Install Deep Security Manager silently
Topics:
- Before you begin
- Run a silent install on Windows
- Run a silent install on Linux
- Silent install parameters
- Sample installation output
- Deep Security settings in the properties file
- Sample properties file
Before you begin
Make sure you have completed all pre-installation tasks in Install Deep Security Manager.
Run a silent install on Windows
To initiate a silent install on Windows, open a command prompt in the same directory as the install package and run:
Manager-Windows-<Version>.x64.exe -q -console -Dinstall4j.language=<ISO code> -varfile <PropertiesFile>
For details on the parameters and variables in the above command, see Silent install parameters.
Run a silent install on Linux
To initiate a silent install on Linux, use the command line to go to the same directory as the install package and run:
Manager-Linux-<Version>.x64.sh [-q] [-console] [-Dinstall4j.language=<ISO code>] [-varfile <PropertiesFile>]
For details on the parameters and variables in the above command, see Silent install parameters.
Silent install parameters
-q forces the installer to execute in unattended (silent) mode.
-console forces messages to appear in the console (stdout).
-Dinstall4j.language=<ISO code> lets you override the default installation language (English) if other languages are available. Specify a language using standard ISO language identifiers:
- Japanese: ja
- Simplified Chinese: zh_CN
-varfile <PropertiesFile> , where <PropertiesFile> is the full path to standard Java properties file with entries for the various settings you can apply during a Deep Security Manager install. Each property is identified by its equivalent GUI screen and setting in the Windows Deep Security Manager installation. For example, the Deep Security Manager address on the "Address and Ports" screen is specified as:
AddressAndPortsScreen.ManagerAddress=
Most of the properties in this file have acceptable defaults and may be omitted.
For a complete description of available settings, see Deep Security settings in the properties file.
-t runs an installer readiness check rather than a regular install.
Sample installation output
The following is a sample output from a successful install, followed by an example output from a failed install (invalid license). The [Error] tag in the trace indicates a failure.
Successful install
Stopping Trend Micro Deep Security Manager Service...
Checking for previous versions of Trend Micro Deep Security Manager...
Upgrade Verification Screen settings accepted...
The installation directory has been set to C:\Program Files\Trend Micro\Deep Security Manager.
Database Screen settings accepted...
License Screen settings accepted...
Address And Ports Screen settings accepted...
Credentials Screen settings accepted...
Security Update Screen settings accepted...
Software Update Screen settings accepted...
Smart Protection Network Screen settings accepted...
All settings accepted, ready to execute...
Extracting files ...
Setting Up...
Connecting to the Database...
Creating the Database Schema...
Creating MasterAdmin Account...
Recording Settings...
Creating Temporary Directory...
Installing Reports...
Installing Modules and Plug-ins...
Creating Help System...
Validating and Applying Activation Codes...
Configure Localizable Settings...
Setting Default Password Policy...
Creating Scheduled Tasks...
Creating Asset Importance Entries...
Creating Auditor Role...
Optimizing...
Importing Software Packages...
Configuring Relay For Install...
Importing Performance Profiles...
Recording Installation...
Clearing Sessions...
Creating Properties File...
Creating Shortcut...
Configuring SSL...
Configuring Service...
Configuring Java Security...
Configuring Java Logging...
Cleaning Up...
Starting Deep Security Manager...
Finishing installation ...
Failed install
This example shows the output generated when the properties file contains an invalid license string:
Stopping Trend Micro Deep Security Manager Service...
Detecting previous versions of Trend Micro Deep Security Manager...
Upgrade Verification Screen settings accepted...
Database Screen settings accepted...
Database Options Screen settings accepted...
[ERROR] The license code you have entered is invalid.
[ERROR] License Screen settings rejected...
Rolling back changes...
Deep Security settings in the properties file
The format of each entry in the settings property file is:
<Screen Name>.<Property Name>=<Property Value>
The settings properties file has required and optional values.
Required Settings
LicenseScreen
Property | Possible Values | Default Value |
LicenseScreen.License.-1 | <activation code for all modules> | <none> |
OR
Property | Possible Values | Default Value |
LicenseScreen.License.0 | <activation code for Anti-Malware> | <none> |
LicenseScreen.License.1 | <activation code for Firewall/DPI> | <none> |
LicenseScreen.License.2 | <activation code for Integrity Monitoring> | <none> |
LicenseScreen.License.3 | <activation code for Log Inspection> | <none> |
CredentialsScreen
Property | Possible Values | Default Value |
CredentialsScreen.Administrator.Username | <username for the master administrator> | <none> |
CredentialsScreen.Administrator.Password | <password for the master administrator> | <none> |
Optional Settings
LanguageScreen
Property | Possible Values | Default Value | Notes |
sys.languageId | en_US ja |
en_US |
|
UpgradeVerificationScreen
This screen determines what happens if an existing installation is detected.
Property | Possible Values | Default Value |
UpgradeVerificationScreen.Overwrite |
|
False |
A True value results in a fresh install with all data in the existing database being discarded. A False value provides the option to repair the existing installation.
OldDataMigrationScreen
This screen defines the number of days of data to keep. When this setting is 0, all historical data will be kept, but this may increase the amount of time the upgrade will take. During the data migration, the silent install will show the percentage of records migrated at 10% intervals.
Property | Possible Values | Default Value |
OldDataMigrationScreen.HistoricalDays | <integer> | 0 |
DatabaseScreen
This screen defines the database type and optionally the parameters needed to access certain database types.
Property | Possible Values | Default Value | Notes |
DatabaseScreen.DatabaseType |
|
Microsoft SQL Server | None |
DatabaseScreen.Hostname |
|
Current host name |
None You can specify the port in this entry using the format <hostname>:<port>. Example: example:123 |
DatabaseScreen.DatabaseName | <string> | dsm | |
DatabaseScreen.Transport |
|
Named Pipes | Required for SQL Server only |
DatabaseScreen.Username | <database username> | <none> | Username used by the manager to authenticate to the database server. Must match an existing database account. Note that the Deep Security Manager database permissions will correspond to this user's permissions. For example, if you choose a database account with read-only privileges, the Deep Security Manager will not be able to write to the database. Mandatory for Microsoft SQL Server and Oracle. |
DatabaseScreen.Password | <database password> | <none> | Password used by the manager to authenticate to the database server. Mandatory for Microsoft SQL Server and Oracle. |
DatabaseScreen.SQLServer.Instance | <string> | <none> | Used only with Microsoft SQL Server, which supports multiple instances on a single server or processor. Only one instance can be the default instance and any others are named instances. If the Deep Security Manager database instance is not the default, enter the name of the instance here. The value must match an existing instance or be left blank to indicate the default instance. |
DatabaseScreen.SQLServer.Domain | <string> | <none> | Used only with Microsoft SQL Server. This is the Windows domain used when authenticating to the SQL Server. The DatabaseScreen.Username and DatabaseScreen.Password described above are only valid within the appropriate domain. |
DatabaseScreen.SQLServer.UseDefaultCollation |
|
False | Used only with Microsoft SQL Server. Collation determines how strings are sorted and compared. If the value is "False", Deep Security will use Latin1_General_CS_AS for collation on text-type columns. If the value is "True", Deep Security will use the collation method specified by your SQL Server database. For additional information on collation, refer to your SQL Server documentation. |
AddressAndPortsScreen
This screen defines the hostname, URL, or IP address of this computer and defines port numbers for the manager. In the interactive installer, this screen also supports connecting a new manager node to an existing database, but this option is not supported in the unattended install.
Property | Possible Values | Default Value | Notes |
AddressAndPortsScreen.ManagerAddress | <manager hostname, URL or IP address> | <current host name> | None |
AddressAndPortsScreen.ManagerPort | <port number> | 4119 | See Port numbers, URLs, and IP addresses. |
AddressAndPortsScreen.HeartbeatPort | <port number> | 4120 | See Port numbers, URLs, and IP addresses. |
AddressAndPortsScreen.NewNode |
|
False | True indicates that the current install is a new node. If the installer finds existing data in the database, it will add this installation as a new node. (Multi-node setup is always a silent install.) Note: The "New Node" installation information about the existing database to be provided via the DatabaseScreen properties. |
CredentialsScreen
Property | Possible Values | Default Value | Notes |
CredentialsScreen.UseStrongPasswords |
|
False | True causes Deep Security Manager to enforce strong passwords. |
MasterKeyConfigurationScreen
Property | Possible Values | Default Value | Notes |
MasterKeyConfigurationScreen.KeyConfigType |
|
Do not configure |
If configured, the installer will use KMS or the local key secret to generate a custom master key. If not configured, a hard-coded seed is used instead. See also masterkey. Instead, you must run masterkey commands after the installer. |
MasterKeyConfigurationScreen.ARN | <AWS ARN> | <none> | The Amazon Resource Name (ARN) of the KMS key. Only used if MasterKeyConfigurationScreen.KeyConfigType is KMS. |
MasterKeyConfigurationScreen.LocalKey | <string> | <none> | The value that you want to use when the installer configures the local environment variable LOCAL_KEY_SECRET. Only used if MasterKeyConfigurationScreen.KeyConfigType is Local Key. |
SecurityUpdateScreen
Property | Possible Values | Default Value | Notes |
SecurityUpdateScreen.UpdateComponents |
|
True | True will tell the Deep Security Manager to create a scheduled task to automatically check for security updates. The scheduled task will run when installation is complete. |
SecurityUpdateScreen.Proxy |
|
False | True will cause Deep Security Manager to use a proxy to connect to the Internet to download security updates from Trend Micro. |
SecurityUpdateScreen.ProxyType |
|
<none> | The protocol used by the proxy. |
SecurityUpdateScreen.ProxyAddress | <valid IPv4 or IPv6 address or hostname> | <none> | None |
SecurityUpdateScreen.ProxyPort | <proxy port> | <none> | See Port numbers, URLs, and IP addresses. |
SecurityUpdateScreen.ProxyAuthentication |
|
False | True indicates that the proxy requires authentication credentials. |
SecurityUpdateScreen.ProxyUsername | <string> | <none> | None |
SecurityUpdateScreen.ProxyPassword | <string> | <none> | None |
SoftwareUpdateScreen
Property | Possible Values | Default Value | Notes |
SoftwareUpdateScreen.UpdateSoftware |
|
True | True will tell Deep Security Manager to create a scheduled task to automatically check for software updates. The scheduled task will run when installation is complete. |
SoftwareUpdateScreen.Proxy |
|
False | True will cause Deep Security Manager to use a proxy to connect to the Internet to download software updates from Trend Micro. |
SoftwareUpdateScreen.ProxyType |
|
<none> | The protocol used by the proxy. |
SoftwareUpdateScreen.ProxyAddress | <valid IPv4 or IPv6 address or hostname> | <none> | None. |
SoftwareUpdateScreen.ProxyPort | <integer> | <none> | See Port numbers, URLs, and IP addresses. |
SoftwareUpdateScreen.ProxyAuthentication |
|
False | True indicates that the proxy requires authentication credentials. |
SoftwareUpdateScreen.ProxyUsername | <string> | <none> | None |
SoftwareUpdateScreen.ProxyPassword | <string> | <none> | None |
SmartProtectionNetworkScreen
This screen defines whether you want to enable Trend Micro Smart Feedback and optionally your industry.
Property | Possible Values | Default Value | Notes |
SmartProtectionNetworkScreen.EnableFeedback |
|
False | True enables Trend Micro Smart Feedback. |
SmartProtectionNetworkScreen.IndustryType |
|
<none> | If a value is not entered, it has the same result as Not specified . |
RelayScreen
This screen defines whether you want to install the Deep Security Relay on the same computer as Deep Security Manager.
Property | Possible Values | Default Value | Notes |
RelayScreen.Install |
|
False |
True installs the Deep Security Relay on the Deep Security Manager computer. False does not install the Deep Security Relay on the Deep Security Manager (silent install), or shows a screen asking you whether you want to install the relay (regular install). |
Sample properties file
This is an example of the content of a typical properties file:
AddressAndPortsScreen.ManagerAddress=10.xxx.xxx.xxx
AddressAndPortsScreen.NewNode=True
UpgradeVerificationScreen.Overwrite=False
LicenseScreen.License.-1=XY-ABCD-ABCDE-ABCDE-ABCDE-ABCDE-ABCDE
DatabaseScreen.DatabaseType=Microsoft SQL Server
DatabaseScreen.Hostname=10.xxx.xxx.xxx
DatabaseScreen.Transport=TCP
DatabaseScreen.DatabaseName=XE
DatabaseScreen.Username=DSM
DatabaseScreen.Password=xxxxxxx
AddressAndPortsScreen.ManagerPort=4119
AddressAndPortsScreen.HeartbeatPort=4120
CredentialsScreen.Administrator.Username=masteradmin
CredentialsScreen.Administrator.Password=xxxxxxxx
CredentialsScreen.UseStrongPasswords=False
SecurityUpdateScreen.UpdateComponents=True
SecurityUpdateScreen.Proxy=False
SecurityUpdateScreen.ProxyType=""
SecurityUpdateScreen.ProxyAddress=""
SecurityUpdateScreen.ProxyPort=""
SecurityUpdateScreen.ProxyAuthentication="False"
SecurityUpdateScreen.ProxyUsername=""
SecurityUpdateScreen.ProxyPassword=""
SoftwareUpdateScreen.UpdateSoftware=True
SoftwareUpdateScreen.Proxy=False
SoftwareUpdateScreen.ProxyType=""
SoftwareUpdateScreen.ProxyAddress=""
SoftwareUpdateScreen.ProxyPort=""
SoftwareUpdateScreen.ProxyAuthentication="False"
SoftwareUpdateScreen.ProxyUsername=""
SoftwareUpdateScreen.ProxyPassword=""
SoftwareUpdateScreen.ProxyAuthentication="False"
RelayScreen.Install=True
SmartProtectionNetworkScreen.EnableFeedback=False