Deep Security 9 Part 3: The Deep Security Manager
Mar21

Deep Security 9 Part 3: The Deep Security Manager

In part 1 we installed the VMware vShield part which is needed to get Trend Micro Deep Security up and running. In part 2 we created a database instance that will be used by the Deep Security Manager (DSM). In this part we’ll focus on the installation of the DSM itself. The DSM is the management interface used to manage and monitor the Deep Security environment. You will use this to deploy Deep Security Virtual Appliance (DSVA) instances as well as creating scan profiles, monitor the Deep Security infrastructure and more.

Let’s install the DSM now, first we’ll need to make sure we’ll have the right software (can be downloaded here):

After you’ve downloaded and extracted the Deep Security Manager files, doubleclick on the manager execution file

TrendDSM01

The Setup will start and in the Welcome screen Click Next

TrendDSM02

In the License Agreement screen select I accept.. and then click Next

TrendDSM03

In the Select Destination Directory screen Browse to the destination folder and Click Next

TrendDSM04

In the database screen select and setup the right Database setup (as created in part 2) and click Next

TrendDSM05

In the License screen provide your License activation code and press Next

TrendDSM06

In the Adress and Ports screen provide the FQDN of the DSM and click Next

TrendDSM07

In the credentials screen Provide a Username (MasterAdmin is standard) and a password and click Next

TrendDSM08

In the security update window leave the defaults and click Next

TrendDSM09

In the Co-located Relay screen select Yes and include AntiMalware and click Next

TrendDSM10

In the Smart Protection Network screen Enable Trend Micro Smart Feedback and click Next

TrendDSM11

In the confirm Settings click finish to install the DSM

TrendDSM12

After the installation is finished open a browser and browse to the FQDN (httpS://yourdsm.xxx:4119) of the DSM in the logon screen provide the username and password to log in to the DSM

TrendDSM13

After Login the DSM interface will look like this

TrendDSM14

In Part 4 we’ll install a Deep Security Virtual Appliance (DSVA). See you there 😉 And if you have any question please let me know.

Read More
Deep Security 9 Part 2: The Database
Mar15

Deep Security 9 Part 2: The Database

Yesterday in the first part of this blog series on installing Trend Micro Deep Security 9 we installed the VMware vShield Manager as well as the vShield Endpoint on the hosts in our environment. The last prerequisite is the setup of the database for the DSM. This Database can be an Microsoft SQL or Oracle Database. While installing the Deep Security Manager you’ll have the option to install a build in that will only be able to support about 10 VM’s…..

The Database will grow fast, and an Microsoft SQL Express Database which has a limit of 4GB will be suitable for about 50 VM’s. Take that in mind when you’re doing a Proof of concept an thinking about using this kind of database.

With all that being said, let’s setup a database for the Deep Security Manager (I’ll use SQL2012 in this case):

Open the Microsoft SQL server management Studio:

DB1

In the Connect to Server windows choose your authentication method and press Connect:

DB2

Right Click on Databases and select New Database:

DB3

Provide a name for the database, select a database owner and press OK (leave the rest default):

DB4

If everything went well the database will be created and show in the Databases tab:

DB5

This step is the last one needed to begin the install of the Trend Micro Deep Security Manager. See you next time, and again when ever you have questions please feel free to contact me 😉

Read More
Deep Security 9 Part 1: Installing the vShield Manager and Endpoint
Mar14

Deep Security 9 Part 1: Installing the vShield Manager and Endpoint

Installing Deep Security is not that hard. In this post I’ll walk you through the first step of getting Deep Security up and running in your virtual environment. The installation of vShield Manager.

In order to get Trend Micro Deep Security running a couple of prerequisites need to be in place. The prerequisites that need to be in place are:

  • The vShield Manager
  • The vShield Endpoint (installed on every host)
  • A Database (SQL or Oracle)

Let’s start with installing the vShield Manager. In order to this you’ll have to download the vShield Manager here. After the download is done, open vCenter and go to File –> Deploy OVF Template (Press picture for larger image)

vShieldM1

In the Source window Click Browse

vShieldM2

Browse to the vShield Manager OVA file and Open it

vShieldM3

Click Next in the Source window

vShieldM4

In the OVF Template Details click Next

vShieldM5

In the End User License Agreement click Accept and click Next

vShieldM6

In the Name and Location window Provide a vSM name and click Next

vShieldM7

In the Host / Cluster window select the Cluster you want the vSM to be in and click Next

vShieldM8

In the Specify a Specific Host select a host and click Next

vShieldM9

In the Storage window choose the datastore you want to use and click Next

vShieldM10

In the Disk Format window choose the format you want to use and click Next

vShieldM11

In the Ready to Complete window Select Power on after Deployment and Press Finish

vShieldM12

The deployment of the OVF will start and after this is complete open the vSM Console window

vShieldM13

vShieldM14

vShieldM15

To log in to vSM use the Default username: admin and password: default

  • Provide a IP Address
  • Subnet Mask
  • Default gateway
  • Primary (and secondary) DNS

vShieldM16

Open a webbrowser and surf to the IP address you just provided for the vSM

Log in with the admin account (user: admin pw: default)

Edit the vCenter Server settings so the vSM is able to communicate with the vSphere environment

vShieldM17

The installation of the vSM is now done. To install vShield Endpoint on the hosts perforn these steps

In vSM browse to the host you want vShield Enpoint to be installed on and click Install

vShieldM19

In the next we’ll install the Trend Micro Deep Security Manager. If you have questions, please don’t hesitate to reach out to me.

Read More
Installing VMware vShield 5 Endpoint Driver on vSphere 5 VM’s
Mar13

Installing VMware vShield 5 Endpoint Driver on vSphere 5 VM’s

In this blog post written yesterday I explained how to install the VMware vShield 1.0 Endpoint driver on VM’s in a vSphere 4.x environment. VMware made the process to install the driver a lot easier (at least the way to find the installation file ;-)) through adding the installation file to the VMtools installation procedure.

Make sure not to install the vShield 5 installations on a vSphere 4.x environment. The API’s changed to much to get Trend Micro up Deep Security and running when you do this.

To install the vShield 5 Endpoint Driver perform the following steps:

  • To install the vShield 5 Endpoint Driver you need to make sure the VMtools CD is connected:
  • Slide2
  • After you’ve connected the VMtools CD choose the Interactive Tools Upgrade option and press OK:
  • Slide3
  • In the AutoPlay screen press Run setup64.exe:
  • Slide4
  • In the VMware Tools Welcome screen press Next:
  • Slide5
  • In the Program Maintenance screen select Modify and press Next:
  • Slide6
  • In the Custom Setup screen press the + sign VMware Device Drivers:
  • Slide7
  • Scroll down and press the WMCI Driver +, press on the vShield driver Icon and select “this feature will be installed on local hard drive”. After this selection click Next.
  • Slide8
  • In the Ready to Modify the Program screen press modify to install the driver:
  • Slide9

You can check if the installation went well by doing the following steps:

  • Log in to the VMware vShield Manger server via a webbrowser (default user: admin / default password: default):
  • slide10
  • Open the Datacenters Tab, the Cluster Tab and select the ESX host that contains the VM. Open the Endpoint Tab in the right screen and if everything went well the VM will show up in the protected state (if not restart the VM)
  • slide11

That’s it! If you have a question, just ask 😉

Read More
vShield Endpoint Driver installation on vSphere 4.x
Mar12

vShield Endpoint Driver installation on vSphere 4.x

Implementing a Proof of Concept (PoC) with VMware vSphere 4.1, VMware vShield and Trend Micro Deep security I found out a couple of things the hard way. To make sure you don’t get in the same trouble I had, I will only show the installation of the vShield Endpoint Driver installation.

Very important advice: Don’t install vShield v5 in an vSphere 4.x environment

There are two ways to install the driver into a VM:

  1. Download the latest VMware Endpoint Driver (version 1.0.0 Update 2) and install the driver
  2. Download and connect the latest vSphere 4.1 VMtools ISO and install the driver

This post will be based on the second choice, so make sure to download the the latest VMtools ISO here (download the 32 an 64 bits versions)

  • First we need to make sure the ISO is connected to the VM:

slide1

  • In the screen that will popup go to the datastore that contains the ISO files. Selct the ISO and press OK:

slide2

  • Open windows explorer and go to the VMware-vShield-Endpoint-Driver on the CD:

slide3

  • In the popup screen accept the license agreement and click install:

slide4

  • After the install click Finish and restart the VM:

slide5

  • Restart the computer

You’re now done with installing the vShield Endpoint Driver installation for VMware vSphere 4.x.

Let me know if you’ve any question.

Read More