What's new in Deep Security Virtual Appliance?

Release date: July 30, 2020

Build number: 20.0.0.877

The Deep Security Virtual Appliance will reach end of extended support (EOL) on 31-Dec-2027 or VMware's end of support date for NSX-4.X, whichever comes first.

New features

Improved security

Support for protection features on NSX-T: Recommendation scans, Intrusion Prevention reconnaissance scans and Integrity Monitoring are enabled for NSX-T environments.

Seamless Anti-Malware protection on Deep Security Virtual Appliance: After migrating guest VMs to another ESXi host in the same cluster using vMotion, the Deep Security Virtual Appliance's network scans and Anti-Malware scans will now continue where they left off, without delay. This feature only applies if you are using NSX-T Data Center and guest machines are using a policy without network feature overrides.

Protect VMs in NSX-T environments: We have integrated the latest VMware Service Insertion and Guest Introspection technologies which enables you to protect your guest VMs using Intrusion Prevention, Web Reputation, Firewall, Integrity Monitoring and recommendation scans on NSX-T hosts with agentless protection.

Improved management and quality

NSX-T Network Throughput improvement: By introducing the Data Plane Development Kit (DPDK), we've made the network throughput three times faster when compared with prior technology.

Enhancements

  • Improved the time it takes to auto-activate guest VMs protected by the Deep Security Virtual Appliance in an NSX-T environment.
  • Added the "VMware NSX Policy Configuration Conflict" system event. This event is generated when Deep Security Manager detects that a NSX-T group is configured with different security policies for Endpoint Protection and Network Introspection (E-W).
  • Updated Deep Security Manager to allow vCloud accounts to be added even if the virtual machine hardware information is missing.
  • Extended the scope of the "If a computer with the same name already exists" setting on Administration > System Settings > Agents to apply to existing unactivated computers. Previously, it only applied to existing activated computers.
  • When you upgrade the Deep Security Virtual Appliance SVM in NSX-T Manager, Deep Security Manager will now detect that a new SVM is now protecting guest VMs, and will auto-activate those VMs after the upgrade.
  • Upgraded the vCloud Connector in Deep Security Manager supports vCloud 9.7 and vCloud 10.0.
  • Added the ability to sync Deep Security Manager policies to NSX-T environments.
  • Improved the experience when deleting vCenter Connectors with NSX-T Manager. Previously, you had to manually remove the NSX-T component as a service profile, endpoint rules and service deployments, or the vCenter deletion would fail.

Resolves issues

  • Deep Security Virtual Appliance sometimes went offline. SEG-53294
  • The Anti-Malware engine on Deep Security Virtual Appliance went offline when the signer field in the Census server reply was empty. SEG-73047
  • When a guest VM was migrated between ESXi hosts frequently (using vMotion), sometimes the VM couldn't save the state file. This caused the guest to lose the protection of the Deep Security Virtual Appliance for several minutes after migration, until the VM was reactivated by Deep Security Manager automatically under the new ESXi server. (DSSEG-4341/DS-38221)
  • The Deep Security Virtual Appliance did not detect an Eicar file. SEG-71955/SF02955546/DS-49387

Known issues

  • The automatic removal of a vCenter account from Deep Security will fail if NSX-T is configured to have the same service chain bound to Deep Security and third-party services simultaneously. This problem occurs because the NSX-T API doesn't allow Deep Security to modify the service chain with its associated service profiles. To work around this issue, remove vCenter manually. For details, see Uninstall Deep Security from your NSX environment. DS-47944
  • Deep Security Manager no longer supports NSX-T Manager version 2.x. Upgrade your NSX-T Manager to version 3.0.0 or later. DS-50387