AppDefense Appliance is installed on-premises typically in the management cluster. It is registered with the vCenter to get the inventory and make necessary API calls for triggering rules action defined within AppDefense. It acts as a control point for exchanging data from and to the AppDefense Manager. The mapping between AppDefense appliance and vCenter is 1:1 which means for every vCenter a dedicated AppDefense appliance must be installed and registered.
It is a SaaS service which runs on the cloud and provides complete feature set for the customers to protect their datacenter endpoints. It is a multi-tenant cloud service available as a subscription. You can use the AppDefense Manager to define the intended behavior and protection rules of your applications and then monitor security events and alerts in real time. In addition to management capabilities, the AppDefense Manager provides process reputation services, machine learning capabilities, and other additional visibility features for your environment.
AppDefense plug-in is available with vSphere Platinum i.e. vSphere 6.7U1 and onwards. When AppDefense is installed with the plug-in customers can access AppDefense from vSphere client. The AppDefense Plug-in provides improved life cycle management and real-time visibility directly in the vCenter Server. The plug-in provides direct visibility into processes and network connections running on a given virtual machine. It also provides reputation information to ensure that those behaviors are trusted. The AppDefense Plug-in works in concert with the AppDefense Service to provide visibility and control for the entire security team.
AppDefense Host Module
Host modules are the vibs which gets deployed on the ESXi host. The Host Module enables virtual machines (VMs) on that host to deploy and run AppDefense. For Windows environments, the Host Module also monitors and ensures the integrity of the Guest Module installed on the VM.
AppDefense Guest Module
Guest module is installed on every VM which must be protected by AppDefense whether Windows or Linux system. It is delivered with VMware Tools or an MSI as well. The Guest Module collects guest process and network connection information from the VM and communicates directly with the AppDefense Host Module.
Please comment below with any questions or further comments.
VMware AppDefense is a hypervisor-native workload protection platform for virtual infrastructure and security teams that delivers secure virtualization by providing deep application visibility and control. To learn more, visit www.vmware.com/appdefense .