vShield Endpoint – Trend Micro Deep Security (Part 1)

March 24, 2014 9 By Eric Shanks

If you’re a vSphere Administrator and have compliance regulations to deal with, vShield Endpoint might save you a lot of hassle.  From my own experience with PCI-DSS, it was important to limit the cardholder data environment scope.  The fewer devices that touch credit card data, the fewer items that had to be protected.  In the same breath, it was important to have Anti-Virus, malware protection, firewall rules and file integrity monitoring.  vShield Endpoint allows for all of these things to be handled in a single package.  This post looks specifically at Trend Micro’s Deep Security Product.

Preparing for vShield Endpoint

To start we need to understand that we need to have the vshield environment ready to go first.  I’ve written a getting started post that might help you get vShield App and the management appliance installed and working, so I won’t go into detail on that part again.

Once vShield Manager and App are all set, we need to deploy the vShield Endpoint Driver to the hosts that we’ll be protecting.  Again, I’ve mentioned it a few times in my previous posts, “Avoid installing vShield on the hosts that vCenter and the vShield Manager are installed on.”  I’ve found that a fairly common design is to have a Management Cluster for your vCenter and vShield Manager, and have them manage a separate cluster.  This makes it expensive for a home lab, so consider nesting VMs if you want to try this out for yourself.

Installing the endpoint host driver is fairly simple, just open the vShield Console, go to the host that you want to deploy endpoint and click the check box.

vcns-endpoint1

 

Your next step should be to build a Windows VM that will run your Trend Micro Management Console.  Again, this is a good VM to have on your management cluster.

Install the Trend Micro Deep Security Manager

Trend Micro was gracious enough to allow me to register and download a trial version of their software.  You can do likewise if you’d like to poke around on your own.  If you’re not in the mood to go the whole nine yards, hopefully this post has enough screenshots to give you a good feeling of the experience.

First we install the Security Manager on the new Windows VM we just built.  The installer is a straight forward wizard.

DeepSecurityManager-1 DeepSecurityManager-2

We have the option of using SQL, Oracle or an Embedded database to house our configuration data.  I’m a SQL guy.  😉

DeepSecurityManager-3

 

If you’ve registered with Trend Micro for the downloads, you should receive a license in your email for this step.

DeepSecurityManager-4

 

The installer would like to know the DNS name or IP address of the host you’re installing on as well as the ports.  I’ve left all ports as defaults and entered the name of my Windows VM [Endpoint.hollow.local]

DeepSecurityManager-5

 

It would be pretty difficult to sell a security product that didn’t require some sort of authentication.  Here we enter a new password for the MasterAdmin account.  Make sure you have a special character!

DeepSecurityManager-6

 

Like many (I have to assume ALL) Anti-Virus and Malware solutions, you have the ability to update over the Internet for new virus definitions.  No difference here.

DeepSecurityManager-7

 

 

Now we have the Trend Micro Deep Security Manager deployed to our environment.  The next post will explain what happens when we login.

vShield Endpoint Part 2

vShield Endpoint Part 3