Before deploying the appliance

Before you deploy the Deep Security Virtual Appliance, complete the tasks below.

Review system requirements and supported NSX versions

Set up communication

  • Allow inbound and outbound communication to and from the appliance on the appropriate port numbers. See Deep Security port numbers.
  • Make sure the virtual appliance—known as a 'service VM' in VMware terminology—can communicate with the partner Service Manager (console) at the management network level. For details, see this NSX 3.0 help page, this NSX-T 2.5 help page, or this NSX-V help page.

Upgrade from NSX-T 2.5.x to NSX-T 3.x

Support for NSX-T 2.5.x is ending soon, so you must upgrade to NSX-T 3.x as soon as possible.

NSX-T 3.x's networking functionality is supported by Deep Security, which means you'll have access to more Deep Security features than you did with NSX-T 2.5.x. See this table for details.

To upgrade NSX-T, proceed in this order:

  1. Upgrade NSX-T 2.5.x to 3.x. See your VMware documentation for details.
  2. Install Deep Security Manager to 12 FR 2020-06-17 or later. See Install Deep Security Manager for details.
  3. Remove and re-add vCenter if you added it. This will register the new services. If you haven't added vCenter to the manager, you can ignore this step.

You have now upgraded NSX-T. You can now continue with the appliance deployment.

(Optional) Install Deep Security Agents

  • If the features you want are not available agentlessly, install agents on your VMs and use 'combined mode' so that protection duties are shared by the virtual appliance and agent.
  • If you configured guest VMs to have direct access to a network card, install agents on those VMs. In this case there is no opportunity to intercept packets and an in-guest agent is preferable. See Choose agentless vs. combined mode protection for details.

(Optional) Configure high-availability

If you want to use VMware Distributed Resource Scheduler (DRS) for high availability (HA), configure DRS.

Next steps

You are now ready to deploy the appliance. Proceed to one of these pages depending on your VMware environment: