Deploy and configure Trend Micro Deep Security services
This part of the lab is presented as a Hands-on Labs Interactive Simulation. This will allow you to experience steps which are too time-consuming or resource intensive to do live in the lab environment. In this simulation, you can use the software interface as if you are interacting with a live environment.
The orange boxes show where to click, and the left and right arrow keys can also be used to move through the simulation in either direction.
In this Interactive Simulation, we will be configuring Trend Micro Deep Security Manager and NSX to protect vm's with agent-less antivirus.
- Click on esx-01a.corp.local to gain focus on the object.
- Click Configure.
- Note that we are in the Agent VM Settings.
- Click the Edit button to assign the default Datastore and Network settings for agent appliances.
- Click the Datastore assignment box
- Click the Datastore Local-esx01a.
- Click the Network assignment box and
- Click the Network ESXi-RegionA01-vDS-COMP.
- Click the OK button to accept the changes.
Next we will deploy the NSX Guest introspection services. From now on, we continue working on the Cluster level.
- Click the Home button at the top of the page.
- Click Networking & Security from the list.
- Click Installation and Upgrade on the Navigator menu.
- Click on Host Preparation.
- Click on RegionA01-COMP01 to verify NSX is installed and enabled.
- Click on the Service Deployments tab.
- Click the Green Plus Sign to open the Deploy Network & Security Services Wizard.
- Click Guest Introspection selection box.
- Click Next to continue.
- Click the Cluster object RegionA01-COMP01.
- Click Next to continue.
- Click the drop down box under Datastore to select the proper Datastore.
- Click Specified on-host.
- Click the drop down box under Network to select the proper Network.
- Click Specified on-host.
- Click Change in the IP Assignment column.
- Click Use IP Pool.
- Click guest-intro and t.. entry.
- Click OK.
- Click Next to continue.
- Verify your settings and click Finish.
- Verify Installation status and Service Status are "Succeeded" and "Up".
We will now go to the Trend Micro Deep Security Manager interface to continue the configuration.
- Click the Trend Micro Deep Security tab.
- Click on the Computers tab.
- Click Add.
- From the drop down menu, click on Add VMware vCenter.
- Enter vcsa-01a.corp.local for the vCenter Server.
- Click on Name and it will auto populate with "vCenter - vcsa-01a.corp.local"
- Click on User name and enter - Administrator@vsphere.local
- Click on Password and enter - VMware1!
- Click Next to continue.
- Click Accept to accept the VCSA certificate.
Configure Trend Micro Deep Security Manager to communicate with the NSX Manager.
- Enter the NSX Manager IP Address 192.168.110.42
- Click User name and enter - admin
- Click Password and enter - VMware1!
- Click Next to continue.
- Click Accept to accept the NSX manager certificate.
- Click Finish to complete the Wizard.
- Leave the check box checked to create an automatic Event-Based task and click Close.
Now that Deep Security is connected with vCenter and NSX, we can deploy the Deep Security Virtual Appliances (DSVA). Note that these appliances are deployed from vCenter and not from Deep Security Manager.
- Click on the vSphere Web Client tab.
- Click on the Green Plus Sign.
- Click on the Trend Micro Deep Security service selection.
- Click Next to continue.
- Click on Cluster object RegionA01-COMP01.
- Click Next to continue.
- Click the drop down box under Datastore to select the proper Datastore.
- Click on Specified on-host.
- Click the drop down box under Network to select the proper Network.
- Click on Specified on-host.
- Click Change in the IP Assignment column.
- Click on Use IP Pool.
- Click on guest-intro and t.. entry to select the IP Pool.
- Click OK.
- Click Next to continue
- Verify your settings and click Finish.
Now we will create a Security Group and include the VMs that will be protected by Deep Security
- Click on Service Composer in the Navigator pane.
- Click on the Green Plus Sign to create a new Security Group.
- Enter Trend_micro_security_group for the name of our new Security Group.
- Click on Next to continue.
- We will leave the membership criteria at default values, click Next to continue.
- Click on Cluster object RegionA01-COMP01.
- Click on the Arrow to move RegionA01-COMP01 to the Selected Objects group.
- Click on Next to continue.
- Click Next again to skip objects to exclude.
- Click Finish.
Next we will Create 3 security policies to redirect traffic to Trend Micro Deep Security: one policy for Guest Introspection (Anti-Malware and Integrity Monitoring) and two policies for Network Introspection (one for incoming traffic and one for outgoing traffic; both for the Intrusion Prevention Service)
- Click the Security Policies tab.
- Click on the Green Plus Sign to create a new Security Policy.
- Click on the Name field.
- Name the Policy Trend Security.
- Click Next to continue.
- Click the Green Plus Sign to start the Security Policy wizard.
- In the Name field, enter Anti-Malware.
- Click OK.
- Click Next to continue.
- Click Next again to skip firewall rule creation for now.
- Click on the Green Plus Sign to configure the Network Introspection Services.
- In the Name field, enter Incoming.
- Click on Change.
- Click on the Any selection for the Source.
- Click OK.
- Click OK to continue.
- Click on the Green Plus Sign to configure additional Network Introspection Services.
- In the Name field, enter Outgoing.
- Click OK.
- Notice both the Incoming and Outgoing services are in place. Click Finish.
Next Step - Assign Policy to a Security Group.
- Click on the Green Plus Sign to Apply the policy to a security group.
- Click the Trend_micro_security_group.
- Click OK.
Let's look at the Deep Security Manager Interface to verify........
- Click on the Trend Micro Deep Security tab.
- Click on Administration.
- Click on Event-Based Tasks under System Settings. Note that An event-based task has been created. This will automatically apply protection by Deep Security to any VM as soon as it has been created in vCenter
- Click on Computers.
- Click the Scroll Bar on the right side of the screen to scroll down. Notice that the Deep Security Policy is applied.
Navigate back to the vSphere Web Client to add the NSX filter driver plugin to the VMtools in the VMs. We will do the Interactive Method, but this can also be scripted.
- Click on the vSphere Web Client tab.
- Click on the Home button.
- Click on the selection Hosts and Clusters from the Drop down menu.
- Click on the Win10-View-01A VM in the Navigator pane.
- Click on Actions.
- Click Open Console from the drop down menu.
- Install VMware tools. Click Next to continue.
- Notice we are Customizing the VMware Tools installation, click Next to continue.
- Click the Scroll Bar to scroll down.
- Click to select NSX File Introspection.
- Click on Will be installed on local hard drive.
- Click on NSX Network Introspection.
- Click on Will be installed on local hard drive.
- Click Next to continue.
- Click Next again to continue.
- Click Install to begin the installation.
- The installation is complete, click on Finish.
- Click Yes to reboot the vm.
Let's look at the Deep Security Manager Interface to verify........
- Click the Trend Micro Deep Security tab.
- Click Dashboard.
- Notice we have 6 managed machines now.
- Click on Computers
- Click the scroll bar to scroll down.
- Notice that Win10-View-01a is Managed (Online) now.
To return to the lab, click the link in the top right corner or close this browser tab.
