Servers
TMSP comes with a set of servers, each responsible for a specific task. Assign a unique IP address for each server at various stages of deployment.
This server hosts the user interface for the product’s web-based administrative console. From this console, you can perform key administrative tasks, such as:
Creating a customer account
Controlling access to the end user portal
Configuring settings for reports, notifications, and logs
Generating reports
Running tasks that are part of the threat mitigation process, such as downloading forensic data or deploying a custom pattern
Assign an IP address for the administrative server during the installation process. The administrative server uses port 80 by default. After the installation, log on to the web-based administrative console using the following information:
URL: http://<Administrative Console IP address>/admin
User name: admin
Password: 123456
Trend Micro recommends changing the password from the administrative console after logging on.
The portal is a separate user interface accessed by users who want to view the network’s security status and download reports. These users are typically employees who have a stake in your organization’s IT security but who do not have the authority to manage product settings.
The portal provides a dynamic representation of the network monitored by your threat management solution. It also provides the network’s threat profile and allows users to download reports generated by TMSP.
Assign an IP address for the portal from the configuration wizard, which appears when you log on to the administrative console for the first time. The portal uses port 443 by default.
When you create a customer account, configure the logon credentials (user name and password) for the portal. After you configure the credentials, send the credentials and the portal URL to the users. The portal’s URL is:
https://<Portal IP address>/tms2
For details, see Creating a Customer Account.
The log server accepts logs from Threat Discovery Appliance or Threat Mitigator using the rsync protocol. For a list of logs received from both products, see Downloading Registered Product Logs.
Assign an IP address for the log server from the configuration wizard, which appears when you log on to the administrative console for the first time. The log server uses ports 443 and 22 by default.
The status server receives the following information from Threat Discovery Appliance:
Heartbeat message. For details, see Heartbeat.
Outbreak Containment Services logs
The status server receives the following information from Threat Mitigator:
Heartbeat message
Forensic data
Threat Management Agent installed on an endpoint collects forensic data when cleanup is unsuccessful and uploads the data to Threat Mitigator.
Send the data to Trend Micro for analysis. After the analysis, Trend Micro issues a custom pattern in response to the threat. When you receive the pattern and upload it to TMSP from the administrative console, the status server stores the pattern and notifies Threat Mitigator to download the pattern.
Assign an IP address for the status server from the configuration wizard, which appears when you log on to the administrative console for the first time. The status server uses ports 443 and 22 by default.
The CAS server authenticates users that log on to the portal and administrative console. It also authenticates registered products before they send logs and data to TMSP.