Deploying a Virtual Network Sensor with KVM | Trend Micro Service Central

Views:

Learn how to deploy your own Virtual Network Sensor on Red Hat Enterprise Linux 9.2 with KVM.

Virtual Network Sensor is a lightweight network sensor that scans your network activity and feeds network activity data to Trend Vision One and allows you to discover unmanaged assets and gain a holistic view of your attack surface. Before using the features of Network Security, you need to set up your Virtual Network Sensor and connect your sensor to Trend Vision One.

Important

If the throughput exceeds 2000 Mbps, Trend Micro recommends configuring your Virtual Network Sensor using a PCI passthrough that is compliant with the following drivers: Broadcom tg3 and bnxt_en, and Intel i40e, igb, ixgbe, and e1000.

Note

Before deploying the Virtual Network Sensor, ensure that you have adequate system resources and prepare the following:

KVM environment for hosting a virtual appliance (at least 8 GB RAM, 2 virtual CPUs, and 50 GB of disk space)
Root privileges
The destination folder for the Virtual Network Sensor instance (which may require administrator permission for access)
Virtual switch for the management port
Virtual switch for the data port
Console access on virt-manager or virt-viewer
Software requirements: libvirt version 8.0.0, QEMU version 6.2.0, and virt-install version 3.2.0

Procedure

In the Red Hat Enterprise Linux 9.2 environment (KVM host), install the required software.
On the KVM host CLI, ensure that you have root privileges and create your destination folder and the data and management ports.
On the Trend Vision One console, go to Network Security → Network Inventory → Virtual Network Sensor.
Click Deploy Virtual Network Sensor.

The Virtual Network Sensor Deployment panel appears.
Select KVM from the disk image type dropdown.
Set the Admin password and confirm the password.
The password must contain the following:
- 12 to 32 characters
- Both uppercase and lowercase characters
- At least one number (0-9)
- At least one special character: ~!`@#$%^&*()/_+=[]{}-\|<>',.?:;" or space
Note

This step is used to set the default admin password to access the Virtual Network Sensor command line interface after deployment.
Click Download Disk Image.
Extract the disk image zip file.
On the KVM host CLI, execute $ cp -a cacert.pem checksum checksum.p7 vns_deploy.sh vns_meta.iso \vns_system.qcow2 <destination_folder>/ to copy the files to the destination folder.
Execute $ bash ./vns_deploy.sh --mgmt <mgmt_network> --data <data_network> to deploy Virtual Network Sensor.

Your Virtual Network Sensor deploys and automatically connects to Network Inventory.

To confirm that your Virtual Network Sensor has successfully deployed, go to Network Security → Network Inventory → Virtual Network Sensor on the Trend Vision One console to view information about your deployed Virtual Network Sensor.

Tip

For information about troubleshooting Virtual Network Sensor, see Virtual Network Sensor CLI commands.
The Virtual Network Sensor default IP allocation is DHCP. For more information about changing the IP settings and registering manually, go to Virtual Network Sensor FAQs.