February 25, 2021

What's New in VMware Tools 11.2 - Integration with Carbon Black

VMware Tools 11.2 comes with bundled Carbon Black plugin. Using Carbon Black plugin customers can download and install Carbon Black sensor. Carbon Black sensor provides endpoint and cloud workload protection using built in AI/ML technology.

VMware Carbon Black has revolutionized endpoint protection and cloud workload protection using built-in Artificial Intelligence and Machine Learning (AI/ML) technology.

By analyzing more than 1 trillion security events per day, VMware Carbon Black Cloud proactively uncovers attacker's behavior patterns and empowers VI admins to detect and stop emerging attacks. 

The latest integration of VMware Tools and VMware Carbon Black takes the “securing your virtual infrastructure” to a whole new level.

VMware Tools have been an indispensable component of the vSphere-based environment. Apart from significantly improving guest performance, VMware Tools are also responsible for:

  • Pass messages between the host operating system and the guest operating system.
  • Run scripts that help automate guest operating system operations. The scripts run when the power state of the virtual machine changes.
  • Synchronize the time in the guest operating system with the time on the host operating system.
  • Enhance network performance, etc.

 

To further strengthen the vSphere’s security posture, VMware has decided to integrate VMware Tools with Carbon Black.

 

VMware Tools and Carbon Black integration

Starting with VMware Tools, version 11.2.0 Carbon Black plugin is shipped along with other drivers and utilities. This integration is only available for Windows VMware Tools. For Linux-based VMs, the Carbon Black sensor package has to be installed manually.

More information on installing Carbon Black sensor for Linux-based VMs can be found in this document.

VMware Tools and Carbon Black plugin Integration

Carbon Black Sensor Activation

To install and activate the Carbon Black (CB) sensor manually, the .vmx file of the corresponding VM must be updated with the following 3 CB specific configuration settings. The value of these settings can be obtained from the Carbon Black Cloud or more commonly known as CBC.

  • guestinfo.Cb/.SensorUrl
  • guestinfo.Cb/.ConfigUrl
  • guestinfo.CB/.CompanyCode

.vmx advance settings screenshot

After these advanced configuration settings are added, the VMware Tools Carbon Black plugin kicks in. The plugin downloads the CB sensor installer and initiates the sensor installation. Installation of the CB sensor happens as a background process and does not require any user intervention.It is important to note that the CB sensor cannot be uninstalled from the VM but can only be uninstalled using the CBC.

Post CB sensor installation, the VM gets registered in the CBC and is ready to be protected and monitored.

Installing CB sensors on multiple VMs can be done through a PowerCli script or through the Carbon Black Cloud itself. Following are the example PowerCli commands that can be used to edit and update the .vmx file of the VM(s) :

Connect-VIServer -server  vc-center-IP  -username ‘vc_server_user_id’  -password vc_password

Get-VM | New-AdvancedSetting -Name “guestinfo.Cb/.SensorUrl” -Value  the-url-value -Confirm:$false

Get-VM | New-AdvancedSetting -Name “guestinfo.Cb/.ConfigUrl” -Value  the-sensor-value -Confirm:$false

Get-VM | New-AdvancedSetting -Name “guestinfo.Cb/.CompanyCode” -Value  the-company_code-value -Confirm:$false

It is needless to say that method mentioned above works well for a small-scale deployment. To install the CB sensor on VMs at scale, the recommended way is to use Carbon Black Cloud. This approach involves deploying an on-prem appliance- Carbon Black Cloud Workload Appliance. Once deployed, the Carbon Black Cloud Workload appliance (CBWA) pairs with vCenter Server and pushes the vCenter Server inventory details to the CBC. It is important to note that CBWA has a one-to-one mapping with a vCenter Server. 

This document contains step by step procedure for deploying Carbon Black Cloud Appliance. 

Post-Carbon Black Cloud Workload Appliance deployment and its registration with the respective vCenter Server, customers can log in to the CBC and install the CB sensor on multiple VMs by selecting them and clicking on the "Install sensor" option. VMs must have VMware Tools 11.2 already installed for the CB sensor installation from the CBC. 

Carbon Black Cloud Interface

To Conclude

VMware Tools integration with Carbon Black boosts VMware’s security posture by leveraging AI/ML technology. With a simple, no-friction deployment and installation process, this user-friendly integration provides the visibility and control that Security teams need to secure their vSphere environment.

 

Filter Tags

Networking Security Upgrade vCenter Server vCenter Server 7 vSphere vSphere 7 Blog Announcement Overview

Aditya Sahu

Read More from the Author

Aditya Sahu works as a Senior Technical Marketing Manager for VMware in the Cloud Platform Business Unit. In his role he covers core vSphere and vSphere with Tanzu. You can also reach out to him on twitter @ adityasahu_29