Carbon Black Cloud Workload Appliance Checklist and Quick Install Guide

Overview

Introduction

The Carbon Black Cloud Workload Appliance Checklist and Quick Install Guide is intended to provide vSphere admins a quick reference guide when installing the Carbon Black Cloud Workload appliance. The Carbon Black Cloud Workload appliance provides integration between vCenter, Carbon Black Cloud and the VM workload fleet.

Purpose of This Checklist

This Carbon Black Cloud Workload Appliance Checklist and Quick Install Guide takes you through the steps to prepare for and then install the Carbon Black Cloud Workload appliance. Before you begin installing, you should be familiar with the reference-architecture for the Carbon Black Cloud Workload appliance. For more information, see the Carbon Black Cloud Workload Overview

Audience

This Checklist and Quick Install Guide are intended for experienced vSphere administrators who are familiar with VMware vSphere and VMware vCenter Server. Familiarity with networking and storage in a virtual environment is necessary and assumed. Knowledge of other technologies, such as IP Addressing, DNS Configuration, and OVA deployment is also helpful.

Checklist

Introduction

This checklist defines the prerequisites for installation and the high-level steps for installation. For greater detail see Deploy and Configure Carbon Black Cloud Workload appliance

 

Prerequisites

Before you can begin the installation of the Carbon Black Cloud Workload appliance, you must:

  1. Determine initial root user and admin user passwords (Must have at least eight characters. The password should meet basic complexity, at least one number, one lower case letter, one upper case letter, and one special character)
  2. Determine address assignment scheme, DHCP or st,atic
  • If static IP address assignment is to be used,
  • Determine default gateway, DNS domain name, DNS search path, DNS servers, IP, and IP subnet mask for Carbon Black Cloud Workload appliance to be installed.
  1. Any firewall between the appliance interface, vCenter and the prod.cwp.carbonblack.io domain must be open on TCP port 443
  2. You must have access to the appropriate vCenter with permissions to deploy OVA/OVF
  3. You must have access to the Carbon Black Cloud Workload appliance OVA.
  4. The vSphere cluster should have available resources to support a 4vCPU, 4GB RAM, and 41GB (thick provisioned disk) appliance.
  5. Access to the Carbon Black Cloud console with permissions to create a custom API access level

Additional Knowledge items

NTP must be set on the Carbon Black Cloud Workload appliance. NTP is configured on the appliance interface using the IP address or DNS name configured during the appliance deployment. By default, the appliance is configured for the UTC time zone. The time zone can be changed via a console connection to the appliance VM via vCenter. vCenter and the Carbon Black Cloud Workload appliance must be configured for the same time zone. Security best practice is to connect the Carbon Black Cloud Workload appliance interface to the Management VLAN for the vSphere environment.

Five Installation Steps

There are five quick steps to install the Carbon Black Cloud Workload appliance.

Follow the steps below or watch this video to learn how to Installing Carbon Black Workload Appliance in under 15 minutes:
 

Step 1: Deploy Appliance

  1. Deploy Carbon Black Cloud Workload appliance in the vCenter Server.
  2. Use standard OVA deployment best practices (Deploy an OVF or OVA Template) and utilize information from the vSphere Admin Checklist Prerequisites section of this document

Step 2: Register Appliance with vCenter Server

  1. Register Carbon Black Cloud Workload Appliance With vCenter Server.
  2. Access the Carbon Black Cloud Workload appliance via the appliance interface. (The IP address or DNS name configured during the OVA deployment).
  3. First, verify the NTP configuration for the appliance.
  4. Next, edit the “SSO lookup configuration”. If you are using an embedded Platform Services Controller (PSC), the SSO Hostname will be the vCenter appliance.
  5. Finally, click register to register with the vCenter Server.

Important: Time must be synchronized between the Carbon Black Cloud Workload appliance and the vCenter Single Sign-On (SSO) server. NTP server must be specified so that the SSO server time and the Carbon Black Cloud Workload appliance time are in sync.

Step 3: Create Custom API Access Level

  1. Create the Carbon Black Cloud Workload Appliance Custom API Access Level. This requires access to the Carbon Black console.
  2. Connect to the Carbon Black Cloud console.
  3. Create the customer API access under Settings > API Access > Access Levels.
  4. This custom API access level can be configured once for the entire organization and could be completed prior to the actual install. This custom API access level configuration will be used to generate the API key.

Step 4: Generate CBC API Key

  1. Connect to Carbon Black Cloud and Generate API ID and API Secret Key. This requires access to the Carbon Black console.
  2. Connect to the Carbon Black Cloud console.
  3. Create the API keys under Settings > API Access > API Keys.

The API ID and the API secret key will need to be saved and provided to the personnel performing the appliance installation. Each Carbon Black Cloud Workload appliance will need a unique API ID and API secret key.  

Step 5: Connect Appliance to CBC

  1. Establish Connection Between Appliance and Carbon Black Cloud.
  2. Access the Carbon Black Cloud Workload appliance via the appliance interface. (The IP address or DNS name configured during the OVA deployment).
  3. Go to the Appliance > Registration page.
  4. Enter the following information retrieved from the Carbon Black Cloud console.
    • Carbon Black Cloud URL (For specific information on how to find your organizations URL reference the following KB article: Carbon Black Cloud URLs)
    • ORG key (Navigate to Settings > API Access > Org Key is available on the top left of the page)
    • API ID (Navigate to Settings > API Access > Select the Actions dropdown on your API > Select API Credentials)
    • API Secret Key (Navigate to Settings > API Access > Select the Actions dropdown on your API > Select API Credentials)

 

    Validate Installation

    Once the appliance installation steps have been completed, there are two points of verification and validation of the install.

     Step 1: CBC Validation

    • Connect to the Carbon Black Cloud console.
    • Go to Settings > API Access > API Keys.
    • Click on the link next to the appliance name.
    • The appliance should show a Health Status of Connected and a vCenter-Connectivity of TRUE.

     

    Step 2: vSphere Validation

    • In the vCenter client connected to the vCenter where the appliance was registered, the Carbon Black Cloud Workload Plug-in should be available.
    • The Carbon Black icon appears in the left navigation pane and in the Shortcuts menu of the vSphere Client.
    • If the Plug-in is not visible, refresh the browser.

    Additional Resources

    For more information about Carbon Black Cloud Workload, you can explore the following resources:

    1. VMware Carbon Black Cloud Workload Guide
    2. Carbon Black Tech Zone

     

    Installation video

    Installation process video. Installing CBC Workload Appliance in under 15 minutes

    Installation Documents

    Complete installation documentation Deploy and Configure Carbon Black Cloud Workload appliance

     


    Changelog

    The following updates were made to this guide:

    Date

    Description of Changes

    9/21/21

    Initial draft by DEM

    2022/02

    Update for clarity - DEM

    About the Author and Contributors

    Dale McKay is a technology evangelist and strategist with deep expertise in security, virtualization, and networking. He has extensive knowledge of a variety of technologies for meeting the strategic and tactical needs of clients. He has strong real-world, hands-on skills in cybersecurity, with his focus being on implementing policies and operating procedures that help his customers address their cybersecurity demands. He is an experienced leader in determining client needs, delivering solutions, and building relationships.

    • Dale McKay, Senior Technical Marketing Architect, Network and Advanced Security Business Group, VMware

     

     


     

    Associated Content

    home-carousel-icon From the action bar MORE button.

    Filter Tags

    Carbon Black Cloud Workload Document Deployment Considerations Intermediate Deploy