---
title: VMware Tanzu installation
summary: null
url: >-
  https://www.fastly.com/documentation/guides/next-gen-waf/setup-and-configuration/paas/vmware-tanzu
---

You can deploy the Next-Gen WAF product within your [VMware Tanzu Application Service](https://techdocs.broadcom.com/us/en/vmware-tanzu/platform/tanzu-platform-for-cloud-foundry/6-0/tpcf/concepts-overview.html) by installing the Signal Sciences Service Broker service tile and then enabling the Next-Gen WAF agent.

> **NOTE:** 
>
> Fastly services interoperate with non-Fastly services only when you configure them that way. We do not provide direct support for non-Fastly services. Software or services that enable integration with non-Fastly services (such as plug-ins, extensions, and add-ons) are available under their own terms. Read Fastly's [Terms of Service](https://www.fastly.com/terms) for more information.
>
>

## Prerequisites

Prior to installing the Signal Sciences Service Broker for VMware Tanzu, you must:

- Have a VMware Tanzu license and the following products installed:

  | Product                                                                                                                                                                     | Supported versions |
  | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------ |
  | [VMware Tanzu Application Service for VMs](https://techdocs.broadcom.com/us/en/vmware-tanzu/platform/tanzu-platform-for-cloud-foundry/6-0/tpcf/concepts-overview.html)      | 2.3.3 and above    |
  | [VMware Tanzu Operations Manager](https://techdocs.broadcom.com/us/en/vmware-tanzu/platform/tanzu-operations-manager/3-0/tanzu-ops-manager/index.html)                      | 2.3.0 and above    |
  | [Stemcells (Windows)](https://techdocs.broadcom.com/us/en/vmware-tanzu/platform-services/stemcells-for-tanzu/services/stemcell-rn/windows-stemcell-v2019x.html)             | 2019.x             |
  | [Pivotal Stemcells (Ubuntu Xenial)](https://techdocs.broadcom.com/us/en/vmware-tanzu/platform-services/stemcells-for-tanzu/services/stemcell-rn/xenial-stemcell-v621x.html) | 621.x              |
  | [Stemcells (Ubuntu Jammy)](https://techdocs.broadcom.com/us/en/vmware-tanzu/platform-services/stemcells-for-tanzu/services/stemcell-rn/stemcells.html)                      | 1.44.x             |

-   [Copy the agent keys](/guides/next-gen-waf/setup-and-configuration/agent-management/accessing-agent-keys) for the site that you want the agent to be able to access. You will use the agent keys when configuring the Next-Gen WAF agent package.

## Installing the Signal Sciences Service Broker

To install and configure the Signal Sciences Service Broker for VMware Tanzu, complete the following steps:

1. Log in to the [Broadcom Support portal](https://access.broadcom.com/default/ui/v1/signin/).
2. Download the [Signal Sciences Service Broker](https://support.broadcom.com/group/ecx/downloads) product file.
3. Go to the Tanzu Operations Manager dashboard and [install and configure](https://techdocs.broadcom.com/us/en/vmware-tanzu/platform/tanzu-operations-manager/3-0/tanzu-ops-manager/install-add-delete.html) the Signal Sciences Service Broker tile. Be sure to set the `sigsci_buildpack_decorator` Buildpack Order to zero. This setting is located in the **Buildpack Settings** tab.

## Enabling the Next-Gen WAF agent

After installing the Signal Sciences Service Broker tile, embed the Next-Gen WAF agent in your app code and bind the service to your Tanzu app via the Cloud Foundry Command Line Interface (cf CLI):

1. Run the `cf set-env` command in the cf CLI to set the `SIGSCI_ACCESSKEYID` environment variable:

   ```term copy
   cf set-env tanzu-app-name "SIGSCI_ACCESSKEYID" "environment-variable-value"
   ```

   Be sure to replace `tanzu-app-name` with the name of your Tanzu app and `environment-variable-value` with your site's (also known as workspace's) [Agent Access Key](https://www.fastly.com/documentation/guides/next-gen-waf/setup-and-configuration/agent-management/accessing-agent-keys) (`accesskeyid`).

2. Run the `cf set-env` command again to set the `SIGSCI_SECRETACCESSKEY` environment variable, being sure to update `tanzu-app-name` and to replace `environment-variable-value` with your site's (workspace's) [Agent Secret Key](https://www.fastly.com/documentation/guides/next-gen-waf/setup-and-configuration/agent-management/accessing-agent-keys) (`secret-access-key`):

   ```term copy
   cf set-env tanzu-app-name "SIGSCI_SECRETACCESSKEY" "environment-variable-value"
   ```

3. _(Optional)_ Run the `cf set-env` command again to set additional environment variables, being sure to replace `tanzu-app-name`, `environment-variable-name`, and `environment-variable-value` with the appropriate information:

   ```term copy
   cf set-env tanzu-app-name "environment-variable-name" "environment-variable-value"
   ```

   The environment variables that you can configure are as follows:

   - `SIGSCI_SERVER_HOSTNAME`: the hostname for each agent. This is what gets displayed in the Signal Sciences web interface. The hostname must be a unique name per instance.
   - `SIGSCI_AGENT_VERSION`: the version of the Next-Gen WAF agent. By default, the latest version of the Next-Gen WAF agent is installed. To specify a specific version, set the variable to the desired version number.
   - `SIGSCI_REQUIRED`: whether or not the app will start when the Next-Gen WAF agent fails to start. By default, the app can start when the Next-Gen WAF agent fails to start (e.g. invalid agent keys). To ensure your app doesn't start without the agent, set the variable to `true`.

4. [Ensure your app process](https://docs.pivotal.io/application-service/2-9/devguide/deploy-apps/environment-variable.html#view-env) obtains its listening port from the `$PORT` environment variable.

5. Run the following command in the cf CLI to push the Signal Sciences buildpack and the final buildpack:

   ```term copy
   cf push tanzu-app-name -b sigsci_cloudfoundry_buildpack -b final_buildpack
   ```

   Be sure to replace `tanzu-app-name` with the name of your app and `final_buildpack` with the name of your final buildpack.

   > **IMPORTANT:** In the command, the Signal Sciences buildpack must come before the final buildpack.

## Related content

- [PaaS overview](https://www.fastly.com/documentation/guides/next-gen-waf/setup-and-configuration/paas/paas-install-intro)
- [Getting started with the agent](https://www.fastly.com/documentation/guides/next-gen-waf/setup-and-configuration/agent-management/getting-started-with-the-agent)