Start Your Free Trial

Installing and configuring Trend Micro Deep Security, vSphere and NSX environment on AWS and Google Cloud

Trend Micro Deep Security, a security suite providing antivirus, intrusion prevention, firewalling, url filtering and file integrity monitoring for both virtual and physical systems. For virtualized systems, Deep Security can provide you with both client-based as well as clientless solutions providing a single management solution for Virtual Desktops, servers as well as physical systems. In addition, Deep Security can integrate with VMware’s NSX, providing automated network firewalling and security options whenever deep security detects malicious activity on your systems.

In this blogpost, we’ll show how to setup a lab environment for Trend Micro Deep Security using AWS and Google Cloud capacity for both agentless as well as agent-based protection and the integration with VMware vSphere.

If you are a reseller and/or system integrator, you can build Deep Security labs like these on public cloud and use them for your sales demo, proof of concepts(POCs) and training environments. You pay hourly based on the size of your lab and only when you are using it.
You can setup an environment with Trend Micro Deep Security appliance, other servers and client systems within Ravello Systems interface, test and run it on AWS or GCE and then save it as your demo/POC/training blueprint. Then, when you need to spin multiple Trend Micro Deep Security environments across the globe for your team, you can spin them up on AWS or Google Cloud using the already saved blueprint within minutes.

Preparing your environment

For this blog, we’ve prepared the following environment in Ravello Systems.

  1. VMware Horizon view connection server (optional)
  2. Trend Micro Deep Security Manager running on Windows 2012R2
  3. Domain Controller
  4. 2 ESXi Host servers
  5. openfiler storage server (optional)
  6. Center server running on Windows 2012R2

image09

Since we’ll mainly focus on the setup of deep security, we’ll not focus too much on the vSphere setup. Click on the link for a brief overview how to configure and deploy VMware vSphere in Ravello. In addition, here’s a detailed guide for vCenter.

Installation of Deep Security Manager

The Window hosts is added to the testlab.local domain as dsm.testlab.local. After this the latest Windows version of deep security manager is downloaded from downloadcenter.trendmicro.com.

image01

image27

Choose your installation language. Click ok.

image23

Pre installation check is noticing the VM is not configured with enough resources to run a production environment, but as this is a demostration purpose this shouldn’t be a problem.

image10

Click Next.

image26

Read the license agreement and click the accept radio button when you agree. Click Next.

The Upgrade Verification runs to check if there is a previous version installed. In this demo environment we are starting with a new installation.

image21

Change the location accordingly. Click Next.

image06

Fill in the required external database hostnames, database instance and so on. For this demo purpose I’m using the embedded installation. Note: Do not choose the embedded database for a production environment, as the installer will tell you also…

image02

Enter the Activation code. For this lab we’ll be using a trial license which can be acquired through this link.

image16

Hostnames, IP adresses and port names. Change only when your environment somehow uses the ports required. Click Next.

image28

Configure your administrator account and click next.

image19

In this step, we’ll configure our security updates. This creates a scheduled tasks for security update (and update your procedures that these are scheduled tasks). For this demo environment we do not use a proxy server to connect to the Trend Micro site for the security updates.

image04

Next, we’ll configure the same scheduled task for our software updates.

image29

Enable a Relay agent for distribution of definitions and updates to the protected agents and virtual appliances in your lab environment. In this case we’ll install the relay on the management server, but in a production environment it’s recommended to install this on one or multiple separate servers.

image22

Since this is a demo environment we’ll disable the smart feedback.

image07

Before starting the installation, you are shown a summary with all the installation. Confirm that everything is configured correctly and select “install”.

image13

Once the Installation is finished, allow for the DSM console to open and click finish. After logging in to the deep security manager, we should be shown the following dashboard:

image00

Deep Security Manager Configuration

First we’ll add the vCenter we installed earlier for this lab. Open the “computers” tab, then rightclick “computers” (in the leftmost menu) and select “add VMware vCenter.

image25

Enter the configuration details of your vCenter server, then click next. Accept the vCenter server SSL certificate and select finish.

image17

image14

Now that you’ve configured the vCenter configuration of Deep Security, it’s time to deploy the virtual appliances used for the agentless protection. Since we are using vSphere 6 with Trend Micro Deep security 9.6, we will not deploy the filter driver. This something to watch out for if you are reading other blog posts or if you are familiar with older versions of deep security and vsphere.

First, we’ll need to import the vSphere security appliance.Download the 9.5 virtual appliance from this link.

Once the download has completed, open “Administration”, then drill down to updates ->software -> local. Import the file you just downloaded.

After importing the package, open your vCenter in the computers view, then drill down to “hosts and clusters”. right click the host you want to protect and select “actions -> Deploy agentless security”.

image24

Enter any name for the appliance and select the details of deployment.

image05

Next, enter your network configuration. If you are using DHCP you can leave that enabled, for this lab we’re using static address assignment so we’ll configure the appliance with the correct network settings.

image12

Provision the appliance as either thick or thin (your preference), and wait for the deployment to finish. Once the deployment finishes, you can continue with the activation of the Virtual appliance. Afterwards, the apliance should show up in the list of computers, and you should be able to activate virtual machines without installing the agent.

Agent based protection

First, we’ll have to add our active directory to the deep security manager. While you can also protect systems without active directory, this makes the deployment significantly easier.

Go back to “Computers”, then right click “computers” in the left menu. Select “Add Directory” and enter your AD details.

image11

Next, we’ll create a scheduled task to synchronize the directory.

image08

image18

image03

Next we’ll have to import the agent. Open “Administration”, then drill down to updates ->software -> download center. Search for “Windows”. Then, select the latest agent version, right click and select “import”. Once the import is done, Select “Support” in the top right part of the management console, then select “Deployment scripts”. Select your platform and copy the script.

After adding our active directory, we should be able to see the machines joined to the domain. Verify that you can see your machines by opening the computers tab and browsing through your list of computers.

Log in to the machine you wish to protect and run the script, which will install the agent. Normally in a production environment you’d either deploy the agent through a management tool or preinstall it in the image, but for now manual installation will suffice. After the agent has been installed, go back to the deep security manager and open the computers view. Right click one of the machines you wish to protect, and select actions -> activate/reactivate.

image15

After a minute or so, the status of your machine should change to “managed (Online)” and your virtual machine will be protected by Trend Micro Deep Security. By opening the details of a protected computer (or creating a policy) you can enable features such as anti-malware, intrusion prevention, firewalling or one of the other security products that are integrated in Deep Security. With this setup, you should be ready to start testing the product and its extensive set of options to protect your environment.

About Ravello Systems

Ravello is the industry’s leading nested virtualization and software-defined networking SaaS. It enables enterprises to create cloud-based development, test, UAT, integration and staging environments by automatically cloning their VMware-based applications in AWS. Ravello is built by the same team that developed the KVM hypervisor in Linux.

Check our product demo video

Installing and configuring Trend Micro Deep Security, vSphere and NSX environment on AWS and Google Cloud