Pages

Wednesday 31 January 2018

Getting started with VMware AppDefense - Part 1

Getting started with VMware AppDefense - Part 1
Getting started with VMware AppDefense - Part 2
Getting started with VMware AppDefense - Part 3

Back at VMworld 2017, VMware announced a new Software as a Service product called AppDefense.  To quote the official vmware.com site:

VMware AppDefense is a data center endpoint security product that protects applications running in virtualized environments. Rather than chasing after threats, AppDefense understands an application's intended state and behaviour, then monitors for changes to that intended state that indicate a threat. When a threat is detected, AppDefense automatically responds.

I'm going to show you how to get started with AppDefense once you have access to the new SaaS offering.  You can access the portal via the following URL:

https://appdefense.vmware.com/app/sign-in-user

Once there, simply enter your username and password that was supplied when you signed up for the service:



Once you have access to the portal you can view the official documentation, download the on-premises appliance as well as the host and guest modules.  To access the downloads simply click the cog icon in the bottom left-hand side of the screen and select Downloads:



We initially need to download the on-premises appliance that will be deployed within your infrastructure and configured to connect back to the AppDefense hosted service.  Select the Appliance tab and then click the download link to download the latest version of the appliance:



Once the appliance has downloaded deploy as you would like any other .ova appliance.  Right-click on the cluster you wish to deploy the appliance into and select Deploy OVF Template:



Browse the local file system and select the downloaded .ova and click Open and then click Next:


Give the VM an appropriate name and select a datacenter or folder and click Next:



Select a suitable cluster or resource pool and click Next:



Review the details and click Next:



Review the license agreements, click Accept and then click Next:



Select a suitable datastore and click Next:



Connect the VM to a suitable network and click Next:



Enter the required information such as a complex appliance password, default gateway, IP address, subnet mask and DNS information and click Next:



Finally, review the settings and click Finish:



Once the appliance has deployed power it on and wait for it to fully boot up.  If you already have NSX deployed remember to add it to the exclusion in case we accidentally block traffic to/from the appliance:



We now need to go back to the AppDefense website where you download the appliance and provision a new application so we can generate a UUID and API Key.  Click on the cog icon and select Appliances and then click the button to Provision New Appliance:



Enter a name for the appliance and click Provision:



Copy the appliance UUID and API key and store it somewhere safe.  Once you click OK you will not be able to retrieve this information again and you will have to create a new appliance:



You should now see your newly create appliance:



Now we need to connect to the on-premises appliance and supply the UUID and API details as well as the credentials for vCenter and NSX Manager.  To do this simply connect to the appliance IP address or DNS name and specify port 5480:

https://<IPAddress>:5480

Then simply log in with the root username and the password you specified during the deployed of the appliance and click Login:


Select the Configuration tab and then enter all the required information including the UUID, API and credential for vCenter.  Optionally you can add NSX Manager and Puppet credentials if you are integration with those products.  DNS names are case sensitive so ensure you they match what's in DNS otherwise the service will fail to start.  Once finished click Save Settings:



Accept the certificate if prompted:



After a few minutes, you should see that appliance status change to Active and successful connections to both vCenter and NSX (If configured)



In part 2 we will deploy the host modules to a cluster and deploy the guest module to a Windows 2012 server.

Saturday 20 January 2018

NSX Layer 7 Application aware Distributed Firewall

NSX 6.4 was released on Thursday 11th January with some awesome new features which includes the ability to allow or block traffic based on application context.  The full release notes for NSX 6.4 can be found here.

So, let's test the new application aware context feature of the distributed firewall.  I've got a test VM called WEB01 with an IP address of 192.168.1.11 which I can currently SSH to successfully over TCP/22:


I've created a new DFW rule to block traffic from ANY to ANY and the service as SSH (TCP/22):


I can now no longer access WEB01 from anywhere:


However, if I was to change the port the SSH daemon running on WEB01 was listening on from TCP/22 to TCP/8080 and restart the SSH daemon I can successfully SSH back into WEB01:



With NSX 6.4 and the new application context firewall rules we can modify the rule to block the SSH application rather than TCP/22.  These are available from the service list and are prefixed with APP_:



Now if I try and connect again to WEB01 over TCP/8080 or TCP/22 traffic is blocked:



The full list of layer 7 protocols that are currently supported in NSX 6.4 are:





Tuesday 16 January 2018

North East VMUG - Thursday 22nd February

The first North East VMUG of 2018 has officially been announced and will take place on Thursday
22nd February.  The venue is confirmed as:

Royal Station Hotel
Neville Street
Newcastle Upon Tyne
NE1 5DH 



The leadership team have done a great job and have confirmed some awesome speakers which include Duncan Epping (Blog | Twitter), Frank Denneman (Blog | Twitter), Mark Brookfield (Blog | Twitter), Tim Hynes (Twitter)

There are also some great sponsors lined up which include:

Gold Sponsors




Silver Sponsors





Don't forget to register here