It’s an exciting day with the announcement of vSphere Platinum and vSphere 6.7 Update 1! In this post I will go into a bit more detail about vSphere Platinum, AppDefense, and vSphere 6.7 U1.
vSphere Platinum is a new offering that includes VMware vSphere Enterprise Plus and VMware AppDefense. But this isn’t simply a bundling of two VMware products. vSphere Platinum includes an exclusive vCenter Server plugin that is purpose built for vSphere Platinum and creates the tight integration between these two products. This plugin enables vSphere Administrators the visibility they need into the application security features of AppDefense and allows them to work in close collaboration with Security Administrators to provide a secure infrastructure in a more efficient manner.
As many readers of this blog will already be familiar with vSphere, I will focus more on the capabilities of AppDefense and the new vCenter Server plugin. To provide a primer of what AppDefense does and how it works, I’ll reference this blog post by Wade Holmes and Geoff Wilmington title, “Ensuring Good with VMware AppDefense“. From that post:
Traditional data center endpoint security products focus on detecting and responding to known bad behavior. There are hundreds of millions of disparate malware attacks, with over a million getting added every day. In addition, there is the threat of zero-day attacks exploiting previously unknown vulnerabilities. It becomes a never-ending race to “chase bad” without ever staying ahead of the threat landscape. What if we took an opposite approach to security? What if, instead of “chasing bad” we started by “ensuring good”?
So, to summarize this, AppDefense allows customers to capture and define the known good working state of applications and then defend against anything that is outside of that good state. The above post provides a great overview of how AppDefense works. If you’re more of a visual learner, here’s a good video that provides a good overview as well.
So, assuming you are now at a 100-level with AppDefense (you read the blog and watched the video, right? 😉 ) let’s talk about the vCenter Server Plugin. While the main AppDefense interface provides critical information for Security Administrators, the vCenter Server plugin included in vSphere Platinum is specifically targeted for vSphere Administrators. It is accessed via the vSphere Client and provides a bit of a different lens to the data. The plugin can map the AppDefense data such as processes and threats to the VMs and networks they are occurring in. For example, here is a screenshot of an environment from the view of a Security Administrator in the AppDefense console.
In this console you’ll notice that there is quite a bit of information but what’s missing? There are no references to VMs. For a vSphere Administrator this could be problematic – or at least create extra work to tie this information back to a VM. So, what if we took a similar view and used the vSphere APIs through the vCenter Server plugin?
Here you can see a dashboard that is much more focused on virtual infrastructure objects – Hosts and VMs. This makes is much easier for a vSphere Administrator to monitor and address threats because this allows the administrator to quickly correlate those threats to objects they manage instead of IP addresses or ports. Furthermore, we can see what is happening within an individual VM in the Hosts and Clusters view that we tend to spend most of our time in.
So you can see that the vCenter Server plugin for vSphere Platinum creates a way for vSphere Administrators to easily monitor and collaborate with the Security Team to create an even more secure and efficient virtual infrastructure. The secret sauce here is the new vCenter Server plugin that creates a tight integration between vSphere and AppDefense and is only available via the purchase of or upgrade to vSphere Platinum. As we get closer to general availability for vSphere Platinum we’ll be posting more detailed demos and walkthroughs here on the vSphere Blog and on vSphere Central.