Carbon Black Cloud Workload Overview

Carbon Black Cloud™ Workload is a data center security product that protects your workloads running in a virtualized environment. Carbon Black Cloud Workload ensures that security is intrinsic to the virtualization environment by providing built-in protection for virtual machines.

After enabling the Carbon Black in vCenter Server, you can view the inventory protected by Carbon Black Cloud Workload and view the inventory and risk assessment dashboard that Carbon Black Cloud Workload Plug-in provides.

You can monitor and protect the data center workloads through the Carbon Black Cloud console. The Carbon Black Cloud Workload Plug-in provides deep visibility into your data center inventory and end-to-end lifecycle management for the components.

Starting with release 1.1, an integration between the Carbon Black Cloud Workload and VMware NSX-T Data Center™ allows you to trigger NSX remediation policies based on observed behaviors in Carbon Black Cloud. Any Carbon Black Cloud alert that triggers remediation on protected Virtual Machines (VMs), allows you to remediate threats using NSX-T Distributed Firewall (DFW) policies.

Carbon Black Cloud Workload consists of a few key components that interact with each other.

Components comprising the Carbon Black Cloud Workload for securing vSphere workloads.

To enable Carbon Black Cloud Workload for use with vCenter Server:

Deploy an on-premises OVF or OVA template for the Carbon Black Cloud Workload Appliance that connects the Carbon Black Cloud to the vCenter Server through a registration process.
After the registration is complete, the Carbon Black Cloud Workload Appliance deploys the Carbon Black Cloud Workload Plug-in and collects the inventory from the vCenter Server. The collected inventory data is displayed on the plug-in Inventory tab and is also communicated to the Carbon Black Cloud console.
Enable Carbon Black on the virtual machines where your application workloads are running.
After you enable Carbon Black, you can view and monitor inventory data and processes from the Carbon Black Cloud Workload Plug-in and from the VMs > Monitor tab.
Open the Carbon Black Cloud console and create sensor groups and set policies to meet your organization's security needs.
You can identify, investigate, and remediate potential threats from the Carbon Black Cloud console. See the Carbon Black Cloud User Guide.

Carbon Black Cloud Workload Appliance

The Carbon Black Cloud Workload Appliance is an on-premise control point that acts as a liaison between vCenter Server and Carbon Black Cloud. The appliance collects the workload inventory data from the vCenter Server and shares the data with Carbon Black Cloud.

The appliance provides the channel for communication between Carbon Black Cloud and NSX Manager. The strong data analysis capabilities of Carbon Black Cloud pair with the firewall protection capabilities of NSX. You can use the appliance to register an NSX integration with your Carbon Black Cloud organization. The appliance registers to the NSX through principal identity. It provides a certificate-based authentication — you do not need to maintain Admin user credentials. For adding a role assignment or principal identity, see VMware NSX-T Data Center Product Documentation.

Carbon Black Cloud Workload Plug-In

The Carbon Black Cloud Workload Plug-in provides improved life-cycle management and real-time visibility in the vCenter Server. The plug-in provides direct visibility into processes and network connections running on a given virtual machine. The Carbon Black Cloud Workload Plug-in works in concert with the Carbon Black Cloud to provide visibility and control for the security team.

vCenter Server

vCenter Server gathers inventory data from your data center. The collected inventory data is used for security assignments. The Carbon Black Cloud Workload Plug-in is made available in your vCenter Server for direct visibility.

Carbon Black Cloud

Carbon Black Cloud is a cloud-native service that consolidates multiple workload security capabilities using a single console. Teams such as Infrastructure and InfoSec can have a single, shared source of truth to improve security.

The Carbon Black Cloud console shows alerts based on Next Generation Anti-Virus (NGAV) detections and behavioral analytics. You can use the console to view any Carbon Black Cloud alerts on the protected VMs and apply tags of certain NSX-T Distributed Firewall (DFW) policies for remediation.

Carbon Black Launcher

To minimize your deployment efforts, a lightweight Carbon Black launcher is available in VMware Tools. When you enable Carbon Black in your data center, the silent installation is triggered whereby the launcher downloads and installs the Carbon Black sensor on the virtual machine.

You can enable Carbon Black on Windows and Linux VMs.

Windows Virtual Machines: For Windows VMs, the Carbon Black launcher is packaged together with VMware Tools. To receive the launcher for workloads, you must install or upgrade VMware Tools to version 11.2+.
Linux Virtual Machines: For Linux VMs, you must manually install the launcher that is available in VMware Tools Operating System Specific Packages (OSPs). Download and install Carbon Black launcher from the Broadcom Support Portal. For details, see Carbon Black Launcher for Linux VMs.

NSX Manager

The NSX Manager application provides a web-based user interface for administering your NSX environment. For information on installing, administering, and security capabilities of the NSX Manager, see the VMware NSX Product Documentation.

Carbon Black^® Sensor Gateway™

The Carbon Black^® Sensor Gateway™ is an on-prem component that acts as a bridge for all inbound and outbound communication between the sensors deployed on vSphere workloads and the Carbon Black Cloud.