Deep Security 20 release strategy and life cycle policy

Deep Security 20 is a long-term support release (LTS).

There are a number of changes to Deep Security 20 release management and life cycle that make working this release easier for our customers and partners:

  • Deep Security 20 updates will include both new content and fixes to ensure we deliver new features to our customers with increased velocity.
  • To reduce the number of software releases and simplify understanding of the support policy, we are no longer releasing Feature Releases (FR).
  • Standard Support and Extended Support Services are now closely aligned to provide a more consistent support experience from day 1 to the end of life of the release.

We encourage you to update your software on a regular basis. Software updates provide additional features, security updates, performance improvements, and updates to stay in sync with updates from other software in your data center or cloud ecosystem. Keeping software updated regularly also ensures that, if support is required, you have a supported upgrade path to any updates that contain necessary fixes.

Supported upgrade paths

Deep Security supports upgrades from the last 2 major releases for all Deep Security software components (Deep Security Manager, Deep Security Agent, and Deep Security Relay).

You can upgrade to Deep Security 20 from these older versions:

  • Deep Security 11 (LTS)
  • Deep Security 12 (LTS)
  • Deep Security 12 (FR)

Deep Security 20 supports upgrading to new LTS Update releases, but rolling back to a previous release is not supported.

Deep Security 20 updates

Consistent with previous LTS releases, Deep Security 20 updates will be released monthly. If the need arises, typically due to critical fixes or vulnerabilities, more frequent releases will be provided.

With Deep Security 20, each component (manager, agent, appliance) can be released independently. Agents for different platforms (Windows, Linux, Unix) can also be released separately. An update may include one or more components and platforms.

If a software fix is required on an actively supported release of software, we will make an update available that can be applied directly to the software release within the active support period. For example, if you are running Deep Security 20 Update 2 and have an issue, when the latest update is released (for example Deep Security 20 Update 10) you can update directly from Update 2 to Update 10 to ensure that you can resolve issues quickly and easily.

LTS release support duration and upgrade best practices

A key best practice for software updates is to ensure you have a well defined, regularly scheduled, and, ideally, automated process in place that ensures all components are updated regularly.

The following table summarizes when updates are released, the support duration of that component, and considerations when designing your upgrade strategy.

Component When are updates released? Support Upgrade considerations
Deep Security Manager LTS updates are released monthly Standard support until 3 years after GA (General Availability).
Extended support until 4 years after GA.
Plan to upgrade regularly to ensure that you remain on a supported release and are able to upgrade to the latest software with a single upgrade.
Deep Security Agent LTS updates are released monthly Standard support until 3 years after GA.
Extended support until 4 years after GA.
LTS agents support upgrades from the last 2 major releases (for example Deep Security Agent 11.0 to Deep Security Agent 20 LTS). Plan to upgrade regularly to ensure that you remain on a supported release and are able to upgrade to the latest software with a single upgrade.
Deep Security Agent (platforms where an older release of the agent is the 'latest' agent for that platform) LTS updates are released monthly Platform-specific If platform support is only provided by an older release of Deep Security Agent (for example, Windows 2000 uses a 9.6 agent and Red Hat Enterprise Linux 5 uses a 10.0 agent), use the latest agent for that platform and upgrade as updates are released. For details on which agent versions are supported for each platform, see Deep Security Agent platforms.
Deep Security Relay LTS updates are released monthly Same as agent Deep Security Relay is simply a Deep Security Agent that has relay functionality enabled. The upgrade recommendations and support policies for agents also apply to relays.

AWS Marketplace software releases

The in-product banner upgrades for AWS Marketplace (also known as '1-click upgrades'), as well as the AWS Marketplace AMI and CloudFormation Templates will be updated with the Deep Security 20 GA software release and every Deep Security 20 Update.

The list of AMIs that you see in the AWS Management Console is controlled by AWS. The current behavior at time of writing (July 2020) is that AWS displays any AMIs that have been released since your marketplace subscription to Deep Security was initiated.

Support services

The following table indicates which support items are available during the life cycle of Deep Security 20.

Support item LTS - standard support LTS - extended support (*) Delivery mechanism
New features LTS update
Small enhancements (no change to core functionality) LTS update
Linux kernel updates On request Linux Kernel Support Package (LKP)
General bug fixes LTS update
Critical bug fixes (system crash or hang, or loss of major functionality) LTS update or hotfix
Critical and high vulnerability fixes LTS update or hotfix
Medium and low vulnerability fixes LTS update
Anti-Malware pattern updates iAU (Active Update)
Intrusion Prevention, Integrity Monitoring, and Log Inspection rule updates iAU (Active Update)
Support for agents and Deep Security Manager on new versions of supported operating systems LTS update

(*) Extended support is provided to all customers at no additional charge.

Agent platform support policy

Deep Security Agent software is released multiple times a year, as described above. Agent platforms (operating systems) are supported according to the policy below. We recognize that in some cases you must commit to platforms for many years. This policy is designed to provide predictability when you deploy Deep Security in these environments:

  • The agent is supported on a large range of platforms, as shown in the Agent platform support table.
  • The support duration of any individual release of agent software is described in the tables above. For example, you'll receive 3 years of standard support and 4 years of extended support for LTS releases of the agent (11.0, 12.0, and so on). In cases where you plan to use an OS platform for an extended period of time, you must also plan to upgrade the agent software on a regular basis to stay within the support life cycle for any specific Deep Security software release. In cases where an older agent is recommended for a given platform, this agent will be considered a part of the overall solution and takes on the support dates for the release in which it is contained. See the bullet below for details.
  • Platforms continue to be supported until at least the OS vendor's end-of-extended-support date. Where interest dictates, Trend Micro extends support significantly beyond this date.
  • To ensure that you have the latest performance and security updates from your OS vendor, Trend Micro strongly encourages you to move to the latest version of the OS for which an agent is available.
  • We strive to release a new version of the Deep Security Agent for all supported platforms. However, in some cases we recommend the use of a previous release of the agent to provide coverage for older platforms. For example, with Deep Security 11.0, the latest agent for Windows 2000 is Deep Security Agent 9.6. This 9.6 agent becomes part of the overall 11.0 Deep Security solution and takes on the support dates for the release in which it is contained.
  • You’ll always receive advance warning if we end support for a platform, and we’ll never shorten the support life cycle of a software release post-General Availability (GA).*

* Once a platform is no longer supported by the OS vendor, there is a risk that a technical issue arises that cannot be fixed without the support of the OS vendor. If this situation occurs, Trend Micro will communicate the limitation to you immediately. Note that this situation may result in loss of functionality. We will do our best to deal with any technical issues if they arise.