1. Overview

Prisma Cloud supports deploying Console and Defender to a DC/OS or Mesos environment, using either the Marathon or Kubernetes scheduler. Prisma Cloud recommends Kubernetes, please refer to the section on Kubernetes in this document.

The deployments for all environments are essentially the same. Console runs as a standard Docker container on one of your hosts, and a Defender instance runs on each agent node.

Before installation, load the Console and Defenders images, tag them, and then push them to a registry that can be accessed during the deployment.

The diagram below illustrates a basic Prisma Cloud deployment on DC/OS:

dcos

2. Notes on Installing Console

We recommend that you create network mountable durable storage for Console’s data. Mount this storage on any host that might run Console. This way, Console has access to its data no matter where it is deployed. We recommended that you use /var/lib/twistlock as the mount point on the host.

3. Notes on Installing Defender

Prisma Cloud Defenders are deployed to each agent node using Marathon’s application construct. Marathon applications are defined in JSON. Before loading the Defender application, update Defender image with the certificates it needs to securely communicate with Console. To do this, load the Defender image, open an interactive shell to a running instance of the Defender image, install curl into the container, then create and populate the directory that holds the certs. For complete details, see the support article here.