How can I Configure Multiple VMs for AppDefense?

Version 5

    Problem to Overcome

    During the install and configuration process of AppDefense there are multiple steps to preparing the Guest OS of the Virtual Machines you plan to protect. Today, those configuration steps require a power cycle of the Virtual Machine and a Guest OS reboot at the time of configuration. This is where our opensource Guest OS Preparation PowerCLI script can help!

     

    What does this script do?

    The steps this script performs can be summarized to the below major points in this order.

     

    1. Gathers Windows VMs using the method that you chose to define them via a menu.

    2. Starts the process of checking and configuring Guest Integrity on those VMs if they are not already configured with it.

    3. Enables the AppDefense Module within VMtools

    4. Writes log files to C:\Temp with the VMs that will need to be power cycled at your convenience.

     

    Prerequisites

    1. You must meet the minimum system/hardware/guest requirements as noted in the AppDefense documentation here: System Requirements For AppDefense

    2. Your VMs MUST be running VMtools version 10.3.2 or higher.

    3. You must have administrator@vsphere.local credentials to connect to your vCenter

    4. You must have administrator credentials to the Guest OS of all the Virtual Machines you will define. These credentials can be local administrator credentials or AD credentials.

     

    Things to consider

    This script installs the AppDefense Module within VMtools using this "msiexec", specifically this CLI: "msiexec /i <product_code> /qn /quiet /norestart REMOVE=AppDefense". We use the ADDLOCAL=AppDefense to specifically enable the AppDefense feature within VMtools. This ensures that any other features you may have installed via VMtools will not be touched by this process.

     

    *IMPORTANT* You need to Power Cycle the VMs this script installs AppDefense on in order for Guest Integrity and the AppDefense Module to start. You can schedule Power Cycles at your convenience but the VM's will not work in AppDefense until a complete Power Cycle is completed.

     

    v1.1 ChangeLog

    • Changed method of installation from using the VMtools ISO to using the existing installation MSI utilizing "msiexec" functionality. This means you no longer need to worry about the version of VMtools packaged with your ESXi hosts.
    • Increased reliability when installing VMs from a CSV file
    • Getting VMs from a CSV file will no longer count the first row containing the "Name" header as a VM name.
    • Added error handling for "Invalid Login" to certain VMs. This will no longer kill the script and instead will write the VMs you weren't able to authenticate with to a log file.
    • Increased performance
    • Increased general reliability

     

    Conclusion

    The script is attached and is named "appd_guest_prep_v1.1.ps1". We hope that you find this tool useful and please continue to provide feedback on v1.1 of this script. We couldn't make it better without your help! We will continue to develop this open source tool as AppDefense matures and time permits.

     

    Happy Automating!

     

    *Disclaimer*

    This project is open source and can be edited to your desire. Thus, VMware and its employees are not responsible for any modifications made to this script or any unexpected behavior that should result from the running of this script.

     

    Please ensure you completely understand the functions this script performs and run against test machines first to ensure proper functionality.