VMworld is always an exciting time for announcements about new VMware products and services, especially when it comes to the flagship product, VMware vSphere, and the newest iteration of this product, VMware vSphere Platinum is no different. At VMworld 2017, VMware announced VMware App Defense, completely changing the VMware vSphere security landscape. That product has come along way in a short year, and this year at VMworld 2018, a brand new vSphere edition has been announced called VMware vSphere Platinum.
What is VMware vSphere Platinum?
VMware vSphere Platinum is VMware’s answer to ever increasing security events in todays IT infrastructure. Now, more than ever, virtualization is a critical piece of the modern infrastructure, and must be secured as such. Security is no longer a checkbox IT architects begrudgingly, it is a core component of modern IT infrastructure and application design. Though the VMware App Defense vCenter Plugin, vSphere teams have an unprecedented look at what is happening in their infrastructure. In addition, Security teams have their own console for using VMware App Defense, allowing them to keep track of critical applications and their behavior.
A Refresher on VMware App Defense, A Key Part of vSphere Platinum
If you have not had the opportunity to keep track VMware App Defense in the last year since it was announced at VMworld 2017, here is a little refresher.
VMware App Defense focuses on the applications running within a VMware vSphere environment. It learns an applications known good configuration in a a practice known as whitelisting. Conversely, many security products work on a concept of blacklisting, which requires threats to be known. VMware App Defense can recognize a previously unknown threat by realizing that an application is exhibiting abnormal behavior, versus waiting for a database of threats to be updated. As we have seen, many security products have failed to recognize unknown threats since they lacked definition. The ability to detect these threats is a key feature of vSphere Platinum.
vSphere Platinum Bridges the Gap
vSphere Platinum bridges the gap between virtualization and security teams, allowing them to work together in harmony. The vCenter Plugin, which is unique to vSphere Platinum allows vSphere Administrators a view from the console they are already familiar with, and the App Defense interface allows security administrators a view into VMware vSphere without requiring vCenter access.
In some environments, the security team is viewed as the adversary when they should be viewed as a friend. It is important for teams to work together to ensure an environment is performing at its best and also secure. By leveraging vSphere Platinum, vSphere administrators and operators are not giving up perceived control. They are still aware of what is going on in their environment, and seeing information App Defense provides. This enhances collaboration between vSphere and Security teams.
vSphere Platinum Comes With A Bonus!
Yes, you read that correctly. vSphere Platinum comes with a bonus, which is credits for VMware Cloud on AWS! vSphere Platinum comes with $10,000.00 USD of VMware Cloud on AWS credits, and additional information will be provided when the product is GA.
Additional Features of VMware vSphere Platinum
VMware vSphere Platinum adds VMware AppDefense to vSphere Enterprise Plus. This means organizations seeking to implement vSphere Platinum do not need to trade any VMware vSphere features and functionally for a more secure VMware vSphere environment. In addition to VM encryption, vSphere Enterprise Plus contains many more powerful features such as:
- DRS (Dynamic Resource Scheduler)
- DPM (Dynamic Power Management)
- Storage DRS
- Storaige I/O Control
- Network I/O Control
- Host Profiles
To read more about the features in different versions of VMware vSphere, be sure to check out this article.
Upgrading to VMware vSphere Platinum
To allow customers to take advantage of the great features and functionality of VMware vSphere Platinum, VMware is running a limited time promotion, which you can find information about here. This promotion allows the following customers to take advantage of a 50% discount when upgrading to vSphere Platinum:
- vSphere Enterprise
- vSphere Enterprise Plus
- vSphere with Operations Management Enterprise
- vSphere with Operations Management Enterprise Plus
If that was not enough to convince you to upgrade, if you upgrade vRealize Operations Standard to vSphere Operations Advanced or vSphere vRealize Suite Standard you can save an additional 15% for a grand total of 65% savings!
Getting Hands on Experience with vSphere Platinum
VMware Hands-on-Labs has a vSphere Platinum lab available here. HOL provides a quick and easy way to evaluate and gain experience with VMware vSphere products, and only requires a computer and and a web browser. HOL also provides easy to use walk through instructions to show you exactly how to use VMware vSphere products.
Be sure to search for AppDefense (as one word) in HOL. The lab is called HOL-1942-01-NET – Secure Data Center Endpoints with VMware AppDefense, and it is estimated it will take you an hour to complete.
HOL is a great resource when you find yourself with some extra time on your hands, and are looking to learn something new.
Installing vSphere Platinum
The vSphere 6.7 documentation has been updated here to contain a section on AppDefense:
In the AppDefense section of the documentation, you will find everything you need to know about getting started with VMware vSphere Platinum.
One of the things to be most concerned with are the AppDefense System Requirements listed here. The most important things to note are as follows:
- VMware vCenter Server 6.7 U1 or higher is required, and the only supported client is the vSphere Client based on HTML5 if you want to use the vCenter Plugin
- You can use vCenter 6.5 if you do not want to leverage the vCenter plugin
- AppDefense supports up to 200 hosts and 50 VMs per host, this is a maximum of 1000 VMs and is the limit for the VM with AppDefense installed on it
- VMware Tools 10.3.2 is supported, but 10.3.5 is recommended
- ESXi 6.5 U1 and higher is supported
- You can install one AppDefense Appliance per vCenter Server
There are two ways to install VMware AppDefense:
- Install With AppDefense Plugin
- Install With AppDefense Service
The AppDefense plugin is a part of vSphere Platinum, and what allows VMware vSphere administrators and operators visibility into AppDefense via vCenter Server.
The AppDefense Service does not contain the integration into VMware vCenter Server.
In either case, the AppDefense virtual appliance is first deployed, and then the AppDefense Host Module must be installed on ESXi hosts, and the AppDefense Guest Module must be installed on the virtual machines to be monitored.
Be sure to refer to the Installing AppDefense section of the AppDefense documentation for everything you need to install VMware vSphere Platinum and VMware AppDefense.
More Information on vSphere Platinum
Since vSphere Platinum has just been announced, more and more details are coming to light. I will be sure to list the best blog posts and resources right here as they become available.
- Introducing Introducing vSphere Platinum and vSphere 6.7 Update 1! on VMware Blogs
- Under the Hood – vSphere Platinum on VMware Blogs
- vSphere Platinum Solution Brief
VMware vSphere Platinum 6.7 U2
VMware vSphere Platinum 6.7 U2 is now available! As part of the VMware vSphere 6.7 U2 release, vSphere Platinum has been further enhanced. The main enhancements come to the VMware AppDefense components, and increase the level of threat detection.
There are new dashboards that provide a deeper view into applications and how they are being monitored, and monitoring has become more granular. A big part of VMware vSphere platinum is the machine learning aspect that helps VMware AppDefense learn what is and is not normal in your environment, to ensure you are getting the most critical up to date information.
You can read more about VMware vSphere Platinum 6.7 U2 on the official VMware blog.
Melissa is an Independent Technology Analyst & Content Creator, focused on IT infrastructure and information security. She is a VMware Certified Design Expert (VCDX-236) and has spent her career focused on the full IT infrastructure stack.