vShield Endpoint – Trend Micro Deep Security (Part 1)
March 24, 2014If you’re a vSphere Administrator and have compliance regulations to deal with, vShield Endpoint might save you a lot of hassle. From my own experience with PCI-DSS, it was important to limit the cardholder data environment scope. The fewer devices that touch credit card data, the fewer items that had to be protected. In the same breath, it was important to have Anti-Virus, malware protection, firewall rules and file integrity monitoring. vShield Endpoint allows for all of these things to be handled in a single package. This post looks specifically at Trend Micro’s Deep Security Product.
Preparing for vShield Endpoint
To start we need to understand that we need to have the vshield environment ready to go first. I’ve written a getting started post that might help you get vShield App and the management appliance installed and working, so I won’t go into detail on that part again.
Once vShield Manager and App are all set, we need to deploy the vShield Endpoint Driver to the hosts that we’ll be protecting. Again, I’ve mentioned it a few times in my previous posts, “Avoid installing vShield on the hosts that vCenter and the vShield Manager are installed on.” I’ve found that a fairly common design is to have a Management Cluster for your vCenter and vShield Manager, and have them manage a separate cluster. This makes it expensive for a home lab, so consider nesting VMs if you want to try this out for yourself.
Installing the endpoint host driver is fairly simple, just open the vShield Console, go to the host that you want to deploy endpoint and click the check box.
Your next step should be to build a Windows VM that will run your Trend Micro Management Console. Again, this is a good VM to have on your management cluster.
Install the Trend Micro Deep Security Manager
Trend Micro was gracious enough to allow me to register and download a trial version of their software. You can do likewise if you’d like to poke around on your own. If you’re not in the mood to go the whole nine yards, hopefully this post has enough screenshots to give you a good feeling of the experience.
First we install the Security Manager on the new Windows VM we just built. The installer is a straight forward wizard.
We have the option of using SQL, Oracle or an Embedded database to house our configuration data. I’m a SQL guy. 😉
If you’ve registered with Trend Micro for the downloads, you should receive a license in your email for this step.
The installer would like to know the DNS name or IP address of the host you’re installing on as well as the ports. I’ve left all ports as defaults and entered the name of my Windows VM [Endpoint.hollow.local]
It would be pretty difficult to sell a security product that didn’t require some sort of authentication. Here we enter a new password for the MasterAdmin account. Make sure you have a special character!
Like many (I have to assume ALL) Anti-Virus and Malware solutions, you have the ability to update over the Internet for new virus definitions. No difference here.
Now we have the Trend Micro Deep Security Manager deployed to our environment. The next post will explain what happens when we login.
I’m curious as to your experience with TM’s Deep Security product. There seems to be little commentary on the web as to its performance and effectiveness, particularly at scale in a service provider context. Juniper’s Firefly Host (formerly vGW) is explicitly marketed toward enterprise/service providers and they support it with great throughput metrics. To that end, my question comes down to this: is Deep Security appropriate for a large scale service provider?
Full Disclosure: I have not yet deployed Trend Micro Deep Security to a Production environment. My post was to give an overview of what vSphere Endpoint was capable of by allowing other vendors into the API and I chose Trend because they were one of the first.
I can only speculate that it would be good for a larger scale service provider because of the way it can manage things like Anti-Virus. With the standard AV, all the VMs might update or run system scans at the same time cause an incredible load on your infrastructure. Endpoint is smart enough to schedule these things. It SHOULD take load off the infrastructure by managing it the hypervisor level.
If you want details on this I would contact Trend Micro directly for a deep dive on the product.
[…] a bit tricky to get DS going and so it is good to see you have some good help available. Here is part 1, part 2 and part 3. Here is a link to the Deep Security 9.0 best practices. I would like to be […]
@ Benjamin,
Deep Security can scale up to 1 000 000 agents for hosting providers.
If you need information on how this works please get hold of me on @hugo_strydom.
Hugo.
trendmicro + vshield =past
trendmicro +NSX=now
is de best s0lution : special thnaks
Hi,
Please, To avoid VMs vmotions, i would like to knw if it’s good idea to install Vshield (NSX) directly on ESX root ?
Can I install both (DSM and Vshield on the same ESX root?
Thanx for your advises.
I’m not sure I follow what you’re trying to do here.
You should avoid having vShield on the same hosts that its firewalling.
Hello Eric,
Thank you for your prompt reply and lithing my questions.
So, another question.
I have 3 cluster with 15 ESX.
Should I install 15 vShields as i did for DSVA?
Or just 1/cluster ?
Thank you for your help.
Best regards,
its better( recommand ) u dont have both of them on same host
go0dluck