Skip navigation

This is going to be a long post regarding vShield Endpoint and Trend Micro Deep Security 7.5. In this post, I will go through What is Endpoint, DP 7.5. How to install and basic configuration. How system work and performance comparison between two Trend products. Deep Security and OfficeScan.

Like what I said, this is going to be a long post. Let’s turn to Page one. 😉

In my past posts, I have describe what vShield is and different modules of vShield. You can find my previous post from here.

What is vShield Endpoint?

Let’s take a look what vShield is.

Strengthen security for virtual machines and their hosts while improving performance by orders of magnitude for endpoint protection, with VMware vShield Endpoint, part of the VMware vShield family. Offload antivirus and anti-malware processing to dedicated security-hardened virtual machines delivered by VMware partners. Leverage existing investments and manage antivirus and anti-malware policies for virtualized environments with the same management interfaces as physical environments.

  • Streamline and accelerate antivirus and anti-malware deployment
  • Improve virtual machine performance and eliminate antivirus and anti-malware bottlenecks
  • Reduce risk by eliminating agents susceptible to attack and enforce remediation more easily
  • Satisfy audit requirements with detailed logging of antivirus and anti-malware activities

This is what you can read from vmware.com. But what vShield Endpoint real does is a set of common interface or opening window to let third Party Anti-virus virtual appliance to scan/query memory of ESX host. If  you do remember what Vmware said about memory of each individual VM is secured separated for each VM. Well, vShield Endpoint is a back door to allow certain VM (like virtual appliance) to access all VMs memory at same time. As we all know, all information has to go through memory. Regardless it is opening ports or data saved on the virtual harddisk. However, it ain’t entire solution. As matter of fact, it can only do part of solutions. It can open window to AV appliance to scan memory, use firewall rule to deny unwanted access but it doesn’t understand registry key and logic structure of your servers.

How does vShield Endpoint work?

trenddp_03

The endpoint doesn’t have it’s own VM in the system unlike vApp and Edge. Well, in fact it does require a virtual appliance but it’s provided by third party.

Endpoint will install a special module in your ESX.

trenddp_01

This module will read data from protected VM and handled it to third party appliance to check virus/malware. This third party will sit in a secured vSwitch which will only be accessed by special module in ESX host. From protected VM angle, CPU usage is very low and memory utilization is low as well. The resource consumption has been transferred and reduced to AV appliance. But it doesn’t mean Hard disk are not used. We will discuss it in performance section.

What you need to do is to enable Endpoint on your host. Install Endpoint driver (or thin agent) on VMs you want to protect. Then, install third party appliance and everything will be fine.

How to install vShield Endpoint?

This procedure is similar as vEdge and vApp.

trenddp_04

trenddp_05

trenddp_06

Once you have install everything including Endpoint, and thirdparty of Antivirus. You will see something like this.

trenddp_07

Well, for more details, please wait for second post. I will review Trend Micro Deep Security 7.5 and how to install, configure.

Advertisements

One Comment

  1. Hi,
    I just deployed this and your instructions helped alot to clarify certain things and with the proper steps needed to be taken. So far it’s going very well, however, I noticed all my VMs coming up with the following alarm “EPSec VM Status” I can reset the alarm, but in the vShield Zones page it still show up.
    Did you by any chance in your past deployments notice such a thing? and if so, how did you resolve it.
    I have the following environment:
    vCenter 4.1 U1 with View Composer 2.6
    VMware View 4.6.0 (latest build)
    vShield EndPoint Security
    TrendMicro Deep Security AV 7.5.x
    Thanks in advance.
    Najeeb


4 Trackbacks/Pingbacks

  1. […] This post was mentioned on Twitter by VM Digest, Silver Chen. Silver Chen said: VMware vShield Endpoint and Trend Micro Deep Security 7.5 understanding Part 1: http://wp.me/pVbEv-bT […]

  2. […] GeekSilver's Blog http://www.geeksilverblog.com About « VMware vShield Endpoint and Trend Micro Deep Security 7.5 understanding Part 1 […]

  3. By Welcome to vSphere-land! » Security Links on 22 Apr 2011 at 3:57 am

    […] for a virtual firewall (SearchVMware) Top 10 VMware security tips for vShield users (SearchVMware) VMware vShield Endpoint and Trend Micro Deep Security 7.5 understanding Part 1 (GeekSilver) VMware vShield Endpoint and Trend Micro Deep Security 7.5 understanding Part 2 […]

  4. […] Please click here to see how to do it. […]

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: