Views:

Learn how to deploy your own Virtual Network Sensor with Microsoft Hyper-V.

Virtual Network Sensor is a lightweight network sensor that scans your network activity and feeds network activity data to Trend Vision One and allows you to discover unmanaged assets and gain a holistic view of your attack surface. Before using the features of Network Security, you need to set up your Virtual Network Sensor and connect your sensor to Trend Vision One.
Important
Important
If the throughput exceeds 2000 Mbps, Trend Micro recommends configuring your Virtual Network Sensor using a PCI passthrough that is compliant with the following drivers: Broadcom tg3 and bnxt_en, and Intel i40e, igb, ixgbe, and e1000.
Note
Note
Before deploying the Virtual Network Sensor, ensure that you have adequate system resources and prepare the following:
  • Sufficient privileges (administrator) to execute the PowerShell script successfully
  • Hyper-V environment for hosting a virtual appliance (at least 8 GB RAM, 2 virtual CPUs, and 50 GB of disk space)
  • The host CPU should provide instruction sets which satisfy x86-64-v2 microarchitecture levels, including the following instruction sets:
    • Streaming SIMD Extensions 4.2 (SSE4.2)
    • Supplemental Streaming SIMD Extensions 3 (SSSE3)
    • POPCNT
    • CMPXCHG16B
  • The destination folder for the Virtual Network Sensor instance (which may require administrator permission for access)
  • Virtual switch for the management port
  • Virtual switch for the data port
  • Software requirements: Hyper-V role

Procedure

  1. In the Trend Vision One console, go to Network SecurityNetwork InventoryVirtual Network Sensor.
  2. Click Deploy Virtual Network Sensor.
    The Virtual Network Sensor Deployment panel appears.
  3. Select Microsoft Hyper-V for the platform.
  4. Select the Connection method.
    • Direct connection: the Virtual Network Sensor connects to Trend Vision One directly. Make sure the Virtual Network Sensor is able to connect to the internet when using this configuration.
    • Connect using a custom proxy: the Virtual Network Sensor connects to Trend Vision One through a third-party proxy. After choosing this method, configure the following fields:
      • Proxy address: Specify the IP address of the proxy.
      • Proxy port: Specify the connecting port of the proxy.
      • Proxy server requires authentication: (Optional) Select if the proxy requires authentication credentials.
      • User name: Specify the user name for the proxy credentials.
      • Password: Specify the password for the proxy credentials.
    • Connect using a Service Gateway as proxy: the Virtual Network Sensor connects to Trend Vision One through a Service Gateway. Select a Service Gateway to use for this method.
      Important
      Important
      The Virtual Network Sensor must be able to connect to a Service Gateway with the Forward Proxy Service configured and enabled. For more information, see Managing services in Service Gateway.
  5. Click Download Disk Image.
  6. Extract the installation package zip file.
  7. Run the PowerShell CLI.
  8. Type the command [path]\VirtualNetworkSensor_hyperv_image.[version]\.
    Replace [path] with the filepath location and [version] with the sensor version.
    For example, if you extracted version 1.0.12 to your desktop, type the command:
    C:\Users\[user]\Desktop\VirtualNetworkSensor_hyperv_image.1.0.12\
  9. Type the command .\vns_deploy.ps1 to run the Virtual Network Sensor setup wizard.
    The Virtual Network Sensor setup wizard appears.
  10. On the Deployment Overview screen, review the steps and click OK to begin configuring the deployment.
  11. Select a preset deployment configuration you want to use based on your expected throughput requirements, then click OK.
  12. Specify the location to store the Virtual Network Sensor on the host machine, then click OK.
  13. Select a virtual switch for the management port and click OK.
  14. Select a virtual switch for the data port and click OK.
  15. Set the administrator password.
    The password must contain:
    • 12 to 32 characters
    • At least one uppercase letter (A-Z)
    • At least one lowercase letter (a-z)
    • At least one number (0-9)
    • At least one special character: ~!`@#$%^&*()/_+=[]{}-\|<>',.?:;"
  16. Click OK.
  17. Review the configuration, and click OK to create the instance.
    The script creates the instance automatically. The process might take a few minutes to complete. When finished, PowerShell displays MAIN: All tasks completed!
  18. After creation finishes, go to the Hyper-V Manager.
  19. Power on the Virtual Network Sensor.
    Your Virtual Network Sensor finishes setting up and automatically connects to Network Inventory.
  20. To confirm that your Virtual Network Sensor has successfully deployed, access the Trend Vision One and go to Network SecurityNetwork InventoryVirtual Network Sensor to view information about your deployed Virtual Network Sensor.
    Tip
    Tip
Related information