Deploying a Virtual Network Sensor with Hyper-V

Views:

Learn how to deploy your own Virtual Network Sensor with Microsoft Hyper-V.

Virtual Network Sensor is a lightweight network sensor that scans your network activity and feeds network activity data to Trend Vision One and allows you to discover unmanaged assets and gain a holistic view of your attack surface. Before using the features of Network Security, you need to set up your Virtual Network Sensor and connect your sensor to Trend Vision One.

Important

If the throughput exceeds 2000 Mbps, Trend Micro recommends configuring your Virtual Network Sensor using a PCI passthrough that is compliant with the following drivers: Broadcom tg3 and bnxt_en, and Intel i40e, igb, ixgbe, and e1000.

Note

Before deploying the Virtual Network Sensor, ensure that you have adequate system resources and prepare the following:

Sufficient privileges (administrator) to execute the PowerShell script successfully
Hyper-V environment for hosting a virtual appliance (at least 8 GB RAM, 2 virtual CPUs, and 50 GB of disk space)
The host CPU should provide instruction sets which satisfy x86-64-v2 microarchitecture levels, including the following instruction sets:
- Streaming SIMD Extensions 4.2 (SSE4.2)
- Supplemental Streaming SIMD Extensions 3 (SSSE3)
- POPCNT
- CMPXCHG16B
The destination folder for the Virtual Network Sensor instance (which may require administrator permission for access)
Virtual switch for the management port
Virtual switch for the data port
Software requirements: Hyper-V role

Procedure

On the Trend Vision One console, go to Network Security → Network Inventory → Virtual Network Sensor.
Click Deploy Virtual Network Sensor.

The Virtual Network Sensor Deployment panel appears.
Select Hyper-V from the disk image type dropdown.
Click Download Disk Image.
Extract the installation package zip file.
Run the PowerShell CLI.
Type the command [path]\VirtualNetworkSensor_hyperv_image.[version]\.

Replace [path] with the filepath location and [version] with the sensor version.

For example, if you extracted version 1.0.12 to your desktop, type the command:

C:\Users\[user]\Desktop\VirtualNetworkSensor_hyperv_image.1.0.12\
Type the command .\vns_deploy.ps1 to run the Virtual Network Sensor setup wizard.

The Virtual Network Sensor setup wizard appears.
On the Deployment Overview screen, review the steps and click OK to begin configuring the deployment.
Select a preset deployment configuration you want to use based on your expected throughput requirements, then click OK.
Specify the location to store the Virtual Network Sensor on the host machine, then click OK.
Select a virtual switch for the management port and click OK.
Select a virtual switch for the data port and click OK.
Set the administrator password.
The password must contain:
- 12 to 32 characters
- At least one uppercase letter (A-Z)
- At least one lowercase letter (a-z)
- At least one number (0-9)
- At least one special character: ~!`@#$%^&*()/_+=[]{}-\|<>',.?:;"
Click OK.
Review the configuration, and click OK to create the instance.

The script creates the instance automatically. The process might take a few minutes to complete. When finished, PowerShell displays MAIN: All tasks completed!
After creation finishes, go to the Hyper-V Manager.
Power on the Virtual Network Sensor.

Your Virtual Network Sensor finishes setting up and automatically connects to Network Inventory.

To confirm that your Virtual Network Sensor has successfully deployed, access the Trend Vision One and go to Network Security → Network Inventory → Virtual Network Sensor to view information about your deployed Virtual Network Sensor.

Tip

For information about troubleshooting Virtual Network Sensor, see Virtual Network Sensor CLI commands.
The Virtual Network Sensor default IP allocation is DHCP. For more information about changing the IP settings and registering manually, go to Virtual Network Sensor FAQs.