To activate NSX Malware Prevention on vSphere host clusters, deploy the NSX Distributed Malware Prevention service on each host cluster.

When you deploy the service on a host cluster, an instance of the NSX Malware Prevention service virtual machine (SVM) is deployed on each host of the cluster. Currently, the deployed SVM has a fixed size of 4 vCPU, 6 GB RAM, and 80 GB disk space. If you add new hosts to the cluster, an instance of the SVM is deployed automatically on the new hosts.

Prerequisites

Complete the prerequisites for deploying an NSX Malware Prevention SVM. See Prerequisites for Deploying NSX Distributed Malware Prevention Service.

Procedure

  1. From your browser, log in with admin privileges to an NSX Manager at https://nsx-manager-ip-address.
  2. Navigate to Security > IDS/IPS & Malware Prevention > Settings > Define Scope for Malware Prevention and IDS/IPS Deployment.
  3. Click Set up for the cluster on which you want to deploy the Malware Prevention Service.
  4. Select the SVM Specification and enter the SSH Key.
    NSX lists the SVM specifications that are hosted on your NSX Application Platform.

    To connect as an administrator to the appliance (SVM) on each host using SSH, use the SSH key and the corresponding private key. You can also download the SVM log file for troubleshooting purposes.

  5. To specify Management Network, choose from the following actions:
    • Select the network to use for the Management interface (eth0) of the SVM.
      Note: The selected network must have connectivity to the management network, that is, NSX Manager nodes and the components that are running on the NSX Application Platform.
    • Select Specified on Host.

      The Specified on Host option means that you do not need to select the network on the Deploy Service page. Before deploying the service, you must configure Agent VM settings on each ESXi host to point to a specific network.

      To know more about configuring Agent VM settings, see the vSphere product documentation.

  6. To specify the datastore, choose from the following actions:
    • Select a shared datastore as the repository for the service virtual machines.
    • Select Specified on Host.

      The Specified on Host option means that you do not need to select a datastore on the Deploy Service page. Before deploying the service, you must configure Agent VM settings on each ESXi host to point to a specific datastore.

      To know more about configuring Agent VM settings, see the vSphere product documentation.

  7. Set the Network type to DHCP or Static IP Pool. If you set the network type to a Static IP Pool, select from the list of available IP pools.
    Note: Ensure that the Gateway, DNS server, and DNS suffix are configured for the IP Pool you select.
  8. Configure your sub-clusters, if any, to set the management network, data store, and network type.
    The datastore can be shared between all the hosts in the specified sub-cluster or cluster. Choose a different IP pool based on the network requirement for the sub-cluster or the VCF availability zone.
  9. Click Apply to begin deployment.

Results

NSX Malware Prevention SVM is deployed on all the hosts of the cluster.

What to do next

  1. Navigate to Security > IDS/IPS & Malware Prevention > Settings > Define Scope for Malware Prevention and IDS/IPS Deployment
  2. Click Deployment Status for your cluster to open Malware Prevention Status.
  3. Resolve any errors that are displayed on All Deployment Errors.

    To view status of the individual transport nodes in the cluster, click Status By Nodes.

If you need help for resolving NSX Malware Prevention service deployment issues, see Troubleshooting NSX Malware Prevention Service Virtual Machine Problems.