VMware Carbon Black Cloud™ Workload is a data center security product that protects your workloads running in a virtualized environment. Carbon Black Cloud Workload ensures that security is intrinsic to the virtualization environment by providing a built-in protection for virtual machines. After enabling the Carbon Black in vCenter Server, you can view the inventory protected by Carbon Black Cloud Workload and view the inventory and risk assessment dashboard provided by Carbon Black Cloud Workload Plug-in.
You can easily monitor and protect the data center workloads from the Carbon Black Cloud console. The Carbon Black Cloud Workload Plug-in provides deep visibility into your data center inventory and end-to-end life-cycle management for the components.
Starting with release 1.1, an integration between the Carbon Black Cloud Workload and VMware NSX-T Data Center™ allows you to trigger NSX remediation policies based on observed behaviors in Carbon Black Cloud. Any Carbon Black Cloud alert that triggers remediation on protected Virtual Machines (VMs), allows you to do remediations using NSX-T Distributed Firewall (DFW) policies.
Carbon Black Cloud Workload consists of a few key components that interact with each other.
You must first deploy an on-premises OVF or OVA template for the Carbon Black Cloud Workload appliance that connects the Carbon Black Cloud to the vCenter Server through a registration process. After the registration is complete, the Carbon Black Cloud Workload appliance deploys the Carbon Black Cloud Workload Plug-in and collects the inventory from the vCenter Server. The collected inventory data is displayed on the plug-in Inventory tab and is also communicated to the Carbon Black Cloud console.
You can then enable Carbon Black on the virtual machines where your application workloads are running with the one-click install process.
After you enable Carbon Black successfully, you can view and monitor your inventory data and processes from the Carbon Black Cloud Workload Plug-in and also from the tab.
You can navigate to the Carbon Black Cloud console and create sensor groups and set policies to meet your organization's security needs. You can identify, investigate, and remediate potential threats from the Carbon Black Cloud console. For more information on Carbon Black Cloud, refer to the User Guide in the Help menu on the upper-right side of the Carbon Black Cloud console.
Carbon Black Cloud Workload Appliance
The Carbon Black Cloud Workload appliance is an on-premises based control point that acts as a liaison between vCenter Server and Carbon Black Cloud. The appliance collects the workload inventory data from the vCenter Server and shares the data with Carbon Black Cloud.
The appliance also provides the channel for communication between Carbon Black Cloud and NSX Manager - the strong data analysis capabilities of Carbon Black Cloud pairs with the firewall protection capabilities of NSX. You use the appliance to register an NSX integration with your Carbon Black Cloud organization. The appliance registers to the NSX via Principal Identity. It provides a certificate-based authentication, and you do not need to maintain Admin user credentials. For adding a role assignment or principal identity, see VMware NSX-T Data Center Product Documentation.
Carbon Black Cloud Workload Plug-In
The Carbon Black Cloud Workload Plug-in provides improved life-cycle management and real-time visibility directly in the vCenter Server. The plug-in provides direct visibility into processes and network connections running on a given virtual machine. The Carbon Black Cloud Workload Plug-in works in a concert with the Carbon Black Cloud to provide visibility and control for the entire security team.
vCenter Server is used to gather inventory data from your data center. The collected inventory data is used for security assignments. The Carbon Black Cloud Workload Plug-in is made available in your vCenter Server for a direct visibility.
Carbon Black Cloud
Carbon Black Cloud is a cloud-native service that consolidates multiple workload security capabilities, using a single easy-to-use console. Different teams like Infrastructure and InfoSec can have a single, shared source of truth to improve the security together.
The Carbon Black Cloud console shows alerts based on our Next Generation Anti-Virus (NGAV) detections and behavioral analytics. You use the console to view any Carbon Black Cloud alerts that trigger remediation on the protected VMs and apply tags of certain NSX-T Distributed Firewall (DFW) policies for remediation.
Carbon Black Launcher
To minimize your deployment efforts, a lightweight Carbon Black launcher is made available with VMware Tools. When you enable Carbon Black in your data center, the silent installation is triggered where the launcher downloads and installs the Carbon Black sensor on the virtual machine.
You can enable Carbon Black on Windows and Linux VMs.
- Windows Virtual Machines: For Windows VMs, the Carbon Black launcher is packaged with VMware Tools. To receive the launcher for your workloads, you must install or upgrade VMware Tools to version 11.2 or later.
- Linux Virtual Machines: For Linux VMs, you must manually install the launcher available at VMware Tools Operating System Specific Packages (OSPs). Download and install Carbon Black launcher for your guest operating system from the package repository at http://packages.vmware.com/.
The NSX Manager application provides a web-based user interface for administering your NSX environment. For information on installing, administering with, and security of the NSX Manager, see the VMware NSX Product Documentation.
Carbon Black Sensor Gateway
The Carbon Black Sensor Gateway is an on-prem component that acts as a bridge for all inbound and outbound communication between the sensors deployed on your vSphere workloads and the Carbon Black Cloud. For more information, see Installing and Using Carbon Black Sensor Gateway.