This article contains the procedures on how to install, configure, and activate the Deep Security Relay.
Installing the Deep Security Relay
The DSR installer installs both Relay Server and Deep Security Agent functionality on Windows machines.
- Double-click the installation file to run the installer package. Click Next to begin the installation.
- Accept the license agreement and click Next to continue.
- Select the features that you want to install. The Anti-Malware feature is an optional component.
- Click Install to proceed with the installation.
- Click Finish to complete the installation.
Trend Micro does not recommend installing the Deep Security Relay over Windows Remote Desktop because of the temporary loss of connectivity during the install process. However, a command line switch when starting Remote Desktop will allow the installation program to continue on the server after the connection is lost.
- For Windows Server 2008, Windows Vista SP1 and later, or Windows XP SP3 or later, use: "mstsc.exe /admin"
- For earlier versions of Windows, use: "mstsc.exe /console"
Configuring the Deep Security Updates
Deep Security Manager (DSM) requires at least one Deep Security Relay to pull down updates from the Trend Micro ActiveUpdate Server. Updates are required for all protection functionality except Firewall. DSM only gets update information from the Deep Security Relay. A typical configuration is for DSM to use a Deep Security Relay which is located on the same computer. If you chose not to install the co-located DSR, you need to install it on another computer.
The clock on a DSR machine must be synchronized with Deep Security Manager to within a period of 24 hours. If the DSR clock is behind the DSM clock, then an "Agent Activate" operation will fail because the certificate generated by DSM for DSR will not yet be valid.
If you encountered this condition, an "Agent Activate Failed" event will be recorded in the System Events:
A client error occurred in the Deep Security Manager to Deep Security Agent protocol: HTTP client error received: certificate is not yet valid.
Activating the Deep Security Relay
- Log on to the DSM.
- Go to the Computers section and add the computer where DSR is installed.
- Activate the machine.
- Check that the Relay Agent status is showing Managed (Online).
- On the DSR computer, double click the Deep Security Notifier icon in the System Tray.
- Check that the status is displaying correctly.
Configuring Updates via Relay
- On the DSM:
- For Deep Security 8.0: Go to System > System Settings > Updates.
- For Deep Security 9.0 and Deep Security as a Service: Go to Administration > System Settings > Updates.
- Click the View Relay Groups button.
- On the Relay Groups window, click New and create a new relay group.
- Select the newly-added Relay Agent computer in the Members section and then click OK.
- Do the following:
- For Deep Security 8.0: Go to System > Updates.
- For Deep Security 9.0 and Deep Security as a Service: Go to Administration > Updates.
- In the Security Updates section, the list of components will all appear as "Not updated". Click Update Now.
- The Component Update Wizard will appear. Click Finish.
Updating the components on the Deep Security Relay may take a few minutes.
- When the Component Update Wizard shows that the update has completed, click Finish.
- Do the following:
- Return to System > Updates.
- Return to Administration > Updates.
- Go to the DSR machine and open the Deep Security Notifier. You will see that the components list has been updated.
The Deep Security Agents and Appliances can be configured to either pull the updates from Deep Security Relays or directly from the Trend Micro ActiveUpdate Server.
Configuring Agent Updates via Relay
- On the Computers screen, select a relay for an Agent/Appliance.
- Right-click the Agent/Appliance and go to the Actions menu.
- Select Assign Relay Group.