Clean up procedures for GI services by Trend Micro on NSX-T with APIs
Article ID: 302613
Updated On:
Products
VMware NSX
Issue/Introduction
This article provides steps to remove the Trend GI services components using APIs. Without proper clean up, the DSM registration of the VC/NSX would be blocked.
Symptoms:
- The Trend DSM manager was recently removed.
- You see the error message:
A Previous Deep Security deployment has been detected on this vCenter. By adding this vCenter to this Deep Security Manager, you will overwritten the existing Security service. If you have not done so, this deployment will fail.
I have removed all Deep Security services and NSX Security Polices that reference the previous deployment. I want to overwritten the previous deployment settings.
Environment
VMware NSX-T Data Center
Cause
This issue occurs when components are not removed. These can include:
- Service manager
- Vendor template
- Service profile
- Security policy
- Security rules
- Service segment
Resolution
- Run the REST call to get the registered services:
https:// Server_IP/api/v1/serviceinsertion/services/########-####-####-####-############/vendor-templates
https://Server_IP/api/v1/serviceinsertion/services
Example Output:
{
"results": [
{
"functionalities": [
"EPP",
"IDS_IPS"
],
"implementations": [
"EAST_WEST"
],
"attachment_point": [
"SERVICE_PLANE"
],
"transports": [
"NSH"
],
"on_failure_policy": "ALLOW",
"service_deployment_spec": {
"deployment_template": [
{
"name": "Deep Security - Deployment Template",
"attributes": [
{
"key": "solutionId",
"display_name": "solutionId",
"value": "7498352642083520512",
"attribute_type": "STRING",
"read_only": false
},
{
"key": "management.ipv6",
"display_name": "management.ipv6",
"value": "",
"attribute_type": "STRING",
"read_only": false
},
{
"key": "failOpen",
"display_name": "failOpen",
"value": "true",
"attribute_type": "STRING",
"read_only": false
},
{
"key": "ipAddress",
"display_name": "ipAddress",
"value": "169.254.1.39",
"attribute_type": "STRING",
"read_only": false
},
{
"key": "management.ipv6DNS2",
"display_name": "management.ipv6DNS2",
"value": "",
"attribute_type": "STRING",
"read_only": false
},
{
"key": "port",
"display_name": "port",
"value": "48651",
"attribute_type": "STRING",
"read_only": false
},
{
"key": "management.DNS2",
"display_name": "management.DNS2",
"value": "",
"attribute_type": "STRING",
"read_only": false
},
{
"key": "management.DNS",
"display_name": "management.DNS",
"value": "",
"attribute_type": "STRING",
"read_only": false
},
{
"key": "management.netmask0",
"display_name": "management.netmask0",
"value": "",
"attribute_type": "STRING",
"read_only": false
},
{
"key": "management.ip0",
"display_name": "management.ip0",
"value": "",
"attribute_type": "STRING",
"read_only": false
},
{
"key": "management.ipv6Dhcp",
"display_name": "management.ipv6Dhcp",
"value": "",
"attribute_type": "STRING",
"read_only": false
},
{
"key": "defaultAction",
"display_name": "defaultAction",
"value": "isNetworkFeatureAvailable:true,NSXType:NSX-T",
"attribute_type": "STRING",
"read_only": false
},
{
"key": "management.ipv6DNS",
"display_name": "management.ipv6DNS",
"value": "",
"attribute_type": "STRING",
"read_only": false
},
{
"key": "agentName",
"display_name": "agentName",
"value": "serviceinstance-x",
"attribute_type": "STRING",
"read_only": false
},
{
"key": "management.gateway",
"display_name": "management.gateway",
"value": "",
"attribute_type": "STRING",
"read_only": false
},
{
"key": "dpdkMode",
"display_name": "dpdkMode",
"value": "0",
"attribute_type": "STRING",
"read_only": false
},
{
"key": "vmname",
"display_name": "vmname",
"value": "",
"attribute_type": "STRING",
"read_only": false
},
{
"key": "management.dhcp",
"display_name": "management.dhcp",
"value": "",
"attribute_type": "STRING",
"read_only": false
},
{
"key": "management.ipv6Netmask",
"display_name": "management.ipv6Netmask",
"value": "",
"attribute_type": "STRING",
"read_only": false
},
{
"key": "management.hostname",
"display_name": "management.hostname",
"value": "",
"attribute_type": "STRING",
"read_only": false
},
{
"key": "management.ipv6Gateway",
"display_name": "management.ipv6Gateway",
"value": "",
"attribute_type": "STRING",
"read_only": false
}
]
}
],
"deployment_specs": [
{
"name": "Deep Security - 20.0.0-877-C12M24-LARGE",
"ovf_url": "https://##.###.###.##:4119/appliance/NSX/dsva-20.0.0-877-C12M24-large.ovf",
"min_host_version": "6.5",
"host_type": "ESXI",
"service_form_factor": "LARGE",
"svm_version": "1.0"
},
{
"name": "Deep Security - 20.0.0-877-C2M4-SMALL",
"ovf_url": "https://##.###.###.##:4119/appliance/NSX/dsva-20.0.0-877-C2M4-small.ovf",
"min_host_version": "6.5",
"host_type": "ESXI",
"service_form_factor": "SMALL",
"svm_version": "1.0"
},
{
"name": "Deep Security - 20.0.0-877-C8M16-MEDIUM",
"ovf_url": "https://##.###.###.##:4119/appliance/NSX/dsva-20.0.0-877-C8M16-medium.ovf",
"min_host_version": "6.5",
"host_type": "ESXI",
"service_form_factor": "MEDIUM",
"svm_version": "1.0"
},
{
"name": "Deep Security - 20.0.0-877-C8M24-LARGE",
"ovf_url": "https://##.###.###.##:4119/appliance/NSX/dsva-20.0.0-877-C8M24-large.ovf",
"min_host_version": "6.5",
"host_type": "ESXI",
"service_form_factor": "LARGE",
"svm_version": "1.0"
},
{
"name": "Deep Security - 20.0.0-877-C4M8-SMALL",
"ovf_url": "https://##.###.###.##:4119/appliance/NSX/dsva-20.0.0-877-C4M8-small.ovf",
"min_host_version": "6.5",
"host_type": "ESXI",
"service_form_factor": "SMALL",
"svm_version": "1.0"
},
{
"name": "Deep Security - 20.0.0-877-C6M16-MEDIUM",
"ovf_url": "https://##.###.###.##:4119/appliance/NSX/dsva-20.0.0-877-C6M16-medium.ovf",
"min_host_version": "6.5",
"host_type": "ESXI",
"service_form_factor": "MEDIUM",
"svm_version": "1.0"
}
],
"nic_metadata_list": [
{
"interface_label": "ens",
"interface_index": 1,
"interface_type": "CONTROL"
},
{
"interface_label": "ens",
"interface_index": 2,
"interface_type": "DATA1"
},
{
"interface_label": "ens",
"interface_index": 0,
"interface_type": "MANAGEMENT",
"user_configurable": true
}
],
"svm_version": "20.0"
},
"vendor_id": "Trend Micro",
"service_manager_id": "########-####-####-####-############",
"service_capability": {
"nsh_liveness_support_enabled": true,
"can_decrement_si": false
},
"resource_type": "ServiceDefinition",
"id": "########-####-####-####-############",
"display_name": "Trend Micro Deep Security",
"description": "Advanced security for virtual servers and desktops - Provides Agentless Anti-Malware, Web Reputation, Intrusion Prevention, Integrity Monitoring and Firewall.",
"_create_user": "admin",
"_create_time": 1617235766601,
"_last_modified_user": "admin",
"_last_modified_time": 1617235766783,
"_system_owned": false,
"_protection": "NOT_PROTECTED",
"_revision": 1
}
],
"result_count": 1
}
"results": [
{
"functionalities": [
"EPP",
"IDS_IPS"
],
"implementations": [
"EAST_WEST"
],
"attachment_point": [
"SERVICE_PLANE"
],
"transports": [
"NSH"
],
"on_failure_policy": "ALLOW",
"service_deployment_spec": {
"deployment_template": [
{
"name": "Deep Security - Deployment Template",
"attributes": [
{
"key": "solutionId",
"display_name": "solutionId",
"value": "7498352642083520512",
"attribute_type": "STRING",
"read_only": false
},
{
"key": "management.ipv6",
"display_name": "management.ipv6",
"value": "",
"attribute_type": "STRING",
"read_only": false
},
{
"key": "failOpen",
"display_name": "failOpen",
"value": "true",
"attribute_type": "STRING",
"read_only": false
},
{
"key": "ipAddress",
"display_name": "ipAddress",
"value": "169.254.1.39",
"attribute_type": "STRING",
"read_only": false
},
{
"key": "management.ipv6DNS2",
"display_name": "management.ipv6DNS2",
"value": "",
"attribute_type": "STRING",
"read_only": false
},
{
"key": "port",
"display_name": "port",
"value": "48651",
"attribute_type": "STRING",
"read_only": false
},
{
"key": "management.DNS2",
"display_name": "management.DNS2",
"value": "",
"attribute_type": "STRING",
"read_only": false
},
{
"key": "management.DNS",
"display_name": "management.DNS",
"value": "",
"attribute_type": "STRING",
"read_only": false
},
{
"key": "management.netmask0",
"display_name": "management.netmask0",
"value": "",
"attribute_type": "STRING",
"read_only": false
},
{
"key": "management.ip0",
"display_name": "management.ip0",
"value": "",
"attribute_type": "STRING",
"read_only": false
},
{
"key": "management.ipv6Dhcp",
"display_name": "management.ipv6Dhcp",
"value": "",
"attribute_type": "STRING",
"read_only": false
},
{
"key": "defaultAction",
"display_name": "defaultAction",
"value": "isNetworkFeatureAvailable:true,NSXType:NSX-T",
"attribute_type": "STRING",
"read_only": false
},
{
"key": "management.ipv6DNS",
"display_name": "management.ipv6DNS",
"value": "",
"attribute_type": "STRING",
"read_only": false
},
{
"key": "agentName",
"display_name": "agentName",
"value": "serviceinstance-x",
"attribute_type": "STRING",
"read_only": false
},
{
"key": "management.gateway",
"display_name": "management.gateway",
"value": "",
"attribute_type": "STRING",
"read_only": false
},
{
"key": "dpdkMode",
"display_name": "dpdkMode",
"value": "0",
"attribute_type": "STRING",
"read_only": false
},
{
"key": "vmname",
"display_name": "vmname",
"value": "",
"attribute_type": "STRING",
"read_only": false
},
{
"key": "management.dhcp",
"display_name": "management.dhcp",
"value": "",
"attribute_type": "STRING",
"read_only": false
},
{
"key": "management.ipv6Netmask",
"display_name": "management.ipv6Netmask",
"value": "",
"attribute_type": "STRING",
"read_only": false
},
{
"key": "management.hostname",
"display_name": "management.hostname",
"value": "",
"attribute_type": "STRING",
"read_only": false
},
{
"key": "management.ipv6Gateway",
"display_name": "management.ipv6Gateway",
"value": "",
"attribute_type": "STRING",
"read_only": false
}
]
}
],
"deployment_specs": [
{
"name": "Deep Security - 20.0.0-877-C12M24-LARGE",
"ovf_url": "https://##.###.###.##:4119/appliance/NSX/dsva-20.0.0-877-C12M24-large.ovf",
"min_host_version": "6.5",
"host_type": "ESXI",
"service_form_factor": "LARGE",
"svm_version": "1.0"
},
{
"name": "Deep Security - 20.0.0-877-C2M4-SMALL",
"ovf_url": "https://##.###.###.##:4119/appliance/NSX/dsva-20.0.0-877-C2M4-small.ovf",
"min_host_version": "6.5",
"host_type": "ESXI",
"service_form_factor": "SMALL",
"svm_version": "1.0"
},
{
"name": "Deep Security - 20.0.0-877-C8M16-MEDIUM",
"ovf_url": "https://##.###.###.##:4119/appliance/NSX/dsva-20.0.0-877-C8M16-medium.ovf",
"min_host_version": "6.5",
"host_type": "ESXI",
"service_form_factor": "MEDIUM",
"svm_version": "1.0"
},
{
"name": "Deep Security - 20.0.0-877-C8M24-LARGE",
"ovf_url": "https://##.###.###.##:4119/appliance/NSX/dsva-20.0.0-877-C8M24-large.ovf",
"min_host_version": "6.5",
"host_type": "ESXI",
"service_form_factor": "LARGE",
"svm_version": "1.0"
},
{
"name": "Deep Security - 20.0.0-877-C4M8-SMALL",
"ovf_url": "https://##.###.###.##:4119/appliance/NSX/dsva-20.0.0-877-C4M8-small.ovf",
"min_host_version": "6.5",
"host_type": "ESXI",
"service_form_factor": "SMALL",
"svm_version": "1.0"
},
{
"name": "Deep Security - 20.0.0-877-C6M16-MEDIUM",
"ovf_url": "https://##.###.###.##:4119/appliance/NSX/dsva-20.0.0-877-C6M16-medium.ovf",
"min_host_version": "6.5",
"host_type": "ESXI",
"service_form_factor": "MEDIUM",
"svm_version": "1.0"
}
],
"nic_metadata_list": [
{
"interface_label": "ens",
"interface_index": 1,
"interface_type": "CONTROL"
},
{
"interface_label": "ens",
"interface_index": 2,
"interface_type": "DATA1"
},
{
"interface_label": "ens",
"interface_index": 0,
"interface_type": "MANAGEMENT",
"user_configurable": true
}
],
"svm_version": "20.0"
},
"vendor_id": "Trend Micro",
"service_manager_id": "########-####-####-####-############",
"service_capability": {
"nsh_liveness_support_enabled": true,
"can_decrement_si": false
},
"resource_type": "ServiceDefinition",
"id": "########-####-####-####-############",
"display_name": "Trend Micro Deep Security",
"description": "Advanced security for virtual servers and desktops - Provides Agentless Anti-Malware, Web Reputation, Intrusion Prevention, Integrity Monitoring and Firewall.",
"_create_user": "admin",
"_create_time": 1617235766601,
"_last_modified_user": "admin",
"_last_modified_time": 1617235766783,
"_system_owned": false,
"_protection": "NOT_PROTECTED",
"_revision": 1
}
],
"result_count": 1
}
- Using the Service ID, run the REST call to get the Service Profile:
https://Server_IP/api/v1/serviceinsertion/services/########-####-####-####-############/service-profiles
Example output:
Example output:
{
"results": [
{
"service_id": "########-####-####-####-############",
"vendor_template_key": "Gold",
"vendor_template_id": "########-####-####-####-############",
"resource_type": "GiServiceProfile",
"id": "########-####-####-####-############",
"display_name": "EPP-profile",
"_create_user": "nsx_policy",
"_create_time": 1617239484207,
"_last_modified_user": "nsx_policy",
"_last_modified_time": 1617239484207,
"_system_owned": false,
"_protection": "REQUIRE_OVERRIDE",
"_revision": 0
}
]
}
"results": [
{
"service_id": "########-####-####-####-############",
"vendor_template_key": "Gold",
"vendor_template_id": "########-####-####-####-############",
"resource_type": "GiServiceProfile",
"id": "########-####-####-####-############",
"display_name": "EPP-profile",
"_create_user": "nsx_policy",
"_create_time": 1617239484207,
"_last_modified_user": "nsx_policy",
"_last_modified_time": 1617239484207,
"_system_owned": false,
"_protection": "REQUIRE_OVERRIDE",
"_revision": 0
}
]
}
- Using the ID, delete the Service Profile:
https://Server_IP/api/v1/serviceinsertion/services/########-####-####-####-############/service-profiles/########-####-####-####-############
Note: You may see:
{
"httpStatus": "BAD_REQUEST",
"error_code": 289,
"module_name": "common-services",
"error_message": "Principal 'admin' with role '[enterprise_admin]' attempts to delete or modify an object of type GiServiceProfile it doesn't own. (createUser=nsx_policy, allowOverwrite=null)"
}
Authorization ==> Headers ==> X-Allow-Overwrite ==> true
"httpStatus": "BAD_REQUEST",
"error_code": 289,
"module_name": "common-services",
"error_message": "Principal 'admin' with role '[enterprise_admin]' attempts to delete or modify an object of type GiServiceProfile it doesn't own. (createUser=nsx_policy, allowOverwrite=null)"
}
Authorization ==> Headers ==> X-Allow-Overwrite ==> true
Rerun the same delete command and it will be successful:
Get https://Server_IP/api/v1/serviceinsertion/services/########-####-####-####-############/vendor-templates
Example output:
{
"results": [
{
"attributes": [],
"service_id": "########-####-####-####-############",
"vendor_template_key": "Gold",
"functionality": "EPP",
"redirection_action": "PUNT",
"resource_type": "VendorTemplate",
"id": "########-####-####-####-############",
"display_name": "Default (EBT)",
"description": "The default Deep Security profile configuration used for EBTs.",
"_create_user": "admin",
"_create_time": 1617235768228,
"_last_modified_user": "admin",
"_last_modified_time": 1617235768228,
"_system_owned": false,
"_protection": "NOT_PROTECTED",
"_revision": 0
},
{
"attributes": [],
"service_id": "########-####-####-####-############",
"vendor_template_key": "P4_Network",
"functionality": "IDS_IPS",
"redirection_action": "PUNT",
"resource_type": "VendorTemplate",
"id": "########-####-####-####-############",
"display_name": "Windows Server_Network",
"description": "An example policy for Windows Server servers.",
"_create_user": "admin",
"_create_time": 1617239792464,
"_last_modified_user": "admin",
"_last_modified_time": 1617239792464,
"_system_owned": false,
"_protection": "NOT_PROTECTED",
"_revision": 0
},
{
"attributes": [],
"service_id": "########-####-####-####-############",
"vendor_template_key": "P5_Network",
"functionality": "IDS_IPS",
"redirection_action": "PUNT",
"resource_type": "VendorTemplate",
"id": "########-####-####-####-############",
"display_name": "Solaris Server_Network",
"description": "An example policy for Solaris servers.",
"_create_user": "admin",
"_create_time": 1617239793381,
"_last_modified_user": "admin",
"_last_modified_time": 1617239793381,
"_system_owned": false,
"_protection": "NOT_PROTECTED",
"_revision": 0
},
{
"attributes": [],
"service_id": "########-####-####-####-############",
"vendor_template_key": "P9",
"functionality": "EPP",
"redirection_action": "PUNT",
"resource_type": "VendorTemplate",
"id": "########-####-####-####-############",
"display_name": "Deep Security Virtual Appliance",
"description": "The recommended policy for use on a Deep Security Virtual Appliance.",
"_create_user": "admin",
"_create_time": 1617239796645,
"_last_modified_user": "admin",
"_last_modified_time": 1617239796645,
"_system_owned": false,
"_protection": "NOT_PROTECTED",
"_revision": 0
},
{
"attributes": [],
"service_id": "########-####-####-####-############",
"vendor_template_key": "P7",
"functionality": "EPP",
"redirection_action": "PUNT",
"resource_type": "VendorTemplate",
"id": "########-####-####-####-############",
"display_name": "Deep Security",
"description": "A policy from which the various Deep Security policies inherit.",
"_create_user": "admin",
"_create_time": 1617239794709,
"_last_modified_user": "admin",
"_last_modified_time": 1617239794709,
"_system_owned": false,
"_protection": "NOT_PROTECTED",
"_revision": 0
},
{
"attributes": [],
"service_id": "########-####-####-####-############",
"vendor_template_key": "P2",
"functionality": "EPP",
"redirection_action": "PUNT",
"resource_type": "VendorTemplate",
"id": "########-####-####-####-############",
"display_name": "Windows",
"description": "An example policy from which all the example Windows policies inherit. Any settings that are common to all Windows policies can be set here.",
"_create_user": "admin",
"_create_time": 1617239790228,
"_last_modified_user": "admin",
"_last_modified_time": 1617239790228,
"_system_owned": false,
"_protection": "NOT_PROTECTED",
"_revision": 0
},
{
"attributes": [],
"service_id": "########-####-####-####-############",
"vendor_template_key": "P6",
"functionality": "EPP",
"redirection_action": "PUNT",
"resource_type": "VendorTemplate",
"id": "########-####-####-####-############",
"display_name": "Linux Server",
"description": "An example policy for Linux servers.",
"_create_user": "admin",
"_create_time": 1617239793840,
"_last_modified_user": "admin",
"_last_modified_time": 1617239793840,
"_system_owned": false,
"_protection": "NOT_PROTECTED",
"_revision": 0
},
{
"attributes": [],
"service_id": "8########-####-####-####-############",
"vendor_template_key": "P1",
"functionality": "EPP",
"redirection_action": "PUNT",
"resource_type": "VendorTemplate",
"id": "########-####-####-####-############",
"display_name": "Base Policy",
"description": "A policy from which all other policies can inherit. Only the most general settings should be applied to this policy as they will apply to all policies that inherit from it, unless overridden. More specific settings and rules should be added to sub-policie",
"_create_user": "admin",
"_create_time": 1617239789238,
"_last_modified_user": "admin",
"_last_modified_time": 1617239789238,
"_system_owned": false,
"_protection": "NOT_PROTECTED",
"_revision": 0
},
{
"attributes": [],
"service_id": "########-####-####-####-############",
"vendor_template_key": "P6_Network",
"functionality": "IDS_IPS",
"redirection_action": "PUNT",
"resource_type": "VendorTemplate",
"id": "########-####-####-####-############",
"display_name": "Linux Server_Network",
"description": "An example policy for Linux servers.",
"_create_user": "admin",
"_create_time": 1617239794258,
"_last_modified_user": "admin",
"_last_modified_time": 1617239794258,
"_system_owned": false,
"_protection": "NOT_PROTECTED",
"_revision": 0
},
{
"attributes": [],
"service_id": "########-####-####-####-############",
"vendor_template_key": "P8_Network",
"functionality": "IDS_IPS",
"redirection_action": "PUNT",
"resource_type": "VendorTemplate",
"id": "########-####-####-####-############",
"display_name": "Deep Security Manager_Network",
"description": "A base policy for use on a server hosting the Deep Security Manager.\n\nImportant: After applying this Policy to your Deep Security Manager's Host, you must restart existing browser sessions to the Deep Security Manager. This is because the Policy applies",
"_create_user": "admin",
"_create_time": 1617239796176,
"_last_modified_user": "admin",
"_last_modified_time": 1617239796176,
"_system_owned": false,
"_protection": "NOT_PROTECTED",
"_revision": 0
},
{
"attributes": [],
"service_id": "########-####-####-####-############",
"vendor_template_key": "P1_Network",
"functionality": "IDS_IPS",
"redirection_action": "PUNT",
"resource_type": "VendorTemplate",
"id": "########-####-####-####-############",
"display_name": "Base Policy_Network",
"description": "A policy from which all other policies can inherit. Only the most general settings should be applied to this policy as they will apply to all policies that inherit from it, unless overridden. More specific settings and rules should be added to sub-policie",
"_create_user": "admin",
"_create_time": 1617239789754,
"_last_modified_user": "admin",
"_last_modified_time": 1617239789754,
"_system_owned": false,
"_protection": "NOT_PROTECTED",
"_revision": 0
}
],
"result_count": 11
}
- Delete all Vendor Templates:
https://Server_IP/api/v1/serviceinsertion/services/########-####-####-####-############/vendor-templates/########-####-####-####-############
- Delete the Service:
https://Server_IP/api/v1/serviceinsertion/services/########-####-####-####-############
- Delete the Service Manager:
DELETE https://Server_IP/api/v1/serviceinsertion/service-managers/########-####-####-####-############
Feedback
Yes
No
Powered by
