are some resources I recommend you review to learn more about AppDefense, and the benefits.

• Excellent Session from VMworld 2018 – Transforming Security in a Cloud and Mobile World (SEC3730KU). You’ll also see a very special live demo where the VMware Red Team and the VMware product and engineering team  perform real attacks on live applications to show how attacks work to penetrate your defenses, and how our new approaches work to thwart them.(demo starts ~20 minutes)
• Blog Ensuring Good with VMware AppDefense
• VMware site Application Security Software – AppDefense
• Link to official VMware App Defense Documentation

I thought it would be useful to walk you through step by step installing & validating the AppDefense architecture.  Stay tuned for a follow up post, where I plan to detail how to create application scopes and protect your applications!  I’m installing AppDefense for vSphere Platinum. Take a look at this official VMware Blog for an overview.  Introducing vSphere Platinum and vSphere 6.7 Update 1!

I’m assuming your environment meets the requirements , you have vSphere Platinum licensing and have already activated your AppDefense account

I’ve detailed the process in 4 main steps,

• Installing AppDefense Plugin & Virtual Appliance
• Installing Host Module
• Installing Guest Module
• Validating Install

Installing AppDefense Plugin & Virtual Appliance

1. Download VMware AppDefense Plugin & Appliance for Platinum Edition from the VMware downloads page 
2. Deploy the OVA. I have a management cluster in my lab, so I deployed there.(I’m assuming at this point you know how to deploy an OVA, choose location, set IP yada yada yada, so I’m skipping those steps)
3. I have very limited resources in my lab,  so once the deployment was complete, I edited the VM’s resources and decreased vCPU & RAM from the OOTB setting.  Don’t do this for production implementations!  Power on the VM
4. Once the VM is powered up,  we need to login and register our vCenter server
5. Connect to the AppDefense appliance via a browser(https://fqdfn) and login with the admin password specified during deployment.
6. Before registering vCenter, let’s setup NTP.  As 90% of problems are either DNS or NTP related 😉
7. Under Configuration, click General.  Then click Edit(top right) and enter relevant details for your environment, make sure to click Save
8. Now click on Registration and enter SSO details.  In my environment PSC is embedded with vCenter so I enter the FQDN of my vCenter and click Register.  *NOTE If you are running an external PSC, considered utilizing the vCenter Server Converge Tool soon as support for external PSC is being deprecated.

   

9. Validate the thumbprint, enter vCenter credentials and click Register 

   

10. vCenter Server details show now be populated, click Register in this section
11. Next, we need to Enable AppDefense Service (SaaS Connectivity Mode).  Launch a new browser window and login to https://appdefense.vmware.com, make sure to select the appropriate region. The App Defense manager is what provides process reputation services, machine learning capabilities, and other additional visibility features for your environment

    

12. Click the settings icon next to your e-mail address(bottom left of the UI) and select Appliances 

    

13. Click Provision New Appliance,  give it a name, click Provision again

    

    

14. When the New Appliance Created window pops up,  copy the contents to clipboard.  We will need those shortly.
15. Switch back to your on prem AppDefense appliance. If your session has timed out,  login then select Registration under Configuration
16. Within the AppDefense Manager section, click Edit. Toggle the SaaS Service setting then past in information from step 14 and click Save
    1. For AppDefense Manager URL paste the value after mgr.endpoint.baseurl=
    2. For Manager UUID paste the value after goldilocks.appliance.uuid=
    3. For Manager API key paste the value after goldilocks.appliance.api-key=
17. Click Yes when asked Do you really want to change AppDefense cloud settings?
18. Validate you see a green check mark next to AppDefense Manager URL

    

 

Installing Host Module

1. If you still have a vSphere Client browser session open, logout and log back in. If not start a new session and login. You should see a message at the top of the screen,  click Refresh Browser
2. To validate the plugin has been successfully installed, click Menu and you should see then AppDefense Icon, click it
3. Validate OnlineTrust Analysis & AppDefense both show as connected
4. Ok, now let’s Install the AppDefense host module. In my lab,  I’m installing on the hosts in my compute cluster. Within the Hosts & Clusters view, select Configure, scroll down to AppDefense, Security then click Install AppDefense

   

5. Review the popup window, assuming you meet the requirements click OK 

   

6. Within a few minutes you should see the screen change to Cluster up to date 

   

Installing Guest Module

Before installing the guest module, ensure the VM meets the system requirements. e.g.  VM Hardware & Tools version

1. Within the vSphere client, select the VM where AppDefense is to be installed
2. Click Configure, scroll down to AppDefense, Security. Select Install AppDefense
3. Review information screen.  NOTE – understand that if the VM has  virtual hardware version less than 13, this will automatically be upgraded for compatibility with AppDefense.  The AppDefense install will will REBOOT the VM. You expand the Advanced section and uncheck the box to enable AppDefense on next reboot if desired. Check the privacy notice and click OK 

   

4. Within a few minutes you should see that AppDefense is installed and up to date

   

5. NOTE – If you run into issues with the automatic guest module install, you can try and install manually.  The Windows guest module is available from the VMware download site

 

Validating Install

1. Within the vSphere Client, click Menu and click the AppDefense Icon

   

2. I can see that as expected, 2 hosts & 1 VM have the AppDefense module installed.  AppDefense is already vetting the processes running on the VM.  11 have been vetted and classed as Low Risk
   
3. Click on the link to Go to AppDefense Manager, in order to login to the AppDefense Service
4. Click the settings icon next to your e-mail address(bottom left of the UI) and select Appliances 

   

5. Ensure you have a recent heartbeat, status of active and can connect to vCenter
6. You can also click the settings icon next to your e-mail address(bottom left of the UI) and select Inventory 

   

7. Within Inventory check Hosts and also VM’s to ensure it is being populated correctly.

Congratulations, you have successfully installed and validated the AppDefense Architecture! Stay tuned for a follow up post, where I plan to detail how to start discovering and protecting your applications!

 

• NSX