Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Requirements for Agentless Protection deployment in NSX environment

    • Updated:
    • 13 Oct 2017
    • Product/Version:
    • Deep Security 9.6
    • Platform:
    • Amazon AMI 32-bit
    • Amazon AMI 64-bit
    • CentOS 5.4 32-bit
    • CentOS 5.4 64-bit
    • CentOS 5.5 32-bit
    • CentOS 5.5 64-bit
    • CentOS 5.6 32-bit
    • CentOS 5.6 64-bit
    • CentOS 5.7 32-bit
    • CentOS 5.7 64-bit
    • CentOS 5.8 32-bit
    • CentOS 5.8 64-bit
    • CentOS 6 32-bit
    • CentOS 6 64-bit
    • CentOS 6.1 32-bit
    • CentOS 6.1 64-bit
    • CentOS 6.2 32-bit
    • CentOS 6.2 64-bit
    • HPUX 11.x
    • IBM AIX 6.1
    • Linux - Red Hat RHEL 5 32-bit
    • Linux - Red Hat RHEL 5 64-bit
    • Linux - Red Hat RHEL 6 32-bit
    • Linux - Red Hat RHEL 6 64-bit
    • Linux - SuSE 10
    • Linux - SuSE 10 64-bit
    • Linux - SuSE 11
    • Linux - SuSE 11 64-bit
    • Oracle Linux 5 32-bit
    • Oracle Linux 5 64-bit
    • Oracle Linux 6 32-bit
    • Oracle Linux 6 64-bit
    • Oracle Solaris 11 SPARC
    • Oracle Solaris 11 x86
    • Ubuntu 10.04 64-bit
    • Ubuntu 12.04 64-bit
    • Unix - Solaris (Sun) version 10 (SunOS 5.10)
    • Unix - Solaris (Sun) version 9 (SunOS 5.9)
    • Windows 2003 Server R2
    • Windows 2003 Small Business Server
    • Windows 2003 Small Business Server R2
    • Windows 2008 Enterprise
    • Windows 2008 Enterprise 64-bit
    • Windows 2008 Essential Business Server
    • Windows 2008 Server Core
    • Windows 2008 Server Foundation
    • Windows 2008 Server R2
    • Windows 2008 Server R2 Datacenter
    • Windows 2008 Server R2 Enterprise
    • Windows 2008 Server R2 with Hyper-V(TM)
    • Windows 2008 Small Business Server
    • Windows 2008 Standard
    • Windows 2008 Standard 64-bit
    • Windows 2012 Datacenter R2
    • Windows 2012 Enterprise
    • Windows 2012 Server Essential R2
    • Windows 2012 Server Foundation R2
    • Windows 2012 Standard R2
    • Windows 8.1 32-bit
    • Windows 8.1 64-bit
    • Windows Vista 32-bit
    • Windows Vista 64-bit
    • Windows XP Professional
    • Windows XP Professional 64-bit

Learn the necessary requirements before deploying Deep Security agentless protection in NSX environment.


Below are the agentless protection pre-requisites:

Deep Security Requirements

  • The Deep Security Manager (DSM) must be installed with a supported database.
  • The DSM should ideally be installed on a dedicated ESXi in the same data center.
  • A Deep Security Agent with enabled Relay functionality must be installed and activated.
  • The Deep Security Virtual Appliance (DSVA) software package must be imported into DSM. Once the DSVA is running in the data center, it needs to connect to a Relay-enabled Agent to have access on the latest Security and Software Updates.
    To import the DSVA software:
    1. On the DSM, go to the Administration > Updates > Software.
    2. Open the Download Center page and locate the Virtual Appliance in the list of available software.
    3. If the Imported column shows a green check mark, the DSVA has already been imported.
      If there is no check mark, right-click and select Import.
    4. Go to Administration > Updates > Software > Local page to confirm that the software has been imported.

VMware Requirements

You must be running the following VMware software:

  • VMware vSphere 5.5
    • VMware vCenter 5.5
    • VMware ESXi 5.5
    • VMware vSphere Web Client which requires a flash-enabled web browser
  • VMware NSX Manager 6.0.2

The NSX data center must meet the following configuration requirements:

  • The data center must be using a vSphere Distributed Switch (vDS), no minimum supported version.
    The vDS is used by both the VMware Endpoint service and the Deep Security service. This means the vDS needs to be accessible by both the NSX Manager and DSM.
  • The ESXi servers must be connected to the Distributed Switch.
  • Your ESXi servers must be grouped into clusters, even if you only have a single ESXi in a single cluster. The ESXi servers must be connected to the vDS before they are moved into clusters.
  • Your ESXi servers must be prepared by installing the drivers that will allow network traffic inspection.
  • The VMware Endpoint service must be installed on all ESXi servers.
  • The Virtual machines must belong to a NSX Security Group.
  • The Virtual machines must have the latest VMware Tools installed, including the VMware Endpoint Driver.

Check your VMware documentation for more details on configuring your NSX environment to meet the above requirements. For the complete VMware support matrix, refer to this article: Deep Security and VMware compatibility matrix.

Solution Id:
Did this article help you?

Thank you for your feedback!

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.