The agent software package can be downloaded from Server & Workload Protection, using a well-defined URL format.
In most cases, use of the standard deployment scripts (which, by the way, also use this same URL format described in this section to download
the agent software) is the quickest way to get started and will meet the majority
of your deployment requirements.
Use of this URL format directly is useful if you require further customization for
the download and install of agents. For example, in some cases it may be necessary
to have the deployment scripts that run on each server point to a local storage location
(for example, AWS S3) rather than have each server reach out to Server & Workload Protection to download software. You can use this URL format to build your own automation to
periodically download new agent versions to your local storage location, and then
point the agent deployment scripts that run on each server to your local storage location
to meet this objective.
Agent download URL format
The URL format used to download the agent is:
https://<dsm fqdn>/software/agent/<platform>/<arch>/<agent version>/<filename>
All the parameters that comprise the URL format are described below.
<dsm fqdn> parameter
The
<dsm fqdn>
parameter is the fully-qualified domain name of Server & Workload Protection, which is app.deepsecurity.trendmicro.com
. Server & Workload Protection can be used for testing any of the examples provided in this topic.<filename> parameter
The
<filename>
parameter is the file name of the agent installer file. The file name is dependent
on the installation process used by each platform:
Platform
|
<filename>
|
Linux
Red Hat Enterprise Linux, CentOS, Oracle, CloudLinux, Amazon Linux, SUSE
|
agent.rpm |
Linux
Debian, Ubuntu
|
agent.deb |
Windows
|
agent.msi |
AIX
|
agent.bff.gz |
Solaris 11+
|
agent.p5p.gz |
Solaris 10 or earlier
|
agent.pkg.gz |
macOS
|
agent.pkg |
NoteServer & Workload Protection does not validate the file name itself; however when a file name is specified, the
extension must be one of .rpm, .msi, .deb, .gz. If any other file name is specified,
the file name returned by Server & Workload Protection will always be one of the names provided in the table above.
|
<agent version> parameter
The
<agent version>
parameter is optional.When this parameter is not specified, the latest LTS agent released by Trend Micro
for the target platform is returned.
When this parameter is specified, this represents the agent version string. For example
"12.0.0.123".
Should I include the <agent version> explicitly in my scripts?
If your intent is to only use a specific version of the agent in a controlled environment,
then explicitly adding the agent version to the URL will accomplish this goal.
When deploying agents at scale, it should be noted that adding the agent version in
the URL (which hardcodes this agent version into every script you distribute) can
create challenges for security operations teams that will be distributing scripts
to many applications teams.
Consider the process that will be needed when the time arrives to use a newer version
of the agent. If the
<agent version>
is hardcoded in each script you distribute, this will require that each of these
scripts requires an update to start using the new agent version. If you have many
internal application teams, the process to request changes to each one of these scripts
in use can be significant.Server & Workload Protection provides two options to deal with this challenge:
-
Simply use scripts that omit the
<agent version>
component from the path. The latest LTS agent meets your requirements, this is the most straightforward option to use. -
Use agent version control. Agent version control provides the ability for the Server & Workload Protection administrator to select on a per-platform basis exactly what agent version is returned from Server & Workload Protection. More detail on agent version control and how to leverage this feature from your scripts can be found at Using agent version control to define which agent version is returned.
<platform>, <arch>, and <filename> parameters
The
<platform>
, <arch>
, and <filename>
parameters should be replaced with the strings listed in the table below.
Note<platform> and <arch> are case-sensitive.
|
Platform
|
Distribution
|
<platform>
|
<arch>
|
<filename>
|
Example
|
Linux
|
Amazon 1
|
amzn1
|
x86_64
|
agent.rpm
|
/software/agent/amzn1/x86_64/agent.rpm
|
Amazon 2
|
amzn2
|
x86_64
|
agent.rpm
|
/software/agent/amzn2/x86_64/agent.rpm
|
|
CloudLinux 6
|
CloudLinux_6
|
x86_64
|
agent.rpm
|
/software/agent/CloudLinux_6/x86_64/agent.rpm
|
|
CloudLinux 7
|
CloudLinux_7
|
x86_64
|
agent.rpm
|
/software/agent/CloudLinux_7/x86_64/agent.rpm
|
|
CloudLinux 8
|
CloudLinux_8
|
x86_64
|
agent.rpm
|
/software/agent/CloudLinux_8/x86_64/agent.rpm
|
|
Debian 7
|
Debian_7
|
x86_64
|
agent.deb
|
/software/agent/Debian_7/x86_64/agent.deb
|
|
Debian 8
|
Debian_8
|
x86_64
|
agent.deb
|
/software/agent/Debian_8/x86_64/agent.deb
|
|
Debian 9
|
Debian_9
|
x86_64
|
agent.deb
|
/software/agent/Debian_9/x86_64/agent.deb
|
|
Oracle Linux 6
|
Oracle_OL6
|
x86_64
|
agent.rpm
|
/software/agent/Oracle_OL6/x86_64/agent.rpm
|
|
Oracle Linux 6
|
Oracle_OL6
|
i386
|
agent.rpm
|
/software/agent/Oracle_OL6/i386/agent.rpm
|
|
Oracle Linux 7
|
Oracle_OL7
|
x86_64
|
agent.rpm
|
/software/agent/Oracle_OL7/x86_64/agent.rpm
|
|
RedHat 6
|
RedHat_EL6
|
x86_64
|
agent.rpm
|
/software/agent/RedHat_EL6/x86_64/agent.rpm
|
|
RedHat 6
|
RedHat_EL6
|
i386
|
agent.rpm
|
/software/agent/RedHat_EL6/i386/agent.rpm
|
|
RedHat 7
|
RedHat_EL7
|
x86_64
|
agent.rpm
|
/software/agent/RedHat_EL7/x86_64/agent.rpm
|
|
RedHat 8
|
RedHat_EL8
|
x86_64
|
agent.rpm
|
/software/agent/RedHat_EL8/x86_64/agent.rpm
|
|
SuSE 11
|
SuSE_11
|
x86_64
|
agent.rpm
|
/software/agent/SuSE_11/x86_64/agent.rpm
|
|
SuSE 11
|
SuSE_11
|
i386
|
agent.rpm
|
/software/agent/SuSE_11/i386/agent.rpm
|
|
SuSE 12
|
SuSE_12
|
x86_64
|
agent.rpm
|
/software/agent/SuSE_12/x86_64/agent.rpm
|
|
SuSE 15
|
SuSE_15
|
x86_64
|
agent.rpm
|
/software/agent/SuSE_15/x86_64/agent.rpm
|
|
Ubuntu 16.04
|
Ubuntu_16.04
|
x86_64
|
agent.deb
|
/software/agent/Ubuntu_16.04/x86_64/agent.deb
|
|
Ubuntu 18.04
|
Ubuntu_18.04
|
x86_64
|
agent.deb
|
/software/agent/Ubuntu_18.04/x86_64/agent.deb
|
|
Windows
|
Windows
|
x86_64
|
agent.msi
|
/software/agent/Windows/x86_64/agent.msi
|
|
Windows
|
i386
|
agent.msi
|
/software/agent/Windows/i386/agent.msi
|
||
Unix
|
Solaris 10 Updates 4-6
|
Solaris_5.10_U5
|
x86_64
|
agent.pkg.gz
|
/software/agent/Solaris_5.10_U5/x86_64/agent.pkg.gz
|
Solaris_5.10_U5
|
sparc
|
agent.pkg.gz
|
/software/agent/Solaris_5.10_U5/sparc/agent.pkg.gz
|
||
Solaris 10 Updates 7-11
|
Solaris_5.10_U7
|
x86_64
|
agent.pkg.gz
|
/software/agent/Solaris_5.10_U7/x86_64/agent.pkg.gz
|
|
Solaris_5.10_U7
|
sparc
|
agent.pkg.gz
|
/software/agent/Solaris_5.10_U7/sparc/agent.pkg.gz
|
||
Solaris 11 Updates 1-3
|
Solaris_5.11
|
x86_64
|
agent.p5p.gz
|
/software/agent/Solaris_5.11/x86_64/agent.p5p.gz
|
|
Solaris_5.11
|
sparc
|
agent.p5p.gz
|
/software/agent/Solaris_5.11/sparc/agent.p5p.gz
|
||
Solaris 11 Update 4
|
Solaris_5.11_U4
|
x86_64
|
agent.p5p.gz
|
/software/agent/Solaris_5.11_U4/x86_64/agent.p5p.gz
|
|
Solaris_5.11_U4
|
sparc
|
agent.p5p.gz
|
/software/agent/Solaris_5.11_U4/sparc/agent.p5p.gz
|
||
AIX 5.3 (Agent version 9.0)
|
AIX_5.3
|
powerpc
|
agent.bff.gz
|
/software/agent/AIX_5.3/powerpc/agent.bff.gz
|
|
AIX 6.1 (Agent version 9.0)
|
AIX_6.1
|
powerpc
|
agent.bff.gz
|
/software/agent/AIX_6.1/powerpc/agent.bff.gz
|
|
AIX 7.1, 7.2 (Agent version 9.0)
|
AIX_7.1
|
powerpc
|
agent.bff.gz
|
/software/agent/AIX_7.1/powerpc/agent.bff.gz
|
|
AIX 6.1, 7.1, 7.2 (Agent version 12 +)
|
AIX
|
powerpc
|
agent.bff.gz
|
/software/agent/AIX/powerpc/agent.bff.gz
|
|
macOS
|
10.15
|
macOS
|
universal
|
agent.pkg
|
/software/agent/macOS/universal/agent.pkg
|
11
|
macOS
|
universal
|
agent.pkg
|
/software/agent/macOS/universal/agent.pkg
|
|
12
|
macOS
|
universal
|
agent.pkg
|
/software/agent/macOS/universal/agent.pkg
|
Agent download URL examples
Without
<agent version>
:https://app.deepsecurity.trendmicro.com/software/agent/RedHat_EL7/x86_64/agent.rpm
https://app.deepsecurity.trendmicro.com/software/agent/Windows/x86_64/agent.msi
With
<agent version>
:https://app.deepsecurity.trendmicro.com/software/agent/RedHat_EL7/x86_64/12.0.0.481/agent.rpm
https://app.deepsecurity.trendmicro.com/software/agent/Windows/x86_64/12.0.0.481/agent.msi
Exceptions for backwards compatibility
If no
<filename>
is provided after [...]/<platform>/<arch>/
, Server & Workload Protection will return the agent download for that platform as described in the previous table.If the path ends at
[...]<platform>/<arch>
(because both <agent version>
and <filename>
were not specified), Server & Workload Protection will return the agent download for that platform as described in the table above.Examples:
https://app.deepsecurity.trendmicro.com/software/agent/RedHat_EL7/x86_64/
https://app.deepsecurity.trendmicro.com/software/agent/Windows/x86_64
Using agent version control to define which agent version is returned
The agent version control feature provides the ability to control what agents are returned when any URL request
is made to Server & Workload Protection to download the agent.
To enable agent version control, send the following HTTP header with your URL request:
Agent-Version-Control: on
It should be noted that there are specific query parameters that are also required
on each platform to use agent version control. They are:
Platform
|
Required query parameters
|
Example
|
Windows
|
tenantID,windowsVersion,windowsProductType
|
/software/agent/Windows/x86_64/agent.msi?tenantID=123&windowsVersion=10.0.17134&windowsProductType=3
|
Linux
|
tenantID
|
/software/agent/RedHat_EL7/x86_64/agent.rpm?tenantID=123
|
Solaris
|
tenantID
|
/software/agent/Solaris_5.11_U4/x86_64/agent.p5p.gz?tenantID=123
|
AIX
|
tenantID, aixVersion, aixRelease
|
/software/agent/AIX/powerpc/agent.bff.gz?tenantID=123&aixVersion=7&aixRelease=1
|
macOS
|
tenantID.macOsVersion
|
/software/agent/macOS/universal/agent.pkg?tenantID=123&macOS=10.15.1.20G71&
|
NoteThe parameters in the table above are automatically generated by the deployment scripts.
|
Agent version control examples
For examples, refer to the sample deployment script generated from Server & Workload Protection. By default the deployment scripts generated by Server & Workload Protection use agent version control and demonstrate how to acquire these parameters for each
platform.
Interactions between the <agent version> parameter and agent version control
Given the intent of the agent version control feature is to provide the Server & Workload Protection administrator control over which agent version is returned, there is a natural conflict
with a URL request that also includes the
<agent version>
parameter.For this reason you should not specify the
<agent version>
as part of your request when sending the Agent-Version-Control: on
HTTP header.If we see both the
Agent-Version-Control: on
HTTP header and the <agent version>
parameter in the request, the version of the agent returned will be determined by
the value taken from the agent version control configuration. (We will ignore the
<agent version>
in the URL.)