posted

2 Comments

To answer all of your questions about vSphere and AppDefense coming together to form vSphere Platinum, we hosted a vSphere Tweet Chat featuring our experts. From the team, Arjun Narang, AppDefense Sr. Product Manager, and Bob Plankers, VMware Technical Marketing Architect, joined us to share their valuable insights. We discussed what vSphere Platinum is and how its services deliver better security. But “no spoilers!” Check out the full chat recap:

A1: I like to think of vSphere Platinum as the fort-knox hypervisor, in that you’re getting the full capabilities of the vSphere hypervisor with the added visibility and security of AppDefense. – Arjun 

A1: vSphere Platinum is the solid, secure and mature foundation of vSphere with the application visibility and security that VMware AppDefense brings, using the advantages of the hypervisor and machine learning to secure applications. – Bob


A2: AV only helps with known, existing threats. vSphere Platinum uses AppDefense to understand the intended state and monitor or block any unauthorized changes. vSphere Platinum’s security model enables us to catch known and unknown (zero-day) threats. – Arjun

A2: AV is essentially a curated list of bad things, and it has to be updated constantly in order to be effective. AppDefense flips that around to be a list of things we know are good, and then we can block everything else. – Bob

A2: Want to get past AV? Just recompile your malware or change it a little, and AV has no idea what it is. – Bob


A3: No solution will solve 100% of your issues. When an attacker breaks through the firewall, you can leverage AppDefense to detect and respond to the abnormal behaviors expressed by attackers. – Arjun

A3: Exactly! Ultimately you need to punch a hole in your firewall to get an application, and as such you give an attacker a path to the inside, such is the fundamental problem with firewalls: eventually someone has to use the thing they’re protecting… – Bob

A3: And AppDefense’s visibility can help you harden those firewall policies by gaining a more complete understanding of your existing behaviors and network connections.


A4: Everything is the best use case for vSphere Platinum! Joking aside, the power of VMware’s offerings is that you get an immense amount of choice around what products to use and what hardware or cloud you run them in. – Bob

A4: There’s a good paper on AppDefense use cases: Security Inside the Perimeter with VMware AppDefense. – Bob


A5: Absolutely – you can go very easily between all of the versions of vSphere. AppDefense installation involves an additional virtual appliance to help connect it to the cloud services that power its machine learning. – Bob

A5: Again, lots of choice with VMware products to deploy them so that they fit with what your organization needs. – Bob


A6: AppDefense doesn’t need to use complex algorithms to chase bad behaviors, we only need to monitor the known intended state for any deviations. This, combined with running within the hypervisor, makes for a very minimal overhead. – Arjun

A6: The AppDefense virtual appliance can scale up to be fairly sizeable in a larger environment, but there’s only one of those per cluster. The overall impact on workloads is very small. Most of the processing is done between the appliance and the cloud. – Bob

A6: You also need to consider the overhead that AV takes on your systems. AV isn’t a trivial workload at all and accounts for sizeable percentages of overhead on servers. – Bob

A6: Not to mention immense staff time investments, too. AppDefense is really easy to use and designed to help IT Ops and SecOps work together. – Bob

A6: Helping organizations make the most of their staff time, and making humans’ lives easier, is something that both vSphere and AppDefense share. – Bob


A7: Compliance and security are two sides of the same coin. We’re all very interested in security, but folks tend to have more immediate needs around compliance (an audit, for example). – Bob

A7: Tools like the vSphere Security Configuration Guide and the NIST 800-53 Compliance Kit help immensely as folks try to map compliance needs to actual “nerd-knob” controls in the products, getting security with their compliance work. – Bob

A7: There’s also a good paper from Gartner & VMware: Strategies for Securing the Data Center: From the Foundation to the Application with VMware vSphere Platinum. – Bob


A8: vSphere is the core of VMware Cloud on AWS, and the security and availability features present in the on-premises versions are also available in the cloud, too. AppDefense will also be coming to VMware Cloud on AWS as part of a future enhancement. – Bob

A8: One of the beauties of VMware Cloud on AWS is that it makes the public cloud look exactly like what’s already in your data center, thus eliminating training and retooling. – Bob

A8: Agree 100%. Operations around cloud offerings are just as important as the service qualities, in my book. Example, O365 is a different but similar skill set to Exchange. How much training is required to move to said offering? That is a key aspect for me. – Joe

A8: EXACTLY. It’s huge and often overlooked. Use the power of the public cloud for near-instant hardware elasticity and many AZs, with the apps and software you already have and know. – Bob

A8: The same components AppDefense uses on ESXi and in the VM guest would be transferred up to your machines running on VMware Cloud on AWS… coming soon to a theater near you! – Arjun


A9: Patching is extremely important, it removes the fundamental vulnerabilities in our environments. Organizations that can patch quickly don’t have to waste cycles on trying to protect themselves in other ways. – Bob

A9: If there’s something you can do to massively improve your security posture it’s to get to a state where you can apply updates in a very timely fashion. – Bob

A9: Adding defense-in-depth to an environment in the form of AppDefense and NSX micro segmentation is huge, too – it buys some time between when a problem is found and a patch is applied. – Bob

A9: I spoke about all of this at length at Security Field Day. You can see all the videos and content, here. – Bob


A10: Teenage Mutant Ninja Turtles – a great team with all different qualities that band together to defeat evil. And they’re turtles that eat pizza. And we love our VMware Turtles! Heck yeah! TURTLE POWER! – Bob

A10: It has to be The Godfather – the best of all time. – Arjun


A huge shout out to our experts, Arjun Narang (@arjunintech) and Bob Plankers (@plankers) and all the other participants. Stay tuned for our monthly expert chats, and join the conversation by using the #vSphereChat hashtag.

Have a specific topic you’d like to cover? Reach out and we’ll bring the topic to our experts for consideration. For now, we’ll see you in the Twittersphere!

About the Author

Adam Eckerle leads the vSphere Technical Marketing team in the Cloud Platform Business Unit at VMware. This team is responsible for vSphere launch, enablement, and ongoing content generation for the VMware field, Partners, and Customers. In addition, Adam’s team is also focused on preparing Customers and Partners for vSphere upgrades through workshops, VMUGs, and other events.