How to install and configure Trend Micro Deep Security as a Service on an Azure VM
This article shows you how to install and configure Trend Micro Deep Security as a Service on a new or existing virtual machine (VM) running Windows Server. The protection that Deep Security as a Service provides includes anti-malware protection, firewall, intrusion prevention system, and integrity monitoring.
The client is installed as a security extension by using the VM Agent. On a new virtual machine, you'll install the VM Agent along with the Deep Security Agent. On an existing virtual machine that doesn't have the VM Agent, you'll need to download and install it first. This article covers both situations.
If you have existing subscription from Trend for an on-premises solution, you can use it to protect your Azure virtual machines. If you're not a customer yet, you can sign up for a trial subscription. For more information about this solution, see the blog post Microsoft Azure VM Agent Extension For Deep Security.
Install the Deep Security Agent on a new virtual machine
The Azure Management Portal lets you install the VM Agent and the Trend security extension when you use the From Gallery option to create the virtual machine. Using this approach is an easy way to add protection from Trend if you're creating a single virtual machine.
This From Gallery option opens a wizard that helps you set up the virtual machine. You use the last page of the wizard to install the VM Agent and Trend security extension. For general instructions, see Create a Virtual Machine Running Windows Server. When you get to the last page of the wizard, do the following:
Under VM Agent, check Install VM Agent.
Under Security Extensions, check Trend Micro Deep Security Agent.
Click the check mark to create the virtual machine.
Install the Deep Security Agent on an existing virtual machine
To do this, you'll need the following:
Open an Azure PowerShell session and run the following commands. Be sure to substitute your own values for the placeholders, such as MyServiceName.
Get the cloud service name, virtual machine name, and VM and store each of those in variables so the next commands can use them:
$servicename = MyServiceName
$name = MyVmName
$vm = Get-AzureVM -ServiceName $servicename -Name $name
If you don't know the cloud service and VM name, run Get-AzureVM to display that information for all VMs in the current subscription.
Add the Deep Security Agent to the virtual machine:
Set-AzureVMExtension -Publisher TrendMicro.DeepSecurity -ExtensionName TrendMicroDSA -VM $vm.VM
If you want to install a specific version, run the following command to get a list of available versions:
Get-AzureVMAvailableExtension TrendMicro.DeepSecurity -ExtensionName TrendMicroDSA. Then, include the Version parameter when you run Set-AzureVMExtension.
Update the VM, which installs the Deep Security Agent:
Update-AzureVM -ServiceName $servicename -Name $name -VM $vm.VM
After the agent is installed, it takes a few minutes to start running. After that, you'll need to activate Deep Security on the virtual machine so it can be managed by a Deep Security Manager. See the following:
How to Log on to a Virtual Machine Running Windows Server