EUCEUC: Horizon Integrations 2020/21Day 5Integrating VMware Carbon Black with VMware Horizon (BETA)

Integrating VMware Carbon Black with VMware Horizon (BETA)

  • The following lab is an extract and application of VMware KB 79180
  • In the Knowledge Base you will notice that Full Clone as well as Instant Clone Desktop Pools are discussed.
  • In this lab we will look at the deployment of the Carbon Black Sensor in a VMware Horizon Instant Clone Pool environment

Part 1: Getting your Carbon Black and ControlCenter environment ready for Sensor Deployment

  1. On your ControlCenter server
    • Open your browser and login to your email and confirm that you have received an email from [email protected]
    • In the email select the Activate Now button
  1. In the Create Password window
    • Under Password, enter your Password . i.e VMware1!
    • Under Confirm Password, enter your Password. i.e. VMware1!
    • Select Accept
    • Select Back to Sign in
  1. On your ControlCenter server Desktop
    • Sign in, with your Activated Credentials
    • On the End User Agreement page
      • Select I accept
  1. In the Carbon Black Admin Console
    • Expand Inventory,
      • Select Endpoints
    • In the top right-corner
      • Next to Sensor Options,
        • select the dropdown
  1. In the Sensor Options list
    • Select View Company codes
  1. In the View Company Codes window
    • Copy the Registration Code
    • Save it to your Horizon Datasheet or Notepad ++ in your ControlCenter environment
    • Select Close to close the View Company Codes window
  1. In the Carbon Black Admin Console
    • Next to Sensor Options, select the dropdown
  1. In the Sensor Options list
    • Select Download sensor kits
  1. In the Download Sensor Kits window
    • Next Windows 64-bit,
      • Under SENSOR VERSION, ensure you have the latest version
      • Under ACTION, select Download Kit
  1. On your ControlCenter Server desktop
    • In your browser bar, next to installer_vista_win7.....msi, select the Dropdown
    • Select Show in folder
  1. In the File Explorer window
    • Select and right-click, your installer_vista_win7_win8-64-xxx.msi
    • Select Copy
    • Select Desktop
    • Select Software
    • Select Carbon Black
    • Paste the latest Sensor into your Carbon Black folder
      • (note, that there is an older version of the Carbon Black sensor in that folder)
    • Close your File Explorer window
  1. On your Control Center server
    • Open a new tab on your Browser
    • Select the vCenter shortcut
  1. In the VMware vSphere window
    • Login with the username : [email protected]
    • Login with the password: VMware1!
    • Select LOGIN
  1. In the VMware vSphere Admin Console
    • In the Hosts & Clusters(default)
      • Scroll down and select and right-click W10Parent01a
      • Next to Power,
        • Select Power On
  1. On the ControlCenter server desktop
    • Select the Remote Desktops folder
    • Launch the W10Parent01a.RDP shortcut
      • Login as
        • Ensure the default username is parent01a\administrator,
        • Enter the password VMware1!
      • Select OK
  1. On your ControlCenter Server
    • On your Browser open a new tab
    • In the Favourites bar, select the VMware Horizon shortcut
      • In the Username area, enter Administrator
      • In the Password area , enter VMware1!
    • Select Sign in

Due to us using a shared Saas Carbon Black Tenant and using Identical Active Directory VMs in the Class, we have to come up with a convention to deal with name conflicts within the Carbon Black Tenant.

Each of you have an Assigned Student number. We will use this student number as part of the computer name and for the Desktop Pool and the Parent image. This is to ensure that all virtual machines registration in our shared Carbon Black Tenant are unique.

If you are not sure or confused, please feel free to reach out to the session instructor for clarification. Its imperative we do this right.

 

  1. In VMware Horizon Admin Console
    • In the left pane, expand Inventory
      • Select Desktops
  1. In the Desktop Pools area
    • Select the Check Box next to Machine
      • Select Edit
  1. In the Edit Pool - W10INST window
    • Select the Provisioning Settings tab
    • In the Provisioning Settings window
      • In the Virtual Machine Naming area
        • Change W10INST to W10INST-XXX- (XXX represents your attendee number)
          • For example if your attendee number is W10INST change it to W10INST-112-
      • Select OK, to close the Edit - W10INST window
  1. In VMware Horizon Admin Console
    • In the left pane, Under Inventory
      • Select Machines
  1. In VMware Horizon Admin Console
    • In the Machines area
      • Select Machine to align the naming conventions
      • Select the checkbox, next to the W10inst1, W10inst2 and W10inst3 desktops
  1. In the Machines area
    • Select Remove
    • In the Remove Virtual Machine window,
      • Select OK

This will Remove the virtual desktops with the OLD naming convention and create new virtual desktops with your new naming convention. We explain as follows:-

  1. Switch to your W10Parent01a RDP virtual Machine session
    • On the Desktop,
      • Open the Control Panel shortcut
      • Select System and Security
      • Select System
  1. In the System window
    • Select Change settings
    • In the System Properties > Computer Name tab
      • Select Change
  1. In Computer Name / Domain Changes window
    • Under Computer name
      • Replace Parent01a, with Parent0xxx (XXX is representative of our attendee number)
        • for example if my attendee number is 114 to then my computer name is going to change to Parent0114
      • Select OK, to close the Computer Name window
      • ON the Computer Name/Domain Changes window
        • Select OK
      • Select Close , to close the System Properties window
      • ON the Microsoft Windows, restart window
        • Select Restart Later
  1. On your W10Parent01a Master image
    • Select and right-click the Start button
    • Select Run
  1. In the Run Window
    • Next to Open:
      • Type CMD
      • Select OK
  1. In the Administrator: COMMAND prompt window
    • Type IPCONFIG
    • Select Enter
    • Note your IP address for your Parent01a image.
    • Select your Start button ,
      • select Restart to reboot your Parent Image

Carry on with step 29. The reboot operation, will take about 1 min

  1. On your ControlCenter Desktop
    • Open your Remote Desktops folder
    • Select and EDIT w10Parent01a.RDP

Continue.... to step 30

  1. In the Remote Desktop Connection window
    • Next to Computer: type YOUR Ip Address for your desktop
    • Next to User name: type parent0xxx\administrator (xxx your attendee number)
    • Select Connect > Connect
    • On the Windows Security window
      • In the Password area, enter VMware1!
      • Select OK

Part 2: Deploying the VMware Carbon Black Sensor in the Master Image for a non-persistent Desktop Pool

  1. On your W10Parent01a RDP virtual Machine session
    • On the Desktop,
      • Open the Software folder shortcut
    • In the Software folder,
      • Select and open the Carbon Black folder
  1. In File-Explorer
    • Select and right-click the latest Carbon Black Sensor you downloaded (should version 3.6.x or higher)
      • select Copy
    • In the Quick Access pane
      • select This PC
    • Under Devices and drives
      • select and Open Local Disk (C:)
  1. In File-Explorer > Local Disk (C:)
    • Over a blank area, Select and right click,
      • select New
      • select Folder
      • In the Folder name, enter Sensor
  1. In File-Explorer > Local Disk (C:)
    • Select > right-Click and Open the Sensor Folder
    • In the Sensor Folder
      • Right-click and Paste
    • You should now see the latest version of the Sensor on the local C:\Sensor folder
  1. On our W10Parent01a Master Image
    • Select  > right-click the Start Button
    • Select Command Prompt (Admin)
  1. In the Administrator: Command Prompt
    • Edit the following:- In either Microsoft Word or Notepad++
    • msiexec.exe /q /i <Sensor Installer Path> /L* msi.log COMPANY_CODE="XYZABC" CLI_USERS=sid BASE_IMAGE=1 GROUP_NAME="<NAME Virtual Policy>"
      • Replace the <Sensor Installer Path>
        • with your sensor install e.g. c:\Sensor\installer_vista_win7_win8-64-3.8.0.398.msi
      • Replace COMPANY_CODE="XYZABC"
        • with your Company Code you saved. eg COMPANY_CODE="S17NA79RWX!K8OJLXA3"
      • Replace GROUP_NAME="<NAME Virtual Policy>"
        • with GROUP_NAME="Horizon Non Persistent Desktop Policy"
    • Copy the line of Code either from Notepad++ or Microsoft Word
      • On the Administrator:Command Prompt , In the top left corner Select and right-click,
        • select Edit > Paste
      • On your Keyboard, select ENTER

 

  1. On the W10Parent01a virtual Desktop
    • Select and right-click, your Taskbar
    • Select Task Manager
      • Expand More details
      • Under the Processess tab
        • Expand Background processes
          • Wait until all , Carbon Black Cloud Sensor processes are installed.
  1. On your ControlCenter server
    • Go back to our Carbon Black Cloud admin console
    • In the left-pane, select Endpoints,
      • Under DEVICE NAME, note your endpoint
  1. On your w10Parent01a VM
    • Select and right-click, the Start button
      • Select Shut down or sign out > select Shut down
  1. On your ControlCenter server
    • Switch to your vCenter server Admin Console
    • In the vSphere client, under Hosts and Clusters
      • Scroll down and select and right-click your W10Parent01a
        • Select Snapshots > Take Snapshot
  1. In the Take Snapshot window
    • Next to Name, enter Carbon Black
    • Select CREATE

Part 3: Provisioning the Horizon Desktop Pool

In this section we are going to install a Carbon Black Sensor in the Master image and perform a Push Installation of the new base image

The provisioning of the images can take up to 30 minutes.

  1. On your ControlCenter Server
    • On your Browser open a new tab
    • In the Favourites bar, select the VMware Horizon shortcut
      • In the Username area, enter Administrator
      • In the Password are , enter VMware1!
    • Select Sign in
  1. In VMware Horizon Admin Console
    • In the left pane, expand Inventory
      • Select Desktops
  1. In the Desktop Pools area
    • Double click the W10INST desktop Pool configuration
  1. In the W10INST desktop pool window
    • Select the dropdown next to Maintain
    • Select Schedule
  1. In the Schedule Push Image window
    • Under Snapshot Details, scroll down
      • Select the radio button next to the  Carbon Black SnapShot
      • Select Next
  1. In the Schedule section of the Schedule Push Image wizard
    • Select the Force users to log off radio button
    • Uncheck Stop at first error
    • Select Next
  1. In the Ready to Complete section of the Schedule Push Image wizard
    • Select Finish
  1. On your ControlCenter server
    • Switch to your vSphere Admin Console
      • In the Recent tasks , you can observe the process of updating the Desktop pool
        • A new Hierarchy has to be created first
          • Starting with the Template > Replica > Parent (depends) > Virtual Desktops
            • This will take approximately 20min
        • The new Hierarchy has to be created first
  1. On your ControlCenter server
    • Switch to your Horizon Admin Console
      • On the Desktop Pool, ensure you are on the Summary Tab
      • Scroll down until you see Pending Image
        • To the right the State should report Publishing
    • Continue to monitor these two admin consoles
      • When the provisioning is finished the State should report Published
      • This will possibly take about 30 minutes
  1. On your ControlCenter server
    • Switch to your Carbon Black Cloud admin console
      • In the Left pane, select Endpoints
        • Note your endpoint has been registered
  1. In the Carbon Black Cloud Admin Console
    • In the Inventory pane, expand Enforce
      • Select Policies
  1. In the Policies window
    • Select the pre-configured Horizon Non Persistent Desktop Policy
      • Select the Prevention tab
  1. From the Prevention tab
    • Scroll down, until you find Application(s) at path: (with notepad.exe, calc.exe and wordpad.exe)
      • For the purpose of this exercise, we configured this to Terminate process
  1. In the Horizon Non Persistent Desktop Policy
    • Select the Local Scan tab
      • Note the Scanner Config, (this is considered best practice)
        • On-Access File Scan Mode and Allow Signature Updates are set to Disabled

https://docs.vmware.com/en/VMware-Carbon-Black-Cloud/services/cbc-sensor-installation-guide/GUID-D2BC3455-B8EB-414F-A5FE-31D40C193ABE.html

  1. In the Horizon Non Persistent Desktop Policy
    • Select the Sensor tab
    • Scroll down  Note that "Auto-deregister VDI Clone sensors that have been inactive for" checkbox is enabled

Part 4. Testing the Carbon Sensor on the Horizon Instant Clone Desktop Pool

  1. On your ControlCenter server
    • Launch your VMware Horizon Client
    • Select the horizon.euc-livefire.com POD
    • Login, with your Custom username and enter VMware1! as your password
    • Select Login
    • Select W10INST
  1. On the Horizon Instant Clone virtual Desktop
    • Double-Click the Notepad shortcut
    • Note the generic message
  1. On the Horizon Instant Clone virtual Desktop
    • In the right corner of your Desktop Taskbar, select the Expand Arrow,
      • Select the Carbon Black Icon
      • Select Open
  1. On your Horizon Instant Clone virtual Desktop
    • Select the Carbon Black Cloud icon
      • Note that the "Defined Threat" was detected and Blocked, that being Notepad.exe.
    • Select OK to close the Carbon Black Cloud window
  1. On your ControlCenter desktop
    • Switch to your Carbon Black Cloud Admin Console (you might have to log off and log back in to get the admin console to refresh)
    • Select Alerts
  1. In the Carbon Black Cloud admin console
    • In the Alerts area, find your Device
    • Select the hyperlink to your Device
  1. In the Alerts Area
    • Note that notepad.exe has been blocked.

This concludes this exercise of integrating VMware Carbon Black with Horizon Virtual Desktops.

About the Author

https://www.livefire.solutions/meet-the-team/reinhartnel/

For any questions please email  Reinhart  at  [email protected]

0 Comments

Add your comment

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.