Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Information about the Edge Relay Server for Apex One

    • Updated:
    • 24 Jun 2019
    • Product/Version:
    • Apex One All.All
    • Platform:
    • N/A N/A
Summary

This article describes the Edge Relay for Apex One, and the changes made from the version in OfficeScan XG.

Details
Public
  • Apex One requires Edge Relay be upgraded to the new version.
    • The new version of Edge Relay is NOT backwards compatible. If older XG servers will remain, they will need a second Edge Relay to support both versions.
    • In-place upgrade for Edge Relay is supported. Copy the \PCCSRV\Admin\Utility\EdgeServer folder to the Edge Relay server and run setup.exe to upgrade.
  • Changes to a Reverse Proxy method using IIS rewrite modules.
  • Apex One Server does not connect to the Edge Relay Server. All communication is traffic forwarding based on ReWrite rules from Edge Relay-to-Apex One server.
    • No longer requires a database – Edge Relay forwards all traffic to the relevant Apex One Server.
    • On upgrade, it will no longer use the SQL database from the previous version.
  • Edge Relay now supports:
    • Uploading of detection logs
    • Sample Submissions
    • Configuration
    • Hot fix or patch upgrades
     
    Engine and pattern updates will be retrieved from AU servers.
  • Still supports multiple Apex One servers, but registration is command line from the Edge Relay Server.
  • No Trend Micro running services on the machine for the Edge Relay.
  • Determines on-premise/off-premise on IP Change.
  • Server 2012 or later
  • .NET Framework 4.6.1
  • VC 2017 Update 3 Redistribution (x86 and x64)
  • Installer – Path:
    • %ProgramFiles%\Trend Micro\Apex One Edge Relay\
  • Installer – Website:
    • Input or Select certificate for Website
    • IP address: Select a binding IP
    • Port: web server port ( Default: 443)
    • No longer requires to specify two IP Addresses and ports as the Apex One Server will not connect to Edge Relay. Need an external FQDN and IP.
  • Fresh Install uses Default Website
  • Upgrade – Keeps OfficeScanEdge site
  • Website Certificate
    • LOCAL_MACHINE\Web Hosting

      Edge Relay Server

    • Can be replaced with customer’s own CA provided certificate
  • Client Certificate
      • LOCAL_MACHINE\OfcEdge
      • Subject: OsceOPA
      • Issuer: Must be in the Trusted Root CA

    Edge Relay Server

  • Agent cannot updated certificate while off-premise. Must be on intranet and able to connect to the Apex One server to update.
  • <EdgeRelay Dir>\OfcEdgeSrv\Private\OfcEdge.ini
  • OPA – The password to protect OsceOPA.pfx
  • OPAThumprint – The checksum of the OsceOPA certificate in the certificate store
Register

Register Edge Relay Service to Apex One server:

ofcedgecfg.exe --cmd reg --server <server address> --port <port> --pwd <root password>

Unregister

Unregister Edge Relay Service to Apex One server:

ofcedgecfg.exe --cmd unreg --server <server address> --port <port> --pwd <root password>

Renew certificate

Renew self-signed certificate includes OsceEdgeRoot CA, web host and OsceOPA certificates:

ofcedgecfg.exe --cmd renewcert --opacertpwd <OsceOPA certificate password> [--keeprootca]

Delete rule

Delete all IIS rules after unregistering from all Apex One servers:

ofcedgecfg.exe --cmd delrule

Commands:

--cmd reg Register to an Apex One server
--cmd unreg Unregister from an Apex One server

Parameters:

--server <VALUE> Apex One server IP address
--port <VALUE> Apex One server port number
--pwd <VALUE> Apex One server 'root' account password

Example:

ofcedgecfg.exe --cmd reg --server <server address> --port <port> --pwd <root password>
ofcedgecfg.exe --cmd unreg --server <server address> --port <port> --pwd <root password>

Premium
Test Now
Internal
Rating:
Category:
Configure; Troubleshoot; Install
Solution Id:
1123000
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.