Trend Micro Deep Security Installation

I’ve spent the last couple of weeks installing and reinstalling Trend Micro Deep Security 7.5 SP3 after we rebuilt our ESX clusters. I found the Trend Micro Deep Security 7.5 SP3 Quick Start guide a rather poor guide to installing Trend. It was not very helpful, thankfully I had some pre-sales assistance.

My first impressions are that it is pretty cool, but a bit of pain in the arse to get configured as it requires so much work to do be done on each host. If you have a large cluster it can get tiresome repeating the installation on multiple hosts. I think the weakness in vSphere 4.1 is vShield Endpoint. It seems rather flaky. I have had to rebuild a number of hosts because vShield Endpoint wouldn’t install correctly.

Also I am continuously getting EPSec VM, EPSec SVM or EPSec host errors and I don’t know why.  No errors in the Trend Manager and they seem to come and go like the wind with little indication of what caused the alert.

Anyway, here are a couple of points worth noting:

  • The only vShield component you need installed on your ESX hosts for Trend DS is vShield Endpoint. You don’t need to push out any other components via vShield Manager – i.e. vShield Zones or vShield Edge Port Group Isolation.
  • When you activate the DSVA appliance, it is registering itself with vShield as a Security VM. If you happen to roll out vShield Endpoint after you have installed Trend (deployed the Trend filter to every host and deployed and activated all appliances), you must re-activate all your appliances.
  • You must install the vShield Endpoint agent on all your VMs to gain anti-malware protection and you cannot push this out via vShield Manager or the Trend Manager. Its a manual install – a real pain.
  • You only need to install the Trend agent on your VMs if you want Log Inspection or Integrity Monitoring. Anti-malware protection is available without the Trend VM agent.
  • With Trend 7.5 SP3 you won’t be able to provide Anti-malware protection on physical servers.
  • When Trend 8 is released at the end of January 2012, you will be able to deploy anti-malware protection to your Windows Server and Trend 8 SP.1 will provide anti-malware protection for physical linux servers.
  • You need to create DRS Groups and Rules to ensure that all your virtual appliances are limited to a single host
  • You will also need to modify the HA Virtual Machine settings so the virtual appliances are set to restart priority of high and an isolation repsonse of leave powered on.

I’m looking forward to repeating the install again when we upgrade to Vsphere 5 in February.


6 responses to “Trend Micro Deep Security Installation

  1. Excellent article. I too just dealt with the headaches of installing vShield Endpoint with Trend Deep Security. I just resolved the issues we were having this past Friday.

    I was wondering if you ever found a solution to continuously getting EPSec VM, EPSec SVM or EPSec host errors. I am also receiving these alerts now after installing Deep Security.

    • I haven’t heard anything back from pre-sales yet. My questions on the epsec issues were deftly side stepped!

      It does feel like Trend and vShield have bouts of schizophrenia. Alerts come and go like the wind and finding out the root cause is nigh on impossible.

      I am upgrading to vSphere 5 and Trend 8 this weekend. I will let you know if there is any improvement.

      • I actually opened a case with VMware and I think they may have identified the issue. Like you I was continuously receiving the EPSec VM, EPSec SVM or EPSec host errors. They analyzed my vShield Manager logs and noticed that MySQL was going offline and reporting Java issues as well. They had me increase the CPU count on the vShield Manager VM from 1 to 2. I set up the EPSec Host/SVM/VM status alarms to email me on status changes and since increasing the CPU count I have not had any triggers on these alarms. If I do have any more triggers I will let you know.

  2. I was also seeing “EPSEC VM Status” alarms coming and going. Changing the vCPUs on the vShield appliance from 1 to 2 seems to have fixed it, fantastic! Hard to believe this was the only page I could find that talked about this issue.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s