1. Overview

DC/OS is a distributed operating system. It integrates several open-source components to enable the management of multiple machines as if they were a single computer. DC/OS is built on the Apache Mesos distributed systems kernel and the Marathon container orchestration system. This procedure was tested on Mesosphere DC/OS 1.11.

To deploy Prisma Cloud to a Kubernetes cluster running on DC/OS, see the Install Kubernetes guide.

2. Deployment architecture

Prisma Cloud Defender is deployed on every private slave node. Slave nodes run your applications. Slave nodes reside on a private subnet, so they are not accessible from outside the cluster.

3. Install Defender

Deploy Defender to all slave agents in your cluster. Use twistcli to generate the Defender app in JSON format, and then start it with the DC/OS CLI tool. By default, the Defender image is retrieved from Prisma Cloud’s cloud registry.


  • Prisma Cloud Console can be reached over the network from your slave agents.

  1. Download twistcli to a host where you’ve installed the DC/OS CLI.

    1. Open Compute Console and go to Manage > System > Downloads.

    2. Under twistcli tool, download the version for your operating system.

  2. Retrive Console’s API address (PRISMA_CLOUD_COMPUTE_CONSOLE_API_ADDR).

    1. In Prisma Cloud, go to Compute > Manage > System > Downloads.

    2. Copy the URL under Path to Console.

  3. Get Console’s service address (PRISMA_CLOUD_COMPUTE_SVC_ADDR).

    The service address can be derived from the API address by removing the protocol scheme and path. It is simply the host part of the URL. For example: <region>.cloud.twistlock.com.

  4. Generate the Defender app JSON using twistcli, where:

    • <PLATFORM> can be linux or osx.

    • <ADMIN_USER> is a Prisma Cloud Console user with a role of Defender Manager or higher.

    • <NUMBER_OF_AGENTS> is the number of private agent nodes in your cluster.

      The following command connects to Console’s API (specified in --address) as user <TWISTLOCK_USER> (specified in --user), and generates a Defender app in JSON format according to the configuration options passed to twistcli.

      $ <PLATFORM>/twistcli defender export dcos \
        --user <TWISTLOCK_USER> \
        --cluster-address <PRISMA_CLOUD_COMPUTE_SVC_ADDR> \
        --agents <NUMBER_OF_AGENTS>
  5. Deploy the Defender app on your cluster using the dcos CLI tool.

    Alternatively, you could deploy the Defender app using the DC/OS web interface, Marathon web interface, or Marathon REST API.

    $ dcos marathon app add ./dcos.json
  6. Validate the Defender app is running.

    $ dcos marathon app list