System requirements

These requirements are for Deep Security 10.0. Requirements vary by version. For previous versions of Deep Security Manager / Agent / Relay / Virtual Appliance, see those versions' documentation.

Deep Security Manager

Applies to on-premise Deep Security software installations only

Minimum memory (RAM)

8 GB RAM, which includes:

  • 4 GB for heap memory
  • 1.5 GB for the Java virtual machine
  • 2 GB for the operating system

On Linux, reserved system memory is separate from process memory. Therefore, although the installer's estimate might be similar, it will detect less RAM than the computer actually has. To verify the computer's actual total RAM, log in with a superuser account and enter:

grep MemTotal /proc/meminfo
Minimum disk space 1.5 GB (5 GB+ recommended)
Operating system
  • Red Hat Enterprise Linux 7 (64-bit)
  • Red Hat Enterprise Linux 6 (64-bit)
  • Red Hat Enterprise Linux 5 (64-bit)
  • Windows Server 2012 / 2012 R2 (64-bit)
  • Windows Server 2008 / 2008 R2 (64-bit)

Deep Security Manager for AWS Marketplace requires AWS Linux (64-bit).

Database
  • Microsoft SQL Server 2014
  • Microsoft SQL Server 2012
  • Microsoft SQL Server 2008
  • Oracle Database 12c
  • Oracle Database 11g
  • Azure SQL Database (only with Deep Security Manager VM for Azure Marketplace)

Disk space required varies by the size of the deployment, data retention, and frequency of logging. See Sizing.

Minimum free disk space = (2 x database size) + transaction log

For example, if your database plus transaction log is 40 GB, you must have 80 GB (40 x 2) of free disk space for database schema upgrades. To free disk space, delete any unnecessary event log data and transaction logs.

  • Co-locate the database and all Deep Security Manager nodes in the same physical data center, with a 1 Gb link or better to ensure 2 ms latency or less between them.
  • Microsoft SQL Server Express can be used in proof-of-concept and testing environments, but it is not supported in production systems.
  • Oracle Database Express (XE) is not supported.
  • Oracle container database (CDB) configuration is not supported with Deep Security Manager multi-tenancy.
  • Apache Derby, which provided an embedded database for proof-of-concept and testing in previous versions of Deep Security, is not supported anymore.
Web browser

Cookies must be enabled.

  • Firefox 46.0.1+
  • Microsoft Internet Explorer 11+ or Edge
  • Google Chrome 50+
  • Apple Safari 9+ (for Mac)
Monitor 1024 x 768 resolution at 256 colors or higher
Supported Deep Security Agent / Relay / Virtual Appliance versions
  • Deep Security Agent / Relay / Virtual Appliance 10.0
  • Deep Security Agent / Relay / Virtual Appliance 9.6
  • Deep Security Agent / Relay / Virtual Appliance 9.5
Relays must be 64-bit. 32-bit relays are not supported.

For some platforms, Deep Security Agent 9.5, 9.6, or 10.0 does not exist. In those cases, Deep Security Manager 10.0 supports older versions.

  • Deep Security Agent 8.0 on Windows 2000
  • Deep Security Agent 9.0 on AIX 5.3, 6.1, or 7.1
  • Deep Security Agent 9.0 on HP-UX 11.31
  • Deep Security Agent 9.0 / 10.0 on Solaris 10 or 11

You must go to Administration > System Settings > Update and select Allow supported 8.0 and 9.0 Agents to be updated.

Deep Security Agent

Supported Deep Security features vary by platform. See Deep Security Supported Features by Platform.
Deep Security is designed to protect servers, not laptops.
To protect AWS WorkSpaces virtual desktop infrastructure (VDI) workstations, add the “Plus” application bundle instead. It includes Trend Micro Worry-Free Business Security.
Minimum memory (RAM)
  • all protection enabled: 5 GB RAM
  • anti-malware, IPS, and application control only: 2 GB RAM
  • relay feature only: 2 GB RAM
Minimum disk space
  • all protection enabled: 1 GB
  • without anti-malware: 500 MB
  • relay feature only: 30 GB
If you have many different platforms, then each Deep Security Relay must store more agent packages. Required disk space may be more.
Operating system

Deep Security Agent 10.0 is not currently available for Solaris, HP-UX, AIX, and Windows 2000. However, their latest Deep Security Agent version (9.0 or 8.0) is compatible with the new manager.

Supported Deep Security features vary by platform. See Deep Security Supported Features by Platform.

Windows

  • Windows Server 2016 (64-bit)
  • Windows Server 2012 / 2012 R2 (64-bit) — Full Server or Server Core
  • Windows Server 2008 R2 (64-bit)
  • Windows Server 2008 (32-bit and 64-bit)
  • Windows 10 / 10 TH2 (32-bit and 64-bit)

    If you have an existing Deep Security Agent 9.6 or earlier installation, and want to upgrade to Windows 10, see Manually install the Deep Security Agent.
  • Windows 8.1 (32-bit and 64-bit)
  • Windows 8 (32-bit and 64-bit)
  • Windows 7 (32-bit and 64-bit)
  • Windows Vista (32-bit and 64-bit)
  • Windows XP (32-bit and 64-bit)
  • Hyper-V on Windows 2012 R2, 2012, 2008 R2, 8, and 8.1

    Agents on Hyper-V only protect the hypervisor itself, not its guest OSes. Each guest OS must have its own agent, too.

    Combination mode with some agentless protection is not supported. (VMware ESXi hypervisor is required.)

  • with Deep Security Relay: Only 64-bit versions

Linux

Supported Linux kernels vary by distribution. See Deep Security 9.6 Supported Linux Kernels.
  • Red Hat Enterprise Linux 7 (32-bit and 64-bit)
  • Red Hat Enterprise Linux 6 (32-bit and 64-bit)
  • Red Hat Enterprise Linux 5 (32-bit and 64-bit)
  • CentOS 7 (32-bit and 64-bit)
  • CentOS 6 (32-bit and 64-bit)
  • CentOS 5 (32-bit and 64-bit)
  • Oracle Linux 7 (32-bit and 64-bit)
  • Oracle Linux 6 (32-bit and 64-bit)
  • Oracle Linux 5 (32-bit and 64-bit)
  • SUSE Enterprise Linux 12 (64-bit)
  • SUSE Enterprise Linux 11 SP1, SP2, and SP3 (32-bit and 64-bit)
  • CloudLinux 7 (32-bit and 64-bit)
  • CloudLinux 6 (32-bit and 64-bit)
  • Debian 7 (64-bit)
  • Ubuntu 16.04 LTS (64-bit)
  • Ubuntu 14.04 LTS (64-bit)
  • with Deep Security Relay: Only 64-bit versions
A Deep Security Relay is usually only required by Deep Security AMI from AWS Marketplace, not Deep Security as a Service.

Solaris

  • Solaris 11 / 11.2 / 11.3 (64-bit, SPARC / x86)
  • Solaris 10 Update 11 (64-bit, SPARC / x86)

Amazon AWS

Deep Security Agent is designed to protect servers, not laptops.
To protect AWS WorkSpaces virtual desktop infrastructure (VDI) workstations, add the “Plus” application bundle instead. It includes Trend Micro Worry-Free Business Security.

  • Amazon AMI Linux EC2 (64-bit)
  • Red Hat Enterprise Linux 7 EC2 (64-bit)
  • Red Hat Enterprise Linux 6 EC2 (32-bit and 64-bit)
  • Debian 7 (64-bit)
  • SUSE Enterprise Linux 12 (64-bit)
  • SUSE Enterprise Linux 11 EC2 (32-bit and 64-bit)
  • Ubuntu 16.04 LTS (64-bit)
  • Ubuntu 14.04 LTS (64-bit)
  • Windows Server 2016 (64-bit)
  • Windows Server 2012 R2 (64-bit)

Microsoft Azure

  • Windows Server 2016 (64-bit)
  • Windows Server 2012 R2 (64-bit)
  • Windows Server 2008 R2 (64-bit)
  • Windows 10 (32-bit and 64-bit)
  • Red Hat Enterprise Linux 7 (64-bit)
  • Red Hat Enterprise Linux 6 (64-bit)
  • CentOS 7 (64-bit)
  • CentOS 6 (64-bit)
  • Oracle Linux 7 (64-bit)
  • Oracle Linux 6 (64-bit)
  • SUSE Enterprise Linux 12 (64-bit)
  • SUSE Enterprise Linux 11 (64-bit)
  • Ubuntu 16.04 LTS (64-bit)
  • Ubuntu 14.04 LTS (64-bit)

To install Deep Security Agent on CentOS, use the Red Hat installer and package.

Deep Security Virtual Appliance

Applies to on-premise Deep Security software installations only

Because Deep Security Virtual Appliance uses the same protection modules as Deep Security Agents, if you import an update to the 64-bit Deep Security Agent for Red Hat, it may notify you that new software is available for the Virtual Appliance, like it does for Red Hat Agents.

VMware does not support running nested ESXi servers in production environments. For more information, see the VMware Knowledge Base article.
CPU

64-bit, Intel-VT or AMD-V present and enabled in BIOS

2vCPU

Minimum memory (RAM)

4 GB RAM (varies by the number of VMs being protected)

Minimum disk space 20 GB
VMware
  • VMware vCenter 6.0 with ESXi 5.5 / 6.0
  • VMware vCenter 5.5 with ESXi 5.5
  • VMware Tools on each ESXi host (including Guest Introspection)
  • VMware NSX Manager 6.2.4 or later

For details, see the VMware compatibility matrix.

If using a maximum transmission unit (MTU) of 9000 (also called "jumbo frames"), you must use VMware ESXi build 5.5.0.1797756 or later.
vSwitches vSphere Distributed Switch (vDS)
Guest operating system
Supported Deep Security features vary by platform. See Deep Security 10.0 supported features by platform.

Windows

  • Windows Server 2012 R2 (64-bit) (on vSphere 5.5 - ESXi build 1892794 or higher)
  • Windows Server 2012 (64-bit) (on vSphere 5.5 only)
  • Windows Server 2008 R2 (64-bit)
  • Windows Server 2008 (32-bit and 64-bit)
  • Windows Server 2003 SP2 or higher (32-bit and 64-bit)
  • Windows 10 (32-bit and 64-bit)
  • Windows Vista (32-bit)
  • Windows 8.1 (32-bit and 64-bit) (on vSphere 5.5 - ESXi build 1892794 or higher)
  • Windows 8 (32-bit and 64-bit) (on vSphere 5.5 only)
  • Windows 7 (32-bit and 64-bit)
  • Windows XP SP3 or higher (32-bit)

Linux

  • Red Hat Enterprise Linux 7 (64-bit)
  • Red Hat Enterprise Linux 6 (32-bit and 64-bit)
  • Red Hat Enterprise Linux 5 (32-bit and 64-bit)
  • CentOS 7 (32-bit and 64-bit)
  • CentOS 6 (32-bit and 64-bit)
  • CentOS 5 (64-bit)
  • Oracle Linux 7 (64-bit)
  • Oracle Linux 6 (32-bit and 64-bit) - Red Hat kernel
  • Oracle Linux 5 (32-bit and 64-bit) - Red Hat kernel
  • Oracle Linux 6 (64-bit) - Unbreakable Kernel
  • Oracle Linux 5 (64-bit) - Unbreakable Kernel
  • SUSE 12 (64-bit)
  • SUSE 11 SP1, SP2, SP3 (32-bit and 64-bit)
  • CloudLinux 6 (32-bit and 64-bit)
  • Ubuntu 16.04 LTS (64-bit)
  • Ubuntu 14.04 LTS (64-bit)

Deep Security Notifier

If installed, Deep Security Notifier appears in the Windows system tray. If anti-malware is licensed and enabled, it indicates the statuses of Deep Security Agent, or the status of a VM protected by a Deep Security Virtual Appliance.

  • Windows Server 2016 (64-bit)
  • Windows Server 2012 / 2012 R2 (64-bit)
  • Windows Server 2008 R2 (64-bit)
  • Windows Server 2008 (32-bit and 64-bit)
  • Windows 10 (32-bit and 64-bit)
  • Windows 8.1 (32-bit and 64-bit)
  • Windows 8 (32-bit and 64-bit)
  • Windows 7 (32-bit and 64-bit)
  • Windows Vista (32-bit and 64-bit)
  • Windows XP (32-bit and 64-bit)