anyone have experience with Deep Security 9.5?

Posted on 2014-08-19
Last Modified: 2014-09-02
Doing a PoC of NSX and DS 9.5 and looking for anyone who has knowledge of them. Specifically your experience installing.
Question by:bozo1701
    LVL 29

    Expert Comment

    by:Michael W
    First off, what is NSX? Second, do you already have vShield enabled on your VMware ESXi environment? Trend's Deep Security requires it.

    Author Comment

    Hi: Thanx for the response. NSX is VMware's new virtualized networking product, slated for release in Q2-2014, probably make the big announcement next week at VMworld.
    Yes, vShield is installed. The Deep Security 9.5 installation doesn't vary much from earlier versions. But now that the REST api is exposed, DS can make use of Vmware's Security Groups and tagging. NSX will no doubt become the standard for networking in virtual environments. I was looking for any one who went thru the pain of preparing the VMWare environment for DS 9.5. Lots of steps, lots of confusion (docs are not finalized yet). And lots of sessions at Vmworld in San Fran next week from the panel I will sit on (user experience) to deep dive technical sessions and labs.
    LVL 60

    Accepted Solution

    For Deep Security, probably the one stop place is at their portal with the quick search for NSX and Deep Security. Couple of guidance and issues flagged that may be of interest.

    Before the Deep Security Virtual Appliance (DSVA) service can be deployed on your datacenter, your ESXi servers must be prepared first by installing the drivers necessary for network traffic inspection. This operation is performed on the cluster.

    known issues of Deep Security 9.5 in NSX environment, some may include

    In NSX Environment, assigning IPv6 address to the Deep Security Virtual Appliance using IPv6 pool is not supported.
    In NSX Environment, Layer 2 packets are not passed to the Deep Security Virtual Appliance, Therefore, these packets are bypassed (e.g. ARP).
    The TLS version 1.1 and 1.2 are not supported in SSL Inspection of Intrusion Prevention feature.
    It takes about 30 minutes before the appliance is ready for deployment through NSX Manager after importing the Deep Security Virtual Appliance package to the DSM. Deploying the appliance before the package is located at <DSM Install Directory>\temp will result in failure.

    At least Trend Micro is also committed to escalate to VMware if there is any issue rather than having Deep Security customer looking "high and low" for assistance. Minimally DS has to be in v9.5 and VM at 5.5 above

    There are closer detail guide of NSX Installation and Upgrade Guide that may be a good starter to ensure NSX is up and alright first ... VMWare tools comes with NSX Thin Agent that must be installed on each guest virtual machine to be protected

    Additionally, though I am not totally savvy on vmware side but the NSX design pdf is useful in tapping NSX and designing the infra e.g. in section "Data Center Access Layer Deployment Scenarios", "Logical Switching" and "Logical Routing "

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Free Trending Threat Insights Every Day

    Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

    The use of stolen credentials is a hot commodity this year allowing threat actors to move laterally within the network in order to avoid breach detection.
    Cybersecurity has become the buzzword of recent years and years to come. The inventions of cloud infrastructure and the Internet of Things has made us question our online safety. Let us explore how cloud- enabled cybersecurity can help us with our b…
    Teach the user how to install log collectors and how to configure ESXi 5.5 for remote logging Open console session and mount vCenter Server installer: Install vSphere Core Dump Collector: Install vSphere Syslog Collector: Open vSphere Client: Config…
    Teach the user how to join ESXi hosts to Active Directory domains Open vSphere Client: Join ESXi host to AD domain: Verify ESXi computer account in AD: Configure permissions for domain user in ESXi: Test domain user login to ESXi host:

    779 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    13 Experts available now in Live!

    Get 1:1 Help Now