Onboarding with VMware Carbon Black Cloud Workload
Helping customers more effectively secure their virtual workloads is a critical objective for VMware.
VMware Carbon Black Cloud Workload delivers purpose-built protection for vSphere workloads that is easy to operationalize, while reducing the attack surface and strengthening data center security posture.
This cloud-native solution provides foundational workload inventory, hardening, and vulnerability management capabilities to protect workloads running in virtualized environments.
This solution helps teams protect their workloads by:
Integrating natively with vSphere to simplify operations with a more unified solution.
Prioritizing vulnerabilities with risk scores based on real-life exploits
Providing the necessary lifecycle context required to secure your workload inventory.
Enabling agentless protection to intrinsically build security into your core infrastructure.
Onboarding Process This page is intended to provide a summarized overview of the steps for onboarding with VMware Carbon Black Cloud Workload. For a fully detailed list of requirements and steps please review the product documentation, which will be available (and linked here) when the product becomes generally available.
Technical Requirements The following program versions are required in order to use VMware Carbon Black Cloud Workload within your vSphere environment:
To download and deploy the Carbon Black appliance, log into vCenter, then navigate to my.vmware.com and copy the Carbon Black Cloud Workload OVA URL (available at GA).
Once you have the URL, select the virtual machines or data center where you want to deploy the appliance and click Deploy OVF Template. Paste the OVA link in the URL field that appears in the pop-up module.
Next, you’ll provide the details for setting up the appliance, including giving it a name and location, selecting storage and networks for the appliance, and creating admin credentials. Once the appliance is created, navigate to the appliance IP address in your web browser and provide the credentials you included during the installation to log in.
When logged into the appliance, establish a connection between the appliance and vCenter by clicking Edit in the top-right corner and add your vCenter IP address into the SSO Hostname field.
After this, verify that the correct vCenter server details and Thumbprint appear in the console and click the Register button on the right side of the screen. During the registration, the vSphere – Carbon Black plugin will also be installed, and you can see the plugin version on this screen.
Next, you will see that the information under Carbon Black Cloud at the bottom of the registration page is not set. To get this information you will need to log in to your Carbon Black Cloud console.
Gain Access to Carbon Black Console When you start a trial, a proof of concept, or purchase VMware Carbon Black Cloud Workload, you will receive an email from firstname.lastname@example.org to confirm your registration. Click the button in this email, then create a new password for the Carbon Black Cloud console.
If your organization already has an established instance of VMware Carbon Black Cloud, simply login to the console using your credentials.
Integrate Carbon Black Cloud with vCenter Once logged into the Carbon Black Cloud console, click the Settings dropdown in the left-hand sidebar and select API Access. On this page, click the Add Access Level button to create a custom API permissions level with the required permissions, which can be found in the documentation (available at GA).
Once you’ve completed that one-time activity, navigate to the API Key tab on the same page and click the Add API Key button to create a new API key with the newly created custom access level. From there, you’ll be given the following information, which you will need to copy from your Carbon Black console and paste into the appliance that you deployed in the steps above:
Org Key (available on the API Access page in CB)
Carbon Black Cloud URL
Finally, you’ll need to give the appliance a unique name and click Save.
All of these steps can be accomplished within a matter of minutes, allowing you to deploy a truly built-in security solution to your workload environment with very minimal effort and overhead.