Views:

Follow these steps:

  1. Initiate the instance launch.
    1. Open the Microsoft Azure Virtual Machine console.
    2. Click Create and choose Azure virtual machine.
  2. Specify the Project details.
    1. Select the Subscription to assign the instance to.
    2. Select an existing Resource group or click Create new to assign the instance to a new group.
  3. Configure Basic Information.
    1. Enter the Virtual machine name
    2. Choose Region.
    3. Optionally, select Availability options and Available zone.
    4. For security type, select Standard.
    5. Under the Image drop-down, click See all images.
    6. Search for Trend Vision One Service Gateway.
    7. After the search results appear, click Select Trend Vision One™ Service Gateway.

      Marketplace

    8. For size, ensure the hardware resource meets the minimum specifications based on your service installation. The "Standard_F8s_v2" is recommended. Note that at least 4vCPU and 8G memory are needed for the service gateway. For details, please check the Online Help Center article, Service Gateway 2.0 Appliance System Requirements.

      Instance Details

    9. For Authentication type, select SSH public key.
    10. For Username, type azureuser.
    11. For SSH public key source, select Generate new key pair or use an existing key pair.
    12. If you choose to generate a new key pair, specify the Key pair name.
    13. Select None for Public inbound ports. Optionally, select Red Hat Enterprise Linux for License type.Module state
  4. Click Next: Disks.
    • For OS disk type choose the default Premium SSD.
  5. Click Next: Networking.
    1. Select the Virtual network for the instance to connect to.
    2. Select the Subnet.
    3. For Public IP, select None.
    4. For NIC network security group, select None.
    5. For Load Balancing, select None.
  6. Click Next: Management. Use the default settings.
  7. Click Next: Monitoring. Use the default settings.
  8. Click Next: Advanced. Use the default settings.
  9. Click Next: Tags.
    • Set your desired tags and then click Next: Review + create.Module state
  10. Review the virtual machine settings, then click Create.
    If you chose to create a new key pair, the Generate new key pair prompt appears. Click Download private key and create resource to download the key pair and start the instance creation.
  11. After the deployment is completed, go to the Virtual machines screen and click on the name of the Service Gateway virtual appliance instance.
  12. In the virtual machine panel, go to Settings > Networking.
  13. Configure inbound rules.
    1. Click Add inbound port rule.
    2. Specify the Source.

      Trend Micro recommends setting Source to IP Addresses and specifying Source IP addresses/CIDR ranges that are within your network.

    3. For Source port ranges, type * to allow any source port.
    4. For Destination, select Any.
    5. Specify ServiceDestination port rangesProtocol, and Action according to the following table:
      ServiceDestination Port RangeProtocolActionDescription
      SSH22TCPAllowFor accessing Service Gateway virtual appliance CLISH command.
      HTTP80TCPAllowFor Service queries, Predictive Machine Learning, File Reputation Services, or Third-Party Integration queries
      HTTPS443TCPAllowFor Service queries, Predictive Machine Learning, File Reputation Services, or Third-Party Integration queries
      CUSTOM TCP5274TCPAllowWeb Reputation Services or Web Inspection Service queries.
      CUSTOM TCP5275TCPAllowWeb Reputation Services or Web Inspection Service queries.
      CUSTOM TCP8080TCPAllowForward Proxy Service listening port for connection.
      CUSTOM TCP8088TCPAllowZero Trust Secure Access On-Premises Gateway listening port for connection
    6. Specify the Priority of the rule.
    7. Specify the rule Name

    Outbound Rules: Trend Micro recommends using default settings. Setting additional outbound rules may affect the ability of Service Gateway to connect to Service Gateway Inventory.

  14. Connect to instance.

    After the instance startup, use key pair with user "admin" to login in.

    Instance

 
When updating the Service Gateway Virtual Appliance, the trusted hosts cannot be automatically updated. Please remove the known hosts of Service Gateway Virtual Appliance in trusted file ~/.ssh/known_hosts and then connect again.
 

Register to Trend Micro Vision One

  1. Type "enable" and press the ENTER key to enable administrative commands. Provide your password when asked.

    The command prompt changes from > to #.

  2. Use the configure command to configure the required network settings, such as the IP address and DNS settings.
  3. Type the following command to register the Service Gateway virtual appliance to Trend Micro Vision One.

    register <registration_token>

    You can obtain the Service Gateway registration token by following the steps below:

    1. On the Trend Vision One console, go to Workflow and Automation > Service Gateway Management.
    2. Click Download Virtual Appliance.
    3. Copy the Registration Token.
     
     
    Trend Micro recommends using an SSH client to easily copy and paste the registration token.
     

(Option) Configure Other Settings

Use the CLI to configure other settings, if required. For more information on available commands, see Service Gateway 2.0 CLI Commands.

Keywords: launch Service Gateway Virtual Appliance azure, azure image service gateway,outbound rules,inbount rules ports,vision one register,azure service gateway