Advanced
Primary Tenant Access
By default, the Primary Tenant is able to access your Vulnerability ProtectionDeep Security environment. However, the Primary Tenant may have enabled the "Primary Tenant Access" settings in your environment. These settings allow you to prevent the Primary Tenant from accessing your Vulnerability ProtectionDeep Security environment or to grant access for a limited amount of time.
Load Balancers
When the Vulnerability ProtectionDeep Security Manager and Vulnerability ProtectionDeep Security Relays are deployed without load balancers, Agents are provided with the list of Manager and Relay hostnames and will automatically contact these servers using a random round robin sequence.
You may choose to put a load balancer in front of the Manager or Relay nodes to accommodate auto-scaling. You can do so without having to update the Agents' address by entering the load balancer settings here. The hostnames and ports you supply here will override those currently used by the Agents.
If your Vulnerability Protection Manager is located in a DMZ or behind a NAT, you may choose to put a load balancer in front of the Manager so that Agents can access the Manager's public IP address or FQDN. You can enter the load balancer settings at Administration > System Settings > Advanced. The hostnames and ports you supply here will override those currently used by the Agents.
Multi-Tenant Options
To run Deep Security Manager in Multi-Tenant mode:
- Click Enable Multi-Tenant Mode.
- In the wizard that appears, enter your Multi-Tenant Activation Code and click Next.
- Choose a license mode to implement:
- Inherit Licensing from Primary Tenant: Gives all Tenants the same licenses as the Primary Tenant.
- Per Tenant Licensing: In this mode, Tenants themselves enter a license when they sign in for the first time.
- Click Next to finish enabling Multi-Tenancy in your Deep Security Manager.
Deep Security Manager Plug-ins
Plug-ins are Modules, Reports and other add-ons for the Deep Security Manager. Trend Micro occasionally produces new or additional versions of these which are distributed as self-installing packages.
SOAP Web Service API
Much of the Vulnerability ProtectionDeep Security Manager's functionality can be controlled via SOAP-invoked Web services. The WSDL (Web Services Description Language) can be found at the URL displayed in the panel on the page. For assistance with Vulnerability ProtectionDeep Security Manager's Web services API contact your support provider.
Status Monitoring API
The REST Status Monitoring API lets you query the Vulnerability ProtectionDeep Security Manager (including individual Manager Nodes) for status information such as CPU and memory usage, number of queued jobs, total and Tenant-specific database size. For assistance with Vulnerability ProtectionDeep Security Manager's REST Status Monitoring API contact your support provider.
Export
Export file character encoding: The encoding used when you export data files from the Vulnerability ProtectionDeep Security Manager.
Exported Diagnostics Package Language: Your support provider may ask you generate and send them a Vulnerability ProtectionDeep Security diagnostics package. This setting specifies the language the package will be in. The diagnostic package is generated on the Administration > System Information page.
Whois
The Whois lookup to be used when logging Intrusion Prevention and Firewall Events. Enter the search URL using "[IP]" as a placeholder for the IP address to look up.
(For example, "http://reports.internic.net/cgi/whois?whois_nic=[IP]&type=nameserver".)
Licenses
- Hide unlicensed Protection Modules for new Users: Determines whether unlicensed modules are hidden rather than simply grayed out for subsequently created Users. (This setting can be overridden on a per-User basis on the Administration > User Management > Users > Properties window).
Scan Cache Configurations
Click View Scan Cache Configurations... to display a list of saved Scan Cache Configurations. Scan Cache Configurations are settings used by the Virtual Appliance to maximize the efficiency of Anti-Malware and Integrity Scans in a virtualized environment. See Virtual Appliance Scan Caching for more information.
CPU Usage During Recommendation Scans
This setting controls the amount of CPU resources dedicated to performing Recommendation Scans. If you notice that CPU usage is reaching unreasonably high levels, try changing to a lower setting to remedy the situation. For other performance controls, see Administration > Manager Nodes > Properties > Performance Profiles.
NSX
If Deep Security is being used to protect virtual machines in a VMware NSX environment and if it is installed with multiple Deep Security Manager nodes, this setting will determine which Deep Security Manager node communicates with the NSX Manager. (For more information on integrating Deep Security with an NSX environment, see the Trend Micro Deep Security Installation Guide for VMware NSX. For more information on multiple Deep Security Manager Nodes, see Multi-Node Manager.)
Logo
You can replace the Vulnerability ProtectionDeep Security logo at the top-right of the Vulnerability ProtectionDeep Security Manager with your own. (The logo also appears on the sign-in page and at the top of Reports.) The graphic has to be a PNG image 320 pixels wide, 35 pixels high, and smaller than 1MB. (A template is available in the "installfiles" directory of the Vulnerability ProtectionDeep Security Manager.)
Click Import Logo... to import your own graphic, or Reset Logo... to reset the log to its default.