posted

2 Comments

AppDefense users often ask us about integration with automation tools such as PowerCLI. Automation tools like PowerCLI give VI Admins a convenient way to script out deployments and configuration steps for virtual machines (VMs). While there’s no native integration with this tool today, many of the configuration steps for AppDefense are your standard vSphere configurations and thus we can still use PowerCLI.

 

One of the most disruptive configuration steps of AppDefense is enabling Guest Integrity on the VMs that you plan to protect. Enabling Guest Integrity via the AppDefense Manager immediately requires a power cycle of the VM which forces admins to enable Guest Integrity, only when they can afford downtime on those VMs.

 

How is Guest Integrity Configured in VMware AppDefense

 

Let’s talk a little bit about what enabling guest integrity actually does from a configuration standpoint. When we enable Guest Integrity in AppDefense, a new option called “guestIntegrity.enable” is created in the VM’s configuration file (.vmx) and the value is set to “TRUE”. This can be done via the UI in the VM Options under Advanced Configuration.

 

Automating Guest Integrity Enablement for VMware AppDefense

 

Automate Guest Integrity Enablement

 

Now, the title of this post indicates automation, so let’s get into PowerCLI and see how we can perform this action across multiple VMs all without forcing the power cycle. Remember, you will need to perform the power cycle on all of them later for the change to take effect.

 

Since we know enabling guest integrity is just an advanced VM option, we can use the cmdlet “New-AdvancedSetting” to set a new advanced setting on a VM like in the below example where $vm is a VM we obtained using the “Get-VM” cmdlet:

 

Get-VM Eric-JumpBox | New-AdvancedSetting -Name 'guestIntegrity.enable' -Value 'true'

-Confirm:$false
foreach loop that applies to multiple VMs

 

Now, we have the option to apply this to each and every Windows VM individually, but in my opinion that defeats the point of automation all together. Instead, let’s write a simple “foreach” loop to apply this to multiple VMs with a Guest OS type of “Windows”.

 

#Get VMs

$vms = Get-VM | Where{$_.Guest.OSFullName -match 'windows'}

 

#Set Advanced Setting Param

$param = 'guestIntegrity.enable'

 

#Loop to enabled guest integrity in all windows vm's

foreach($vm in $vms){

$vm | New-AdvancedSetting -Name $param -Value 'true' -Confirm:$false

}
foreach loop that applies to multiple VMs

 

The above code gets all VMs with “Windows” as the Guest OS and places them in the variable $vms. Then I set the advanced setting parameter to a variable called $param. From that point we have all the information to start our loop and add this advanced setting to all Windows VMs.

 

Now to verify, we can run the below command to validate the parameter has been applied.

 

Get-VM | Where{$_.Guest.OSFullName -match 'windows'} | Select-Object Name, @{Name="Guest Integrity Enabled";Expression=

{($_ | Get-AdvancedSetting -Name 'guestIntegrity.enable').Value}

}
Automating Guest Integrity Enablement for VMware AppDefense

 

This can be done to VMs while they are powered on and does NOT force a shutdown at the time of execution. That being noted, a complete power cycle will still be required for the change to take effect, but this will offer you more flexibility to schedule your downtime when you can afford to take it.

 

Conclusion

 

AppDefense is a data center endpoint security solution that embeds threat detection and response into the virtualization layer, and uses machine learning to ensure virtual machines (VMs) and applications are running in a known-good state.

 

You can use PowerCLI to automate some of the configuration steps required to deploy and use AppDefense today by following the simple steps above. We hope this blog has helped you on your journey to automation with AppDefense and stay tuned for more automation news. If you’re not leveraging AppDefense today, or would like to learn more please contact sales or visit: https://www.vmware.com/products/appdefense.html.