Install and prepare VMware vCNS for Deep Security

How to Install and prepare vCNS for Deep Security.

There are two products avilable for VMware which leverage Deep Security solution to provide agentless protection into the Guests (VMs).

  • VMWare NSX
  • VMware vCNS (VMware Cloud and Network Security)

It is prerequisite for Deep Security, if you want an agentless protection in VMware. Deep Security leverage the vShield/NSX API using vShield/NSX Guest Driver in a VM for agentless Protection.

For my environment, I don’t have NSX available. So I will be using the vCNS for Deep Security for Agentless Protection.

Prerequsite.

Before starting i hope you have red my previous post and checked the release notes and interoperability matrix for vCNS & ESXi supported version.

  • Check release notes for vCNS supported Versions
  • Requirement for ESXi

In addition to the ESXi standard system requirements, the following specifications must be met:

  • CPU: 64-bit, Intel-VT or AMD-V present and enabled in BIOS
  • supported vSwitches:
    • NSX: vSphere Distributed Switch (vDS)
    • vShield: vSphere Standard Switch (vSS) or third party vSwitch (Cisco Nexus 1000v)

NOTE:  Your VMware vCenter must be either an NSX Environment or a vShield Environment, not a mixture of the two. If you want to use both NSX and vShield, they must be in separate vCenters. You can add more than one vCenter to Deep Security Manager.

I will be using VMWare ESXi and vCenter 6 U1 with vCNS 5.5.4 build 3601672

Deploy the vCNS OVF

Deployment of OVF in VMware is very easy process. so i will not be showing you here. but if you need to know, go to following article to see how to deploy and configure vCNS.

Configure vCNS to integrate with vCenter.

Once deployed access the vCNS with URL https://vSMip for configuration.

Once logged in -> Go to “Configuration” tab and integrate the vCenter as highlighted below.

DS-vCNSConf-01

By default there is no end point driver installed in your ESXi. You can see it by going into your ESXi Cluster summary as shown below.

DS-vCNSConf-02

Install vShiled Endpoint driver on ESXi Server/Servers.

To install vShield driver into ESXi. You have to go to each ESXi hosts. Click and Go to summary Tab. Click “Install”

DS-vCNSConf-03

Once vShield End point installed. It will look like this.

DS-vCNSConf-04

Use the same method to install vShield drivers on other ESXi hosts as well. This is final snapshot of the environment.

DS-vCNSConf-05

Now everything is prepared from vCNS End. our next step is to install vShield Endpoint Drivers on each guest (VM) under the preapred ESXi hosts to provide agent less protection.

Advertisements

2 responses to “Install and prepare VMware vCNS for Deep Security

  1. You do know vCNS is End of General Support and NSX 6.2.4 provides a free license for vShield Endpoint.

    See also the following KB articles:
    End of Availability and End of General Support for VMware vCloud Networking and Security 5.5.x
    https://kb.vmware.com/selfservice/search.do?cmd=displayKC&docType=kc&docTypeID=DT_KB_1_1&externalId=2144733

    FAQ: Implementation of vShield Endpoint beyond EOA of vCNS
    https://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2110078

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s