[MUSIC PLAYING] The Falcon platform is a
perfect fit for the data center. It’s lightweight,
low-impact sensor means there is no special
need for a hypervisor version of the product
or complicated deployment scenarios for those
multiple environment types. In this demo, we’ll
deploy the Falcon sensor in different types
of data centers. The first two are
cloud environments using AWS and Azure. The final scenario will
cover a hybrid data center managed through vCenter. In this AWS environment, we
have a single EC2 Windows Server 2012 R2 instance. I’ll use RDP to
connect to the host. In this scenario, we’ll
log into the Falcon UI and download the installer. If you’re unfamiliar with
how to install the sensor, all resources– including installers
and user guides– are available in the
support section of the UI. In the download section, I’ll
select the Windows installer by selecting the latest build,
then clicking the Download icon. On this page is also
your customer ID, or CID. I’ll copy this, as I’ll need
it during the install process. Once the installer is
finished downloading, I’ll launch it, accept
the license agreement, and then paste my customer
ID into the designated field. Within seconds, the install
process is complete. Now to verify the
installation, I’ll use the Falcon UI by
navigating to the host app. The hosts are listed
alphabetically by hostname, but I’ll sort a
host on last seen. Since the system
just checked in, it will be at or near the top. Here we see the latest host
as WIN-0A2 dot, dot, dot. In our Windows
2012 instance, I’ll open the system information
screen to verify the hostname and here we can see
that it is the same. CrowdStrike Falcon
can be installed on any supported system, whether
that system is in a AWS cloud or on a desktop or
in a data center. In the second scenario, we
have a Windows 2016 instance in Microsoft Azure. Again, I’ll use remote desktop
to log into the instance. This time I’ve already
downloaded the installer, but I’ll still need to grab
the customer ID from the Falcon UI in the support app. Once I’ve copied the CID,
I can open the installer, accept the license agreement,
and install the sensor. Again, within a
matter of seconds, the sensor has been installed. To verify the
installation, I’ll start by opening the system window
and see the hostname– it is WIN2016-AZURE1. Then I’ll open the Falcon
UI and the host app, and sort the database
on most recently seen. Here we can see that the system
is registered with the UI and the default policy
has been applied. As you can see, deployment
on existing systems is quick and simple. You could also use
an SCCM to manage this for larger deployments. In this last section,
we’ll look at either on prem or hybrid-type
scenario that is managed through vSphere. One of the advantages
of data centers is the ability to quickly
spin up pre-configured images. This time, I’ll copy a
pre-configured Windows 2012 server template from my data
store to my resource pool. Once that is
complete, you can see the newly deployed
WINSERVER2012-DATACENTER demo in my resource pool. I’ll open the
console to the new VM and browse to my
shared folder, where I have save different
Falcon sensor versions, and drag it to my desktop. In the previous examples,
I installed the sensor with a double-click. This time, I’m going to use
the command line so that I can pass some additional arguments. The argument quite will install
without the dialog window. The next command,
no start equals 1, will install the sensor
without calling out to the cloud to get an agent
ID until after a restart. This option is
perfect for creating a template or standard
deployment image with Falcon Prevent pre-installed. To finish the install, we
still need the customer ID. So we’ll paste that in and hit
Enter to complete the install. At this point, I’ll
restart my system so the sensor can
get an agent ID. On reboot, the sensor checks
into the cloud, acquires an ID, and gets assigned a policy based
on your policy configuration. We can verify the
install in the UI. We see that our recently
deployed WIN12-TEMPLATE is now listed in the host
app in the Falcon UI. The Falcon Platform
has been built to provide best-in-class
prevention, detection, and response capabilities
for the modern data center via a lightweight agent
for Windows, Linux, or Mac OS servers. The Falcon high
performance server platform ensures complete real-time
and retrospective visibility into the servers that comprise
the modern data center. [MUSIC PLAYING]

How to Install Falcon in the Datacenter
Tagged on:         

Leave a Reply

Your email address will not be published. Required fields are marked *