How to Install and prepare vCNS for Deep Security.
There are two products avilable for VMware which leverage Deep Security solution to provide agentless protection into the Guests (VMs).
- VMWare NSX
- VMware vCNS (VMware Cloud and Network Security)
It is prerequisite for Deep Security, if you want an agentless protection in VMware. Deep Security leverage the vShield/NSX API using vShield/NSX Guest Driver in a VM for agentless Protection.
For my environment, I don’t have NSX available. So I will be using the vCNS for Deep Security for Agentless Protection.
Before starting i hope you have red my previous post and checked the release notes and interoperability matrix for vCNS & ESXi supported version.
- Check release notes for vCNS supported Versions
- Requirement for ESXi
In addition to the ESXi standard system requirements, the following specifications must be met:
- CPU: 64-bit, Intel-VT or AMD-V present and enabled in BIOS
- supported vSwitches:
- NSX: vSphere Distributed Switch (vDS)
- vShield: vSphere Standard Switch (vSS) or third party vSwitch (Cisco Nexus 1000v)
NOTE: Your VMware vCenter must be either an NSX Environment or a vShield Environment, not a mixture of the two. If you want to use both NSX and vShield, they must be in separate vCenters. You can add more than one vCenter to Deep Security Manager.
I will be using VMWare ESXi and vCenter 6 U1 with vCNS 5.5.4 build 3601672
Deploy the vCNS OVF
Deployment of OVF in VMware is very easy process. so i will not be showing you here. but if you need to know, go to following article to see how to deploy and configure vCNS.
Configure vCNS to integrate with vCenter.
Once deployed access the vCNS with URL https://vSMip for configuration.
Once logged in -> Go to “Configuration” tab and integrate the vCenter as highlighted below.
By default there is no end point driver installed in your ESXi. You can see it by going into your ESXi Cluster summary as shown below.
Install vShiled Endpoint driver on ESXi Server/Servers.
To install vShield driver into ESXi. You have to go to each ESXi hosts. Click and Go to summary Tab. Click “Install”
Once vShield End point installed. It will look like this.
Use the same method to install vShield drivers on other ESXi hosts as well. This is final snapshot of the environment.
Now everything is prepared from vCNS End. our next step is to install vShield Endpoint Drivers on each guest (VM) under the preapred ESXi hosts to provide agent less protection.