Rawpixel - Fotolia
The new VMware application monitoring tool AppDefense works in conjunction with virtualization products and sits between a systems hypervisor, such as vSphere, and a network hypervisor, such as NSX. The network hypervisor is typically deployed for network microsegmentation and software-defined data center implementations. This operational position both provides AppDefense with native protection -- as the hypervisor is rarely ever compromised -- and allows it to perform application monitoring. In operation, AppDefense performs three core tasks.
First, AppDefense establishes a baseline for the application. This involves analyzing a guest VM application to identify its normal behaviors and establish its normal or intended state. AppDefense can also establish intended state by gathering information from configuration management tools, such as vCenter, Puppet and vRealize Automation, and DevOps tools, such as Ansible and Jenkins. The goal of this VMware application monitoring is to create a holistic picture of what is "normal" for a specific workload and continually adjust the definition of "normal" over time as the application's configuration evolves -- for example, when the application migrates to a different server or uses more storage.
Second, AppDefense measures the state of the application against the baseline behavior established by the VMware application monitoring. This includes monitoring the application to enforce least-privilege behaviors. If AppDefense detects any behavioral anomalies or deviations, it will act to block unexpected activities or isolate the application to prevent actions deemed hazardous. The goal is to provide immediate, highly automated detection of potential attacks or other malicious activity.
Third, AppDefense attempts to correct the anomalous behavior, if possible, or simply contain and isolate the suspect application until the issue can be investigated and remediated. AppDefense can block process communication, create a snapshot of the suspect VM for further analysis and suspend or shut down a workload to prevent further malicious behavior. For example, if an application talks to a database using one network connection type or protocol, AppDefense will block any communication that tries to use any other form of network connectivity or protocol.
Learn how AppDefense deals with applications in vSphere
Evaluate more VMware AppDefense benefits
Monitor application performance in the cloud
Dig Deeper on VMware and networking
Related Q&A from Stephen J. Bigelow
Get to know VMware vSphere's Admission Control tool and use it to reserve the resources necessary for VM failover with cluster resource calculations ... Continue Reading
Use heartbeats, VM monitoring and application monitoring to fully examine the causes of VM unresponsiveness. Adjust sensitivity levels to focus on ... Continue Reading
Combine Distributed Resource Scheduler and vSphere High Availability to design balanced failover clusters. Pay attention to affinity rules, which can... Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.