Add virtual machines hosted on VMware vCloud
You can watch Deep Security 12 - Scoping Environment Pt. 1 - Identifying Workloads on YouTube to review considerations when scoping your environment.
To import cloud resources into Deep Security Manager, Deep Security users must first have a account with which to access the cloud provider service resources. For each Deep Security user who will import a cloud account into the Deep Security Manager, Trend Micro recommends creating a dedicated account for that Deep Security Manager to access the cloud resources. That is, users should have one account to access and control the virtual machines themselves, and a separate account for their Deep Security Manager to connect to those resources.
Topics in this section:
- What are the benefits of adding a vCloud account?
- Proxy setting for cloud accounts
- Create a VMware vCloud Organization account for the manager
- Import computers from a VMware vCloud Organization Account
- Import computers from a VMware vCloud Air data center
- Configure software updates for cloud accounts
- Remove a cloud account
The benefits of adding a vCloud account (through Deep Security Manager > Computers > Add Azure Account) instead of adding individual vCloud resources (through Deep Security Manager > Computers > Add Computer), are:
- Changes in your cloud resource inventory are automatically reflected in Deep Security Manager. For example, if you delete a number of instances from vSphere, those instances disappear automatically from the manager. By contrast, if you use Computers > Add Computer, cloud instances that are deleted from vCenter remain visible in the manager until they are manually deleted.
- Cloud resources are organized into their own branch in the manager, which lets you easily see which resources are protected and which are not. Without the vCloud account, all your cloud resources appear at the same root level under Computers.
You can configure Deep Security Manager to use a proxy server specifically for connecting to instances being protected in cloud accounts. The proxy setting can be found in Administration > System Settings > Proxies > Proxy Server Use > Deep Security Manager (Cloud Accounts - HTTP Protocol Only).
- Log in to VMware vCloud Director.
- On the System tab, go to Manage And Monitor.
- In the left navigation pane, click Organizations.
- Double-click the Organization you wish to give the Deep Security user access to.
- On the Organizations tab, click Administration.
- In the left navigation pane, go to Members > Users.
- Click the " plus " sign to create a new user.
- Enter the new user's credentials and other information, and select Organization Administrator as the user's Role.
Organization Administrator is a simple pre-defined Role you can assign to the new user account, but the only privilege required by the account is All Rights > General > Administrator View and you should consider creating a new vCloud role with just this permission.
- Click OK to close the new user's properties window.
The vCloud account is now ready for access by a Deep Security Manager.
To import the VMware vCloud resources into the Deep Security Manager, you will be prompted for the Address of the vCloud, your User name , and your Password .
Your User name must include "@orgName". For example if the vCloud account's username is kevin and the vCloud Organization you've given the account access to is called CloudOrgOne, then you must enter kevin@CloudOrgOne as your username when importing the vCloud resources.
(For a vCloud administrator view, use @system.)
- In the Deep Security Manager, go to Computers.
- Right-click Computers in the navigation panel and select Add vCloud Account to display the Add vCloud Cloud Account wizard.
- In Name and Description, enter the resources you are adding. (These are only used for display purposes in the Deep Security Manager.)
- In Address, enter the hostname or address of vCloud Director.
- In User Name and Password, enter vCloud authentication credentials. User names should have the format username@vcloudorganization.
- Click Next.
- Deep Security Manager will verify the connection to the cloud resources and display a summary of the import action. Click Finish.
The VMware vCloud resources now appear in the Deep Security Manager under their own branch on Computers.
- In the Deep Security Manager, go to the Computers section, right-click Computers in the navigation panel and select Add vCloud Account to display the Add vCloud Account wizard.
- Enter a Name and Description of the vCloud Air data center you are adding. (These are only used for display purposes in the Deep Security Manager.)
Enter the Address of the vCloud Air data center.
To determine the address of the vCloud Air data center:
- Log in to your vCloud Air portal.
- On the Dashboard tab, click the data center you want to import into Deep Security. The Virtual Data Center Details information page is displayed.
- In the Related Links section of the Virtual Data Center Details page, click vCloud Director API URL. This will display the full URL of the vCloud Director API.
- Use the host name only (not the full URL) as the Address of the vCloud Air data center that you are importing into Deep Security.
- In User Name and Password, enter virtual data center credentials. User names should have the format username@virtualdatacenterid.
- Click Next.
- Deep Security Manager will verify the connection to the vCloud Air data center and display a summary of the import action. Click Finish.
The VMware vCloud Air data center now appears in the Deep Security Manager under its own branch on Computers.
Relays are modules within Deep Security Agents that are responsible for the download and distribution of Security and Software updates. Normally, the Deep Security Manager informs the relays when new updates are available, the relays get the updates and then the agents get their updates from the relays.
However, if your Deep Security Manager is in an enterprise environment and you are managing computers in a cloud environment, relays in the cloud may not be able to communicate with Deep Security Manager. You can solve this problem by allowing the relays to obtain software updates directly from the Trend Micro Download Center when they cannot connect to the Deep Security Manager. To enable this option, go to Administration > System Settings > Updates and under Software Updates, select Allow Relays to download software updates from Trend Micro Download Center when Deep Security Manager is not accessible.
Removing a cloud provider account from Deep Security Manager permanently removes the account from the Deep Security database. Your account with your cloud provider is unaffected and any Deep Security agents that were installed on the instances will still be installed, running, and providing protection (although they will no longer receive security updates.) If you decide to re-import computers from the Cloud Provider Account, the Deep Security Agents will download the latest Security Updates at the next scheduled opportunity.
- Go to the Computers page, right-click the Cloud Provider account in the navigation panel, and select Remove Cloud Account.
- Confirm that you want to remove the account.
- The account is removed from the Deep Security Manager.