After you register the Carbon Black Cloud Workload appliance with the vCenter Server and the Carbon Black Cloud, you can register an NSX integration with your Carbon Black Cloud organization.
This is an onboarding workflow that sets up a trust between the
Carbon Black Cloud Workload appliance and the
NSX Manager appliance. After the onboarding completes, the
Carbon Black Cloud Workload appliance creates one or more pre-defined Distributed Firewall (DFW) policy templates for use by the
Carbon Black Cloud and instantiates them as a part of the initial authentication and configuration process. It creates the following NSX DFW policies and associated tags.
- CB-NSX-Quarantine – With this policy the VM workload is quarantined from the network. This is a read only policy for NSX administrators. The policy allows the following network flows:
- DHCP for IP addresses and DNS traffic for name resolution.
- HTTPS traffic to a list of FQDNs required by sensor to remain connected to Carbon Black Cloud.
- CB-NSX-Isolate – With this policy the VM workload is completely isolated from the network. This is a read only policy for NSX administrators.
- CB-NSX-Custom – Customizable by the NSX security admin. Advanced users can use such a policy to create a custom security posture.
After NSX-T integration, you can use the newly created NSX policies to remediate VM workloads within the Carbon Black Cloud console or remove already applied NSX policies from certain VM workloads.
Prerequisites
- Verify the Carbon Black Cloud Workload appliance VM is powered-on.
- Verify the SSO registration is valid.
- The Carbon Black Cloud Workload appliance must have a valid registration with both - vCenter Server and Carbon Black Cloud.
- Communication between Carbon Black Cloud and Carbon Black Cloud Workload appliance is over HTTPS.
- Communication between NSX and Carbon Black Cloud Workload appliance is over HTTPS, and uses certificate-based authentication with NSX principal identity. For information on adding a role assignment or principal identity, see VMware NSX-T Data Center Product Documentation.
- The supported NSX-T version is 3.1.3 and later.
Procedure
What to do next
You can trigger the off-boarding process for NSX by selecting and confirm the off-boarding.