vShield Endpoint – Trend Micro Deep Security (Part 2)March 24, 2014
In the first post in this series, we deployed the vShield Endpoint host driver and installed the Trend Micro Deep Security Manager on a Windows VM.
Trend Micro Deep Security Appliance Deployment
First, we need to login to the Deep Security Manager which is conveniently accessed as a web page. Go the the DNS name of the Manager that you entered during the setup wizard in part 1 of this series. Log in with the username and password that you specified.
Go to the Computers tab. You’ll notice that there aren’t a computers listed yet. We’ll need to add them by adding our vCenter. Choose New –> New Computer and then select add VMware vCenter…
Fill out the required information for your Deep Security Manager to connect to your vCenter Server.
The next step is to put in the vShield Manager login information. This is so that the Deep Security software can leverage the vShield Endpoint APIs.
Once done, you’ll see the datacenters, hosts, and virtual machines that were imported.
Now, if everything worked out, we’ll see computers listed in the console. From here, we want to choose the ESXi hosts we’re going to manage (not the management cluster) and Prepare ESX…
This operation installs the Trend Micro Filter Driver into the hypervisor. This will require putting the host into Maintenance mode so if DRS isn’t setup, you may need to manually enter maintenance mode first, otherwise this will be done for you once your VMs are moved off of the host that is being prepared.
Preparing the ESXi host requires you to install some software onto the ESXi host. This may require you to download the driver from the Trend Micro Site and import it into the Management console first. If you don’t have the driver available when you attempt to deploy the software, a warning will pop up and allow you to import the software.
Below I show how you simply select the .zip file you downloaded, and import it into the manager.
Verify the fingerprint.
Once the ESXi server is “prepared” the next step is to “Deploy Appliance…” which you can do by again right clicking the Host and navigating to Actions just as you did to Prepare the host.
This wizard deploys a virtual appliance to the selected host which will be responsible for the actual firewalling, and scanning operations that have to happen. It’s kind of a pain to deploy a VM to each host you’re protecting, but if you think about what it would normally take to install an agent on each host, this is much more efficient than running multiple agents on the same host that might all scan at the same time, or update at the same time.
Similar settings to deploying an OVA file from vCenter will need to be set. Name, Datastore, Folder and Network will still need to be setup.
Next enter a DNS name and the IP Settings to fit your needs. I’ve chosen a static IP Address.
Thin provisioned disks for me for sure!
When you’re done with the deployment of the appliance, the wizard will ask you if you would like to activate the appliance. If you decide not to, for whatever reason, you can always do this from the Management console at a later time.
Here, you can select a policy to publish to the virtual machines you’ll be protecting. Policies can be edited from the Management Console and we’ll look at them more in depth in a future post.
Select any of the virtual machines that you would like to activate as well. Again, you can do this from the management console if you don’t want to do this right now.
The preparation of the environment is now over. In the next post we’ll get more into how Trend Micro Deep Security Manager can help you manage your compliance.