Add virtual machines hosted on VMware vCloud

Once you have imported the resources from the cloud provider account into the Deep Security Manager, the computers in the account are managed like any computer on a local network.

To import cloud resources into their Deep Security Manager, Deep Security users must first have an account with which to access the cloud provider service resources. For each Deep Security user who will import a cloud account into the Deep Security Manager, Trend Micro recommends creating dedicated account for that Deep Security Manager to access the cloud resources. That is, users should have one account to access and control the virtual machines themselves, and a separate account for their Deep Security Manager to connect to those resources.

Having a dedicated account for Deep Security ensures that you can refine the rights and revoke this account at any time. It is recommended to give Deep Security an Access/Secret key with read-only rights at all times.
The Deep Security Manager only requires read-only access to import the cloud resources and mange their security.

Proxy setting for cloud accounts

You can configure Deep Security Manager to use a proxy server specifically for connecting to instances being protected in cloud accounts. The proxy setting can be found in Administration > System Settings > Proxies > Proxy Server Use > Deep Security Manager (Cloud Accounts - HTTP Protocol Only).

Create a VMware vCloud Organization account for the manager

  1. Log in to VMware vCloud Director.
  2. On the System tab, go to Manage And Monitor.
  3. In the left navigation pane, click Organizations.
  4. Double-click the Organization you wish to give the Deep Security user access to.
  5. On the Organizations tab, click Administration.
  6. In the left navigation pane, go to Members > Users.
  7. Click the " plus " sign to create a new user.
  8. Enter the new user's credentials and other information, and select Organization Administrator as the user's Role.
    Organization Administrator is a simple pre-defined Role you can assign to the new user account, but the only privilege required by the account is All Rights > General > Administrator View and you should consider creating a new vCloud role with just this permission. For more detailed information on preparing vCloud resources for Deep Security integration, see Deploy agentless protection in a vCloud environment.
  9. Click OK to close the new user's properties window.

The vCloud account is now ready for access by a Deep Security Manager.

To import the VMware vCloud resources into the Deep Security Manager, users will be prompted for the Address of the vCloud, their User name , and their Password .

The User name must include "@orgName". For example if the vCloud account's username is kevin and the vCloud Organization you've given the account access to is called CloudOrgOne, then the Deep Security user must enter kevin@CloudOrgOne as their username when importing the vCloud resources.

(For a vCloud administrator view, use @system.)

Import computers from a VMware vCloud Organization Account

  1. In the Deep Security Manager, go to the Computers section, right-click Computers in the navigation panel and select Add vCloud Account to display the Add vCloud Cloud Account wizard.
  2. Enter a Name and Description of the resources you are adding. (These are only used for display purposes in the Deep Security Manager.)
  3. Enter the vCloud Address. (The hostname of the vCloud Director host machine.)
  4. Enter your user name and Password.
    Your user name must be in the form username@vcloudorganization.
  5. Click Next.
  6. Deep Security Manager will verify the connection to the cloud resources and display a summary of the import action. Click Finish.

The VMware vCloud resources now appear in the Deep Security Manager under their own branch on the Computers page.

Import computers from a VMware vCloud Air data center

  1. In the Deep Security Manager, go to the Computers section, right-click Computers in the navigation panel and select Add vCloud Account to display the Add vCloud Account wizard.
  2. Enter a Name and Description of the vCloud Air data center you are adding. (These are only used for display purposes in the Deep Security Manager.)
  3. Enter the Address of the vCloud Air data center.
    To determine the address of the vCloud Air data center:
    1. Log in to your vCloud Air portal.
    2. On the Dashboard tab, click on the data center you want to import into Deep Security. This will display the Virtual Data Center Details information page.
    3. In the Related Links section of the Virtual Data Center Details page, click on vCloud Director API URL. This will display the full URL of the vCloud Director API.
    4. Use the hostname only (not the full URL) as the Address of the vCloud Air data center that you are importing into Deep Security.
  4. Enter your user name and Password.
    Your user name must be in the form username@virtualdatacenterid.
  5. Click Next .
  6. Deep Security Manager will verify the connection to the vCloud Air data center and display a summary of the import action. Click Finish.

The VMware vCloud Air data center now appears in the Deep Security Manager under its own branch on the Computers page.

Configure software updates for cloud accounts

Relays are modules within Deep Security Agents that are responsible for the download and distribution of Security and Software updates. Normally, the Deep Security Manager informs the relays when new updates are available, the relays get the updates and then the agents get their updates from the relays.

However, if your Deep Security Manager is in an enterprise environment and you are managing computers in a cloud environment, relays in the cloud may not be able to communicate with Deep Security Manager. You can solve this problem by allowing the relays to obtain software updates directly from the Trend Micro Download Center when they cannot connect to the Deep Security Manager. To enable this option, go to Administration > System Settings > Updates and under Software Updates, select Allow Relays to download software updates from Trend Micro Download Center when Deep Security Manager is not accessible.

Remove a cloud account

Removing a cloud provider account from Deep Security Manager permanently removes the account from the Deep Security database. Your account with your cloud provider is unaffected and any Deep Security agents that were installed on the instances will still be installed, running, and providing protection (although they will no longer receive security updates.) If you decide to re-import computers from the Cloud Provider Account, the Deep Security Agents will download the latest Security Updates at the next scheduled opportunity.

  1. Go to the Computers page, right-click on the Cloud Provider account in the navigation panel, and select Remove Cloud Account.
  2. Confirm that you want to remove the account.
  3. The account is removed from the Deep Security Manager.