Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Upgrading an agentless installation from Deep Security 9.5 to version 9.6

    • Updated:
    • 1 Sep 2015
    • Product/Version:
    • Deep Security 9.5
    • Deep Security 9.6
    • Platform:
    • N/A N/A
Summary

Deep Security 9.6 does not release a new Filter Driver. This means Deep Security 9.6 must use the Combined mode to enable full protection in non-NSX environment. To retain the agentless protection, you can still use Deep Security Manager (DSM) 9.6 to manage Deep Security Virtual Appliance (DSVA) 9.5 for agentless protection.

Below are the upgrade scenarios for vCloud Network and Security (vCNS):

  • Scenario 1: vSphere 5.5 + DS 9.5 > Upgrade to vSphere 5.5 + DSM 9.6 + DSR 9.6
  • Scenario 2: vSphere 5.5 + DS 9.5 > Upgrade to vSphere 5.5 + DSM 9.6 + DSR 9.6 + DSVA 9.6
  • Scenario 3: vSphere 5.5 + DS 9.5 > Upgrade to vSphere 6.0 + DSM 9.6 + DSR 9.6 + DSVA 9.6
Details
Public

Upgrade Deep Security 9.5 to version 9.6 but retain the agentless protection on ESXi 5.5 with vCNS.

To upgrade an agentless Deep Security 9.5 to Deep Security 9.6:

  1. Back up your Deep Security 9.5 SP1 database. Since the process may take quite a long time, it is recommended to upgrade during off-hours. Agents and DSVA will continue to provide protection during the upgrade process.
  2. Upgrade the Deep Security Manager to version 9.6.
    1. Download the Deep Security Manager 9.6 installer package from Trend Micro Download Center to a local directory.
    2. Run the installer package. When given the option, choose Upgrade.

      Upgrade Verification

  3. Upgrade the Deep Security Relay to version 9.6.
     
    Deep Security Agents must be of the same version or less than the Deep Security Manager being used to manage it. The Deep Security Manager must always be upgraded before the Deep Security Agents and Relays.
    1. On the Deep Security Manager, go to Administration > Updates > Software > Download Center.
    2. Select the agent software package from the list and click Import to download the software to Deep Security Manager.
      You can also upgrade the DSVA 9.5 packages when you manually download and import Deep Security 9.5 RHEL6 X64 packages to DSM.

      Agent Software Package

    3. On the Deep Security Manager, go to Computers.
    4. Right-click the computer you want to upgrade the Agent or Relay, and select Actions > Upgrade Agent software.

      Upgrade Agent Software

  4. Make sure not to upgrade DSVA 9.5 to 9.6.
     
    DSVA 9.6 is limited in providing Anti-Malware and Integrity Monitoring protection for your virtual machines. If you need pure agentless protection with Anti-Malware, Firewall, Intrusion Prevention, and Integrity Monitoring, do not install the Deep Security Agent on the VMs and do not upgrade your DSVA to 9.6.

    If you try to upgrade to DSVA 9.6 without removing the Filter Driver, you will receive the following warning message:

    Upgrade Appliance

    Even when you click OK to the warning message above, the upgrade will not continue if you still have not removed the Filter Driver from the ESXi Host. DSM shows another error message similar to the following:

    Warning message when upgrading DSVA

Upgrade Deep Security 9.5 to 9.6 without retaining the agentless protection on ESXi 5.5 with vCNS.

To upgrade the agentless Deep Security 9.5 to 9.6:

  1. Back up your Deep Security 9.5 SP1 database. Since the process may take quite a long time, it is recommended to upgrade during off-hours. Agents and DSVA will continue to provide protection during the upgrade process.
  2. Upgrade the Deep Security Manager to version 9.6.
    1. Download the Deep Security Manager 9.6 installer package from Trend Micro Download Center to a local directory.
    2. Run the installer package. When given the option, choose Upgrade.

      Upgrade Verification

  3. Upgrade the Deep Security Relay to version 9.6.
     
    Deep Security Agents must be of the same version or less than the Deep Security Manager being used to manage it. The Deep Security Manager must always be upgraded before the Deep Security Agents and Relays.
    1. On the Deep Security Manager, go to Administration > Updates > Software > Download Center.
    2. Select the agent software package from the list and click Import to download the software to Deep Security Manager.
      You can also upgrade the DSVA 9.5 packages when you manually download and import Deep Security 9.5 RHEL6 X64 packages to DSM.

      Agent Software Package

    3. On the Deep Security Manager, go to Computers.
    4. Right-click the computer you want to upgrade the Agent or Relay, and select Actions > Upgrade Agent software.

      Upgrade Agent Software

  4. Remove the Filter Driver.
    1. Shut down your DSVA and other virtual machines running on the specific ESXi.
    2. Right-click the target ESXi and select Remove Filter Driver.

      Remove Filter Driver

  5. Make sure you have imported the Deep Security 9.6 RHEL6 x64 package to DSM, and then upgrade the DSVA.
  6. Install the Deep Security Agent (DSA) on the virtual machine and activate the DSA to turn on the combined mode.
     
    If you install and activate an agent, you will be in combined mode. This means that the DSVA will do agentless AM/IM and the agent will do everything else. The DSVA and DSA will be working together to provide full functions. The customer is unable to configure the virtual machine to use appliance protection or agent protection. This is a default behavior and we are looking in possible ways to make it configurable in the future release. This is handled by how the policy is sent by the DSM and therefore, this happens in DSM 9.6 regardless of DSVA version.

Upgrade vSphere 5.5 to vSphere 6.0 and Deep Secruity 9.6.

To upgrade vSphere, refer to the vSphere Upgrade Center for the execution of these phases:

  1. Upgrade the VMware vCenter Server.
  2. Upgrade your vSphere hosts to vSphere 6.0.
  3. Finish the virtual machines upgrade by upgrading the VMware Tools first, then optionally upgrading the virtual hardware.

Once the vSphere is upgraded, follow the procedure in Scenario 2 above to perform the Deep Security 9.6 upgrade. Make sure to remove the Filter Driver before upgrading.

 
Refer to Deep Security 9.6 Installation Guide to upgrade an Agent-based Installation from 9.5 to 9.6.
Premium
Internal
Rating:
Category:
Upgrade
Solution Id:
1112357
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support


To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.


Need More Help?

Create a technical support case if you need further support.