As a consultant at ITQ, I have gained extensive knowledge and experience in the field of End User Computing over the past decade. In recent years, I have also delved into the world of Cyber Security, and since 2018, I have been awarded the VMware vExpert status every year. In 2020, I was honored to be part of the first vExpert EUC subprogram, and in addition to that, I am also part of the vExpert Security subprogram since 2021. When I’m not working or spending time with my family, I enjoy sports and grilling on my BBQs.
In this blog post, I will explain how to enable Carbon Black Cloud Workload Protection by installing and configuring the server appliance. I will use my home lab environment and an ITQ Carbon Black Cloud test environment that I have access to.
First, we need to download the CBCW server appliance .ova file from my.vmware.com. After downloading the .ova file, open your vCenter management console and start “Deploy OVF Template”. Select the Local File radio button and click Upload Files. Select your downloaded CBCW Server Appliance .ova file and click Next to continue.
Enter the name of the CBCW Server Appliance and click Next. Select the cluster or host where you want to deploy the appliance and click Next. Click Next again, and then accept the license agreement and click Next. Select a datastore, select Thin Provision, and click Next. Finally, click Finish to start the installation.
The deployment of the server appliance is pretty straightforward. For the configuration, we start by powering on the CBCW Server Appliance and opening the management page in a browser. Open a browser and enter the FQDN of the Server Appliance. Log in with the root account and your created password.
First, we need to configure some settings before we can connect the appliance to the cloud. We need to configure time settings by clicking the General tab, clicking Edit, entering the IP address of your NTP server, and clicking Save. Next, we need to register the vCenter Appliance by selecting the Registration tab, clicking Edit, entering the vCenter FQDN in the SSO Hostname field, and clicking Save.
After that, we can create an API key for the CBCW Server Appliance to use. To do this, we need to head back over to the CBCW Management page. On the management page, click the Edit button at the VMware Carbon Black Cloud section. Enter the Carbon Black Cloud URL and create a unique Appliance name. Copy/paste the Org Key, API ID, and API Secret Key from the Carbon Black Cloud Management page and click Save.
Finally, we can check the active connection in the CBC Management page by going to Settings > API Access > API Keys and clicking the link in the API key name.
That’s it! With these steps, you have successfully enabled Carbon Black Cloud Workload Protection in your environment. Your system administrators and security officers/analysts can now monitor the environment for possible threats through the Carbon Black Cloud- and vCenter Management pages. If you are interested in Carbon Black Cloud Workload Protection and want a demo or need help with the installation or configuration, feel free to contact me in any way.