Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 2181
  • Last Modified:

anyone have experience with Deep Security 9.5?

Doing a PoC of NSX and DS 9.5 and looking for anyone who has knowledge of them. Specifically your experience installing.
1 Solution
Michael WorshamInfrastructure / Solutions ArchitectCommented:
First off, what is NSX? Second, do you already have vShield enabled on your VMware ESXi environment? Trend's Deep Security requires it.
bozo1701Author Commented:
Hi: Thanx for the response. NSX is VMware's new virtualized networking product, slated for release in Q2-2014, probably make the big announcement next week at VMworld.
Yes, vShield is installed. The Deep Security 9.5 installation doesn't vary much from earlier versions. But now that the REST api is exposed, DS can make use of Vmware's Security Groups and tagging. NSX will no doubt become the standard for networking in virtual environments. I was looking for any one who went thru the pain of preparing the VMWare environment for DS 9.5. Lots of steps, lots of confusion (docs are not finalized yet). And lots of sessions at Vmworld in San Fran next week from the panel I will sit on (user experience) to deep dive technical sessions and labs.
btanExec ConsultantCommented:
For Deep Security, probably the one stop place is at their portal with the quick search for NSX and Deep Security. Couple of guidance and issues flagged that may be of interest.

Before the Deep Security Virtual Appliance (DSVA) service can be deployed on your datacenter, your ESXi servers must be prepared first by installing the drivers necessary for network traffic inspection. This operation is performed on the cluster.

known issues of Deep Security 9.5 in NSX environment, some may include

In NSX Environment, assigning IPv6 address to the Deep Security Virtual Appliance using IPv6 pool is not supported.
In NSX Environment, Layer 2 packets are not passed to the Deep Security Virtual Appliance, Therefore, these packets are bypassed (e.g. ARP).
The TLS version 1.1 and 1.2 are not supported in SSL Inspection of Intrusion Prevention feature.
It takes about 30 minutes before the appliance is ready for deployment through NSX Manager after importing the Deep Security Virtual Appliance package to the DSM. Deploying the appliance before the package is located at <DSM Install Directory>\temp will result in failure.

At least Trend Micro is also committed to escalate to VMware if there is any issue rather than having Deep Security customer looking "high and low" for assistance. Minimally DS has to be in v9.5 and VM at 5.5 above

There are closer detail guide of NSX Installation and Upgrade Guide that may be a good starter to ensure NSX is up and alright first ... VMWare tools comes with NSX Thin Agent that must be installed on each guest virtual machine to be protected

Additionally, though I am not totally savvy on vmware side but the NSX design pdf is useful in tapping NSX and designing the infra e.g. in section "Data Center Access Layer Deployment Scenarios", "Logical Switching" and "Logical Routing "

Featured Post

[Webinar] Database Backup and Recovery

Does your company store data on premises, off site, in the cloud, or a combination of these? If you answered “yes”, you need a data backup recovery plan that fits each and every platform. Watch now as as Percona teaches us how to build agile data backup recovery plan.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now