Piszki Lab | EN

My case study in the clouds…

vRealize Operations Manger 6: Trend Micro Deep Security Management Pack

2015/05/25 by Piotr Pisz | 11 Comments

On the VMware VSX we can find an interesting addition to vRealize Operations Manager, this is the Trend Micro Deep Security Management (pack). The installation manual is clearly written that last supported version is really VMware Operations Manager 5.8.4. Fortunately this is partly true, after a slight modification in the script that installs the DSM certificate, can safely install the whole solution and use in vRealize Operations Manager 6.0.1. The procedure is very simple and does not differ greatly from the official installation instructions.

vcops5

In the first step we have to log in through the console to vROPS, set a password for root and enable SSH. In the console need to switch screen (ALT + F1), the root password is blank (just press enter).

vcops1

After running SSH, copy to vROPS import-cert script and Deep Security Manager certificate (if you have more in the cluster that is enough from one node). In the next step we need to modify the script to proper install the certificate in keystore or do it manually.

Line: KEYSTORE=”$ALIVE_BASE/user/conf/truststore”

Replace on: KEYSTORE=”/storage/vcops/user/conf/ssl/tcserver.truststore”

Password for keystore is in the file:

/storage/vcops/user/conf/ssl/storePass.properties (place them in a script instead of a password “oxygen”).

Run the script and install the certificate:

vcops2

In the next step, we install DeepSecurityAdapter-1.0.0.pak in vRealize Operations Manager (Administration -> Solutions -> +). If you have more than one instance of vROPS (cluster) in during adapter configuration, you must choose the correct node (ie that on which you installed the DSM certificate).

vcops3

After waiting time required for the analysis, we enjoy information on relevant dashboards.

vcops4

EDIT 2016.03.02:

A new version of Deep Security Management Pack for vRealize Operations 6.x is available from Trend Micro (please email to deepsecurityvrops[at]trendmicro.com). Installation is exactly the same as the older version (including errors in the file importcert). The new version includes three Dashboards:

vrops

 

And it works without any problem with vCenter 6, vRO 6.2 and DSM 9.6.

Rate this article:
[Total: 1    Average: 5/5]

Author: Piotr Pisz

Computer always, since I got a Commodore 64 at the end of primary school, through his beloved Amiga and Linux infinite number of consoles, until today, fully virtual day. Since 2001, Unix/Linux Systems Administrator, for seven years a faithful companion and protector of Solaris system, until his sad end. In the year 2011 came in the depths of virtualization, then smoothly ascended into the clouds and continues there today. Professionally working as Systems Architect in the Polish Security Printing Works.

11 Comments

Leave a reply →

  1. Herbert
    2015/11/18 at 12:12

    Hi Piotr!

    Have you tried vROPs 6.1 also?
    My vROPs 6.1 / DS 9.6 connection throws an Error: connecting to DSM: ; nested exception is: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

    I’ve experimented with vcenter cert and intermediate / root ca certs inside the java keystore without success.

    best regards
    Herbert

    Reply
    • Piotr Pisz
      2015/11/18 at 12:48

      Hello Herbert,
      I have vROPS 6.1 (upgraded from 6.0) and DS 9.5.3, there is no problem with this configuration. In my lab I have 6.1/9.6 with VMCA as intermediate but I have not tested here this management pack. This error indicates that you need to have both certificates (ca and intermediate) in the both keystores (in vRO and DS).
      Regards,
      Piotr

      Reply
  2. Herbert
    2015/11/19 at 21:07

    Cześć Piotr!

    Sadly the chain is valid in both keystores. We will try to reproduce it with 6.0/9.6 asap.

    dziękuję
    Herbert

    Reply
    • Piotr Pisz
      2015/11/20 at 10:47

      Proszę bardzo :-)

      In my laboratory has exactly the same case as yours, I failed so far to jump this error with ssl :(
      I add certs to trusted store and to /etc/ssl/certs without success.
      Let me know how you succeed.

      Regards,
      Piotr

      Reply
  3. Fernando Silva
    2015/12/18 at 19:18

    Hi Herbert.

    Change the truststore to /storage/vcops/user/conf/ssl/tcserver.truststore and get the password on /storage/vcops/user/conf/ssl/storePass.properties and restart the vROps.

    Reply
  4. Herbert
    2016/02/12 at 00:51

    Hi Fernando,

    Don’t ask me why, but now with vROPs 6.2 and Deepsecurity Mgmt Pack 6 everything is working as expected.

    regards
    Herbert

    Reply
  5. Herbert
    2016/02/16 at 10:35

    Update:

    If you want to try the newest management pack from trend, supported with vROPs 6.x, contact ‘rick_abbott [at] trendmicro.at’ or ‘deepsecurityvrops [at] trendmicro.com’. He wants to keep track of the customers using it.
    Included is also a Loginsight content pack.

    regards
    Herbert

    Reply
  6. Haikal Shiddiq
    2016/03/02 at 09:42

    Dear Piszki,

    I try your step and i stuck on this step : run the command Enter the full path to the Deep Security Manager Certificate and i don’t have the putrend1.cert on the root directory of vROPs.

    Can you share to me how to install or run this script (/root/putrend1.cert) ?

    Thank you.

    Reply
    • Piotr Pisz
      2016/03/02 at 10:09

      Hi Haikal,

      putrend1.cert is name of my certificate, you need to copy your own SSL cert from your DSM and then name it as you wish :-)
      Next, edit importcert and replace this line: CERT=”/root/TrendMicro/manager.cer” with your cert.

      Regards,
      Piotr

      Reply

Leave a Reply

Required fields are marked *.


.

Enjoyed the post? Support Piszki Lab | EN, click on the AD! :-)

.