Integrating NSX-T and VMware Carbon Black Workload
Introduction
Learn how to use the new NSX tagging feature available in the latest release of the Carbon Black Cloud Workload appliance. Watch the below video for a step-by-step tutorial on integration and operationalization of the NSX-T tagging capabilities.
Prerequisites
To enable the integration you must be a customer of the following products:
- Cloud Workload Protection (1.1 Appliance Version or Higher)
- NSX-T (3.1.3 Version or Higher)
- The VM workload must be on an NSX N-VDS (opaque network) to have the Apply NSX Tag option available.
Carbon Black Cloud Configuration
In order to enable connectivity between NSX and Carbon Black Cloud you must upgrade to the latest 1.1 Appliance version. For instructions on upgrading your Appliance, review the instructions here.
You can verify your Appliance version either in vSphere or in the Carbon Black Cloud.
In the Carbon Black Cloud navigate to Settings > API Access > Select your CWP Appliance hyperlink for more details and verify the Appliance version is 1.1 or higher.
If you have not previously configured your CWP Appliance, review the set-up instructions here.
Connecting NSX to the CWP Appliance
Once you have upgraded to the 1.1+ Appliance version in vSphere under Appliance > Registration, you will now have a new field indicating NSX details.
Connect NSX with the CWP Appliance by selecting your desired NSX hostname and selecting Register.
Once you register your NSX details and credentials, a successful connection will show in the configuration details as ‘Connected’.
This will register the appliance with vCenter as well as NSX.
You can verify the connected state in Carbon Black Cloud as well.
Settings > API Access > Select the CWP Appliance hyperlink and verify NSX-Connectivity as TRUE.
NSX Configuration
Once the appliance is successfully registered and NSX-Connectivity is TRUE, pivot into the NSX Console to review the changes updated automatically by the CWP Appliance.
NSX Groups
The integration between CWP and NSX will create 3 custom groups within NSX.
- CB-NSX-Custom-Group
- CB-NSX-Isolate-Group
- CB-NSX-Quarantine-Group
NSX Context Profile
This newly created context profile allows for communication to the CBC even while in an NSX-Quarantined state.
NSX Distributed Firewall
The connection between the CWP Appliance and NSX will create 3 additional firewall rules.
- CB-NSX-Isolate | Deny all traffic rule where it will drop all communication to the desired targets.
- CB-NSX-Quarantine | Allows DHCP, and DNS traffic as well as communication to the Carbon Black Cloud backed based on the Context Profile automatically created, and deny all other traffic.
- CB-NSX-Custom | This rule is to allow administrators to create their own custom actions; the default is a deny all traffic rule where it will drop all communication to the desired targets.
Operationalizing NSX & Carbon Black Cloud
Now that the configuration has been completed you are now ready to operationalize the integration. Through the CBC console through the Actions panel on the right hand side you are now able to select ‘Apply NSX Tag’ and this will trigger the appropriate rules within NSX to isolate, quarantine or take custom Firewall actions.
Action on VM Workload Inventory
Action from Alerts Panel
Summary and Additional Resources
Additional Resources
- Deployment Considerations for vSphere Admins
- Installing Carbon Black Workload Appliance in under 15min
- Carbon Black Workload Protection 1.1 Release – What’s New Video
- vSphere Admin Best Practice Guide
Changelog
The following updates were made to this guide:
Date |
Description of Changes |
2021/11/11 |
|
About the Author and Contributors
- Dale McKay, Senior Technical Marketing Architect, Network and Advanced Security Business Group, VMware
Feedback
Your feedback is valuable.
To comment on this paper, contact VMware Security Business Unit Technical Marketing at sbu_tech_content_feedback@vmware.com.