System requirements

These requirements are for Deep Security 10.1. Requirements vary by version. For previous versions of Deep Security Manager, agents, relays, or virtual appliances, see the documentation for Deep Security 9.6 SP1 or earlier or for Deep Security 10.0.

Deep Security Manager

System component Requirements
Minimum memory (RAM) 8 GB RAM, which includes:
  • 4 GB for heap memory
  • 1.5 GB for the Java virtual machine
  • 2 GB for the operating system

Minimum RAM requirements depend on the number of agents that are being managed. (See Sizing.)


On Linux, reserved system memory is separate from process memory. Therefore, although the installer's estimate might be similar, it will detect less RAM than the computer actually has. To verify the computer's actual total RAM, log in with a superuser account and enter:
grep MemTotal /proc/meminfo
Minimum disk space 1.5 GB (5 GB+ recommended)
Operating system
  • Red Hat Enterprise Linux 7 (64-bit)
  • Red Hat Enterprise Linux 6 (64-bit)
  • Red Hat Enterprise Linux 5 (64-bit)
  • Windows Server 2012 or 2012 R2 (64-bit)
  • Windows Server 2008 or 2008 R2 (64-bit)

Deep Security Manager for AWS Marketplace requires AWS Linux (64-bit).

Database
  • Microsoft SQL Server 2014
  • Microsoft SQL Server 2012
  • Microsoft SQL Server 2008
  • Microsoft SQL Server 2008 R2
  • Oracle Database 12c
  • Oracle Database 11g
  • PostgreSQL 9.6. Distributions that have been tested for use with Deep Security are:
  • Microsoft SQL RDS or Oracle RDS
  • Azure SQL Database (SaaS) (only with Deep Security Manager VM for Azure Marketplace)

Disk space required varies by the size of the deployment, data retention, and frequency of logging. See Sizing.

Minimum free disk space = (2 x database size) + transaction log

For example, if your database plus transaction log is 40 GB, you must have 80 GB (40 x 2) of free disk space for database schema upgrades. To free disk space, delete any unnecessary event log data and transaction logs.

  • Co-locate the database and all Deep Security Manager nodes in the same physical data center, with a 1 Gb link or better to ensure 2 ms latency or less between them.
  • Microsoft SQL Server 2008 and Microsoft SQL Server 2008 R2 are deprecated and will not be supported by future releases. Plan to migrate to a newer version of Microsoft SQL Server if you're using them.

  • Microsoft SQL Server Express is supported in very limited deployments. See Microsoft SQL Server Express considerations for important details.
  • Oracle Database Express (XE) is not supported.
  • Oracle container database (CDB) configuration is not supported with Deep Security Manager multi-tenancy.
  • Apache Derby, which provided an embedded database for proof-of-concept and testing in previous versions of Deep Security, is not supported anymore.
Web browser

Cookies must be enabled.

  • Firefox 52.0.1+
  • Microsoft Internet Explorer 11+ or Edge
  • Google Chrome 57+
  • Apple Safari 9+ (for Mac)
Monitor 1024 x 768 resolution at 256 colors or higher
Supported Deep Security Agent, Relay, or Virtual Appliance versions
  • Deep Security Agent, Relay, or Virtual Appliance 10.1
  • Deep Security Agent, Relay, or Virtual Appliance 10.0
  • Deep Security Agent, Relay, or Virtual Appliance 9.6
Relays must be 64-bit. 32-bit relays are not supported.

For some platforms, the supported versions of Deep Security Agent listed above do not exist. Deep Security Manager 10.1 supports older agents on these specific platforms:

  • Deep Security Agent 9.0 on AIX 5.3, 6.1, 7.1. or 7.2
  • Deep Security Agent 9.0 on HP-UX 11.31
  • Deep Security Agent 9.0 on Solaris 10 Updates 4 - 10
  • Deep Security Agent 10.0 on Solaris 10 Update 11 (1/13) and Solaris 11

When using an older agent, you must go to Administration > System Settings > Update and select Allow supported 8.0 and 9.0 Agents to be updated. Otherwise Deep Security will conserve disk space by not downloading older update formats.

Deep Security Agent

System component Requirements

Minimum memory (RAM)

Total system memory

Windows

  • all protection enabled: 2 GB RAM (4 GB recommended)
  • Deep Security Relay feature only: 2 GB RAM (4 GB recommended)

Linux

  • all protection enabled: 1 GB RAM (5 GB recommended)
  • Deep Security Relay feature only: 1 GB RAM (4 GB recommended)
Requirements vary by OS version. Some versions may require less RAM. Less RAM is required also if you don't enable all Deep Security features.
Minimum disk space
  • all protection enabled: 1 GB
  • without anti-malware: 500 MB
  • Deep Security Relay feature only: 30 GB
Deep Security Relay must store packages for each of your agents' platforms. If you have many different platforms, more disk space is required.
Operating system

This section lists the supported operating systems for Deep Security Agent 10.1. For a list of other agent and platform combinations that are supported with Deep Security Manager 10.1, see Deep Security Manager - Agent compatibility by platform.

Supported Deep Security features vary by platform.

Windows

  • Windows Server 2016 (64-bit)
  • Windows Server 2012 or 2012 R2 (64-bit) — Full Server or Server Core
  • Windows Server 2008 R2 (64-bit)
  • Windows Server 2008 (32-bit and 64-bit)
  • Windows 10, 10 TH2, or 10 RS2 (32-bit and 64-bit)

    If you have an existing Deep Security Agent 9.6 or earlier installation, and want to upgrade to Windows 10, see Manually install the Deep Security Agent.
  • Windows 8.1 (32-bit and 64-bit)
  • Windows 8 (32-bit and 64-bit)
  • Windows 7 (32-bit and 64-bit)
  • Windows XP Embedded (32-bit)
  • Hyper-V on Windows 2012 R2, 2012, 2008 R2, 7, and 8.1

    Agents on Hyper-V only protect the hypervisor itself, not its guest OSes. Each guest OS must have its own agent, too.

    Combination mode with some agentless protection is not supported. (VMware ESXi hypervisor is required.)

  • Deep Security Relay feature enabled: Only 64-bit versions

Linux

Supported Linux kernels vary by distribution. See Deep Security 10.1 Supported Linux Kernels.
  • Red Hat Enterprise Linux 7 (64-bit)
  • Red Hat Enterprise Linux 6 (32-bit and 64-bit)
  • CentOS 7 (64-bit)
  • CentOS 6 (32-bit and 64-bit)
  • Oracle Linux 7 (64-bit)
  • Oracle Linux 6 (32-bit and 64-bit)
  • SUSE Enterprise Linux 12 (64-bit)
  • SUSE Enterprise Linux 11 SP1, SP2, SP3, and SP4 (32-bit and 64-bit)
  • CloudLinux 7 (64-bit)
  • Debian 8 (64-bit)
  • Ubuntu 16.04 LTS (64-bit)
  • with Deep Security Relay: Only 64-bit versions
A Deep Security Relay is usually only required by Deep Security AMI from AWS Marketplace, not Deep Security as a Service.

Amazon AWS

Deep Security Agent is designed to protect servers, not laptops.
To protect AWS WorkSpaces virtual desktop infrastructure (VDI) workstations, add the “Plus” application bundle instead. It includes Trend Micro Worry-Free Business Security.
  • Amazon AMI Linux 6 (64-bit)
  • Red Hat Enterprise Linux 7 EC2 (64-bit)
  • Red Hat Enterprise Linux 6 EC2 (32-bit and 64-bit)
  • Debian 8 (64-bit)
  • SUSE Enterprise Linux 12 EC2 (64-bit)
  • SUSE Enterprise Linux 11 EC2 (32-bit and 64-bit)
  • Ubuntu 16.04 LTS (64-bit)
  • Windows Server 2016 (64-bit)
  • Windows Server 2012 R2 (64-bit)

Microsoft Azure

  • Windows Server 2016 (64-bit)
  • Windows Server 2012 R2 (64-bit)
  • Windows Server 2008 R2 (64-bit)
  • Windows 10 (64-bit)
  • Red Hat Enterprise Linux 7 (64-bit)
  • Red Hat Enterprise Linux 6 (64-bit)
  • Debian 8 (64-bit)
  • CentOS 7 (64-bit)
  • CentOS 6 (64-bit)
  • Oracle Linux 7 (64-bit)
  • Oracle Linux 6 (64-bit)
  • SUSE Enterprise Linux 12 (64-bit)
  • SUSE Enterprise Linux 11 (64-bit)
  • Ubuntu 16.04 LTS (64-bit)

To install Deep Security Agent on CentOS, use the Red Hat installer and package.

Deep Security Notifier

If installed, Deep Security Notifier appears in the Windows system tray. If anti-malware is licensed and enabled, it indicates the statuses of Deep Security Agent, or the status of a VM protected by a Deep Security Virtual Appliance.

  • Windows Server 2016 (64-bit)
  • Windows Server 2012 or 2012 R2 (64-bit)
  • Windows Server 2008 R2 (64-bit)
  • Windows Server 2008 (32-bit and 64-bit)
  • Windows 10 (32-bit and 64-bit)
  • Windows 8.1 (32-bit and 64-bit)
  • Windows 8 (32-bit and 64-bit)
  • Windows 7 (32-bit and 64-bit)
  • Windows XP (32-bit and 64-bit)

Docker support

With each Deep Security release, Deep Security supports the last 2 stable releases of Docker Community Edition (CE) and Docker Enterprise Edition (EE). (See Announcing Docker Enterprise Edition.) We do not officially support Docker Edge releases, but strive to test against Docker Edge releases to the best of our ability.

Support for new stable Docker releases is introduced with each release of Deep Security. We recommend that you refrain from upgrading to the latest stable release of Docker until Trend Micro documents the support statements for the latest Deep Security release.

Deep Security release Supported Docker Releases
Deep Security 10.0 Docker v1.12, v1.13
Deep Security 10.1 Docker 17.03-ce, v1.13

Deep Security is committed to supporting the environments, configurations, and platforms supported by Docker: https://docs.docker.com/engine/installation/.

Before deploying Deep Security into your target environment, you should ensure that Docker supports your target environment and platform configuration.