Deep Security release strategy and life cycle policy
Deep Security has two release types:
- Long-term support (LTS) releases: LTS releases of Deep Security are made available on an annual basis and include new functionality, enhancements for existing functionality, and bug fixes. LTS releases include long-term support, as described in LTS release support duration and upgrade recommendations, below. Once an LTS release is made generally available, updates to LTS releases are restricted to only fixes and small enhancements. Examples of LTS releases: Deep Security 10.0, Deep Security 11.0, Deep Security 12.0.
- Feature releases (FR): Feature releases provide early access to new functionality and are released continuously throughout the year. This means that with feature releases, you can immediately benefit from new functionality without having to wait for the next LTS release of Deep Security. Feature release functionality is cumulative and is ultimately rolled into the next LTS release. FRs are released much more frequently than LTS releases and have a shorter support period, as described in Feature release support duration and upgrade recommendations, below.
LTS releases are suitable for customers who desire greater control over the introduction of new features into their environment and who benefit from a longer support period.
Feature releases are suitable for customers who want access to features as they become available and have the ability to upgrade Deep Security on a regular basis to accommodate the shorter support period that comes with feature releases.
No matter which release type you choose, we encourage you to upgrade agents regularly. New agent releases provide additional security features and protection, higher quality, performance improvements, and updates to stay in sync with releases from each platform vendor.
LTS release support duration and upgrade recommendations
Component | Best practice for upgrades | Support |
---|---|---|
Deep Security Manager | Upgrade at least yearly. | 3 years standard support 4 years extended support |
Deep Security Agent | Upgrade at least every 2 years. LTS agents support upgrades from the last two major releases (for example Deep Security Agent 10.0 to Deep Security Agent 12 LTS). Plan to upgrade regularly to ensure that you remain on a supported release and are able to upgrade to the latest software with a single upgrade. | 3 years standard support 4 years extended support |
Deep Security Agent (platforms where an older release of the agent is the 'latest' agent for that platform) | If platform support is only provided by an older release of Deep Security Agent (for example, Windows 2000 uses a 9.6 agent and Red Hat Enterprise Linux 5 uses a 10.0 agent), use the latest agent for that platform and upgrade as updates are released. For details on which agent versions are supported for each platform, see Deep Security Agent platforms. | Platform specific |
Deep Security Relay | Deep Security Relay is simply a Deep Security Agent that has relay functionality enabled. The upgrade recommendations and support policies for agents also apply to relays. | Same as agent |
Deep Security Virtual Appliance | See "Appliance support duration and upgrade recommendations" in Upgrade the Deep Security Virtual Appliance. |
Trend Micro publishes a list of end-of-life products.
Feature release support duration and upgrade recommendations
All updates will be provided via regularly scheduled feature releases.
Component | Best practice for upgrades | Support |
---|---|---|
Deep Security Manager | Upgrade at least yearly. | 18 months* |
Deep Security Agent | Upgrade at least yearly. Upgrades are supported for 18 months after a feature release. Plan to upgrade regularly to ensure that you remain on a supported release and are able to upgrade to the latest software with a single upgrade. | 18 months* |
Deep Security Relay | Deep Security Relay is simply a Deep Security Agent that has relay functionality enabled. The upgrade recommendations and support policies for agents also apply to relays. | Same as agent |
Deep Security Virtual Appliance | See "Appliance support duration and upgrade recommendations" in Upgrade the Deep Security Virtual Appliance. |
* The Deep Security team will make all reasonable attempts to not change the minimum Deep Security Manager version required to use a new agent; however, some new agents may require a manager upgrade.
Customers raising a support case on an FR that is more than 18 months old will be required to upgrade to an FR that is within the support period before support can be provided.
Support services
The following table indicates which support items are available during the life cycle of Deep Security LTS and FR releases.
Support item | LTS - standard support | LTS - extended support | FR(1) | Delivery mechanism |
---|---|---|---|---|
New features | ✔ |
|
||
Small enhancements (no change to core functionality) | ✔ | ✔ |
|
|
Linux kernel updates | ✔ | On request | ✔ |
|
General bug fixes | ✔ | ✔ |
|
|
Critical bug fixes (system crash or hang, or loss of major functionality) | ✔ | ✔ | ✔ |
|
Critical and high vulnerability fixes | ✔ | ✔ | ✔ |
|
Medium and low vulnerability fixes | ✔ | ✔ |
|
|
Anti-Malware pattern updates | ✔ | ✔ | ✔ |
|
Intrusion prevention system, integrity monitoring, and log inspection rules updates | ✔ | ✔ | ✔ |
|
Support for Agents and Deep Security Manager on new versions of supported operating systems | ✔ | ✔ |
|
(1) starting with Deep Security 12 Feature Releases. The support statement for existing DS 10.x and DS 11.x feature releases are unchanged. Please refer to the DS 10.x and DS 11.x documentation for the support policy statement for those releases.
Agent platform support policy
Deep Security Agent software is released several times a year as described above. Agent platforms (operating systems) are supported according to the policy below. We recognize that in some cases you must commit to platforms for many years. This policy is designed to provide predictability when you deploy Deep Security in these environments:
- The agent is supported on a large range of platforms, as shown in the Agent platform support table.
- The support duration of any individual release of agent software is described in the tables above. For example, you'll receive 3years of standard support and 4years of extended support for LTS releases of the agent (10.0, 11.0, and so on). In cases where you plan to use an OS platform for an extended period of time, you must also plan to upgrade the agent software on a regular basis to stay within the support life cycle for any specific Deep Security software release. In cases where an older agent is recommended for a given platform, this agent will be considered a part of the overall solution and takes on the support dates for the release in which it is contained. See the bullet below for details.
- Platforms continue to be supported until at least the OS vendor's end-of-extended-support date. Where interest dictates, Trend Micro extends support significantly beyond this date.
- To ensure that you have the latest performance and security updates from your OS vendor, Trend Micro strongly encourages you to move to the latest version of the OS for which an agent is available.
- We strive to release a new version of the Deep Security Agent for all supported platforms. However, in some cases we recommend the use of a previous release of the agent to provide coverage for older platforms. For example, with Deep Security 11.0, the latest agent for Windows 2000 is Deep Security Agent 9.6. This 9.6 agent becomes part of the overall 11.0 Deep Security solution and takes on the support dates for the release in which it is contained.
- You’ll always receive advance warning if we end support for a platform, and we’ll never shorten the support life cycle of a software release post-General Availability (GA).*
* Once a platform is no longer supported by the OS vendor, there is a risk that a technical issue arises that cannot be fixed without the support of the OS vendor. If this situation occurs, Trend Micro will communicate the limitation to you immediately. Note that this situation may result in loss of functionality. We will do our best to deal with any technical issues if they arise.