System requirements

Each part of a Deep Security deployment has its own system requirements.

Requirements vary by version. For older versions of Deep Security Manager, agents, relays, or virtual appliances, see their documentation.

If you plan to operate Deep Security in FIPS mode, see FIPS 140-2 support for additional requirements.

Deep Security Manager

For a list of agents versions that are compatible with this version of Deep Security Manager, see Deep Security Agent platforms .

System component Requirements
Minimum memory (RAM)

Minimum RAM requirements depend on the number of agents that are being managed. See Deep Security Manager sizing.


On Linux, reserved system memory is separate from process memory. Therefore, although the installer's estimate might be similar, it will detect less RAM than the computer actually has. To verify the computer's actual total RAM, log in with a superuser account and enter:
grep MemTotal /proc/meminfo
Minimum disk space 1.5 GB (200 GB recommended)
Operating system
  • Red Hat Enterprise Linux 7 (64-bit)
  • Red Hat Enterprise Linux 6 (64-bit)
  • Windows Server 2016 (64-bit)
  • Windows Server 2012 or 2012 R2 (64-bit)
  • Windows Server 2008 or 2008 R2 (64-bit)

Deep Security Manager for AWS Marketplace requires AWS Linux (64-bit).

Database
  • PostgreSQL 9.6.x (only Core or Amazon RDS distributions)
  • Microsoft SQL Server 2016
  • Microsoft SQL Server 2014
  • Microsoft SQL Server 2012
  • Microsoft SQL Server 2008
  • Microsoft SQL Server 2008 R2
  • Microsoft SQL RDS or Oracle RDS
  • Azure SQL Database (SaaS) (multi-tenancy is not supported)
  • Oracle 11g, 12c, 18c, all supported when deployed as software or when used with Amazon RDS

Disk space required varies by the size of the deployment, data retention, and frequency of logging. See Sizing.

Minimum free disk space = (2 x database size) + transaction log

For example, if your database plus transaction log is 40 GB, you must have 80 GB (40 x 2) of free disk space for database schema upgrades. To free disk space, delete any unnecessary event log data and transaction logs.

  • Deep Security Manager support for PostgreSQL includes any minor versions of compatible PostgreSQL releases.
  • Microsoft SQL Server Express is only supported in very limited deployments. See Microsoft SQL Server Express considerations.
  • Microsoft SQL Server service packs for these versions are also supported.
  • Microsoft SQL Server is only supported when database containment is set to NONE. For details, see this Microsoft webpage on contained databases.
  • Oracle Database Express (XE) is not supported.
  • Oracle container database (CDB) configuration is not supported with Deep Security Manager multi-tenancy.
  • Apache Derby, which provided an embedded database for proof-of-concept and testing in previous versions of Deep Security, is not supported anymore.
Web browser

Cookies must be enabled.

  • Firefox 52.0 or higher
  • Microsoft Internet Explorer 11 or higher, or Edge
  • Google Chrome 57 or higher
  • Apple Safari 9 or higher (for Mac)
Monitor 1024 x 768 resolution at 256 colors or higher
Supported Deep Security Agent, Relay, or Virtual Appliance versions
  • Deep Security Agent, Relay, or Virtual Appliance 11.0
  • Deep Security Agent, Relay, or Virtual Appliance 10.3
  • Deep Security Agent, Relay, or Virtual Appliance 10.2
  • Deep Security Agent, Relay, or Virtual Appliance 10.1
  • Deep Security Agent, Relay, or Virtual Appliance 10.0
  • Deep Security Agent, or Relay 9.6 (there is no 9.6 version of the Virtual Appliance)
Relays must be 64-bit. 32-bit relays are not supported.

Notes:

  • Relays must be 64-bit. 32-bit relays are not supported.
  • Most 9.6 Agents and 9.6 Relays have now reached their end-of-life date, and should be upgraded. For a limited number of platforms, support for 9.6 has been extended. For details, see this Help Center page: https://help.deepsecurity.trendmicro.com/ds-lifecycle-lts-dates.html
  • For some platforms, a 10.0, 10.1, 10.2, 10.3, or 11.0 Agent does not exist. In those cases, the 11.0 Manager supports older versions. For a list of older agent versions that are still supported, see this Help Center page: https://help.deepsecurity.trendmicro.com/ds-lifecycle-lts-dates.html
  • When using an older agent, you must go to Administration > System Settings > Update and select Allow supported 8.0 and 9.0 Agents to be updated. Otherwise Deep Security will conserve disk space by not downloading older update formats.

Deep Security Agent 11.0

System component Requirements

Minimum memory (RAM)

Total system memory

Requirements vary by OS version and the features that you enable. See Deep Security Agent and Relay sizing.
Minimum disk space See Deep Security Agent and Relay sizing.
Operating system

For compatible Docker and OS platforms, see Deep Security Agent platforms .

On supported versions of Microsoft Windows, you must have at least Powershell version 4.0 to run the agent deployment script.

Deep Security Virtual Appliance

Because Deep Security Virtual Appliance uses the same protection modules as Deep Security Agents, if you import an update to the 64-bit Deep Security Agent for Red Hat, it may notify you that new software is available for the Virtual Appliance, like it does for Red Hat agents.

VMware does not support running nested ESXi servers in production environments. For more information, see the VMware Knowledge Base article.
System component Requirements
CPU

64-bit, Intel-VT or AMD-V present and enabled in BIOS

2 vCPU

Minimum memory (RAM)

Varies by the number of VMs being protected. See Deep Security Virtual Appliance sizing.

Minimum disk space 40 GB
VMware

VMware NSX Data Center for vSphere:

  • VMware vCenter 6.7 with ESXi 6.7 (supported by Deep Security Manager 11.0 Update 1 and later)
  • VMware vCenter 6.5 with ESXi 6.0 or 6.5
  • VMware vCenter 6.0 with ESXi 6.0
  • VMware NSX Manager 6.3 or later
    VMware vSphere 6.5a is the minimum supported version with NSX for vSphere 6.3.0.

VMware vCloud Director:

  • versions up to and including 9.1 are supported

For details, see the VMware compatibility matrix.

For more information about VMware product interoperability, see VMware Interoperability Matrices.

vSwitches
  • vSphere Standard Switch (vSS)
  • vSphere Distributed Switch (vDS)

Use vSS with NSX for vShield Endpoint, NSX Standard, and NSX Data Center Standard licenses. (These license types only support vSS.) Use vDS with all other NSX license types.

Guest VMs
Supported Deep Security features vary by platform. See Supported features by platform.

The VMs (guests) that will be protected by the virtual appliance have these requirements:

  • Supported operating systems: See below.
  • Compatible vSphere versions: See this VMware Compatibility Guide.
  • Required drivers: If you plan to enable Anti-Malware protection through the virtual appliance, you must install the Guest Introspection Thin Agent with the File Introspection driver (vsepflt) on each guest.

    For installation instructions, see your VMware NSX documentation and search for Install the Guest Introspection Thin Agent.

Windows

  • Windows Server 2016 (64-bit)
  • Windows Server 2012 R2 (64-bit)
  • Windows Server 2012 (64-bit)
  • Windows Server 2008 R2 (64-bit)
  • Windows Server 2008 (32-bit and 64-bit)
  • Windows 10 (32-bit and 64-bit)
  • Windows 10 RS2 (32-bit and 64-bit)
  • Windows 8.1 (32-bit and 64-bit)
  • Windows 8 (32-bit and 64-bit)
  • Windows 7 (32-bit and 64-bit)

Linux

  • Red Hat Enterprise Linux 7 (64-bit)
  • Red Hat Enterprise Linux 6 (32-bit and 64-bit)
  • CentOS 7 (64-bit)
  • CentOS 6 (32-bit and 64-bit)
  • Oracle Linux 7 (64-bit)
  • Oracle Linux 6 (32-bit and 64-bit)
  • SUSE 12 (64-bit)
  • SUSE 11 SP1, SP2, SP3, SP4 (32-bit and 64-bit)
  • Ubuntu 16.04 LTS (64-bit)
  • Debian 8 (64-bit)

Deep Security Notifier

If installed, Deep Security Notifier appears in the Windows system tray. If anti-malware is licensed and enabled, it indicates the statuses of Deep Security Agent, or the status of a VM protected by a Deep Security Virtual Appliance. Supported platforms include:

  • Windows Server 2016 (64-bit)
  • Windows Server 2012 or 2012 R2 (64-bit)
  • Windows Server 2008 R2 (64-bit)
  • Windows Server 2008 (32-bit and 64-bit)
  • Windows 10 (32-bit and 64-bit)
  • Windows 8.1 (32-bit and 64-bit)
  • Windows 8 (32-bit and 64-bit)
  • Windows 7 (32-bit and 64-bit)
  • Windows XP (32-bit and 64-bit)