VMware released a long-awaited AppDefense platform. It is part of vSphere 6.7 U1. It is a completely new product and licensing package. VMware AppDefense is part of a new licensing package – vSphere Platinum. VMware vSphere Platinum is a new edition of vSphere that delivers advanced security capabilities fully integrated into the hypervisor. You've read our post called VMware Tools 10.3.2 Released Fixing PSOD of 10.3.0 and including AppDefense where we've briefly talked about the AppDefense module included in VMware tools.
The AppDefense guest module which is part of the VMware tools is only part of the equation. It works, hands in hands with AppDefense appliance and AppDefense Host Module which is basically a VMware Integration Bundle (VIB) installed on the host. We'll have a look into the architecture, but before, let's say a few words how AppDefense is able to protect a particular VM.
Quote from VMware:
AppDefense understands an application’s intended state and behavior, then monitors for changes to that intended state. Any change from this “known good” state would indicate a threat. This method enables the virtual machine to run in “known good” state rather than trying to detect threats that may not fit a known signature.
As you can see, it kind of a “registers” a state of running VM and then warns any “deviation” from this state.
When you install AppDefense, an OVF/OVA template deploys an on-premises AppDefense Appliance, and connects to the vCenter Server through a registration process. AppDefense Appliance then collects the inventory from the vCenter Server. You can then install AppDefense Host Module on ESXi host and AppDefense Guest Module on the virtual machines where your application workloads are running.
The Technical Architecture of VMware AppDefense
Here are the main components of VMware AppDefense and their details.
AppDefense Manager – It is a multi-tenant cloud service. You can use the AppDefense Manager to define the intended behavior and protection rules of your applications and have a close monitoring of security events and alerts in real time. AppDefense Manager has also a process reputation services, machine learning capabilities, and other.
AppDefense Plugin – It manages a life cycle and real-time visibility directly in the vCenter Server. There are 3 connection modes:
- Offline mode – AppDefense plug-in offers a fully on-premise operating mode with a limited set of functionality.
- Connected mode (online) – the plug-in retrieves process reputation and behavior analysis information from the AppDefense Manager
- Connected mode (SaaS)
AppDefense On-Prem Appliance – a control point for ingress and egress of data from and to the AppDefense Manager. It manages connections to the VMware management components (vCenter Server) and makes outbound connections to the AppDefense Manager.
AppDefense Host Module – It's a new VMware Integration Bundle (VIB) that is deployed on the ESXi host in order to support AppDefense. The Host Module enables virtual machines (VMs) on that host to deploy and run AppDefense. For Windows environments, the Host Module also monitors and ensures the integrity of the Guest Module installed on the VM.
AppDefense Guest Module – required on each VM, delivered with VMware Tools (Windows only) or a one-click installation. The Guest Module collects guest context from the VM and communicates directly with the AppDefense Host Module.
When AppDefense detects anomalies where an application's behaviors deviate from the known state, AppDefense responds by reporting/alerting, isolating the application, or shutting it down completely. AppDefense includes an orchestration capability that can remediate threats in real time without the admin being present.
VMware vSphere Platinum has been released together with vSphere 6.7 U1 and is part of the new licensing strategy from VMware. Currently, there are vSphere Standard, vSphere Advanced and vSphere Platinum licensing packages. It is also compatible with vSphere 6.5.
All the other licensing packages remain the same (vSphere Essentials, Essentials Plus, VSAN, ROBO etc…).
Source: vSphere Blog
VMware vSphere 6.7 U1 Buy/Download links:
vSphere All Editions – different versions of vSphere
VMware vSphere 6.7 U1 Essentials PLUS – full vSphere suite for SMB
VMware vSphere 6.7 U1 Essentials – Good way to start, for small shops.
Per Incident Support Click Here
More from ESX Virtualization
- What is vCenter Embedded Linked Mode in vSphere 6.7?
- VMware vSphere 6.7 U1 Download Now
- What is The Difference between VMware vSphere, ESXi and vCenter
- VMware Transparent Page Sharing (TPS) Explained
- How To Reset ESXi Root Password via Microsoft AD
- How to Patch VMware vCenter Server Appliance (VCSA) 6.7 Offline
- How To do a Dry Run of an esxcli Installation or Upgrade on VMware ESXi
- VMware DRS Entitlement Viewer – Free Tool