Learn the necessary requirements before deploying Deep Security agentless protection in NSX environment.
Below are the agentless protection pre-requisites:
Deep Security Requirements
- The Deep Security Manager (DSM) must be installed with a supported database.
- The DSM should ideally be installed on a dedicated ESXi in the same data center.
- A Deep Security Agent with enabled Relay functionality must be installed and activated.
- The Deep Security Virtual Appliance (DSVA) software package must be imported into DSM. Once the DSVA is running in the data center, it needs to connect to a Relay-enabled Agent to have access on the latest Security and Software Updates.
To import the DSVA software:
- On the DSM, go to the Administration > Updates > Software.
- Open the Download Center page and locate the Virtual Appliance in the list of available software.
- If the Imported column shows a green check mark, the DSVA has already been imported.
If there is no check mark, right-click and select Import.
- Go to Administration > Updates > Software > Local page to confirm that the software has been imported.
You must be running the following VMware software:
- VMware vSphere 5.5
- VMware vCenter 5.5
- VMware ESXi 5.5
- VMware vSphere Web Client which requires a flash-enabled web browser
- VMware NSX Manager 6.0.2
The NSX data center must meet the following configuration requirements:
- The data center must be using a vSphere Distributed Switch (vDS), no minimum supported version. The vDS is used by both the VMware Endpoint service and the Deep Security service. This means the vDS needs to be accessible by both the NSX Manager and DSM.
- The ESXi servers must be connected to the Distributed Switch.
- Your ESXi servers must be grouped into clusters, even if you only have a single ESXi in a single cluster. The ESXi servers must be connected to the vDS before they are moved into clusters.
- Your ESXi servers must be prepared by installing the drivers that will allow network traffic inspection.
- The VMware Endpoint service must be installed on all ESXi servers.
- The Virtual machines must belong to a NSX Security Group.
- The Virtual machines must have the latest VMware Tools installed, including the VMware Endpoint Driver.
Check your VMware documentation for more details on configuring your NSX environment to meet the above requirements. For the complete VMware support matrix, refer to this article: Deep Security and VMware compatibility matrix.