Trend Micro Vision One > Network Security Operations > Network Inventory > Direct Connection > Deploying a Deep Discovery Inspector Virtual Appliance on AWS

Deploying a Deep Discovery Inspector Virtual Appliance on AWS

Trend Micro Vision One can connect to a Deep Discovery Inspector virtual appliance deployed on AWS.

Note:

In order to access and use the Deep Discovery Inspector virtual appliance in AWS, you must already have and continually maintain an active AWS Account on the AWS Marketplace and you are responsible for purchasing and maintaining through such AWS Account, your use of the Amazon Web Service platform/infrastructure that is required for your deployment of a Deep Discovery Inspector virtual appliance.
The following instructions are current as of December 1, 2020. The AWS settings may be different if you are using a newer release of AWS. Refer to the AWS documentation for specific information related to your release.

On the Trend Micro Vision One console, go to Network Security Operations > Network Inventory, and then click Connect Network Sensor.
Under Product, select New Deep Discovery Inspector.
Click Get AMI on Marketplace to open the AWS Marketplace and deploy Deep Discovery Inspector.
The Amazon EC2 console opens.
Initiate the instance launch.
1. In the navigation bar at the top of the screen, select a Region for the instance that meets your needs.
2. From the Amazon EC2 console dashboard, select Launch instance.
Choose the AMI for Deep Discovery Inspector.
1. On the Choose an Amazon Machine Image (AMI) screen, select AWS Marketplace in the left pane.
2. In the search box, search for Trend Micro Deep Discovery Inspector.
3. After the search results appear, click Select for Trend Micro Deep Discovery Inspector <version>.
Choose an Instance Type.
1. On the Choose an Instance Type screen, choose an instance type that meets the minimum specifications based on your licensed model's throughput.
  For details, see the Deep Discovery Inspector AWS Deployment Guide.
2. Choose Next: Configure Instance Details to configure your instance further.
Configure the Instance Details.
1. On the Configure Instance Details screen, change the follow settings.
  - Network: Select the VPC.
  - Subnet: Select the subnet into which to launch your instance. Select a subnet that is planned for the data port subnet.
  - Auto-assign Public IP: Select Disable. Trend Micro recommends that you deploy the Deep Discovery Inspector virtual appliance behind an AWS NAT gateway.
  - Network interfaces: Add a secondary network interface for the Deep Discovery Inspector virtual appliance instance by choosing Add Device.
    
    Important:
    The management port for Deep Discovery Inspector on-premises is fixed at the first NIC port (eth0 in Deep Discovery Inspector). In order to adapt into the AWS environment, the Deep Discovery Inspector virtual appliance has swapped port enumeration for the management port to port 1 (eth1) and data port to port 0 (eth0).
  - Device eth0:
    - Subnet: The subnet has been configured in a previous step.
    - Primary IP: Type a private IPv4 address from the range of your subnet, or leave Auto-assign to let AWS choose a private IPv4 address for you.
  - Device eth1:
    - Subnet: Select a subnet that is planned for the management port subnet.
    - Primary IP: Type a private IPv4 address from the range of your subnet, or leave Auto-assign to let AWS choose a private IPv4 address for you.
    - IPv6 IPs: (Optional) Click Add IP and type an IPv6 address from the range of the subnet, or leave Auto-assign to let AWS choose an IPv6 address for you.
2. Click Next: Add Storage to specify the root volume size of your instance
Add Storage.
1. Specify the following settings on the Add Storage screen.
  - Size: The storage size should meet the minimum specifications based on your licensed model's throughput.
    
    For details, see the Deep Discovery Inspector AWS Deployment Guide.
    
    Note:
    To enlarge the storage size, specify the storage size of the Volume Type: Root. The Deep Discovery Inspector virtual appliance only partitions the storage when the Volume Type is Root. The extra storage will not be used.
  - Volume Type: Use the default value, General Purpose SSD (gp2).
2. Click Next: Add Tags to add some custom tags.
Add Tags.
1. On the Add Tags screen, specify tags by providing the key and value combinations.
  For example, for Key type Name and for Value type vDDI-demo.
2. Click Next: Configure Security Group.

Configure Security Group.

On the Configure Security Group screen, use a security group to define firewall rules for the Deep Discovery Inspector virtual appliance instance.
- To use existing security group, select Select an existing security group, and select your security group.
- To create a new security group, select Create a new security group.

Verify that your selected security group contains the following rules:

Table 1. Inbound Rules
Type	Protocol	Port Range	Source	Reason
SSH	TCP	22	CIDR that can reach your instance	For accessing Deep Discovery Inspector virtual appliance Pre-Configuration console
HTTPS	TCP	443	CIDR that can reach your instance	For accessing Deep Discovery Inspector virtual appliance management console
Custom UDP	UDP	4789	CIDR of your mirror source or the NLB	For VXLAN traffic required by AWS traffic mirror
Custom TCP	TCP	14789	CIDR of NLB	Implemented by the Deep Discovery Inspector virtual appliance for answering NLB health check

Note:

Outbound Rules: Rules in default security group allow all traffic. The Deep Discovery Inspector virtual appliance works well with default outbound rules. The following exceptions may occur:

For some organizations, whose policies may need more specific protocols and port numbers, see Chapter 2: About Your System > Ports Used by the Appliance in the Deep Discovery Inspector Installation and Deployment Guide.
For some organizations, whose infrastructures may need an outbound proxy with domains allowed to access the internet, see Deep Discovery Inspector Administrator's Guide for detailed addresses.

Click Review and Launch.

Review Instance Launch and select key pair.
1. On the Review Instance Launch screen, check the details of your instance, and make any necessary changes by choosing the appropriate Edit link.
2. Click Launch.
3. In the Select an existing key pair or create a new key pair dialog box, select Proceed without a key pair.
4. To launch your instance, select the acknowledgment check box, then click Launch Instances.
Wait for the Deep Discovery Inspector virtual appliance to become ready.
Note:
The Deep Discovery Inspector virtual appliance takes about 15 minutes to become ready.
1. View the Deep Discovery Inspector installation progress by using the following steps:
  1. In the left navigation page, click Instances.
  2. Select the Deep Discovery Inspector virtual appliance instance.
  3. Select Actions > Instance Settings > Get Instance Screenshot.
  For more information, see https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/launching-instance.html.
2. When the Deep Discovery Inspector virtual appliance preconfiguration console appears, then Deep Discovery Inspector is ready.
View or configure the Deep Discovery Inspector network settings.
1. Open the Amazon EC2 console at https://console.aws.amazon.com/ec2/.
2. In the navigation pane, select Instances.
3. Select the Deep Discovery Inspector virtual appliance.
4. Select Actions > Networking > Manage IP Addresses.
5. Expand eth1. The Private IP Address is the IP address of the management console for the Deep Discovery Inspector virtual appliance.
Connect Deep Discovery Inspector to Trend Micro Vision One.
For more information, see Connecting a Deployed Deep Discovery Inspector.
Configure Deep Discovery Inspector.
At https://docs.trendmicro.com/en-us/enterprise/deep-discovery-inspector.aspx, see the Deep Discovery Inspector AWS Deployment Guide for different deployment options and see the Deep Discovery Inspector Administrator's Guide for details about configuring and administering Deep Discovery Inspector.

Tip:
Configure Sandbox as a Service to send Virtual Analyzer Suspicious Objects and Virtual Analyzer Results to Trend Micro Vision One.

For more information, see Deep Discovery Inspector Virtual Appliance Integration with Sandbox as a Service and Trend Micro Vision One
(Optional) Configure your network sensor with the Network Inventory Service.
To access Network Analytics reports from the Workbench app, you must first configure specific product settings.

For more information, see Configuring Directly Connected Network Sensors.