Deep Security 12 FR has reached end of support. Use the version selector (above) to see more recent versions of the Help Center.
Before deploying the appliance
Before you deploy the Deep Security Virtual Appliance, complete the tasks below.
Review system requirements and supported NSX versions
- Review this table to see which NSX licenses and versions are supported.
- Review these system requirements.
Set up communication
- Allow inbound and outbound communication to and from the appliance on the appropriate port numbers. See Deep Security port numbers.
- Make sure the virtual appliance—known as a 'service VM' in VMware terminology—can communicate with the partner Service Manager (console) at the management network level. For details, see this NSX 3.0 help page, this NSX-T 2.5 help page, or this NSX-V help page.
Upgrade from NSX-T 2.5.x to NSX-T 3.x
Support for NSX-T 2.5.x is ending soon, so you must upgrade to NSX-T 3.x as soon as possible.
NSX-T 3.x's networking functionality is supported by Deep Security, which means you'll have access to more Deep Security features than you did with NSX-T 2.5.x. See this table for details.
To upgrade NSX-T, proceed in this order:
- Upgrade NSX-T 2.5.x to 3.x. See your VMware documentation for details.
- Install Deep Security Manager to 12 FR 2020-06-17 or later. See Install Deep Security Manager for details.
- Remove and re-add vCenter if you added it. This will register the new services. If you haven't added vCenter to the manager, you can ignore this step.
You have now upgraded NSX-T. You can now continue with the appliance deployment.
(Optional) Install Deep Security Agents
- If the features you want are not available agentlessly, install agents on your VMs and use 'combined mode' so that protection duties are shared by the virtual appliance and agent.
- If you configured guest VMs to have direct access to a network card, install agents on those VMs. In this case there is no opportunity to intercept packets and an in-guest agent is preferable. See Choose agentless vs. combined mode protection for details.
(Optional) Configure high-availability
If you want to use VMware Distributed Resource Scheduler (DRS) for high availability (HA), configure DRS.
Next steps
You are now ready to deploy the appliance. Proceed to one of these pages depending on your VMware environment: