Helping customers more effectively secure their virtual workloads is a critical objective for VMware.
VMware Carbon Black Cloud Workload delivers purpose-built protection for vSphere workloads that is easy to operationalize, while reducing the attack surface and strengthening data center security posture.
This cloud-native solution provides foundational workload inventory, hardening, and vulnerability management capabilities to protect workloads running in virtualized environments.
This solution helps teams protect their workloads by:
This page is intended to provide a summarized overview of the steps for onboarding with VMware Carbon Black Cloud Workload. For a fully detailed list of requirements and steps please review the product documentation, which will be available (and linked here) when the product becomes generally available.
The following program versions are required in order to use VMware Carbon Black Cloud Workload within your vSphere environment:
Upgrade to VM Tools 11.2
The newest version of VM Tools (v11.2) is a technical requirement for VMware Carbon Black Cloud Workload.
To upgrade your VM tools start the vSphere Web Client and log in to the vCenter server.
Select and power on the virtual machines that you want to upgrade. Then right click the selected VMs, select Guest OS > Install/Upgrade VMware Tools, and then click OK.
Download and Deploy Carbon Black Appliance
To download and deploy the Carbon Black appliance, log into vCenter, then navigate to my.vmware.com and copy the Carbon Black Cloud Workload OVA URL.
Once you have the URL, select the virtual machines or data center where you want to deploy the appliance and click Deploy OVF Template. Paste the OVA link in the URL field that appears in the pop-up module.
Next, you’ll provide the details for setting up the appliance, including giving it a name and location, selecting storage and networks for the appliance, and creating admin credentials. Once the appliance is created, navigate to the appliance IP address in your web browser and provide the credentials you included during the installation to log in.
When logged into the appliance, establish a connection between the appliance and vCenter by clicking Edit in the top-right corner and add your vCenter IP address into the SSO Hostname field.
After this, verify that the correct vCenter server details and Thumbprint appear in the console and click the Register button on the right side of the screen. During the registration, the vSphere – Carbon Black plugin will also be installed, and you can see the plugin version on this screen.
Next, you will see that the information under Carbon Black Cloud at the bottom of the registration page is not set. To get this information you will need to log in to your Carbon Black Cloud console.
Gain Access to Carbon Black Console
When you start a trial, a proof of concept, or purchase VMware Carbon Black Cloud Workload, you will receive an email from firstname.lastname@example.org to confirm your registration. Click the button in this email, then create a new password for the Carbon Black Cloud console.
If your organization already has an established instance of VMware Carbon Black Cloud, simply login to the console using your credentials.
Integrate Carbon Black Cloud with vCenter
Once logged into the Carbon Black Cloud console, click the Settings dropdown in the left-hand sidebar and select API Access. On this page, click the Add Access Level button to create a custom API permissions level with the required permissions, which can be found in the product documentation.
Once you’ve completed that one-time activity, navigate to the API Key tab on the same page and click the Add API Key button to create a new API key with the newly created custom access level. From there, you’ll be given the following information, which you will need to copy from your Carbon Black console and paste into the appliance that you deployed in the steps above:
Finally, you’ll need to give the appliance a unique name and click Save.
All of these steps can be accomplished within a matter of minutes, allowing you to deploy a truly built-in security solution to your workload environment with very minimal effort and overhead.