VMware vSphere Platinum is an edition of vSphere that delivers advanced security capabilities fully integrated into the hypervisor. You’ve read our post called VMware Tools 10.3.2 Released Fixing PSOD of 10.3.0 and including AppDefense where we’ve briefly talked about the AppDefense module included in VMware tools.
VMware Platinum includes VMware vSphere Enterprise Plus and VMware AppDefense. The AppDefense plugin allows VMware to leverage capabilities in hypervisor and machine learning.
It basically works in a way that makes security simple and easy to operationalize. AppDefense allows you to create a baseline of a virtual machine’s (VM) known good state and it secures VMs by monitoring the VM to look for any changes in this known good state.
If you're hit by malware which would most likely compromise some system, services or other components of an OS, Appdefence detects this change in this known good state and prevent any damage.
The solution does not use agents as Appdefense plugin is installed with VMware tools. However, there is a vCenter Server plugin which integrates all this together. It allows you to manage and do operate the solution.
VMware Platinum – The installation process:
- Installing AppDefense Plugin & Virtual Appliance
- Installing Host Module
- Installing Guest Module
When you install AppDefense, an OVF/OVA template deploys an on-premises AppDefense Appliance and connects to the vCenter Server through a registration process. AppDefense Appliance then collects the inventory from the vCenter Server. You can then install AppDefense Host Module on ESXi host and AppDefense Guest Module on the virtual machines where your application workloads are running.
Overview of VMware AppDefense plugin in vCenter (screenshot from VMware)
VMware Platinum edition – the advantages:
- It uses machine learning to keep the VMs in a good state and any difference from that known state is corrected by AppDefense.
- Appdefense is able to visualize and know your application's behavior in your environment. If any app starts to behave strangely, AppDefense detects that.
- The VMware Platinum edition is able to reduce the attack surface across your virtual infrastructure running VMware vSphere.
- Seamless deployment (agent-less)
- If you have already AV protection, this gets only stronger and enhanced.
- Uses Secure Boot for ESXi which helps protect the integrity of ESXi hosts with code signing when booting up.
- Supports Microsoft Virtualization based security and credential guard from Microsoft which can run on top of vSphere.
- Supports Virtual TPM 2.0 and allows the necessary mechanism for making the guest OS more secure.
View of VMware vSphere console – from the Host and cluster perspective (screenshot from VMware).
AppDefense has automatic responses using vSphere and VMware NSX, with an ability to block process communication, suspend or shut down the endpoint, and snapshot an endpoint for forensic analysis.
The new vCenter Server plugin that creates a tight integration between vSphere and AppDefense and is only available via the purchase of or upgrades to vSphere Platinum. We have announced the news in our post VMware AppDefense Released as Part of the vSphere Platinum Licensing Package.
VMware Platinum has deep integration and works seamlessly with other VMware products such as vSAN, NSX and vRealize Suite to provide a complete security model for the data center.
More from ESX Virtualization
- Free VMware Performance Measure tool for HCI Systems
- VMware NSX-T 2.4 Released – What's New?
- Appliance (OS) root password is expired – vSphere 6.7
- What is vCenter Embedded Linked Mode in vSphere 6.7?
- Better Windows Shell and Terminal Emulator – Cmder
- VMware I/O Analyzer updated – what’s new?
- How to Patch VMware vCenter Server Appliance (VCSA) 6.7 Offline