Prisma Cloud software consists of two components: Console and Defender. Palo Alto Networks hosts Console for you. To secure your environment, deploy Defender to your environment.
Console is Prisma Cloud’s management interface. It lets you define policy and monitor your environment.
Defender protects your environment according to the policies set in Console. There are a number of Defender types, each designed to protect a specific resource type.
The primary concern for most customers getting started with Prisma Cloud is securing their container environment. To do this, install Container Defender on every host that runs containers. Container orchestrators typically provide native capabilities for deploying an agent, such as Defender, to every node in the cluster. Prisma Cloud leverages these capabilities to install Defender. For example, Kubernetes and OpenShift, offer DaemonSets, which guarantee that an agent runs on every node in the cluster. Prisma Cloud Defender, therefore, is deployed in Kubernetes and OpenShift clusters as a DaemonSet.
In this section, you’ll find dedicated install guides for all popular container platforms. Each guide shows how to install Prisma Cloud for that given platform.
As you adopt other cloud-native technologies, Prisma Cloud can be extended to protect those environments too. Deploy the Defender type best suited for the job. For example, today you might use Amazon EKS (Kubernetes) clusters to run your apps. This part of your environment would be protected by Container Defender. Later you might adopt AWS Lambda functions. This part of your environment would be secured by Serverless Defender. Extending Prisma Cloud to protect other types of cloud-native technologies calls for deploying the right Defender type.
All Defenders, regardless of their type, report back to Console, letting you secure hybrid environments with a single tool. The main criteria for installing Defender is that it can connect to Console. Defender connects to Console via websocket to retrieve policies and send data. In Prisma Cloud Enterprise Edition (SaaS platform for Compute), the Defender websocket connects to Console on port 443 (not configurable).
Start your install with one of our dedicated guides.
Prisma Cloud runs on any implementation of Kubernetes, whether you build the cluster from scratch or use a managed solution (also known as Kubernetes as a service). We’ve tested and validated the install on:
In some cases, there is a dedicated section for installing on a specific cloud provider’s managed solution. When there is no dedicated section, use the generic install method.
Prisma Cloud offers native support for OpenShift.
Pivotal Container Service (PKS) is built on the latest stable OSS distribution of Kubernetes. Prisma Cloud always supports the latest version of Kubernetes, so installing Prisma Cloud on PKS is easy. Follow the standard Kubernetes install procedure.
Prisma Cloud supports Docker Swarm using Swarm-native features. Deploy Defender as a global service, which guarantees that Defender is automatically deployed to each worker node in the cluster.
To install Prisma Cloud, configure the launch configuraration for cluster members to download and run Defenders, guaranteeing that every node is protected.
Prisma Cloud supports DC/OS or Mesos clusters that use either the Kubernetes or Marathon scheduler. For the Kubernetes scheduler, use our standard Kubernetes install procedure. For the Marathon scheduler, deploy Defenders to the cluster as a Marathon application, which guarantees that each node in the cluster runs an instance of Defender.
Install Defender on Windows hosts running containers. Defender is installed using a PowerShell script.
All network traffic is encrypted with TLS (https) for user to Console communication. Likewise, all Defender to Console communication is encrypted with TLS (WSS).
Recommended For You
Recommended videos not found.