Configure a web server to provide software updates

Deep Security software updates are normally hosted and distributed by Relays. To deploy a Deep Security Agent on a computer, you must first import the Agent software installer for the platform into Deep Security Manager. Initially, the installer only installs the agent's core functionality. Plug-in modules required for each security feature (intrusion prevention, firewall, etc.) are installed later, when you enable that feature. Deep Security Manager deploys the required plug-in to the computer via the Deep Security Relay. This minimizes the agent's footprint on each computer.

If you already have a web server, you can provide software updates via the web server instead of a Relay. To do this, you must mirror the software repository of the Deep Security Relay on your web server.

Although Deep Security Agents can download their software updates from the web server, at least one Deep Security Relay is still required to distribute security package updates such as anti-malware and IPS signatures.

Web server requirements

Disk Space:: 20 GB

Ports: Web server and relay port numbers

Copy the folder structure

Mirror the folder structure of the software repository folder on a Deep Security Relay. Methods vary by platform and network. For example, you could use rsync over SSH for a Linux computer and network that allows SSH.

On Windows, the default location for the Relay's software repository folder is:

C:\ProgramData\Trend Micro\Deep Security Agent\relay\www\dsa\

On Linux, the default location for the Relay's software repository folder is:


The structure of the folder is like this:

|-- dsa
|    |-- <Platform>.<Architecture>
|         |--  <Filename>
|         |--  <Filename>
|         |--  ...
|    |-- <Platform>.<Architecture>
|         |--  <Filename>
|         |--  <Filename>
|         |--  ...

For example:

|-- dsa
|    |--  CentOS_6.x86_64
|         |--   Feature-AM-CentOS_6-9.5.1-1097.x86_64.dsp
|         |--   Feature-DPI-CentOS_6-9.5.1-1097.x86_64.dsp
|         |--   Feature-FW-CentOS_6-9.5.1-1097.x86_64.dsp
|         |--   Feature-IM-CentOS_6-9.5.1-1097.x86_64.dsp
|         |--  ...
|    |--  RedHat_EL6.x86_64
|         |--   Agent-Core-RedHat_EL6-9.5.1-1306.x86_64.rpm
|         |--   Feature-AM-RedHat_EL6-9.5.1-1306.x86_64.dsp
|         |--   Feature-DPI-RedHat_EL6-9.5.1-1306.x86_64.dsp
|         |--   Feature-FW-RedHat_EL6-9.5.1-1306.x86_64.dsp
|         |--  ...
|         |--   Plugin-Filter_2_6_32_131_0_15_el6_x86_64-RedHat_EL6-9.5.1-1306.x86_64.dsp
|         |--   Plugin-Filter_2_6_32_131_12_1_el6_x86_64-RedHat_EL6-9.5.1-1306.x86_64.dsp
|         |--  ...
|    |-- Windows.x86_64
|         |--  Agent-Core-Windows-9.5.1-1532.x86_64.msi
|         |--  Agent-Core-Windows-9.5.1-1534.x86_64.msi
|         |--  Feature-AM-Windows-9.5.1-1532.x86_64.dsp
|         |--  Feature-AM-Windows-9.5.1-1534.x86_64.dsp
|         |--  Feature-DPI-Windows-9.5.1-1532.x86_64.dsp
|         |--  Feature-DPI-Windows-9.5.1-1534.x86_64.dsp
|         |--  ...
|         |--  Plugin-Filter-Windows-9.5.1-1532.x86_64.dsp
|         |--  Plugin-Filter-Windows-9.5.1-1534.x86_64.dsp
|         |--  ...

The example above shows only a few files and folders. Inside a complete Deep Security Relay's dsa folder, there are more. If you need to save disk space or bandwidth, you don't need to mirror all of them. You're only required to mirror the files that apply to your computers' platforms.

Configure agents to use the new software repository

When the mirror on the web server is complete, configure Deep Security to get their software updates from your web server.

  1. On Deep Security Manager, go to Administration > System Settings > Updates.
  2. In the Software Updates section, enter the URL(s) of the mirror folder(s) on your web server(s).
  3. Click Save.
Verify that connectivity between agents and your web server is reliable. If the connection is blocked, agents will instead use the Deep Security Relay.