Deep security manager install

The article did not resolve my issue. Please specify. Submit Cancel. Thanks for voting. To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:. Related Articles. Technical Support: Deep Security 9.

Download Center. Product Documentation. Support Policies. Product Vulnerability. Ideas Exchange. This website uses cookies to save your regional preference. With this option, no master key is generated. Instead, the installer uses a hard-coded seed to encrypt the passwords mentioned above.

See Command-line basics for details. This is the recommended method to provision a key because it does not rely on local files. With this option, the installer communicates with AWS KMS to obtain a bit symmetric customer master key CMK , which is then used to encrypt the passwords mentioned above. Use a local environment variable automatically created.

With this option, the installer generates a master key and uses it to encrypt the passwords mentioned above. The secret must include: a capital letter a lower cased letter a number a special character between characters The secret must not be deleted, as it's required when Deep Security Manager initiates and when installing additional manager nodes. Choosing whether to install a co-located relay Deep Security requires at least one relay.

Trend Micro recommends that you install a local relay to: Provide a relay that is local to the manager Ensure that at least one relay is always available, even when you decommission old computers with relays.

When the manager's installer adds an agent to its server, it only enables the relay feature. It does not apply any default security settings.

To protect the server, in Deep Security Manager, apply a security policy to its agent. Choose one of the following options:. Remember the secret. You will need it when installing additional manager nodes. Deep Security requires at least one relay. Relays distribute security updates to protected computers. For more information on relays, see Deploy additional relays. When you run the Deep Security Manager installer, it searches its local directory for a full ZIP package of the agent installer.

Relays are agents whose relay feature is enabled. If an agent installer is found in either location, the manager's installer will offer to install the newest relay. When installing Deep Security for the first time, the installer creates a self-signed server certificate that Deep Security Manager uses to identify itself during secure connections with agents, appliances, relays, and your web browser.

It is valid for 10 years. However, because it is not signed by a trusted Certificate Authority CA , your web browser will display warnings. To eliminate these warnings and improve security, consider replacing Deep Security's server certificate with one signed by a trusted CA. Looking for help for other versions?

All rights reserved. Account Settings Logout. You can also check the digital signatures on the agent and manager software packages. For details, see Check digital signatures on software packages. Check compatibility: Start the installer. Before it installs anything, it checks your environment to make sure it complies with system requirements. The installer also makes sure that all your deployment components are compatible with the new version of Deep Security Manager. The readiness check generates a "to do" list of compatibility issues if any for your specific environment.

For example, you may need to free disk space, allocate more vRAM, or upgrade old Deep Security Agents to supported versions. If you're not ready yet, you can cancel the install, and return when ready. The readiness check also customizes this guide for your environment's needs when you click View My Upgrade Guide. Before you install, all tasks under Prepare your environment must be complete.

Back up your data: Before you install, make a system restore point or VM snapshot of the server and each protected computer. Multi-node Deep Security Manager deployments should have a backup for each server node. Also, if upgrading, stop the service and back up your existing Deep Security Manager database. Recommended hardware varies by enabled features, size of your deployment, and future growth.

See sizing guidelines. On the Deep Security Manager server where you are running the installer, the installer's readiness check will verify hardware before it installs. If hardware does not meet minimum system requirements , the installer will either warn you about reduced performance, or block the install.

Only the local server's hardware and some other deployment information that is stored in the database is tested. You must manually verify other servers' hardware, run the readiness check on any other manager nodes, or both.

On Linux, reserved system memory is separate from process memory. Therefore, although the installer's estimate might be similar, it will detect less RAM than the computer actually has. To verify the computer's actual total RAM, log in with a superuser account and enter:. After you install Deep Security Before you run the installer, verify that the Deep Security Manager server can use its required network services.

For a list of protocols, associated features, expected source or destination, and required open network port numbers, see Port numbers, URLs, and IP addresses. The system clock of the manager operating system must be synchronized with the clock of the database.

Both computers should use the same NTP service. Once Deep Security Manager is installed, when you deploy new agents, appliances, and relays, the manager automatically applies firewall rules to open their required ports. For some features, Deep Security must be able to resolve host names into IP addresses. If your DNS server does not already have entries so that the manager can resolve each computer or VM's host name to its IP address, then either use their IP address instead, or perform one of the following actions:.

If you are deploying multiple server nodes of Deep Security Manager for a large scale deployment, a load balancer can help distribute connections with Deep Security Agents and Virtual Appliances. Load balancers with virtual IPs can also provide a single inbound port number such as TCP , instead of the multiple port numbers that Deep Security normally requires. Connections over WAN are discouraged. Deep Security Manager relies on the database to function. Requirements vary by database type.

If you are installing Deep Security for the first time, before you run the installer, create and grant permissions to the database where Deep Security Manager will store its data. Windows workgroup authentication is no longer supported. If the database is not compatible, you must migrate to a supported database before you can install Deep Security Manager If you are upgrading Deep Security , to continue to store new data until you are ready to install Deep Security Manager Check the System requirements for this version and for the version you are migrating from Deep Security For example, if you were currently using an Oracle 10g database with Deep Security Manager 9.

Deep Security Agents will continue with their current protection policies while the manager is stopped. This setting prevents database connection timeouts that can occur when you upgrade if each database schema migration operation takes a long time to complete. If you are installing Deep Security for the first time, and you want to protect VMs, you may be able to provide some protection without installing a Deep Security Agent, using a Deep Security Appliance instead, or by using both together "combined mode".

See Choose agentless vs. If you are upgrading a multi-node deployment, depending on whether you have a load balancer, you might be able to migrate servers to another OS without downtime.

For example, if you already had Deep Security Manager 9. For a list of supported operating systems, see the install documentation for your current version of Deep Security Manager See Deep Security To add the new node, on the Windows server, run the Deep Security Manager 9. When the installer wizard reaches the Database screen, enter the same database connection settings that you used for your other Deep Security Manager node s.

The next page will allow you to specify that you want to add a new manager node. Alternatively, you can perform a silent install to add a new node. For instructions, see Silent install of Deep Security Manager. If your manager is old and the installer does not support upgrading it, the installer will prevent you from continuing.

You must upgrade the manager to a supported version first. After that, you can install Deep Security Manager For instructions on how to upgrade from an unsupported version to a supported version, see the installation documentation for the unsupported version. If your relays don't meet minimum system requirements , you must upgrade them to be compatible with the new version of the manager before you upgrade the manager itself.

Since it would break part of your deployment, the installer will warn you if you have incompatible versions, although it won't stop you if a specific relay isn't compatible.

This allows you to continue if a specific relay isn't being used now, or is offline. For instructions on how to upgrade to a supported version, see those versions' install documentation. After you have upgraded the manager, to use new features, you will upgrade the relays again to Deep Security Relay If you want to use agentless or combined mode protection, follow the steps below to install compatible VMware components before you install the new Deep Security.

If you are upgrading, and your existing appliances are not compatible with the new Deep Security , also follow those steps to install compatible versions. Since it would break part of your deployment, the installer will warn you if you have incompatible versions of virtual appliances, although the installer will not stop installation if a specific appliance is not compatible.

This allows you to proceed if the virtual appliance isn't used, or is offline. VMware dependencies exist.