Deploy the Deep Security Manager VM for Azure Marketplace

To start protecting your Azure virtual machines (VM) with Deep Security Manager VM for Azure Marketplace, basic steps include:

  1. Buy Deep Security from the Azure Marketplace.
  2. Add a Microsoft Azure account to Deep Security.
  3. Create a policy.
  4. Deploy Deep Security Agents.

If you are upgrading an existing Deep Security Manager VM for Azure Marketplace, see Upgrade Deep Security Manager VM for Azure Marketplace

Buy Deep Security from the Azure Marketplace

You can buy Deep Security from the Azure Marketplace as Deep Security Manager (BYOL).

To buy Deep Security Manager (BYOL) , you need to have already obtained a license for Deep Security. If you need a license, contact azure@trendmicro.com for help with obtaining one.

  1. Log in to your Azure portal and click All Services > General > Marketplace.
  2. Search for Deep Security Manager (BYOL).
  3. In the search results, click Deep Security Manager (BYOL).
  4. Review the information provided and click Create.
  5. Follow the steps of the Create Deep Security Manager journey to create a Deep Security virtual machine.

    1. Specify the name of the Deep Security Manager VM and configure other general settings on the Basics blade and then click OK.

      • The credentials you specify in this blade are what you will use to log on to the Deep Security Manager virtual machine.
      • Depending on the type of authentication you select, you have to enter a strong password or an SSH public key.
      • Type in a name into Resource group to create a new Resource group.

        Azure does not allow Deep Security Manager VM to be deployed on existing resource groups. A new resource group must be created.
      • Select an Azure region from the Location list.
    2. Select a virtual machine size, configure the Deep Security Manager URL and port numbers on the Deep Security Manager VM blade, and then click OK.

      • Use the DNS name you enter in Deep Security Manager URL such as azurevmdemo01.
      • Enter the port number for the Deep Security Manager console port to access and log into Deep Security Manager, such as https://azurevmdemo01.eastus.cloudapp.azure.com:443.
      • Enter the heartbeat port number used by the Deep Security Agents to communicate with Deep Security Manager.
    3. Create a new database or enter the name of an existing one on the Database Settings blade and then click OK.

      • Do not type anything into Database Hostname if you create a new database. However, if you click Use Existing, then the database hostname is required.
      • You can view the names of existing Azure SQL databases by going to the SQL databases blade and viewing the properties of a database (Settings blade > Properties blade > Server name).
    4. Enter the name of the administrator account that you will use to sign in to Deep Security Manager on the Deep Security Credentials blade and enter and confirm the password for that account and click OK.
    5. Click the arrows to review the settings for the new virtual network and the subnet for the Deep Security Manager VM on the Network Settings blade and click OK twice.
    6. Review the information on the Summary blade and click OK when "Validation passed" appears at the top of the summary to finish creating the virtual machine.

      Validation passed message

    7. Click Terms of use, privacy policy, and Azure Marketplace Terms on the Buy blade to review them and then click Create.

    It will take approximately 30-40 minutes before your new virtual machine is running.

  6. When installation is complete, open a browser and go to:

    https://<DNS name>:8443

    where the DNS name is the name you specified on the Deep Security Manager blade (for example, azurevmdemo01.eastus.cloudapp.azure.com). To view the DNS name for your Deep Security virtual machine, select the virtual machine in the Public IP address blade, and then click Overview. It will be in the DNS name field.

  7. Enter the Subscription ID for the virtual machine and click Sign in.

    If the installation succeeded, you will be redirected to Deep Security Manager. If the installation failed you will see an error message. If this happens, click Install Deep Security Manager again and verify all settings as you step through the installation again.

Add a Microsoft Azure account to Deep Security

Once you've installed Deep Security Manager, you can add and protect Microsoft Azure virtual machines by connecting a Microsoft Azure account to the Deep Security Manager. For instructions, see Add a Microsoft Azure account to Deep Security.

Create a policy

After you have added Microsoft Azure virtual machines to Deep Security, you need to create a policy that specifies how Deep Security should protect them.

You have two options for creating a policy:

  • You can make a duplicate copy of one of the server policies that comes with Deep Security and modify it as required.
  • You can build your own policy using the Base Policy as your starting point.

For more information on how to create a policy, see Create policies to protect your computers and other resources.

For more information on how policies work in Deep Security, see Policies, inheritance, and overrides.

Deploy Deep Security Agents

To start protecting your Microsoft Azure virtual machines with Deep Security, you need to deploy Deep Security Agents to them. You can do this in multiple ways. See Install the agent on a Microsoft Azure VM for details.