Trend Micro DPI and NSX


We received the following information from a customer.

Deep packet inspection (DPI) from trend micro need to work with => vSphere 6.5 VMWare in the future vShield Endpoint. With older versions of vSphere DPI works without this,

What does this mean for the customer?

Customer must use NSX in order to have DPI from trend micro?!

Can anyone please clarify this?



3 Replies
VMware Employee
VMware Employee

Deep packet inspection (DPI) from trend micro need to work with => vSphere 6.5 VMWare in the future vShield Endpoint. With older versions of vSphere DPI works without this

I'm not really clear with the ask. But you may please refer VMware Knowledge Base  .  VCNS being EOA,NSX is the way to move forward and to be precise VMware NSX for vSphere provides NSX Guest Introspection, which provides all features of vShield Endpoint . Let me know if you need any additional inputs.

Sree | CKA|CKAD|VCIX-3X| VCAP-4X| VExpert 5x

Hi, I know the question was not really clearly from me..;-)
I mean a customer had currently vSphere 5.5 with Trend Micro deep packet inspection running. AFAIK DPI connects to the vDS to get/check the data.
With the upcoming release (6.5 or maybe 6.0) the interface for DPI to connect to the vDS isn't available (removed or closed from VMWare). As I understand if the customer would like to use DPI it must upgrade to a "NSX Lite" version.

Currently I didn't find detailed information from VMWare oder Trend Micro except this:


But from a customer perspective it isn't clear. What about if the customer doesn't want to buy NSX?!

0 Kudos

Hi Udo,

Depending on the Trend Micro DPI features that you would like to use.

For example, as per this link: VMware NSX 6.2.3 and NSX 6.2.4 Compatibility - Deep Security

"VMware NSX 6.2.3 and NSX 6.2.4 have added a new type of license called NSX for vShield Endpoint.

This license allows integration with Deep Security for the purpose of performing hypervisor-based Anti-Malware and Integrity Monitoring only."

If you have vSphere Essential Plus and later edition, you should be able to download NSX for vShield Endpoint

See this link FAQ: Implementation of vShield Endpoint beyond EOA of vCNS (2110078)

"With the release of NSX 6.2.4, if you purchased vSphere with vShield Endpoint (Essential Plus and later), you can download NSX.

This means that NSX will appear on the vSphere download site, similar to vCNS."

So if you want to use Trend Micro network security capabilities such as firewalling, IPS then you would need NSX Advanced or NSX Enterprise licenses.

But if you just want to use Anti-Malware and/or Integrity Monitoring only, you just need to have vSphere Essential Plus or later edition and you should be able to download NSX for vShield Endpoint.

Upon deploying NSX, it will be automatically assigned for vShield Endpoint license, here's a screenshot after NSX is deployed and registered to vCenter server:


See also this link: Add and Assign an NSX for vSphere License

Starting in NSX 6.2.3, the default license upon install will be NSX for vShield Endpoint.

This license enables use of NSX for deploying and managing vShield Endpoint for anti-virus offload capability only, and has hard enforcement to restrict usage of VXLAN, firewall, and Edge services, by blocking host preparation and creation of NSX Edges.

If you need other NSX features, including logical switches, logical routers, Distributed Firewall, or NSX Edge, you must either purchase an NSX license to use these features, or request an evaluation license for short-term evaluation of the features.

Bayu Wibowo | VCIX6-DCV/NV Author of VMware NSX Cookbook http://bit.ly/NSXCookbook https://github.com/bayupw/PowerNSX-Scripts https://nz.linkedin.com/in/bayupw | twitter @bayupw
0 Kudos