Virtual machine behind 'Trend Micros Deep Security' when moved to another ESXi Host by vMotion may be unprotected temporarily
search cancel

Virtual machine behind 'Trend Micros Deep Security' when moved to another ESXi Host by vMotion may be unprotected temporarily

book

Article ID: 327374

calendar_today

Updated On:

Products

VMware NSX Networking

Issue/Introduction

Symptoms:

Once vMotion is triggered, Deep Security Virtual Appliance (DSVA) restores the status for the guest virtual machine (VM), sending policy from the Deep Security Manager (DSM) to restart the protection.
There was an issue found in Deep Security 12.0 GM version, it may take a long time until the VM can be protected again after the vMotion.


Environment

VMware NSX-T Data Center

Cause

This symptom can be noticed in environment running Trend Micro Deep Security Virtual Appliance with agent version 12.0 and NSX-T that enable Guest Introspection functionality only.

There is an implement introduced in Deep Security 12.0 U1 and above, however, it may still take up to 25 seconds until the VM can be protected after vMotion. For more details please refer TrendMicro KB : https://success.trendmicro.com/solution/1123746

Resolution

It is a known issue with Trend Micro Deep Security Virtual Appliance with agent version 12.0 and above due to design limitation and there is no resolution at this point.
It can impact NSX-T environment where Guest Introspection functionality is enabled.

Additional Information

Impact/Risks:

After the VM is migrated to another host, it may be unprotected for upto 25 seconds before VM can be protected again.