Use a web server to distribute software updates

Deep Security software updates are normally hosted and distributed by relays. However, if you already have a web server, you can provide software updates via the web server instead of a relay. To do this, you must mirror the software repository of the relay on your web server.

Although Deep Security Agents can download their software updates from the web server, at least one relay is still required to distribute security package updates such as anti-malware and IPS signatures (see Apply security updates).
Even though you are using your own web servers to distribute software, you must still go to Administration > Updates > Software and import software into the Deep Security Manager's database. Then you must ensure that your software web server contains the same software that has been imported into Deep Security Manager. Otherwise the alerts and other indicators that tell you about available updates will not function properly.

Web server requirements

Disk Space: 20 GB

Ports: Web server port, relay port

Copy the folder structure

Mirror the folder structure of the software repository folder on a relay-enabled agent. Methods vary by platform and network. For example, you could use rsync over SSH for a Linux computer and network that allows SSH.

On Windows, the default location for the relay-enabled agent's software repository folder is:

C:\ProgramData\Trend Micro\Deep Security Agent\relay\www\dsa\

On Linux, the default location for the Relay's software repository folder is:

 /var/opt/ds_agent/relay/www/dsa/

The structure of the folder is like this:

|-- dsa
|    |-- <Platform>.<Architecture>
|         |--  <Filename>
|         |--  <Filename>
|         |--  ...
|        
|    |-- <Platform>.<Architecture>
|         |--  <Filename>
|         |--  <Filename>
|         |--  ...

For example:

|-- dsa
|    |--  CentOS_<version>.x86_64
|         |--   Feature-AM-CentOS_<version>.x86_64.dsp
|         |--   Feature-DPI-CentOS_<version>.x86_64.dsp
|         |--   Feature-FW-CentOS_<version>.x86_64.dsp
|         |--   Feature-IM-CentOS_<version>.x86_64.dsp
|         |--  ...
|        
|    |--  RedHat_EL6.x86_64
|         |--   Agent-Core-RedHat_<version>.x86_64.rpm
|         |--   Feature-AM-RedHat_<version>.x86_64.dsp
|         |--   Feature-DPI-RedHat_<version>.x86_64.dsp
|         |--   Feature-FW-RedHat_<version>.x86_64.dsp
|         |--  ...
|         |--   Plugin-Filter_2_6_32_131_0_15_el6_x86_64-RedHat_<version>.x86_64.dsp
|         |--   Plugin-Filter_2_6_32_131_12_1_el6_x86_64-RedHat_<version>.x86_64.dsp
|         |--  ...
|        
|    |-- Windows.x86_64
|         |--  Agent-Core-Windows-<version>.x86_64.msi
|         |--  Agent-Core-Windows-<version>.x86_64.msi
|         |--  Feature-AM-Windows-<version>.x86_64.dsp
|         |--  Feature-AM-Windows-<version>.x86_64.dsp
|         |--  Feature-DPI-Windows-<version>.x86_64.dsp
|         |--  Feature-DPI-Windows-<version>.x86_64.dsp
|         |--  ...
|         |--  Plugin-Filter-Windows-<version>.x86_64.dsp
|         |--  Plugin-Filter-Windows-<version>.x86_64.dsp
|         |--  ...

The example above shows only a few files and folders. Inside a complete dsa folder, there are more. If you need to save disk space or bandwidth, you don't need to mirror all of them. You're only required to mirror the files that apply to your computers' platforms.

Configure agents to use the new software repository

When the mirror on the web server is complete, configure Deep Security Agents to get their software updates from your web server.

  1. On Deep Security Manager, go to Administration > System Settings > Updates.
  2. In the Software Updates section, enter the URL(s) of the mirror folder(s) on your web server(s).
  3. Click Save.
Verify that connectivity between agents and your web server is reliable. If the connection is blocked, agents will instead use the relay.