Trend Micro Deep Security Installation

I’ve spent the last couple of weeks installing and reinstalling Trend Micro Deep Security 7.5 SP3 after we rebuilt our ESX clusters. I found the Trend Micro Deep Security 7.5 SP3 Quick Start guide a rather poor guide to installing Trend. It was not very helpful, thankfully I had some pre-sales assistance.

My first impressions are that it is pretty cool, but a bit of pain in the arse to get configured as it requires so much work to do be done on each host. If you have a large cluster it can get tiresome repeating the installation on multiple hosts. I think the weakness in vSphere 4.1 is vShield Endpoint. It seems rather flaky. I have had to rebuild a number of hosts because vShield Endpoint wouldn’t install correctly.

Also I am continuously getting EPSec VM, EPSec SVM or EPSec host errors and I don’t know why.  No errors in the Trend Manager and they seem to come and go like the wind with little indication of what caused the alert.

Anyway, here are a couple of points worth noting:

  • The only vShield component you need installed on your ESX hosts for Trend DS is vShield Endpoint. You don’t need to push out any other components via vShield Manager – i.e. vShield Zones or vShield Edge Port Group Isolation.
  • When you activate the DSVA appliance, it is registering itself with vShield as a Security VM. If you happen to roll out vShield Endpoint after you have installed Trend (deployed the Trend filter to every host and deployed and activated all appliances), you must re-activate all your appliances.
  • You must install the vShield Endpoint agent on all your VMs to gain anti-malware protection and you cannot push this out via vShield Manager or the Trend Manager. Its a manual install – a real pain.
  • You only need to install the Trend agent on your VMs if you want Log Inspection or Integrity Monitoring. Anti-malware protection is available without the Trend VM agent.
  • With Trend 7.5 SP3 you won’t be able to provide Anti-malware protection on physical servers.
  • When Trend 8 is released at the end of January 2012, you will be able to deploy anti-malware protection to your Windows Server and Trend 8 SP.1 will provide anti-malware protection for physical linux servers.
  • You need to create DRS Groups and Rules to ensure that all your virtual appliances are limited to a single host
  • You will also need to modify the HA Virtual Machine settings so the virtual appliances are set to restart priority of high and an isolation repsonse of leave powered on.

I’m looking forward to repeating the install again when we upgrade to Vsphere 5 in February.