Deploying the Private Access Connector on AWS Marketplace

Connect your AWS applications with Zero Trust Secure Access Private Access and prevent unauthorized intrusions.

Private Access Connectors connect your internal applications with Zero Trust Secure Access Private Access, which allows you to control access to sensitive corporate resources. To ensure high availability (HA) and facilitate load-balancing on high traffic apps, install and group together at least 2 connectors in each environment. Before attempting to deploy the Private Access Connector, ensure that your environment meets the minimum system requirements.

  1. In the Trend Micro Vision One console, go to Zero Trust Secure Access > Secure Access Configuration > Private Access Configuration.
  2. For customers that need to create a new connector group, click Add Private Access Connector Group.
    1. Provide a unique name and description for the group.
    2. Click Save.
  3. Locate your Connector group name in the list and click the New connector () icon.

    The Private Access Connector Virtual Appliance panel appears.

  4. Select Amazon AWS from the Platform list.
  5. Copy the Registration token for later use.
  6. Sign in to the AWS Marketplace and locate the Trend Micro Vision One - Zero Trust Secure Access app.

    The steps and screens contained in these instructions were valid as of August 2022.

  7. Click Continue to Subscribe.
  8. Click Continue to Configuration.
  9. Select your fulfillment options and software version, and click Continue to Launch.

    Make sure that you always select the latest software version.

  10. In the Choose Action field, select Launch CloudFormation and click Launch.

    The Create stack screen opens.

  11. Keep the default settings and click Next.
  12. In the Stack name section, specify a Stack name for the CloudFormation stack of your Private Access Connector.
  13. In the Parameters section, specify each field, and then click Next.
  14. Keep the default settings and click Next.
  15. Click Create stack.

    The system launches two instances when creating the stack. Allow some time for the process to complete.

  16. (Optional) Modify the scaling group instance count if you want more than 2 instances.
    1. On the stack screen you just created, click the Resources tab, and then click the Physical ID in the CntAutoScaling row.
    2. In the Auto Scaling groups section, click the name of your auto scaling group.
    3. On the Auto Scaling group screen that appears, click the Details tab.
    4. Click Edit, specify the size of the Auto Scaling group, and then click Update.
    • Amazon EC2 Auto Scaling also supports dynamic scaling. For more information about dynamically resizing your Auto Scaling group of the Private Access Connectors, refer to the AWS documentation.

    • Trend Micro Vision One checks every 24 hours and removes any instances that you terminated or stopped in the AWS Management Console. However, for a stopped instance, Trend Micro Vision One restores it in the console after you start the instance again.

  17. (Optional) Launch and configure a Private Access Connector VM.
    1. On the auto scaling group screen, click the Instance Management tab.
    2. Click the instance ID of an instance you just launched and copy the public IPv4 address of the instance.
    3. Open a command prompt and run the following ssh command to log on to the Connector virtual appliance with the default credentials.

      ssh -i <path_of_the_private_key_file> admin@<public_IP_address_of_the_instance>


      AWS automatically creates a user for the VM. Make sure you use admin rather than the created user to log on.

    4. Set your password for the enable command by running the following command and pressing the ENTER key:


      The admin user and privileged mode share the same password.

    5. Switch to privileged mode by typing the enable command, pressing the ENTER key, and provide the updated password.

      The command prompt changes from > to #.

    6. Run the following command to change the time zone of the connector:

      configure timezone <timezone>

      The default time zone is America/Los_Angeles.

    7. Check whether the Connector can connect to the NTP server

      The Connector requires connectivity to an NTP server to synchronize its clock. By default, Trend Micro Vision One uses the public NTP server You can also configure the Connector to connect to another public NTP server or a local NTP server within your organization.

      Run the following command to configure the NTP server: configure ntp server <address>


      To use public NTP servers, make sure that your firewall configuration allows outbound UDP traffic on port 123.

  18. Use the CLI to configure other settings, if required.

    For more information on available commands, see Private Access Connector CLI Commands.

    After successful deployment, the connector virtual appliance appears under the corresponding connector group on the Private Access Connectors tab.