Episode Transcript:
John:
Hello, and welcome back to PANCast™. We have a special guest today. Before we get started, Joy, could you tell us about yourself?
Joy:
Thanks John for having me, this is Joy and I am a Senior Technical Support Engineer for Prisma Cloud Compute with years
John:
Thanks Joy. The topic for today is Prisma Cloud Compute Defender or Defender for short. Why do we need them and how can we deploy them?
Joy:
Well I am pretty sure that all the people who are interested in Prisma Cloud Compute will agree Defenders are something they will need to deploy and utilize on a daily basis. The content I would like to share today will enable them to become more ready to learn about how to install Defender and what to watch out for when installing it on different platforms.
John:
This sounds like a lot of work. How do we Install Prisma Cloud Compute Defender in general?
Joy:
I believe we all know that Defender is a container security tool that helps you protect containerized applications from vulnerabilities and threats. Therefore installing Defenders is of great importance to secure your environment.
Well, installing Defenders is straightforward. The first step is to navigate to the “Manage” page for deploying Defenders and configuring details. This process involves specifying the deployment method for your use case, configuring the network settings and console communication details, as well as specifying the security settings for Defenders, for example, if you would like to pull Defender image from your private registry, you need to input the name of the secret for the private registry in “Advanced Settings” section.
John:
OK, what happens next when the details have been configured?
Joy:
After the details have been configured on the web console, you need to copy the installation script from the console to proceed installation. What this script does is actually download the installation package to further fetch the Defender image as well as the necessary configuration files.
Once the above process is complete, you can then install the Defender on your cloud workloads. The installation process involves deploying the Defender as a container on your cloud workloads and configuring it to communicate with the Prisma Cloud Compute management console.
After the Defender is installed and configured, it will start monitoring your workloads for security threats and vulnerabilities. It's like having a security guard watching over your cloud workloads!
John:
This is a great solution but how can I make this more resilient? Can we install Prisma Cloud Compute Defender on a cluster?
Joy:
Of course we can install Defenders on a cluster. A cluster is made of several nodes rather than a single host, so this is a bit more complicated since you need to take more things into consideration when deploying Defenders in a cluster, for example like the orchestrator and runtime version. It might sound a bit tough now but I believe it will be much easier once you get a hang of it. So now let’s take Kubernetes as an example since we are seeing more and more customers using orchestration tools like Kubernetes in their environment.
First, you need to ensure that the Kubernetes version you are running is compatible with the version of the Defender you are installing. Think of it like making sure your Defender friend is the right fit for your Kubernetes platform.
You also need to ensure that the Kubernetes nodes are configured to allow the Defender to communicate with the Prisma Cloud management console. This involves opening up the necessary network ports and configuring the Kubernetes API server to allow external communication. This will make sure Defenders have the keys to the gate! At the end of the article, you may find documents which tell you more about the connection details.
John:
If all the connection settings are in place, is there anything else we need to look out for?
Joy:
One important thing to watch out for when installing Defender on Kubernetes is the resource usage of the Defender container. Since Defenders are constantly monitoring your cloud workloads, it will need a necessary amount of resources to work properly. Therefore, you need to ensure that your Kubernetes nodes have enough resources to support the Defender without impacting the performance of your applications. Think of it like making sure Defenders have enough energy to keep watch over your cloud workloads!
There are a few more things to take into consideration when deploying Defenders in a cluster. First please pay attention to the Runtime selection when it comes to a cluster. It is not rare that we see customer ignore the setting when they are actually using “contained” as Runtime management. This could lead to Defenders being able to be installed but unable to function properly. Secondly please select “Assign globally unique names to Hosts” in Advanced Settings, the reason is that this will help avoid duplicate Defender hostnames for easier management. Sometimes without selecting this option, you will see some Defenders sharing the same hostname which can cause confusions. Last but not least, there is one setting called “Run Defenders as privileged”, please do consider your environment setup requirements before you enable or disable this setting. By running Defender as privileged, you will most possibly avoid seeing the error message like “Failed to enable process monitoring. operation not permitted” in Defender log.
John:
Great, so if we see the service does not work as expected. How do we go about troubleshooting?
Joy:
Well, now that we have understood the way of deploying Defenders on both hosts and clusters, frankly speaking, there are many common issues I have seen in the past few years. Let’s discuss some of them which you might encounter during the installation process.
While installing Prisma Cloud Compute Defender is generally a straightforward process, sometimes you may encounter issues during the installation process. Here are some common issues that you may encounter during installation and how to troubleshoot them.
What’s most commonly seen is connection issues: If the Defender is unable to connect to the Prisma Cloud management console, it may be due to a network issue. You can troubleshoot this issue by checking the network settings for the Defender container and ensuring that the necessary network ports are open. Furthermore you can check Defender logs for specific error messages to help you narrow down the problem.
Another important and hard to catch is resource issues: If the Defender is not getting the resources it requires, its functionality may be impacted as well. Especially when you are using Defenders for registry scan which is a major task for Defenders, it will require even more resources to complete the mission. You can troubleshoot this issue by reviewing the resource usage for the Defender container and adjusting the resource allocation if necessary.
John:
While resources can impact the Defender’s functionality, can compatibility cause issues?
Joy:
Good catch! Last but not least is compatibility issues: If the Defender is not compatible with your cloud platform or other components in your environment, it may not function properly. You can troubleshoot compatibility issues by reviewing the system requirements for the Defender from our official documents and ensuring that all components are compatible.
When troubleshooting with Defender installation, it's important to have a systematic approach. Start by reviewing the installation documentation and verifying that you have followed all the necessary steps. Then, review any error messages or warnings that you have encountered and try to identify the root cause of the issue. To help you better troubleshoot Defender installation issues, You can go to live.paloaltonetworks.com to check for the transcript and more useful articles. If you are unable to resolve the issue on your own, you can reach out to the Prisma Cloud support team for assistance.
John:
It certainly helps when support is just a phone call away. Joy, what would be the key takeaways for today?
Joy:
Remember these points:
With the right approach and resources, you can successfully install and configure Defenders to monitor your cloud workloads and keep your applications secure.
John:
Thank you, Joy, for sharing how Defenders can protect and secure your environment. You can find the transcript and some valuable links on live.paloaltonetworks.com under PANCast™.
Joy:
Thank you for having me here today to discuss Defender installations. Do remember the key points shared for a successful deployment. Look forward to joining you on another episode of PANCast™!
John:
PANCasters, if you have topics you need us to cover, please send in your feedback through the Ideas Submission page on LIVEcommunity, and we’ll be happy to review them.
Until next time. Bye!
Related Content:
Prisma Cloud #Defender #Twistlock SaaS Security
