Use a web server to distribute software updates

Deep Security software updates are normally hosted and distributed by relay-enabled agents (see Update Deep Security software). However, if you already have a web server, you can provide software updates via the web server instead of a relay-enabled agent. To do this, you must mirror the software repository of the relay-enabled agent on your web server.

Although Deep Security Agents can download their software updates from the web server, at least one relay is still required to distribute security package updates such as anti-malware and IPS signatures (see Get and distribute security updates).
Even though you are using your own web servers to distribute software, you must still import agent software from the Trend Micro Download Center into the Deep Security Manager using the options on the Administration > Updates > Software screens. Then you must ensure that your software web server contains the same software that has been imported into Deep Security Manager, otherwise the alerts and other indicators that tell you about available updates will not function properly.

Web server requirements

Disk Space: 20 GB

Ports: Web server and relay port numbers

Copy the folder structure

Mirror the folder structure of the software repository folder on a relay-enabled agent. Methods vary by platform and network. For example, you could use rsync over SSH for a Linux computer and network that allows SSH.

On Windows, the default location for the relay-enabled agent's software repository folder is:

C:\ProgramData\Trend Micro\Deep Security Agent\relay\www\dsa\

On Linux, the default location for the Relay's software repository folder is:

 /var/opt/ds_agent/relay/www/dsa/

The structure of the folder is like this:

|-- dsa
|    |-- <Platform>.<Architecture>
|         |--  <Filename>
|         |--  <Filename>
|         |--  ...
|        
|    |-- <Platform>.<Architecture>
|         |--  <Filename>
|         |--  <Filename>
|         |--  ...

For example:

|-- dsa
|    |--  CentOS_6.x86_64
|         |--   Feature-AM-CentOS_6-9.5.1-1097.x86_64.dsp
|         |--   Feature-DPI-CentOS_6-9.5.1-1097.x86_64.dsp
|         |--   Feature-FW-CentOS_6-9.5.1-1097.x86_64.dsp
|         |--   Feature-IM-CentOS_6-9.5.1-1097.x86_64.dsp
|         |--  ...
|        
|    |--  RedHat_EL6.x86_64
|         |--   Agent-Core-RedHat_EL6-9.5.1-1306.x86_64.rpm
|         |--   Feature-AM-RedHat_EL6-9.5.1-1306.x86_64.dsp
|         |--   Feature-DPI-RedHat_EL6-9.5.1-1306.x86_64.dsp
|         |--   Feature-FW-RedHat_EL6-9.5.1-1306.x86_64.dsp
|         |--  ...
|         |--   Plugin-Filter_2_6_32_131_0_15_el6_x86_64-RedHat_EL6-9.5.1-1306.x86_64.dsp
|         |--   Plugin-Filter_2_6_32_131_12_1_el6_x86_64-RedHat_EL6-9.5.1-1306.x86_64.dsp
|         |--  ...
|        
|    |-- Windows.x86_64
|         |--  Agent-Core-Windows-9.5.1-1532.x86_64.msi
|         |--  Agent-Core-Windows-9.5.1-1534.x86_64.msi
|         |--  Feature-AM-Windows-9.5.1-1532.x86_64.dsp
|         |--  Feature-AM-Windows-9.5.1-1534.x86_64.dsp
|         |--  Feature-DPI-Windows-9.5.1-1532.x86_64.dsp
|         |--  Feature-DPI-Windows-9.5.1-1534.x86_64.dsp
|         |--  ...
|         |--  Plugin-Filter-Windows-9.5.1-1532.x86_64.dsp
|         |--  Plugin-Filter-Windows-9.5.1-1534.x86_64.dsp
|         |--  ...

The example above shows only a few files and folders. Inside a complete dsa folder, there are more. If you need to save disk space or bandwidth, you don't need to mirror all of them. You're only required to mirror the files that apply to your computers' platforms.

Configure agents to use the new software repository

When the mirror on the web server is complete, configure Deep Security Agents to get their software updates from your web server.

  1. On Deep Security Manager, go to Administration > System Settings > Updates.
  2. In the Software Updates section, enter the URL(s) of the mirror folder(s) on your web server(s).
  3. Click Save.
Verify that connectivity between agents and your web server is reliable. If the connection is blocked, agents will instead use the relay-enabled agent.