VMware Carbon Black has revolutionized endpoint protection and cloud workload protection using built-in Artificial Intelligence and Machine Learning (AI/ML) technology.
By analyzing more than 1 trillion security events per day, VMware Carbon Black Cloud proactively uncovers attacker's behavior patterns and empowers VI admins to detect and stop emerging attacks.
The latest integration of VMware Tools and VMware Carbon Black takes the “securing your virtual infrastructure” to a whole new level.
VMware Tools have been an indispensable component of the vSphere-based environment. Apart from significantly improving guest performance, VMware Tools are also responsible for:
- Pass messages between the host operating system and the guest operating system.
- Run scripts that help automate guest operating system operations. The scripts run when the power state of the virtual machine changes.
- Synchronize the time in the guest operating system with the time on the host operating system.
- Enhance network performance, etc.
To further strengthen the vSphere’s security posture, VMware has decided to integrate VMware Tools with Carbon Black.
VMware Tools and Carbon Black integration
Starting with VMware Tools, version 11.2.0 Carbon Black plugin is shipped along with other drivers and utilities. This integration is only available for Windows VMware Tools. For Linux-based VMs, the Carbon Black sensor package has to be installed manually.
More information on installing Carbon Black sensor for Linux-based VMs can be found in this document.
Carbon Black Sensor Activation
To install and activate the Carbon Black (CB) sensor manually, the .vmx file of the corresponding VM must be updated with the following 3 CB specific configuration settings. The value of these settings can be obtained from the Carbon Black Cloud or more commonly known as CBC.
After these advanced configuration settings are added, the VMware Tools Carbon Black plugin kicks in. The plugin downloads the CB sensor installer and initiates the sensor installation. Installation of the CB sensor happens as a background process and does not require any user intervention.It is important to note that the CB sensor cannot be uninstalled from the VM but can only be uninstalled using the CBC.
Post CB sensor installation, the VM gets registered in the CBC and is ready to be protected and monitored.
Installing CB sensors on multiple VMs can be done through a PowerCli script or through the Carbon Black Cloud itself. Following are the example PowerCli commands that can be used to edit and update the .vmx file of the VM(s) :
Connect-VIServer -server vc-center-IP -username ‘vc_server_user_id’ -password vc_password Get-VM | New-AdvancedSetting -Name “guestinfo.Cb/.SensorUrl” -Value the-url-value -Confirm:$false Get-VM | New-AdvancedSetting -Name “guestinfo.Cb/.ConfigUrl” -Value the-sensor-value -Confirm:$false Get-VM | New-AdvancedSetting -Name “guestinfo.Cb/.CompanyCode” -Value the-company_code-value -Confirm:$false
It is needless to say that method mentioned above works well for a small-scale deployment. To install the CB sensor on VMs at scale, the recommended way is to use Carbon Black Cloud. This approach involves deploying an on-prem appliance- Carbon Black Cloud Workload Appliance. Once deployed, the Carbon Black Cloud Workload appliance (CBWA) pairs with vCenter Server and pushes the vCenter Server inventory details to the CBC. It is important to note that CBWA has a one-to-one mapping with a vCenter Server.
This document contains step by step procedure for deploying Carbon Black Cloud Appliance.
Post-Carbon Black Cloud Workload Appliance deployment and its registration with the respective vCenter Server, customers can log in to the CBC and install the CB sensor on multiple VMs by selecting them and clicking on the "Install sensor" option. VMs must have VMware Tools 11.2 already installed for the CB sensor installation from the CBC.
VMware Tools integration with Carbon Black boosts VMware’s security posture by leveraging AI/ML technology. With a simple, no-friction deployment and installation process, this user-friendly integration provides the visibility and control that Security teams need to secure their vSphere environment.