Deploying the Private Access Connector on VMware ESXi

Connect your VMware ESXi applications with Zero Trust Secure Access Private Access and prevent unauthorized intrusions.

Private Access Connectors connect your internal applications with Zero Trust Secure Access Private Access, which allows you to control access to sensitive corporate resources. To ensure high availability (HA) and facilitate load-balancing on high traffic apps, install and group together at least 2 connectors in each environment. Before attempting to deploy the Private Access Connector, ensure that your environment meets the minimum system requirements.

  1. In the Trend Micro Vision One console, go to Zero Trust Secure Access > Secure Access Configuration > Private Access Configuration.
  2. For customers that need to create a new connector group, click Add Private Access Connector Group.
    1. Provide a unique name and description for the group.
    2. Click Save.
  3. Locate your Connector group name in the list and click the New connector () icon.

    The Private Access Connector Virtual Appliance panel appears.

  4. Select VMware ESXi from the Platform list.
  5. Click Download Disk Image to download the OVA file.

    Verify that the file name and extension are: TrendMicroVisionOne-PrivateAccessConnector.ova

  6. Copy the Registration token for later use.
    Important:

    The Registration token is only valid for 7 days. If the token expires, you must start again.

  7. In your VMware environment, create the virtual machine.
    Important:

    The steps contained in these instructions were valid as of July 2022 for the vSphere Client.

    1. Sign in to the web vSphere Client, click ACTIONS, and then click Deploy OVF Template....

      The Deploy OVF Template screen appears.

    2. Under Select an OVF template, click Local file, select the OVA file downloaded from the Trend Micro Vision One console, and then click NEXT.
    3. Under Select a name and folder, specify a unique name and target location for the Private Access Connector virtual appliance, and then click NEXT.
    4. Under Select a computer resource, select a destination computer resource and click NEXT.
    5. Under Review details, verify the template details and click NEXT.
    6. Under Select storage, select the disk location and click NEXT.
    7. Under Select networks, select a destination network and click NEXT.
    8. Under Ready to complete, review and confirm the settings and click FINISH.
      Note:

      The process may take around two minutes to complete.

  8. Click the green Power On button on the top to power on the virtual machine, and then click the console button to open the virtual machine console.
  9. Sign in to the Private Access Connector virtual appliance with the default credentials.

    User name: admin

    Password: saseztna

  10. Enter the Command Line Interface (CLI), run the following command, and then press the Enter key to change your password:

    passwd

    The default password is saseztna. Your new password cannot be the same as the default password.

    The admin user and privileged mode share the same password.

  11. Type enable and then press the Enter key to enter privileged mode. Provide the updated password when asked.

    The command prompt changes from > to #.

  12. Use the CLI to configure the required network settings.

    After the Private Access Connector is installed, the default IP assignment method for your Ethernet interface is DHCP.

    To view the interface information, run the following command:

    ifconfig

    If your organization does not use a DHCP server, manually configure the static IP address, static route, and DNS server for your interface. For more information on available commands, see Private Access Connector CLI Commands.

  13. (Optional) Run the following command to change the time zone of the Private Access Connector:

    configure timezone <timezone>

    The default time zone is America/Los_Angeles.

  14. Check whether the Private Access Connector can connect to the NTP server 0.pool.ntp.org.

    The Connector requires connectivity to an NTP server to synchronize its clock. By default, Trend Micro Vision One uses the public NTP server 0.pool.ntp.org. You can also configure the Connector to connect to another public NTP server or a local NTP server within your organization.

    Run the following command to configure the NTP server: configure ntp server <address>

    Note:

    To use public NTP servers, make sure that your firewall configuration allows outbound UDP traffic on port 123.

  15. Run the following command to register the Private Access Connector virtual appliance to Trend Micro Vision One:

    register <registration_token>

    You can obtain the token from the same screen you downloaded the virtual appliance on Trend Micro Vision One.

    Note:
    • If your environment uses a local Network Time Protocol (NTP) server, make sure the NTP server synchronizes with the local time for successful registration.

    • Trend Micro recommends using an SSH client to easily copy and paste the registration token.

  16. Use the CLI to configure other settings, if required.

    For more information on available commands, see Private Access Connector CLI Commands.

    After successful deployment, the Private Access Connector virtual appliance appears under the corresponding connector group on the Private Access Connectors tab.