Welcome to the 3rd part of the VMware vDefend SSP series. In the previous post, I discussed the deployment of the SSP installer and the SSP instance. This post focuses on demonstrating how to activate the platform features.
If you are not following along, I encourage you to read the earlier parts of this series from the links below:
1: Introduction to VMware vDefend Security Services Platform
2: Deploy & Configure SSP Instance
Onboard NSX Manager
The first step in configuring the SSP instance is to onboard NSX Manager. To do so, login to the SSP instance by typing https://<ssp-fqdn>/ and entering the admin credentials set during the deployment.
Enter the workload domain NSX Manager IP/FQDN, NSX Enterprise Admin credentials, and the NSX Manager SSL certificate.
Note: If VIP is configured for NSX Manager, upload the MGMT_CLUSTER REST VIP certificate. Otherwise, the node REST API certificate.
SSP checks the NSX manager compatibility with the SSP instance. After a successful check, click the onboard button to initiate NSX Manager onboarding.
Click Continue to finish the onboarding process.
The onboarding process takes a few minutes to complete. The platform service may be unavailable during this time while NSX synchronizes with the Security Services Platform.
Select System > Overview to verify that the newly onboarded NSX Manager and SSP are stable.
After the onboarding process is completed, you land on the Getting Started page.
Activate Platform Features
Depending on your license, you can activate the available features within the Security Services Platform. You must add an appropriate license in NSX Manager before activating SSP features.
For licensing requirements, see the NSX License Types page.
Activate Security Intelligence
Security Intelligence is an analytics platform that provides network security visibility in the SDDC, as well as accelerates the DFW network segmentation implementation by offering security policy recommendations.
Click the Run Prechecks button.
Click the Activate button after a successful precheck.
Wait for the Security Intelligence to be successfully activated.
Activate Rule Analysis
The rule analysis feature automatically analyzes DFW rules to identify inefficiencies and security misconfigurations. It helps optimize policies by flagging issues such as duplicate, redundant, or overly permissive rules, contributing to a more robust and efficient security posture.
Note: To activate the Malware Prevention Service and Network Detection and Response features, you need an NSX Advanced Threat Protection (ATP) license.
Navigate to the Host Capacity tab and ensure that the platform features are activated on the desired vSphere clusters.
Navigate to the Data Collection tab and select the vSphere clusters from which network flows will be collected. Click the Activate button and ensure the collection status displays Activated.
Validate Platform Overall Health
To check the health of platform services, navigate to the Platform & Features > Core Services tab and validate the service health.
Navigating back to the home page displays the unprotected flows and workloads. As a best practice, let SSP collect the network flows for a week before implementing microsegmentation.
And that’s it for this post.
In the next post of this series, I will demonstrate the integration of SSP with core infrastructure services. Stay tuned!!!
I hope you enjoyed reading this post. Feel free to share this post on social media if it’s worth sharing.