Deploying a Deep Discovery Inspector Virtual Appliance

Deep Discovery Inspector supports deployment on VMware ESXi, Microsoft Hyper-V, and CentOS KVM.

For more details about the specific versions of hypervisors supported by Deep Discovery Inspector, see the Deep Discovery Inspector (Virtual Appliance) Installation section in the Deep Discovery Inspector Installation and Deployment Guide at https://docs.trendmicro.com/en-us/enterprise/deep-discovery-inspector.aspx.

  1. On the Trend Micro Vision One console, go to Inventory Management > Network Inventory, and then click Connect Network Sensor.

    The Connect Network Sensor panel appears.

  2. For Product, select New Deep Discovery Inspector.
  3. Read the End User License Agreement and check I agree to the End User License Agreement to accept the agreement.
  4. Click Download Disk Image to download the Deep Discovery Inspector disk image (ISO file).
    Important:
    Each disk image is specific to your company. The company-specific disk images have the following configuration already applied:
    • Deep Discovery Inspector Activation Code for licensing

    • Deep Discovery Director token for integration

    • (Optional) Trend Micro Sandbox as a Service (Virtual Analyzer) Activation Code for licensing

    If Trend Micro Vision One is unable to provide a company-specific disk image, a notification will appear after you click Download Disk Image. When this occurs, you will need to activate Deep Discovery Inspector and connect to Trend Micro Vision One after completing this task.

    For more information, see Connecting a Deployed Deep Discovery Inspector.

    Tip:

    Click Copy disk image SHA-256 hash value and then use this value to verify that the downloaded disk image is authentic.

  5. Create a virtual machine.

    Trend Micro recommends the following minimum specifications.

    • Virtual CPUs: 12

      Note:

      The virtual CPUs require a minimum speed of 2.5 GHz with hyper-threading support, Virtualization Technology (VT), and 64-bit architecture.

    • Virtual Memory: 32 GB

    • Virtual Disk: 1000 GB

    • Virtual NICs: 3

      Note:

      Trend Micro recommends using the VMXNET 3 network adapter on ESXi, and the VirtIO or E1000 network adapters on CentOS KVM.

  6. Start the virtual machine.
  7. Mount the Deep Discovery Inspector disk image (ISO file) in the virtual machine.
  8. Restart the virtual machine.

    The Installation DVD screen appears.

  9. Press ENTER. When installing Deep Discovery Inspector through a serial connection, type serial and press ENTER. The System Information screen appears.
  10. Perform the following tasks:
    1. (Optional) To show system information, type 0 and press ENTER.
    2. (Optional) Perform a system requirements check.

      To skip the system requirements check, type 2 and press ENTER.

      By default, the installer performs a system requirements check before installing Deep Discovery Inspector to confirm that the appliance has the necessary resources to run the product.

      Skip the system requirements check to test the product in a controlled environment before installing it on the network.

    3. Start the installation.

      To start installing Deep Discovery Inspector, type 1 and press ENTER.

    4. Obtain installation logs.

      To obtain installation logs (used for troubleshooting installation problems), type 3 and press ENTER.

    The Management Port Selection screen appears.
    Figure 1. Management Port Selection
    Note:

    Deep Discovery Inspector automatically detects the active link cards (indicated by Link is UP) available for use as a management port.

  11. Perform the following tasks:
    1. Verify that the network port status and the actual port status match.

      If a status conflict exists, select Re-detect and press ENTER.

    2. To determine which active link card is connected to the management domain, perform the steps listed on the Management Port Selection screen.
    3. Select an active link card and press ENTER.
    Installation continues and completes.
    Figure 2. Export Installation Logs
  12. Note:

    If you enabled installation log export on the System Information screen, a list of storage devices is displayed on the Export Installation Logs screen.

    To save the exported installation logs, perform the following tasks:
    1. Select a storage device and press ENTER.
    2. When the installation log file name appears, press ENTER.
      Tip:

      Trend Micro recommends saving exported installation logs to sda11.

      Note:

      Record the file name for future reference.

      The file name is in the following format:

      install.log.YYYY-MM-DD-hh-mm-ss

    3. If the preferred device is not listed, verify that it is connected to the appliance by doing the following:
      1. Navigate to Re-detect.

      2. Press ENTER to refresh the list.

    The system automatically restarts and the preconfiguration console appears.

  13. Unmount the ISO to prevent reinstallation.
  14. Configure the Deep Discovery Inspector network settings.
    1. In the preconfiguration console, type the default password, admin, and press ENTER twice.

      The preconfiguration console main menu appears.

    2. To access the device settings, type 2 and then press ENTER.

      The Device Settings screen appears.

    3. Configure the network settings.
      Tip:

      The IP address that you configure on the Device Settings screen is the management console address.

    4. After configuring the device settings, go to Return to main menu and press ENTER.
    5. To save the settings, type 6 and then press ENTER.
  15. Configure the detection settings.
    1. From a network workstation, open a supported browser
    2. In the browser, go to the management console IP address.

      The Log On screen appears.

    3. Click Log On.

      The Change Password window appears.

    1. Type a new password and click Save.

      The Setup Guide window appears.

    2. Follow the on-screen setup guide to configure Deep Discovery Inspector.
  16. Verify that the sensor has connected to Trend Micro Vision One and perform additional integration steps if necessary.
    Note:

    Use the following steps to verify the integration.

    Some company-specific images automatically activate Deep Discovery Inspector and connect the network sensor to Trend Micro Vision One.

    If your company-specific image does not automatically activate Deep Discovery Inspector and connect the network sensor, then perform the steps in Connecting a Deployed Deep Discovery Inspector.

    1. On the Trend Micro Vision One console, go to Inventory Management > Network Inventory.
    2. Verify that the network sensor appears in the Network Inventory.

      It may take several minutes for the network sensor to appear in the Network Inventory. Additionally, when Deep Discovery Inspector is trying to connect to Trend Micro Vision One, a global notification appears in the Deep Discovery Inspector management console.

      If the network sensor is not in the Network Inventory, connect the network sensor.

      For more information, see Connecting a Deployed Deep Discovery Inspector.

  17. Configure Deep Discovery Inspector.

    At https://docs.trendmicro.com/en-us/enterprise/deep-discovery-inspector.aspx, see the Deep Discovery Inspector Administrator's Guide for details about configuring and administering Deep Discovery Inspector.

  18. (Optional) Configure your network sensor with the Network Inventory Service.

    To access Network Analytics reports from the Workbench app, you must first configure specific product settings.

    For more information, see Configuring Network Sensors with Network Inventory Service.