Views:
  1. Prepare a server (Windows Server 2012, 2016, or 2019) in the DMZ that can successfully connect to the On-premise Apex Central server.
  2. Configure this DMZ server’s firewall settings:

    DIRECTIONALLOW RULES
    InboundTCP, port: 4433. (Source is Apex One as a Service)
    OutboundThe server address and port for the On-Premise Apex Central server.
  1. Download Apex One as a Service remote connection tool and extract it.
  2. Install Apex One as a Service remote connection tool on the DMZ host.

    • Put the extracted package files under "RemoteConnectionTool\RemoteConnectionTool" folder into "C:\Program Files (x86)\Trend Micro\Smart Relay" (create the folder if needed) on the host and execute install.bat as an administrator to setup Smart Relay as a service.
     
    Do not start the Smart Relay service at this point.
  3. Configure the Apex One as a Service remote connection tool in apricot_config.xml.

    • Under the <name>TMCM</name>, configure the address of the on-premise Apex Central host.

      <uplink_server>https://Apex_Central_address:port</uplink_server>

  4. Start the Smart Relay service by running “net start smartrelay” command.
  1. Log in to your on-premise Apex Central console and go to Threat Intel > Distribution Settings > Managed Products.
  2. Copy the API key.
  3. Log in to your Apex Central as a Service console, go to Threat Intel > Distribution Settings > Hub Apex Central.
  4. Specify {the Server FQDN or IP address and port of the remote connection endpoint}/webapp as Service URL and use the copied API key.
  5. Click Register.