You can integrate Puppet Enterprise with AppDefense optionally. AppDefense uses the Puppet orchestrator to get the application scope and members. Puppet configuration takes precedence over scope, service definitions, and virtual machine (VM) assignments done directly from the AppDefense Manager. AppDefense supports a VM that is being associated with a single service.


  • You have installed and configured Puppet Enterprise.
  • You have subscribed to the AppDefense Service (SaaS).


  1. Log in to the AppDefense Appliance VA GUI at https://<appliance ip address> using the admin credentials or using the vSphere user credentials.
    You can log in using the vSphere user credentials only when the AppDefense Appliance is registered to the vCenter Server.
  2. (If needed) Click Cancel to the self-signed certificate.
    The Appliance Dashboard appears as a default home page.
  3. Go to Configuration > Provisional tools > Puppet tab.
  4. Click Edit, and enter the following information.
    Parameter Description
    Puppet master URL

    Enter the authentication role-based access control (RBAC) URL. For example: https://{puppetMasterIP}:4433/rbac-api/v1/auth/token.

    Puppet orchestrator URL Enter the Puppet orchestrator URL. For example: https://{orchestratorIP}:8143/orchestrator/v1.
    Puppet DB URL Enter the Puppet database query URL. For example: https://{DB IP}:8081/pdb/query/v4.
    Puppet master user name Enter user name for the Puppet Enterprise user account.
    Puppet master Password Enter a password for the Puppet Enterprise user account.
  5. Click Register.
    Puppet Enterprise is configured with AppDefense.

What to do next

You can now get the application scope, services, and members from the Puppet orchestrator on the AppDefense Manager. In AppDefense Manager, you cannot edit scope and services that are provisioned by Puppet. You can edit behaviors, rules, service description, and type.