Deploy a Smart Protection server in AWS

A Trend Micro Smart Protection server requires that you allow communication on its required file reputation and web reputation query port numbers.

  1. Go to:
    https://console.aws.amazon.com/cloudformation/home?/region=#/stacks/new?stackName=Trend-Micro-SPS&templateURL=https://cf-deepsecurity.s3.amazonaws.com/sps.template
  2. If you want to change your region, change it in the top right corner. Otherwise click Next.
    This is what the screen will look like:

  3. Finish entering settings in the template. Choose what AWS key pairs you would like to use to authenticate to the server, the VPC and subnet where the Smart Protection server will be, and an administrator password. The password cannot contain special characters such as: !@#$%^&*()

    Do not enter a password that contains dictionary words. It should be at least 8 characters in length. Failure to do this will result in a weak password that is vulnerable to guessing and brute force attacks, and could compromise the security of your network.

  4. Click Next.
  5. Optionally, create any tags that you would like to associate with this server, then click Next.

  6. Review your settings, and then click Create.

    While your server is being installed, the screen will indicate progress. To verify that the process has completed, you may need to click Refresh at the top of the screen.


  7. After it is done creating, click the Outputs tab at the bottom of the screen. You will see two URLS. In the Deep Security Manager's GUI, you must configure your computers to use the Smart Protection server.
  8. Log into your Deep Security Managerconsole.
  9. At either the policy level (recommended method) or at the computer level, go to the anti-malware section.
  10. Click the Smart Protection tab at the top. Toward the bottom of the screen, uncheck the Inherited box under Smart Protection Server for File Reputation Service.
  11. Select Use locally installed Smart Protection Server.
  12. Enter in the URL from the Outputs screen in your AWS console labeled "FRSurl" and click Add.
  13. Click Save.
  14. Open the web reputation section of the policy or computer and click the Smart Protection tab at the top.
  15. Uncheck the button for Inherited under Smart Protection Server for Web Reputation Service.
  16. Select Use locally installed Smart Protection Server.
  17. Add the URL from the Outputs screen in your AWS console labeled "WRSurl" and click Add.
  18. Click Save.
  19. If you don’t have your system set up to automatically send policies, you will need to initiate a send policy from your DSM console.