Trend Micro Deep Security, a security suite providing antivirus, intrusion prevention, firewalling, url filtering and file integrity monitoring for both virtual and physical systems. For virtualized systems, Deep Security can provide you with both client-based as well as clientless solutions providing a single management solution for Virtual Desktops, servers as well as physical systems. In addition, Deep Security can integrate with VMware’s NSX, providing automated network firewalling and security options whenever deep security detects malicious activity on your systems.
In this blogpost, we’ll show how to setup a lab environment for Trend Micro Deep Security using AWS and Google Cloud capacity for both agentless as well as agent-based protection and the integration with VMware vSphere.
If you are a reseller and/or system integrator, you can build Deep Security labs like these on public cloud and use them for your sales demo, proof of concepts(POCs) and training environments. You pay hourly based on the size of your lab and only when you are using it.
You can setup an environment with Trend Micro Deep Security appliance, other servers and client systems within Ravello Systems interface, test and run it on AWS or GCE and then save it as your demo/POC/training blueprint. Then, when you need to spin multiple Trend Micro Deep Security environments across the globe for your team, you can spin them up on AWS or Google Cloud using the already saved blueprint within minutes.
Preparing your environment
For this blog, we’ve prepared the following environment in Ravello Systems.
- VMware Horizon view connection server (optional)
- Trend Micro Deep Security Manager running on Windows 2012R2
- Domain Controller
- 2 ESXi Host servers
- openfiler storage server (optional)
- Center server running on Windows 2012R2
Since we’ll mainly focus on the setup of deep security, we’ll not focus too much on the vSphere setup. Click on the link for a brief overview how to configure and deploy VMware vSphere in Ravello. In addition, here’s a detailed guide for vCenter.
Installation of Deep Security Manager
The Window hosts is added to the testlab.local domain as dsm.testlab.local. After this the latest Windows version of deep security manager is downloaded from downloadcenter.trendmicro.com.
Choose your installation language. Click ok.
Pre installation check is noticing the VM is not configured with enough resources to run a production environment, but as this is a demostration purpose this shouldn’t be a problem.
Read the license agreement and click the accept radio button when you agree. Click Next.
The Upgrade Verification runs to check if there is a previous version installed. In this demo environment we are starting with a new installation.
Change the location accordingly. Click Next.
Fill in the required external database hostnames, database instance and so on. For this demo purpose I’m using the embedded installation. Note: Do not choose the embedded database for a production environment, as the installer will tell you also…
Enter the Activation code. For this lab we’ll be using a trial license which can be acquired through this link.
Hostnames, IP adresses and port names. Change only when your environment somehow uses the ports required. Click Next.
Configure your administrator account and click next.
In this step, we’ll configure our security updates. This creates a scheduled tasks for security update (and update your procedures that these are scheduled tasks). For this demo environment we do not use a proxy server to connect to the Trend Micro site for the security updates.
Next, we’ll configure the same scheduled task for our software updates.
Enable a Relay agent for distribution of definitions and updates to the protected agents and virtual appliances in your lab environment. In this case we’ll install the relay on the management server, but in a production environment it’s recommended to install this on one or multiple separate servers.
Since this is a demo environment we’ll disable the smart feedback.
Before starting the installation, you are shown a summary with all the installation. Confirm that everything is configured correctly and select “install”.
Once the Installation is finished, allow for the DSM console to open and click finish. After logging in to the deep security manager, we should be shown the following dashboard:
Deep Security Manager Configuration
First we’ll add the vCenter we installed earlier for this lab. Open the “computers” tab, then rightclick “computers” (in the leftmost menu) and select “add VMware vCenter.
Enter the configuration details of your vCenter server, then click next. Accept the vCenter server SSL certificate and select finish.
Now that you’ve configured the vCenter configuration of Deep Security, it’s time to deploy the virtual appliances used for the agentless protection. Since we are using vSphere 6 with Trend Micro Deep security 9.6, we will not deploy the filter driver. This something to watch out for if you are reading other blog posts or if you are familiar with older versions of deep security and vsphere.
First, we’ll need to import the vSphere security appliance.Download the 9.5 virtual appliance from this link.
Once the download has completed, open “Administration”, then drill down to updates ->software -> local. Import the file you just downloaded.
After importing the package, open your vCenter in the computers view, then drill down to “hosts and clusters”. right click the host you want to protect and select “actions -> Deploy agentless security”.
Enter any name for the appliance and select the details of deployment.
Next, enter your network configuration. If you are using DHCP you can leave that enabled, for this lab we’re using static address assignment so we’ll configure the appliance with the correct network settings.
Provision the appliance as either thick or thin (your preference), and wait for the deployment to finish. Once the deployment finishes, you can continue with the activation of the Virtual appliance. Afterwards, the apliance should show up in the list of computers, and you should be able to activate virtual machines without installing the agent.
Agent based protection
First, we’ll have to add our active directory to the deep security manager. While you can also protect systems without active directory, this makes the deployment significantly easier.
Go back to “Computers”, then right click “computers” in the left menu. Select “Add Directory” and enter your AD details.
Next, we’ll create a scheduled task to synchronize the directory.
Next we’ll have to import the agent. Open “Administration”, then drill down to updates ->software -> download center. Search for “Windows”. Then, select the latest agent version, right click and select “import”. Once the import is done, Select “Support” in the top right part of the management console, then select “Deployment scripts”. Select your platform and copy the script.
After adding our active directory, we should be able to see the machines joined to the domain. Verify that you can see your machines by opening the computers tab and browsing through your list of computers.
Log in to the machine you wish to protect and run the script, which will install the agent. Normally in a production environment you’d either deploy the agent through a management tool or preinstall it in the image, but for now manual installation will suffice. After the agent has been installed, go back to the deep security manager and open the computers view. Right click one of the machines you wish to protect, and select actions -> activate/reactivate.
After a minute or so, the status of your machine should change to “managed (Online)” and your virtual machine will be protected by Trend Micro Deep Security. By opening the details of a protected computer (or creating a policy) you can enable features such as anti-malware, intrusion prevention, firewalling or one of the other security products that are integrated in Deep Security. With this setup, you should be ready to start testing the product and its extensive set of options to protect your environment.
About Ravello Systems
Ravello is the industry’s leading nested virtualization and software-defined networking SaaS. It enables enterprises to create cloud-based development, test, UAT, integration and staging environments by automatically cloning their VMware-based applications in AWS. Ravello is built by the same team that developed the KVM hypervisor in Linux.