VMware Carbon Black products can mitigate advanced security threats and attacks, but the installation and deployment process requires you to familiarize yourself with network configurations, software implementations and updates.
VMware Carbon Black is a cloud-native product that offers both malware and nonmalware protection, thread hunting, vulnerability management and ransomware protection. Carbon Black can also protect VMware workloads with Tanzu, which runs modern applications, such as containers, within vSphere environments alongside VMs.
VMware integrates Carbon Black into vSphere, but the security product can also protect any workloads that run under vSphere, including VMware vRealize Operations and VMware Horizon.
To initiate a VMware Carbon Black installation, you must have vSphere 6.7U1 and VMware Tools 11.2; you should also familiarize yourself with available Carbon Black applications, implement network configurations and integrate Carbon Black with vCenter Server.
VMware's Carbon Black acquisition
VMware as a company not only continues to bolster its subscription and SaaS offerings, but it also provides solid security enhancements for VMware workloads that run both on premises and in the cloud.
VMware acquired Carbon Black in October 2019 to provide next-generation security to those that decide to secure their new and existing vSphere platforms. At its core, Carbon Black is a cloud-based security product that contains a small, lightweight agent, as well as AI and machine learning capabilities.
The company's software protects endpoints, VMs or containerized workloads that run in a virtualized environment using vSphere against multiple threat types, such as malware and viruses. Carbon Black ensures these workloads have built-in protection and maintain intrinsic security.
Carbon Black's core capabilities ensure intrinsic security, such as agentless delivery, inventory, lifecycle management, vulnerability assessment and endpoint protection. Its products also contain antivirus technology, real-time threat hunting, and an endpoint detect and response feature.
Existing VMware users can simply deploy Carbon Black as an enhanced security suite, while new customers can integrate Carbon Black into newly designed data centers.
Enable VMware Carbon Black on vSphere
You can use VMware Tools to enable the Carbon Black agent. To use VMware Tools, you must install at least vSphere 6.7U1 or higher and VMware Tools 11.2 or higher.
VMware Tools contains a set of two services to enable Carbon Black on vSphere: Carbon Black Helper (CBHelper) and Carbon Black Launcher (CBLauncher).
CBHelper triggers CBLauncher, which then downloads and launches the Carbon Black sensor installation package; CBHelper is only available in VMware Tools 11.2 or higher. You must then proceed with a custom installation of VMware Tools and ensure you select CBHelper, which is a default behavior, as shown in Figure 1.
VMware Tools can initiate CBHelper and CBLauncher installations, upgrades or uninstallations. If you must uninstall these components for any reason, you must do so manually. You can mass deploy the latest VMware Tools version and prepare them for Carbon Black installation.
There are two phases for a Carbon Black deployment and configuration:
- Upgrade to the latest VMware Tools version, and download and deploy the Carbon Black appliance via an OVF file. The Carbon Black appliance then requires network configurations and password protection, similar to other VMs.
- Integrate Carbon Black with vCenter Server via an API key to ensure a secure connection.
VMware Carbon Black integration and deployment
Carbon Black integrates with vCenter Server similar to many other VMware products. Carbon Black is a virtual appliance distributed as an OVF file. After the initial deployment and configuration, a shortcut to Carbon Black is available within the UI, as the Carbon Black appliance installs a vSphere plugin that facilitates management operations.
Once your Carbon Black configuration is complete, you can access Carbon Black via its menu and enable the agents for the VMs you choose to protect. Those agents install via VMware Tools' CBHelper.
Once you update VMware Tools, Carbon Black can add or remove protection from VMs or workloads within the UI. After you enable Carbon Black protection, there's no need to reboot the VMs. In Figure 2, the Carbon Black UI also shows if any systems, such as Windows or Linux, contain vulnerability issues.