System requirements

These requirements are for Deep Security 10.0. Requirements vary by version. For previous versions of Deep Security Manager, agents, Relays, or virtual appliances, see those versions' documentation.

Deep Security Manager requirements

Applies to on-premise Deep Security software installations only

Minimum memory (RAM)

8 GB RAM, which includes:

  • 4 GB for heap memory
  • 1.5 GB for the Java virtual machine
  • 2 GB for the operating system

Minimum RAM requirements depend on the number of agents that are being managed. (See Sizing.)

On Linux, reserved system memory is separate from process memory. Therefore, although the installer's estimate might be similar, it will detect less RAM than the computer actually has. To verify the computer's actual total RAM, log in with a superuser account and enter:

grep MemTotal /proc/meminfo
Minimum disk space 1.5 GB (5 GB+ recommended)
Operating system
  • Red Hat Enterprise Linux 7 (64-bit)
  • Red Hat Enterprise Linux 6 (64-bit)
  • Red Hat Enterprise Linux 5 (64-bit)
  • Windows Server 2016 (64-bit) (requires Deep Security Manager Update 4)
  • Windows Server 2012 or 2012 R2 (64-bit)
  • Windows Server 2008 or 2008 R2 (64-bit)

Deep Security Manager for AWS Marketplace requires AWS Linux (64-bit).
Database
  • Microsoft SQL Server 2016 (requires Deep Security Manager Update 4)
  • Microsoft SQL Server 2014
  • Microsoft SQL Server 2012
  • Microsoft SQL Server 2008
  • Oracle Database 12c
  • Oracle Database 11g
  • Microsoft SQL RDS or Oracle RDS
  • Azure SQL Database (SaaS) (only with Deep Security Manager VM for Azure Marketplace)

Disk space required varies by the size of the deployment, data retention, and frequency of logging. See Sizing.

Minimum free disk space = (2 x database size) + transaction log

For example, if your database plus transaction log is 40 GB, you must have 80 GB (40 x 2) of free disk space for database schema upgrades. To free disk space, delete any unnecessary event log data and transaction logs.

  • Co-locate the database and all Deep Security Manager nodes in the same physical data center, with a 1 Gb link or better to ensure 2 ms latency or less between them.
  • Microsoft SQL Server Express is supported only in certain limited deployments with Deep Security 10.0 Update 2 or later. For details, see Microsoft SQL Server Express considerations.
  • Oracle Database Express (XE) is not supported.
  • Oracle container database (CDB) configuration is not supported with Deep Security Manager multi-tenancy.
  • Apache Derby, which provided an embedded database for proof-of-concept and testing in previous versions of Deep Security, is not supported anymore.
Web browser

Cookies must be enabled.

  • Firefox 46.0.1+
  • Microsoft Internet Explorer 11+ or Edge
  • Google Chrome 50+
  • Apple Safari 9+ (for Mac)
Monitor 1024 x 768 resolution at 256 colors or higher
Supported Deep Security Agent, Relay, or Virtual Appliance versions
  • Deep Security Agent, Relay, or Virtual Appliance 10.0
  • Deep Security Agent, or Relay 9.6 (there is no 9.6 version of the Virtual Appliance)

Notes:

  • Relays must be 64-bit. 32-bit Relays are not supported.
  • Previously, the 9.5 Agent, 9.5 Relay, and 9.5 Virtual Appliance were supported with the 10.0 Manager. They have now reached their end-of-life date and should be upgraded.
  • Most 9.6 Agents and 9.6 Relays have reached their end-of-life date and should be upgraded. For a limited number of platforms, support for 9.6 has been extended. For details, see this Help Center page: https://help.deepsecurity.trendmicro.com/dates-lts.html
  • For some platforms, a 9.6 or 10.0 Agent does not exist. In those cases, the 10.0 Manager supports older versions. For a list of older agents that are still supported, see this Help Center page: https://help.deepsecurity.trendmicro.com/ddates-lts.html
  • To use older agents, you must go to Administration > System Settings > Update and select Allow supported 8.0 and 9.0 Agents to be updated.

Deep Security Agent requirements

Supported Deep Security features vary by platform.

The agent installer permits installation on any supported operating system. RAM and disk space requirements are not checked.

Minimum memory (RAM)

Total system memory

Windows

  • all protection enabled: 2 GB RAM (4 GB recommended)
  • Deep Security Relay feature only: 2 GB RAM (4 GB recommended)

Linux

  • all protection enabled: 1 GB RAM (5 GB recommended)
  • Deep Security Relay feature only: 1 GB RAM (4 GB recommended)
Requirements vary by OS version. Some versions may require less RAM. Less RAM is required also if you don't enable all Deep Security features.
Minimum disk space
  • all protection enabled: 1 GB
  • without anti-malware: 500 MB
  • Deep Security Relay feature only: 30 GB
Deep Security Relay must store packages for each of your agents' platforms. If you have many different platforms, more disk space is required.
Operating system

Deep Security Agent 10.0 is not currently available for HP-UX, AIX, and Windows 2000. However, their latest Deep Security Agent version (9.0 or 8.0) is compatible with the new manager.

Supported Deep Security features vary by platform.

Windows

  • Windows Server 2016 (64-bit)
  • Windows Server 2012 or 2012 R2 (64-bit) — Full Server or Server Core
  • Windows Server 2008 R2 (64-bit)
  • Windows Server 2008 (32-bit and 64-bit)

  • Windows 10 or 10 TH2 (32-bit and 64-bit)

    If you have an existing Deep Security Agent 9.6 or earlier installation, and want to upgrade to Windows 10, see Manually install the Deep Security Agent.
  • Windows 8.1 (32-bit and 64-bit)
  • Windows 8 (32-bit and 64-bit)
  • Windows 7 (32-bit and 64-bit)
  • Windows XP (32-bit and 64-bit)

  • Hyper-V on Windows 2012 R2, 2012, 2008 R2, 8, and 8.1

    Agents on Hyper-V only protect the hypervisor itself, not its guest OSes. Each guest OS must have its own agent, too.

    Combination mode with some agentless protection is not supported. (VMware ESXi hypervisor is required.)

  • Deep Security Relay feature enabled: Only 64-bit versions

Linux

Supported Linux kernels vary by distribution. See Deep Security 9.6 Supported Linux Kernels.
  • Red Hat Enterprise Linux 7 (32-bit and 64-bit)
  • Red Hat Enterprise Linux 6 (32-bit and 64-bit)
  • Red Hat Enterprise Linux 5 (32-bit and 64-bit)
  • CentOS 7 (32-bit and 64-bit)
  • CentOS 6 (32-bit and 64-bit)
  • CentOS 5 (32-bit and 64-bit)
  • Oracle Linux 7 (32-bit and 64-bit)
  • Oracle Linux 6 (32-bit and 64-bit)
  • Oracle Linux 5 (32-bit and 64-bit)
  • SUSE Enterprise Linux 12 (64-bit)
  • SUSE Enterprise Linux 11 SP1, SP2, and SP3 (32-bit and 64-bit)
  • Cloud Linux 7 (32-bit and 64-bit)
  • Cloud Linux 6 (32-bit and 64-bit)
  • Debian 7 (64-bit)
  • Debian 8 (64-bit)
  • Ubuntu 16.04 LTS (64-bit)
  • Ubuntu 14.04 LTS (64-bit)
  • with Deep Security Relay: Only 64-bit versions
A Deep Security Relay is usually only required by Deep Security AMI from AWS Marketplace.

Solaris

  • Solaris 11.2, or 11.3 (64-bit, SPARC or x86)
  • Solaris 10 Update 11 (1/13) (64-bit, SPARC or x86)

Amazon AWS

Deep Security Agent is designed to protect servers, not laptops.
To protect AWS WorkSpaces virtual desktop infrastructure (VDI) workstations, add the “Plus” application bundle instead. It includes Trend Micro Worry-Free Business Security.
  • Amazon AMI Linux EC2 (64-bit)
  • Red Hat Enterprise Linux 7 EC2 (64-bit)
  • Red Hat Enterprise Linux 6 EC2 (32-bit and 64-bit)
  • Debian 7 (64-bit)
  • SUSE Enterprise Linux 12 (64-bit)
  • SUSE Enterprise Linux 11 EC2 (32-bit and 64-bit)
  • Ubuntu 16.04 LTS (64-bit)
  • Ubuntu 14.04 LTS (64-bit)
  • Windows Server 2016 (64-bit)
  • Windows Server 2012 R2 (64-bit)

Microsoft Azure

  • Windows Server 2016 (64-bit)
  • Windows Server 2012 R2 (64-bit)
  • Windows Server 2008 R2 (64-bit)
  • Windows 10 (32-bit and 64-bit)
  • Red Hat Enterprise Linux 7 (64-bit)
  • Red Hat Enterprise Linux 6 (64-bit)
  • CentOS 7 (64-bit)
  • CentOS 6 (64-bit)
  • Oracle Linux 7 (64-bit)
  • Oracle Linux 6 (64-bit)
  • SUSE Enterprise Linux 12 (64-bit)
  • SUSE Enterprise Linux 11 (64-bit)
  • Ubuntu 16.04 LTS (64-bit)
  • Ubuntu 14.04 LTS (64-bit)

To install Deep Security Agent on CentOS, use the Red Hat installer and package.

Deep Security Virtual Appliance requirements

Applies to on-premise Deep Security software installations only

Because Deep Security Virtual Appliance uses the same protection modules as Deep Security Agents, if you import an update to the 64-bit Deep Security Agent for Red Hat, it may notify you that new software is available for the Virtual Appliance, like it does for Red Hat Agents.

VMware does not support running nested ESXi servers in production environments. For more information, see the VMware Knowledge Base article.
CPU

64-bit, Intel-VT or AMD-V present and enabled in BIOS

2 vCPU
Minimum memory (RAM)

4 GB RAM (varies by the number of VMs being protected)
Minimum disk space 40 GB
Minimum Deep Security Manager

With Deep Security Virtual Appliance 10.0, use Deep Security Manager 10.0 Update 12 or later, excluding Deep Security Manager 10.1.
VMware

VMware NSX Data Center for vSphere:

  • VMware vCenter 6.7 with ESXi 6.0, 6.5, or 6.7
  • VMware vCenter 6.5 with ESXi 6.0, or 6.5
  • VMware vCenter 6.0 with ESXi 6.0
  • VMware NSX Manager 6.2.4 or later

    VMware vSphere 6.5a is the minimum supported version with NSX for vSphere 6.3.0.

VMware vCloud Director:

  • versions up to and including 9.1 are supported

For details, see the VMware compatibility matrix.

For more information about VMware product interoperability, see VMware Product Interoperability Matrices.
vSwitches
  • vSphere Standard Switch (vSS)
  • vSphere Distributed Switch (vDS)
Guest VMs
Supported Deep Security features vary by platform. See Supported features by platform.

The VMs (guests) that will be protected by the virtual appliance have these requirements:

  • Supported operating systems: See below.
  • Compatible vSphere versions: See this VMware Compatibility Guide.
  • Required drivers: If you plan to enable Anti-Malware protection through the virtual appliance, you must install the Guest Introspection Thin Agent with the File Introspection driver (vsepflt) on each guest.

    For installation instructions, see your VMware NSX documentation and search for Install the Guest Introspection Thin Agent.

Windows

  • Windows Server 2016
  • Windows Server 2012 R2 (64-bit)
  • Windows Server 2012 (64-bit)
  • Windows Server 2008 R2 (64-bit)
  • Windows Server 2008 (32-bit and 64-bit)
  • Windows Server 2003 SP2 or higher (32-bit and 64-bit)
  • Windows 10 (32-bit and 64-bit)
  • Windows 8.1 (32-bit and 64-bit)
  • Windows 8 (32-bit and 64-bit)
  • Windows 7 (32-bit and 64-bit)
  • Windows XP SP3 or higher (32-bit)

Linux

  • Red Hat Enterprise Linux 7 (64-bit)
  • Red Hat Enterprise Linux 6 (32-bit and 64-bit)
  • Red Hat Enterprise Linux 5 (32-bit and 64-bit)
  • CentOS 7 (32-bit and 64-bit)
  • CentOS 6 (32-bit and 64-bit)
  • CentOS 5 (64-bit)
  • Oracle Linux 7 (64-bit)
  • Oracle Linux 6 (32-bit and 64-bit) - Red Hat kernel
  • Oracle Linux 5 (32-bit and 64-bit) - Red Hat kernel
  • Oracle Linux 6 (64-bit) - Unbreakable Kernel
  • Oracle Linux 5 (64-bit) - Unbreakable Kernel
  • SUSE 12 (64-bit)
  • SUSE 11 SP1, SP2, SP3 (32-bit and 64-bit)
  • Ubuntu 16.04 LTS (64-bit)
  • Ubuntu 14.04 LTS (64-bit)

Deep Security Notifier requirements

If installed, Deep Security Notifier appears in the Windows system tray. If anti-malware is licensed and enabled, it indicates the statuses of Deep Security Agent, or the status of a VM protected by a Deep Security Virtual Appliance.

  • Windows Server 2016 (64-bit)
  • Windows Server 2012 or 2012 R2 (64-bit)
  • Windows Server 2008 R2 (64-bit)
  • Windows Server 2008 (32-bit and 64-bit)
  • Windows 10 (32-bit and 64-bit)
  • Windows 8.1 (32-bit and 64-bit)
  • Windows 8 (32-bit and 64-bit)
  • Windows 7 (32-bit and 64-bit)
  • Windows XP (32-bit and 64-bit)