Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Verifying a successful Deep Security Virtual Appliance (DSVA) installation

    • Updated:
    • 19 Aug 2016
    • Product/Version:
    • Deep Security 9.0
    • Deep Security 9.5
    • Platform:
    • VMware ESX 5.0
    • VMware ESXi 5.0
    • VMware vCenter 5.0
    • Windows 2003 Enterprise
    • Windows 2003 Enterprise 64-bit
    • Windows 2003 Standard
    • Windows 2003 Standard 64-bit
    • Windows 2008 Enterprise
    • Windows 2008 Enterprise 64-bit
    • Windows 2008 Server R2
    • Windows 2008 Standard
    • Windows 2008 Standard 64-bit
    • Windows 7 32-bit
    • Windows 7 64-bit
    • Windows Vista 32-bit
    • Windows Vista 64-bit
    • Windows XP Professional
    • Windows XP Professional 64-bit
Summary

Check the components on the VMware environment to verify if the DSVA was successfully installed.

Details
Public

Verify the following:

  • The host’s networking configuration should have the following port groups under the vmservice-vswitch:
    • vmservice-trend-pg
    • vmservice-vshield-pg
    • vmservice-vmknic-pg

    vmservice-vswitch port groups

  • The Deep Security filter driver should be installed and the modules should be running.

    Run this command to verify the installed filter driver:

    ~ # esxcli software vib list | grep Trend

    Run this command to check the modules:

    ~ # vmkload_mod -l | grep dvfilter

    The following should appear:

    Commands to check the filter driver and modules

  • The vShield Endpoint driver should be running on the ESX host.
    Run the command “~ # ps | grep vShield-Endpoint-Mux” to verify. The following should appear:

    Command to check the vShield Endpoint driver

  • Check the vShield Endpoint configuration using the command “~ # esxcfg-advcfg --get /UserVars/VshieldEndpointSolutionsConfiguration”. The following should appear:

    Command to check the vShield Endpoint configuration

    You can also check this on the vCenter console.

  • The IP of the DVfilter should match the VM Kernel VNIC IP found in the Deep Security Manager (DSM) console, under the Network configuration tab of vCenter Properties.
    To verify, run the command “~ # esxcfg-advcfg --get /Net/DVFilterBindIpAddress” . The value of DVFilterBindIpAddress should be 169.254.1.1.
  • The predefined port 2222 should be open for inbound for DVFilter use. Use TELNET command to check if the port is open.

    Port 2222 is predefined for DVFilter driver

  • You should be able to run the following from the host:

    ~ # vmkping 169.254.1.1
    PING 169.254.1.1 (169.254.1.1): 56 data bytes
    64 bytes from 169.254.1.1: icmp_seq=0 ttl=64 time=0.173 ms
    64 bytes from 169.254.1.1: icmp_seq=1 ttl=64 time=0.127 ms
    64 bytes from 169.254.1.1: icmp_seq=2 ttl=64 time=0.109 ms

    ~ # vmkping 169.254.1.39
    PING 169.254.1.39 (169.254.1.39): 56 data bytes
    64 bytes from 169.254.1.39: icmp_seq=0 ttl=64 time=0.173 ms
    64 bytes from 169.254.1.39: icmp_seq=1 ttl=64 time=0.127 ms
    64 bytes from 169.254.1.39: icmp_seq=2 ttl=64 time=0.109 ms

  • On the DSM console, the status of the ESX should appear “Prepared” and vShield Endpoint should appear “Installed”.

    ESX status "Prepared", vShield Endpoint "Installed"

  • On the vShield manager console, the vShield Endpoint should be installed on the ESX host:

    vShield manager console shows vShield Endpoint installed on ESX host

  • On the vShield manager console, the DSVA should be registered under the host. The following will only appear when DSVA protects at least one VM:

    vShield manager shows DSVA registered on ESX host

  • The following entries should be in the VMX file of the DSVA:
    • Ethernet2.filter0.name = “dvfilter-faulter”
    • Ethernet2.filter0.param0 = “dvfilter-dsa”
  • The second and third vNIC of the DSVA should connect to vmservice-trend-pg:

    Second and third vNIC of DSVA connect to vmservice-trend-pg

  • Check the DSVA IP settings using the command “~$ ifconfig –a | more”. The following should appear:

    Command to check DSVA IP settings

  • From the DSVA, run the following commands to check DSVA connection to the host:

    ~ # ping 169.254.1.1
    PING 169.254.1.1 (169.254.1.1): 56 data bytes
    64 bytes from 169.254.1.1: icmp_seq=0 ttl=64 time=0.173 ms
    64 bytes from 169.254.1.1: icmp_seq=1 ttl=64 time=0.127 ms
    64 bytes from 169.254.1.1: icmp_seq=2 ttl=64 time=0.109 ms
    --- 169.254.1.1 ping statistics ---
    3 packets transmitted, 3 packets received, 0% packet loss
    round-trip min/avg/max = 0.109/0.136/0.173 ms
    (crtl+c to exit ping)

  • The 48651 port of the Antimalware process should display “LISTEN” whereas the connection between 169.254.1.39 and 169.254.1.1 should display “ESTABLISHED”.
    Run the command “~$ netstat –an | more” to verify. The following should appear:

    Command to check 48651 port of the Antimalware process

  • The Ds_filter process should run with the same process ID (PID).
    Run the command “~$ ps –ef | grep ds_filter” to verify.

The DSM console should display the status of the Appliance as “Managed (Online)”. The vShield Endpoint should show “Registered”.

Appliance is Managed (Online) and vShield Endpoint is Registered

Premium
Internal
Rating:
Category:
Install
Solution Id:
1098103
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support


To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.


Need More Help?

Create a technical support case if you need further support.