Pages

Monday 5 February 2018

Getting started with VMware AppDefense - Part 2

Getting started with VMware AppDefense - Part 1
Getting started with VMware AppDefense - Part 2
Getting started with VMware AppDefense - Part 3

In part 2 we will focus on deploying the host modules to a vSphere cluster and then deploy the guest module to a test Windows 2012 Server.  You should hopefully be at the stage where you have deployed an on-premises AppDefense appliance with successful connectivity to the AppDefense SaaS website:



Click on the cog in the bottom left-hand corner and select Inventory:





You should now be able to see the entire inventory of hosts and VMs from the connected vCenter.  Use the tabs to switch between Hosts and VMs:



Identify the hosts that you wish to install the host modules on.  In my example, I'm going to use the hosts in my NCL-Prod cluster:



Locate the hosts in the Hosts inventory tab and click on the three dots icon and select Install:



Select a version of the host module you require and then click Install:


Do this for all hosts in the cluster and you should see the install has been queued and ready to be pushed to the on-premises appliance:



Within a minute or so you should see within the vSphere client recent tasks that the modules have been installed:



To verify this you can SSH to the ESXi hosts and run the following command:

esxcli software vib list | grep glx



You can also verify that the host module has started by running:

/etc/init.d/glxhostuwd status



For troubleshooting, you can view the host AppDefense log file located at:

/var/log/glx.log

Within the Hosts Inventory tab you should now see that the Host Module Status is now Active and it should show both the Product Version and Host Module Version:



We now need to install the guest module inside the Guest OS.  Currently only Windows 2012 and 2016, both x64 are supported.  If we check the VMs Inventory tab and filter on a specific VM you should see that the Guest Module Status is unreachable and the Product / Guest Module Version are both Unknown:



Let's start by downloading the guest module.  Click on the cog in the bottom left hand corner and select Downloads.  Select the Guest Module tab and then download the module for Windows into the Guest OS or a share that the guest OS has access to:



Log into the Guest OS and run the executable.  When prompted accept the license agreement and click Install:



Once the quick installation finishes click Finish and then click Yes to restart the machine:



Hit refresh back in the VMs Inventory tab and we should now see the Guest Module Status as Active the Product and Guest Module version numbers:



In the final instalment of this series, we will configure an application scope to protect a specific application.