Prerequisites:

• VMware Cloud Foundation 3.7 is deployed.
• A Virtual Infrastructure (VI) workload domain has been created.
• Access to a vSphere Platinum license or an AppDefense Cloud SaaS Subscription account. You can find details on provisioning an AppDefense Cloud SaaS account at Sign up for VMware AppDefense Service (SaaS).

Note: If you have upgraded VMware Cloud Foundation from version 3.5.x to version 3.7, use the following steps to prepare the environment for AppDefense installation:

1. Download the attached 67347_vcf-projectmanager.rpm file.
2. Use a file transfer utility to copy the 67347_vcf-projectmanager.rpm file to the /tmp/ folder on SDDC Manager VM.
3. SSH to the SDDC Manager VM as the vcf user and then issue the su - command to switch to the root user.
4. Issue the following command to install the /tmp/67347_vcf-projectmanager.rpm file:

Deploy AppDefense in On-Prem Mode:

1. Use the instructions at Obtain the AppDefense Plug-In Installer to download the AppDefense Appliance OVA.
2. Use a file transfer utility to copy the AppDefense Appliance OVA to the /opt/vmware/vcf/projectmanager/ova/ folder on the SDDC Manager VM.
3. SSH to the SDDC Manager VM as the vcf user.
4. Issue the following command to set the appropriate permissions on the .ova file uploaded in Step 2:

5. Issue the following command to prepare the environment for the AppDefense installation:

6. Issue the following command to collect the id values for the management workload domain cluster and the workload domain cluster where AppDefense is being installed:

7. Open the /opt/vmware/vcf/projectmanager/templates/enable-appdefense-template.json file with a text editor.
8. Modify the requires section such that the id values obtained in Step 6 are used for the management-cluster and the workload-cluster, per the following example:

"requires": {
  "management-cluster": {
    "type": "Cluster",
    "id": "28b97c61-####-####-####-########cd71"  
  },
  "workload-cluster": {
    "type": "Cluster",
    "id": "3566a2b1f-####-####-####-########12e"   
  }
},

9. Modify the parameters section such that the following values are populated:

10. Save and close the file.
11. Issue the following command to deploy AppDefense:

Deploy AppDefense in SaaS Mode:

Prerequisites:

• Ensure that there is connectivity to the internet for VMs on the management network within VMware Cloud Foundation. This will be required for the AppDefense on-prem instance to synchronize with the Cloud Manager service.

1. Log in to your AppDefense Cloud Manager account. (For US based customers : https://appdefense.vmware.com/app/).
2. Click the settings icon > Appliance > Provision New Appliance page. The New Appliance window appears.
3. Create an appliance by entering the appliance name, and then click Provision. The appliance name is an identifier and does not need to match the actual VM name within the vCenter Server, but the best practice is to match the names. For example, Appliance.
4. The New Appliance Created window displays the URL for the manager in the region, manager UUID, and appliance API key. Keep this window open until the appliance configuration is done or note down the information as it will be used during the SaaS configuration.
5. SSH to the SDDC Manager VM as the vcf user.
6. Open the /opt/vmware/vcf/projectmanager/templates/configure-appdefense-saas-template.json file with a text editor.
7. Modify the requires section such that the AppDefense UUID value used in Step 9 (appdefense-id section) of the previous section is used for the id, per the following example:

"requires": {
    "appdefense-vm" : {
      "type" : "AppDefenseAgent",
      "id" : "<appdefense-id>"
    }
  }

8. Modify the parameters section such that the following values are populated using the AppDefense Manager URL, UUID and Key values obtained in Step 4:

"parameters": {
    "appdefense-mgr-url": {
      "type": "String",
      "value": "<AppDefense Manager URL, or leave blank if using the US default value below>",
      "defaultValue": "https://appdefense.vmware.com"
    },
    "appdefense-mgr-uuid": {
      "type" : "String",
      "value": "<AppDefense Manager UUID>"
    },
    "appdefense-mgr-key": {
      "type" : "String",
      "value": "<AppDefense Manager Key>" 
    }
  }

9. Save and close the file.
10. Issue the following command to deploy AppDefense:

Install AppDefense Guest Modules

AppDefense needs to install guest modules in guest VMs to protect the applications. A helper script for guest virtual machines running Centos and Ubuntu OSs can be used to install modules. More information to install guest modules can be found at https://docs.vmware.com/en/VMware-AppDefense/2.0/install-appdefense-plugin/GUID-BE81594E-ED34-4ED0-9A71-68EA0C58DC51.html based on your guest OS.

To use the helper script, deploy a guest VM (Centos or Ubuntu OS) in a workload domain and upload the guestmodule.sh script under /opt/vmware/vcf/projectmanager/scripts to the guest. Run this script inside the guest VM. 

Once the installation is complete you can check the status using the following commands:

/etc/init.d/vmw_glxd status
/etc/init.d/vmw_conn_notifyd status

Delete AppDefense

1. SSH to the SDDC Manager VM as the vcf user.
2. Issue a command similar to the following:

/opt/vmware/vcf/projectmanager/cli.py deleteAppDefense --id 6dc3f1bf-####-####-####-########5bcb

Note: Replace 6dc3f1bf-64d2-49af-8cfb-d4be74b85bcb with the AppDefense UUID used in your installation.

Note: If you deploy AppDefense again after deleting it, you might not see the AppDefense plugin in the vSphere Client. Use the following steps to resolve this issue:

1. Log in to the vCenter Server Appliance as the root user.
2. Issue the following commands to restart the vSphere HTML5 and Web clients:

3. Log back in to the vSphere client. The AppDefense plugin should now be present.