Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Permissions required for Deep Security Virtual Appliance (DSVA) deployment and operations

    • Updated:
    • 26 Jul 2016
    • Product/Version:
    • Deep Security 8.0
    • Deep Security 9.0
    • Deep Security 9.5
    • Deep Security 9.6
    • Platform:
    • VMware ESX 4.1
    • VMware ESX 5.0
    • VMware ESXi 4.1
    • VMware ESXi 5.0
    • VMware ESXi 5.5
    • VMware vCenter 5.0
    • VMware vCenter 5.5
Summary
Know the required permissions for DSVA operations and for each phase of the deployment process.
Details
Public
These permissions must be applied at the data center level in the Hosts and Clusters view of the vCenter. Because the ability to fetch parent IDs of various entities is required, applying the permissions in the cluster level will cause errors.
Preparing the ESX host
This is the first step in deploying the DSVA. In this phase, a kernel driver is loaded onto the ESX host, and a separate vSwitch is configured to facilitate internal connectivity for the DSVA.
Configuration LocationRequired Permissions
Host > Configuration > Change SettingsPermissions Required to Query Modules on ESX
Host > Configuration > MaintenancePermissions Required to Enter and Exit Maintenance Mode
Host > Configuration > Network ConfigurationPermissions required to add new virtual switch, port group, virtual NIC etc.
Host > Configuration > Advanced SettingsPermissions required to setup networking for dvfilter communication on ESX
Host > Configuration > Query PatchPermissions required to install Filter Driver
Host > Configuration > ConnectionPermissions to disconnect/reconnect a host
Host > Configuration > Security profile and firewallPermissions to reconfigure outgoing FW connections to allow retrieval of Filter Driver package from DSM
Global > Cancel TaskPermissions required to cancel a task if required
Host > Configuration > System ManagementPermissions to prepare ESXi
Host > Configuration > Image ConfigurationPermissions to configure DSVA image
Host > Configuration > Memory ConfigurationPermissions to configure DSVA memory
Deploying the Virtual Appliance
This is the second step in DSVA deployment, during which the virtual appliance itself is deployed from an OVF file.
Configuration LocationRequired Permissions
vApp > vApp application configurationPermissions to set Product Version for DSVA
vApp > ImportPermissions to deploy DSVA from OVF file
Datastore > Allocate SpacePermissions required to allocate space for DSVA on datastore.
Host > Configuration > Virtual machine autostart configurationPermissions to set DSVA to autostart on ESX
Network > Assign NetworkPermissions to assign DSVA to networks
Virtual Machine > Configuration > Add new diskPermissions to add disks to DSVA
Virtual Machine > Interaction > Power OnPermissions to power on DSVA
Virtual Machine > Interaction > Power OffPermissions to power off DSVA
Host > Inventory > Modify ClusterPermissions to deploy DSVA
Activating the Virtual Machine
In this third step, the appliance is activated into the Deep Security Manager (DSM) system.
Configuration LocationRequired Permissions
Virtual Machine > Configuration > AdvancedPermissions to reconfigure virtual machine for dvfilter
Regular Operations
For ongoing operations, less permissions are needed.
Configuration LocationRequired Permissions
Host > Configuration > Change SettingsPermissions required to query modules on ESX
Virtual Machine > Configuration > AdvancedPermissions to reconfigure virtual machine for dvfilter

NSX Environment

For NSX environment, both deployment and operation require the NSX built-in administrator account or a vCenter user account with assigned Enterprise Administrator role. To assign a role to vCenter user, follow the procedure in this VMware article: Assign a Role to a vCenter User.

Premium
Internal
Rating:
Category:
Configure
Solution Id:
1098184
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support


To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.


Need More Help?

Create a technical support case if you need further support.