Add computers and other resources to Deep Security Manager

The Computers page in Deep Security Manager enables you to manage and monitor the computers you are protecting with Deep Security.

This page regularly refreshes itself to display the most current information. (You can modify the refresh rate on a per-user basis. Go to Administration > User Management > Users and then double-click on a user account to open its Properties window. On the Settings tab, in the Refresh Rate section, modify the page refresh rate.)

Add computers to the manager

After being installed on a computer, an agent must be activated by the Deep Security Manager. During activation, the Deep Security Manager sends a fingerprint to the agent, after which the agent accepts instructions only from a manager with that unique fingerprint.
If you install an agent on a virtual machine that was previously being protected agentlessly by a Deep Security Virtual Appliance, the virtual machine has to be activated again from the manager to register the presence of the agent on the computer. Agentless protection is not available with Deep Security as a Service.

You can add computers in many different ways.

  • Add local network computers
    If you are protecting computers on a locally accessible network you can add them individually by supplying their IP address or hostname or you can perform a Discovery operation to search for all computers visible to the Deep Security Manager.
  • Add computer groups from Microsoft Active Directory
    You can import computer groups from Microsoft Active Directory or any other LDAP-based directory service.
  • Add a VMware vCenter
    Deep Security Manager supports a tight integration with VMware vCenter and ESXi server. You can import the organizational and operational information from vCenter and ESXi nodes and allow detailed application of security to an enterprise's VMware infrastructure.
  • Add virtual machines hosted on VMware vCloud
  • Add AWS cloud accounts
  • Add a Microsoft Azure account to Deep Security
  • Bake the agent into your AMI or WorkSpace bundle
    You can install a preactivated Deep Security Agent onto the instance that your Amazon Machine Image (AMI) is based on.
  • Use deployment scripts to add and protect computers
    If you are going to be adding and protecting a large number of computers you may want to automate the process of installing and activating agents. You can use the Deep Security Manager's deployment script generator to generate scripts you can run on your computers which will install the agents and optionally perform subsequent tasks like activation and policy assignment. The scripts are also useful as a starting template to create your own customized scripts to execute various additional available commands.

Group computers

Creating computer groups is useful from an organizational point of view and it speeds up the process of applying and managing policies. Groups are displayed in the tree structure on the left side of the Computers page. To create a new group, select the computer group under which you want to create the new computer group and then click Add > Create Group(s).

To move a computer to a group, select the computer and click Actions > Move to Group. Keep in mind that policies are applied at the computer level, not the computer group level. Moving a computer from one computer group to another has no effect on the policy assigned to that computer.

To remove a group, right-click it and click Remove Group. You can only remove a computer group if it contains no computers and has no sub-groups.

You can also Group computers dynamically with smart folders.

Export your computers list

You can click Export on the Computers page to export your computers list to an XML or CSV file. Exporting is useful when you want to back up your computer information, integrate it with other reporting systems, or to migrate computers to another Deep Security Manager. (If you export, you do not have to re-discover and scan computers from the new manager.)

The exported computers file does not include any assigned policies, firewall rules, firewall stateful configurations or intrusion prevention rules. To export this configuration information use the Policy export option in the Policies page.

Delete a computer

If you delete a computer (by selecting it and clicking Delete), all information pertaining to that computer is deleted along with it. If you re-discover the computer, you will have to re-assign a policy and whatever rules were assigned previously.