anyone have experience with Deep Security 9.5?

Doing a PoC of NSX and DS 9.5 and looking for anyone who has knowledge of them. Specifically your experience installing.
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Michael WorshamInfrastructure / Solutions ArchitectCommented:
First off, what is NSX? Second, do you already have vShield enabled on your VMware ESXi environment? Trend's Deep Security requires it.
bozo1701Author Commented:
Hi: Thanx for the response. NSX is VMware's new virtualized networking product, slated for release in Q2-2014, probably make the big announcement next week at VMworld.
Yes, vShield is installed. The Deep Security 9.5 installation doesn't vary much from earlier versions. But now that the REST api is exposed, DS can make use of Vmware's Security Groups and tagging. NSX will no doubt become the standard for networking in virtual environments. I was looking for any one who went thru the pain of preparing the VMWare environment for DS 9.5. Lots of steps, lots of confusion (docs are not finalized yet). And lots of sessions at Vmworld in San Fran next week from the panel I will sit on (user experience) to deep dive technical sessions and labs.
btanExec ConsultantCommented:
For Deep Security, probably the one stop place is at their portal with the quick search for NSX and Deep Security. Couple of guidance and issues flagged that may be of interest.

Before the Deep Security Virtual Appliance (DSVA) service can be deployed on your datacenter, your ESXi servers must be prepared first by installing the drivers necessary for network traffic inspection. This operation is performed on the cluster.

known issues of Deep Security 9.5 in NSX environment, some may include

In NSX Environment, assigning IPv6 address to the Deep Security Virtual Appliance using IPv6 pool is not supported.
In NSX Environment, Layer 2 packets are not passed to the Deep Security Virtual Appliance, Therefore, these packets are bypassed (e.g. ARP).
The TLS version 1.1 and 1.2 are not supported in SSL Inspection of Intrusion Prevention feature.
It takes about 30 minutes before the appliance is ready for deployment through NSX Manager after importing the Deep Security Virtual Appliance package to the DSM. Deploying the appliance before the package is located at <DSM Install Directory>\temp will result in failure.

At least Trend Micro is also committed to escalate to VMware if there is any issue rather than having Deep Security customer looking "high and low" for assistance. Minimally DS has to be in v9.5 and VM at 5.5 above

There are closer detail guide of NSX Installation and Upgrade Guide that may be a good starter to ensure NSX is up and alright first ... VMWare tools comes with NSX Thin Agent that must be installed on each guest virtual machine to be protected

Additionally, though I am not totally savvy on vmware side but the NSX design pdf is useful in tapping NSX and designing the infra e.g. in section "Data Center Access Layer Deployment Scenarios", "Logical Switching" and "Logical Routing "

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.