VMware vDefend Security Services Platform (SSP) is a software-defined security platform tightly integrated into the hypervisor layer and is the replacement for NSX Application Platform (NAPP) which was intended to build in lateral security for private cloud environments, at the hypervisor layer.
Prerequisites for SSP Configuration
- NSX Enterprise Plus license and/or with vDefend License
- NTP working on the ESX host
- Free space of around 5 TB on datastore, a VM Storage policy, storage tag and a content library
- vCPU of 100 and vMem of 500 GB free on the mgmt esx host
- SSP Installer: 1 IP from the management network is assigned manually
- SSP Node IP Pool: 16 IPs from the network where SSP nodes will run and is used for control plane + worker nodes
- SSP Service IP Pool: 11 IPs from the same network and used automatically for SSP services
- SSP requires NSX 4.2.3 or later
SSP Lab Topology
All VM’s will be deployed into our management subnet.
Log in to the Broadcom Support Portal and download the SSP Installer OVA and the SSP Package
The SSP Installer is delivered as an OVA and acts as the bootstrap engine for deploying the actual SSP platform so deploy the OVA on the management network
Once the VM is deployed and the initial setup is complete, you can log in to its web interface, upload the SSP bundle, and connect it to vCenter and NSX to begin the installation workflow
Accept the EULA
Download the SSP v5.1 package
Upload the SSP tar bundle
During the workflow:
- Enter the instance name – any name ( note -> this cant be changed later )
- Select the SSP version
- Choose deployment as 4 to start with and specify the number of worker nodes
- Provide the SSP instance and messaging FQDN
Set the admin and audit user passwords
To connect to vCenter, we need the certs for our vCenter so just browse to vCenter url and download the CA certs
Download and extract the cert file
Click Connect Now and provide:
- vCenter FQDN
Provide Credentials and for vCenter SSL certificate, click Browse and go to the extracted folder\certs\win directory and just click cert upload
Pick the cluster to deploy the SSP to our management cluster, and also pick up the storage policy and content library that’s available.
Choose the VDS and portgroup for SSP VMs. Then specify:
- Subnet CIDR
- SSP Node IP Pool
- SSP Service IP Pool
- DNS servers
- NTP servers
- DNS search domain
Click Run Pre‑Check to validate all inputs. If everything passes, start the deployment.
During deployment (typically 30–40 minutes), The SSP VM template is uploaded, Control plane and worker nodes are deployed from the template, resource pool is created for SSP VMs
The installer displays the SSP instance FQDN/IP once deployment completes
Under Instance management we can see the controllers and worker nodes deployed
Open the vCenter homepage to view instance details and health status.
That completes the deployment of the SSP installer and SSP instance so lets run a quick Ip scan to see how it is laid out
