Professional Documents
Culture Documents
.J=F< 'A;JG #F;GJHGJ9L=< J=K=JN=K L@= JA?@L LG E9C= ;@9F?=K LG L@AK <G;ME=FL 9F< LG L@= HJG<M;LK <=K;JA:=< @=J=AF OAL@GML FGLA;=. B=>GJ= AFKL9DDAF? 9F< MKAF? L@= KG>LO9J=, HD=9K= J=NA=O L@= J=9<E= >AD=K, J=D=9K= FGL=K, 9F< L@= D9L=KL N=JKAGF G> L@= 9HHDA;9:D= MK=J <G;ME=FL9LAGF, O@A;@ 9J= 9N9AD9:D= >JGE L@= .J=F< 'A;JG 1=: KAL= 9L: http://www.trendmicro.com/download .J=F< 'A;JG, L@= .J=F< 'A;JG L-:9DD DG?G, D==H -=;MJALQ, CGFLJGD -=JN=J *DM?-AF, D9E9?= CD=9FMH -=JNA;=K, =-=JN=J *DM?-AF, #FL=J-;9F, (=LOGJC 0AJMK19DD, -;9F'9AD, -=JN=J*JGL=;L, 9F< .J=F<&9:K 9J= LJ9<=E9JCK GJ J=?AKL=J=< LJ9<=E9JCK G> .J=F< 'A;JG, #F;GJHGJ9L=<. ADD GL@=J HJG<M;L GJ ;GEH9FQ F9E=K E9Q := LJ9<=E9JCK GJ J=?AKL=J=< LJ9<=E9JCK G> L@=AJ GOF=JK. DG;ME=FL N=JKAGF: 1.0 DG;ME=FL FME:=J: A*E'96199/131029 ,=D=9K= <9L=: D=;=E:=J 2013 DG;ME=FL ?=F=J9L=<: D=; 13, 2013 (16:11:08)
Table of Contents
#FLJG<M;LAGF ........................................................................................................................................5
A:GML D==H -=;MJALQ ................................................................................................................................................................................6 1@9L'K (=O AF D==H -=;MJALQ 9 -*1 .....................................................................................................................................................10 A?=FL-B9K=< *JGL=;LAGF 'G<=DK.............................................................................................................................................................14 A?=FLD=KK *JGL=;LAGF 'G<=DK..................................................................................................................................................................16 "Q:JA< *JGL=;LAGF 'G<=DK ......................................................................................................................................................................19
#FKL9DD9LAGF ........................................................................................................................................21
1@9L QGM OADD (==<................................................................................................................................................................................22 -QKL=E ,=IMAJ=E=FLK .............................................................................................................................................................................28 *J=H9JAF? 9 0'O9J= EFNAJGFE=FL >GJ A?=FLD=KK *JGL=;LAGF.................................................................................................................31 #FKL9DD 9 D9L9:9K= >GJ D==H -=;MJALQ ......................................................................................................................................................34 #FKL9DDAF? 9 D9L9:9K= >GJ D==H -=;MJALQ ('MDLA-.=F9F;Q ,=IMAJ=E=FLK) ..............................................................................................35 #FKL9DD D==H -=;MJALQ '9F9?=J ...............................................................................................................................................................39 #FKL9DDAF? L@= D==H -=;MJALQ ,=D9Q.........................................................................................................................................................43 *J=H9JAF? E-2A >GJ D==H -=;MJALQ 0AJLM9D AHHDA9F;= D=HDGQE=FL .......................................................................................................46 D=HDGQAF? L@= D==H -=;MJALQ 0AJLM9D AHHDA9F;=....................................................................................................................................48 AMLGE9LA;9DDQ D=HDGQAF? 9F AHHDA9F;= >GJ -L9L=D=KK E-2A...................................................................................................................51 #FKL9DD D==H -=;MJALQ A?=FLK..................................................................................................................................................................57 #FKL9DDAF? L@= D==H -=;MJALQ (GLA>A=J......................................................................................................................................................67 EF9:D= 'MDLA-.=F9F;Q ............................................................................................................................................................................68 'MDLA-.=F9F;Q (A<N9F;=<) ....................................................................................................................................................................78 CGF>A?MJ= NCDGM< >GJ #FL=?J9LAGF OAL@ D==H -=;MJALQ ...........................................................................................................................81 CGF>A?MJ= AE9RGF EC2 ,=KGMJ;=K >GJ #FL=?J9LAGF OAL@ D==H -=;MJALQ................................................................................................85
/H?J9<AF? .........................................................................................................................................86
/H?J9<= -;=F9JAGK..................................................................................................................................................................................87 /H?J9<AF? D==H -=;MJALQ 8.0 -*2 -G>LO9J= CGEHGF=FLK .....................................................................................................................88 /H?J9<AF? >JGE D- 8.0 -*2 OAL@ A?=FLD=KK AFLA-'9DO9J= *JGL=;LAGF (#F;DM<=K MH?J9<AF? E-2/E-2A 4.1 LG 5.0, 5.1, GJ 5.5) .........91 /H?J9<AF? >JGE D==H -=;MJALQ 8.0 -*2 OAL@ A?=FLD=KK 1 9F< #*- )FDQ (/H?J9<AF? >JGE E-2/E-2A 4.1 LG 5.0, 5.1, GJ 5.5) ........95 /H?J9<AF? >JGE D==H -=;MJALQ 8.0 -*2 OAL@ #F-?M=KL A?=FL-B9K=< *JGL=;LAGF )FDQ ..........................................................................98 /H?J9<= D==H -=;MJALQ A?=FLK ..............................................................................................................................................................99 /H?J9<= L@= D==H -=;MJALQ (GLA>A=J.....................................................................................................................................................100
AHH=F<A;=K .....................................................................................................................................123
-MHHGJL=< =9LMJ=K :Q *D9L>GJE ...........................................................................................................................................................124 D==H -=;MJALQ '9F9?=J -=LLAF?K *JGH=JLA=K AD=..................................................................................................................................126 D==H -=;MJALQ '9F9?=J '=EGJQ /K9?= ..............................................................................................................................................133 D==H -=;MJALQ 0AJLM9D AHHDA9F;= '=EGJQ /K9?= ................................................................................................................................134 *=J>GJE9F;= =9LMJ=K ...........................................................................................................................................................................135 CJ=9LAF? 9F --& AML@=FLA;9LAGF C=JLA>A;9L= .........................................................................................................................................137 'AFAEME 0'O9J= *JANAD=?=K >GJ D-0A D=HDGQE=FL ........................................................................................................................140 /FAFKL9DDAF? D==H -=;MJALQ ..................................................................................................................................................................143 J=IM=FLDQ AKC=< +M=KLAGFK ................................................................................................................................................................148 .JGM:D=K@GGLAF?....................................................................................................................................................................................150
Introduction
Protection Modules
Anti-Malware
Integrates with VMware environments for agentless protection, or provides an agent to defend physical servers and virtual desktops in local mode. #FL=?J9L=K F=O 0'O9J= N-@A=D< EF<HGAFL A*#K LG HJGNA<= 9?=FLD=KK 9FLA-E9DO9J= HJGL=;LAGF >GJ 0'O9J= NAJLM9D E9;@AF=K OAL@ R=JG AF-?M=KL >GGLHJAFL. "=DHK 9NGA< K=;MJALQ :JGOF-GMLK ;GEEGFDQ K==F AF >MDD KQKL=E K;9FK 9F< H9LL=JF MH<9L=K. ADKG HJGNA<=K 9?=FL-:9K=< 9FLA-E9DO9J= LG HJGL=;L H@QKA;9D K=JN=JK, "QH=J-0 9F< 2=F-:9K=< NAJLM9D K=JN=JK, HM:DA; ;DGM< K=JN=JK 9K O=DD 9K NAJLM9D <=KCLGHK AF DG;9D EG<=. CGGJ<AF9L=K HJGL=;LAGF OAL@ :GL@ 9?=FLD=KK 9F< 9?=FL-:9K=< >GJE >9;LGJK LG HJGNA<= 9<9HLAN= K=;MJALQ LG <=>=F< NAJLM9D K=JN=JK 9K L@=Q EGN= :=LO==F L@= <9L9 ;=FL=J 9F< HM:DA; ;DGM<.
Web Reputation
Strengthens protection against web threats for servers and virtual desktops. #FL=?J9L=K OAL@ L@= .J=F< 'A;JGU -E9JL *JGL=;LAGF (=LOGJCU O=: J=HML9LAGF ;9H9:ADALA=K LG K9>=?M9J< MK=JK 9F< 9HHDA;9LAGFK :Q :DG;CAF? 9;;=KK LG E9DA;AGMK MJDK. *JGNA<=K K9E= ;9H9:ADALQ AF NAJLM9D =FNAJGFE=FLK AF 9?=FLD=KK EG<= L@JGM?@ L@= K9E= NAJLM9D 9HHDA9F;= L@9L 9DKG <=DAN=JK 9?=FLD=KK K=;MJALQ L=;@FGDG?A=K >GJ ?J=9L=J K=;MJALQ OAL@GML 9<<=< >GGLHJAFL.
Firewall
Decreases the attack surface of your physical and virtual servers. C=FLJ9DAR=K E9F9?=E=FL G> K=JN=J >AJ=O9DD HGDA;Q MKAF? 9 :A-<AJ=;LAGF9D KL9L=>MD >AJ=O9DD. -MHHGJLK NAJLM9D E9;@AF= RGFAF? 9F< HJ=N=FLK D=FA9D G> -=JNA;= 9LL9;CK. *JGNA<=K :JG9< ;GN=J9?= >GJ 9DD #*-:9K=< HJGLG;GDK 9F< >J9E= LQH=K 9K O=DD 9K >AF=-?J9AF=< >ADL=JAF? >GJ HGJLK 9F< #* 9F< 'AC 9<<J=KK=K.
Intrusion Prevention
Shields known vulnerabilities from unlimited exploits until they can be patched. "=DHK 9;@A=N= LAE=DQ HJGL=;LAGF 9?9AFKL CFGOF 9F< R=JG-<9Q 9LL9;CK. /K=K NMDF=J9:ADALQ JMD=K LG K@A=D< 9 CFGOF NMDF=J9:ADALQ -- >GJ =P9EHD= L@GK= <AK;DGK=< EGFL@DQ :Q 'A;JGKG>L -- >JGE 9F MFDAEAL=< FME:=J G> =PHDGALK. )>>=JK GML-G>-L@=-:GP NMDF=J9:ADALQ HJGL=;LAGF >GJ GN=J 100 9HHDA;9LAGFK, AF;DM<AF? <9L9:9K=, O=:, =E9AD 9F< .* K=JN=JK. AMLGE9LA;9DDQ <=DAN=JK JMD=K L@9L K@A=D< F=ODQ <AK;GN=J=< NMDF=J9:ADALA=K OAL@AF @GMJK, 9F< ;9F := HMK@=< GML LG L@GMK9F<K G> K=JN=JK AF EAFML=K, OAL@GML 9 KQKL=E J=:GGL. Defends against web application vulnerabilities EF9:D=K ;GEHDA9F;= OAL@ *C# ,=IMAJ=E=FL 6.6 >GJ L@= HJGL=;LAGF G> O=: 9HHDA;9LAGFK 9F< L@= <9L9 L@9L L@=Q HJG;=KK. D=>=F<K 9?9AFKL -+& AFB=;LAGFK 9LL9;CK, ;JGKK-KAL= K;JAHLAF? 9LL9;CK, 9F< GL@=J O=: 9HHDA;9LAGF NMDF=J9:ADALA=K. -@A=D<K NMDF=J9:ADALA=K MFLAD ;G<= >AP=K ;9F := ;GEHD=L=<. Identifies malicious software accessing the network #F;J=9K=K NAKA:ADALQ AFLG, GJ ;GFLJGD GN=J, 9HHDA;9LAGFK 9;;=KKAF? L@= F=LOGJC. #<=FLA>A=K E9DA;AGMK KG>LO9J= 9;;=KKAF? L@= F=LOGJC 9F< J=<M;=K L@= NMDF=J9:ADALQ =PHGKMJ= G> QGMJ K=JN=JK.
Integrity Monitoring
Detects and reports malicious and unexpected changes to files and systems registry in real time. Now available in agentless form factor. *JGNA<=K 9<EAFAKLJ9LGJK OAL@ L@= 9:ADALQ LG LJ9;C :GL@ 9ML@GJAR=< 9F< MF9ML@GJAR=< ;@9F?=K E9<= LG L@= AFKL9F;=. .@= 9:ADALQ LG <=L=;L MF9ML@GJAR=< ;@9F?=K AK 9 ;JALA;9D ;GEHGF=FL AF QGMJ ;DGM< K=;MJALQ KLJ9L=?Q 9K AL HJGNA<=K L@= NAKA:ADALQ AFLG ;@9F?=K L@9L ;GMD< AF<A;9L= L@= ;GEHJGEAK= G> 9F AFKL9F;=.
Log Inspection
Provides visibility into important security events buried in log files. )HLAEAR=K L@= A<=FLA>A;9LAGF G> AEHGJL9FL K=;MJALQ =N=FLK :MJA=< AF EMDLAHD= DG? =FLJA=K 9;JGKK L@= <9L9 ;=FL=J. GJO9J<K KMKHA;AGMK =N=FLK LG 9 -#E' KQKL=E GJ ;=FLJ9DAR=< DG??AF? K=JN=J >GJ ;GJJ=D9LAGF, J=HGJLAF? 9F< 9J;@ANAF?. &=N=J9?=K 9F< =F@9F;=K GH=F-KGMJ;= KG>LO9J= 9N9AD9:D= 9L )--EC.
T Deep Security Manager, L@= ;=FLJ9DAR=< 1=:-:9K=< E9F9?=E=FL ;GFKGD= O@A;@ 9<EAFAKLJ9LGJK MK= LG ;GF>A?MJ= K=;MJALQ HGDA;Q 9F< <=HDGQ HJGL=;LAGF LG L@= =F>GJ;=E=FL ;GEHGF=FLK: L@= D==H -=;MJALQ 0AJLM9D AHHDA9F;= 9F< L@= D==H -=;MJALQ A?=FL. T Deep Security Virtual Appliance AK 9 K=;MJALQ NAJLM9D E9;@AF= :MADL >GJ 0'O9J= N-H@=J= =FNAJGFE=FLK L@9L A?=FLD=KKDQ HJGNA<=K AFLA-'9DO9J=, 1=: ,=HML9LAGF -=JNA;=, AJ=O9DD, #FLJMKAGF *J=N=FLAGF, 9F< #FL=?JALQ 'GFALGJAF? HJGL=;LAGF LG NAJLM9D E9;@AF=K. T Deep Security Agent AK 9 K=;MJALQ 9?=FL <=HDGQ=< <AJ=;LDQ GF 9 ;GEHML=J O@A;@ HJGNA<=K AFLA'9DO9J=, 1=: ,=HML9LAGF -=JNA;=, AJ=O9DD, #FLJMKAGF *J=N=FLAGF, #FL=?JALQ 'GFALGJAF?, 9F< &G? #FKH=;LAGF HJGL=;LAGF LG ;GEHML=JK GF O@A;@ AL AK AFKL9DD=<. T Deep Security Relay: .@= D==H -=;MJALQ ,=D9Q <=DAN=JK -=;MJALQ /H<9L=K LG L@= A?=FLK 9F< 0AJLM9D AHHDA9F;=K. (.@= ,=D9Q @9K 9F =E:=<<=< A?=FL LG HJGNA<= DG;9D HJGL=;LAGF GF ALK @GKL E9;@AF=.) T Deep Security Notifier: .@= D==H -=;MJALQ (GLA>A=J AK 9 1AF<GOK -QKL=E .J9Q 9HHDA;9LAGF L@9L ;GEEMFA;9L=K AF>GJE9LAGF GF L@= DG;9D ;GEHML=J 9:GML K=;MJALQ KL9LMK 9F< =N=FLK, 9F<, AF L@= ;9K= G> D==H -=;MJALQ ,=D9QK, 9DKG HJGNA<=K AF>GJE9LAGF 9:GML L@= -=;MJALQ /H<9L=K :=AF? <AKLJA:ML=< >JGE L@= DG;9D E9;@AF=.
*GDA;A=K 9J= L=EHD9L=K L@9L KH=;A>Q L@= K=LLAF?K 9F< K=;MJALQ JMD=K LG := ;GF>A?MJ=< 9F< =F>GJ;=< 9MLGE9LA;9DDQ >GJ GF= GJ EGJ= ;GEHML=JK. .@=K= ;GEH9;L, E9F9?=9:D= JMD= K=LK E9C= AL KAEHD= LG HJGNA<= ;GEHJ=@=FKAN= K=;MJALQ OAL@GML L@= F==< LG E9F9?= L@GMK9F<K G> JMD=K. D=>9MDL *GDA;A=K HJGNA<= L@= F=;=KK9JQ JMD=K >GJ 9 OA<= J9F?= G> ;GEEGF ;GEHML=J ;GF>A?MJ9LAGFK.
Dashboard
.@= ;MKLGEAR9:D=, O=:-:9K=< /# E9C=K AL =9KQ LG IMA;CDQ F9NA?9L= 9F< <JADD <GOF LG KH=;A>A; AF>GJE9LAGF. #L HJGNA<=K: T T T T EPL=FKAN= KQKL=E, =N=FL 9F< ;GEHML=J J=HGJLAF?, OAL@ <JADD-<GOF ;9H9:ADALA=K !J9H@K G> C=Q E=LJA;K OAL@ LJ=F<K, OAL@ <JADD-<GOF D=L9AD=< =N=FL DG?K, OAL@ <JADD-<GOF A:ADALQ LG K9N= EMDLAHD= H=JKGF9DAR=< <9K@:G9J< D9QGMLK
Built-in Security
,GD=-:9K=< 9;;=KK 9DDGOK EMDLAHD= 9<EAFAKLJ9LGJK (/K=JK), =9;@ OAL@ <A>>=J=FL K=LK G> 9;;=KK 9F< =<ALAF? JA?@LK, LG =<AL 9F< EGFALGJ <A>>=J=FL 9KH=;LK G> L@= KQKL=E 9F< J=;=AN= AF>GJE9LAGF 9HHJGHJA9L= LG L@=E. DA?AL9D KA?F9LMJ=K 9J= MK=< LG 9ML@=FLA;9L= KQKL=E ;GEHGF=FLK 9F< N=JA>Q L@= AFL=?JALQ G> JMD=K. -=KKAGF =F;JQHLAGF HJGL=;LK L@= ;GF>A<=FLA9DALQ G> AF>GJE9LAGF =P;@9F?=< :=LO==F ;GEHGF=FLK.
Supported Platforms
D==H -=;MJALQ 9 -*1 KMHHGJLK KGE= 9<<ALAGF9D HD9L>GJEK AF;DM<AF? -GD9JAK 11, "*/2, 9F< A#2. GJ 9 DAKL G> ;MJJ=FLDQ KMHHGJL=< HD9L>GJEK, K== System Requirements (page 28).
Deep Security 9
Multi-Tenancy
'MDLA-.=F9F;Q D=LK QGM ;J=9L= AF<=H=F<=FL AFKL9DD9LAGFK G> D==H -=;MJALQ OAL@AF QGMJ =FL=JHJAK=. 3GM ;9F ;J=9L= D==H -=;MJALQ .=F9F;A=K >GJ AF<ANA<M9D <=H9JLE=FLK GJ DAF=K G> :MKAF=KK OAL@AF QGMJ GJ?9FAR9LAGF. E9;@ .=F9FL @9K 9;;=KK LG 9DD L@= >MF;LAGF9DALQ G> D==H -=;MJALQ =P;=HL ;GJ= KQKL=E K=LLAF?K. .=F9FLK ;9F := E9<= J=KHGFKA:D= >GJ L@= ;J=9LAGF 9F< E9F9?=E=FL L@=AJ GOF 9KK=LK, /K=JK, *GDA;A=K 9F< ,MD=K AF<=H=F<=FLDQ G> GL@=J .=F9FLK. (G .=F9FL'K 9KK=LK GJ K=;MJALQ ;GEHGF=FLK 9J= NAKA:D= LG 9FQ GL@=J .=F9FLK. E9;@ .=F9F;Q AK AF<=H=F<=FL 9F< AKGD9L=< >JGE =N=JQ GL@=J .=F9F;Q.
C@AD< *GDA;A=K ;9F AF@=JAL 9DD L@=AJ K=LLAF?K >JGE L@=AJ H9J=FL *GDA;Q, GJ KH=;A>A; K=LLAF?K ;9F := GN=JJA<<=F.
Protection of Virtual Machines deployed on VMware vCloud and Amazon EC2 Infrastructure
D==H -=;MJALQ FGO HJGNA<=K KMHHGJL >GJ NAJLM9D E9;@AF=K <=HDGQ=< AF 0'O9J= NCDGM< 9F< AE9RGF EC2 =FNAJGFE=FLK. .@AK KMHHGJL AF;DM<=K:
11
T DAK;GN=JQ 9F< KQF;@JGFAR9LAGF G> NAJLM9D <9L9;=FL=J GJ?9FAR9LAGF9D NA=OK GJ HJGNA<=J :9K=< NAJLM9D <9L9;=FL=J NA=OK. T #<=FLA>A;9LAGF 9F< E9F9?=E=FL G> 0' AFKL9F;=K AF L@= ;DGM< =FNAJGFE=FL. T A;LAN9LAGF 9F< *GDA;Q 9KKA?FE=FL >GJ 0'K AF L@= ;DGM< =FNAJGFE=FL 9F< L@=AJ ;DGF=K LG =F9:D= 9MLGK;9DAF?. T -=JNA;= ;9L9DG? KMHHGJL AF L@= NCDGM< DAJ=;LGJ. T D9K@:G9J</AD=JLK/J=HGJLAF? :9K=< GF 9 .=F9FL'K H9JLA;MD9J ND9L9C=FL=J ;GF>A?MJ9LAGF.
Improved performance and efficiency of Malware scans in both Agent-based and Agentless environments
)F 1AF<GOK A?=FLK, L@= +MA;C -;9F GHLAGF ;9JJA=K GML 9 >9KL @A?@ D=N=D K;9F G> 9J=9K L@9L 9J= EGKL ;GEEGFDQ 9L JAKC G> AF>=;LAGF. #F A?=FLD=KK =FNAJGFE=FLK, '9DO9J= K;9FFAF? @9K :==F GHLAEAR=< LG HJ=N=FL EMDLAHD= K;9FK G> J=KGMJ;=K K@9J=< 9;JGKK NAJLM9D E9;@AF=K.
12
13
.G AEHD=E=FL L@AK A?=FL-:9K=< HJGL=;LAGF EG<=D: 1. 2. 3. 4. 5. 6. ,=NA=O What you will Need (page 22) 9F< System Requirements (page 28) AF>GJE9LAGF. Install a Database for Deep Security (page 34) Install Deep Security Manager (page 39) Install a Deep Security Relay (page 43) Install Deep Security Agents (page 57) EF9:D= *JGL=;LAGF GF QGMJ NAJLM9D E9;@AF=K. -== Quick Start: Protecting a Server (page 110).
14
.G AEHD=E=FL L@AK A?=FL-:9K=< HJGL=;LAGF EG<=D: 1. 2. 3. 4. 5. 6. 7. ,=NA=O What you will Need (page 22) 9F< System Requirements (page 28) AF>GJE9LAGF. Install a Database for Deep Security (page 34) Install Deep Security Manager (page 39) Enable Multi-Tenancy (page 68) Install a Deep Security Relay (page 43) Install Deep Security Agents (page 57) .=F9FLK EMKL =F9:D= HJGL=;LAGF GF L@=AJ E9F9?=< ;GEHML=JK. -== Quick Start: Protecting a Server (page 110).
15
.@= NC=FL=J @9K :==F AEHGJL=< AFLG L@= D==H -=;MJALQ '9F9?=J 9F< L@= 0'K 9J= :=AF? HJGL=;L=< A?=FLD=KKDQ :Q L@= D==H -=;MJALQ 0AJLM9D AHHDA9F;=K (D-0AK) JMFFAF? GF =9;@ E-2A. D==H -=;MJALQ '9F9?=J AK <=HDGQ=< OAL@GML 'MDLA-.=F9F;Q, 9F< 9 KAF?D= D==H -=;MJALQ '9F9?=J @9K :==F MK=< LG HJ=H9J= 9F< 9;LAN9L= L@= D-0AK GF L@= E-2A 9F< LG 9;LAN9L= L@= 0'K. .G AEHD=E=FL L@AK A?=FLD=KK HJGL=;LAGF EG<=D: 1. ,=NA=O What you will Need (page 22) 9F< System Requirements (page 28) AF>GJE9LAGF. 2. Prepare a VMware Environment for Agentless Protection (page 31) 3. D=HDGQ L@= D==H -=;MJALQ =FNAJGFE=FL 1. Install a Database for Deep Security (page 34) 2. Install Deep Security Manager (page 39) 3. Install the Deep Security Relay (page 43) 4. Prepare ESXi for Deep Security Virtual Appliance Deployment (page 46) 5. Deploy the Deep Security Virtual Appliance (page 48) 6. Installing the Deep Security Notifier (page 67) 4. EF9:D= *JGL=;LAGF GF QGMJ NAJLM9D E9;@AF=K. -== Quick Start: Protecting a Server (page 110).
16
#F L@AK <A9?J9E L@= D==H -=;MJALQ '9F9?=J @9K 'MDLA-.=F9F;Q =F9:D=< :ML L@= HJAE9JQ .=F9FL .0 @9K FGL AEHGJL=< 9 NC=FL=J. .@= NC=FL=JK @9N= :==F AEHGJL=< :Q L@= .1 9F< .2 D==H -=;MJALQ .=F9FLK. .G AEHD=E=FL L@AK A?=FLD=KK HJGL=;LAGF EG<=D: 1. ,=NA=O What you will Need (page 22) 9F< System Requirements (page 28) AF>GJE9LAGF. 2. Prepare a VMware Environment for Agentless Protection (page 31) 3. D=HDGQ L@= D==H -=;MJALQ =FNAJGFE=FL 1. Install a Database for Deep Security (page 34) 2. Install Deep Security Manager (page 39) 3. Enable Multi-Tenancy (page 68) 4. Install the Deep Security Relay (page 43) 5. Prepare ESXi for Deep Security Virtual Appliance Deployment (page 46) 6. Deploy the Deep Security Virtual Appliance (page 48) 7. Installing the Deep Security Notifier (page 67) 4. EF9:D= *JGL=;LAGF GF QGMJ NAJLM9D E9;@AF=K. -== Quick Start: Protecting a Server (page 110).
17
#F L@AK KALM9LAGF, L@= *JAE9JQ D==H -=;MJALQ .=F9FL, .0, E9F9?=K L@= NC=FL=J 9F< L@= <=HDGQE=FL 9F< E9F9?=E=FL G> D-0AK. .@= .=F9FLK 9J= FGL E9F9?AF? L@= D-0AK GF L@= @GKL E-2A'K. #F L@=AJ D==H -=;MJALQ E9F9?=J ;GFKGD=K, L@=Q K== L@= 0'K AF L@= NCDGM< )J?9FAR9LAGF O@A;@ L@=Q'N= 9<<=< 9K 9 "CDGM< A;;GMFL" :ML FGL L@= E-2A @GKLK GJ L@= D-0AK. .@= 0'K LG := HJGL=;L=< AF L@= NCDGM< )J?9FAR9LAGF 9J= 9;LAN9L=< 9F< L@=AJ HJGL=;LAGF AK E9F9?=< :Q L@= .=F9FLK. .G AEHD=E=FL L@AK A?=FLD=KK HJGL=;LAGF EG<=D: 1. 2. 3. 4. ,=NA=O What you will Need (page 22) 9F< System Requirements (page 28) AF>GJE9LAGF. Prepare a VMware Environment for Agentless Protection (page 31) Integrate Deep Security with VMware vCloud (page 81) D=HDGQ L@= D==H -=;MJALQ =FNAJGFE=FL 1. Install a Database for Deep Security (page 34) 2. Install Deep Security Manager (page 39) 3. Enable Multi-Tenancy (page 68) 4. Install the Deep Security Relay (page 43) 5. Prepare ESXi for Deep Security Virtual Appliance Deployment (page 46) 6. Deploy the Deep Security Virtual Appliance (page 48) 7. Configure vCloud for Integration with Deep Security (page 81) 8. Install the Deep Security Notifier (page 67) 5. EF9:D= *JGL=;LAGF GF QGMJ NAJLM9D E9;@AF=K. -== Quick Start: Protecting a Server (page 110).
18
19
20
Installation
Administrator/Root Privileges
3GM F==< LG @9N= A<EAFAKLJ9LGJ/,GGL HJANAD=?=K GF L@= ;GEHML=JK GF O@A;@ QGM OADD AFKL9DD D==H -=;MJALQ KG>LO9J= ;GEHGF=FLK.
Available Ports
On the Deep Security Manager Host Machine 3GM EMKL E9C= KMJ= L@= >GDDGOAF? HGJLK GF L@= E9;@AF= @GKLAF? D==H -=;MJALQ '9F9?=J 9J= GH=F 9F< FGL J=K=JN=< >GJ GL@=J HMJHGK=K: T Port 4120: .@= "@=9JL:=9L" HGJL, MK=< :Q D==H -=;MJALQ A?=FLK 9F< AHHDA9F;=K LG ;GEEMFA;9L= OAL@ D==H -=;MJALQ '9F9?=J (;GF>A?MJ9:D=). T Port 4119: /K=< :Q QGMJ :JGOK=J LG ;GFF=;L LG D==H -=;MJALQ '9F9?=J. ADKG MK=< >GJ ;GEEMFA;9LAGF >JGE E-2A 9F< J=IM=KLK >GJ -=;MJALQ /H<9L=K :Q L@= D-0A (;GF>A?MJ9:D=). T Port 1521: BA-<AJ=;LAGF9D )J9;D= D9L9:9K= K=JN=J HGJL. T Ports 1433 and 1434: BA-<AJ=;LAGF9D 'A;JGKG>L -+& -=JN=J D9L9:9K= HGJLK.
22
T Ports 389, 636, and 3268: CGFF=;LAGF LG 9F &DA* -=JN=J >GJ A;LAN= DAJ=;LGJQ AFL=?J9LAGF (;GF>A?MJ9:D=). T Port 25: CGEEMFA;9LAGF LG 9 -'.* -=JN=J LG K=F< =E9AD 9D=JLK (;GF>A?MJ9:D=). T Port 53: GJ D(- &GGCMH. T Port 514: BA-<AJ=;LAGF9D ;GEEMFA;9LAGF OAL@ 9 -QKDG? K=JN=J (;GF>A?MJ9:D=). T Port 443: CGEEMFA;9LAGF OAL@ 0'O9J= NCDGM<, NC=FL=J, 0K@A=D< '9F9?=J 9F< AE9RGF A1-.
Note:
For more details about how each of these ports are used by Deep Security, see Ports Used by Deep Security in the Reference section of the online help or the Administrator's Guide.
On the Deep Security Relay, Agents, and Appliances 3GM EMKL E9C= KMJ= L@= >GDDGOAF? HGJLK GF L@= E9;@AF= @GKLAF? D==H -=;MJALQ ,=D9Q 9J= GH=F 9F< FGL J=K=JN=< >GJ GL@=J HMJHGK=K: T T T T T Port 4122: ,=D9Q LG A?=FL/AHHDA9F;= ;GEEMFA;9LAGF. Port 4118: '9F9?=J-LG-A?=FL ;GEEMFA;9LAGF. Port 4123: /K=< >GJ AFL=JF9D ;GEEMFA;9LAGF. -@GMD< FGL := GH=F LG L@= GMLKA<=. Port 80, 443: ;GFF=;LAGF LG .J=F< 'A;JG /H<9L= -=JN=J 9F< -E9JL *JGL=;LAGF -=JN=J. Port 514: :A-<AJ=;LAGF9D ;GEEMFA;9LAGF OAL@ 9 -QKDG? K=JN=J (;GF>A?MJ9:D=).
.@= D==H -=;MJALQ '9F9?=J 9MLGE9LA;9DDQ AEHD=E=FLK KH=;A>A; AJ=O9DD ,MD=K LG GH=F L@= J=IMAJ=< ;GEEMFA;9LAGF HGJLK GF E9;@AF=K @GKLAF? D==H -=;MJALQ ,=D9QK, A?=FLK 9F< AHHDA9F;=K.
Network Communication
CGEEMFA;9LAGF :=LO==F D==H -=;MJALQ '9F9?=J 9F< D==H -=;MJALQ ,=D9QK/A?=FLK/AHHDA9F;=K 9F< @QH=JNAKGJK MK=K D(- @GKLF9E=K :Q <=>9MDL. #F GJ<=J >GJ D==H -=;MJALQ A?=FL/AHHDA9F;=/,=D9Q <=HDGQE=FLK LG := KM;;=KK>MD, QGM EMKL =FKMJ= L@9L =9;@ ;GEHML=J ;9F J=KGDN= L@= @GKLF9E= G> L@= D==H -=;MJALQ '9F9?=J. .@AK E9Q J=IMAJ= L@9L L@= D==H -=;MJALQ '9F9?=J ;GEHML=J @9N= 9 D(- =FLJQ GJ 9F =FLJQ AF L@= ,=D9Q/A?=FL/ AHHDA9F;= ;GEHML=J'K @GKLK >AD=.
Note:
You will be asked for this hostname as part of the Deep Security Manager installation procedure. If you do not have DNS, enter an IP address during the installation.
23
Performance Recommendations
.@= >GDDGOAF? ?MA<=DAF=K HJGNA<= 9 ?=F=J9D A<=9 G> L@= AF>J9KLJM;LMJ= J=IMAJ=E=FLK >GJ D==H -=;MJALQ <=HDGQE=FLK G> <A>>=J=FL K;9D=K.
Dedicated Servers
.@= D==H -=;MJALQ '9F9?=J 9F< L@= <9L9:9K= ;9F := AFKL9DD=< GF L@= K9E= ;GEHML=J A> QGMJ >AF9D <=HDGQE=FL AK FGL =PH=;L=< LG =P;==< 1000 ;GEHML=JK (J=9D GJ NAJLM9D). #> QGM L@AFC QGM E9Q =P;==< 1000 ;GEHML=JK, L@= D==H -=;MJALQ '9F9?=J 9F< L@= <9L9:9K= K@GMD< := AFKL9DD=< GF <=<A;9L=< K=JN=JK. #L AK 9DKG AEHGJL9FL L@9L L@= <9L9:9K= 9F< L@= D==H -=;MJALQ '9F9?=J := ;G-DG;9L=< GF L@= K9E= F=LOGJC OAL@ 9 1!B &A( ;GFF=;LAGF LG =FKMJ= MF@AF<=J=< ;GEEMFA;9LAGF :=LO==F L@= LOG. .@= K9E= 9HHDA=K LG 9<<ALAGF9D D==H -=;MJALQ '9F9?=J (G<=K: <=<A;9L=<, ;G-DG;9L=< K=JN=JK. A LOG EADDAK=;GF< D9L=F;Q GJ :=LL=J AK J=;GEE=F<=< >GJ L@= ;GFF=;LAGF >JGE L@= '9F9?=J(K) LG L@= D9L9:9K=.
Note:
It is a good idea to run multiple Manager Nodes for redundancy reasons, whether you have 1000 managed computers or not.
Note:
When a Virtual Appliance is deployed in a VMware environment that makes use of the VMware Distributed Resource Scheduler (DRS), it is important that the Appliance does not get vMotioned along with the virtual machines as part of the DRS process. Virtual Appliances must be "pinned" to their particular ESXi host. You must actively change the DRS settings for all the Virtual Appliances to "Manual" or "Disabled" (recommended) so that they will not be vMotioned by the DRS. If a Virtual Appliance (or any virtual machines) is set to "Disabled", vCenter Server does not migrate that virtual machine or provide migration recommendations for it. This is known as "pinning" the virtual machine to its registered host. This is the recommended course of action for Virtual Appliances in a DRS environment. An alternative is to deploy the Virtual Appliance onto local storage as opposed to shared storage. When the Virtual Appliance is deployed onto local storage it cannot be vMotioned by DRS. For further information on DRS and pinning virtual machines to a specific ESXi host, please consult your VMware documentation. If a virtual machine is vMotioned by DRS from an ESXi protected by a DSVA to an ESXi that is not protected by a DSVA, the virtual machine will become unprotected. If the virtual machine is subsequently vMotioned back to the original ESXi, it will not automatically be protected again unless you have created an Event-based Task to activate and protect computers that have been vMotioned to an ESXi with an available DSVA. For more information, see the Event-Based Tasks sections of the online help or the Administrator's Guide.
Note:
Multi-Tenancy
'MDLA-.=F9F;Q D=LK QGM ;J=9L= EMDLAHD= <AKLAF;L E9F9?=E=FL =FNAJGFE=FLK MKAF? 9 KAF?D= D==H -=;MJALQ '9F9?=J 9F< <9L9:9K= K=JN=J AFKL9DD9LAGF. #L >MDDQ AKGD9L=K L@= K=LLAF?K, *GDA;A=K, 9F< EN=FLK >GJ =9;@ .=F9FL 9F< E9C=K MK= G> 9 FME:=J G> 9<<ALAGF9D AF>J9KLJM;LMJ= K;9DAF? GHLAGFK. 'MDLA-.=F9F;Q O9K <=KA?F=< LG HJGNA<= K=?E=FL9LAGF >GJ :MKAF=KK MFALK OAL@AF 9F GJ?9FAR9LAGF 9F< >9;ADAL9L= L=KLAF? AF KL9?AF? =FNAJGFE=FLK HJAGJ LG >MDD HJG<M;LAGF <=HDGQE=FLK. #L 9DKG 9DDGOK L@= HJGNAKAGF G> D==H -=;MJALQ LG ;MKLGE=JK OAL@AF 9 K=JNA;= EG<=D. 1@=F L@= D==H -=;MJALQ '9F9?=J AK >AJKL AFKL9DD=<, AL AK L@= GF=-9F<-GFDQ .=F9FL. A>L=J 9;LAN9LAF? EMDLAL=F9F;Q, L@= AFALA9D D==H -=;MJALQ '9F9?=J :=;GE=K L@= "*JAE9JQ .=F9FL" (.0). 3GM ;9F KM:K=IM=FLDQ ;J=9L= 9<<ALAGF9D .=F9FLK :ML L@= *JAE9JQ .=F9FL J=E9AFK KH=;A9D. #L E9F9?=K 9F< @9K ;GFLJGD GN=J L@= GL@=J L=F9FLK 9F< ;9FVL := <=D=L=<. (-== Multi-Tenancy (page 68) >GJ EGJ= AF>GJE9LAGF.) The requirements for Deep Security Multi-Tenancy are: T D==H -=;MJALQ '9F9?=J 9.0 -*1 H2 T )J9;D= D9L9:9K= GJ 'A;JGKG>L -+& -=JN=J T .@= F=;=KK9JQ <9L9:9K= 9;;GMFL HJANAD=?=K >GJ <9L9:9K= ;J=9L=/<=D=L= GH=J9LAGFK. (-== Installing a Database for Deep Security (Multi-Tenancy Requirements) (page 35).) T 'MDLA-.=F9FL A;LAN9LAGF CG<=
25
Optional but recommended: T 'MDLA-FG<= '9F9?=J (EGJ= L@9F GF= D==H -=;MJALQ '9F9?=J FG<= HGAFL=< LG L@= K9E= <9L9:9K= >GJ K;9D9:ADALQ) T -'.* K=JN=J
Architecture
Note:
In SQL Server the data store for a Tenant is called a "database". In Oracle, the term is "User/ Tablespace". This section uses the term "database" but the information applies to both SQL Server and Oracle.
'MDLA-.=F9F;Q AF D==H -=;MJALQ '9F9?=J GH=J9L=K KAEAD9JDQ LG 9 @QH=JNAKGJ. 'MDLAHD= .=F9FLK =PAKL OAL@AF L@= K9E= D==H -=;MJALQ '9F9?=J AFKL9DD9LAGF :ML L@=AJ <9L9 AK @A?@DQ AKGD9L=<. AFQ '9F9?=J FG<= ;9F HJG;=KK L@= !/#, "=9JL:=9L GJ 9FQ GL@=J BG: J=IM=KLK >GJ 9FQ .=F9FL. GJ L@= :9;C?JGMF< HJG;=KKAF?, =9;@ .=F9FL AK 9KKA?F=< 9 '9F9?=J FG<= L@9L L9C=K ;9J= G> BG:-IM=MAF?, E9AFL=F9F;= 9F< GL@=J :9;C?JGMF< L9KCK. .@= 9KKA?F=< '9F9?=J FG<= AK 9MLGE9LA;9DDQ J=:9D9F;=< O@=F '9F9?=J FG<=K 9J= 9<<=< GJ L9C=F G>>DAF=. .@= E9BGJALQ G> =9;@ .=F9FL'K <9L9 AK KLGJ=< AF 9 K=H9J9L=< <9L9:9K=. .@AK <9L9:9K= E9Q ;G-=PAKL GF L@= K9E= <9L9:9K= K=JN=J 9K GL@=J .=F9FLK, GJ ;9F := AKGD9L=< GFLG ALK GOF <9L9:9K= K=JN=J. #F 9DD ;9K=K, KGE= <9L9 GFDQ =PAKLK AF L@= HJAE9JQ <9L9:9K= (L@= GF= D==H -=;MJALQ '9F9?=J O9K AFKL9DD=< OAL@). 1@=F EMDLAHD= <9L9:9K= K=JN=JK 9J= 9N9AD9:D=, .=F9FLK 9J= ;J=9L=< GF L@= <9L9:9K= K=JN=J OAL@ L@= D=9KL 9EGMFL G> DG9<. .@= >GDDGOAF? L9:D= <=K;JA:=K L@= HGL=FLA9D ;9H9;ALA=K 9F< J9F?=K G> J=IMAJ=E=FLK >GJ -AF?D= .=F9FL 9F< 'MDLA.=F9FL D==H -=;MJALQ <=HDGQE=FLK:
Single Tenant ,=;GEE=F<=< E9PAEME FME:=J G> E9F9?=< ;GEHML=JK *GL=FLA9D FME:=J G> D==H -=;MJALQ '9F9?=J (G<=K J=IMAJ=< D9L9:9K=K/.=F9FLK *GL=FLA9D FME:=J G> <9L9:9K= K=JN=JK J=IMAJ=< 100,000 1-5 1 1 (1AL@ GJ OAL@GML J=HDA;9LAGF) Multi-Tenant 1,000,000 1-50 1-10,000 1-100
)F;= 'MDLA-.=F9F;Q @9K :==F =F9:D=<, L@= *JAE9JQ .=F9FL J=L9AFK 9DD G> L@= ;9H9:ADALA=K G> 9 J=?MD9J AFKL9DD9LAGF G> D==H -=;MJALQ '9F9?=J. "GO=N=J, KM:K=IM=FLDQ ;J=9L=< .=F9FLK ;9F @9N= L@=AJ 9;;=KK LG D==H -=;MJALQ >MF;LAGF9DALQ J=KLJA;L=< LG N9JQAF? <=?J==K :9K=< GF N9JAGMK ;GF>A?MJ9LAGF GHLAGFK K=L AF Administration K=;LAGF G> L@= *JAE9JQ .=F9FL'K D==H -=;MJALQ '9F9?=J. .@= K=?E=FL9LAGF G> =9;@ .=F9FL'K <9L9 AFLG 9 <9L9:9K= HJGNA<=K 9<<ALAGF9D :=F=>ALK: T Data destruction: D=D=LAF? 9 .=F9FL J=EGN=K 9DD LJ9;=K G> L@9L .=F9FLK <9L9 (-MHHGJL=< AF L@= HJG<M;L)
26
T Backup: E9;@ .=F9FL'K <9L9 ;9F := KM:B=;L LG <A>>=J=FL :9;CMH HGDA;A=K. .@AK E9Q := MK=>MD >GJ KGE=L@AF? DAC= L=F9F;Q :=AF? MK=< >GJ KL9?AF? 9F< HJG<M;LAGF O@=J= L@= KL9?AF? =FNAJGFE=FL J=IMAJ=K D=KK KLJAF?=FL :9;CMHK (B9;CMHK 9J= L@= J=KHGFKA:ADALQ G> L@= 9<EAFAKLJ9LGJ K=LLAF? MH D==H -=;MJALQ '9F9?=J) T Balancing: .@= HGL=FLA9D >GJ >MLMJ= J=-:9D9F;AF? LG E9AFL9AF 9F =N=F DG9< GF 9DD <9L9:9K= K=JN=JK
27
System Requirements
System Requirements
Deep Security Manager
T Memory: 8!B, O@A;@ AF;DM<=K: W 4!B @=9H E=EGJQ W 1.5!B $0' GN=J@=9< W 2!B GH=J9LAF? KQKL=E GN=J@=9< T Disk Space: 1.5!B (5!B J=;GEE=F<=<) T Windows: 1AF<GOK -=JN=J 2012 (64-:AL), 1AF<GOK -=JN=J 2008 (64-:AL), 1AF<GOK -=JN=J 2008 ,2 (64-:AL), 1AF<GOK 2003 -=JN=J -*2 (64-:AL) T Linux: ,=< "9L &AFMP 5/6 (64-:AL) T Database: )J9;D= 11?, )J9;D= 10?, 'A;JGKG>L -+& -=JN=J 2012 (ADD -=JNA;= *9;CK), 'A;JGKG>L -+& -=JN=J 2008 (ADD -=JNA;= *9;CK) T Web Browser: AJ=>GP 16+, #FL=JF=L EPHDGJ=J 8.P, #FL=JF=L EPHDGJ=J 9.P, #FL=JF=L EPHDGJ=J 10.P, C@JGE= 23+, -9>9JA 6+. (CGGCA=K =F9:D=<.)
Support for Previous versions of the Deep Security Agent
D==H -=;MJALQ '9F9?=J 9.0 -*1 H2 KMHHGJLK L@= >GDDGOAF? HJ=NAGMK N=JKAGFK G> L@= D==H -=;MJALQ A?=FL: T Deep Security Agent 7.5 SP4 + T Deep Security Agent 8.0 SP1 + T Deep Security Agent 9.x ()D<=J N=JKAGFK G> L@= A?=FLK 9J= FGL KMHHGJL=<.)
Note:
If you are running Agents older than these versions, the Deep Security Manager will display a warning during the upgrade procedure.
28
System Requirements
-;9D9:D= (=LOGJCAF? *9;C", 1AF<GOK -=JN=J 2003 -*2 (32-:AL 9F< 64-:AL), 1AF<GOK -=JN=J 2003 ,2 -*2 (32-:AL 9F< 64-:AL), 1AF<GOK 2* (32-:AL 9F< 64-:AL), 1AF<GOK 2* EE:=<<=<
Note:
Windows Agents running on Windows XP or Windows 2003 will not function in an IPv6 environment.
T Linux:
Note:
W Red Hat: ,=< "9L 5 (32-:AL 9F< 64-:AL), ,=< "9L 6 (32-:AL 9F< 64-:AL) W Oracle Linux: )J9;D= &AFMP 5 (32-:AL 9F< 64-:AL), )J9;D= &AFMP 6 (32-:AL 9F< 64-:AL)
Note:
W SuSE: -M-E 10 (32-:AL 9F< 64-:AL), -M-E 11 (32-:AL 9F< 64-:AL) W Ubuntu: /:MFLM 10.04 &.- (64-:AL), /:MFLM 12.04 &.- (64-:AL) W CentOS: C=FL)- 5 (32-:AL 9F< 64-:AL), C=FL)- 6 (32-:AL 9F< 64-:AL) W Amazon Linux: AE9RGF &AFMP (32-:AL 9F< 64-:AL) T Solaris: -GD9JAK 9, 10, 11 (64-:AL -H9J;), -GD9JAK 10 9F< 11 (64-:AL P86) T AIX: A#2 5.3, 6.1
Note:
The AIX Agents do not support Anti-Malware or Web Reputation Service protection.
Note:
The HP-UX Agents only support Integrity Monitoring and Log Inspection.
29
System Requirements
T Disk Space: 20!B T Operating System: 0'O9J= NC=FL=J 5.0, 5.1, GJ 5.5, 9F< E-2A 5.0, 5.1, GJ 5.5
Note:
For a list of which features are supported on ESXi versions 5.0, 5.1, or 5.5, see Supported Features by Platform (page 124).
T Additional VMware Utilities: 0'O9J= .GGDK, 0'O9J= N-@A=D< '9F9?=J 5.0, 5.1, GJ 5.5, 0'O9J= N-@A=D< EF<HGAFL -=;MJALQ 5.0, 5.1, GJ 5.5 (E-2A5 H9L;@ E-2A500-201109001 GJ D9L=J >GJ N-@A=D< EF<HGAFL DJAN=J). T VMware Endpoint Protection supported guest platforms: 1AF<GOK -=JN=J 2012 (64-:AL), 1AF<GOK -=JN=J 2008 (32-:AL 9F< 64-:AL), 1AF<GOK -=JN=J 2008 ,2 (64-:AL), 1AF<GOK 8 (32-:AL 9F< 64-:AL), 1AF<GOK 7 (32-:AL 9F< 64-:AL), 1AF<GOK 0AKL9 (32-:AL 9F< 64-:AL), 1AF<GOK -=JN=J 2003 -*2 ,2 (32-:AL 9F< 64-:AL), 1AF<GOK -=JN=J 2003 -*2 (32-:AL 9F< 64-:AL), 1AF<GOK 2* -*2 (32-:AL 9F< 64-:AL).
Note:
VMware does not support running nested ESXi/ESX servers in production environments. For more information, see this VMware Knowledge Base article.
Note:
On VMs protected by a Virtual Appliance, the Anti-Malware module must be licensed and enabled on the VM for the Deep Security Notifier to display information.
30
Note:
The vCenter Server, the vShield Manager and the Deep Security Manager are installed on a separate ESXi because the protected ESXi must be restarted during the course of Deep Security deployment. Also note that the Deep Security database is not shown in this diagram. It also can be installed on a physical machine or on a VM.
Notes
#F;DM<=K NC=FL=J -=JN=J 9F< NC=FL=J CDA=FL !/# 9HHDA;9LAGF. &A;=FK= AK J=IMAJ=< <MJAF? HJG<M;L AFKL9DD9LAGF.
31
Notes
&A;=FK= AK J=IMAJ=< <MJAF? HJG<M;L AFKL9DD9LAGF.
-MHHGJL=< !M=KL )-
N-@A=D< EF<HGAFL <JAN=JK J=IMAJ=< GF =9;@ ?M=KL 0'. (-AF;= E-2A 5 H9L;@ E-2A500-201109001, N-@A=D< EF<HGAFL <JAN=J AK AF;DM<=< AF 0'O9J= .GGDK).
1. #FKL9DD ?M=KL )-. (#> MKAF? 1AF<GOK 2003 -=JN=J, E9C= KMJ= QGM AFKL9DD -=JNA;= *9;C 2) 2. '9C= KMJ= L@= ?M=KL 0' @9K 9 :9KA; <AKC NGDME=. DQF9EA; <AKCK 9J= FGL KMHHGJL=<. ((GL=: .@= <=>9MDL AFKL9DD9LAGF G> 1AF<GOK 2003 @9K 9 :9KA; <AKC NGDME=.) 3. #FKL9DD L@= 0'O9J= N-@A=D< EF<HGAFL <JAN=J LG L@AK E9;@AF=. .@= N-@A=D< EF<HGAFL <JAN=J AK ;GFL9AF=< OAL@AF L@= N-@A=D< DJAN=JK AF 0'O9J= .GGDK. ((GL= L@9L N-@A=D< DJAN=JK 9J= FGL AFKL9DD=< :Q <=>9MDL <MJAF? L@= AFKL9DD9LAGF G> 0'O9J= .GGDK.) 1. &9MF;@ L@= 0'O9J= .GGDK AFKL9DD=J 9F< K=D=;L LG H=J>GJE 9F #FL=J9;LAN= #FKL9DD 2. DMJAF? 0'O9J= .GGDK AFKL9DD9LAGF, K=D=;L Custom Install 3. EPH9F< 0'O9J= D=NA;= DJAN=JK 4. EPH9F< 0'C# DJAN=J 5. -=D=;L N-@A=D< DJAN=JK 9F< ;@GGK= This feature will be installed on local drive. 6. CDA;C Yes LG J=KL9JL L@= E9;@AF=.
Note:
If you plan to use manual or scheduled scans be sure to turn off sleep and standby mode on the guest virtual machines. If a guest virtual machine goes into sleep or standby mode during a scan you will see an error indicating that the scan terminated abnormally. Virtual Machines must be in the running state for scans to complete successfully. In a High Availability environment, you must install Deep Security Virtual Appliances on all the ESXi hypervisors in a cluster in order to provide Agentless protection for vMotioned guests.
Note:
33
Note:
You must install the database software, create a database, and create a user account (which Deep Security Manager will use to access the database) before you install Deep Security Manager.
Account Details
'9C= 9 FGL= G> L@= 9;;GMFL <=L9ADK MK=< AF ;J=9LAGF G> QGMJ <9L9:9K= AFKL9F;= 9K L@=Q OADD := J=IMAJ=< <MJAF? L@= D==H -=;MJALQ '9F9?=J AFKL9DD9LAGF HJG;=KK.
Note:
When creating a SQL Server database, the SQL Server account must be granted DB_Creator Server Roles and DB_Owner of the Deep Security Manager Database. When creating an Oracle database, the account must be assigned the roles of CONNECT and RESOURCE and the account must be granted privileges to CREATE TABLES, CREATE SEQUENCES, and CREATE TRIGGERS.
Note:
34
.@= >GDDGOAF? K=;LAGF MK=K L@= -+& -=JN=J L=JEK >GJ :GL@ -+& -=JN=J 9F< )J9;D=.
SQL Server
-AF;= 'MDLA-.=F9F;Q J=IMAJ=K L@= 9:ADALQ >GJ L@= KG>LO9J= LG ;J=9L= <9L9:9K=K, L@= dbcreator JGD= AK J=IMAJ=< GF -+& -=JN=J. GJ =P9EHD=:
GJ L@= MK=J JGD= G> L@= HJAE9JQ .=F9FL AL AK AEHGJL9FL LG 9KKA?F DB GOF=J LG L@= E9AF <9L9:9K=:
35
#> <=KAJ=<, JA?@LK E9Q := >MJL@=J J=>AF=< LG AF;DM<= GFDQ L@= 9:ADALQ LG EG<A>Q L@= K;@=E9 9F< 9;;=KK L@= <9L9.
1AL@ L@= dbcreator JGD= L@= <9L9:9K=K ;J=9L=< :Q L@= 9;;GMFL OADD 9MLGE9LA;9DDQ := GOF=< :Q L@= K9E= MK=J. GJ =P9EHD= @=J= 9J= L@= HJGH=JLA=K >GJ L@= MK=J 9>L=J L@= >AJKL .=F9FL @9K :==F ;J=9L=<:
36
.G ;J=9L= L@= >AJKL 9;;GMFL GF 9 K=;GF<9JQ <9L9:9K= K=JN=J, GFDQ L@= dbcreator K=JN=J JGD= AK J=IMAJ=<. (G MK=J E9HHAF? @9K LG := <=>AF=<.
Oracle
'MDLA-.=F9F;Q AF )J9;D= AK KAEAD9J LG -+& -=JN=J :ML OAL@ 9 >=O AEHGJL9FL <A>>=J=F;=K. 1@=J= -+& -=JN=J @9K 9 KAF?D= MK=J 9;;GMFL H=J <9L9:9K= K=JN=J, )J9;D= MK=K GF= MK=J 9;;GMFL H=J .=F9FL. .@= MK=J L@9L D==H -=;MJALQ O9K AFKL9DD=< OAL@ E9HK LG L@= HJAE9JQ .=F9FL. .@9L MK=J ;9F := ?J9FL=< H=JEAKKAGF LG 9DDG;9L= 9<<ALAGF9D MK=JK 9F< L9:D=KH9;=K.
Note:
Although Oracle allows special characters in database object names if they are surrounded by quotes, Deep Security does not support special characters in database object names. This page on Oracle's web site describes the allowed characters in non-quoted names: http://docs.oracle.com/cd/E11882_01/server.112/e10592/sql_elements008.htm Deep Security derives Tenant database names from the main (Primary Tenant) Oracle database. For example, if the main database is "MAINDB", the first Tenant's database name will be "MAINDB_1", the second Tenant's database name will be "MAINDB_2", and so on. (Keeping the main database name short will make it easier to read the database names of your Tenants.)
Note:
37
.=F9FLK 9J= ;J=9L=< 9K MK=JK OAL@ DGF? J9F<GE H9KKOGJ<K 9F< ?AN=F L@= >GDDGOAF? JA?@LK:
GJ K=;GF<9JQ )J9;D= K=JN=JK, L@= >AJKL MK=J 9;;GMFL (9 :GGLKLJ9H MK=J 9;;GMFL) EMKL := ;J=9L=<. .@AK MK=J OADD @9N= 9F =KK=FLA9DDQ =EHLQ L9:D=KH9;=. .@= ;GF>A?MJ9LAGF AK A<=FLA;9D LG L@= HJAE9JQ MK=J 9;;GMFL.
38
Note:
One or more Deep Security Relays are required for Deep Security functionality. If you intend to install a Deep Security Relay co-located on the Deep Security Manager's computer, you should copy a Deep Security Relay installer package to the same location as your Deep Security Manager installer package. During the Deep Security Manager installation, the installer checks for the Deep Security Relay package and if present and selected, will automatically continue with the Deep Security Relay installation once the Deep Security Manager has successfully installed.
Note:
After installation, Deep Security Users can set their user interface language individually. (To change a User's language setting, go to Administration > Users and edit the Properties of the User account.)
3. #> QGM 9?J== LG L@= L=JEK G> L@= DA;=FK= 9?J==E=FL, K=D=;L I accept the agreement 9F< ;DA;C Next. 4. -H=;A>Q L@= >GD<=J O@=J= QGM OGMD< DAC= D==H -=;MJALQ '9F9?=J LG := AFKL9DD=< 9F< ;DA;C Next.
Note:
When selecting a folder, the installer may append the suggested folder name on the end of the path you have selected. Review the folder entry before proceeding if you have used the 'browse' button.
5. -H=;A>Q L@= LQH= G> <9L9:9K= QGM OAK@ LG MK=. #> QGM 9J= MKAF? 9F )J9;D= GJ -+& -=JN=J <9L9:9K=, AL EMKL := ;J=9L=< :=>GJ= D==H -=;MJALQ '9F9?=J AK AFKL9DD=<. EFL=J L@= 9;;GMFL <=L9ADK.
39
6. EFL=J QGMJ A;LAN9LAGF CG<=(K). EFL=J L@= ;G<= >GJ ADD *JGL=;LAGF 'G<MD=K GJ L@= ;G<=K >GJ L@= AF<ANA<M9D EG<MD=K >GJ O@A;@ QGM @9N= HMJ;@9K=< 9 DA;=FK=. 3GM ;9F HJG;==< OAL@GML =FL=JAF? 9FQ ;G<=K, :ML FGF= G> L@= *JGL=;LAGF 'G<MD=K OADD := 9N9AD9:D= >GJ MK=. (3GM ;9F =FL=J QGMJ >AJKL GJ 9<<ALAGF9D ;G<=K 9>L=J AFKL9DD9LAGF G> L@= D==H -=;MJALQ '9F9?=J :Q ?GAF? LG Administration > Licenses.) 7. EFL=J L@= @GKLF9E=, /,&, GJ #* 9<<J=KK G> L@AK ;GEHML=J. .@= '9F9?=J A<<J=KK EMKL := =AL@=J 9 J=KGDN9:D= @GKLF9E=, 9 >MDDQ IM9DA>A=< <GE9AF F9E=, GJ 9F #* 9<<J=KK. #> D(- AK FGL 9N9AD9:D= AF QGMJ =FNAJGFE=FL, GJ A> KGE= ;GEHML=JK 9J= MF9:D= LG MK= D(-, 9 >AP=< #* 9<<J=KK K@GMD< := MK=< AFKL=9< G> 9 @GKLF9E=. )HLAGF9DDQ, ;@9F?= L@= <=>9MDL ;GEEMFA;9LAGF HGJLK: .@= "'9F9?=J *GJL" AK L@= HGJL GF O@A;@ L@= '9F9?=J'K :JGOK=J-:9K=< /# AK 9;;=KKA:D= L@JGM?@ "..*-. .@= ""=9JL:=9L *GJL" AK L@= HGJL GF O@A;@ L@= '9F9?=J DAKL=FK >GJ ;GEEMFA;9LAGF >JGE L@= A?=FLK/AHHDA9F;=K. CDA;C Next. 8. EFL=J 9 MK=JF9E= 9F< H9KKOGJ< >GJ L@= '9KL=J A<EAFAKLJ9LGJ 9;;GMFL. -=D=;LAF? L@= EF>GJ;= KLJGF? H9KKOGJ<K (J=;GEE=F<=<) J=IMAJ=K L@AK 9F< >MLMJ= 9<EAFAKLJ9LGJ H9KKOGJ<K LG AF;DM<= MHH=J 9F< DGO=J-;9K= D=LL=JK, FGF-9DH@9FME=JA; ;@9J9;L=JK, 9F< FME:=JK, 9F< LG J=IMAJ= 9 EAFAEME FME:=J G> ;@9J9;L=JK. CDA;C Next. 9. -=D=;L AMLGE9LA; /H<9L=K (J=;GEE=F<=<). #> K=D=;L=<, D==H -=;MJALQ '9F9?=J OADD 9MLGE9LA;9DDQ J=LJA=N= L@= D9L=KL CGEHGF=FLK GJ ;@=;C >GJ F=O -G>LO9J=. (3GM ;9F ;GF>A?MJ= MH<9L=K D9L=J MKAF? L@= D==H -=;MJALQ '9F9?=J.) CDA;C Next. 10. -=D=;L O@=L@=J LG AFKL9DD 9 ;G-DG;9L=< D==H -=;MJALQ ,=D9Q. (#> QGM <G FGL @9N= L@= D==H -=;MJALQ ,=D9Q AFKL9DD=J H9;C9?= AF L@= K9E= DG;9LAGF 9K L@= D==H -=;MJALQ '9F9?=J AFKL9DD=J L@AK KL=H OADD := :QH9KK=<.)
Note:
If you choose not to install a co-located relay at this time, you can do so later by installing a Deep Security Relay as described in Installing the Deep Security Relay (page 43).
CDA;C Next. 11. -=D=;L O@=L@=J QGM O9FL LG =F9:D= .J=F< 'A;JG -E9JL ==<:9;C (J=;GEE=F<=<). (3GM ;9F =F9:D= GJ ;GF>A?MJ= -E9JL ==<:9;C D9L=J MKAF? L@= D==H -=;MJALQ '9F9?=J). )HLAGF9DDQ =FL=J QGMJ AF<MKLJQ :Q K=D=;LAF? >JGE L@= <JGH-<GOF DAKL. CDA;C Next. 12. CGF>AJE -=LLAF?K. 0=JA>Q L@= AF>GJE9LAGF QGM =FL=J=< 9F< ;DA;C Finish LG ;GFLAFM=. 13. CDA;C Finish LG ;DGK= L@= -=LMH OAR9J<. .@= D==H -=;MJALQ '9F9?=J K=JNA;= OADD KL9JL O@=F K=LMH AK ;GEHD=L=. #> QGM K=D=;L=< LG AFKL9DD 9 ;G-DG;9L=< D==H -=;MJALQ ,=D9Q AF -L=H 10, L@= ,=D9Q AFKL9DD9LAGF OADD JMF KAD=FLDQ FGO. .@= AFKL9DD=J HD9;=K 9 K@GJL;ML LG D==H -=;MJALQ '9F9?=J AF L@= HJG?J9E E=FM. 3GM K@GMD< L9C= FGL= G> L@AK /,& A> QGM O9FL LG 9;;=KK L@= '9F9?=J >JGE 9 J=EGL= DG;9LAGF.
40
41
O@=J= [hostname] AK L@= @GKLF9E= G> L@= K=JN=J GF O@A;@ QGM @9N= AFKL9DD=< D==H -=;MJALQ '9F9?=J 9F< [port] AK L@= "'9F9?=J *GJL" QGM KH=;A>A=< AF KL=H 8 G> L@= AFKL9DD9LAGF (4119 :Q <=>9MDL). /K=JK 9;;=KKAF? L@= 1=:-:9K=< E9F9?=E=FL ;GFKGD= OADD := J=IMAJ=< LG KA?F AF OAL@ L@=AJ /K=J A;;GMFL ;J=<=FLA9DK. (.@= ;J=<=FLA9DK ;J=9L=< <MJAF? L@= AFKL9DD9LAGF ;9F := MK=< LG DG? AF 9F< ;J=9L= GL@=J /K=J 9;;GMFLK.)
42
Preparation
Note:
When using Relay Groups, Deep Security Relays on Linux will not update correctly if they use Deep Security Relays on Windows as their update source. It is recommended that Deep Security Relays on Windows and Linux only ever be configured to update from the Trend Micro Global Update source, or from Relays of the same platform.
.@= ;DG;C GF 9 D==H -=;MJALQ ,=D9Q (D-,) E9;@AF= EMKL := KQF;@JGFAR=< OAL@ D==H -=;MJALQ '9F9?=J (D-') LG OAL@AF 9 H=JAG< G> 24 @GMJK. #> L@= D-, ;DG;C AK :=@AF< L@= D-' ;DG;C L@=F 9F "A?=FL A;LAN9L=" GH=J9LAGF OADD >9AD :=;9MK= L@= ;=JLA>A;9L= ?=F=J9L=< >GJ L@= D-, :Q D==H -=;MJALQ '9F9?=J OADD FGL Q=L := N9DA<.
Note:
If this condition is encountered an "Agent Activate Failed" event will be recorded in the System Events: "A client error occurred in the Deep Security Manager to Deep Security Agent protocol: HTTP client error received: certificate is not yet valid".
43
,=E=E:=J L@9L QGM EMKL @9N= 9<EAFAKLJ9LGJ HJANAD=?=K LG AFKL9DD 9F< JMF L@= D==H -=;MJALQ ,=D9Q GF 1AF<GOK E9;@AF=K. 1. DGM:D=-;DA;C L@= AFKL9DD9LAGF >AD= LG JMF L@= AFKL9DD=J H9;C9?=. CDA;C Next LG :=?AF L@= AFKL9DD9LAGF. 2. A;;=HL L@= DA;=FK= 9?J==E=FL 9F< ;DA;C Next LG ;GFLAFM=. 3. -=D=;L L@= >=9LMJ=K QGM O9FL LG AFKL9DD (KGE= >=9LMJ=K KM;@ 9K AFLA-'9DO9J= 9J= GHLAGF9D). CDA;C Browse LG KH=;A>Q L@= DG;9LAGF O@=J= QGM OGMD< DAC= D==H -=;MJALQ ,=D9Q LG := AFKL9DD=<. (#> QGM 9J= MH?J9<AF?, QGM OADD FGL := 9:D= LG ;@9F?= L@= AFKL9DD9LAGF <AJ=;LGJQ. .G AFKL9DD LG 9 <A>>=J=FL <AJ=;LGJQ, QGM OADD @9N= LG >AJKL MFAFKL9DD L@= HJ=NAGMK N=JKAGF.) CDA;C Reset LG J=K=L L@= >=9LMJ= K=D=;LAGF LG L@= <=>9MDL K=LLAF?K.
Note:
Firewall and Intrusion Prevention features may not be deselected. These features form part of the core Deep Security Agent architecture and are always installed, even if Firewall and Intrusion Prevention functions will not be used. Click Disk Usage to see the total space required for the selected features and compare with the available space on your selected destination location.
CDA;C Next LG ;GFLAFM=. 4. CDA;C Install LG HJG;==< OAL@ L@= AFKL9DD9LAGF. 5. CDA;C Finish LG ;GEHD=L= L@= AFKL9DD9LAGF. .@= D==H -=;MJALQ ,=D9Q AK FGO AFKL9DD=< 9F< JMFFAF? GF L@AK ;GEHML=J, 9F< OADD KL9JL =N=JQ LAE= L@= E9;@AF= :GGLK. 3GM OADD K== L@= D==H -=;MJALQ (GLA>A=J A;GF AF QGMJ 1AF<GOK -QKL=E .J9Q.
Note:
During an install, network interfaces will be suspended for a few seconds before being restored. If you are using DHCP, a new request will be generated, potentially resulting in a new IP address for the restored connection. Installing the Deep Security Relay over Windows Remote Desktop is NOT recommended because of the temporary loss of connectivity during the install process. However, using the following command line switch when starting Remote Desktop will allow the install program to continue on the server after the connection is lost: On Windows Server 2008 or Windows Vista SP1 and later or Windows XP SP3 and later, use: mstsc.exe /admin On earlier versions of Windows, use: mstsc.exe /console
Note:
44
To install the Deep Security Relay for Linux: 1. /K= "JHE -A" LG AFKL9DD L@= <K89?=FL H9;C9?=: # rpm -i Relay-RedHat_ELx_i686-9.0.0-xxx.x86_64.rpm Preparing... ########################################## [100%] 1:ds_agent ########################################## [100%] Loading ds_filter_im module version 2.6.x [ OK ] Starting ds_agent: [ OK ]
Note:
Use "rpm -U" to upgrade from a previous install. This approach will preserve your profile settings.
2. .@= D==H -=;MJALQ ,=D9Q KL9JL 9MLGE9LA;9DDQ 9>L=J AFKL9DD9LAGF. To start, stop and reset the Deep Security Relay on Linux: CGEE9F<-DAF= GHLAGFK: /etc/init.d/ds_agent start - starts the Agent /etc/init.d/ds_agent status - displays the status of the Agent /etc/init.d/ds_agent stop - stops the Agent /etc/init.d/ds_agent reset - resets the Agent /etc/init.d/ds_agent restart - restarts the Agent
45
Note:
Make sure DNS is configured and able to resolve FQDN to IP Addresses used by all machines in this environment, otherwise enter the IP Address.
3. EFL=J L@= N-@A=D< '9F9?=J -=JN=J A<<J=KK, /K=JF9E= 9F< *9KKOGJ<. (3GM ;9F 9DKG ;GF>A?MJ= L@AK AF>GJE9LAGF D9L=J >JGE L@= D==H -=;MJALQ '9F9?=J). CDA;C Next. 4. A;;=HL L@= N-@A=D< '9F9?=J --& ;=JLA>A;9L=. 5. A;;=HL L@= NC=FL=J ;=JLA>A;9L=. 6. ,=NA=O L@= NC=FL=J AF>GJE9LAGF. CDA;C Finish. 7. .@= VMware vCenter has been successfully added E=KK9?= OADD := <AKHD9Q=<. CDA;C Close.
Note:
In a large environment with more than 3000 machines reporting to a vCenter Server, this process may take 20 to 30 minutes to complete. You can check the vCenter's Recent Task section to verify if there are activities running.
46
Prepare ESXi for Virtual Appliance deployment by Installing the Filter Driver
Note:
The ESXi will be placed in maintenance mode for this task. All virtual machines running on this ESXi must be stopped/paused or vMotioned to another ESXi host (make sure a cluster server with vMotion support is set up so that this can be done automatically). JGE L@= D==H -=;MJALQ '9F9?=J, -=D=;L Computers > vCenter > Hosts and Clusters AF< L@= E-2A @GKL AF L@= CGEHML=JK DAKL (ALK status ;GDMEF K@GMD< J=9< Unprepared), JA?@L-;DA;C 9F< K=D=;L Actions > Prepare ESXi LG <AKHD9Q L@= *J=H9J= E-2A -=JN=J 1AR9J<. CDA;C Next. -=D=;L Yes LG 9DDGO L@= D==H -=;MJALQ '9F9?=J 9MLGE9LA;9DDQ :JAF? L@= E-2A AF 9F< GML G> E9AFL=F9F;= EG<=. CDA;C Finish. .@= E-2A HJ=H9J9LAGF HJG;=KK OADD ;GEHD=L= 9DD 9;LANALA=K OAL@ FG >MJL@=J AFHML F=;=KK9JQ. (.@= E-2A OADD := HD9;=< AF E9AFL=F9F;= EG<=, L@= D==H -=;MJALQ ADL=J DJAN=J OADD := AFKL9DD=<, 9F< L@= E-2A OADD := J=KL9JL=<). )F;= L@= HJG;=KK AK ;GEHD=L=, QGM 9J= ?AN=F L@= GHLAGF LG ;GFLAFM= OAL@ L@= F=PL KL=H, <=HDGQAF? L@= D==H -=;MJALQ 0AJLM9D AHHDA9F;=. -=D=;L No thanks, I will deploy later. CDA;C Close. (.@= D==H -=;MJALQ 0AJLM9D AHHDA9F;= <=HDGQE=FL AK <=K;JA:=< AF Deploying the Deep Security Virtual Appliance (page 48)). .@AK ;GEHD=L=K L@= E-2A HJ=H9J9LAGF.
1. 2. 3. 4.
5.
6.
Note:
You can monitor the preparation process in the VMware vSphere Client management console.
Verification Steps
1. !G :9;C LG Computers > vCenter 9F< E9C= KMJ= L@= status G> L@= E-2A AK K=L LG Prepared. 2. #F L@= 0'O9J= N-H@=J= ;DA=FL, ?G LG ESXi Server > Configuration > Networking. C@=;C L@9L L@= N-OAL;@ @9K :==F ;J=9L=<. 3. --" AFLG L@= E-2A -=JN=J (".=;@ -MHHGJL 'G<=" EMKL := =F9:D=< GF L@= E-2A) 9F< JMF L@= >GDDGOAF? ;GEE9F<K LG ;GF>AJE L@= 0'O9J= 9F< .J=F< 'A;JG <JAN=JK 9J= AFKL9DD=< HJGH=JDQ: vmkload_mod l | grep dvfilter
Note:
dvfilter comes with the ESXi installation. dvfilter-dsa is the Trend Micro driver installed to the ESXi when the preparation process has completed .
esxcli software vib list | grep Trend C@=;C L@9L L@= ;GJJ=;L N=JKAGF 9F< KL9LMK G> <N>ADL=J-<K9 AK <AKHD9Q=<.
47
Note:
For a detailed list of required VMware permissions, see Minimum VMware Privileges for DSVA Deployment (page 140). Deep Security Manager configuration must be performed by using a Deep Security Manager user account with Full Access rights.
Note:
48
Verification Steps:
1. )F NC=FL=J CGFKGD=, ?G LG L@= D-0A CGFKGD= L9:. '9C= 9 FGL= G> L@= '9F9?=E=FL A<<J=KK G> L@= D-0A, 9F< O@=L@=J AL AK MKAF? =L@0 GJ =L@1. '9C= KMJ= L@= F=LOGJC 9<9HL=JK 9J= ;GF>A?MJ=< ;GJJ=;LDQ 9F< L@9L L@=Q 9J= GF L@= ;GJJ=;L F=LOGJC HGGD. 2. !G LG L@= 0AJLM9D '9;@AF= Properties > Summary L9:, 9F< ;DA;C Edit Settings. 3. !G LG L@= "9J<O9J= L9:, L@=J= 9J= L@J== AFL=J>9;=K 9N9AD9:D=.
Note:
Network Adapter 0 is always the management network. DSVA uses this interface to communicate with Deep Security Manager.
(=LOGJC A<9HL=J 1 AK MK=< :Q L@= D-0A LG ;GEEMFA;9L= OAL@ L@= 0' %=JF=D 0(#C #*. C@=;C L@= E-2A (=LOGJC CGF>A?MJ9LAGF LG E9C= KMJ= L@9L L@= NEK=JNA;=-LJ=F<-H? AK GF L@= K9E= NAJLM9D KOAL;@ 9K NEK=JNA;=-NECFA;-H?.
Note:
The DSVA requires vShield Manager to configure the VMX file of each machine that is on the ESXi. Depending on the number of Virtual Machines, it could take several hours to complete the activation.
#> N-@A=D< '9F9?=J AK =PH=JA=F;AF? HJG:D=EK, L@= D-0A E9Q >9AD LG 9;LAN9L=. C@=;C A> QGM ;9F GH=F L@= N-@A=D< '9F9?=J O=: ;GFKGD=. #> AL AK FGL J=KHGF<AF?, QGM ;9F J=:GGL L@= N-@A=D< '9F9?=J 9F< O9AL >GJ 9 >=O EAFML=K 9>L=J N-@A=D< AK :9;C GF DAF= LG 9LL=EHL D-0A 9;LAN9LAGF 9?9AF. 5. #F Activate Host Virtual Machines, K=D=;L No thanks, I will activate them later. (.@AK KL=H OADD := <=K;JA:=< D9L=J) CDA;C Close. .@= D-0A AK FGO 9;LAN9L=<. !G :9;C LG Computers > vCenter 9F< E9C= KMJ= L@= status G> D-0A AK <AKHD9Q=< 9K Managed (Online).
Verification steps:
#> QGM 9J= 9;LAN9LAF? AFLA-'9DO9J= HJGL=;LAGF :ML AFLA-'9DO9J= KL9LMK AK <AKHD9QAF? AFLA-'9DO9J= EF?AF= G>>DAF=, L@=J= 9J= 9 >=O L@AF?K QGM ;9F ;@=;C: 1. '9C= KMJ= L@= 0'O9J= LGGDK 9J= MH-LG-<9L= GF L@= NAJLM9D E9;@AF= 2. '9C= KMJ= N-@A=D< EF<HGAFL A?=FL AK AFKL9DD=< 9F< L@= NK=H>DL <JAN=J AK JMFFAF? GF L@= 0': sc query vsepflt 3. '9C= KMJ= D==H -=;MJALQ '9F9?=J AK 9:D= LG KQF;@JGFAR= AF>GJE9LAGF OAL@ NC=FL=J 4. #F L@= D==H -=;MJALQ '9F9?=J'K CGEHML=JK DAKL, E9C= KMJ= L@9L L@= E-2A KL9LMK AK vShield Endpoint: Installed 5. #F L@= D==H -=;MJALQ '9F9?=J'K CGEHML=JK DAKL, E9C= KMJ= L@9L L@= D-0A KL9LMK AK vShield Endpoint: Registered 6. '9C= KMJ= L@= HJGL=;L=< ;GEHML=J'K AFLA-'9DO9J= KL9LMK AK On GJ Real-Time.
50
51
T .@= <AJ=;LGJQ >GJ QGMJ -G>LO9J=D=HGL, O@A;@ OADD := MK=< :Q L@= AMLG D=HDGQ KG>LO9J=.
Note:
When creating rules, there are two rule sets: a 'working-set' and an 'active-set'. The 'working-set' is serves as a depot of rules, the 'active-set' are the rules that are available to hosts.
.@= F=O JMD= L@9L @9K BMKL :==F ;J=9L=< AK ;9DD=< "*J=-L9?AF?". #L OADD =FKMJ= L@9L L@= AE9?= ;9DD=< "E-2A-5.0.0-441354-KL9F<9J<" (!=L-EKP#E9?=*JG>AD= ) OADD := <=HDGQ=< LG 9 @GKL OAL@ L@= KH=;A>A=< 'AC 9<<J=KK 9F< OADD := HD9;=< AF L@= "-L9?AF?" >GD<=J AF NC=FL=J. GJ =P9EHD=, L@= >GDDGOAF? ;GEE9F< ;J=9L=K 9 JMD= ;9DD=< "*J=-L9?AF?" 9F< OADD =FKMJ= L@9L L@= AE9?= ;9DD=< "E-2A-5.0.0-441354-KL9F<9J<" (!=L-EKP#E9?=*JG>AD= ) OADD := <=HDGQ=< LG 9 @GKL OAL@ L@= 'AC 9<<J=KK G> 00:19:92::8:<9:77 9F< OADD := HD9;=< AF L@= "-L9?AF?" >GD<=J AF NC=FL=J: New-DeployRule -Name "PreStaging" -Item "ESXi-5.0.0-441354-standard", "Staging" -Pattern "mac=00:1a:92:b8:da:77" 2. .G K== L@= JMD= QGM @9N= ;J=9L=<, MK= L@= ;GEE9F<: Get-DeployRule .@AK AK 9 JMD= AF L@= 'OGJCAF? K=L'. 3. .G E9C= L@= JMD= H9JL G> L@= '9;LAN= K=L' MK= L@= >GDDGOAF? ;GEE9F<: Add-DeployRule -DeployRule "PreStaging" 4. .G ;@=;C L@= JMD=K AF L@= '9;LAN= K=L', JMF L@= !=L-D=HDGQ,MD=-=L ;GEE9F<: Get-DeployRuleSet 5. BGGL QGMJ @GKL LG AFKL9DD. .@= @GKL OADD 9HH=9J AF QGMJ NC=FL=J.
Note:
If you would configure the host and reboot at this point, all changes will be lost. To preserve the configuration, you must define a host profile. When working with advanced host configurations, you may want to use the vSphere Enable/ Disable Profile Configurations option for troubleshooting.
Note:
3GMJ K=JN=J ;9F FGO 9DKG J=;=AN= ;GJ= <MEHK AF ;9K= 9F E-2A @GKL J=;=AN=K 9F =JJGJ.
54
1. CGF>A?MJ= QGMJ E-2A @GKL LG MK= L@= CGJ=<MEH K=JN=J. .G <G L@AK, ?G AFLG L@= ;GF>A?MJ9LAGF K;J==F G> QGMJ @GKL, ?G LG L@= K=;MJALQ HJG>AD= 9F< =F9:D= --", L@=F DG?GF LG L@= E-2A ;GFKGD= MKAF? QGMJ 9F --" ;DA=FL 9F< JMF L@= >GDDGOAF? ;GEE9F<K: esxcli system coredump network set --interface-name vmk0 --serveripv4 192.168.0.40 --server-port 6500 esxcli system coredump network set --enable true esxcli system coredump network get .@= D9KL DAF= AF<A;9L=K A> L@= F=O K=LLAF?K @9N= :==F =F9:D=<. &G? GML >JGE L@= E-2A @GKL 9F< KOAL;@ :9;C LG QGMJ N-H@=J= CDA=FL. !G LG L@= ""GKL 9F< CDMKL=JK" NA=O AF QGMJ N-H@=J= ;DA=FL 9F< K=D=;L L@= @GKL QGM @9N= BMKL HJ=H9J=<. ,A?@L-;DA;C L@= @GKL 9F< K=D=;L CJ=9L= *JG>AD= >JGE @GKL. !AN= L@= HJG>AD= 9 F9E=->GJ =P9EHD= '*JG>AD=-CDMKL=J01".
2. 3. 4. 5.
6. ALL9;@ L@= HJG>AD= LG L@AK @GKL MKAF? L@= "GKL *JG>AD=K K=;LAGF AF L@= N-H@=J= ;DA=FL 9F< ;@=;C L@9L L@= HJG>AD= AK ;GEHDA9FL.
2. #F L@= 'OGJCAF?-K=L' 9J= FGO LOG JMD=K ("*J=-L9?AF?" 9F< "*JG<-C&01") 9F< AF L@= '9;LAN=-K=L' L@= "*J=-L9?AF?" JMD= AK 9;LAN=. /KAF? L@= J=EGN= ;GEE9F<, J=EGN= L@= "*J=-L9?AF?" JMD= >JGE L@= '9;LAN=-K=L' 9F< F=PL O= 9<< L@= "*JG<-C&01" LG L@= '9;LAN=-K=L' 9F< <GM:D= ;@=;C O@9L O= @9N= <GF=: Remove-DeployRule -DeployRule "PreStaging" Add-DeployRule -DeployRule "Prod-CL01" Get-DeployRuleSet .@= ;GF>A?MJ9LAGF AK FGO ;GEHD=L=. 1@=F QGM J=:GGL QGMJ @GKLK, L@=Q OADD ;GE= :9;C 9F< OADD := 9<<=< LG L@= C&01 ;DMKL=J >MDDQ H9JLA;AH9LAF? 9K 9 FGJE9D @GKL.
56
Note:
The clock on a Deep Security Agent (DSA) machine must be synchronized with Deep Security Manager (Deep Security Manager) to within a period of 24 hours. If the DSA clock is behind the Deep Security Manager clock then an "Agent Activate" operation will fail because the certificate generated for the DSA by Deep Security Manager will not yet be valid. If this condition is encountered an "Agent Activate Failed" event will be recorded in the System Events: "A client error occurred in the Deep Security Manager to Deep Security Agent protocol: HTTP client error received: certificate is not yet valid". To avoid this problem, all clocks on Deep Security component machines should be synchronized with a internet time service if possible.
Note:
CentOS uses the Red Hat 5 RPM and will appear as "Red Hat" in the Deep Security Manager. To use the Deep Security Agent on CentOS, follow the instructions for installing the Linux Agent.
Windows
Note:
Remember that you must have administrator privileges to install and run the Deep Security Agent on Windows machines. CGHQ L@= AFKL9DD9LAGF >AD= LG L@= L9J?=L E9;@AF=. DGM:D=-;DA;C L@= AFKL9DD9LAGF >AD= LG JMF L@= AFKL9DD=J H9;C9?=. CDA;C Next LG :=?AF L@= AFKL9DD9LAGF ,=9< L@= DA;=FK= 9?J==E=FL 9F< ;DA;C Next. -=D=;L L@= >=9LMJ=K QGM O9FL LG AFKL9DD 9F< ;DA;C BJGOK= LG KH=;A>Q L@= DG;9LAGF O@=J= QGM OGMD< DAC= D==H -=;MJALQ A?=FL LG := AFKL9DD=<. (#> QGM 9J= MH?J9<AF?, QGM OADD FGL := 9:D= LG ;@9F?= L@= AFKL9DD9LAGF <AJ=;LGJQ. .G AFKL9DD LG 9 <A>>=J=FL <AJ=;LGJQ, QGM OADD @9N= LG >AJKL MFAFKL9DD L@= HJ=NAGMK N=JKAGF.) CDA;C Reset LG J=K=L L@= >=9LMJ= K=D=;LAGF LG L@= <=>9MDL K=LLAF?K.
1. 2. 3. 4.
Note:
Firewall and Intrusion Prevention features may not be deselected. These features form part of the core Deep Security Agent architecture and are always installed, even if Firewall and Intrusion Prevention functions will not be used.
57
CDA;C Disk Usage LG K== L@= LGL9D KH9;= J=IMAJ=< >GJ L@= K=D=;L=< >=9LMJ=K 9F< ;GEH9J= OAL@ L@= 9N9AD9:D= KH9;= GF QGMJ K=D=;L=< <=KLAF9LAGF DG;9LAGF. CDA;C Next. 5. CDA;C Install LG HJG;==< OAL@ L@= AFKL9DD9LAGF. 6. CDA;C Finish LG ;GEHD=L= L@= AFKL9DD9LAGF. .@= D==H -=;MJALQ A?=FL AK FGO AFKL9DD=< 9F< JMFFAF? GF L@AK ;GEHML=J, 9F< OADD KL9JL =N=JQ LAE= L@= E9;@AF= :GGLK.
Note:
During an install, network interfaces will be suspended for a few seconds before being restored. If you are using DHCP, a new request will be generated, potentially resulting in a new IP address for the restored connection.
Note:
Installing the Deep Security Agent over Windows Remote Desktop is NOT recommended because of the temporary loss of connectivity during the install process. However, using the following command line switch when starting Remote Desktop will allow the install program to continue on the server after the connection is lost: On Windows Server 2008 or Windows Vista SP1 and later or Windows XP SP3 and later, use: mstsc.exe /admin On earlier versions of Windows, use: mstsc.exe /console
Linux
Note: Note:
Starting the Deep Security Agent's ds_filter service will disable iptables. For SuSE 11, on the target machine before beginning the installation procedure: in: /etc/init.d/jexec after # Required-Start: $local_fs add the line:
58
# Required-Stop:
To install the Deep Security Agent on Red Hat, SuSE, or Oracle Linux
Note:
The following instructions apply to Red Hat, SuSE, and Oracle Linux. To install on SuSE or Oracle Linux, substitute the SuSE or Oracle Linux RPM name in place of Red Hat. You must be logged on as "root" to install the Agent. Alternatively, you can use "sudo".
Note:
1. CGHQ L@= AFKL9DD9LAGF >AD= LG L@= L9J?=L E9;@AF=. 2. /K= "JHE -A" LG AFKL9DD L@= <K89?=FL H9;C9?=: # rpm -i <package name> Preparing... ########################################## [100%] 1:ds_agent ########################################## [100%] Loading ds_filter_im module version ELx.x [ OK ] Starting ds_agent: [ OK ] (/K= "JHE -/" LG MH?J9<= >JGE 9 HJ=NAGMK AFKL9DD. .@AK 9HHJG9;@ OADD HJ=K=JN= QGMJ HJG>AD= K=LLAF?K) 3. .@= D==H -=;MJALQ A?=FL OADD KL9JL 9MLGE9LA;9DDQ MHGF AFKL9DD9LAGF.
59
/etc/init.d/ds_agent stop /etc/init.d/ds_filter stop .G J=K=L L@= A?=FL: /etc/init.d/ds_agent reset .G J=KL9JL L@= A?=FL: /etc/init.d/ds_agent restart
Solaris
Requirements:
GJ -GD9JAK -H9J;/9: T DA:A;GFN 1.11 GJ :=LL=J T H>AD8-GD9JAK8P.HC? T A?=FL--GD9JAK85.9-9.0.0-PPPP.KH9J;.HC?.?R GJ -GD9JAK -H9J;/10: T T T T -/(1?;;JMFLAE=, !CC ,MFLAE= DA:J9JA=K H>AD8-GD9JAK810KH9J;.HC? (K== FGL= :=DGO) A?=FL--GD9JAK85.108/7-9.0.0-PPP.P86864.HC?.?R A?=FL--GD9JAK85.108/5-9.0.0-PPP.P86864.HC?.?R
GJ -GD9JAK 286/11: T -/(1?;;JMFLAE=, !CC ,MFLAE= DA:J9JA=K T H>AD8-GD9JAK810P86.HC? (K== FGL= :=DGO) T A?=FL--GD9JAK85.11-9.0.0-PPP.A386.H5H.?R GJ -GD9JAK -*A,C/11: T -/(1?;;JMFLAE=, !CC ,MFLAE= DA:J9JA=K T H>AD8-GD9JAK810P86.HC? (K== FGL= :=DGO) T A?=FL--GD9JAK85.11-9.0.0-PPP.KH9J;.H5H.?R
Note:
All Solaris versions up to and including Solaris 10 Update 3 require pfil to be installed.
60
61
Note:
pfil should go right after ip in the network interface stream. To determine where ip is, perform: ifconfig <interface> modlist and ensure that the number used on the modinsert is one higher than the number of ip in the modlist. pfil must be added to the network stack for each of the interfaces the Agent will be protecting touch /etc/ipf.conf /etc/init.d/pfil start (For more information, see "Notes on Installing PFIL on a Solaris (8 and 9 Sparc) Host ", below.)
Note:
Note:
1@=F QGM @9N= ;GEHD=L=< L@= AFKL9DD9LAGF, MK= L@= D==H -=;MJALQ '9F9?=J LG ;GF>A?MJ= HJGL=;LAGF GF L@= ;GEHML=J :Q >GDDGOAF? L@= KL=HK AF Protecting a Server (page 110) LG: T A<< CGEHML=JK LG L@= D==H -=;MJALQ '9F9?=J T EF9:D= HJGL=;LAGF GF ;GEHML=JK
62
(.@= >GDDGOAF? 9KKME=K QGMJ AFL=J>9;= AK @E=) #> QGM <G "A>;GF>A? EG<DAKL", QGM OADD K== 9 DAKL G> -.,EA'- EG<MD=K HMK@=< GFLG L@= AFL=J>9;= DAC= L@AK (>GJ @E=0): 0 arp 1 ip 2 hme 3GM F==< LG AFK=JL H>AD :=LO==F AH 9F< @E=: ifconfig hme0 modinsert pfil@2 C@=;CAF? L@= DAKL, QGM K@GMD< K==: 0 arp 1 ip 2 pfil 3 hme .G ;GF>A?MJ= L@= H>AD -LJ=9EK EG<MD= LG := 9MLGE9LA;9DDQ HMK@=< O@=F L@= <=NA;= AK GH=F=<: autopush -f /etc/opt/pfil/iu.ap AL L@AK HGAFL, strconf < /dev/hme K@GMD< J=LMJF: pfil hme
63
ADKG, modinfo K@GMD< K@GO: # modinfo | grep pfil 110 102d392c 6383 24 1 pfil (pfil Streams module 2.1.11) 110 102d392c 6383 216 1 pfil (pfil Streams driver 2.1.11)
AIX
1. 2. 3. 4. &G? AF 9K ,GGL CGHQ L@= AFKL9DD9LAGF >AD= LG L@= L9J?=L E9;@AF= CGHQ L@= H9;C9?= LG 9 L=EHGJ9JQ >GD<=J ("/LEH") /FRAH L@= H9;C9?= MKAF? ?MFRAH: /tmp> gunzip Agent-AIX_x.x-x.x.x-x.powerpc.bff.gz 5. #FKL9DD L@= A?=FL: /tmp> installp a d /tmp ds_agent .G KL9JL L@= A?=FL GF A#2: # startsrc -s ds_agent .G KLGH L@= A?=FL GF A#2: # stopsrc -s ds_agent .G DG9< L@= <JAN=J GF A#2: # /opt/ds_agent/ds_fctrl load .G MFDG9< L@= <JAN=J GF A#2: # /opt/ds_agent/ds_fctrl unload +
HP-UX:
1. 2. 3. 4. &G? AF 9K ,GGL CGHQ L@= AFKL9DD9LAGF >AD= LG L@= L9J?=L E9;@AF= CGHQ L@= H9;C9?= LG 9 L=EHGJ9JQ >GD<=J ("/LEH") /FRAH L@= H9;C9?= MKAF? ?MFRAH:
64
/tmp> gunzip Agent-HPUX_11.31-9.0.0-xxx.ia64.depot.gz 5. #FKL9DD L@= A?=FL: ((GL= L@9L L@= H9;C9?= AK J=>=J=F;=< MKAF? L@= >MDD H9L@. ,=D9LAN= H9L@K OADD FGL := 9;;=HL=<.) /tmp> swinstall s /tmp/Agent-HPUX_11.31-9.0.0-xxx.ia64.depot ds_agent .G KL9JL 9F< KLGH L@= A?=FL GF "*-/2, =FL=J GF= G> L@= >GDDGOAF?: T /sbin/init.d/ds_agent start T /sbin/init.d/ds_agent stop
2. -=D=;L O@=L@=J QGM 9J= <=HDGQAF? 9F< A?=FL GJ 9 ,=D9Q. 3. -=D=;L L@= HD9L>GJE LG O@A;@ QGM 9J= <=HDGQAF? L@= KG>LO9J=.
Note:
Platforms listed in the drop-down menu will correspond to the software that you have imported into the Deep Security Manager from the Trend Micro Download Center. For information on importing Deep Security Software, see Administration > System Settings > Updates in the online help or Administrator's Guide.
4. -=D=;L Activate the Agent Automatically. (A?=FLK EMKL := 9;LAN9L=< :Q L@= D==H -=;MJALQ '9F9?=J :=>GJ= 9 HJGL=;LAGF *GDA;Q ;9F := AEHD=E=FL=<.) 5. -=D=;L L@= *GDA;Q QGM OAK@ LG AEHD=E=FL GF L@= ;GEHML=J (GHLAGF9D)
65
6. -=D=;L L@= ;GEHML=J !JGMH (GHLAGF9D) 7. -=D=;L L@= ,=D9Q !JGMH (GHLAGF9D) AK QGM E9C= L@= 9:GN= K=D=;LAGFK, L@= D=HDGQE=FL -;JAHL !=F=J9LGJ OADD ?=F=J9L= 9 K;JAHL O@A;@ QGM ;9F AEHGJL AFLG QGMJ <=HDGQE=FL LGGD G> ;@GA;=.
Note:
The Deployment Script Generatsor can also be started from the toolbar on the View Imported Software page (Administration > Updates > Software Updates). The deployment scripts generated by Deep Security Manager for Windows Agent deployments require Windows Powershell version 2.0 or later.
Note:
Note:
Optionally on Windows computers, if you do not intend to enable Anti-Malware protection, you may want to prevent the installation of the Anti-Malware engine entirely. To do so, delete the string "ADDLOCAL=ALL" from the Windows deployment scripts.
66
1. 2. 3. 4.
.@= D==H -=;MJALQ (GLA>A=J AK FGO AFKL9DD=< 9F< JMFFAF? GF L@AK ;GEHML=J, 9F< L@= (GLA>A=J A;GF 9HH=9JK AF L@= 1AF<GOK -QKL=E .J9Q. .@= (GLA>A=J OADD 9MLGE9LA;9DDQ HJGNA<= HGH-MH FGLA>A;9LAGFK O@=F E9DO9J= AK <=L=;L=< GJ 9 /,& @9K :==F :DG;C=<. (3GM ;9F E9FM9DDQ <AK9:D= FGLA>A;9LAGFK :Q <GM:D=-;DA;CAF? L@= LJ9Q A;GF LG GH=F L@= (GLA>A=J KL9LMK 9F< ;GF>A?MJ9LAGF OAF<GO).
Note:
On VMs protected by a Virtual Appliance, the Anti-Malware module must be licensed and enabled on the VM for the Deep Security Notifier to display information.
67
Enable Multi-Tenancy
Enable Multi-Tenancy
To enable Multi-Tenancy: 1. #F L@= D==H -=;MJALQ '9F9?=J, ?G LG Administration > System Settings > Advanced 9F< ;DA;C Enable Multi-Tenancy AF L@= Multi-Tenant Options 9J=9 LG <AKHD9Q L@= Multi-Tenant Configuration OAR9J<. 2. EFL=J L@= A;LAN9LAGF CG<= 9F< ;DA;C Next. 3. C@GGK= 9 DA;=FK= EG<= LG AEHD=E=FL: W Inherit Licensing from Primary Tenant: !AN=K 9DD .=F9FLK L@= K9E= DA;=FK=K 9K L@= *JAE9JQ .=F9FL. W Per Tenant Licensing: #F L@AK EG<=, .=F9FLK L@=EK=DN=K =FL=J 9 DA;=FK= O@=F L@=Q KA?F AF >GJ L@= >AJKL LAE=. 4. CDA;C Next LG >AFAK@ =F9:DAF? 'MDLA-.=F9F;Q AF QGMJ D==H -=;MJALQ '9F9?=J.
Managing Tenants
)F;= 'MDLA-.=F9FL EG<= AK =F9:D=<, .=F9FLK ;9F := E9F9?=< >JGE L@= Tenants H9?= L@9L FGO 9HH=9JK AF L@= Administration K=;LAGF.
Creating Tenants
To create a new Tenant: 1. !G LG L@= Administration > Tenants H9?= 9F< ;DA;C New LG <AKHD9Q L@= New Tenant OAR9J<.
68
Enable Multi-Tenancy
2. EFL=J 9 .=F9FL A;;GMFL (9E=. .@= 9;;GMFL F9E= ;9F := 9FQ F9E= =P;=HL "*JAE9JQ" O@A;@ AK J=K=JN=< >GJ L@= *JAE9JQ .=F9FL. 3. EFL=J 9F EE9AD A<<J=KK. .@= =E9AD 9<<J=KK AK J=IMAJ=< AF GJ<=J LG @9N= 9 ;GFL9;L HGAFL H=J .=F9FL. #L AK 9DKG MK=< >GJ LOG G> L@= L@J== <A>>=J=FL MK=J 9;;GMFL ?=F=J9LAGF E=L@G<K AF L@= F=PL KL=H. 4. -=D=;L L@= &G;9D=. .@= &G;9D= <=L=JEAF=K L@= D9F?M9?= G> L@= D==H -=;MJALQ '9F9?=J MK=J AFL=J>9;= >GJ L@9L .=F9FL. 5. .AE= 4GF=. ADD .=F9FL-J=D9L=< EN=FLK OADD := K@GOF LG L@= .=F9FL /K=JK AF L@= LAE= RGF= G> L@= .=F9FL 9;;GMFL. CDA;C Next. 6. EFL=J 9 MK=JF9E= >GJ L@= >AJKL /K=J G> L@= F=O .=F9FL 9;;GMFL. 7. -=D=;L GF= G> L@= L@J== H9KKOGJ< GHLAGFK: W No Email: .@= .=F9F;Q'K >AJKL /K=J'K MK=JF9E= 9F< H9KKOGJ< 9J= <=>AF=< @=J= 9F< FG =E9ADK 9J= K=FL. W Email Confirmation Link: 3GM K=L L@= .=F9F;Q'K >AJKL /K=J'K H9KKOGJ<. "GO=N=J L@= 9;;GMFL AK FGL 9;LAN= MFLAD L@= /K=J ;DA;CK 9 ;GF>AJE9LAGF DAFC @= OADD J=;=AN= :Q =E9AD. W Email Generated Password: .@AK 9DDGOK L@= .=F9FL ;J=9LGJ LG ?=F=J9L= 9 .=F9FL OAL@GML KH=;A>QAF? L@= H9KKOGJ<. .@AK AK EGKL 9HHDA;9:D= O@=F E9FM9DDQ ;J=9LAF? 9;;GMFLK >GJ MK=JK O@=J= L@= ;J=9LGJ <G=K FGL F==< 9;;=KK
Note:
All three options are available via the REST API. The confirmation option provides a suitable method for developing public registration. A CAPTCHA is recommended to ensure that the Tenant creator is a human not an automated "bot". The email confirmation ensures that the email provided belongs to the user before they can access the account.
8. CDA;C Next LG >AFAK@ OAL@ L@= OAR9J< 9F< ;J=9L= L@= .=F9FL. (#L E9Q L9C= >JGE 30 K=;GF<K LG >GMJ EAFML=K LG ;J=9L= L@= F=O .=F9FL <9L9:9K= 9F< HGHMD9L= AL OAL@ <9L9 9F< K9EHD= *GDA;A=K.)
Welcome to Deep Security! To begin using your account, click the following confirmation URL. You can then access the console using your chosen password. Account Name: AnyCo Username: admin Click the following URL to activate your account: https://managername:4119/SignIn.screen?confirmation=1A16EC7A-D84FD451-05F6-706095B6F646&tenantAccount=AnyCo&username=admin
69
Enable Multi-Tenancy
Welcome to Deep Security! A new account has been created for you. Your password will be generated and provided in a separate email. Account Name: AnyCo Username: admin You can access the Deep Security management console using the following URL: https://managername:4119/SignIn.screen?tenantAccount=AnyCo&username=admin
Email Generated Password: Password Notification
This is the automatically generated password for your Deep Security account. Your Account Name, Username, and a link to access the Deep Security management console will follow in a separate email. Password: z3IgRUQ0jaFi
Managing Tenants
.@= Tenants H9?= (Administration > Tenants) <AKHD9QK L@= DAKL G> 9DD .=F9FLK. A .=F9FL ;9F := AF 9FQ G> L@= >GDDGOAF? States:
T Created: #F L@= HJG?J=KK G> :=AF? ;J=9L=< :ML FGL Q=L 9;LAN= T Confirmation Required: CJ=9L=<, :ML L@= 9;LAN9LAGF DAFC AF L@= ;GF>AJE9LAGF =E9AD K=FL LG L@= .=F9FL /K=J @9K FGL Q=L :==F ;DA;C=<. (3GM ;9F E9FM9DDQ GN=JJA<= L@AK KL9L=.) T Active: MDDQ GFDAF= 9F< E9F9?=< T Suspended: (G DGF?=J 9;;=HLAF? KA?F AFK. T Pending Deletion: .=F9FLK ;9F := <=D=L=<, @GO=N=J L@= HJG;=KK AK FGL AEE=<A9L=. .@= .=F9FL ;9F := AF L@= H=F<AF? <=D=LAGF KL9L= >GJ MH LG K=N=F <9QK :=>GJ= L@= <9L9:9K= AK J=EGN=<.
70
Enable Multi-Tenancy
T Database Upgrade Failure: GJ .=F9FLK L@9L >9AD=< L@= MH?J9<= H9L@. .@= D9L9:9K= /H?J9<= :MLLGF ;9F := MK=< LG J=KGDN= L@AK KALM9LAGF
Tenant Properties
DGM:D=-;DA;C GF 9 .=F9FL LG NA=O L@= .=F9FL'K Properties OAF<GO.
General
.@= &G;9D=, .AE= RGF= 9F< -L9L= G> L@= .=F9FL ;9F := 9DL=J=<. B= 9O9J= L@9L ;@9F?AF? L@= LAE= RGF= 9F< DG;9D= <G=K FGL 9>>=;L =PAKLAF? .=F9FL /K=JK. #L OADD GFDQ 9>>=;L F=O /K=JK AF L@9L .=F9F;Q 9F< EN=FLK 9F< GL@=J H9JLK G> L@= /# L@9L 9J= FGL /K=J-KH=;A>A;. .@= D9L9:9K= (9E= AF<A;9L=K L@= F9E= G> L@= <9L9:9K= MK=< :Q L@AK .=F9F;Q. .@= K=JN=J L@= <9L9:9K= AK JMFFAF? GF ;9F := 9;;=KK=< NA9 L@= @QH=JDAFC.
71
Enable Multi-Tenancy
Modules
.@= Modules L9: HJGNA<=K GHLAGFK >GJ HJGL=;LAGF EG<MD= NAKA:ADALQ. BQ <=>9MDL 9DD MFDA;=FK=< EG<MD=K 9J= @A<<=F. 3GM ;9F ;@9F?= L@AK :Q <=K=D=;LAF? Always Hide Unlicensed Modules. ADL=JF9LAN=DQ, K=D=;L=< EG<MD=K ;9F := K@GOF GF 9 H=J-.=F9FL :9KAK. #> QGM K=D=;L Inherit License from Primary Tenant, 9DD >=9LMJ=K L@9L QGM 9K L@= *JAE9JQ .=F9FL 9J= DA;=FK=< >GJ OADD := NAKA:D= LG 9DD .=F9FLK. .@= K=D=;L=< NAKA:ADALQ ;9F := MK=< LG LMF= O@A;@ EG<MD=K 9J= NAKA:D= >GJ O@A;@ .=F9FLK. #> MKAF? L@= "*=J .=F9FL" DA;=FKAF? :Q <=>9MDL GFDQ L@= DA;=FK=< EG<MD=K >GJ =9;@ .=F9FL OADD := NAKA:D=. #> QGM 9J= =N9DM9LAF? D==H -=;MJALQ AF 9 L=KL =FNAJGFE=FL 9F< O9FL LG K== O@9L 9 >MDD 'MDLA-.=F9F;Q AFKL9DD9LAGF DGGCK DAC=, QGM ;9F =F9:D= 'MDLA-.=F9F;Q D=EG 'G<=. 1@=F AF D=EG 'G<=, L@= '9F9?=J HGHMD9L=K ALK <9L9:9K= OAL@ KAEMD9L=< .=F9FLK, ;GEHML=JK, EN=FLK, AD=JLK, 9F< GL@=J <9L9. #FALA9DDQ, K=N=F <9QK OGJL@ G> <9L9 AK ?=F=J9L=< :ML F=O <9L9 AK ?=F=J9L=< GF 9F GF?GAF? :9KAK LG C==H L@= '9F9?=J'K D9K@:G9J<, ,=HGJLK 9F< EN=FLK H9?=K HGHMD9L=< OAL@ <9L9. Demo Mode is not intended to be used in a production environment!
72
Enable Multi-Tenancy
Statistics
.@= KL9LAKLA;K L9: K@GOK AF>GJE9LAGF >GJ L@= ;MJJ=FL .=F9FL AF;DM<AF? <9L9:9K= KAR=, BG:K HJG;=KK=<, DG?AFK, K=;MJALQ =N=FLK 9F< KQKL=E =N=FLK. .@= KE9DD ?J9H@K K@GO L@= D9KL 24 @GMJK G> 9;LANALQ.
Agent Activation
.@= A?=FL A;LAN9LAGF L9: <AKHD9QK 9 ;GEE9F<-DAF= AFKLJM;LAGF. L@9L ;9F := JMF >JGE L@= A?=FL AFKL9DD <AJ=;LGJQ G> L@AK .=F9FL'K ;GEHML=JK O@A;@ OADD 9;LAN9L= L@= 9?=FL GF L@= ;GEHML=J KG L@9L L@= .=F9FL ;9F 9KKA?F *GDA;A=K 9F< H=J>GJE GL@=J ;GF>A?MJ9LAGF HJG;=<MJ=K >JGE L@= D==H -=;MJALQ '9F9?=J.
73
Enable Multi-Tenancy
Primary Contact
.=F9FLK 9J= J=IMAJ=< LG =FL=J L@=AJ 9;;GMFL F9E= AF 9<<ALAGF LG L@=AJ MK=JF9E= 9F< H9KKOGJ<. .@= 9;;GMFL F9E= 9DDGOK .=F9FLK LG @9N= GN=JD9HHAF? MK=JF9E=K. ( GJ =P9EHD=, A> EMDLAHD= .=F9FLK KQF;@JGFAR= OAL@ L@= K9E= A;LAN= DAJ=;LGJQ K=JN=J).
Note:
When you (as the Primary Tenant) log in, leave the Account name blank or use "Primary".
74
Enable Multi-Tenancy
1@=F .=F9FLK DG? AF, L@=Q @9N= 9 N=JQ KAEAD9J =FNAJGFE=FL LG 9 >J=K@ AFKL9DD G> D==H -=;MJALQ '9F9?=J. -GE= >=9LMJ=K AF L@= /# 9J= FGL 9N9AD9:D= LG .=F9FL /K=JK. .@= >GDDGOAF? 9J=9K 9J= @A<<=F >GJ .=F9FLK: T T T T T T T '9F9?=J (G<=K 1A<?=L 'MDLA-.=F9FL 1A<?=LK A<EAFAKLJ9LAGF > -QKL=E #F>GJE9LAGF A<EAFAKLJ9LAGF > &A;=FK=K (#> #F@=JAL GHLAGF K=D=;L=<) A<EAFAKLJ9LAGF > '9F9?=J (G<=K A<EAFAKLJ9LAGF > .=F9FLK A<EAFAKLJ9LAGF > -QKL=E -=LLAF?K: W .=F9FL .9: W -=;MJALQ .9: > -A?F #F '=KK9?= W /H<9L=K .9: > -=LLAF? >GJ ADDGOAF? .=F9FLK LG MK= ,=D9QK >JGE L@= *JAE9JQ .=F9FL W A<N9F;=< .9: > &G9< B9D9F;=JK W A<N9F;=< .9: > *DM??9:D= -=;LAGF -GE= G> L@= @=DH ;GFL=FL FGL 9HHDA;9:D= LG .=F9FLK -GE= J=HGJLK FGL 9HHDA;9:D= LG .=F9FLK )L@=J >=9LMJ=K :9K=< GF L@= 'MDLA-.=F9FL )HLAGFK (<AK;MKK=< D9L=J) -GE= AD=JL .QH=K OADD 9DKG := @A<<=F >JGE .=F9FLK: W "=9JL:=9L -=JN=J 9AD=< W &GO DAKC -H9;= W '9F9?=J )>>DAF= W '9F9?=J .AE= )ML )> -QF; W (=O=J 0=JKAGF G> D==H -=;MJALQ '9F9?=J 9N9AD9:D= W (ME:=J G> CGEHML=JK EP;==<K D9L9:9K= &AEAL W AF< O@=F AF@=JAL=< DA;=FKAF? AK =F9:D=< 9FQ G> L@= DA;=FK=-J=D9L=< 9D=JLK
T T T T
#L AK 9DKG AEHGJL9FL LG FGL= L@9L .=F9FLK ;9FFGL K== 9FQ G> L@= 'MDLA-.=F9FL >=9LMJ=K G> L@= HJAE9JQ .=F9FL GJ 9FQ <9L9 >JGE 9FQ GL@=J .=F9FL. #F 9<<ALAGF, ;=JL9AF A*#K 9J= J=KLJA;L=< KAF;= L@=Q 9J= GFDQ MK9:D= OAL@ *JAE9JQ .=F9FL JA?@LK (KM;@ 9K ;J=9LAF? GL@=J .=F9FLK). GJ EGJ= AF>GJE9LAGF GF O@9L AK 9F< AK FGL 9N9AD9:D= LG .=F9FL /K=JK, K== L@= GFDAF= @=DH >GJ L@= Administration > System Settings > Tenants H9?= AF L@= D==H -=;MJALQ '9F9?=J. ADD .=F9FLK @9N= L@= 9:ADALQ LG MK= ,GD=-B9K=< A;;=KK CGFLJGD OAL@ EMDLAHD= MK=J 9;;GMFLK LG >MJL@=J KM:<ANA<= 9;;=KK. A<<ALAGF9DDQ L@=Q ;9F MK= A;LAN= DAJ=;LGJQ AFL=?J9LAGF >GJ MK=JK LG <=D=?9L= L@= 9ML@=FLA;9LAGF LG L@= <GE9AF. .@= .=F9FL A;;GMFL (9E= AK KLADD J=IMAJ=< >GJ 9FQ .=F9FL 9ML@=FLA;9LAGFK.
Agent-Initiated Activation
A?=FL-AFALA9L=< 9;LAN9LAGF AK =F9:D=< :Q <=>9MDL >GJ 9DD .=F9FLK.
75
Enable Multi-Tenancy
Note:
Unlike Agent-initiated activation for the Primary Tenant, a password and Tenant ID are required to invoke the activation for Tenant Users.
.=F9FLK ;9F K== L@= 9J?ME=FLK J=IMAJ=< >GJ 9?=FL-AFALA9L=< 9;LAN9LAGF :Q ;DA;CAF? L@= View Imported Software :MLLGF GF L@= Administration > Updates > Software Updates L9:, JA?@L-;DA;CAF? 9F< A?=FL AFKL9DD H9;C9?=, 9F< K=D=;LAF? Generate Deployment Scripts >JGE L@= ;GFL=PL E=FM:
AK 9F =P9EHD=, L@= K;JAHL >GJ A?=FL-#FALA9L=< A;LAN9LAGF GF 9 1AF<GOK E9;@AF= EA?@L DGGC 9K >GDDGOK: dsa_control -a dsm://manageraddress:4120/ "tenantID:7156CF5AD130-29F4-5FE1-8AFD12E0EC02" "tenantPassword:98785384-3966-B729-1418-3E2A7197D0D5"
Tenant Diagnostics
.=F9FLK 9J= FGL 9:D= LG 9;;=KK E9F9?=J <A9?FGKLA; H9;C9?=K <M= LG L@= K=FKALANALQ G> L@= <9L9 ;GFL9AF=< OAL@AF L@= H9;C9?=K. .=F9FLK ;9F KLADD ?=F=J9L= 9?=FL <A9?FGKLA;K :Q GH=FAF? L@= CGEHML=J E<ALGJ 9F< ;@GGKAF? Agent Diagnostics GF L@= Actions L9: G> L@= Overview H9?=.
Usage Monitoring
D==H -=;MJALQ '9F9?=J J=;GJ<K <9L9 9:GML .=F9FL MK9?=. .@AK AF>GJE9LAGF AK <AKHD9Q=< AF L@= Tenant Protection Activity OA<?=L GF L@= D9K@:G9J<, L@= .=F9FL Properties OAF<GO'K Statistics L9:, 9F< L@= C@9J?=:9;C J=HGJL. .@AK AF>GJE9LAGF ;9F 9DKG := 9;;=KK=< L@JGM?@ L@= -L9LMK 'GFALGJAF? ,E-. A*# O@A;@ ;9F =F9:D=< GJ <AK9:D=< :Q ?GAF? LG Administration > System Settings > Advanced > Status Monitoring API. .@AK ;@9J?=:9;C (GJ NA=O:9;C) AF>GJE9LAGF ;9F := ;MKLGEAR=< LG <=L=JEAF= O@9L 9LLJA:ML=K 9J= AF;DM<=< AF L@= J=;GJ<. .@AK ;GF>A?MJ9LAGF AK <=KA?F=< LG 9;;GEEG<9L= N9JAGMK ;@9J?AF? EG<=DK L@9L E9Q := J=IMAJ=< AF K=JNA;= HJGNA<=J =FNAJGFE=FLK. GJ =FL=JHJAK=K L@AK E9Q := MK=>MD LG <=L=JEAF= L@= MK9?= :Q =9;@ :MKAF=KK MFAL.
76
Enable Multi-Tenancy
Multi-Tenant Dashboard/Reporting
1@=F 'MDLA-.=F9F;Q AK =F9:D=<, *JAE9JQ .=F9FL /K=JK @9N= 9;;=KK LG 9<<ALAGF9D D9K@:G9J< OA<?=LK >GJ EGFALGJAF? .=F9FL 9;LANALQ:
.@= K9E= AF>GJE9LAGF AK 9N9AD9:D= GF L@= Administration > Tenants H9?= (KGE= AF GHLAGF9D ;GDMEFK) 9F< GF L@= Statistics L9: G> 9 .=F9FL'K Properties OAF<GO. .@AK AF>GJE9LAGF HJGNA<=K L@= 9:ADALQ LG EGFALGJ L@= MK9?= G> L@= GN=J9DD KQKL=E 9F< DGGC >GJ AF<A;9LGJK G> 9:FGJE9D 9;LANALQ. GJ AFKL9F;= A> 9 KAF?D= .=F9FL =PH=JA=F;=K 9 KHAC= AF Security Event Activity L@=Q E9Q := MF<=J 9LL9;C. 'GJ= AF>GJE9LAGF AK 9N9AD9:D= AF L@= Chargeback J=HGJL (AF L@= Events & Reports K=;LAGF). .@AK J=HGJL <=L9ADK HJGL=;LAGF @GMJK, L@= ;MJJ=FL <9L9:9K= KAR=K, 9F< L@= FME:=J G> ;GEHML=JK (9;LAN9L=< 9F< FGF-9;LAN9L=<) >GJ =9;@ .=F9FL.
77
Multi-Tenancy (Advanced)
Multi-Tenancy (Advanced)
APIs
D==H -=;MJALQ '9F9?=J AF;DM<=K 9 FME:=J G> ,E-. A*#K >GJ: 1. 2. 3. 4. 5. EF9:DAF? 'MDLA-.=F9F;Q '9F9?AF? .=F9FLK A;;=KKAF? 'GFALGJAF? D9L9 A;;=KKAF? C@9J?=:9;C (*JGL=;LAGF A;LANALQ) D9L9 '9F9?AF? -=;GF<9JQ D9L9:9K= -=JN=JK
#F 9<<ALAGF L@= D=?9;Q -)A* A*# AF;DM<=K 9 F=O authenticate E=L@G< L@9L 9;;=HLK L@= .=F9FL A;;GMFL (9E= 9K 9 L@AJ< H9J9E=L=J. GJ 9<<ALAGF9D AF>GJE9LAGF GF L@= ,E-. A*#K HD=9K= K== L@= ,E-. A*# <G;ME=FL9LAGF.
Upgrade
/H?J9<= AK MF;@9F?=< >JGE HJ=NAGMK N=JKAGFK. .@= AFKL9DD=J AK =P=;ML=< 9F< <=L=;LK 9F< =PAKLAF? AFKL9DD9LAGF. #L OADD G>>=J 9F MH?J9<= GHLAGF. #> MH?J9<= AK K=D=;L=< L@= AFKL9DD=J >AJKL AF>GJEK GL@=J FG<=K LG K@ML<GOF 9F< L@=F :=?AFK L@= HJG;=KK G> MH?J9<AF?. .@= HJAE9JQ .=F9FL AK MH?J9<=< >AJKL, >GDDGO=< :Q L@= .=F9FLK AF H9J9DD=D (>AN= 9L 9 LAE=). )F;= L@= AFKL9DD=J >AFAK@=K, L@= K9E= AFKL9DD=J H9;C9?= K@GMD< := =P=;ML=< GF L@= J=KL G> L@= '9F9?=J FG<=K. #F L@= =N=FL G> 9 HJG:D=E <MJAF? L@= MH?J9<= G> 9 .=F9FL, L@= .=F9FL'K -L9L= (GF L@= Administration > Tenants H9?=) OADD 9HH=9J 9K Database Upgrade Required (offline). .@= .=F9FLK AFL=J>9;= ;9F := MK=< LG >GJ;= L@= MH?J9<= HJG;=KK. #> >GJ;AF? L@= MH?J9<= <G=K FGL OGJC HD=9K= ;GFL9;L KMHHGJL.
Supporting Tenants
#F ;=JL9AF ;9K=K AL E9Q := J=IMAJ=< 9 *JAE9JQ .=F9FL LG ?9AF 9;;=KK LG 9 .=F9FL'K MK=J AFL=J>9;=. .@= .=F9FLK DAKL 9F< .=F9FL HJGH=JLA=K H9?=K HJGNA<= 9F GHLAGF LG "AML@=FLA;9L= AK" 9 ?AN=F .=F9FL, ?J9FLAF? L@=E AEE=<A9L= J=9<-GFDQ 9;;=KK. /K=JK 9J= DG??=< AF 9K 9 KH=;A9D 9;;GMFL GF L@= .=F9FL MKAF? L@= HJ=>AP "KMHHGJL8". GJ =P9EHD= A> *JAE9JQ .=F9FL MK=J B<G= DG?K GF 9K 9 .=F9FL 9F 9;;GMFL AK ;J=9L=< ;9DD=< "KMHHGJL8B<G=" OAL@ L@= " MDD A;;=KK" JGD=. .@= MK=J AK <=D=L=< O@=F L@= KMHHGJL MK=J LAE=K GML GJ KA?FK GML G> L@= 9;;GMFL.
78
Multi-Tenancy (Advanced)
.@= .=F9FL ;9F K== L@AK MK=J 9;;GMFL ;J=9L=<, KA?F AF, KA?F GML 9F< <=D=L=< 9DGF? OAL@ 9FQ GL@=J 9;LAGFK AF L@= -QKL=E =N=FLK. /K=JK AF L@= HJAE9JQ .=F9FL 9DKG @9N= 9<<ALAGF9D <A9?FGKLA; LGGDK 9N9AD9:D= LG L@=E: 1. .@= Administration > System Information H9?= ;GFL9AFK 9<<ALAGF9D AF>GJE9LAGF 9:GML .=F9FL E=EGJQ MK9?= 9F< L@= KL9L= G> L@J=9<K. .@AK E9Q := MK=< <AJ=;LDQ GJ @=DH>MD LG .J=F< 'A;JG KMHHGJL. 2. .@= server0.log GF L@= <AKC G> L@= '9F9?=J FG<=K ;GFL9AFK 9<<ALAGF9D AF>GJE9LAGF GF L@= F9E= G> L@= .=F9FL (9F< L@= MK=J A> 9HHDA;9:D=) L@9L ;9MK=< L@= DG?. .@AK ;9F := @=DH>MD AF <=L=JEAFAF? L@= KGMJ;= G> AKKM=K. #F KGE= ;9K=K .=F9FLK OADD J=IMAJ= ;MKLGE 9<BMKLE=FLK FGL 9N9AD9:D= AF L@= !/#. .@AK MKM9DDQ ;GE=K 9L L@= J=IM=KL G> .J=F< 'A;JG KMHHGJL. .@= ;GEE9F< DAF= MLADALQ LG 9DL=J L@=K= K=LLAF?K 9;;=HLK L@= 9J?ME=FL: -Tenantname "account name" LG <AJ=;L L@= K=LLAF? ;@9F?= GJ GL@=J ;GEE9F< DAF= 9;LAGF 9L 9 KH=;A>A; .=F9FL. #> GEALL=< L@= 9;LAGF AK GF L@= HJAE9JQ .=F9FL.
Load Balancers
BQ <=>9MDL, EMDLA-FG<= '9F9?=J HJGNA<=K L@= 9<<J=KK G> 9DD '9F9?=J FG<=K LG 9DD 9?=FLK 9F< NAJLM9D 9HHDA9F;=K. .@= 9?=FLK 9F< NAJLM9D 9HHDA9F;=K MK= L@= DAKL G> 9<<J=KK=K LG J9F<GEDQ K=D=;L 9 FG<= LG ;GFL9;L 9F< ;GFLAFM= LG LJQ L@= J=KL G> L@= DAKL MFLAD FG FG<=K ;9F := J=9;@=< (GJ 9J= 9DD :MKQ). #> AL ;9F'L J=9;@ 9FQ FG<=K AL O9ALK MFLAD L@= F=PL @=9JL:=9L 9F< LJA=K 9?9AF. .@AK OGJCK N=JQ O=DD AF =FNAJGFE=FLK O@=J= L@= FME:=J G> '9F9?=J FG<=K AK >AP=< 9F< 9NGA<K @9NAF? LG ;GF>A?MJ= 9 DG9< :9D9F;=J AF >JGFL G> L@= '9F9?=J FG<=K >GJ 9N9AD9:ADALQ 9F< K;9D9:ADALQ. #F 'MDLA-.=F9FL =FNAJGFE=FLK AL E9Q := <=KAJ9:D= LG 9<< 9F< J=EGN= '9F9?=J FG<=K GF <=E9F< (H=J@9HK MKAF? 9MLG-K;9DAF? >=9LMJ=K G> ;DGM< =FNAJGFE=FLK). #F L@AK ;9K= 9<<AF? 9F< J=EGNAF? '9F9?=JK OGMD< ;9MK= 9F MH<9L= G> =N=JQ 9?=FL 9F< NAJLM9D 9HHDA9F;= AF L@= =FNAJGFE=FL. .G 9NGA< L@AK MH<9L= L@= DG9< :9D9F;=J K=LLAF? ;9F := MK=<. &G9< :9D9F;=JK ;9F := ;GF>A?MJ=< LG MK= <A>>=J=FL HGJLK >GJ L@= <A>>=J=FL LQH=K G> LJ9>>A;, GJ A> L@= DG9< :9D9F;=J KMHHGJLK HGJL J=-<AJ=;LAGF AL ;9F := MK=< LG =PHGK= 9DD G> L@= J=IMAJ=< HJGLG;GDK GN=J HGJL 443 MKAF? L@J== DG9< :9D9F;=JK:
79
Multi-Tenancy (Advanced)
#F 9DD ;9K=K L@= DG9< :9D9F;=J K@GMD< := ;GF>A?MJ=< 9K .C* DG9< :9D9F;=J (FGL --& .=JEAF9LAF?) OAL@ KLA;CQK=KKAGFK. .@AK =FKMJ=K 9 ?AN=F ;GEEMFA;9LAGF =P;@9F?= OADD G;;MJ <AJ=;LDQ :=LO==F A?=FL/0AJLM9D AHHDA9F;= 9F< L@= '9F9?=J >JGE KL9JL LG >AFAK@. .@= F=PL ;GFF=;LAGF E9Q :9D9F;= LG 9 <A>>=J=FL FG<=.
Technical Details
E9;@ .=F9FL <9L9:9K= @9K 9F GN=J@=9< G> 9JGMF< 100'B G> <AKC KH9;= (<M= LG L@= AFALA9D JMD=K, HGDA;A=K 9F< =N=FLK L@9L HGHMD9L= L@= KQKL=E). .=F9FL ;J=9LAGF L9C=K :=LO==F 30 K=;GF<K 9F< >GMJ EAFML=K <M= LG L@= ;J=9LAGF G> L@= K;@=E9 9F< L@= HGHMD9LAGF G> L@= AFALA9D <9L9. .@AK =FKMJ=K =9;@ F=O .=F9FL @9K L@= EGKL MH LG <9L= ;GF>A?MJ9LAGF 9F< J=EGN=K L@= :MJ<=F G> E9F9?AF? <9L9:9K= L=EHD9L=K (EKH=;A9DDQ :=LO==F EMDLAHD= <9L9:9K= K=JN=JK).
80
81
5. -=D=;L L@= Administrator View JA?@L AF L@= All Rights > General >GD<=J:
6. CDA;C Ok. 3GM ;9F FGO 9KKA?F L@AK ,GD= LG L@= MK=J 9;;GMFLK QGM OADD ?AN= LG D==H -=;MJALQ /K=JK LG AEHGJL L@=AJ NCDGM< J=KGMJ;=K AFLG L@= D==H -=;MJALQ '9F9?=J.
Note:
When providing a Deep Security User with their credentials, you must include the IP address of the vCloud Organization and instruct them that when importing the vCloud resources into their Deep Security Manager, their username must include "@orgName". For example if the vCloud account's username is kevin and the vCloud Organization you've given the account access to is called CloudOrgOne, then the Deep Security User must enter kevin@CloudOrgOne as their username when importing the vCloud resources.
Configuring the vCenter Database to Assign Unique UUIDs to New Virtual Machines
D==H -=;MJALQ J=IMAJ=K L@9L 9DD HJGL=;L=< NAJLM9D E9;@AF=K @9N= MFAIM= //#DK. 0AJLM9D '9;@AF=K ;J=9L=< >JGE 9 NAHH L=EHD9L= ;9F := 9KKA?F=< <MHDA;9L= //#DK O@A;@ ;9F ;9MK= HJG:D=EK. "GO=N=J, QGM ;9F ;GF>A?MJ= QGMJ <9L9:9K= LG 9KKA?F MFAIM= //#DK LG L@=K= 0'K ;J=9L=< >JGE 9 L=EHD9L=.
82
Note:
The following information is taken from a VMware Knowledge Base article, "BIOS UUID duplication in virtual machines created from a vApp template breaks some third-party solutions".
.G ;GF>A?MJ= L@= <9L9:9K= LG 9KKA?F MFAIM= //#DK LG F=O NAJLM9D E9;@AF=K L@9L 9J= ;J=9L=< >JGE 9 L=EHD9L=, QGM EMKL K=L L@= CONFIG L9:D= G> L@= <9L9:9K=, OAL@ L@= H9J9E=L=J backend.cloneBiosUuidOnVmCopy, LG 0. To set this parameter in Oracle, D9MF;@ )J9;D= EFL=JHJAK= '9F9?=J 9F< JMF L@= >GDDGOAF? ;GEE9F<K: set feedback on echo on set linesize 120 update "VCLOUD"."CONFIG" set VALUE = '0' where NAME='backend.cloneBiosUuidOnVmCopy'; commit; select * from "VCLOUD"."CONFIG" where VALUE = '0' and NAME='backend.cloneBiosUuidOnVmCopy'; To set this parameter in Microsoft SQL Server, D9MF;@ -+& '9F9?=E=FL -LM<AG 9F< JMF L@= >GDDGOAF? ;GEE9F<K: USE vcloud GO update CONFIG set value = '0' where name='backend.cloneBiosUuidOnVmCopy' commit; select * from config where value = 0 and name='backend.cloneBiosUuidOnVmCopy'; 1@=F L@= H9J9E=L=J @9K :==F K=L, J=KL9JL 9DD ;=DDK AF NCDGM< DAJ=;LGJ.
Note:
Enabling the OVF Environment Transport for VMware Tools on your guest VMs
EF9:DAF? L@= )0 EFNAJGFE=FL .J9FKHGJL >GJ 0'O9J= .GGDK GF QGMJ ?M=KL 0'K OADD =PHGK= L@= guestInfo.ovfEnv =FNAJGFE=FL N9JA9:D= E9CAF? AL =9KA=J >GJ A?=FLK LG MFAIM=DQ A<=FLA>Q L@=AJ 0'K LG L@= D==H -=;MJALQ '9F9?=J. .@AK OADD J=<M;= L@= JAKC G> 0' EAKA<=FLA>A;9LAGF. To enable the OVF Environment Transport for VMware Tools on a guest VM:
83
1. #F NCDGM< DAJ=;LGJ, GH=F L@= 0''K Properties K;J==F, ?G L@= Guest OS Customization L9: 9F< K=D=;L L@= Enable guest customization ;@=;C:GP. CDA;C OK. 2. #F NC=FL=J, K=D=;L L@= K9E= 0', GH=F ALK Properties K;J==F, ?G LG L@= Options L9:. 3. CDA;C vApp Options 9F< K=D=;L L@= Enabled J9<AG :MLLGF. OVF Settings OADD FGO := =PHGK=<. 4. #F OVF Settings, K=D=;L L@= VMware Tools ;@=;C:GP AF L@= OVF Environment Transport 9J=9. CDA;C OK. #> QGMJ 0' AK JMFFAF?, AL EMKL := J=KL9JL=< >GJ L@= ;@9F?=K LG L9C= =>>=;L. .@= <9L9 MK=< :Q D==H -=;MJALQ 9J= L9C=F >JGE L@= >GDDGOAF? HJGH=JLA=K: vmware.guestinfo.ovfenv.vcenterid 9F< vmware.guestinfo.ovfenv.vcloud.computername.
84
Note:
Having a dedicated account for Deep Security ensures that you can refine the rights and permissions or revoke the account at any time. Trend Micro recommends that you give Deep Security a Access/Secret key with no more than read-only permissions.
.@= >GDDGOAF? HGDA;Q L=EHD9L= OADD ?J9FL L@= J=IMAJ=< H=JEAKKAGFK: { "Statement": [{ "Sid": "Stmt1354546872297", "Action": [ "ec2:Describe*" ], "Effect": "Allow", "Resource": [ "*" ] }] }
85
Upgrading
Upgrade Scenarios
Upgrade Scenarios
.G MH?J9<= LG D==H -=;MJALQ 9.0 -*1 H2, QGM EMKL := JMFFAF? D==H -=;MJALQ 8.0 -*2 GJ D9L=J. #> QGM 9J= JMFFAF? 9F =9JDA=J N=JKAGF G> D==H -=;MJALQ, QGM EMKL >AJKL MH?J9<= LG D==H -=;MJALQ 8.0 -*2 (GJ D9L=J) :=>GJ= MH?J9<AF? LG N=JKAGF 9.0 -*1 H2. GJ AFKLJM;LAGFK GF @GO LG MH?J9<= LG D==H -=;MJALQ 8.0 -*2, ;GFKMDL L@= Deep Security 8.0 SP2 Installation Guide 9N9AD9:D= >JGE L@= .J=F< 'A;JG DGOFDG9< C=FL=J . D==H -=;MJALQ 9.0 -*1 H2 <G=K FGL KMHHGJL E-2/E-2A N=JKAGF 4.1. .G <=HDGQ D==H -=;MJALQ 9.0 -*1 H2, QGMJ 0'O9J= AF>J9KLJM;LMJ= (NC=FL=J, N-@A=D< '9F9?=J, N-@A=D< EF<HGAFL, 9F< N-@A=D< EF<HGAFL <JAN=JK) EMKL := MH?J9<=< LG N=JKAGF 5.0, 5.1, GJ 5.5.
Upgrading from DS 8.0 SP2 with Agentless Anti-Malware and/or Integrity Monitoring Protection (Includes upgrading ESX/ESXi 4.1 to 5.0, 5.1, or 5.5)
Upgrading from DS 8.0 SP2 with Agentless Anti-Malware Protection (Upgrading ESX/ESXi 4.1 to 5.0, 5.1, or 5.5) (page 91) <=K;JA:=K L@= HJG;=<MJ=K >GJ MH?J9<AF? >JGE D==H -=;MJALQ 8.0 -*2 LG D==H -=;MJALQ 9.0 -*1 H2 AF 9 0'O9J= 4.1 =FNAJGFE=FL AF O@A;@ A?=FLD=KK AFLA-'9DO9J= HJGL=;LAGF AK AEHD=E=FL=<.
Upgrading from Deep Security 8.0 SP2 with Agentless FW and IPS Only (Upgrading ESX/ESXi 4.1 to 5.0, 5.1, or 5.5).
Upgrading from Deep Security 8.0 SP2 with Agentless FW and IPS Only (Upgrading from ESX/ESXi 4.1 to 5.0, 5.1, or 5.5) (page 95) <=K;JA:=K L@= HJG;=<MJ=K >GJ MH?J9<AF? >JGE D==H -=;MJALQ 8.0 -*2 LG D==H -=;MJALQ 9.0 -*1 H2 AF 9 0'O9J= 4.1 =FNAJGFE=FL AF O@A;@ GFDQ A?=FLD=KK AJ=O9DD 9F< #*- HJGL=;LAGF AK AEHD=E=FL=<.
Upgrading from Deep Security 8.0 SP2 with In-guest Agent-Based Protection Only.
Upgrading from Deep Security 8.0 SP2 with In-guest Agent-Based Protection Only (page 98) <=K;JA:=K L@= HJG;=<MJ=K >GJ MH?J9<AF? >JGE D==H -=;MJALQ 8.0 -*2 LG D==H -=;MJALQ 9.0 -*1 H2 AF 9FQ =FNAJGFE=FL AF O@A;@ GFDQ A?=FL-:9K=< HJGL=;LAGF AK :=AF? AEHD=E=FL=<.
87
Note:
Even if you create a new installation, existing security elements currently being applied on your computers by Deep Security Agents will not be affected until you use Deep Security Manager to update them. To update Agents from a new installation of the Manager will require deactivation and reactivation of the Agents.
88
2. *J=KK Import Software .@AK OADD <AKHD9Q L@= #EHGJL -G>LO9J= ( JGE AD=) OAR9J<. 3. /K= L@= OAR9J< LG AEHGJL =9;@ G> L@= <GOFDG9<=< KG>LO9J= H9;C9?=K AFLG D==H -=;MJALQ. )F;= L@= KG>LO9J= H9;C9?=K 9J= AEHGJL=< AFLG D==H -=;MJALQ, QGM ;9F MH?J9<= L@= KG>LO9J= ;GEHGF=FLK J=EGL=DQ >JGE L@= D==H -=;MJALQ '9F9?=J. To remotely upgrade a software component: 1. )F L@= Computers K;J==F G> L@= D==H -=;MJALQ '9F9?=J, JA?@L-;DA;C GF L@= ;GEHML=J QGM O9FL LG MH?J9<= (E-2A, D==H -=;MJALQ 0AJLM9D AHHDA9F;=, D==H -=;MJALQ A?=FL, GJ D==H -=;MJALQ ,=D9Q) 9F< K=D=;L L@= 9HHJGHJA9L= /H?J9<= GHLAGF >JGE L@= A;LAGFK E=FM.
Note:
If you are upgrading, you will not be able to change the installation directory. To install to a different directory, you will have to first uninstall the previous version.
To manually upgrade Deep Security Relay for Linux: 1. /K= "JHE -/" LG MH?J9<= >JGE 9 HJ=NAGMK AFKL9DD. .@AK 9HHJG9;@ OADD HJ=K=JN= QGMJ HJG>AD= K=LLAF?K: # rpm -U Relay-RedHat_EL5-9.0.0-xxx.x86_64.rpm
To manually upgrade the Deep Security Agent for Windows: 1. CGHQ L@= AFKL9DD9LAGF >AD= LG L@= L9J?=L E9;@AF= 9F< JMF L@= AFKL9DD=J H9;C9?= >GDDGOAF? L@= KL=HK 9K >GJ 9 F=O AFKL9DD9LAGF.
Note:
If you are upgrading, you will not be able to change the installation directory. To install to a different directory, you will have to first uninstall the previous version.
89
To manually upgrade the Deep Security Agent for Linux: 1. /K= "JHE -/" LG MH?J9<= >JGE 9 HJ=NAGMK AFKL9DD. .@AK 9HHJG9;@ OADD HJ=K=JN= QGMJ HJG>AD= K=LLAF?K: # rpm -U Agent-RedHat_EL5-9.0.0-xxx.i386.rpm To manually upgrade the Deep Security Agent for Solaris (all versions): 1. /K=: pkgadd -v -a /opt/ds_agent/ds_agent.admin -d AgentSolaris_5.9_sparc-5.x.x-xxxx.sparc.pkg To manually upgrade the Deep Security Agent for AIX/HPUX: 1. /K=: /opt/ds_agent/ds_upgrade.sh <full path to package>
90
Deep Security 9 SP1 p2 Installation Upgrading from DS 8.0 SP2 with Agentless Anti-Malware Protection (Includes upgrading ESX/ESXi 4.1 Guide to 5.0, 5.1, or 5.5)
Upgrading from DS 8.0 SP2 with Agentless Anti-Malware Protection (Includes upgrading ESX/ESXi 4.1 to 5.0, 5.1, or 5.5)
Deep Security 9.0 SP1 p2 does not support ESX/ESXi version 4.1. To deploy Deep Security 9.0 SP1 p2, your VMware infrastructure (vCenter, vShield Manager, vShield Endpoint, and vShield Endpoint drivers) must be upgraded to version 5.0, 5.1, or 5.5.
.@=J= 9J= LOG H@9K=K LG L@AK HJG;=<MJ=: >AJKL, MH?J9<AF? QGMJ 0'O9J= ;GEHGF=FLK, 9F< K=;GF<, MH?J9<AF? QGMJ D==H -=;MJALQ ;GEHGF=FLK. The first phase, MH?J9<AF? QGMJ 0'O9J= ;GEHGF=FLK, OADD ;GFKAKL G> L@= >GDDGOAF? KL=HK: 1. 2. 3. 4. 5. 6. 7. 8. 9. 10. 11. D=9;LAN9L= L@= D==H -=;MJALQ 0AJLM9D AHHDA9F;= GF L@= E-2A ,=KLGJ= L@= E-2A (LG MFAFKL9DD L@= D==H -=;MJALQ ADL=J DJAN=J) /FAFKL9DD N-@A=D< EF<HGAFL >JGE L@= E-2A /FAFKL9DD L@= N-@A=D< EF<HGAFL !M=KL DJAN=JK >JGE 0'K GF L@= E-2A /H?J9<= QGMJ NC=FL=J /H?J9<= L@= E-2A LG E-2A 5.0, 5.1, GJ 5.5 (#> QGM MH?J9<=< LG E-2A 5.0, 9HHDQ H9L;@ "E-2A 5.0 (:MAD< 474610 GJ D9L=J)") /H?J9<= L@= N-@A=D< '9F9?=J CGF>A?MJ= L@= N-@A=D< '9F9?=J LG AFL=?J9L= OAL@ L@= NC=FL=J #FKL9DD N-@A=D< EF<HGAFL GF L@= E-2A #FKL9DD N-@A=D< EF<HGAFL <JAN=JK (>GMF< AF 0'O9J= .GGDK AF;DM<=< OAL@ E-2A 5.0, 5.1, GJ 5.5) GF L@= 0'K ,=KL9JL L@= E-2A Uninstalling a vShield Endpoint module (Step 3) puts the ESXi host into maintenance mode and reboots it. Migrate your vShield Manager and any other virtual machines to another ESXi host to avoid shutting down these virtual machines during reboot. When upgrading the vShield Manager on a vCenter, you will have to deactivate all the Virtual Appliances running on that vCenter. This is because there is only one vShield Manager per vCenter and all the Virtual Appliances on that vCenter require an active vShield Manager. The
Note:
Note:
91
Deep Security 9 SP1 p2 Installation Upgrading from DS 8.0 SP2 with Agentless Anti-Malware Protection (Includes upgrading ESX/ESXi 4.1 Guide to 5.0, 5.1, or 5.5)
amount of time it takes to deactivate a Virtual Appliance that is providing Agentless protection to VMs depends on the number of VMs that are being protected. Take this into account when estimating the amount of time the upgrade procedure will take.
Note:
Your VMs will not have Agentless protection on the ESXi while the Deep Security Virtual Appliance is deactivated.
The second phase, MH?J9<AF? QGMJ D==H -=;MJALQ ;GEHGF=FLK, OADD ;GFKAKL G> L@=K= KL=HK: 1. /H?J9<= L@= D==H -=;MJALQ '9F9?=J 2. /H?J9<= QGMJ D==H -=;MJALQ ,=D9QK 3. A<< 9 K=;MJALQ ;=JLA>A;9L= LG L@= D==H -=;MJALQ '9F9?=J >GJ L@= NC=FL=J 9F< L@= N-@A=D< '9F9?=J 4. 5. 6. 7. 8. 9. 10. #EHGJL D==H -=;MJALQ 9.0 -*1 H2 AFKL9DD9LAGF H9;C9?=K AFLG L@= D==H -=;MJALQ '9F9?=J *J=H9J= L@= E-2A (L@AK AFKL9DDK L@= D==H -=;MJALQ ADL=J DJAN=J GF L@= E-2A) ,=9;LAN9L= QGMJ D==H -=;MJALQ 0AJLM9D AHHDA9F;= AF HJ=H9J9LAGF >GJ MH?J9<= /H?J9<= L@= D==H -=;MJALQ 0AJLM9D AHHDA9F;= GF QGMJ E-2A A;LAN9L= L@= ?M=KL 0'K GF L@= E-2A /H?J9<= D==H -=;MJALQ (GLA>A=J (A> J=IMAJ=<) D=HDGQ D==H -=;MJALQ A?=FLK (A> J=IMAJ=<)
To upgrade your VMware components: 1. #F L@= D==H -=;MJALQ '9F9?=J, ?G LG L@= Computers K;J==F, JA?@L-;DA;C GF L@= 0AJLM9D AHHDA9F;= 9F< K=D=;L Actions > Deactivate Appliance. 2. )F L@= Computers K;J==F G> L@= D==H -=;MJALQ '9F9?=J, JA?@L-;DA;C L@= E-2A 9F< K=D=;L Actions > Restore ESX... 9F< >GDDGO L@= KL=HK AF L@= OAR9J<. (.@AK HJG;=<MJ= OADD MFAFKL9DD L@= 8.0 -*2+ D==H -=;MJALQ ADL=J DJAN=J >JGE L@= E-2A.)
Note:
Uninstalling a vShield Endpoint module puts the ESXi host into maintenance mode and reboots it.
'A?J9L= QGMJ N-@A=D< '9F9?=J 9F< 9FQ GL@=J NAJLM9D E9;@AF=K LG 9FGL@=J E-2A @GKL LG 9NGA< K@MLLAF? <GOF L@=K= NAJLM9D E9;@AF=K <MJAF? J=:GGL. /KAF? N-@A=D< '9F9?=J 4.1, MFAFKL9DD N-@A=D< EF<HGAFL >JGE L@= E-2A.
92
Deep Security 9 SP1 p2 Installation Upgrading from DS 8.0 SP2 with Agentless Anti-Malware Protection (Includes upgrading ESX/ESXi 4.1 Guide to 5.0, 5.1, or 5.5)
3. /KAF? A<</,=EGN= *JG?J9EK GF =9;@ 0', MFAFKL9DD N-@A=D< EF<HGAFL ?M=KL <JAN=JK >JGE L@= 0'K GF L@= E-2A. 4. ,MF L@= 0#' AFKL9DD=J >GDDGOAF? L@= <AJ=;LAGFK HJGNA<=< :Q 0'O9J=. 5. /H?J9<= L@= E-2A LG E-2A 5.0, 5.1, GJ 5.5 (#> MH?J9<AF? LG E-2A 5.0, 9HHDQ H9L;@ "E-2A 5.0 (:MAD< 474610 GJ D9L=J)".) 6. GDDGO L@= <AJ=;LAGFK AF 0'O9J='K N-@A=D<8+MA;C8-L9JL8!MA<=.H<> LG MH?J9<= L@= N-@A=D< '9F9?=J. 7. 1@=F L@= MH?J9<= G> L@= N-@A=D< '9F9?=J AK ;GEHD=L= 9F< L@= N-@A=D< '9F9?=J @9K :==F J=KL9JL=<, DG? AF LG L@= N-@A=D< '9F9?=J ;GFKGD= 9F< 9<< L@= ;GF>A?MJ9LAGF AF>GJE9LAGF J=IMAJ=< LG J=-AFL=?J9L= AL OAL@ L@= NC=FL=J. 8. /K= L@= N-@A=D< '9F9?=J LG AFKL9DD N-@A=D< EF<HGAFL GF L@= E-2A. 9. /K= 0'O9J= .GGDK LG AFKL9DD L@= N-@A=D< EF<HGAFL ?M=KL <JAN=JK GF L@= 0'K. 10. ,=KL9JL L@= E-2A LG ;GEHD=L= L@= 0'O9J= H@9K= G> L@= MH?J9<= HJG;=KK. 1@=F L@= E-2A @9K J=KL9JL=<, N=JA>Q L@9L 9DD ;GEHGF=FLK G> QGMJ NC=FL=J 9J= OGJCAF? ;GJJ=;LDQ :=>GJ= ;GFLAFMAF? OAL@ H@9K= LOG G> L@= MH?J9<= HJG;=<MJ=, MH?J9<AF? QGMJ D==H -=;MJALQ ;GEHGF=FLK.
Note:
You must have successfully completed phase one of this upgrade procedure, Upgrading Your VMware Components, before upgrading your Deep Security components. The Deep Security Filter Driver and the Deep Security Virtual Appliance must always be upgraded to the same version. Upgrading one without the other will leave both in a nonfunctional state.
Note:
To upgrade your Deep Security Components: 1. /H?J9<= L@= D==H -=;MJALQ '9F9?=J LG N=JKAGF 9.0 -*1 H2. GDDGO L@= K9E= HJG;=<MJ=K 9K <=K;JA:=< AF Installing Deep Security Manager (page 39). 2. GDDGO L@= AFKLJM;LAGFK <=K;JA:=< AF Deploying the Deep Security Relay (page 43). 3. )F L@= Computers K;J==F AF L@= D==H -=;MJALQ '9F9?=J, JA?@L-;DA;C GF L@= NC=FL=J 9F< K=D=;L Properties. )F L@= NC=FL=J Properties K;J==F, ;DA;C Add/Update Certificate... GF L@= General L9: LG 9<< 9 ;=JLA>A;9L= >GJ L@= NC=FL=J, 9F< ;DA;C Add/Update Certificate... GF L@= vShield Manager L9: LG 9<< 9 ;=JLA>A;9L= >GJ L@= N-@A=D< '9F9?=J. 4. #F L@= D==H -=;MJALQ '9F9?=J, ?G LG Administration > Updates > Software Updates 9F< AEHGJL L@= D==H -=;MJALQ A?=FL 9.0 -*1 H2, D==H -=;MJALQ ,=D9Q 9.0 -*1 H2, D==H -=;MJALQ ADL=J DJAN=J 9.0 -*1 H2, 9F< D==H -=;MJALQ 0AJLM9D AHHDA9F;= 9.0 -*1 H2 AFKL9DD9LAGF H9;C9?=K. 5. .@= E-2A OADD := "MFHJ=H9J=<". GDDGO L@= AFKLJM;LAGFK AF Preparing ESXi for Deep Security Virtual Appliance Deployment (page 46) LG HJ=H9J= L@= E-2A.
93
Deep Security 9 SP1 p2 Installation Upgrading from DS 8.0 SP2 with Agentless Anti-Malware Protection (Includes upgrading ESX/ESXi 4.1 Guide to 5.0, 5.1, or 5.5)
6. )F L@= Computers K;J==F AF L@= D==H -=;MJALQ '9F9?=J, JA?@L-;DA;C GF L@= D==H -=;MJALQ 0AJLM9D AHHDA9F;= 9F< K=D=;L Actions > Activate Appliance. DG FGL 9;LAN9L= L@= 0'K 9L L@AK LAE=. 7. )F L@= CGEHML=JK K;J==F AF L@= D==H -=;MJALQ '9F9?=J, JA?@L-;DA;C GF L@= D==H -=;MJALQ 0AJLM9D AHHDA9F;= 9F< K=D=;L Actions > Upgrade Appliance... 8. A;LAN9L= L@= ?M=KL 0'K GF L@= E-2A. GDDGO L@= AFKLJM;LAGFK <=K;JA:=< AF L@= K=;LAGF "A;LAN9LAF? !M=KL 0AJLM9D '9;@AF=K" AF Deploying the Deep Security Virtual Appliance (page 48). 9. /H?J9<= D==H -=;MJALQ (GLA>A=J (A> J=IMAJ=<) 9K <=K;JA:=< AF Upgrade the Deep Security Notifier (page 100). 10. D=HDGQ D==H -=;MJALQ A?=FLK (A> J=IMAJ=<). GDDGO L@= AFKLJM;LAGFK <=K;JA:=< AF Deploying Deep Security Agents (page 57). Upgrading VMware and Deep Security is now complete.
94
Deep Security 9 SP1 p2 Installation Upgrading from Deep Security 8.0 SP2 with Agentless FW and IPS Only (Upgrading from ESX/ESXi 4.1 Guide to 5.0, 5.1, or 5.5)
Upgrading from Deep Security 8.0 SP2 with Agentless FW and IPS Only (Upgrading from ESX/ESXi 4.1 to 5.0, 5.1, or 5.5)
Deep Security 9.0 SP1 p2 does not support ESX/ESXi version 4.1. To deploy Deep Security 9.0 SP1 p2, your VMware infrastructure (vCenter, vShield Manager, vShield Endpoint, and vShield Endpoint drivers) must be upgraded to version 5.0, 5.1, or 5.5. .@= >GDDGOAF? MH?J9<= HJG;=<MJ=K 9HHDQ LG 0'O9J= =FNAJGFE=FLK O@=J= D==H -=;MJALQ AK HJGNA<AF? A?=FLD=KK AJ=O9DD 9F< #*- HJGL=;LAGF GFDQ.
.@=J= 9J= LOG H@9K=K LG L@AK HJG;=<MJ=: >AJKL, MH?J9<AF? QGMJ 0'O9J= ;GEHGF=FLK, 9F< K=;GF<, MH?J9<AF? QGMJ D==H -=;MJALQ ;GEHGF=FLK. The first phase, MH?J9<AF? QGMJ 0'O9J= ;GEHGF=FLK, OADD ;GFKAKL G> L@= >GDDGOAF? KL=HK: 1. D=9;LAN9L= L@= D==H -=;MJALQ 0AJLM9D AHHDA9F;= GF L@= E-2A 2. ,=KLGJ= L@= E-2A (LG MFAFKL9DD L@= D==H -=;MJALQ ADL=J DJAN=J) 3. /H?J9<= QGMJ NC=FL=J 4. /H?J9<= L@= E-2A LG 5.0, 5.1, GJ 5.5. (#> MH?J9<AF? LG 5.0, 9HHDQ H9L;@ "E-2A 5.0 (:MAD< 474610)" GJ D9L=J.) The second phase, MH?J9<AF? QGMJ D==H -=;MJALQ ;GEHGF=FLK, OADD ;GFKAKL G> L@=K= KL=HK: 1. /H?J9<= L@= D==H -=;MJALQ '9F9?=J 2. A<< 9 K=;MJALQ ;=JLA>A;9L= LG L@= D==H -=;MJALQ '9F9?=J >GJ L@= NC=FL=J 9F< L@= N-@A=D< '9F9?=J 3. #EHGJL D==H -=;MJALQ 9.0 -*1 H2 AFKL9DD9LAGF H9;C9?=K AFLG L@= D==H -=;MJALQ '9F9?=J 4. *J=H9J= L@= E-2A (L@AK AFKL9DDK L@= D==H -=;MJALQ ADL=J DJAN=J GF L@= E-2A) 5. ,=9;LAN9L= QGMJ D==H -=;MJALQ 0AJLM9D AHHDA9F;= AF HJ=H9J9LAGF >GJ MH?J9<= 6. /H?J9<= L@= D==H -=;MJALQ 0AJLM9D AHHDA9F;= GF QGMJ E-2A 7. D=HDGQ 9F< ;GF>A?MJ= 9 D==H -=;MJALQ ,=D9Q 8. A;LAN9L= L@= ?M=KL 0'K GF L@= E-2A 9. D=HDGQ D==H -=;MJALQ A?=FLK (A> J=IMAJ=<)
95
Deep Security 9 SP1 p2 Installation Upgrading from Deep Security 8.0 SP2 with Agentless FW and IPS Only (Upgrading from ESX/ESXi 4.1 Guide to 5.0, 5.1, or 5.5)
Note:
You must have successfully completed phase one of this upgrade procedure, Upgrading Your VMware Components, before upgrading your Deep Security components. The Deep Security Filter Driver and the Deep Security Virtual Appliance must always be upgraded to the same version. Upgrading one without the other will leave both in a nonfunctional state.
Note:
1. /H?J9<= L@= D==H -=;MJALQ '9F9?=J LG N=JKAGF 9.0 -*1 H2. GDDGO L@= K9E= HJG;=<MJ=K 9K <=K;JA:=< AF Installing Deep Security Manager (page 39). 2. )F L@= Computers K;J==F AF L@= D==H -=;MJALQ '9F9?=J, JA?@L-;DA;C GF L@= NC=FL=J 9F< K=D=;L Properties. )F L@= NC=FL=J Properties K;J==F, ;DA;C Add/Update Certificate... GF L@= General L9: LG 9<< 9 ;=JLA>A;9L= >GJ L@= NC=FL=J, 9F< ;DA;C Add/Update Certificate... GF L@= vShield Manager L9: LG 9<< 9 ;=JLA>A;9L= >GJ L@= N-@A=D< '9F9?=J. 3. #F L@= D==H -=;MJALQ '9F9?=J, ?G LG Administration > Updates > Software Updates 9F< AEHGJL L@= D==H -=;MJALQ A?=FL 9.0 -*1 H2, D==H -=;MJALQ ,=D9Q 9.0 -*1 H2, D==H -=;MJALQ ADL=J DJAN=J 9.0 -*1 H2, 9F< D==H -=;MJALQ 0AJLM9D AHHDA9F;= 9.0 -*1 H2 AFKL9DD9LAGF H9;C9?=K. 4. A>L=J MH?J9<AF? L@= E-2A AF H@9K= GF=, L@= E-2A OADD := "MFHJ=H9J=<". GDDGO L@= AFKLJM;LAGFK AF Preparing ESXi for Deep Security Virtual Appliance Deployment (page 46) LG HJ=H9J= L@= E-2A. 5. )F L@= Computers K;J==F AF L@= D==H -=;MJALQ '9F9?=J, JA?@L-;DA;C GF L@= D==H -=;MJALQ 0AJLM9D AHHDA9F;= 9F< K=D=;L Actions > Activate Appliance. DG FGL 9;LAN9L= L@= 0'K 9L L@AK LAE=. 6. )F L@= Computers K;J==F AF L@= D==H -=;MJALQ '9F9?=J, JA?@L-;DA;C GF L@= D==H -=;MJALQ 0AJLM9D AHHDA9F;= 9F< K=D=;L Actions > Upgrade Appliance...
96
Deep Security 9 SP1 p2 Installation Upgrading from Deep Security 8.0 SP2 with Agentless FW and IPS Only (Upgrading from ESX/ESXi 4.1 Guide to 5.0, 5.1, or 5.5)
7. 8.
GDDGO L@= AFKLJM;LAGFK <=K;JA:=< AF Deploying the Deep Security Relay (page 43). GDDGO L@= AFKLJM;LAGFK <=K;JA:=< AF L@= K=;LAGF "A;LAN9LAF? !M=KL 0AJLM9D '9;@AF=K" AF Deploying the Deep Security Virtual Appliance (page 48). 9. GDDGO L@= AFKLJM;LAGFK <=K;JA:=< AF Deploying Deep Security Agents (page 57). Upgrading to Deep Security 9.0 SP1 p2 with Agentless Firewall and IPS protection only is now complete.
97
Upgrading from Deep Security 8.0 SP2 with In-guest Agent-Based Protection Only
Upgrading from Deep Security 8.0 SP2 with In-guest Agent-Based Protection Only
.@= >GDDGOAF? MH?J9<= HJG;=<MJ=K 9HHDQ LG =FNAJGFE=FLK (H@QKA;9D GJ NAJLM9D) O@=J= D==H -=;MJALQ AK HJGNA<AF? AF-?M=KL A?=FL-:9K=< HJGL=;LAGF GFDQ.
Note:
If you are running Deep Security 8.0 SP2 in a VMware vSphere 4 Environment and you are implementing in-guest Agent-based protection only, only your Deep Security components need to be upgraded to 9.0 SP1 p2.
98
D==H -=;MJALQ A?=FLK ;9F := MH?J9<=< MKAF? L@= D==H -=;MJALQ '9F9?=J AFL=J>9;=, :ML L@= A?=FL KG>LO9J= EMKL >AJKL := AEHGJL=< AFLG L@= D==H -=;MJALQ '9F9?=J. To import Agent software into the Deep Security Manager: 1. #F L@= D==H -=;MJALQ '9F9?=J, ?G LG L@= Administration > Updates > Software Updates L9:. 2. AL L@= :GLLGE G> L@= H9?=, ;DA;C GF Open Download Center... LG GH=F 9 :JGOK=J OAF<GO LG L@= .J=F< 'A;JG DGOFDG9< C=FL=J O=: KAL=. 3. DGOFDG9< L@= A?=FL KG>LO9J= >GJ HD9L>GJEK QGM J=IMAJ= LG 9 DG;9LAGF 9;;=KKA:D= >JGE L@= K=JN=J @GKLAF? L@= D==H -=;MJALQ '9F9?=J. 4. CDGK= L@= DGOFDG9< C=FL=J :JGOK=J OAF<GO. 5. B9;C AF L@= D==H -=;MJALQ '9F9?=J GF L@= Software Updates L9:, ;DA;C Import Software... LG KL9JL L@= Import Software OAR9J<. 6. /K= L@= OAR9J< LG F9NA?9L= LG L@= DG;9LAGF O@=J= QGM <GOFDG9<=< L@= A?=FLK 9F< AEHGJL L@=E AFLG L@= D==H -=;MJALQ '9F9?=J. .@= A?=FL KG>LO9J= AK FGO AEHGJL=< AFLG L@= D==H -=;MJALQ '9F9?=J.
Note:
Once the new software is imported into the Deep Security Manager, depending on how your Alerts are configured, you may get a Agent Upgrade Recommended alert for each computer on which the Agent is determined to be out of date.
To Upgrade Deep Security Agents using the Deep Security Manager: 1. 2. 3. 4. #F L@= D==H -=;MJALQ '9F9?=J, ?G LG L@= Computers K;J==F. >AF< L@= ;GEHML=J GF O@A;@ QGM O9FL LG MH?J9<= L@= A?=FL. ,A?@L-;DA;C L@= ;GEHML=J 9F< K=D=;L Actions > Upgrade Agent software. .@= A?=FL KG>LO9J= OADD := K=FL LG L@= ;GEHML=J 9F< L@= A?=FL KG>LO9J= OADD := MH?J9<=< 9F< 9D=JLK OADD := <AKEAKK=< 9MLGE9LA;9DDQ.
Note:
You can manually upgrade the Agents locally on the computer. To do this, follow the instructions in Install Deep Security Agents (page 57).
99
To upgrade the Deep Security Notifier: 1. /FAFKL9DD D==H -=;MJALQ (GLA>A=J 8.0 -*2 2. #FKL9DD D==H -=;MJALQ (GLA>A=J 9.0 -*1 H2 9;;GJ<AF? LG L@= HJG;=<MJ=K <=K;JA:=< AF Installing the Deep Security Notifier (page 67).
Note:
The Deep Security Notifier must always be the same version as the Deep Security Manager.
100
Quick Start
Note:
Relays are always organized into Relay Groups, even if it's a only a group of one. Deep Security has a default Relay Group (named "Default Relay Group") to which all new Relays are assigned. You can create multiple Relay Groups if you have a large number of computers and want to create a hierarchical Relay structure or if your computers are spread out over large geographical areas. For more information on Relay Groups, see Configuring the Deep Security Relay (page 121) and Relay Groups in the online help or the Administrator's Guide.
.G NA=O QGMJ D==H -=;MJALQ ,=D9QK, ?G LG L@= Administration > System Settings > Updates L9: 9F< ;DA;C View Relay Groups... AF L@= Relays 9J=9: ('9C= KMJ= QGM 9J= GF L@= Updates tab GF L@= System Settings page 9F< FGL L@= Updates page DG;9L=< H9J9DD=D LG L@= System Settings H9?=.)
102
.@AK OADD <AKHD9Q QGMJ ;MJJ=FL ,=D9Q !JGMHK AF L@= Relay Groups OAF<GO. /KM9DDQ QGM OADD GFDQ @9N= L@= KAF?D= Default Relay Group. DGM:D=-;DA;C L@= D=>9MDL ,=D9Q !JGMH LG <AKHD9Q ALK Relay Group Properties OAF<GO:
#F L@= '=E:=JK 9J=9 G> L@= Relay Group Properties OAF<GO QGM'DD K== L@= ,=D9QK L@9L 9J= E=E:=JK G> L@= ?JGMH.
Note:
If there are no computers in the Members area see Installing the Deep Security Relay (page 43) and Configuring the Deep Security Relay (page 121).
103
.@AK OADD <AKHD9Q L@= Security Update 1AR9J< O@A;@ ;GFL9;LK L@= .J=F< 'A;JG /H<9L= -=JN=JK 9F< <GOFDG9<K L@= D9L=KL -=;MJALQ /H<9L=K 9F< <AKLJA:ML=K L@=E LG QGMJ ;GEHML=JK. #> MHGF ;GEHD=LAGF L@= OAR9J< <AKHD9QK L@= KM;;=KK E=KK9?= AL E=9FK QGMJ ,=D9Q ;9F ;GEEMFA;9L= OAL@ L@= /H<9L= K=JN=JK:
Note:
If your Relays are unable to update their Components, see Installing the Deep Security Relay (page 43) and Configuring the Deep Security Relay (page 121).
104
(GLA;= L@9L (AF L@AK ;9K=) L@= Download Security Updates -;@=<MD=< .9KC AK K=L LG H=J>GJE 9 -=;MJALQ /H<9L= =N=JQ<9Q 9L 19:25.
Note:
If you don't have a Download Security Updates Scheduled Task in your list, you can create one by clicking on New on the Scheduled Task page menu bar and following the instructions in the New Scheduled Task wizard.
105
DGM:D=-;DA;C GF 9F AD=JL K== ALK Properties OAF<GO O@=J= QGM ;9F QGM ;9F K=L L@= AD=JL GHLAGFK >GJ =E9AD FGLA>A;9LAGF:
106
(GO QGM F==< LG ;GF>A?MJ= QGMJ /K=J 9;;GMFL LG J=;=AN= L@= =E9AD FGLA>A;9LAGFK D==H -=;MJALQ OADD K=F< GML. !G LG Administration > User management > Users 9F< <GM:D=-;DA;C GF QGMJ /K=J 9;;GMFL LG <AKHD9Q ALK Properties OAF<GO. !G LG L@= Contact Information L9: 9F< =FL=J 9F =E9AD 9<<J=KK 9F< K=D=;L L@= Receive Alert Emails GHLAGF:
#F GJ<=J >GJ D==H -=;MJALQ LG K=F< =E9AD FGLA>A;9LAGF AL @9K LG := 9:D= LG ;GEEMFA;9L= OAL@ 9F -'.* K=JN=J (9;;=KK LG 9F -'.* K=JN=J AK 9 J=IMAJ=E=FL >GJ =E9AD FGLA>A;9LAGFK). .G ;GFF=;L L@= D==H -=;MJALQ '9F9?=J LG QGMJ -'.* K=JN=J, ?G LG L@= Administration > System Settings > SMTP L9::
107
CGEHD=L= L@= J=IMAJ=< >A=D<K AF L@= SMTP 9J=9 HJ=KK L=KL -'.* -=LLAF?K 9L L@= :GLLGE G> L@= H9?= O@=F QGM'J= <GF=. QGM K@GMD< K== 9 Test connection to SMTP server succeeded E=KK9?=:
Note:
If you unable to connect with your SMTP server, make sure the the Manager can connect with the SMTP server on port 25.
-== QuickStart: Protecting a Server (page 110) GJ QuickStart: Protecting a Mobile Laptop AF L@= GFDAF= @=DH GJ L@= A<EAFAKLJ9LGJ'K !MA<= >GJ 9 IMA;C ?MA<= LG HJGL=;LAF? L@GK= LOG CAF<K G> ;GEHML=J J=KGMJ;=K.
109
Note:
We will assume that you have already installed the Deep Security Manager on the computer from which you intend to manage the Deep Security Agents/Appliances throughout your network. We will also assume that you have installed (but not activated) Deep Security Agent on the computer you wish to protect or that you have deployed and activated Deep Security Appliances on the ESXi hosts on which are running the VMs you intend to protect. And finally, we will assume that you have a Deep Security Relay installed from which Deep Security can download the latest Security Updates. If any of these requirements are not in place, consult the Installation Guide for instructions to get to this stage.
GJ L@= HMJHGK=K G> L@AK =P=J;AK=, O= OADD 9<< 9 ;GEHML=J >JGE 9 DG;9D F=LOGJC :ML GF;= 9 ;GEHML=J AK 9<<=< LG L@= '9F9?=J, L@= HJGL=;LAGF HJG;=<MJ=K 9J= L@= K9E= J=?9J<D=KK G> O@=J= L@= ;GEHML=J AK DG;9L=<. To add a computer from a local network:
110
1. #F L@= D==H -=;MJALQ '9F9?=J ;GFKGD=, ?G LG L@= Computers H9?= 9F< ;DA;C New AF L@= LGGD:9J 9F< K=D=;L New Computer... >JGE L@= <JGH-<GOF E=FM.
2. #F L@= New Computer OAR9J<, =FL=J L@= @GKLF9E= GJ #* 9<<J=KK G> L@= ;GEHML=J 9F< K=D=;L 9F 9HHJGHJA9L= K=;MJALQ *GDA;Q LG 9HHDQ >JGE L@= *GDA;Q LJ== AF L@= <JGH-<GOF E=FM. (#F L@AK ;9K= O= OADD K=D=;L L@= Windows Server 2008 *GDA;Q.) CDA;C Next.
3. .@= OAR9J< OADD ;GFL9;L L@= ;GEHML=J, 9<< AL LG L@= CGEHML=JK H9?=, <=L=;L L@= MF9;LAN9L=< A?=FL, 9;LAN9L= AL, 9F< 9HHDQ L@= K=D=;L=< *GDA;Q. CDA;C Finish.
111
Note:
An Agent can be configured to automatically initiate its own activation upon installation. For details, see Command-Line Instructions in the online help of the Administrator's Guide.
4. 1@=F L@= ;GEHML=J @9K :==F 9<<=< L@= OAR9J< OADD <AKHD9Q 9 ;GF>AJE9LAGF E=KK9?=:
5. &=9N= L@= Open Computer Details on 'Close' GHLAGF MFK=D=;L=< 9F< ;DA;C Close. .@= ;GEHML=J FGO 9HH=9JK AF L@= D==H -=;MJALQ '9F9?=J'K DAKL G> E9F9?=< ;GEHML=JK GF L@= Computers H9?=. D==H -=;MJALQ OADD 9MLGE9LA;9DDQ <GOFDG9< L@= D9L=KL -=;MJALQ /H<9L=K LG L@= ;GEHML=J 9>L=J 9;LAN9LAGF. AK O=DD, .@= Windows Server 2008 *GDA;Q L@9L O9K 9KKA?F=< LG L@= ;GEHML=J @9< L@= O= 9KKA?F=< LG L@= ;GEHML=J @9K #FL=?JALQ 'GFALGJAF? =F9:D=< 9F< KG AL OADD KL9JL LG BMAD< 9F #FL=?JALQ 'GFALGJAF? :9K=DAF= >GJ L@= ;GEHML=J. 3GM ;9F K== 9;LANALA=K ;MJJ=FLDQ :=AF? ;9JJA=< GML AF L@= KL9LMK :9J G> L@= E9F9?=J OAF<GO:
)F;= D==H -=;MJALQ '9F9?=J @9K ;GEHD=L=< ALK AFALA9D HGKL-9;LAN9LAGF L9KCK L@= ;GEHML=J'K Status K@GMD< <AKHD9Q 9K E9F9?=< ()FDAF=):
Note:
More information is available for each page in the Deep Security Manager by clicking the Help button in the menu bar.
112
DMJAF? L@= ,=;GEE=F<9LAGF -;9F, QGMJ ;GEHML=J'K -L9LMK OADD <AKHD9Q Scanning for Recommendations. 1@=F L@= K;9F AK >AFAK@=<, A> <==H -=;MJALQ @9K 9FQ J=;GEE=F<9LAGFK LG E9C=, QGM OADD K== 9F AD=JL GF L@= AD=JLK K;J==F:
113
To see the results of the Recommendation Scan: 1. )H=F L@= ;GEHML=J =<ALGJ >GJ QGMJ ;GEHML=J (Details... AF L@= Computers H9?= E=FM :9J GJ >JGE L@= JA?@L-;DA;C E=FM.) 2. #F L@= ;GEHML=J =<ALGJ OAF<GO, ?G LG L@= Intrusion Prevention EG<MD= H9?=. #F L@= Recommendations 9J=9 G> L@= General L9:, QGM'DD K== L@= J=KMDLK G> L@= K;9F:
.@= Current Status L=DDK MK L@9L L@=J= 9J= ;MJJ=FLDQ 179 #FLJMKAGF *J=N=FLAGF ,MD=K 9KKA?F=< LG L@AK ;GEHML=J. Last Scan for Recommendations L=DDK MK L@9L L@= D9KL K;9F LGGC HD9;= GF D=;=E:=J 18L@, 2012, 9L 09:14.
114
Unresolved Recommendations L=DDK MK L@9L 9K 9 J=KMDL G> L@= K;9F, D==H -=;MJALQ J=;GEE=F<K 9KKA?FAF? 9F 9<<ALAGF9D 28 #FLJMKAGF *J=N=FLAGF ,MD=K 9F< MF9KKA?FAF? 111 ;MJJ=FLDQ 9KKA?F=< ,MD=K. .@= Note AF>GJEK MK L@9L 111 G> L@= ,MD=K J=;GEE=F<=< >GJ MF9KKA?FE=FL (9DD G> L@=E 9K AL LMJF GML) @9N= :==F 9KKA?F=< 9L L@= *GDA;Q D=N=D (J9L@=J L@9F <AJ=;LDQ @=J= GF L@= ;GEHML=J D=N=D). ,MD=K L@9L @9N= :==F 9KKA?F=< 9L 9 D=N=D @A?@=J MH L@= *GDA;Q LJ== ;9F GFDQ := MF9KKA?F=< AF L@= *GDA;Q O@=J= L@=Q O=J= 9KKA?F=< -AF L@AK ;9K=, L@= Windows Server 2008 *GDA;Q. (#> O= @9< GH=F=< L@= Windows Server 2008 *GDA;Q =<ALGJ, O= OGMD< @9N= K==F L@= K9E= J=;GEE=F<9LAGFK 9F< O= ;GMD< @9N= MF9KKA?F=< L@=E >JGE L@=J=.) 1= 9J= 9DKG LGD< L@9L 7 G> L@= ,MD=K L@9L 9J= J=;GEE=F<=< >GJ 9KKA?FE=FL ;9F'L := 9MLGE9LA;9DDQ 9KKA?F=<. /KM9DDQ L@=K= 9J= =AL@=J ,MD=K L@9L J=IMAJ= ;GF>A?MJ9LAGF GJ ,MD=K L@9L 9J= HJGF= LG >9DK= HGKALAN=K 9F< O@GK= :=@9NAGJ K@GMD< := G:K=JN=< AF <=L=;L-GFDQ EG<= :=AF? :=AF? =F>GJ;=< AF HJ=N=FL EG<=. .G K== O@A;@ ,MD=K @9N= :==F J=;GEE=F<=< >GJ 9KKA?FE=FL, ;DA;C Assign/Unassign... LG <AKHD9Q L@= IPS Rules JMD= 9KKA?FE=FL EG<9D OAF<GO. .@=F K=D=;L ,=;GEE=F<=< >GJ AKKA?FE=FL >JGE L@= K=;GF< <JGH-<GOF >ADL=J DAKL:
,MD=K L@9L J=IMAJ= ;GF>A?MJ9LAGF 9J= A<=FLA>A=< :Q 9F A;GF OAL@ 9 KE9DD ;GF>A?MJ9LAGF :9<?= ( ). .G K== L@= ;GF>A?MJ9:D= GHLAGFK >GJ 9 ,MD=, <GM:D=-;DA;C L@= ,MD= LG GH=F ALK Properties OAF<GO (AF DG;9D =<ALAF? EG<=) 9F< ?G LG L@= Configuration L9:. .G AKKA?F 9 ,MD=, K=D=;L L@= ;@=;C:GP F=PL LG ALK F9E=. .G NA=O ,MD=K L@9L 9J= J=;GEE=F<=< >GJ unassignment, >ADL=J L@= DAKL G> ,MD=K :Q K=D=;LAF? Recommended for Unassignment >JGE L@= K9E= <JGH-<GOF DAKL. .G MF9KKA?F 9 ,MD=, <=K=D=;L L@= ;@=;C:GP F=PL LG ALK F9E=.
115
Note:
Rules that are in effect on a computer because they have been assigned in a Policy higher up the policy tree can't be unassigned locally. The only way to unassign such Rules is to edit the Policy where they were originally assigned and unassign them from there. For more information on this kind of Rule inheritance, see Policies, Inheritance and Overrides in the online help or the Administrator's Guide.
3. -=D=;L Scan Computers for Recommendations 9K L@= K;9F LQH= 9F< K=D=;L Weekly J=;MJJ=F;=. CDA;C Next.
116
4. -=D=;L 9 KL9JL LAE=, K=D=;L =N=JQ 1 O==C, 9F< K=D=;L 9 <9Q G> L@= O==C. CDA;C Next. 5. 1@=F KH=;A>QAF? O@A;@ ;GEHML=JK LG -;9F, K=D=;L L@= D9KL GHLAGF (Computer) 9F< K=D=;L L@= 1AF<GOK -=JN=J 2008 ;GEHML=J O= 9J= HJGL=;LAF?. CDA;C Next. 6. .QH= 9 F9E= >GJ L@= F=O -;@=<MD=< .9KC. &=9N= L@= Run task on 'Finish' MF;@=;C=< (:=;9MK= O= BMKL J9F 9 ,=;GEE=F<9LAGF -;9F). CDA;C Finish. .@= F=O -;@=<MD=< L9KC FGO 9HH=9JK AF L@= DAKL G> -;@=<MD=< .9KCK. #L OADD JMF GF;= 9 O==C LG K;9F QGMJ ;GEHML=J 9F< E9C= J=;GEE=F<9LAGFK >GJ QGM ;GEHML=J. #> QGM @9N= K=L Automatically implement Recommendations >GJ =9;@ G> L@= L@J== HJGL=;LAGF EG<MD=K L@9L KMHHGJL AL, D==H -=;MJALQ OADD 9KKA?F 9F< MF9KKA?F ,MD=K 9J= J=IMAJ=<. #> ,MD=K 9J= A<=FLA>A=< L@9L J=IMAJ= KH=;A9D 9LL=FLAGF, 9F AD=JL OADD := J9AK=< LG FGLA>Q QGM.
-=D=;L L@= ;@=;C:GP :=KA<= =9;@ G> L@= L@J== OA<?=LK, 9F< ;DA;C OK. .@= OA<?=LK OADD 9HH=9J GF L@= <9K@:G9J<. (#L E9Q L9C= 9 :AL G> LAE= LG ?=F=J9L= L@= <9L9.) T .@= Firewall Activity (Prevented) OA<?=L <AKHD9QK 9 DAKL G> L@= EGKL ;GEEGF J=9KGFK >GJ H9;C=LK LG := <=FA=< (L@9L AK, :DG;C=< >JGE J=9;@AF? 9 ;GEHML=J :Q L@= A?=FL GF L@9L ;GEHML=J) 9DGF? OAL@ L@= FME:=J G> H9;C=LK L@9L O=J= <=FA=<. #L=EK AF L@AK DAKL OADD := =AL@=J LQH=K G> *9;C=L ,=B=;LAGFK GJ AJ=O9DD ,MD=K. E9;@ "J=9KGF" AK 9 DAFC LG L@= ;GJJ=KHGF<AF? DG?K >GJ L@9L <=FA=< H9;C=L.
117
T .@= Firewall IP Activity (Prevented) OA<?=L <AKHD9QK 9 DAKL G> L@= EGKL ;GEEGF KGMJ;= #*K G> <=FA=< H9;C=LK. -AEAD9J LG L@= Firewall Activity (Prevented) OA<?=L, =9;@ KGMJ;= #* AK 9 DAFC LG L@= ;GJJ=KHGF<AF? DG?K. T .@= Firewall Event History (2x1) OA<?=L <AKHD9QK 9 :9J ?J9H@ AF<A;9LAF? @GO E9FQ H9;C=LK O=J= :DG;C=< AF L@= D9KL 24 @GMJ H=JAG< GJ K=N=F <9Q H=JAG< (<=H=F<AF? GF L@= NA=O K=D=;L=<). CDA;CAF? 9 :9J OADD <AKHD9Q L@= ;GJJ=KHGF<AF? DG?K >GJ L@= H=JAG< J=HJ=K=FL=< :Q L@= :9J.
Note:
Note the trend indicators next to the numeric values in the Firewall Activity (Prevented) and Firewall IP Activity (Prevented) widgets. An upward or downward pointing triangle indicates an overall increase or decrease over the specified time period, and a flat line indicates no significant change.
Note:
For the meaning of the different packet rejection reasons, see Firewall Events and Intrusion Prevention Events in the online help or the Administrator's Guide .
Reports
)>L=F, 9 @A?@=J-D=N=D NA=O G> L@= DG? <9L9 AK <=KAJ=<, O@=J= L@= AF>GJE9LAGF AK KMEE9JAR=<, 9F< HJ=K=FL=< AF 9 EGJ= =9KADQ MF<=JKLGG< >GJE9L. .@= Reports >ADD L@AK ,GD=, 9DDGOAF? QGM LG <AKHD9Q <=L9AD=< KMEE9JA=K GF ;GEHML=JK, AJ=O9DD 9F< #FLJMKAGF *J=N=FLAGF EN=FL &G?K, EN=FLK, AD=JLK, =L;. #F L@= Reports H9?=, QGM ;9F K=D=;L N9JAGMK GHLAGFK >GJ L@= J=HGJL LG := ?=F=J9L=<. 1= OADD ?=F=J9L= 9 Firewall Report, O@A;@ <AKHD9QK 9 J=;GJ< G> AJ=O9DD ,MD= 9F< AJ=O9DD -L9L=>MD CGF>A?MJ9LAGF 9;LANALQ GN=J 9 ;GF>A?MJ9:D= <9L= J9F?=. -=D=;L Firewall Report >JGE L@= ,=HGJL <JGH-<GOF. CDA;C Generate LG D9MF;@ L@= J=HGJL AF 9 F=O OAF<GO. BQ J=NA=OAF? K;@=<MD=< J=HGJLK L@9L @9N= :==F =E9AD=< :Q L@= D==H -=;MJALQ '9F9?=J LG /K=JK, :Q DG??AF? AFLG L@= KQKL=E 9F< ;GFKMDLAF? L@= <9K@:G9J<, :Q H=J>GJEAF? <=L9AD=< AFN=KLA?9LAGFK :Q <JADDAF?-<GOF LG KH=;A>A; DG?K, 9F< :Q ;GF>A?MJAF? AD=JLK LG FGLA>Q /K=JK G> ;JALA;9D =N=FLK, QGM ;9F J=E9AF 9HHJAK=< G> L@= @=9DL@ 9F< KL9LMK G> QGMJ F=LOGJC.
118
Import Deep Security Filter Driver (DSFD) and Deep Security Virtual Appliance (DSVA) into Deep Security Manager
To import Filter Driver and Virtual Appliance software into Deep Security Manager: 1. #F L@= D==H -=;MJALQ '9F9?=J, ?G LG L@= Administration > Updates > Software Updates L9:. 2. AL L@= :GLLGE G> L@= H9?=, ;DA;C GF Open Download Center... LG GH=F 9 :JGOK=J OAF<GO LG L@= .J=F< 'A;JG DGOFDG9< C=FL=J O=: KAL=. 3. DGOFDG9< L@= ADL=J DJAN=J 9F< 0AJLM9D AHHDA9F;= KG>LO9J= LG 9 DG;9LAGF 9;;=KKA:D= >JGE L@= K=JN=J @GKLAF? L@= D==H -=;MJALQ '9F9?=J. 4. CDGK= L@= DGOFDG9< C=FL=J :JGOK=J OAF<GO. 5. B9;C AF L@= D==H -=;MJALQ '9F9?=J GF L@= Software Updates L9:, ;DA;C Import Software... LG KL9JL L@= Import Software OAR9J<. 6. BJGOK= 9F< -=D=;L ADL=JDJAN=J-E-285.0-9.0.0-PPPP.P86864.RAH. CDA;C (=PL 9F< AFAK@ GF L@= F=PL K;J==F. 7. CDA;C Import Software... >JGE -G>LO9J= /H<9L=K L9: 9?9AF. BJGOK= 9F< -=D=;L AHHDA9F;=E-2-9.0.0-PPPP.P86864.RAH CDA;C (=PL 9F< O9AL >GJ -G>LO9J= *JGH=JLA=K OAF<GO 9F< K=D=;L AFAK@.
119
Note:
The package upload may take 5-10 minutes depending on network bandwidth.
8. CDA;C L@= 0A=O #EHGJL=< -G>LO9J= 9F< E9C= KMJ= :GL@ L@= ADL=J DJAN=J 9F< D-0A 9J= AEHGJL=<.
120
121
.G 9KKA?F 9 ,=D9Q LG 9F A?=FL/AHHDA9F;=, ?G LG L@= Computers K;J==F, JA?@L-;DA;C L@= CGEHML=J 9F< >JGE L@= A;LAGFK E=FM, K=D=;L Assign Relay Group.
122
Appendices
Note:
The features listed in the Virtual Appliance column represent those functions that the Virtual Appliance can perform on agentless virtual machines.
Modules
Features
HP-UX
ADD MF;LAGFK
Windows AJ=O9DD ADD MF;LAGFK Windows #FLJMKAGF *J=N=FLAGF AHHDA;9LAGF CGFLJGD #FLJMKAGF *J=N=FLAGF 1=: AHHDA;9LAGF *JGL=;LAGF --& Windows AD=K #FL=?JALQ 'GFALGJAF? ,=?AKLJQ )L@=JK
Linux
Solaris
AIX
HP-UX
Linux
Solaris
AIX
HP-UX
Linux
Solaris
AIX
HP-UX
124
Modules
Features
HP-UX
HP-UX
HP-UX
Notes: T A?=FL-:9K=< 1=: ,=HML9LAGF K=JNA;= AK only KMHHGJL=< GF 64-:AL ,"E& 6, 64-:AL C=FL)- 6, 9F< 64-:AL -/-E 11. T A?=FL-:9K=< AFLA-'9DO9J= AK not KMHHGJL=< GF 32-:AL N=JKAGFK G> ,=< "9L, C=FL)-, -M-E, 9F< AE9RGF &AFMP. T A?=FL-:9K=< AFLA-'9DO9J= AK not KMHHGJL=< GF /:MFLM GJ )J9;D= &AFMP. T GJ EGJ= <=L9AD=< AF>GJE9LAGF GF GH=J9LAF? KQKL=E 9F< HD9L>GJE KMHHGJL, K== L@= System Requirements (page 28) AF L@AK <G;ME=FL 9F< L@= -MHHGJL=< %=JF=DK <G;ME=FL 9N9AD9:D= >JGE L@= .J=F< 'A;JG DGOFDG9< C=FL=J.
125
Note:
For optional entries, supplying an invalid value will result in the default value being used.
Required Settings
LicenseScreen
Property
&A;=FK=-;J==F.&A;=FK=.-1=<N9DM=>
Possible Values
<AC >GJ 9DD EG<MD=K>
Default Value
:D9FC
Notes
OR
Property
&A;=FK=-;J==F.&A;=FK=.0=<N9DM=> &A;=FK=-;J==F.&A;=FK=.1=<N9DM=> &A;=FK=-;J==F.&A;=FK=.2=<N9DM=> &A;=FK=-;J==F.&A;=FK=.3=<N9DM=>
Possible Values
<AC >GJ AFLA-'9DO9J=> <AC >GJ AJ=O9DD/D*#> <AC >GJ #FL=?JALQ 'GFALGJAF?> <AC >GJ &G? #FKH=;LAGF>
Default Value
:D9FC :D9FC :D9FC :D9FC
Notes
CredentialsScreen
Property
CJ=<=FLA9DK-;J==F.A<EAFAKLJ9LGJ./K=JF9E==<N9DM=> CJ=<=FLA9DK-;J==F.A<EAFAKLJ9LGJ.*9KKOGJ<=<N9DM=>
Possible Values
<MK=JF9E= >GJ E9KL=J 9<EAFAKLJ9LGJ> <H9KKOGJ< >GJ L@= E9KL=J 9<EAFAKLJ9LGJ>
Default Value
:D9FC :D9FC
Notes
126
Optional Settings
LanguageScreen
Property Possible Values
=F DAFKL9DD4B.D9F?M9?==<N9DM=> BH R@8C( =F "=F" = EF?DAK@, "BH" = $9H9F=K=, "R@8C(" = -AEHDA>A=< C@AF=K=
Default Value
Notes
UpgradeVerificationScreen
Note:
Property
/H?J9<=0=JA>A;9LAGF-;J==F.)N=JOJAL==<N9DM=>
Default Value
9DK=
Notes
Note:
Setting this value to True will overwrite any existing data in the database. It will do this without any further prompts.
DatabaseScreen
.@AK K;J==F <=>AF=K L@= <9L9:9K= LQH= 9F< GHLAGF9DDQ L@= H9J9E=L=JK F==<=< LG 9;;=KK ;=JL9AF <9L9:9K= LQH=K.
Note:
The interactive install provides an "Advanced" dialog to define the instance name and domain of a Microsoft SQL server, but because the unattended install does not support dialogs these arguments are included in the DatabaseScreen settings below.
Possible Values
EE:=<<=<
Property
Default Value
'A;JGKG>L -+& -=JN=J
Notes
D9L9:9K=-;J==F.D9L9:9K=.QH==<N9DM=>
D9L9:9K=-;J==F."GKLF9E==<N9DM=>
D9L9:9K=-;J==F.D9L9:9K=(9E==<N9DM=>
D9L9:9K=-;J==F..J9FKHGJL=<N9DM=>
127
Property
D9L9:9K=-;J==F./K=JF9E==<N9DM=> D9L9:9K=-;J==F.*9KKOGJ<=<N9DM=>
Possible Values
Default Value
Notes
(GL J=IMAJ=< >GJ EE:=<<=<
:D9FC
(GL J=IMAJ=< >GJ EE:=<<=< BD9FC AEHDA=K <=>9MDL AFKL9F;=. )HLAGF9D, J=IMAJ=< >GJ -+& -=JN=J GFDQ )HLAGF9D, J=IMAJ=< >GJ -+& -=JN=J GFDQ
D9L9:9K=-;J==F.-+&-=JN=J.#FKL9F;==<N9DM=>
D9L9:9K=-;J==F.-+&-=JN=J./K=D=>9MDLCGDD9LAGF=<N9DM=>
9DK=
AddressAndPortsScreen
.@AK K;J==F <=>AF=K L@= @GKLF9E=, /,&, GJ #* 9<<J=KK G> L@AK ;GEHML=J 9F< <=>AF=K HGJLK >GJ L@= '9F9?=J. #F L@= AFL=J9;LAN= AFKL9DD=J L@AK K;J==F 9DKG KMHHGJLK L@= 9<<ALAGF G> 9 F=O '9F9?=J LG 9F =PAKLAF? <9L9:9K=, :ML L@AK GHLAGF AK FGL KMHHGJL=< AF L@= MF9LL=F<=< AFKL9DD.
Possible Values
<@GKLF9E=, /,& GJ #* A<<J=KKAF<*GJLK-;J==F.'9F9?=JA<<J=KK=<N9DM=> 9<<J=KK G> L@= '9F9?=J @GKL> <N9DA< HGJL FME:=J> <N9DA< HGJL FME:=J> <;MJJ=FL @GKL F9E=>
Property
Default Value
Notes
A<<J=KKAF<*GJLK-;J==F.'9F9?=J*GJL=<N9DM=>
4119
A<<J=KKAF<*GJLK-;J==F."=9JL:=9L*GJL=<N9DM=>
4120
.JM= AF<A;9L=K L@9L L@= ;MJJ=FL AFKL9DD AK 9 F=O FG<=. #> L@= AFKL9DD=J >AF<K =PAKLAF? <9L9 AF L@= <9L9:9K=, AL OADD 9<< L@AK A<<J=KKAF<*GJLK-;J==F.(=O(G<==<N9DM=> .JM= 9DK= 9DK= AFKL9DD9LAGF 9K 9 F=O FG<=. ('MDLA-FG<= K=LMH AK 9DO9QK 9 KAD=FL AFKL9DD). (GL=: .@= "(=O (G<=" AFKL9DD9LAGF AF>GJE9LAGF 9:GML L@= =PAKLAF? <9L9:9K= LG := HJGNA<=< NA9 L@= D9L9:9K=-;J==F HJGH=JLA=K.
128
CredentialsScreen
Possible Values
LJM= 9DK=
Property
Default Value
9DK=
Notes
.JM= AF<A;9L=K L@= D-' K@GMD< := K=L MH LG =F>GJ;= KLJGF? H9KKOGJ<K
CJ=<=FLA9DK-;J==F./K=-LJGF?*9KKOGJ<K=<N9DM=>
SecurityUpdateScreen
Possible Values
.JM= 9DK= .JM= 9DK=
Property
Default Value
.JM=
Notes
.JM= AF<A;9L=K L@9L QGM O9FL D==H -=;MJALQ '9F9?=J LG 9MLGE9LA;9DDQ J=LJA=N= L@= D9L=KL CGEHGF=FLK .JM= AF<A;9L=K L@9L QGM O9FL LG K=LMH 9 L9KC LG 9MLGE9LA;9DDQ ;@=;C >GJ F=O KG>LO9J=.
-=;MJALQ/H<9L=-;J==F./H<9L=CGEHGF=FLK=<N9DM=>
-=;MJALQ/H<9L=-;J==F./H<9L=-G>LO9J==<N9DM=>
.JM=
RelayScreen
.@AK N9DM= ;GFLJGDK L@= AFKL9DD9LAGF G> 9 ;G-DG;9L=< D==H -=;MJALQ ,=D9Q -=JN=J.
Possible Values
.JM= 9DK=
Property
Default Value
Notes
#> 9F 9HHJGHJA9L= D==H -=;MJALQ ,=D9Q AFKL9DD H9;C9?= AK >GMF< (AF L@=
,=D9Q-;J==F.#FKL9DD=<N9DM=>
9DK=
K9E= DG;9LAGF 9K L@= D-' AFKL9DD=J) 9F< L@AK >D9? AK K=L .JM= L@=F L@= ,=D9Q -=JN=J OADD := AFKL9DD=< 9MLGE9LA;9DDQ.
,=D9Q-;J==F.AFLA'9DO9J==<N9DM=>
9DK=
,=D9Q-;J==F.*JGPQ=<N9DM=>
9DK=
D=>AF= 9 HJGPQ >GJ MK= :Q L@= ;G-DG;9L=< J=D9Q (LG 9;;=KK L@= AA/ K=JN=J)
,=D9Q-;J==F.*JGPQ.QH==<N9DM=>
-)C%-5 "..*
"..*
,=D9Q-;J==F.*JGPQA<<J=KK=<N9DM=> ,=D9Q-;J==F.*JGPQ*GJL=<N9DM=>
.@= @GKL F9E= GJ #* 9<<J=KK G> L@= J=D9Q HJGPQ .@= HGJL FME:=J G> L@= J=D9Q HJGPQ
,=D9Q-;J==F.*JGPQAML@=FLA;9LAGF=<N9DM=>
9DK=
,=D9Q-;J==F.*JGPQ/K=JF9E==<N9DM=> ,=D9Q-;J==F.*JGPQ*9KKOGJ<=<N9DM=>
.@= MK=J F9E= K=FL 9K H9JL G> L@= J=D9Q HJGPQ 9ML@=FLA;9LAGF @9F<K@9C= .@= H9KKOGJ< K=FL 9K H9JL G> L@= J=D9Q HJGPQ 9ML@=FLA;9LAGF @9F<K@9C=
129
-GE= H9J9E=L=JK 9J= <=H=F<=FL GF GL@=JK. GJ =P9EHD=: T #> RelayScreen.Install AK >9DK= L@=F FGF= G> L@= GL@=J N9DM=K 9J= J=IMAJ=<. T #> RelayScreen.Proxy AK >9DK= L@=F FGF= G> L@= GL@=J HJGPQ N9DM=K 9J= J=IMAJ=<. T #> RelayScreen.ProxyAuthentication AK >9DK= L@=F L@= MK=JF9E= 9F< H9KKOGJ< 9J= FGL J=IMAJ=<.
SmartProtectionNetworkScreen
.@AK K;J==F <=>AF=K O@=L@=J QGM O9FL LG =F9:D= .J=F< 'A;JG -E9JL ==<:9;C 9F< GHLAGF9DDQ QGMJ AF<MKLJQ.
Default Value
9DK=
Property
Possible Values
.JM= 9DK= (GL KH=;A>A=< B9FCAF? CGEEMFA;9LAGFK 9F< E=<A9 E<M;9LAGF EF=J?Q 9KL-EGNAF? ;GFKME=J ?GG<K ( 'C!) AF9F;A9D GG< 9F< :=N=J9?= !GN=JFE=FL "=9DL@;9J=
Notes
.JM= =F9:D=K .J=F< 'A;JG -E9JL ==<:9;C.
-E9JL*JGL=;LAGF(=LOGJC-;J==F.EF9:D= ==<:9;C=<N9DM=>
-E9JL*JGL=;LAGF(=LOGJC-;J==F.#F<MKLJQ.QH==<N9DM=>
#FKMJ9F;= '9FM>9;LMJAF? '9L=JA9DK '=<A9 )AD 9F< ?9K ,=9D =KL9L= ,=L9AD .=;@FGDG?Q .=D=;GEEMFA;9LAGFK .J9FKHGJL9LAGF /LADALA=K )L@=J
:D9FC
130
Installation Output
.@= >GDDGOAF? AK 9 K9EHD= GMLHML >JGE 9 KM;;=KK>MD AFKL9DD, >GDDGO=< :Q 9F =P9EHD= GMLHML >JGE 9 >9AD=< AFKL9DD (AFN9DA< DA;=FK=). .@= 5EJJGJ7 L9? AF L@= LJ9;= AF<A;9L=K 9 >9ADMJ=.
Successful Install
-LGHHAF? .J=F< 'A;JG D==H -=;MJALQ '9F9?=J -=JNA;=... D=L=;LAF? HJ=NAGMK N=JKAGFK G> .J=F< 'A;JG D==H -=;MJALQ '9F9?=J... /H?J9<= 0=JA>A;9LAGF -;J==F K=LLAF?K 9;;=HL=<... D9L9:9K= -;J==F K=LLAF?K 9;;=HL=<... &A;=FK= -;J==F K=LLAF?K 9;;=HL=<... A<<J=KK AF< *GJLK -;J==F K=LLAF?K 9;;=HL=<... CJ=<=FLA9DK -;J==F K=LLAF?K 9;;=HL=<... ADD K=LLAF?K 9;;=HL=<, J=9<Q LG =P=;ML=... /FAFKL9DDAF? HJ=NAGMK N=JKAGF -LGHHAF? -=JNA;=K EPLJ9;LAF? >AD=K... -=LLAF? /H... CGFF=;LAF? LG L@= D9L9:9K=... CJ=9LAF? L@= D9L9:9K= -;@=E9... /H<9LAF? L@= D9L9:9K= D9L9... CJ=9LAF? '9KL=JA<EAF A;;GMFL... ,=;GJ<AF? -=LLAF?K... CJ=9LAF? .=EHGJ9JQ DAJ=;LGJQ... #FKL9DDAF? ,=HGJLK... CJ=9LAF? "=DH -QKL=E... -=LLAF? D=>9MDL *9KKOGJ< *GDA;Q... #EHGJLAF? EP9EHD= -=;MJALQ *JG>AD=K... AHHDQAF? -=;MJALQ /H<9L=... AKKA?FAF? #*- ADL=JK LG EP9EHD= -=;MJALQ *JG>AD=K... CGJJ=;LAF? L@= *GJL >GJ L@= '9F9?=J -=;MJALQ *JG>AD=... CGJJ=;LAF? L@= *GJL &AKL >GJ L@= '9F9?=J... CJ=9LAF? #* &AKL LG #?FGJ=... CJ=9LAF? -;@=<MD=< .9KCK... CJ=9LAF? AKK=L #EHGJL9F;= EFLJA=K... CJ=9LAF? AM<ALGJ ,GD=... AM<ALAF?... )HLAEARAF?... ,=;GJ<AF? #FKL9DD9LAGF... CJ=9LAF? *JGH=JLA=K AD=...
131
CJ=9LAF? -@GJL;ML... CGF>A?MJAF? --&... CGF>A?MJAF? -=JNA;=... CGF>A?MJAF? $9N9 -=;MJALQ... CGF>A?MJAF? $9N9 &G??AF?... CD=9FAF? /H... -L9JLAF? D==H -=;MJALQ '9F9?=J... AFAK@AF? AFKL9DD9LAGF...
Failed Install
.@AK =P9EHD= K@GOK L@= GMLHML ?=F=J9L=< O@=F L@= HJGH=JLA=K >AD= ;GFL9AF=< 9F AFN9DA< DA;=FK= KLJAF?:
-LGHHAF? .J=F< 'A;JG D==H -=;MJALQ '9F9?=J -=JNA;=... D=L=;LAF? HJ=NAGMK N=JKAGFK G> .J=F< 'A;JG D==H -=;MJALQ '9F9?=J... /H?J9<= 0=JA>A;9LAGF -;J==F K=LLAF?K 9;;=HL=<... D9L9:9K= -;J==F K=LLAF?K 9;;=HL=<... D9L9:9K= )HLAGFK -;J==F K=LLAF?K 9;;=HL=<... 5E,,),7 .@= DA;=FK= ;G<= QGM @9N= =FL=J=< AK AFN9DA<. 5E,,),7 &A;=FK= -;J==F K=LLAF?K J=B=;L=<... ,GDDAF? :9;C ;@9F?=K...
132
133
To configure the Deep Security Virtual Appliance's memory allocation: 1. #F QGMJ 0'O9J= N-H@=J= CDA=FL, JA?@L-;DA;C GF L@= D-0A 9F< K=D=;L Power > Shut Down Guest. 2. ,A?@L-;DA;C GF L@= D-0A 9?9AF 9F< K=D=;L Edit Settings... .@= 0AJLM9D '9;@AF= Properties K;J==F <AKHD9QK. 3. )F L@= Hardware L9:, K=D=;L Memory 9F< ;@9F?= L@= E=EGJQ 9DDG;9LAGF LG L@= <=KAJ=< N9DM=. 4. CDA;C OK. 5. ,A?@L-;DA;C L@= D-0A 9?9AF 9F< K=D=;L Power > Power On.
134
Performance Features
Performance Features
Performance Profiles
AK G> D==H -=;MJALQ '9F9?=J 7.5 -*1, 9 F=O KQKL=E >GJ GHLAEARAF? L@= H=J>GJE9F;= G> '9F9?=J-AFALA9L=< 9F< A?=FL/AHHDA9F;=-AFALA9L=< GH=J9LAGFK AK 9N9AD9:D=. *J=NAGMKDQ L@= '9F9?=J HJG;=KK=< 9DD GH=J9LAGFK AF 9 >AP=< 9EGMFL G> ;GF;MJJ=FL BG:K MKAF? 9 >AJKL-AF >AJKL-GML KQKL=E. .@AK @9K :==F J=HD9;=< OAL@ 9F GHLAEAR=< ;GF;MJJ=FL K;@=<MD=J L@9L ;GFKA<=JK L@= AEH9;LK G> =9;@ BG: GF C*/, D9L9:9K= 9F< A?=FL/AHHDA9F;=K. BQ <=>9MDL, F=O AFKL9DD9LAGFK MK= L@= "A??J=KKAN=" H=J>GJE9F;= HJG>AD= O@A;@ AK GHLAEAR=< >GJ 9 <=<A;9L=< '9F9?=J. #> L@= D-' AK AFKL9DD=< GF 9 KQKL=E OAL@ GL@=J J=KGMJ;=-AFL=FKAN= KG>LO9J= AL E9Q := HJ=>=J9:D= LG MK= L@= "-L9F<9J<" H=J>GJE9F;= HJG>AD=. .@= H=J>GJE9F;= HJG>AD= ;9F := ;@9F?=< :Q F9NA?9LAF? LG Administration > System Information 9F< ;DA;CAF? L@= Managers... :MLLGF AF L@= LGGD:9J. JGE L@AK K;J==F K=D=;L L@= <=KAJ=< '9F9?=J FG<= 9F< GH=F L@= *JGH=JLA=K OAF<GO. JGE @=J= L@= *=J>GJE9F;= *JG>AD= ;9F := ;@9F?=< NA9 L@= <JGH-<GOF E=FM. .@= *=J>GJE9F;= *JG>AD= 9DKG ;GFLJGDK L@= 9EGMFL G> A?=FL/AHHDA9F;=-AFALA9L=< ;GFF=;LAGFK L@9L L@= '9F9?=J OADD 9;;=HL. .@= <=>9MDL G> =9;@ G> L@= H=J>GJE9F;= HJG>AD=K =>>=;LAN=DQ :9D9F;=K L@= 9EGMFL G> 9;;=HL=<, <=D9Q=< 9F< J=B=;L=< @=9JL:=9LK.
Performance Features
#> QGM 9J= JMFFAF? EMDLAHD= '9F9?=J FG<=K, L@= FG<= OADD := A<=FLA>A=< AF L@= AD=JL. 1@=F L@= '9F9?=J'K 9N9AD9:D= <AKC KH9;= >9DDK :=DGO 5'B, L@= '9F9?=J OADD K=F< 9F =E9AD E=KK9?= LG 9DD /K=JK 9F< L@= '9F9?=J OADD K@ML <GOF. .@= '9F9?=J OADD FGL J=KL9JL MFLAD L@= 9N9AD9:D= <AKC KH9;= AK ?J=9L=J L@9F 5'B. 3GM EMKL J=KL9JL L@= '9F9?=J E9FM9DDQ. #> QGM 9J= JMFFAF? EMDLAHD= FG<=K, GFDQ L@= FG<= L@9L @9K JMF GML G> <AKC KH9;= OADD K@ML <GOF. .@= GL@=J '9F9?=J FG<=K OADD ;GFLAFM= GH=J9LAF?.
136
Note:
NOTE: -dname is the common name of the certificate your CA will sign. Some CAs require a specific name to sign the Certificate Signing Request (CSR). Please consult your CA Admin to see if you have that particular requirement.
6. .@=J= AK 9 F=O C=QKLGJ= >AD= ;J=9L=< MF<=J L@= MK=J @GE= <AJ=;LGJQ. #> QGM 9J= DG??=< AF 9K "A<EAFAKLJ9LGJ", 3GM OADD K== L@= .keystore >AD= MF<=J C:\Documents and Settings\Administrator 7. 0A=O L@= F=ODQ ?=F=J9L=< ;=JLA>A;9L= MKAF? L@= >GDDGOAF? ;GEE9F<: C:\Program Files\Trend Micro\Deep Security Manager\jre\bin>keytool list -v 8. ,MF L@= >GDDGOAF? ;GEE9F< LG ;J=9L= 9 C-, >GJ QGMJ CA LG KA?F: C:\Program Files\Trend Micro\Deep Security Manager\jre\bin>keytool certreq -keyalg RSA -alias tomcat -file certrequest.csr 9. -=F< L@= certrequest.csr LG QGMJ CA LG KA?F. #F J=LMJF QGM OADD ?=L LOG >AD=K. )F= AK 9 ";=JLA>A;9L= J=HDQ" 9F< L@= K=;GF< AK L@= CA ;=JLA>A;9L= ALK=D>.
137
10. ,MF L@= >GDDGOAF? ;GEE9F< LG AEHGJL L@= CA ;=JL AF $A0A LJMKL=< C=QKLGJ=: C:\Program Files\Trend Micro\Deep Security Manager\jre\bin>keytool import -alias root -trustcacerts -file cacert.crt -keystore "C:\Program Files\Trend Micro\Deep Security Manager\jre\lib\ security\cacerts" 11. ,MF L@= >GDDGOAF? ;GEE9F< LG AEHGJL L@= CA ;=JLA>A;9L= AF QGMJ C=QKLGJ=: C:\Program Files\Trend Micro\Deep Security Manager\jre\bin>keytool import -alias root -trustcacerts -file cacert.crt (K9Q Q=K LG O9JFAF? E=KK9?=) 12. ,MF L@= >GDDGOAF? ;GEE9F< LG AEHGJL L@= ;=JLA>A;9L= J=HDQ LG QGMJ C=QKLGJ=: C:\Program Files\Trend Micro\Deep Security Manager\jre\bin>keytool import -alias tomcat -file certreply.txt 13. ,MF L@= >GDDGOAF? ;GEE9F< LG NA=O L@= ;=JLA>A;9L= ;@9AF AF QGM C=QKLGJ=: C:\Program Files\Trend Micro\Deep Security Manager\jre\bin>keytool list -v 14. CGHQ L@= .C=QKLGJ= >AD= >JGE QGMJ MK=J @GE= <AJ=;LGJQ C:\Documents and Settings\Administrator LG C:\Program Files\ Trend Micro \Deep Security Manager\ 15. )H=F L@= ;GF>A?MJ9LAGF.HJGH=JLA=K >AD= AF >GD<=J C:\Program Files\Trend Micro\Deep Security Manager. #L OADD DGGC KGE=L@AF? DAC=: keystoreFile=C\:\\\\Program Files\\\\Trend Micro\\\\Deep Security Manager\\\\.keystore port=4119 installed=true serviceName= Trend Micro Deep Security Manager 16. ,=HD9;= L@= H9KKOGJ< AF L@= >GDDGOAF? KLJAF?: keystorePass=xxxx
keystorePass=$1$85ef650a5c40bb0f914993ac1ad855f48216fd0664ed2544bbec6de80160b2
138
O@=J= "xxxx" AK L@= H9KKOGJ< QGM KMHHDA=< AF KL=H >AN= 17. -9N= 9F< ;DGK= L@= >AD= 18. ,=KL9JL L@= D==H -=;MJALQ '9F9?=J K=JNA;= 19. CGFF=;L LG L@= D==H -=;MJALQ '9F9?=J OAL@ QGMJ :JGOK=J 9F< QGM OADD FGLA;= L@9L L@= F=O --& ;=JLA>A;9L= AK KA?F=< :Q QGMJ CA.
139
Note:
During synchronization with a vCenter, if the Deep Security Manager receives information about a new folder that is not the child of an existing folder, it will need to trace its parent folders up to the datacenter to determine which datacenter the folder belongs to. Applying these privileges only at the cluster level could result in synchronization errors.
.@= L9:D=K 9J= <ANA<=< AFLG L@= >GDDGOAF? >GMJ KL9?=K: 1. Preparing the ESXi host. A C=JF=D <JAN=J AK DG9<=< GF L@= E-2A @GKL, 9F< 9 K=H9J9L= N-OAL;@ AK ;GF>A?MJ=< LG >9;ADAL9L= AFL=JF9D ;GFF=;LANALQ >GJ L@= D-0A. 2. Deploying the Virtual Appliance. .@= NAJLM9D 9HHDA9F;= ALK=D> AK <=HDGQ=< >JGE 9F )0 >AD=. 3. Using the Deep Security Manager to activate the Virtual Machine. .@= ;GEHML=J :=AF? HJGL=;L=< :Q L@= 0AJLM9D AHHDA9F;= AK J=?AKL=J=< OAL@ L@= D==H -=;MJALQ '9F9?=J 9F< K=;MJ= ;GEEMFA;9LAGFK 9J= =KL9:DAK@=<. 4. Ongoing operations. D9Q LG <9Q D==H -=;MJALQ GH=J9LAGFK. .@= L9:D=K DAKL L@= J=IMAJ=< HJANAD=?= 9F< L@= >MF;LAGF >GJ O@A;@ L@= HJANAD=?= AK J=IMAJ=<. .G K=L L@= HJANAD=?=, MK= L@= N-H@=J= CDA=FL LG =<AL L@= HJGH=JLA=K G> L@= JGD= MK=< :Q L@= D==H -=;MJALQ '9F9?=J LG 9;;=KK L@= NC=FL=J. .@= J=IMAJ=< HJANAD=?=K ;9F := >GMF< AF L@= *JANAD=?=K LJ== G> L@= 0'O9J= ,GD= E<ALGJ. GJ =P9EHD=, L@= >GDDGOAF? K;J==F K@GL K@GOK L@= DG;9LAGF G> L@= Host > Configuration > Change Settings HJANAD=?=:
140
Function
+M=JQ 'G<MD=K GF E-2A EFL=J 9F< EPAL '9AFL=F9F;= 'G<= A<< F=O NAJLM9D KOAL;@, HGJL ?JGMH, NAJLM9D (#C =L;. -=LMH F=LOGJCAF? >GJ <N>ADL=J ;GEEMFA;9LAGF GF E-2A #FKL9DD ADL=J DJAN=J DAK;GFF=;L/J=;GFF=;L 9 @GKL ,=;GF>A?MJ9LAGF GML?GAF? 1 ;GFF=;LAGFK LG 9DDGO J=LJA=N9D G> ADL=J DJAN=J H9;C9?= >JGE D-' ,=IMAJ=< LG ;9F;=D 9 L9KC A> J=IMAJ=<
141
Function
D=HDGQ D-0A >JGE )0 >AD= /H?J9<= L@= D-0A ADDG;9L= KH9;= >GJ D-0A GF <9L9KLGJ=. -=L D-0A LG 9MLGKL9JL GF E-2A AKKA?F D-0A LG F=LOGJCK A<< <AKCK LG D-0A *GO=J GF D-0A *GO=J G>> D-0A
Function
D=HDGQ D-0A LG D,--=F9:D=< ;DMKL=J.
Function
,=;GF>A?MJ= NAJLM9D E9;@AF= >GJ <N>ADL=J
Ongoing Operations
Privilege
"GKL > CGF>A?MJ9LAGF > C@9F?= -=LLAF?K 0AJLM9D '9;@AF= > CGF>A?MJ9LAGF > A<N9F;=<
Function
+M=JQ 'G<MD=K GF E-2A ,=;GF>A?MJ= NAJLM9D E9;@AF= >GJ <N>ADL=J
142
Note:
The Deep Security Manager will attempt to bring the ESXi into and out of maintenance mode automatically. Any running virtual machines will need to be manually shutdown. At the end of the uninstallation process, the ESXi will be automatically rebooted and brought out of maintenance mode.
)J 4. C@GGK= "No" LG E9FM9DDQ HML L@= E-2A AFLG /GML G> E9AFL=F9F;= EG<=.
Note:
The Deep Security Manager wizard will start the uninstallation of the Filter Driver automatically once the ESXi has been put into maintenance mode. At the end of the uninstallation process, the ESXi will be automatically re-booted but remain in maintenance mode.
143
Note:
Remember to remove the Relay from Deep Security Manager's list of managed Computers, and to remove it from the Relay Group (see Basic Deep Security Configuration).
144
145
Note:
During a silent command line uninstallation, the uninstaller always saves the configuration files so that future installations can offer the repair / upgrade option.
146
Note:
During a command line uninstallation, the uninstaller always saves the configuration files so that future installations can offer the repair / upgrade option.
#> QGM K=D=;L=< "FG" LG C==HAF? L@= ;GF>A?MJ9LAGF >AD=K <MJAF? L@= MFAFKL9DD9LAGF 9F< O9FL LG J=AFKL9DD L@= D-', QGM K@GMD< H=J>GJE 9 E9FM9D ;D=9F-MH :=>GJ= J=AFKL9DDAF?. .G J=EGN= L@= D-' AFKL9DD9LAGF <AJ=;LGJQ =FL=J L@= ;GEE9F<: rm -rf <installation location> (.@= <=>9MDL AFKL9DD9LAGF DG;9LAGF AK "/opt/dsm").
147
Where can I download the installer packages for Deep Security 9.0 SP1 p2?
.@= .J=F< 'A;JG DGOFDG9< C=FL=J: @LLH://<GOFDG9<;=FL=J.LJ=F<EA;JG.;GE. )F L@= DGOFDG9< C=FL=J H9?=, ;DA;C GF L@= F9E= G> L@= D==H -=;MJALQ KG>LO9J= QGM 9J= AFL=J=KL=< AF 9F< L@=F ;DA;C L@= " +More Details" DAFC LG K== L@= <G;ME=FL9LAGF 9N9AD9:D=.
What is the default username and password to log into the Deep Security Manager console?
3GM 9J= HJGEHL=< >GJ 9 MK=JF9E= 9F< H9KKOGJ< <MJAF? AFKL9DD9LAGF. .@= <=>9MDL MK=JF9E= LG DG? AF LG L@= '9F9?=J CGFKGD= AK "'9KL=JA<EAF" (FG IMGL=K). .@=J= AK FG <=>9MDL H9KKOGJ<. BGL@ L@AK 9F< L@= H9KKOGJ< 9J= K=L <MJAF? L@= AFKL9DD9LAGF. .@= MK=JF9E= #- (). ;9K=-K=FKALAN=. "GO=N=J, L@= H9KKOGJ< #- ;9K=-K=FKALAN=.
Can I reset the Manager console login password?
3=K. 3GM ;9F J=K=L GJ ;@9F?= L@= '9F9?=J ;GFKGD= DG?AF H9KKOGJ<. !G LG Administration > User Management >Users, JA?@L-;DA;C GF L@= /K=J 9F< K=D=;L Set Password....
How can I unlock a locked out User?
#F L@= '9F9?=J, ?G LG Administration > User Management >Users, JA?@L-;DA;C GF L@= /K=J 9F< K=D=;L Unlock User(s). .G MFDG;C 9 /K=J >JGE L@= '9F9?=J @GKL ;GEE9F< DAF=, =FL=J L@= >GDDGOAF? >JGE L@= D==H -=;MJALQ '9F9?=J'K AFKL9DD <AJ=;LGJQ: dsm_c -action unlockout -username USERNAME [-newpassword NEWPASSWORD] O@=J= USERNAME AK L@= /K=J'K MK=JF9E=. )HLAGF9DDQ, MK= "-F=OH9KKOGJ<" LG K=L 9 F=O H9KKOGJ< >GJ L@= /K=J.
148
Can I use my domain account credentials when logging on to the Manager console?
3=K. !G LG Administration > User Management >Users 9F< K=D=;L Synchronize with Directory.
How can I mass-deploy the Agents to the computers being protected?
)J?9FAR9LAGFK LQHA;9DDQ MK= =PAKLAF? =FL=JHJAK= KG>LO9J= <AKLJA:MLAGF KQKL=EK KM;@ 9K 'A;JGKG>L -QKL=E C=FL=J GJ (GN=DD 4E(OGJCK LG AFKL9DD A?=FLK.
Can I still use my existing license or activation code when upgrading to version 9.0 SP1 p2?
(G. 3GM ;9F <=-9;LAN9L= 9F A?=FL/AHHDA9F;= >JGE L@= D-', :ML QGM EMKL MFAFKL9DD DG;9DDQ.
What is the end of life or support policy for Deep Security?
T *JG<M;L KMHHGJL AK HJGNA<=< 2 Q=9JK 9>L=J 9 J=D=9K=, GJ T *JG<M;L KMHHGJL AK HJGNA<=< >GJ 18 EGFL@K 9>L=J 9 KM:K=IM=FL J=D=9K=, O@A;@=N=J LAE= H=JAG< AK DGF?=J
How do I deactivate the DS Agent from the command line?
-== L@= A<EAFAKLJ9LGJ'K !MA<= GJ GFDAF= @=DH K=;LAGF Manually Deactivate/Stop/Start the Agent/Appliance. #L AK HD9L>GJE <=H=F<=FL.
How can I manually update the DS Agent that has no connection with the DS Manager?
/H<9LAF? L@= A?=FL AK FGL HGKKA:D= OAL@GML ;GFF=;LAGF LG L@= '9F9?=J, KAF;= L@= '9F9?=J EMKL K=F< L@= K=;MJALQ ;GF>A?MJ9LAGF <=L9ADK LG L@= A?=FL.
149
Troubleshooting
Troubleshooting
Note:
Please consult the Deep Security Manager, Deep Security Agent and Deep Security Virtual Appliance "readme" files for any issues not addressed in the Troubleshooting or FAQs sections.
EPH=JA=F;AF? HJG:D=EK AFKL9DDAF? LOG D==H -=;MJALQ '9F9?=JK GF L@= K9E= E9;@AF=.
Solution
)FDQ GF= AFKL9F;= G> L@= D==H -=;MJALQ '9F9?=J ;9F := AFKL9DD=< GF 9FQ ?AN=F E9;@AF=.
Problem
DMJAF? AFKL9DD9LAGF GJ MH?J9<= G> L@= D==H -=;MJALQ '9F9?=J L@= K=JNA;= E9Q >9AD LG AFKL9DD HJGH=JDQ A> L@= -=JNA;=K K;J==F AK GH=F GF KGE= HD9L>GJEK. CDGK= L@= K=JNA;=K K;J==F HJAGJ LG AFKL9DD9LAGF GJ MH?J9<= G> D==H -=;MJALQ '9F9?=J. #> L@= HJG:D=E H=JKAKLK, J=:GGL L@= ;GEHML=J.
Communications
Problem
.@= A?=FL HJGL=;LAF? L@= D==H -=;MJALQ '9F9?=J AK ?=F=J9LAF? ",=F=O9D" =JJGJK, 9F</GJ QGM ;9FFGL ;GFF=;L J=EGL=DQ LG L@= D==H -=;MJALQ '9F9?=J.
150
Troubleshooting
Solution
A>L=J 9HHDQAF? L@= "D==H -=;MJALQ '9F9?=J" -=;MJALQ *JG>AD=, QGM E9Q FGLA;= L@9L L@= D==H -=;MJALQ A?=FL OADD J=LMJF FME=JGMK ",=F=O9D EJJGJ" #*- EN=FLK. .@AK AK :=;9MK= L@= A?=FL ;9FFGL AFKH=;L L@= --& .J9>>A; L@9L =PAKL=< :=>GJ= L@= "D==H -=;MJALQ '9F9?=J" -=;MJALQ *JG>AD= 9F< ALK --& "GKL CGF>A?MJ9LAGF O9K 9HHDA=<. #L AK J=;GEE=F<=< L@9L 9DD :JGOK=J K=KKAGFK LG L@= D==H -=;MJALQ '9F9?=J := J=KL9JL=< 9>L=J 9HHDQAF? L@= "D==H -=;MJALQ '9F9?=J" -=;MJALQ *JG>AD=.
Problem
"CGEEMFA;9LAGFK *JG:D=E D=L=;L=<" AD=JL GF 9 ;GEHML=J E9F9?=< :Q L@= D==H -=;MJALQ '9F9?=J. GJ )>>DAF= BMF<D=.RAH =JJGJ O@=F HJ=H9JAF? L@= E-2A. GJ )>>DAF= BMF<D=.RAH =JJGJ O@=F <=HDGQAF? L@= D==H -=;MJALQ 0AJLM9D AHHDA9F;=. GJ *JGLG;GD EJJGJ O@=F 9;LAN9LAF? L@= D==H -=;MJALQ AHHDA9F;=.
Solution
#> QGM =F;GMFL=J 9FQ G> L@= 9:GN= KALM9LAGFK AL E9Q := L@9L 9 ;GEHML=J :=AF? E9F9?=< :Q L@= D==H -=;MJALQ '9F9?=J AK MF9:D= LG J=KGDN= L@= @GKLF9E= G> L@= ;GEHML=J @GKLAF? L@= D==H -=;MJALQ '9F9?=J. To ensure the Deep Security Manager is able to resolve the hostname of the computer hosting the Deep Security Manager: 1. &G? AF LG L@= D==H -=;MJALQ '9F9?=J L@9L AK E9F9?AF? L@= A?=FL 2. !G LG Administration > System Information 9F< AF L@= System Details, NA=O L@= '9F9?=J (G<= =FLJQ 9F< FGL= L@= @GKLF9E= 3. &G? AF LG L@= ;GEHML=J L@9L AK @9NAF? ;GEEMFA;9LAGF HJG:D=EK 4. *=J>GJE 9F FKDGGCMH MKAF? L@= F9E= >JGE KL=H 2 5. #> L@= FKDGGCMH >9ADK QGM EMKL EG<A>Q L@= @GKLK >AD= GF L@= ;GEHML=J LG MK= L@= D-' @GKLF9E= OAL@ L@= ;GJJ=;L #* 9<<J=KK GJ MH<9L= L@= D(- =FLJQ >GJ L@= D==H -=;MJALQ '9F9?=J E9;@AF= GF L@= KH=;A>A=< D(- K=JN=J
151
Troubleshooting
Configuration
Note:
To change the hosts file on the Virtual Appliance you must log in via vCenter. Once in the console press ALT+F2 to get to the console login screen. Then type: sudo vi /etc/hosts
Problem
-L9L=>MD CGF>A?MJ9LAGF EMKL := GF, OAL@ .C* 9F< /D* DG??AF? =F9:D=<.
Problem
'9FQ #*- JMD=K 9J= :=AF? LJA??=J=< GF L@= A?=FL HJGL=;LAF? L@= <9L9:9K= MK=< :Q D==H -=;MJALQ '9F9?=J.
Solution
1@=F MKAF? D==H -=;MJALQ '9F9?=J OAL@ 9 <9L9:9K= GF 9 J=EGL= ;GEHML=J L@9L AK JMFFAF? 9 D==H -=;MJALQ A?=FL (D-A) L@=J= AK 9 HGKKA:ADALQ G> #*- >9DK= HGKALAN=K. .@= >9DK= HGKALAN=K 9J= ;9MK=< :Q L@= ;GFL=FLK G> L@= #*- ,MD=K (O@=F K9NAF? LG L@= <9L9:9K=) LJA??=JAF? L@= #*- ,MD=K JMFFAF? GF L@= D-A. .@= OGJC9JGMF< AK LG =AL@=J ;J=9L= 9 :QH9KK AJ=O9DD ,MD= LG 9HHDQ LG L@= <9L9:9K= K=JN=J OAL@ L@= KGMJ;= #* :=AF? L@= KL9LA; #* G> D==H -=;MJALQ '9F9?=J GJ LG =F9:D= =F;JQHLAGF GF L@= <9L9:9K= ;@9FF=D. -+& -=JN=J ;9F := =F;JQHL=< :Q 9<<AF?: database.SqlServer.ssl=require LG \webclient\webapps\ROOT\WEB-INF\dsm.properties 9F< J=KL9JL L@= D==H -=;MJALQ '9F9?=J K=JNA;=.
Problem
*GJL K;9FK K@GO HGJLK 25 9F< 110 9J= GH=F J=?9J<D=KK G> O@A;@ AJ=O9DD ,MD=K # AEHD=E=FL LG ;DGK= L@=E.
Solution
.@= HJ=K=F;= G> (GJLGF AFLANAJMK E9Q AFL=J>=J= OAL@ K;9F J=KMDLK. (GJLGF A0 >ADL=JK HGJLK 25 9F< 110 LG ;@=;C AF;GEAF? 9F< GML?GAF? =E9AD >GJ NAJMK=K. .@AK ;9F ;9MK= =JJGF=GMK K;9F J=KMDLK A> L@= '9F9?=J AK AFKL9DD=< GF 9 E9;@AF= OAL@ =E9AD K;9FFAF? =F9:D=< KAF;= HGJLK 25 9F< 110 OADD 9DO9QK 9HH=9J LG := GH=F J=?9J<D=KK G> 9FQ >ADL=JK HD9;=< GF L@= @GKL.
152
Troubleshooting
Problem
*GJL K;9FK K@GO HGJLK 21, 389, 1002, 9F< 1720 9J= GH=F J=?9J<D=KK G> O@A;@ AJ=O9DD ,MD=K # AEHD=E=FL LG ;DGK= L@=E.
Solution
#> 1AF<GOK AJ=O9DD AK =F9:D=< GF L@= D==H -=;MJALQ '9F9?=J AL E9Q AFL=J>=J= OAL@ HGJL K;9FK ;9MKAF? >9DK= HGJL K;9F J=KMDLK. 1AF<GOK AJ=O9DD E9Q HJGPQ HGJLK 21, 389, 1002, 9F< 1720 J=KMDLAF? AF L@=K= HGJLK 9DO9QK 9HH=9JAF? GH=F J=?9J<D=KK G> 9FQ >ADL=JK HD9;=< GF L@= @GKL.
#F GJ<=J >GJ L@= ADL=J DJAN=J LG := KM;;=KK>MDDQ AFKL9DD=<, L@= E-2A AL AK :=AF? <=HDGQ=< LG EMKL := J=:GGL=<. .@= D==H -=;MJALQ '9F9?=J G>>=JK L@= GHLAGF LG 9MLGE9LA;9DDQ J=:GGL L@= K=JN=J. #> L@AK K=D=;LAGF AK ;@GK=F 9DD NAJLM9D E9;@AF=K GF L@= E-2A @GKL EMKL := H9MK=</KLGHH=< GJ N'GLAGF=< G>> G> L@= :GP. #> L@AK AK FGL <GF= L@= E-2A ;9FFGL := HML AF LG E9AFL=F9F;= EG<= 9F< ;9FFGL := J=:GGL=<. .@= D==H -=;MJALQ '9F9?=J OADD J=HGJL 9 LAE=GML AKKM= A> L@= E-2A ;9FFGL := HML AF LG E9AFL=F9F;= EG<=.
Problem
BQ <=>9MDL L@= D==H -=;MJALQ 0AJLM9D AHHDA9F;= MK=K D"C* LG 9;IMAJ= 9F #* 9<<J=KK O@=F AL AK <=HDGQ=<. #> QGM 9J= <=HDGQAF? AF 9F =FNAJGFE=FL L@9L <G=K FGL @9N= 9 D"C* K=JN=J L@=F QGM EMKL 9KKA?F 9 KL9LA; #* 9<<J=KK LG L@= AHHDA9F;=. To assign a static IP address to the Virtual Appliance: 1. &G? AF LG L@= 0AJLM9D C=FL=J @GKLAF? L@= D==H -=;MJALQ 0AJLM9D AHHDA9F;= MKAF? N-H@=J= CDA=FL 2. -=D=;L L@= AHHDA9F;= 9F< ;DA;C L@= ;GFKGD= L9:
153
Troubleshooting
3. &G? AF LG L@= AHHDA9F;= :Q HJ=KKAF? 2 9F< MKAF? L@= <=>9MDL MK=JF9E= 9F< H9KKOGJ< (<KN9:<KN9) 4. -=D=;L CGF>A?MJ= '9F9?=E=FL (=LOGJC >JGE L@= E=FM 9F< HJ=KK EFL=J 5. C@9F?= L@= "GKLF9E=, #* A<<J=KK, (=LE9KC, !9L=O9Q 9F< D(- =FLJA=K LG E9L;@ L@9L G> QGMJ F=LOGJC 6. *J=KK EFL=J LG K9N= L@= ;@9F?=K 7. ,=:GGL L@= AHHDA9F;= :Q K=D=;LAF? ,=:GGL -QKL=E >JGE L@= E9AF E=FM CGF>A?MJ9LAGF
Problem
0AJLM9D E9;@AF=K EMKL := AF L@= JMFFAF? KL9L= >GJ K;9FK LG ;GEHD=L= KM;;=KK>MDDQ. .@AK L=JEAF9LAGF E9Q := <M= LG L@= 0AJLM9D '9;@AF= :=AF? K@ML<GOF GJ KMKH=F<=< <MJAF? L@= K;9F. C@=;C GF L@= KL9LMK G> L@= 0AJLM9D '9;@AF=, 9F< LJQ 9?9AF. .@AK @9HH=FK O@=F L@= ?M=KL 0' O9K J=:GGL=<, GJ =FL=JK AFLG 9 KD==H GJ KL9F<:Q EG<=.
.@= >GDDGOAF? =JJGJ AK K==F <MJAF? 9 -GD9JAK A?=FL AFKL9DD9LAGF: ## Executing postinstall script. devfsadm: driver failed to attach: dsa_filter Warning: Driver (dsa_filter) successfully added to system but failed to attach Starting Trend Micro Deep Security Drivers can't load module: Invalid argument
Solution
-GE= -GD9JAK H9L;@=K ;@9F?= L@= N=JKAGF G> F=LAF>G JMFFAF? GF 9 KQKL=E. #L AK L@= N=JKAGF G> F=LAF>G L@9L <=L=JEAF=K O@A;@ A?=FL AFKL9DD H9;C9?= AK J=IMAJ=< >GJ 9 H9JLA;MD9J KQKL=E. To identify the netinfo version on a system, run the following command: modinfo | grep neti
154
Troubleshooting
Install Package
M5KH9J; M7KH9J; M5P86 M7P86
GJ EGJ= <=L9AD QGM ;9F NA=O /var/adm/messages .@= >GDDGOAF? =FLJA=K AF<A;9L= L@9L QGM 9J= 9LL=EHLAF? LG AFKL9DD 9 /7 A?=FL GF 9 E9;@AF= L@9L J=IMAJ=K L@= /5 A?=FL: Feb 19 11:14:58 Sparc-v210-2 unix: [ID 819705 kern.notice] /usr/kernel/ drv/sparcv9/dsa_filter: undefined symbol Feb 19 11:14:58 Sparc-v210-2 unix: [ID 826211 kern.notice] 'net_protocol_release' Feb 19 11:14:58 Sparc-v210-2 unix: [ID 819705 kern.notice] /usr/kernel/ drv/sparcv9/dsa_filter: undefined symbol Feb 19 11:14:58 Sparc-v210-2 unix: [ID 826211 kern.notice] 'hook_alloc' Feb 19 11:14:58 Sparc-v210-2 unix: [ID 819705 kern.notice] /usr/kernel/ drv/sparcv9/dsa_filter: undefined symbol Feb 19 11:14:58 Sparc-v210-2 unix: [ID 826211 kern.notice] 'net_hook_register' Feb 19 11:14:58 Sparc-v210-2 unix: [ID 819705 kern.notice] /usr/kernel/ drv/sparcv9/dsa_filter: undefined symbol Feb 19 11:14:58 Sparc-v210-2 unix: [ID 826211 kern.notice] 'hook_free' Feb 19 11:14:58 Sparc-v210-2 unix: [ID 819705 kern.notice] /usr/kernel/ drv/sparcv9/dsa_filter: undefined symbol Feb 19 11:14:58 Sparc-v210-2 unix: [ID 826211 kern.notice] 'net_protocol_lookup' Feb 19 11:14:58 Sparc-v210-2 unix: [ID 819705 kern.notice] /usr/kernel/ drv/sparcv9/dsa_filter: undefined symbol Feb 19 11:14:58 Sparc-v210-2 unix: [ID 826211 kern.notice] 'net_hook_unregister' Feb 19 11:14:58 Sparc-v210-2 unix: [ID 472681 kern.notice] WARNING: mod_load: cannot load module 'dsa_filter' .@= >GDDGOAF? =FLJA=K AF<A;9L= L@9L QGM 9J= 9LL=EHLAF? LG AFKL9DD 9 /5 A?=FL GF 9 E9;@AF= L@9L J=IMAJ=K L@= /7 A?=FL:
155
Troubleshooting
Feb 19 11:19:36 Sparc-v210-1 unix: [ID 819705 kern.notice] /usr/kernel/ drv/sparcv9/dsa_filter: undefined symbol Feb 19 11:19:36 Sparc-v210-1 unix: [ID 826211 kern.notice] 'net_unregister_hook' Feb 19 11:19:36 Sparc-v210-1 unix: [ID 819705 kern.notice] /usr/kernel/ drv/sparcv9/dsa_filter: undefined symbol Feb 19 11:19:36 Sparc-v210-1 unix: [ID 826211 kern.notice] 'net_register_hook' Feb 19 11:19:36 Sparc-v210-1 unix: [ID 819705 kern.notice] /usr/kernel/ drv/sparcv9/dsa_filter: undefined symbol Feb 19 11:19:36 Sparc-v210-1 unix: [ID 826211 kern.notice] 'net_lookup' Feb 19 11:19:36 Sparc-v210-1 unix: [ID 819705 kern.notice] /usr/kernel/ drv/sparcv9/dsa_filter: undefined symbol Feb 19 11:19:36 Sparc-v210-1 unix: [ID 826211 kern.notice] 'net_release' Feb 19 11:19:36 Sparc-v210-1 unix: [ID 472681 kern.notice] WARNING: mod_load: cannot load module 'dsa_filter'
Problem
.@=J= 9J= K=N=J9D ;GF<ALAGFK L@9L ;9F HJ=N=FL L@= <K89?=FL K=JNA;= >JGE :=AF? 9:D= LG KL9JL. ,=9KGFK AF;DM<=: #FN9DA< ;J=<=FLA9DK (FGL N9DA< Q=L, ;GJJMHL, =PHAJ=<, :9< <A?AL9D KA?F9LMJ=), MF9:D= LG J=9< L@= HJAN9L= C=Q (;GJJMHL, @9J<O9J= ;@9F?=< J9<A;9DDQ), DAKL=F HGJL 9DJ=9<Q AF MK=. #F ;9K=K O@=J= L@= D-A AK MF9:D= LG KL9JL, AL AK FGL 9:D= LG J=HGJL LG L@= D-', KG AL OJAL=K LG L@= 1AF<GOK EN=FL &G?. 3GM K@GMD< ;@=;C L@= 1AF<GOK EN=FL DG? LG <A9?FGK= L@= HJG:D=E.
Activation
Problem
D==H -=;MJALQ A?=FL AK AFKL9DD=<, :ML L@= A?=FL /# <AKHD9QK :D9FC >A=D<K.
Solution
#> L@= "'9F9?=J /,&", "'9F9?=J ;=JLA>A;9L= F9E=", 9F< "'9F9?=J ;=JLA>A;9L= >AF?=JHJAFL" >A=D<K 9J= :D9FC, L@= A?=FL @9K FGL :==F 9;LAN9L=<. .@=K= >A=D<K 9J= :D9FC MFLAD L@= A?=FL @9K :==F 9;LAN9L=< :Q D==H -=;MJALQ
156
Troubleshooting
'9F9?=J. AF< L@= CGEHML=J AF L@= D-''K CGEHML=JK DAKL, JA?@L-;DA;C GF AL 9F< K=D=;L A;LAGFK > A;LAN9L=/ ,=9;LAN9L=.
Problem
!=LLAF? L@= >GDDGOAF? =JJGJ E=KK9?= AF 9F "A?=FL A;LAN9L= 9AD=<" KQKL=E =N=FL: "A ;DA=FL =JJGJ G;;MJJ=< AF L@= D-' LG D-A HJGLG;GD: "..* ;DA=FL =JJGJ J=;=AN=<: ;=JLA>A;9L= AK FGL Q=L N9DA<".
Solution
.@= ;DG;C GF 9 D==H -=;MJALQ A?=FL E9;@AF= EMKL := KQF;@JGFAR=< OAL@ L@= D==H -=;MJALQ '9F9?=J LG OAL@AF 24 @GMJK. #> L@= D-A ;DG;C AK :=@AF< L@= D-' ;DG;C L@=F 9F A?=FL A;LAN9L= GH=J9LAGF OADD >9AD :=;9MK= L@= ;=JLA>A;9L= ?=F=J9L=< >GJ L@= A?=FL :Q L@= D==H -=;MJALQ '9F9?=J OADD FGL Q=L := N9DA<.
Configuration
Problem
3GM K== 9 DSA_IOCTL_SET_FILTER_CONFIG =JJGJ GF 9 ;GEHML=J OAL@ L@= <=K;JAHLAGF: Engine command code DSA_IOCTL_SET_FILTER_CONFIG failed with error: 0x0005aa (insufficient system resources exist to complete the requested service.).
Solution
.@= /3!B >D9? J=<M;=K L@= 9EGMFL G> E=EGJQ 9N9AD9:D= LG L@= C=JF=D, O@A;@ AF LMJF J=<M;=K L@= 9EGMFL G> FGFH9?=9:D= E=EGJQ AF L@= C=JF=D. .@= =P9;L 9EGMFL ;9F := AF>DM=F;=< :Q E9FQ >9;LGJK KM;@ 9K .C* ;@AEF=Q G>>DG9<AF?, MK= G> D9J?= 9EGMFLK E=EGJQ GN=J L@= 4!B 9<<J=KKAF? KH9;=, =PL=JF9D <=NA;= <JAN=JK KM;@ 9K 9M<AG, NA<=G, =L;.
Too many rules are applied on the computer for the amount of kernel memory available to the driver.
#F L@=K= KALM9LAGFK AL OADD := F=;=KK9JQ LG J=<M;= L@= FME:=J G> AJ=O9DD 9F< #*- JMD=K 9HHDA=< LG QGMJ CGEHML=J AF GJ<=J LG J=<M;= L@= E=EGJQ >GGLHJAFL, 9K O=DD 9K AEHJGN= H=J>GJE9F;=. .@= ,=;GEE=F<9LAGF -;9F >=9LMJ= G> D==H -=;MJALQ ;9F @=DH OAL@ L@AK. BQ -;9FFAF? QGMJ ;GEHML=JK >GJ ,=;GEE=F<9LAGFK QGM ;9F
157
Troubleshooting
MK= L@= "-@GO ,=;GEE=F<=< >GJ /F9KKA?FE=FL" NA=O G> L@= "#*- ,MD=K" H9?= >GJ ;GEHML=J 9F< MF9KKA?F #*,MD=K L@9L <G FGL F==< LG := 9HHDA=< LG E9AFL9AF 9HHJGHJA9L= K=;MJALQ. #> QGM E9F9?= QGMJ ;GEHML=JK NA9 -=;MJALQ *JG>AD=K QGM ;9F MK= L@= K9E= "-@GO ,=;GEE=F<=< >GJ /F9KKA?FE=FL" #*- ,MD=K NA=O :ML FGL= L@9L AL OADD GFDQ K@GO #*- ,MD=K L@9L 9J= FGL J=;GEE=F<=< GF 9FQ G> L@= CGEHML=JK LG O@A;@ L@= -=;MJALQ *JG>AD= AK 9KKA?F=<, 9F< E9Q KLADD D=9N= QGM OAL@ 9 K=L G> #*- ,MD=K L@9L @9K 9 >GGLHJAFL L@9L AK LGG D9J?= >GJ KGE= CGEHML=JK. #> L@= -=;MJALQ *JG>AD= ALK=D> KLADD @9K LGG E9FQ #*- ,MD=K 9KKA?F=< AL E9Q := F=;=KK9JQ LG E9C= 9<<ALAGF9D -=;MJALQ *JG>AD=K 9F< <ANA<= L@= CGEHML=JK 9EGF?KL L@=E KM;@ L@9L L@= -=;MJALQ *JG>AD=K 9J= :=LL=J J=HJ=K=FL9LAGFK G> O@9L #*- ,MD=K 9J= 9;LM9DDQ J=;GEE=F<=< LG := 9HHDA=< LG L@= N9JAGMK CGEHML=JK. .@AK K@GMD< 9DDGO QGM LG J=<M;= L@= FME:=J G> #*- ,MD=K 9KKA?F=< LG 9DD QGMJ CGEHML=JK.
Diagnostics Collection
Problem
#F D==H -=;MJALQ '9F9?=J, ?G LG Administration > System Information 9F< ;DA;C Create Diagnostics Package... AF L@= LGGD:9J. .@AK <AKHD9QK L@= Diagnostic Package 1AR9J< O@A;@ OADD ;J=9L= 9 RAH >AD= ;GFL9AFAF? #FKL9DD//FAFKL9DD 9F< D=:M? &G?K, -QKL=E #F>GJE9LAGF, D9L9:9K= CGFL=FLK (D9KL @GMJ GFDQ >GJ LAE=-K=FKALAN= AL=EK), 9F< 9 AD= &AKLAF?. .@AK AF>GJE9LAGF ;9F := ?AN=F LG QGMJ KMHHGJL HJGNA<=J LG @=DH LJGM:D=K@GGL 9FQ HJG:D=EK.
Problem
3GMJ KMHHGJL HJGNA<=J @9K 9KC=< QGM LG AF;J=9K= L@= KAR= G> L@= <A9?FGKLA;K H9;C9?=.
Solution
.@= <=>9MDL E9PAEME KAR= G> 9 <A9?FGKLA; H9;C9?= AK 9HHJGPAE9L=DQ 200'B. A ;GEE9F< DAF= AFKLJM;LAGF AK 9N9AD9:D= LG AF;J=9K= L@= KAR= G> L@= <A9?FGKLA; H9;C9?=: <KE8; -9;LAGF ;@9F?=K=LLAF? -F9E= ;GF>A?MJ9LAGF.<A9?FGKLA;'9PAEME AD=-AR= -N9DM= #### .@= >GDDGOAF? =P9EHD= AF;J=9K=K L@= KAR= G> L@= H9;C9?= LG 1!B (1000'B): <KE8; -9;LAGF ;@9F?=K=LLAF? -F9E= ;GF>A?MJ9LAGF.<A9?FGKLA;'9PAEME AD=-AR= N9DM= 1000 DG FGL ;@9F?= L@= KAR= G> L@= <A9?FGKLA; H9;C9?= MFD=KK AFKLJM;L=< LG <G KG :Q QGMJ KMHHGJL HJGNA<=J.
Problem
158
Troubleshooting
Solution
1@=F =PHGJLAF? >AD=K (C0-, 2'&, KG>LO9J=, GJ MH<9L=K) GJ ;J=9LAF? 9 <A9?FGKLA; H9;C9?=, #FL=JF=L EPHDGJ=J'K "#F>GJE9LAGF B9J" E9Q AF>GJE QGM L@9L >AD= <GOFDG9<K 9J= :=AF? :DG;C=< 9F< D==H -=;MJALQ '9F9?=J OADD AFKLJM;L QGM LG ";@=;C L@= K=JN=J0.DG?". .G H=JEAL >AD= <GOFDG9<K, ;DA;C GF "'GJ= AF>GJE9LAGF" AF L@= #F>GJE9LAGF B9J 9F< >GDDGO L@= AFKLJM;LAGFK LG 9DDGO >AD= 9F< KG>LO9J= <GOFDG9<K.
159