Prisma Cloud supports deploying Console and Defender to a DC/OS or Mesos
environment, using either the Marathon or Kubernetes scheduler.
Prisma Cloud recommends Kubernetes, please refer to the section on
Kubernetes in this document.
The deployments for all environments are essentially the same. Console
runs as a standard Docker container on one of your hosts, and a Defender
instance runs on each agent node.
Before installation, load the Console and Defenders images, tag them,
and then push them to a registry that can be accessed during the
The diagram below illustrates a basic Prisma Cloud deployment on DC/OS:
Notes on Installing Console
We recommend that you create network mountable durable storage for
Console’s data. Mount this storage on any host that might run Console.
This way, Console has access to its data no matter where it is deployed.
We recommended that you use /var/lib/twistlock as the mount point on the
Notes on Installing Defender
Prisma Cloud Defenders are deployed to each agent node using Marathon’s
application construct. Marathon applications are defined in JSON. Before
loading the Defender application, update Defender image with the
certificates it needs to securely communicate with Console. To do this,
load the Defender image, open an interactive shell to a running instance
of the Defender image, install curl into the container, then create and
populate the directory that holds the certs. For complete details, see
the support article