This section describes the architecture and primary components of the AppDefense platform.

AppDefense Architecture

AppDefense Manager

The AppDefense Manager is a multi-tenant cloud service that delivers the complete AppDefense feature set. You can use the AppDefense Manager to define the intended behavior and protection rules of your applications and then monitor security events and alerts in real time. In addition to management capabilities, the AppDefense Manager provides process reputation services, machine learning capabilities, and other additional visibility features for your environment.

AppDefense Plug-in

The AppDefense Plug-in provides improved life cycle management and real-time visibility directly in the vCenter Server. The plug-in provides direct visibility into processes and network connections running on a given virtual machine. It also provides reputation information to ensure that those behaviors are trusted. The AppDefense Plug-in works in concert with the AppDefense Service to provide visibility and control for the entire security team.

On-Premises AppDefense Appliance

AppDefense Appliance is an on-premises based control point for ingress and egress of data from and to the AppDefense Manager. It brokers connections to the VMware management components like vCenter Server and makes outbound connections to the AppDefense Manager.

AppDefense Host Module

The AppDefense Host Module is a standard VMware Integration Bundle (VIB) that is deployed on the ESXi host in order to support AppDefense. The Host Module enables virtual machines (VMs) on that host to deploy and run AppDefense. For Windows environments, the Host Module also monitors and ensures the integrity of the Guest Module installed on the VM.

AppDefense Guest Module

The AppDefense Guest Module is also required on each VM, delivered with VMware Tools ™ (Windows-only) or a one-click installation. The Guest Module collects guest context from the VM and communicates directly with the AppDefense Host Module.

vCenter Server

vCenter Server is used to gather inventory data on the customer’s site. This inventory data is used for the security scope assignment, guest readiness (based on OS information), and guest to the host assignment. AppDefense can also use vCenter Server to perform remediation actions in response to security events, such as suspending a guest.

NSX-T Data Center (Optional Component)

NSX-T Data Center can be optionally used as an extra, optional remediation channel for AppDefense. If any of the protection rules are violated, NSX can be used to automatically or manually quarantine the machines.

vRealize Automation (Optional Component)

vRealize Automation can be optionally used to capture the application context at provisioning time from the Application blueprint.

AppDefense Components at a Glance

Table 1. AppDefense Components
AppDefense Components Description
AppDefense Manager Delivers the complete AppDefense feature set. No installation is required. You must sign up for a VMware AppDefense Service.
AppDefense Plug-in AppDefense plug-in is available with the vSphere Platinum license or with the AppDefense license. When you install AppDefense with plug-in, you can access AppDefense from the vSphere Client.
AppDefense Appliance AppDefense Appliance is installed on-premises in the management cluster.
AppDefense Host Module Host module is deployed on theESXi host.
AppDefense Guest Module Guest module is deployed on one or more hosts where your application workloads are running.