VMware Networking Community
jaelae
Enthusiast
Enthusiast
‎05-18-2017 06:36 PM
Jump to solution

NSX 6.3 Upgrade - Guest Introspection and Trend Deep Security Requirements

In previous upgrades of NSX, I ended up having disabled things like Trend Deep Security and Guest Introspection (by removing them from the clusters). However, I don't believe this is entirely necessary based on reading through NSX documentation. As far as Guest Introspection, it is my understanding that this should be left alone during the NSX upgrade from 6.2.4 to 6.3.1. Once upgraded on the Manager, Controllers, and Hosts - Guest Introspection should prompt for an in place Upgrade.

However, what is not clear is when I use a third party application like Trend Deep Security. This creates another set of VMS on each cluster leveraging guest introspection for Antivirus scans on the host level. I am concerned with an issue occurring during the upgrade if I leave Trend enabled. Should this be removed and readied after upgrade is complete?

My main hesitation is that Trend, when installed on a running cluster, will not protect VMS that are currently on it. You then have to manually activate each VM or vMotion VMS for them to trigger the activation.

0 Kudos
1 Solution

Accepted Solutions
Sreec
VMware Employee
VMware Employee
‎05-20-2017 12:14 PM
Jump to solution

Firstly we need to verify third party security appliances are compatible with upgraded version and only based on that you might need to upgrade respective Management security software(in this case trend) and redeploy the  respective security VM's running on each host. There is a good documentation from Trend on this topic ->

http://docs.trendmicro.com/all/ent/ds/v9.6/en-us/Deep_Security_96_Install_Guide_nsx_EN.pdf

From NSX perspective the recommended order for upgrade is  like this  NSX Manager —>Controllers—> NSX Host Clusters —> DLR—> Guest Introspection ,there is always impact while each component is going through the upgrade cycle and  in your case during guest introspection upgrade process VM's will not be protected.

Cheers,
Sree | VCIX-5X| VCAP-5X| VExpert 7x|Cisco Certified Specialist
Please KUDO helpful posts and mark the thread as solved if answered

View solution in original post

0 Kudos
1 Reply
Sreec
VMware Employee
VMware Employee
‎05-20-2017 12:14 PM
Jump to solution

Firstly we need to verify third party security appliances are compatible with upgraded version and only based on that you might need to upgrade respective Management security software(in this case trend) and redeploy the  respective security VM's running on each host. There is a good documentation from Trend on this topic ->

http://docs.trendmicro.com/all/ent/ds/v9.6/en-us/Deep_Security_96_Install_Guide_nsx_EN.pdf

From NSX perspective the recommended order for upgrade is  like this  NSX Manager —>Controllers—> NSX Host Clusters —> DLR—> Guest Introspection ,there is always impact while each component is going through the upgrade cycle and  in your case during guest introspection upgrade process VM's will not be protected.

Cheers,
Sree | VCIX-5X| VCAP-5X| VExpert 7x|Cisco Certified Specialist
Please KUDO helpful posts and mark the thread as solved if answered
0 Kudos