Vulnerability ProtectionDeep Security Software Updates are normally hosted and distributed by Relay-enabled Agents. To deploy a Vulnerability ProtectionDeep Security Agent on a computer, you must first import the software package for the platform into Vulnerability ProtectionDeep Security Manager. The actual Agent install package initially only installs the core Agent functionality on to the computer. The plug-ins required for the Security Modules (Intrusion Prevention, Firewall, etc.) are kept off the Agent until they are required. When you turn a Protection Module "on", Vulnerability ProtectionDeep Security deploys the required plug-in to the computer via the Vulnerability ProtectionDeep Security Relay. This is done to minimize the footprint of the Agent on the protected computer.
If you already have web servers deployed, you may prefer to let those servers perform the task of Software Update distribution instead of deploying Relays for that purpose. To do so, you will have to mirror the software repository of the Vulnerability ProtectionDeep Security Relay on your web servers.
The following information describes how to set up your own software repository on a local web server.
You must create a folder on the software web server which will mirror the structure of the software repository folder of a Vulnerability ProtectionDeep Security Relay.
The default location for the software repository folder on a Windows Relay is:
C:\ProgramData\Trend Micro\Vulnerability ProtectionDeep Security Agent\relay\www\dsa\
The default location for the software repository folder on a Linux Relay is:
/var/opt/ds_agent/relay/www/dsa/
The strucure of the folder is as follows:
|-- dsa | |-- <Platform>.<Architecture> | |-- <Filename> | |-- <Filename> | |-- ... | | |-- <Platform>.<Architecture> | |-- <Filename> | |-- <Filename> | |-- ...
For example:
|-- dsa | |-- CentOS_6.x86_64 | |-- Feature-AM-CentOS_6-9.5.1-1097.x86_64.dsp | |-- Feature-DPI-CentOS_6-9.5.1-1097.x86_64.dsp | |-- Feature-FW-CentOS_6-9.5.1-1097.x86_64.dsp | |-- Feature-IM-CentOS_6-9.5.1-1097.x86_64.dsp | |-- ... | | |-- RedHat_EL6.x86_64 | |-- Agent-Core-RedHat_EL6-9.5.1-1306.x86_64.rpm | |-- Feature-AM-RedHat_EL6-9.5.1-1306.x86_64.dsp | |-- Feature-DPI-RedHat_EL6-9.5.1-1306.x86_64.dsp | |-- Feature-FW-RedHat_EL6-9.5.1-1306.x86_64.dsp | |-- ... | |-- Plugin-Filter_2_6_32_131_0_15_el6_x86_64-RedHat_EL6-9.5.1-1306.x86_64.dsp | |-- Plugin-Filter_2_6_32_131_12_1_el6_x86_64-RedHat_EL6-9.5.1-1306.x86_64.dsp | |-- ... | | |-- Windows.x86_64 | |-- Agent-Core-Windows-9.5.1-1532.x86_64.msi | |-- Agent-Core-Windows-9.5.1-1534.x86_64.msi | |-- Feature-AM-Windows-9.5.1-1532.x86_64.dsp | |-- Feature-AM-Windows-9.5.1-1534.x86_64.dsp | |-- Feature-DPI-Windows-9.5.1-1532.x86_64.dsp | |-- Feature-DPI-Windows-9.5.1-1534.x86_64.dsp | |-- ... | |-- Plugin-Filter-Windows-9.5.1-1532.x86_64.dsp | |-- Plugin-Filter-Windows-9.5.1-1534.x86_64.dsp | |-- ...
The dsa folder on the Vulnerability ProtectionDeep Security Relay contains more files and folders than those illustrated in the example above, but the only folders you need to mirror for the purposes of hosting a functioning software repository are the ones containing the files associated with the platforms and architectures of the Agents you have in use. (But there is no harm in mirroring the whole dsa folder, which may in fact be easier.)
Now that the web server is hosting the software repository you must configure Vulnerability ProtectionDeep Security to use it.
To configure Vulnerability ProtectionDeep Security to use a customized web server as a Software Update repository:
Vulnerability ProtectionDeep Security Agents will now get their software updates from the new software repository location.