September 9, 2021 By Chris Rosen 5 min read

Business is moving to container infrastructures, which has created just as many new challenges as it has opportunities.

This tutorial will guide you through deploying NeuVector on IBM Cloud and leveraging that solution within your Red Hat OpenShift on IBM Cloud cluster. Let’s dive in!

IBM and Neuvector

IBM partnered with NeuVector to bring their full lifecycle container security — from CI/CD pipeline to production — to the IBM Cloud catalog:

NeuVector enables enterprises to secure container and Kubernetes environments throughout the full application lifecycle. Deployed as a container firewall, NeuVector delivers the defense-in-depth capabilities to defeat even zero-day attacks and threats with unknown origin. Through behavioral learning, Security-as-Code and continually added capabilities like compliance templates and serverless security, NeuVector identifies vulnerabilities and abnormal behavior to neutralize all threats while automating security throughout the CI/CD pipeline and at run-time. NeuVector’s Kubernetes-native, end-to-end container security solution is now available to IBM Cloud customers through the IBM Cloud Catalog.

NeuVector protects production workloads and hosts

Detects and prevents

  • Vulnerability exploits
  • Zero-day attacks
  • Embedded malware
  • Insider, phishing attacks

Learns, allowlists and blocks

  • Unauthorized network connections
  • Unauthorized processes
  • Unauthorized file access

Deploying your NeuVector instance in IBM Cloud

  1. Log into IBM Cloud.
  2. Navigate to the Catalog and search for NeuVector, clicking on their tile.
  3. You can select a Lite instance (which will provide a free trial for 14 days applicable to 10 nodes) or a Standard Subscription (which provides full run-time security and optionally multi-cluster management). Provide the desired name for this instance. Click Create to proceed:

Using NeuVector with IBM Cloud Kubernetes Service

When deploying NeuVector to IBM Cloud Kubernetes Service, follow the instructions on the landing page that appears once the NeuVector instance is created:

Using NeuVector with Red Hat OpenShift on IBM Cloud

  1. When deploying NeuVector to the Managed OpenShift Service, follow the instructions linked lower in the instance landing page.
  2. We’ll use the OpenShift Operator model:
  3. Create the NeuVector project:
    oc new-project neuvector
  4. Back on the NeuVector instance landing page, download the Kubernetes secret manifest and apply that configuration:
  5. Now go back to the NeuVector docs page and run the following from the CLI once you are authenticated to the correct server:
    oc login -u system:admin
    
    oc -n neuvector adm policy add-scc-to-user privileged -z default
  6. From the IBM Cloud console, navigate to the OpenShift cluster that you have been working on and open the OpenShift console:
  7. Expand Operators > OperatorHub and search for NeuVector. The community version of the operator will use the latest and greatest from NeuVector (i.e., 4.3.0), whereas the certified operator may use an older version (i.e., 4.2.1):
  8. We’ll use the certified operator to install the latest. The instruction page includes the same prerequisite steps for installing the operator to your Red Hat OpenShift on IBM Cloud cluster. Click Install after verifying the cluster’s readiness:
  9. Ensure that you specify the neuvector namespace for installation and then click Install. After completion, select View Operator:
  10. On the Details tab, select Create instance:
  11. Update the name of the deployment, if desired. Click Create:
  12. Navigate to Workloads > Pods to validate the NeuVector pods are running:
  13. Alternatively, check the pod status from the CLI with oc get pods -n neuvector:
  14. Check the health under Networking > Services:
  15. Then view the NeuVector web UI under Networking > Routes. Click on the link under Location:

Configuring NeuVector

  1. Regardless of whether you are using the Kubernetes or OpenShift service, bring up the NeuVector console — logging in with the default admin username and password. Accept the EULA to continue:
  2. The first thing I like to do is change the default password under My Profile to something more secure:
  3. Once logged back in (and feeling more secure), grab the license key from the IBM Cloud NeuVector instance page and update the NeuVector console:

Next time, we’ll dig more into the NeuVector console and capabilities, but if you are as excited as I am, then check out the docs now.

Join the conversation

If you have questions or concerns, engage our team via Slack. You can register here and join the discussion in the #general channel on https://ibm-cloud-success.slack.com/.

Was this article helpful?
YesNo

More from Cloud

Think inside the box: Container use cases, examples and applications

5 min read - Container management has come a long way. For decades, managing containerized environments was a relatively simple affair. The modern idea of a computer container originally appeared back in the 1970s, with the concept first being used to help define application code on Unix systems. Modern containerization technology has moved on steadily from those early beginnings, and when companies run containers now, they’re getting a lot more utility for their investment. From small startups to large, established businesses, container frameworks have…

IBM Tech Now: February 26, 2024

< 1 min read - ​Welcome IBM Tech Now, our video web series featuring the latest and greatest news and announcements in the world of technology. Make sure you subscribe to our YouTube channel to be notified every time a new IBM Tech Now video is published. IBM Tech Now: Episode 92 On this episode, we're covering the following topics: IBM watsonx Orders EDGE3 + watsonx G2 Best of Software Awards Stay plugged in You can check out the IBM Blog Announcements for a full…

IBM Cloud delivers enterprise sovereign cloud capabilities

5 min read - As we see enterprises increasingly face geographic requirements around sovereignty, IBM Cloud® is committed to helping clients navigate beyond the complexity so they can drive true transformation with innovative hybrid cloud technologies. We believe this is particularly important with the rise of generative AI. While AI can undoubtedly offer a competitive edge to organizations that effectively leverage its capabilities, we have seen unique concerns from industry to industry and region to region that must be considered—particularly around data. We strongly…

IBM Newsletters

Get our newsletters and topic updates that deliver the latest thought leadership and insights on emerging trends.
Subscribe now More newsletters