- Prepare a server (Windows Server 2012, 2016, or 2019) in the DMZ that can successfully connect to the On-premise Apex Central server.
-
Configure this DMZ server’s firewall settings:
DIRECTION ALLOW RULES Inbound TCP, port: 4433. (Source is Apex One as a Service) Outbound The server address and port for the On-Premise Apex Central server.
- Download Apex One as a Service remote connection tool and extract it.
-
Install Apex One as a Service remote connection tool on the DMZ host.
- Put the extracted package files under "RemoteConnectionTool\RemoteConnectionTool" folder into "C:\Program Files (x86)\Trend Micro\Smart Relay" (create the folder if needed) on the host and execute install.bat as an administrator to setup Smart Relay as a service.
Do not start the Smart Relay service at this point. -
Configure the Apex One as a Service remote connection tool in apricot_config.xml.
-
Under the <name>TMCM</name>, configure the address of the on-premise Apex Central host.
<uplink_server>https://Apex_Central_address:port</uplink_server>
-
- Start the Smart Relay service by running “net start smartrelay” command.
- Log in to your on-premise Apex Central console and go to Threat Intel > Distribution Settings > Managed Products.
- Copy the API key.
- Log in to your Apex Central as a Service console, go to Threat Intel > Distribution Settings > Hub Apex Central.
- Specify {the Server FQDN or IP address and port of the remote connection endpoint}/webapp as Service URL and use the copied API key.
- Click Register.