You can watch Deep Security 12 - Scoping Environment Pt. 1 - Identifying Workloads on YouTube to review considerations when scoping your environment.
You can import a VMware vCenter into Deep Security Manager and then protect its virtual machines with an agent.
You cannot import a vCenter that is using vShield Manager.
You have the following options for adding a vCenter:
- In Deep Security Manager, go to Computers > Add > Add VMware vCenter.
- Enter the vCenter server information:
- Enter the vCenter server's IP address (or host name if DNS is configured and able to resolve FQDNs to IP addresses).
- Enter the port number to connect to the vCenter (443 by default).
- Enter the user name and password of a vCenter user account.
This account must have the vCenter Read Only role (or another role that has equal or greater privileges) at the data center level.This user is required to synchronize the VM inventory between vCenter and Deep Security Manager.
Applying the Read Only role at the Hosts and Clusters or Virtual Machine level in vCenter causes synchronization problems.
- Click Next.
- Accept the vCenter TLS (SSL) certificate.
- Review the vCenter information and click Finish.
- The VMware vCenter has been successfully added message will be displayed. Click Close.The vCenter will appear on the Computers page.
In a large environment with more than 3000 machines reporting to a vCenter Server, this process may take 20 to 30 minutes to complete. You can check the vCenter's Recent Task section to verify if there are activities running.
Deep Security Manager will maintain real-time synchronization with this VMware vCenter to keep the information displayed in Deep Security Manager (number of VMs, their status, etc.) up to date.
VMware NSX-T Data Center supports managing multiple vCenters within one NSX Manager. To add multiple vCenters with same NSX Manager:
- Add the first vCenter and NSX Manager following the instructions in Add a vCenter.
- Add a second vCenter following the instructions in Add a vCenter, and stop when you see the page with this message:
A previous Deep Security deployment has been detected on this vCenter
- Click Next without enabling the I have removed all Deep Security services and NSX Security Policies [...] check box. By leaving the check box deselected, you are indicating that you want to allow a second vCenter to be managed by the previously-specified NSX-T Manager.
To add a vCenter when Deep Security Manager is in FIPS mode:
- Import the vCenter and NSX Manager TLS (SSL) certificates into Deep Security Manager before adding the vCenter to the manager. See Manage trusted certificates.
- Follow the steps in Add a VMware vCenter to add vCenter. The steps are exactly the same, except that in FIPS mode you will see a Trusted Certificate section on the vCenter page. Click Test Connection to check whether the vCenter's SSL certificate has been imported successfully into Deep Security Manager. If there are no errors, click Next and continue on through the wizard.