markrubens - Fotolia
VMware AppDefense will protect both on-premises and public cloud workloads, which enables organizations to apply AppDefense to hybrid environments. AppDefense is a managed cloud-based SaaS application. It's well-suited for protecting VM workloads in a public cloud, such as VMware Cloud on AWS, by design. But AppDefense also deploys a Security Management proxy as an on-premises appliance to protect on-premises VM workloads. This on-premises proxy interfaces with the AppDefense service in the cloud. A similar proxy -- also present in the cloud -- isolates the Security Manager service from the actual cloud infrastructure, guarding it against attack.
AppDefense is a relatively new product that requires vSphere and vCenter for on-premises operation. However, it does not implement any kind of automated remediation or provisioning for on-premises security. An enterprise will need to deploy additional VMware tools, including NSX and vRealize Automation, to execute the kind of automation and remediation capabilities found in the cloud-based service.
It's too early to tell whether AppDefense will eventually support other, non-VMware hypervisors or bare-metal workloads on premises, but it's possible that future releases of AppDefense will build support for other hypervisors and tools. In addition, a security service like AppDefense depends on reliable WAN connectivity. Any disruption in WAN connectivity can cause the AppDefense service -- as well as other public cloud infrastructure -- to become unavailable. It remains unclear exactly how connectivity problems will affect an on-premises proxy or overall application security under AppDefense.
All of this means that potential adopters will need to apply due diligence and perform proof-of-concept projects to verify the suitability and performance of AppDefense for their specific on-premises and public cloud workloads before they apply it to a hybrid environment.
The rapid evolution of security threats and high-profile security breaches has organizations scrambling to strengthen postures without imposing onerous new tools with more complexity. This can require a shift in the way that organizations handle security -- replacing traditional alert logging and manual interventions with a far more automated and orchestrated approach. VMware AppDefense is one emerging service intended to protect applications at the application layer by understanding how they work normally, watching for disparities and automatically orchestrating actions to contain and remediate any events.
Dig Deeper on Using monitoring and performance tools with VMware
Related Q&A from Stephen J. Bigelow
Get to know VMware vSphere's Admission Control tool and use it to reserve the resources necessary for VM failover with cluster resource calculations ... Continue Reading
Use heartbeats, VM monitoring and application monitoring to fully examine the causes of VM unresponsiveness. Adjust sensitivity levels to focus on ... Continue Reading
Combine Distributed Resource Scheduler and vSphere High Availability to design balanced failover clusters. Pay attention to affinity rules, which can... Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.