About Deep Discovery Analyzer - Online Help Center Home

About Deep Discovery Analyzer - Online Help Center Home
Trend Micro Incorporated reserves the right to make changes to this document and to
the product described herein without notice. Before installing and using the product,
review the readme files, release notes, and/or the latest version of the applicable
documentation, which are available from the Trend Micro website at:
http://docs.trendmicro.com/en-us/enterprise/deep-discovery-analyzer.aspx
Trend Micro, the Trend Micro t-ball logo, Control Manager, Deep Discovery, InterScan,
OfficeScan, ScanMail, and Smart Protection Network are trademarks or registered
trademarks of Trend Micro Incorporated. All other product or company names may be
trademarks or registered trademarks of their owners.
Copyright © 2017. Trend Micro Incorporated. All rights reserved.
Document Part No.: APEM57741/170315
Release Date: March 2017
Protected by U.S. Patent No.: Patents pending.
This documentation introduces the main features of the product and/or provides
installation instructions for a production environment. Read through the documentation
before installing or using the product.
Detailed information about how to use specific features within the product may be
available at the Trend Micro Online Help Center and/or the Trend Micro Knowledge
Base.
Trend Micro always seeks to improve its documentation. If you have questions,
comments, or suggestions about this or any Trend Micro document, please contact us at
docs@trendmicro.com.
Evaluate this documentation on the following site:
http://www.trendmicro.com/download/documentation/rating.asp
Table of Contents
Preface
Preface .................................................................................................................. v
Documentation .................................................................................................. vi
Audience ............................................................................................................ vii
Document Conventions .................................................................................. vii
Terminology ..................................................................................................... viii
About Trend Micro ............................................................................................ x
Chapter 1: Introduction
About Deep Discovery Analyzer ................................................................. 1-2
What's New ..................................................................................................... 1-2
Features and Benefits ..................................................................................... 1-5
Enable Sandboxing as a Centralized Service ...................................... 1-5
Custom Sandboxing ............................................................................... 1-5
Broad File Analysis Range .................................................................... 1-6
YARA Rules ............................................................................................ 1-6
Document Exploit Detection ............................................................... 1-6
Automatic URL Analysis ....................................................................... 1-6
Detailed Reporting ................................................................................. 1-6
Alert Notifications .................................................................................. 1-6
Clustered Deployment ........................................................................... 1-7
Trend Micro Integration ........................................................................ 1-7
Web Services API and Manual Submission ........................................ 1-7
Custom Defense Integration ................................................................ 1-7
Chapter 2: Preparing to Deploy Deep Discovery Analyzer
Deployment Overview ................................................................................... 2-2
Product Specifications ........................................................................... 2-2
Deployment Considerations ................................................................. 2-3
i
Deep Discovery Analyzer 5.8 Installation and Deployment Guide
Recommended Network Environment ............................................... 2-8
Deployment Requirements ......................................................................... 2-10
Logon Credentials ................................................................................ 2-11
Ports Used by the Appliance .............................................................. 2-11
Chapter 3: Installing the Appliance
Installation Tasks ............................................................................................ 3-2
Setting Up the Hardware ....................................................................... 3-2
Installing Deep Discovery Analyzer .................................................... 3-3
Chapter 4: Using the Preconfiguration Console
The Preconfiguration Console ..................................................................... 4-2
Preconfiguration Console Basic Operations ...................................... 4-3
Configuring Network Addresses on the Preconfiguration Console
.................................................................................................................... 4-4
Viewing High Availability Details on the Preconfiguration Console
.................................................................................................................... 4-7
Chapter 5: Migration
Migrating from previous versions of Deep Discovery Analyzer ............ 5-2
Clearing the Browser Cache .......................................................................... 5-4
Chapter 6: Technical Support
Troubleshooting Resources ........................................................................... 6-2
Using the Support Portal ....................................................................... 6-2
Threat Encyclopedia .............................................................................. 6-2
Contacting Trend Micro ................................................................................ 6-3
Speeding Up the Support Call .............................................................. 6-4
Sending Suspicious Content to Trend Micro ............................................. 6-4
Email Reputation Services .................................................................... 6-4
File Reputation Services ........................................................................ 6-5
Web Reputation Services ....................................................................... 6-5
Other Resources ............................................................................................. 6-5
Download Center ................................................................................... 6-5
ii
Table of Contents
Documentation Feedback ..................................................................... 6-6
Appendix A: Getting Started
The Management Console ........................................................................... A-2
Accounts Tab ......................................................................................... A-3
Getting Started Tasks .................................................................................... A-7
License ..................................................................................................... A-8
Network Tab ........................................................................................ A-10
Proxy Tab .............................................................................................. A-12
Time Tab ............................................................................................... A-13
SMTP Tab ............................................................................................. A-15
Importing an Image ............................................................................ A-17
Enabling External Connections ........................................................ A-19
Cluster Tab ........................................................................................... A-21
Index
Index .............................................................................................................. IN-1
iii
Preface
Preface
Welcome to the Trend Micro™ Deep Discovery™ Analyzer Installation and Deployment
Guide. This guide contains information about the requirements and procedures for
deploying, installing and migrating Deep Discovery Analyzer.
v
Deep Discovery Analyzer 5.8 Installation and Deployment Guide
Documentation
The documentation set for Deep Discovery Analyzer includes the following:
Table 1. Product Documentation
Document
Administrator's Guide
Description
PDF documentation provided with the product or
downloadable from the Trend Micro website.
The Administrator's Guide contains detailed instructions on
how to configure and manage Deep Discovery Analyzer,
and explanations on Deep Discovery Analyzer concepts
and features.
Installation and
Deployment Guide
PDF documentation provided with the product or
downloadable from the Trend Micro website.
The Installation and Deployment Guide contains
information about requirements and procedures for
planning deployment, installing Deep Discovery Analyzer,
and using the Preconfiguration Console to set initial
configurations and perform system tasks.
Syslog Content Mapping
Guide
PDF documentation provided with the product or
downloadable from the Trend Micro website.
The Syslog Content Mapping Guide provides information
about log management standards and syntaxes for
implementing syslog events in Deep Discovery Analyzer.
vi
Quick Start Card
The Quick Start Card provides user-friendly instructions on
connecting Deep Discovery Analyzer to your network and
on performing the initial configuration.
Readme
The Readme contains late-breaking product information
that is not found in the online or printed documentation.
Topics include a description of new features, known issues,
and product release history.
Preface
Document
Online Help
Description
Web-based documentation that is accessible from the
Deep Discovery Analyzer management console.
The Online Help contains explanations of Deep Discovery
Analyzer components and features, as well as procedures
needed to configure Deep Discovery Analyzer.
Support Portal
The Support Portal is an online database of problemsolving and troubleshooting information. It provides the
latest information about known product issues. To access
the Support Portal, go to the following website:
http://esupport.trendmicro.com
View and download product documentation from the Trend Micro Online Help Center:
http://docs.trendmicro.com/en-us/home.aspx
Audience
The Deep Discovery Analyzer documentation is written for IT administrators and
security analysts. The documentation assumes that the reader has an in-depth knowledge
of networking and information security, including the following topics:
•
Network topologies
•
Database management
•
Antivirus and content security protection
The documentation does not assume the reader has any knowledge of sandbox
environments or threat event correlation.
Document Conventions
The documentation uses the following conventions:
vii
Deep Discovery Analyzer 5.8 Installation and Deployment Guide
Table 2. Document Conventions
Convention
Description
UPPER CASE
Acronyms, abbreviations, and names of certain
commands and keys on the keyboard
Bold
Menus and menu commands, command buttons, tabs,
and options
Italics
References to other documents
Monospace
Sample command lines, program code, web URLs, file
names, and program output
Navigation > Path
The navigation path to reach a particular screen
For example, File > Save means, click File and then click
Save on the interface
Note
Tip
Important
WARNING!
Configuration notes
Recommendations or suggestions
Information regarding required or default configuration
settings and product limitations
Critical actions and configuration options
Terminology
Terminology
ActiveUpdate Server
viii
Description
Provides updates for product components, including
pattern files. Trend Micro regularly releases component
updates through the Trend Micro ActiveUpdate server.
Preface
Terminology
Description
Active primary appliance
Clustered appliance with which all management tasks are
performed. Retains all configuration settings and
allocates submissions to secondary appliances for
performance improvement.
Administrator
The person managing Deep Discovery Analyzer
Clustering
Multiple standalone Deep Discovery Analyzer appliances
can be deployed and configured to form a cluster that
provides fault tolerance, improved performance, or a
combination thereof.
Custom port
A hardware port that connects Deep Discovery Analyzer
to an isolated network dedicated to sandbox analysis
Dashboard
UI screen on which widgets are displayed
High availability cluster
In a high availability cluster, one appliance acts as the
active primary appliance, and one acts as the passive
primary appliance. The passive primary appliance
automatically takes over as the new active primary
appliance if the active primary appliance encounters an
error and is unable to recover.
Load-balancing cluster
In a load-balancing cluster, one appliance acts as the
active primary appliance, and any additional appliances
act as secondary appliances. The secondary appliances
process submissions allocated by the active primary
appliance for performance improvement.
Management console
A web-based user interface for managing a product.
Management port
A hardware port that connects to the management
network.
Passive primary appliance
Clustered appliance that is on standby until active primary
appliance encounters an error and is unable to recover.
Provides high availability.
Role-based administration
Role-based administration streamlines how
administrators configure user accounts and control
access to the management console.
ix
Deep Discovery Analyzer 5.8 Installation and Deployment Guide
Terminology
Description
Sandbox image
A ready-to-use software package (operating system with
applications) that require no configuration or installation.
Virtual Analyzer supports only image files in the Open
Virtual Appliance (OVA) format.
Sandbox instance
A single virtual machine based on a sandbox image.
Secondary appliance
Clustered appliance that processes submissions
allocated by the active primary appliance for performance
improvement.
Standalone appliance
Appliance that is not part of any cluster. Clustered
appliances can revert to being standalone appliances by
detaching the appliance from its cluster.
Threat Connect
Correlates suspicious objects detected in your
environment and threat data from the Trend Micro Smart
Protection Network. The resulting intelligence reports
enable you to investigate potential threats and take
actions pertinent to your attack profile.
Virtual Analyzer
An isolated virtual environment used to manage and
analyze samples. Virtual Analyzer observes sample
behavior and characteristics, and then assigns a risk level
to the sample.
Widget
A customizable screen to view targeted, selected data
sets.
YARA
YARA rules are malware detection patterns that are fully
customizable to identify targeted attacks and security
threats specific to your environment.
About Trend Micro
As a global leader in cloud security, Trend Micro develops Internet content security and
threat management solutions that make the world safe for businesses and consumers to
exchange digital information. With over 20 years of experience, Trend Micro provides
top-ranked client, server, and cloud-based solutions that stop threats faster and protect
data in physical, virtual, and cloud environments.
x
Preface
As new threats and vulnerabilities emerge, Trend Micro remains committed to helping
customers secure data, ensure compliance, reduce costs, and safeguard business integrity.
For more information, visit:
http://www.trendmicro.com
Trend Micro and the Trend Micro t-ball logo are trademarks of Trend Micro
Incorporated and are registered in some jurisdictions. All other marks are the trademarks
or registered trademarks of their respective companies.
xi
Chapter 1
Introduction
This chapter introduces Deep Discovery Analyzer 5.8 and the new features in this
release.
1-1
Deep Discovery Analyzer 5.8 Installation and Deployment Guide
About Deep Discovery Analyzer
Deep Discovery Analyzer is a custom sandbox analysis server that enhances the targeted
attack protection of Trend Micro and third-party security products. Deep Discovery
Analyzer supports out-of-the-box integration with Trend Micro email and web security
products, and can also be used to augment or centralize the sandbox analysis of other
products. The custom sandboxing environments that can be created within Deep
Discovery Analyzer precisely match target desktop software configurations — resulting
in more accurate detections and fewer false positives.
It also provides a Web Services API to allow integration with any third party product,
and a manual submission feature for threat research.
What's New
Table 1-1. What's New in Deep Discovery Analyzer 5.8
Feature/Enhancement
Structured Threat
Information eXpression
(STIX) support
Enhanced SMTP
notification
1-2
Details
Deep Discovery Analyzer adds support for Structured
Threat Information eXpression (STIX) files to perform the
following functions:
•
Use of user-defined match list for detection
•
Export via the WebService API for 3rd party
integration
Deep Discovery Analyzer improves the SMTP notifications
feature by adding the following enhancements:
•
Option to specify the port of SMTP server rather than
server address only
•
Default email sender notifications@ddan.local
•
Support for SMTP over SSL/TLS and STARTTLS
•
Option to test connection to SMTP server
Introduction
Feature/Enhancement
Details
Debug log level settings for
troubleshooting
The debug log level settings page enables user to
configure debug log level setting for ease in
troubleshooting.
Enhanced ActiveUpdate
The enhanced ActiveUpdate includes the following
features:
•
Several new ActiveUpdate components
•
Option to rollback ActiveUpdate components
•
Frequency of ActiveUpdate update check increased
from every 24 hours to every 15 minutes
Command line arguments
for PE samples
Deep Discovery Analyzer now provides the option to
specify optional command line arguments for PE samples
received from integrated products, manual submissions,
and support tools.
Enhanced Deep Discovery
Director support
Enhanced Deep Discovery Director support provides the
following features for Deep Discovery Analyzer:
Enhanced Virtual Analyzer
•
Centralized Virtual Analyzer image deployment
•
Configuration replication
The internal Virtual Analyzer has been enhanced to
include proxy configuration.
1-3
Deep Discovery Analyzer 5.8 Installation and Deployment Guide
Feature/Enhancement
Improved detection
capability
Enhanced Submission
screen
1-4
Details
Deep Discovery Analyzer provides increased protection by
improving its detection capabilities. This release supports
the following:
•
Deployment of sandbox images running Windows 10
Threshold 2 (B1511), Windows Server 2012, and
Windows Server 2012 R2 operating systems
•
Support Microsoft Office 2016 application for Office
file analysis in sandbox images
•
New file types (Microsoft Publisher 2016, Microsoft
Windows Command Script file, Microsoft Windows
Batch file, and Scalable Vector Graphics) for file
submission filters
•
File SHA-256 and vulnerability information in analysis
reports
•
Decrypt password-protected PDF and Microsoft Office
files using a password list
•
Extract files in archive files with multiple compression
layers
The enhanced Submission screen includes the following
features:
•
Improved Advanced filter to provide more search
options
•
A separate Unsuccessful tab to display all samples
which were not successfully analyzed
•
Option to customize which columns appear in the
Submission screen
Inline migration from Deep
Discovery Analyzer 5.5 and
5.5 SP1
Deep Discovery Analyzer provides users with the option of
automatically migrating the settings from 5.5 and 5.5 SP1
to 5.8 using the Firmware screen of the management
console.
Enhanced credential
management
Deep Discovery Analyzer uses the same user account and
password for the admin account on the management
console UI and preconfig screen.
Introduction
Features and Benefits
Deep Discovery Analyzer includes the following features:
•
Enable Sandboxing as a Centralized Service on page 1-5
•
Custom Sandboxing on page 1-5
•
Broad File Analysis Range on page 1-6
•
YARA Rules on page 1-6
•
Document Exploit Detection on page 1-6
•
Automatic URL Analysis on page 1-6
•
Detailed Reporting on page 1-6
•
Alert Notifications on page 1-6
•
Clustered Deployment on page 1-7
•
Trend Micro Integration on page 1-7
•
Web Services API and Manual Submission on page 1-7
•
Custom Defense Integration on page 1-7
Enable Sandboxing as a Centralized Service
Deep Discovery Analyzer ensures optimized performance with a scalable solution able
to keep pace with email, network, endpoint, and any additional source of samples.
Custom Sandboxing
Deep Discovery Analyzer performs sandbox simulation and analysis in environments
that match the desktop software configurations attackers expect in your environment
and ensures optimal detection with low false-positive rates.
1-5
Deep Discovery Analyzer 5.8 Installation and Deployment Guide
Broad File Analysis Range
Deep Discovery Analyzer examines a wide range of Windows executable, Microsoft
Office, PDF, web content, and compressed file types using multiple detection engines
and sandboxing.
YARA Rules
Deep Discovery Analyzer uses YARA rules to identify malware. YARA rules are
malware detection patterns that are fully customizable to identify targeted attacks and
security threats specific to your environment.
Document Exploit Detection
Using specialized detection and sandboxing, Deep Discovery Analyzer discovers
malware and exploits that are often delivered in common office documents and other
file formats.
Automatic URL Analysis
Deep Discovery Analyzer performs page scanning and sandbox analysis of URLs that
are automatically submitted by integrating products.
Detailed Reporting
Deep Discovery Analyzer delivers full analysis results including detailed sample activities
and C&C communications via central dashboards and reports.
Alert Notifications
Alert notifications provide immediate intelligence about the state of Deep Discovery
Analyzer.
1-6
Introduction
Clustered Deployment
Multiple standalone Deep Discovery Analyzer appliances can be deployed and
configured to form a cluster that provides fault tolerance, improved performance, or a
combination thereof.
Trend Micro Integration
Deep Discovery Analyzer enables out-of-the-box integration to expand the sandboxing
capacity Trend Micro email and web security products.
Web Services API and Manual Submission
Deep Discovery Analyzer allows any security product or authorized threat researcher to
submit samples.
Custom Defense Integration
Deep Discovery Analyzer shares new IOC detection intelligence automatically with
other Trend Micro solutions and third-party security products.
1-7
Chapter 2
Preparing to Deploy Deep Discovery
Analyzer
This chapter discusses the items you need to prepare to deploy Deep Discovery
Analyzer and connect it to your network.
If Deep Discovery Analyzer is already deployed on your network and you have a patch
or hotfix to apply to it, see the Deep Discovery Analyzer Administrator's Guide.
2-1
Deep Discovery Analyzer 5.8 Installation and Deployment Guide
Deployment Overview
Product Specifications
Standard Deep Discovery Analyzer appliances have the following specifications.
Contact Trend Micro if the appliance you are using does not meet these hardware
specifications.
Product Specifications - 1000 Appliance
Feature
Specifications
Rack size
2U 19-inch standard rack
Availability
Raid 5 configuration
Storage size
2 TB free storage
Connectivity
•
Management port: 1 x 10Base-T/100Base-TX/
1000Base-T
•
Custom ports: 3 x 10Base-T/100Base-TX/1000Base-T
Dimensions (WxDxH)
48.2 cm (18.98 in) x 75.58 cm (29.75 in) x 8.73 cm (3.44 in)
Maximum weight
32.5 kg (71.65 lb)
Operating temperature
10 °C to 35 °C at 10% to 80% relative humidity (RH)
Power
750W , 120-240 VAC 50/60 Hz
Product Specifications - 1100 Appliance
Feature
2-2
Specifications
Rack size
2U 19-inch standard rack
Availability
Raid 1 configuration
Preparing to Deploy Deep Discovery Analyzer
Feature
Specifications
Storage size
4 TB free storage
Connectivity
•
Management port: 1 x 10Base-T/100Base-TX/
1000Base-T
•
Custom ports: 3 x 10Base-T/100Base-TX/1000Base-T
Dimensions (WxDxH)
48.2 cm (18.98 in) x 75.58 cm (29.75 in) x 8.73 cm (3.44 in)
Maximum weight
31.5 kg (69.45 lb)
Operating temperature
10 °C to 35 °C at 10% to 80% relative humidity (RH)
Power
750W, 120-240 VAC 50/60 Hz
Deployment Considerations
Any Deep Discovery Analyzer appliance can be deployed and configured as a
standalone appliance. A standalone appliance processes all submitted objects without the
assistance of other Deep Discovery Analyzer appliances. It cannot provide continued
scanning and analysis services when it encounters an error and is unable to recover.
Multiple standalone Deep Discovery Analyzer appliances can be deployed and
configured to form a cluster that provides fault tolerance, improved performance, or a
combination thereof.
Depending on your requirements and the number of Deep Discovery Analyzer
appliances available, you may deploy the following cluster configurations:
2-3
Deep Discovery Analyzer 5.8 Installation and Deployment Guide
Table 2-1. Cluster Configurations
Cluster
Configuration
High availability cluster
Description
In a high availability cluster, one appliance acts as the active
primary appliance, and one acts as the passive primary
appliance. The passive primary appliance automatically takes
over as the new active primary appliance if the active primary
appliance encounters an error and is unable to recover.
For details, see High Availability Cluster on page 2-4.
Load-balancing cluster
In a load-balancing cluster, one appliance acts as the active
primary appliance, and any additional appliances act as
secondary appliances. The secondary appliances process
submissions allocated by the active primary appliance for
performance improvement.
For details, see Load-Balancing Cluster on page 2-6.
High availability cluster
with load balancing
In a high availability cluster with load balancing, one appliance
acts as the active primary appliance, one acts as the passive
primary appliance, and any additional appliances act as
secondary appliances. The passive primary appliance takes
over as the active primary appliance if the active primary
appliance encounters an error and is unable to recover. The
secondary appliances process submissions allocated by the
active primary appliance for performance improvement.
For details, see High Availability Cluster with Load Balancing
on page 2-6.
High Availability Cluster
In a high availability cluster, one appliance acts as the active primary appliance, and one
acts as the passive primary appliance. The passive primary appliance automatically takes
over as the new active primary appliance if the active primary appliance encounters an
error and is unable to recover.
Deploy this cluster configuration if you want to ensure that Deep Discovery Analyzer
capabilities remain available even when the appliance encounters an error and is unable
to recover.
2-4
Preparing to Deploy Deep Discovery Analyzer
The following figure shows two Deep Discovery Analyzer appliances deployed in a high
availability cluster configuration and how integrating products communicate with Deep
Discovery Analyzer.
Note
•
The active primary appliance and the passive primary appliance must be connected
using eth3.
•
Trend Micro recommends using a Category 6 or higher Ethernet cable to directly
connect the active primary appliance and passive primary appliance using eth3.
•
Trend Micro recommends directly connecting the active primary appliance and the
passive primary appliance to minimize potential points of failures.
•
Network switches can be used if a large physical distance does not permit directly
connecting the active primary appliance and the passive primary appliance.
•
The active primary appliance and the passive primary appliance must be in the
same network segment when using network switches.
•
Trend Micro recommends not connecting any other devices to the network
switches used to connect the active primary appliance and the passive primary
appliance.
Figure 2-1. High Availability Cluster
2-5
Deep Discovery Analyzer 5.8 Installation and Deployment Guide
Load-Balancing Cluster
In a load-balancing cluster, one appliance acts as the active primary appliance, and any
additional appliances act as secondary appliances. The secondary appliances process
submissions allocated by the active primary appliance for performance improvement.
Deploy this cluster configuration if you require improved object processing
performance.
The following figure shows Deep Discovery Analyzer appliances deployed in a loadbalancing cluster configuration and how integrating products communicate with Deep
Discovery Analyzer.
Figure 2-2. Load-Balancing Cluster
High Availability Cluster with Load Balancing
In a high availability cluster with load balancing, one appliance acts as the active primary
appliance, one acts as the passive primary appliance, and any additional appliances act as
secondary appliances. The passive primary appliance takes over as the active primary
appliance if the active primary appliance encounters an error and is unable to recover.
The secondary appliances process submissions allocated by the active primary appliance
for performance improvement.
2-6
Preparing to Deploy Deep Discovery Analyzer
Deploy this cluster configuration if you want to combine the benefits of high availability
clustering and load-balancing clustering.
The following figure shows Deep Discovery Analyzer appliances deployed in a high
availability cluster configuration and how integrating products communicate with Deep
Discovery Analyzer.
Note
•
The active primary appliance and the passive primary appliance must be connected
using eth3.
•
Trend Micro recommends using a Category 6 or higher Ethernet cable to directly
connect the active primary appliance and passive primary appliance using eth3.
•
Trend Micro recommends directly connecting the active primary appliance and the
passive primary appliance to minimize potential points of failures.
•
Network switches can be used if a large physical distance does not permit directly
connecting the active primary appliance and the passive primary appliance.
•
The active primary appliance and the passive primary appliance must be in the
same network segment when using network switches.
•
Trend Micro recommends not connecting any other devices to the network
switches used to connect the active primary appliance and the passive primary
appliance.
Figure 2-3. High Availability Cluster with Load Balancing
2-7
Deep Discovery Analyzer 5.8 Installation and Deployment Guide
Recommended Network Environment
Deep Discovery Analyzer requires connection to a management network, which usually
is the organization’s intranet. After deployment, administrators can perform
configuration tasks from any computer on the management network.
Trend Micro recommends using a custom network for sample analysis. Custom
networks ideally are connected to the Internet but may be configured with its own set of
proxy settings, proxy authentication, and connection restrictions. Deep Discovery
Analyzer provides the option to configure proxies for custom networks, as well as
providing support for proxy authentication.
The networks must be independent of each other so that malicious samples in the
custom network do not affect hosts in the management network.
2-8
Preparing to Deploy Deep Discovery Analyzer
Network Settings
Ports are found at the back of the appliance, as shown in the following image.
Network interface ports include:
•
Management port (eth0): Connects the appliance to the management network
•
Custom ports (eth1, eth2, eth3): Connect the appliance to isolated networks that
are reserved for sandbox analysis
Note
•
Only of the interfaces, eth1, eth2, or eth3, can be used for sandbox analysis.
•
When using high availability, eth3 is used to directly connect two identical
appliances and cannot be used for sandbox analysis.
Deep Discovery Analyzer requires one available static IP address in the management
network.
If sandbox instances require Internet connectivity during sample analysis, Trend Micro
recommends allocating one extra IP address for Virtual Analyzer. The Sandbox
Management > Network Connection screen allows you to specify static addresses.
For more information, see the Deep Discovery Analyzer Administrator's Guide.
2-9
Deep Discovery Analyzer 5.8 Installation and Deployment Guide
Deployment Requirements
Requirement
Deep Discovery Analyzer
Obtain from Trend Micro
Deep Discovery Analyzer
installation CD
Obtain from Trend Micro
Activation Code
Obtain from Trend Micro
Monitor and VGA cable
Connects to the VGA port of the appliance
USB keyboard
Connects to a USB port of the appliance
USB mouse
Connects to a USB port of the appliance
Ethernet cables
•
One cable connects the management port of the
appliance to the management network.
•
One cable connects a custom port to an isolated
network that is reserved for sandbox analysis.
•
If using high availability, one cable connects eth3 to
eth3 on an identical appliance.
•
One static IP address in the management network
•
If sandbox instances require Internet connectivity, one
extra IP address for Virtual Analyzer
•
If using high availability, one extra virtual IP address
IP addresses
Software
Third party software
licenses
2-10
Details
Any of the following browsers:
•
Microsoft Internet Explorer™ 9, 10, or 11
•
Microsoft Edge™
•
Google Chrome™
•
Mozilla Firefox™
Licenses for all third party software installed on sandbox
images
Preparing to Deploy Deep Discovery Analyzer
Logon Credentials
Console
Preconfiguratio
n console
Default
Credentials
Purpose
Perform initial configuration
tasks. See Configuring
Network Addresses on the
Preconfiguration Console on
page 4-4.
•
Deep
Discovery
Analyzer
login (not
configurable)
: admin
•
Password:
Your
Information
Password:
Admin1234!
Management
console
•
Configure product settings
•
View and download
reports
•
•
User name
(not
configurable)
: admin
Password:
Password:
Admin1234!
Other user
accounts
(configured on
the management
console, in
Administration
> Accounts /
Contacts >
Accounts)
User account 1:
User name:
Password:
User account 2:
User name:
Password:
Ports Used by the Appliance
The following table shows the ports that are used with Deep Discovery Analyzer and
why they are used.
2-11
Deep Discovery Analyzer 5.8 Installation and Deployment Guide
Table 2-2. Ports used by Deep Discovery Analyzer
Port
2-12
Protocol
Function
Purpose
21
TCP
Outbound
Deep Discovery Analyzer uses this
port to send backup data to FTP
servers.
22
TCP
Listening and
outbound
Deep Discovery Analyzer uses this
port to:
•
Access the preconfiguration
console with a computer through
SSH
•
Send backup data to an SFTP
server
53
TCP/UDP
Outbound
Deep Discovery Analyzer uses this
port for DNS resolution.
67
UDP
Outbound
Deep Discovery Analyzer sends
requests to the DHCP server if IP
addresses are assigned dynamically.
68
UDP
Listening
Deep Discovery Analyzer receives
responses from the DHCP server.
Preparing to Deploy Deep Discovery Analyzer
Port
80
Protocol
TCP
Function
Purpose
Listening and
outbound
Deep Discovery Analyzer connects to
other computers and integrated Trend
Micro products and hosted services
through this port.
In particular,Deep Discovery Analyzer
uses this port to:
•
Verify the Deep Discovery
Analyzer product license through
Customer Licensing Portal
•
Query Web Reputation Services
through the Smart Protection
Network
•
Connect to the Community File
Reputation service for file
prevalence when analyzing file
samples
123
UDP
Listening and
outbound
Deep Discovery Analyzer connects to
the NTP server to synchronize time.
137
UDP
Outbound
Deep Discovery Analyzer uses
NetBIOS to resolve IP addresses to
host names.
161
UDP
Listening
Deep Discovery Analyzer uses this
port to listen for requests from SNMP
managers.
162
UDP
Outbound
Deep Discovery Analyzer uses this
port to send trap messages to SNMP
managers.
2-13
Deep Discovery Analyzer 5.8 Installation and Deployment Guide
Port
443
2-14
Protocol
TCP
Function
Listening and
outbound
Purpose
Deep Discovery Analyzer uses this
port to:
•
Access the management console
with a computer through HTTPS
•
Communicate with other Deep
Discovery Analyzer appliances in
a cluster environment
•
Connect to Trend Micro Threat
Connect
•
Communicate with Trend Micro
Control Manager
•
Connect to Web Reputation
Services to query the blocking
reason
•
Receive files from a computer
with Manual Submission Tool
•
Receive samples from integrated
products
•
Send anonymous threat
information from Smart Feedback
•
Send Suspicious Objects list and
analysis information to integrated
products
•
Update components by
connecting to the ActiveUpdate
server
•
Verify the safety of files through
the Certified Safe Software
Service
•
Communicate with Deep
Discovery Director
Preparing to Deploy Deep Discovery Analyzer
Port
User-defined
Protocol
Function
Outbound
Purpose
Deep Discovery Analyzer uses userdefined ports to:
•
Send logs to syslog servers
•
Connect to proxy servers
•
Connect to the Smart Protection
Server
•
Send notifications and scheduled
reports through SMTP
2-15
Chapter 3
Installing the Appliance
This chapter discusses the Deep Discovery Analyzer installation tasks.
Deep Discovery Analyzer is already installed on new appliances. Perform the tasks only
if you need to reinstall or upgrade the firmware.
3-1
Deep Discovery Analyzer 5.8 Installation and Deployment Guide
Installation Tasks
Procedure
1.
Prepare the appliance for installation. For details, see Setting Up the Hardware on page
3-2.
2.
Install Deep Discovery Analyzer. For details, see Installing Deep Discovery Analyzer on
page 3-3.
3.
Configure the IP address of the appliance on the preconfiguration console. For
details, see Configuring Network Addresses on the Preconfiguration Console on page 4-4.
Setting Up the Hardware
Procedure
1.
Mount the appliance in a standard 19-inch 4-post rack, or on a free-standing object,
such as a sturdy desktop.
Note
When mounting the appliance, leave at least two inches of clearance on all sides for
proper ventilation and cooling.
2.
Connect the appliance to a power source.
Deep Discovery Analyzer includes two 750-watt hot-plug power supply units. One
acts as the main power supply and the other as a backup. The corresponding AC
power slots are located at the back of the appliance, as shown in the following
image.
3-2
Installing the Appliance
3.
Connect the monitor to the VGA port at the back of the appliance.
4.
Connect the keyboard and mouse to the USB ports at the back of the appliance.
5.
Connect the Ethernet cables to the management and custom ports.
•
Management port: A hardware port that connects the appliance to the
management network
•
Custom port: A hardware port that connects the appliance to an isolated
network dedicated to sandbox analysis
Note
When using high availability, eth3 is used to connect the two identical
appliances and cannot be used for sandbox analysis.
6.
Power on the appliance.
Note
The power button is found on the front panel of the appliance, behind the bezel.
Installing Deep Discovery Analyzer
Procedure
1.
Power on the appliance.
3-3
Deep Discovery Analyzer 5.8 Installation and Deployment Guide
Note
The power button is found on the front panel of the appliance, behind the bezel.
The power-on self-test (POST) screen appears.
2.
Insert the CD containing the Deep Discovery Analyzer installation package.
3.
Restart the appliance.
The POST screen appears.
4.
3-4
Press F11.
Installing the Appliance
The Boot Manager screen appears.
5.
Under Boot Manager Main Menu, select One-shot BIOS Boot Menu and
press ENTER.
The Boot Manager screen appears.
3-5
Deep Discovery Analyzer 5.8 Installation and Deployment Guide
6.
Select DVD-ROM and press ENTER.
The Deep Discovery Analyzer Appliance Installation screen appears.
7.
Select 1. Install Appliance and press ENTER.
•
3-6
When installing Deep Discovery Analyzer via serial port, select 2. Install
Appliance via Serial Port and press ENTER.
Installing the Appliance
The License Agreement screen appears.
8.
Click Accept.
3-7
Deep Discovery Analyzer 5.8 Installation and Deployment Guide
The Select Disk screen appears.
9.
Select the disk on which to install the Deep Discovery Analyzer software.
10. Click Continue.
3-8
Installing the Appliance
The program checks if the minimum hardware requirements are met, and then
displays the Hardware Profile screen.
11. Click Continue.
WARNING!
Installation involves repartitioning of the disks. All data on the disks are lost.
A confirmation message appears.
12. Click Continue.
The installation program repartitions the disks and prepares the environment for
installation. Upon completion, the appliance is restarted and Deep Discovery
Analyzer software is installed.
3-9
Deep Discovery Analyzer 5.8 Installation and Deployment Guide
Configure the IP address of the appliance on the preconfiguration console to
complete the deployment process. For details, see Configuring Network Addresses on
the Preconfiguration Console on page 4-4.
3-10
Chapter 4
Using the Preconfiguration Console
This chapter discusses how to use the Deep Discovery Analyzer preconfiguration
console.
4-1
Deep Discovery Analyzer 5.8 Installation and Deployment Guide
The Preconfiguration Console
The preconfiguration console is a Bash-based (Unix shell) interface used to configure
network settings, view high availability details, ping remote hosts, and change the
preconfiguration console password.
The following table describes the tasks performed on the preconfiguration console.
Task
Logging on
Configuring network addresses
for the appliance
4-2
Procedure
Type valid logon credentials. The default credentials
are:
•
User name: admin
•
Password: Admin1234!
Specify the appliance IP address, subnet mask,
gateway, and DNS. For details, see Configuring
Network Addresses on the Preconfiguration Console
on page 4-4.
Using the Preconfiguration Console
Task
Procedure
Viewing high availability details
View the active and passive appliance host names, IP
addresses, and sync status.
Note
High availability cannot be configured on the
preconfiguration console. Use the management
console to configure high availability. For details
see the High Availability Tab and Cluster Tab
topics in the Deep Discovery Analyzer
Administrator’s Guide.
Pinging a remote host
Type a valid IP address or FQDN and click Ping.
Changing the preconfiguration
console password
Type the new password twice and click Save.
Enabling and disabling SSH
connection
Enabling or disabling the SSH connection.
Logging off
On the Main Menu, click Log off.
Preconfiguration Console Basic Operations
Use the following keyboard keys to perform basic operations on the preconfiguration
console.
Important
Disable scroll lock (using the SCROLL LOCK key on the keyboard) to perform the
following operations.
4-3
Deep Discovery Analyzer 5.8 Installation and Deployment Guide
Keyboard Key
Up and Down
arrows
Operation
Move between fields.
Move between items in a numbered list.
Note
An alternative way of moving to an item is by typing the item
number.
Move between text boxes.
Left and Right
arrows
Move between buttons. Buttons are enclosed in angle brackets <>.
ENTER
Click the highlighted item or button.
TAB
Move between screen sections, where one section requires using
a combination of arrow keys (Up, Down, Left, and Right keys).
Move between characters in a text box.
Configuring Network Addresses on the Preconfiguration
Console
Procedure
1.
4-4
Type valid logon credentials. The default credentials are:
•
User name: admin
•
Password: Admin1234!
Using the Preconfiguration Console
Note
None of the characters you type appear on the screen.
This password is the same as the password used to log on to the web-based
management console. For more information, see Logon Credentials on page 2-11.
The Main Menu screen appears.
2.
Select Configure appliance IP address and press ENTER.
4-5
Deep Discovery Analyzer 5.8 Installation and Deployment Guide
The Appliance IP Settings screen appears.
3.
Specify the following required settings:
Item
IPv4 address
4-6
Guidelines
•
Must be in the same subnet as the virtual IP address.
•
Must not conflict with the following addresses:
•
Sandbox network: Configured in Virtual Analyzer >
Sandbox Management > Network Connection
•
Virtual IP address: Configured in Administration >
System Settings > High Availability
•
Virtual Analyzer: 1.1.0.0 - 1.1.2.255
•
Broadcast: 255.255.255.255
•
Multicast: 224.0.0.0 - 239.255.255.255
•
Link local: 169.254.1.0 - 169.254.254.255
•
Class E: 240.0.0.0 - 255.255.255.255
•
Localhost: 127.0.0.1/8
Using the Preconfiguration Console
Item
Guidelines
Note
Changing the IP address changes the management console
URL.
Subnet mask
Must not be any of the following numbers:
•
111.111.111.111
•
255.255.255.255
IPv4 gateway
Must be in the same subnet as the IP address
IPv4 DNS server 1
Same as IP address
IPv4 DNS server 2
(Optional)
Same as IP address
4.
(Optional) Configure the IPv6 settings.
5.
Press TAB to navigate to Save, and then press ENTER.
The Main Menu screen appears after the settings are successfully saved.
Viewing High Availability Details on the Preconfiguration
Console
Before you begin
The High Availability screen looks different depending on the appliance you log on to.
Use the High Availability screen to view details about the high availability
configuration.
Note
On a passive primary appliance, this screen can be used to detach the appliance from the
cluster.
4-7
Deep Discovery Analyzer 5.8 Installation and Deployment Guide
Procedure
1.
Type valid logon credentials. The default credentials are:
•
User name: admin
•
Password: Admin1234!
Note
None of the characters you type appear on the screen.
This password is the same as the password used to log on to the web-based
management console. For more information, see Logon Credentials on page 2-11.
The Main Menu screen appears.
2.
4-8
Select View high availability details and press ENTER.
Using the Preconfiguration Console
The High Availability screen appears.
The following table shows the on-screen labels and high availability configuration
details.
Table 4-1. High Availability Screen
Label
3.
Detail
Mode
Cluster mode of the appliance.
Status
Sync status of the passive primary appliance.
Host name
Host name of the appliance.
Management IP address
Management IP address of the appliance.
IPv4 virtual address
IPv4 virtual address of the active primary appliance.
IPv6 virtual address
IPv6 virtual address of the active primary appliance.
(Optional) On the passive primary appliance, press TAB to navigate to Detach,
and then press ENTER to detach the passive primary appliance.
4-9
Deep Discovery Analyzer 5.8 Installation and Deployment Guide
Note
Detaching the passive primary appliance disables high availability.
4.
Press TAB to navigate to Back, and then press ENTER.
The Main Menu screen appears.
4-10
Chapter 5
Migration
This chapter discusses how to migrate Deep Discovery Analyzer 5.5 and 5.5 SP1 to 5.8.
5-1
Deep Discovery Analyzer 5.8 Installation and Deployment Guide
Migrating from previous versions of Deep
Discovery Analyzer
Deep Discovery Analyzer 5.8 supports direct migration of data and configuration
settings from the following versions:
•
Deep Discovery Analyzer 5.5
•
Deep Discovery Analyzer 5.5 SP1
This procedure outlines the steps for migrating the data and configuration settings.
Important
If you have multiple Deep Discovery Analyzer appliances deployed and configured to form
a cluster, please perform these tasks:
Table 5-1. Cluster Configurations Upgrade Tasks
Cluster
Configuration
High availability
cluster
5-2
Tasks
1.
Detach the passive primary appliance.
2.
Individually upgrade both the active primary appliance
and the passive primary appliance by performing the
tasks as described in the main task section below.
3.
Add the passive primary appliance to the cluster again.
Load-balancing
cluster
Individually upgrade all Deep Discovery Analyzer appliances.
High availability
cluster with load
balancing
1.
Detach the passive primary appliance.
2.
Individually upgrade both the active primary appliance
and the passive primary appliance by performing the
tasks as described in the main task section below.
3.
Add the passive primary appliance to the cluster again.
4.
Individually upgrade all secondary appliances by
performing the tasks as described in the main task
section below.
Migration
Procedure
1.
On the logon page of the management console, select Extended and then log on
using a valid user name and password.
2.
Go to Administration > Updates, and then click the Firmware tab.
3.
Click Choose File or Browse, and then select the firmware upgrade file.
4.
Click Apply.
Important
Do not close or refresh the browser, navigate to another page, perform tasks on the
management console, or power off the appliance until updating is complete.
Deep Discovery Analyzer will automatically restart after the upgrade is complete.
5.
Clear the browser cache.
For details, see Clearing the Browser Cache on page 5-4
What to do next
Note
•
After migration, the ActiveUpdate schedule still retains the old setting as configured in
the previous version. Deep Discovery Analyzer does not update the schedule to the
new default setting of 15 minutes.
•
After upgrading/migrating to this release, the proxy setting for the Virtual Analyzer is
not automatically configured to use the global proxy setting, even if the previous
Virtual Analyzer network has been configured to use the management network. The
proxy setting for the Virtual Analyzer will be empty by default after upgrade/
migration.
5-3
Deep Discovery Analyzer 5.8 Installation and Deployment Guide
Clearing the Browser Cache
Procedure
1.
2.
On Chrome™:
a.
Go to Settings.
b.
Click Show advanced settings....
c.
Under Privacy, click Clear browsing data....
d.
Select Cookies and other site and plug-in data and Cached images and
files.
e.
Click Clear browsing data.
On Internet Explorer®:
a.
Go to Tools > Internet Options > General.
b.
Under Browsing history, click Delete.
The Delete Browsing History window opens.
c.
Select Temporary Internet files and website files, and Cookies and
Website data.
d.
Click Delete.
The Delete Browsing History window closes.
e.
3.
5-4
Click OK.
On Mozilla Firefox®:
a.
Go to Options > Privacy.
b.
Click clear your recent history.
c.
Select Cookies and Cache.
d.
Click Clear now.
Chapter 6
Technical Support
Learn about the following topics:
•
Troubleshooting Resources on page 6-2
•
Contacting Trend Micro on page 6-3
•
Sending Suspicious Content to Trend Micro on page 6-4
•
Other Resources on page 6-5
6-1
Deep Discovery Analyzer 5.8 Installation and Deployment Guide
Troubleshooting Resources
Before contacting technical support, consider visiting the following Trend Micro online
resources.
Using the Support Portal
The Trend Micro Support Portal is a 24x7 online resource that contains the most up-todate information about both common and unusual problems.
Procedure
1.
Go to http://esupport.trendmicro.com.
2.
Select from the available products or click the appropriate button to search for
solutions.
3.
Use the Search Support box to search for available solutions.
4.
If no solution is found, click Contact Support and select the type of support
needed.
Tip
To submit a support case online, visit the following URL:
http://esupport.trendmicro.com/srf/SRFMain.aspx
A Trend Micro support engineer investigates the case and responds in 24 hours or
less.
Threat Encyclopedia
Most malware today consists of blended threats, which combine two or more
technologies, to bypass computer security protocols. Trend Micro combats this complex
malware with products that create a custom defense strategy. The Threat Encyclopedia
6-2
Technical Support
provides a comprehensive list of names and symptoms for various blended threats,
including known malware, spam, malicious URLs, and known vulnerabilities.
Go to http://about-threats.trendmicro.com/us/threatencyclopedia#malware to learn
more about:
•
Malware and malicious mobile code currently active or "in the wild"
•
Correlated threat information pages to form a complete web attack story
•
Internet threat advisories about targeted attacks and security threats
•
Web attack and online trend information
•
Weekly malware reports
Contacting Trend Micro
In the United States, Trend Micro representatives are available by phone or email:
Address
Trend Micro, Incorporated
225 E. John Carpenter Freeway, Suite 1500
Irving, Texas 75062 U.S.A.
Phone
Phone: +1 (817) 569-8900
Toll-free: (888) 762-8736
•
Website
http://www.trendmicro.com
Email address
support@trendmicro.com
Worldwide support offices:
http://www.trendmicro.com/us/about-us/contact/index.html
•
Trend Micro product documentation:
http://docs.trendmicro.com
6-3
Deep Discovery Analyzer 5.8 Installation and Deployment Guide
Speeding Up the Support Call
To improve problem resolution, have the following information available:
•
Steps to reproduce the problem
•
Appliance or network information
•
Computer brand, model, and any additional connected hardware or devices
•
Amount of memory and free hard disk space
•
Operating system and service pack version
•
Version of the installed agent
•
Serial number or Activation Code
•
Detailed description of install environment
•
Exact text of any error message received
Sending Suspicious Content to Trend Micro
Several options are available for sending suspicious content to Trend Micro for further
analysis.
Email Reputation Services
Query the reputation of a specific IP address and nominate a message transfer agent for
inclusion in the global approved list:
https://ers.trendmicro.com/
Refer to the following Knowledge Base entry to send message samples to Trend Micro:
http://esupport.trendmicro.com/solution/en-US/1112106.aspx
6-4
Technical Support
File Reputation Services
Gather system information and submit suspicious file content to Trend Micro:
http://esupport.trendmicro.com/solution/en-us/1059565.aspx
Record the case number for tracking purposes.
Web Reputation Services
Query the safety rating and content type of a URL suspected of being a phishing site, or
other so-called "disease vector" (the intentional source of Internet threats such as
spyware and malware):
http://global.sitesafety.trendmicro.com/
If the assigned rating is incorrect, send a re-classification request to Trend Micro.
Other Resources
In addition to solutions and support, there are many other helpful resources available
online to stay up to date, learn about innovations, and be aware of the latest security
trends.
Download Center
From time to time, Trend Micro may release a patch for a reported known issue or an
upgrade that applies to a specific product or service. To find out whether any patches
are available, go to:
http://www.trendmicro.com/download/
If a patch has not been applied (patches are dated), open the Readme file to determine
whether it is relevant to your environment. The Readme file also contains installation
instructions.
6-5
Deep Discovery Analyzer 5.8 Installation and Deployment Guide
Documentation Feedback
Trend Micro always seeks to improve its documentation. If you have questions,
comments, or suggestions about this or any Trend Micro document, please go to the
following site:
http://www.trendmicro.com/download/documentation/rating.asp
6-6
Appendix A
Getting Started
This chapter describes how to get started with Deep Discovery Analyzer and configure
initial settings.
A-1
Deep Discovery Analyzer 5.8 Installation and Deployment Guide
The Management Console
Deep Discovery Analyzer provides a built-in management console for configuring and
managing the product.
Open the management console from any computer on the management network with
the following resources:
•
Microsoft Internet Explorer™ 9, 10, or 11
•
Microsoft Edge™
•
Google Chrome™
•
Mozilla Firefox™
To log on, open a browser window and type the following URL:
https://<Appliance IP Address>/pages/login.php
This opens the logon screen, which shows the following options:
A-2
Getting Started
Table A-1. Management Console Logon Options
Option
User name
Password
Details
Type the logon credentials (user name and password) for the
management console.
Use the default administrator logon credentials when logging on
for the first time:
•
User name: admin
•
Password: Admin1234!
Trend Micro recommends changing the password after logging on
to the management console for the first time.
Configure user accounts to allow other users to access the
management console without using the administrator account. For
details, see Accounts Tab on page A-3.
Session duration
Choose how long you would like to be logged on.
•
Default: 10 minutes
•
Extended: 1 day
To change these values, navigate to Administration > System
Settings and click the Session Timeout tab.
Log On
Click Log On to log on to the management console.
Accounts Tab
Use the Accounts tab, in Administration > Accounts / Contacts, to create and
manage user accounts. Users can use these accounts, instead of the default administrator
account, to access the management console.
Some settings are shared by all user accounts, while others are specific to each account.
A-3
Deep Discovery Analyzer 5.8 Installation and Deployment Guide
This screen includes the following options.
Table A-2. Accounts Tasks
Task
Steps
Add
Click Add to add a new user account. This opens the Add
Account window, where you specify settings for the account. For
details, see Add Account Window on page A-5.
Edit
Select a user account and then click Edit to edit its settings. This
opens the Edit Account window, which contains the same
settings as the Add Account window. For details, see Add
Account Window on page A-5.
Only one user account can be edited at a time.
Delete
Select one or more user accounts to delete and then click Delete.
Important
Unlock
•
You cannot delete the default Deep Discovery Analyzer
administrator account.
•
You cannot delete the logged-on account.
Deep Discovery Analyzer includes a security feature that locks an
account in case the user typed an incorrect password five times in
a row. This feature cannot be disabled. Accounts locked this way,
including administrator accounts, unlock automatically after ten
minutes. The administrator can manually unlock accounts that
have been locked.
Only one user account can be unlocked at a time.
A-4
Sort Column Data
Click a column title to sort the data below it.
Search
If there are many entries in the table, type some characters in the
Search text box to narrow down the entries. As you type, the
entries that match the characters you typed are displayed. Deep
Discovery Analyzer searches all cells in the table for matches.
Getting Started
Task
Records and
Pagination Controls
Steps
The panel at the bottom of the screen shows the total number of
user accounts. If all user accounts cannot be displayed at the
same time, use the pagination controls to view the accounts that
are hidden from view.
Add Account Window
The Add Account window appears when you click Add on the Accounts tab.
A-5
Deep Discovery Analyzer 5.8 Installation and Deployment Guide
This window includes the following options.
Table A-3. Add Account Window
Field
Details
Name
Type the name of the account owner.
User name and
password
Type an account name that does not exceed 40 characters.
Type a password with at least eight characters and then confirm it.
If you want to use a stricter password, configure the global
password policy in Administration > System Settings >
Password Policy tab. The password policy will be displayed in
the window and must be satisfied before you can add a user
account.
When a user exceeds the number of retries allowed while entering
incorrect passwords, Deep Discovery Analyzer sets the user
account to inactive (locked). You can unlock the account in the
Accounts screen.
Tip
Record the user name and password for future reference.
A-6
Description
(Optional) Type a description that does not exceed 40 characters.
Role
Select the role and associated permissions of this user account.
•
Administrator: Users have full access to submitted objects,
analysis results, and product settings
•
Investigator: Users have read-only access to submitted
objects, analysis results, and product settings, but can submit
objects and download the investigation package, including
submitted objects
•
Operator: Users have read-only access to submitted objects,
analysis results, and product settings
Add to contacts
Select to add this user account to the Contacts list.
Email address
Type the email address of the account owner.
Phone number
(Optional) Type the phone number of the account owner.
Getting Started
Getting Started Tasks
Procedure
1.
Activate the product license using a valid Activation Code. For details, see License on
page A-8.
2.
Specify the Deep Discovery Analyzer host name and IP address. For details, see
Network Tab on page A-10.
3.
Configure proxy settings if Deep Discovery Analyzer connects to the management
network or Internet through a proxy server. For details, see Proxy Tab on page A-12.
4.
Configure date and time settings to ensure that Deep Discovery Analyzer features
operate as intended. For details, see Time Tab on page A-13.
5.
Configure SMTP settings to enable sending of notifications through email. For
details, see SMTP Tab on page A-15.
6.
Import sandbox instances to Virtual Analyzer. For details, see Importing an Image on
page A-17.
7.
Configure Virtual Analyzer network settings to enable sandbox instances to
connect to external destinations. For details, see Enabling External Connections on page
A-19.
8.
(Optional) Deploy and configure additional Deep Discovery Analyzer appliances
for use in a high availability or load-balancing cluster. For details, see Cluster Tab on
page A-21.
9.
Configure supported Trend Micro products for integration with Deep Discovery
Analyzer.
For details, see the Deep Discovery Analyzer 5.8 Administrator's Guide.
10. Adjust Virtual Analyzer resource allocation between all sources by assigning weight
and timeout values to all sources that submit objects to Deep Discovery Analyzer
for analysis.
For details, see the Deep Discovery Analyzer 5.8 Administrator's Guide.
A-7
Deep Discovery Analyzer 5.8 Installation and Deployment Guide
License
Use the License screen, in Administration > License, to view, activate, and renew the
Deep Discovery Analyzer license.
The Deep Discovery Analyzer license includes product updates (including
ActiveUpdate) and basic technical support (“Maintenance”) for one (1) year from the
date of purchase. The license allows you to upload threat samples for analysis, and to
access Trend Micro Threat Connect from Virtual Analyzer. In addition, the license
allows you to send samples to the Trend Micro cloud sandboxes for analysis.
After the first year, Maintenance must be renewed on an annual basis at the current
Trend Micro rate.
A Maintenance Agreement is a contract between your organization and Trend Micro. It
establishes your right to receive technical support and product updates in return for the
payment of applicable fees. When you purchase a Trend Micro product, the License
Agreement you receive with the product describes the terms of the Maintenance
Agreement for that product.
The Maintenance Agreement has an expiration date. Your License Agreement does not.
If the Maintenance Agreement expires, you will no longer be entitled to receive technical
support from Trend Micro or access Trend Micro Threat Connect.
Typically, 90 days before the Maintenance Agreement expires, you will start to receive
email notifications, alerting you of the pending discontinuation. You can update your
A-8
Getting Started
Maintenance Agreement by purchasing renewal maintenance from your Reseller, Trend
Micro sales, or on the Trend Micro Customer Licensing Portal at:
https://clp.trendmicro.com/fullregistration
The License screen includes the following information and options.
Table A-4. Product Details
Field
Details
Product name
Displays the name of the product.
Firmware version
Displays the full build number of the product.
License agreement
Displays a link to the Trend Micro License Agreement. Click the
link to view or print the license agreement.
Table A-5. License Details
Field
Activation Code
Details
View the Activation Code in this section. If your license has
expired, obtain a new Activation Code from Trend Micro. To renew
the license, click New Activation Code, and type the new
Activation Code.
The License screen reappears displaying the number of days left
before the product expires.
A-9
Deep Discovery Analyzer 5.8 Installation and Deployment Guide
Field
Status
Details
Displays either Activated, Not Activated, Grace Period,
Expired, or Evaluation Expired.
Click View details online to view detailed license information
from the Trend Micro website. If the status changes (for example,
after you renewed the license) but the correct status is not
indicated in the screen, click Refresh.
Type
Expiration date
•
Full: Provides access to all product features
•
Evaluation: Provides access to all product features
View the expiration date of the license. Renew the license before
it expires.
Network Tab
Use this screen to configure the host name, the IPv4 and IPv6 addresses of the Deep
Discovery Analyzer appliance, and other network settings.
An IPv4 address is required and the default is 192.168.252.2. Modify the IPv4
address immediately after completing all deployment tasks.
A-10
Getting Started
Note
You can also use the Preconfiguration Console to modify the network settings.
For details, see the Configuring Network Addresses on the Preconfiguration Console on page 4-4.
Deep Discovery Analyzer uses the specified IP addresses to connect to the Internet
when accessing Trend Micro hosted services, including the Smart Protection Network,
the ActiveUpdate server, and Threat Connect. The IP addresses also determine the
URLs used to access the management console.
The following table lists configuration limitations.
Table A-6. Configuration Limitations
Field
Limitation
Host name
Cannot be modified when using high availability
IPv4 address
•
Must differ from IPv4 virtual address
•
Must be in the same network segment as IPv4 virtual address
•
Must differ from IPv6 virtual address
•
Must be in the same network segment as IPv6 virtual address
•
Cannot be deleted if IPv6 virtual address has been configured
•
Cannot be added or deleted when using high availability
IPv6 address
A-11
Deep Discovery Analyzer 5.8 Installation and Deployment Guide
Proxy Tab
Specify proxy settings if Deep Discovery Analyzer connects to the Internet or
management network through a proxy server.
Configure the following settings.
Table A-7. Proxy Tab Tasks
Task
Steps
Use an HTTP proxy
server
Select this option to enable proxy settings.
Server name or IP
address
Type the proxy server host name or IPv4 address, or IPv6
address.
The management console does not support host names with
double-byte encoded characters. If the host name includes such
characters, type its IP address instead.
Port
A-12
Type the port number that Deep Discovery Analyzer uses to
connect to the proxy server.
Getting Started
Task
Proxy server
requires
authentication
User name
Steps
Select this option if the connection to the proxy server requires
authentication. Deep Discovery Analyzer supports the following
authentication methods:
•
No authentication
•
Basic authentication
•
Digest authentication
•
NTMLv1 authentication
Type the user name used for authentication.
Note
This option is only available if Proxy server requires
authentication is enabled.
Password
Type the password used for authentication.
Note
This option is only available if Proxy server requires
authentication is enabled.
Time Tab
Configure date and time settings immediately after installation.
Procedure
1.
Go to Administration > System Settings and click the Time tab.
A-13
Deep Discovery Analyzer 5.8 Installation and Deployment Guide
The Time screen appears.
2.
Click Set date and time.
The settings panel appears.
3.
Select one of the following methods and configure the applicable settings.
•
Select Connect to an NTP server and type the host name, IPv4 address, or
IPv6 address of the NTP server.
•
Select Set manually and configure the time.
4.
Click Save.
5.
Click Set time zone.
A-14
Getting Started
The settings panel appears.
6.
Select the applicable time zone.
Note
Daylight Saving Time (DST) is used when applicable.
7.
Click Save.
8.
Click Set format.
The settings panel appears.
9.
Select the preferred date and time format.
10. Click Save.
SMTP Tab
Deep Discovery Analyzer uses SMTP settings when sending notifications through email.
A-15
Deep Discovery Analyzer 5.8 Installation and Deployment Guide
Procedure
1.
Go to Administration > System Settings and click the SMTP tab.
2.
Specify the following details:
Table A-8. SMTP Tab Tasks
Field
Server address
Steps
Type the SMTP server host name, IPv4 address, or IPv6
address.
The management console does not support host names with
double-byte encoded characters. If the host name includes
such characters, type its IP address instead.
A-16
Port
Type the port number used by the SMTP server.
Connection
security
Specify the type of security used for the connection.
Sender email
address
Type the email address of the sender.
Available values are: None, STARTTLS, SSL/TLS.
The default value is notifications@ddan.local.
Getting Started
Field
SMTP server
requires
authentication
Steps
If the server requires authentication, select SMTP server
requires authentication and specify a user name and
password.
WARNING!
Ensure that the user name and password to be
specified is valid for the SMTP server. Connections
made using an incorrect user name and password may
cause some SMTP servers to reject all network request
originating from the Deep Discovery Analyzer server.
3.
(Optional) To test the connection to the external SMTP server, do the following:
a.
Click Test Connection.
b.
Type the recipient email address.
c.
Click OK.
Note
Deep Discovery Analyzer does not send a test email message to the recipient.
4.
Click Save.
Importing an Image
The hardware specifications of your product determine the number of images that you
can import and the number of instances that you can deploy per image.
Virtual Analyzer supports OVA files up to 20GB in size.
Important
Virtual Analyzer stops analysis and keeps all samples in the queue whenever an image is
added or deleted, or when instances are modified.
A-17
Deep Discovery Analyzer 5.8 Installation and Deployment Guide
Procedure
1.
Go to Virtual Analyzer > Sandbox Management and click the Images tab.
The Images screen appears.
2.
Click Import.
The Import Image screen appears.
3.
Select an image source and configure the applicable settings.
a.
Type a permanent image name with a maximum of 50 characters.
b.
Choose the number of instances to allocate for the image.
Note
Trend Micro recommends distributing the number of instances evenly across all
deployed images. Submitted objects must pass through all images before
analysis results are generated.
4.
c.
Type the URL or network share path of the OVA file.
d.
(Optional) Select Connect through a proxy sever.
e.
(Optional) Type the logon credentials if authentication is required.
Click Import.
Virtual Analyzer validates the OVA files before starting the import process.
A-18
Getting Started
Note
If you selected HTTP or FTP server, Deep Discovery Analyzer downloads the
images first before importing into Virtual Analyzer. The process can only be canceled
before the download completes.
Enabling External Connections
Sample analysis is paused and settings are disabled whenever Virtual Analyzer is being
configured.
Procedure
1.
Go to Virtual Analyzer > Sandbox Management and click the Network
Connection tab.
The Network Connection screen appears.
2.
Select Enable external connections.
The settings panel appears.
A-19
Deep Discovery Analyzer 5.8 Installation and Deployment Guide
3.
Select the type of connection to be used by sandbox instances.
•
Custom: Any user-defined network
Important
Trend Micro recommends using an environment isolated from the management
network.
•
Management network: Default organization Intranet
WARNING!
Enabling connections to the management network may result in malware
propagation and other malicious activity in the network.
4.
5.
6.
A-20
If you selected Custom, specify the following:
•
Network adapter: Select an adapter with a linked state.
•
IP address: Type an IPv4 address.
•
Subnet mask
•
Gateway
•
DNS
If the sandbox requires a proxy server for network connection, select Use a
dedicated proxy server, and specify the following.
•
Server address
•
Port
•
User name: This option is only available if Proxy server requires
authentication is enabled.
•
Password: This option is only available if Proxy server requires
authentication is enabled.
Click Save.
Getting Started
Cluster Tab
Multiple standalone Deep Discovery Analyzer appliances can be deployed and
configured to form a cluster that provides fault tolerance, improved performance, or a
combination thereof.
Depending on your requirements and the number of Deep Discovery Analyzer
appliances available, you may deploy the following cluster configurations:
Table A-9. Cluster Configurations
Cluster
Configuration
Description
High availability cluster
In a high availability cluster, one appliance acts as the active
primary appliance, and one acts as the passive primary
appliance. The passive primary appliance automatically takes
over as the new active primary appliance if the active primary
appliance encounters an error and is unable to recover.
Load-balancing cluster
In a load-balancing cluster, one appliance acts as the active
primary appliance, and any additional appliances act as
secondary appliances. The secondary appliances process
submissions allocated by the active primary appliance for
performance improvement.
High availability cluster
with load balancing
In a high availability cluster with load balancing, one appliance
acts as the active primary appliance, one acts as the passive
primary appliance, and any additional appliances act as
secondary appliances. The passive primary appliance takes
over as the active primary appliance if the active primary
appliance encounters an error and is unable to recover. The
secondary appliances process submissions allocated by the
active primary appliance for performance improvement.
The following table lists the available configuration modes and associated appliance
behavior.
A-21
Deep Discovery Analyzer 5.8 Installation and Deployment Guide
Table A-10. Cluster Configuration Modes
Configuration
Mode
Primary (Active)
Primary (Passive)
A-22
Description
•
Management console is fully accessible
•
Retains all configuration settings
•
Management console is unavailable
•
Automatically configured based on the settings of the active
primary appliance
•
On standby
•
Takes over as the active primary appliance if the active
primary appliance encounters an error and is unable to
recover
•
Does not process submissions
Getting Started
Configuration
Mode
Secondary
Description
•
Automatically configured based on the settings of the active
primary appliance
•
Identifies the active primary appliance using its IP address or
virtual IP address
•
Processes submissions allocated by the active primary
appliance for performance improvement
•
Management console only shows screens with configurable
settings:
•
Virtual Analyzer > Sandbox Management > Network
Connection
•
Virtual Analyzer > Sandbox Management > Cloud
Sandbox
•
Administration > Updates > Hotfixes / Patches
•
Administration > Updates > Firmware
•
Administration > System Settings > Network
•
Administration > System Settings > Cluster
•
Administration > Accounts / Contacts > Accounts
•
Administration > Accounts / Contacts > Contacts
•
Administration > System Logs
•
Administration > System Maintenance > Network
Services Diagnostics
•
Administration > System Maintenance > Power Off /
Restart
•
Administration > System Maintenance > Debug
•
Administration > License
Nodes List
The Nodes list is displayed on the active primary appliance.
A-23
Deep Discovery Analyzer 5.8 Installation and Deployment Guide
The Nodes list contains the following information:
Table A-11. Nodes List Columns
Column
Description
Status
Connection status of the appliance. Mouseover a status icon to
view details.
Mode
Cluster mode of the appliance.
Management IP
Address
Management IP address of the appliance.
Host Name
Host name of the appliance.
Last Connected
Date and time that the appliance last connected to the active
primary appliance.
Note
No data (indicated by a dash) if appliance is passive
primary appliance.
A-24
Getting Started
Column
Details
Description
Additional details about the operational status of the appliance.
•
For standalone appliance:
•
•
•
Standalone appliance: The appliance is a standalone
appliance.
For passive primary appliance:
•
Fully synced: The passive primary appliance is fully
synced to the active primary appliance.
•
Syncing n%: The passive primary appliance is syncing
settings from the active primary appliance.
•
Sync error: The passive primary appliance is unable to
connect to the active primary appliance. Verify that the
appliances are directly connected using eth3, and that
eth3 is not used for sandbox analysis.
For secondary appliances:
•
Inconsistent component version: One or more
components have different versions on the active
primary appliance and secondary appliance. Use the
same component versions on all appliances.
•
Not connected: The active primary appliance did not
receive a heartbeat from the secondary appliance within
the last 10 seconds. Verify that the secondary appliance
is powered on and able to connect to the active primary
appliance through the network.
•
Invalid API key: The secondary appliance is configured
with an invalid API key. Verify the Active primary API
key on the secondary appliance.
•
Incompatible software version: The firmware, hotfix,
and patch versions on the active primary appliance and
secondary appliance are different. Use the same
firmware, hotfix, and patch version on all appliances.
•
Unexpected error: An unexpected error has occurred. If
the issue persists, contact your support provider.
A-25
Deep Discovery Analyzer 5.8 Installation and Deployment Guide
Column
Action
Description
Actions that can be executed depending on the appliance mode
and status.
•
For active primary appliance:
•
•
•
Swap: Swap the roles of the primary appliances. Sets
the current passive primary appliance to primary mode
(active) and the current active primary appliance to
primary mode (passive). Appears when the passive
primary appliance has synced all settings from the active
primary appliance. For details, see Swapping the Active
Primary Appliance and the Passive Primary Appliance on
page A-29
For passive primary appliance:
•
Detach: Detach the passive primary appliance. Disables
high availability and allows the passive primary appliance
to be used as a standalone appliance. Appears when the
passive primary appliance has synced all settings from
the active primary appliance. For details, see Detaching
the Passive Primary Appliance from the Cluster on page
A-29
•
Remove: Remove inaccessible passive primary
appliance. Disables high availability. Appears when the
active primary appliance is unable to reach the passive
primary appliance through eth3. For details, see
Removing the Passive Primary Appliance from the
Cluster on page A-29
For secondary appliances:
•
Remove: Remove inaccessible secondary appliance.
Affects object processing capacity. Secondary
appliances attempt to connect to the active primary
appliance every 10 seconds. Appears when the active
primary appliance does not receive a heartbeat from the
secondary appliance within one minute. For details, see
Removing a Secondary Appliance from the Cluster on
page A-32
Click Refresh to refresh the information in the Nodes list.
A-26
Getting Started
Adding a Passive Primary Appliance to the Cluster
The following table lists requirements that need to be fulfilled by both active primary
appliance and passive primary appliance before the passive primary appliance can be
added to the cluster.
Table A-12. High Availability Clustering Requirements
Requirement
Description
Hardware model
Must be same hardware model (1000 or 1100)
Physical connection
Must be directly connected to each other using eth3
Firmware, hotfix,
and patch version
Must be the same
Host name
Must be different
IP addresses
Must be symmetrical:
•
If only IPv4 address is configured on active primary
appliance, passive primary appliance cannot configure both
IPv4 address and IPv6 address.
•
If IPv4 address and IPv6 address are configured on active
primary appliance, passive primary appliance cannot only
configure IPv4 address.
Network segment
Must be in the same network segment
Virtual IP address
Must be configured on the active primary appliance
In a high availability cluster, one appliance acts as the active primary appliance, and one
acts as the passive primary appliance. The passive primary appliance automatically takes
over as the new active primary appliance if the active primary appliance encounters an
error and is unable to recover.
Note
•
If your network has Trend Micro Control Manager, only register the active primary
appliance to Control Manager.
•
When using high availability, use the virtual IP address to register.
A-27
Deep Discovery Analyzer 5.8 Installation and Deployment Guide
Procedure
1.
Perform the installation and deployment tasks as described in Installing the Appliance
on page 3-1.
2.
Configure the passive primary appliance.
a.
On the management console of the passive primary appliance, go to
Administration > System Settings and click the Cluster tab.
b.
Select Primary mode (passive).
c.
Type the IPv4 address or IPv6 address of the active primary appliance in
Active primary IP address.
d.
Click Test Connection.
e.
Click Save.
You will be redirected to the appliance standby screen.
•
The passive primary appliance stops processing objects if it was previously doing
so.
•
The passive primary appliance will sync all settings from the active primary
appliance. The total time to complete syncing depends on the appliance model.
Important
While the appliance is syncing, it cannot:
•
A-28
•
Take over as active primary appliance
•
Switch to another mode
The management console of the passive primary appliance cannot be accessed.
Manage the appliance and monitor the sync status from the management console
of the active primary appliance.
Getting Started
Swapping the Active Primary Appliance and the Passive
Primary Appliance
Swapping the primary appliances sets the current passive primary appliance to primary
mode (active) and the current active primary appliance to primary mode (passive).
Procedure
1.
On the management console of the active primary appliance, go to
Administration > System Settings and click the Cluster tab.
2.
Click Swap to swap the primary appliances.
Detaching the Passive Primary Appliance from the Cluster
Detaching the passive primary appliance disables high availability and allows the
appliance to be used as a standalone appliance. After a passive primary appliance is
detached, it no longer appears in the nodes list.
Detach the passive primary appliance to update or upgrade the product.
Important
Detaching the passive primary appliance does not reset the appliance settings. Trend Micro
recommends reinstalling the appliance if you want to use it as a standalone appliance.
Procedure
1.
On the management console of the active primary appliance, go to
Administration > System Settings and click the Cluster tab.
2.
Click Detach to detach the passive primary appliance from the cluster.
Removing the Passive Primary Appliance from the Cluster
Removing a disconnected or abnormal passive primary appliance from the cluster
reduces the clutter in the nodes list.
A-29
Deep Discovery Analyzer 5.8 Installation and Deployment Guide
Procedure
1.
On the management console of the active primary appliance, go to
Administration > System Settings and click the Cluster tab.
2.
Wait for Remove to appear next to the passive primary appliance in the nodes list.
3.
Click Remove to remove the passive primary appliance from the cluster.
Note
The passive primary appliance automatically rejoins the cluster if it reconnects to the
active primary appliance.
Adding a Secondary Appliance to the Cluster
Verify that the secondary appliance has the same firmware, hotfix, and patch version as
the active primary appliance.
To view the appliance firmware, hotfix, and patch version, see the Deep Discovery Analyzer
Administrator's Guide.
Update or upgrade the appliance firmware, hotfix, and patch version as necessary. For
details, see the Deep Discovery Analyzer Administrator's Guide.
Note
•
If your network has Trend Micro Control Manager, only register the active primary
appliance to Control Manager.
•
When using high availability, use the virtual IP address to register.
Procedure
1.
Perform the installation and deployment tasks as described in Installing the Appliance
on page 3-1.
2.
Configure the secondary appliance.
A-30
Getting Started
a.
On the management console of the secondary appliance, go to
Administration > System Settings and click the Cluster tab.
b.
Select Secondary mode.
c.
Type the IPv4 address or IPv6 address of the active primary appliance in
Active primary IP address.
Note
If you are using high availability, type the IPv4 virtual address or IPv6 virtual
address.
d.
Type the Active primary API key.
e.
Click Test Connection.
Tip
Secondary appliances can test their connection to the active primary appliance
at any time. Click Test Connection to get detailed information about any
connectivity problems.
f.
3.
Click Save.
(Optional) Configure additional settings on the secondary appliance.
a.
Configure the sandbox network connection setting.
For details, see Enabling External Connections on page A-19.
Note
Trend Micro recommends using the external network connection setting of the
active primary appliance.
b.
Configure the cloud sandbox setting.
For details, see the Deep Discovery Analyzer Administrator's Guide.
c.
Configure the appliance network settings.
For details, see Network Tab on page A-10.
A-31
Deep Discovery Analyzer 5.8 Installation and Deployment Guide
d.
Add accounts.
For details, see Accounts Tab on page A-3.
Note
Secondary appliances automatically deploy sandbox instances based on the sandbox
allocation ratio of the active primary appliance. The following table lists a configuration
example:
Table A-13. Example Configuration Using Two Images
Maximum
Number of
Instances
(Total)
Deep Discovery
Analyzer
Hardware Model
Number of
Windows 7
Instances
Number of
Windows 8.1
Instances
1100
60
40
20
1000
33
22
11
Removing a Secondary Appliance from the Cluster
Removing a disconnected secondary appliance from the cluster reduces the clutter in the
nodes list and widgets of the active primary appliance.
Procedure
1.
On the management console of the active primary appliance, go to
Administration > System Settings and click the Cluster tab.
2.
Wait for Remove to appear next to the secondary appliance in the nodes list.
Note
Secondary appliances attempt to connect to the active primary appliance every 10
seconds. If the active primary appliance does not receive a heartbeat within one
minute, Remove appears next to the secondary appliance in the Nodes list.
Secondary appliances automatically rejoin the cluster if they reconnect to the active
primary appliance.
A-32
Getting Started
3.
Click Remove to remove the secondary appliance from the cluster.
The secondary appliance is removed from the nodes list and widgets of the active
primary appliance.
Replacing the Active Primary Appliance with a Secondary
Appliance
If the active primary appliance is unresponsive or cannot be restored, and no passive
primary appliance is deployed, it can be replaced by a secondary appliance from the
same cluster.
Tip
Trend Micro recommends deployment of a passive primary appliance for high availability.
For details, see Adding a Passive Primary Appliance to the Cluster on page A-27.
Important
Submissions do not have a result if they were being analyzed on the active primary
appliance when it becomes unresponsive.
Procedure
1.
Power off the active primary appliance.
2.
Select a secondary appliance from the same cluster and configure it as the new
active primary appliance.
3.
a.
On the management console of the secondary appliance, go to
Administration > System Settings and click the Cluster tab.
b.
Select Primary mode (active).
c.
Click Save.
Configure the IP address of the new active primary appliance.
For details, see Network Tab on page A-10.
A-33
Deep Discovery Analyzer 5.8 Installation and Deployment Guide
Note
Trend Micro recommends using the same IP address as the original active primary
appliance. This allows secondary appliances and integrated products to connect
without reconfiguration.
4.
Verify the settings on the new active primary appliance.
Note
Settings take up to one day to propagate to secondary appliances.
A-34
Index
A
account management, A-3
Activation Code, A-8
C
custom network, 2-8
custom port, 2-9
D
deployment tasks
hardware setup, 3-2
installation, 3-6
documentation feedback, 6-6
E
Ethernet cables, 2-10
F
form factor, 2-2
G
getting started tasks, A-7
I
images, A-17
installation tasks, 3-2
IP addresses (for product), 2-9
L
license, A-8
M
management console, A-2
management console accounts, A-3
management network, 2-8
management port, 2-9
N
network environment, 2-8
P
port, 2-9
ports, 2-11
power supply, 3-2
preconfiguration console, 4-2
operations, 4-3
product specifications, 2-2
S
sandbox images, A-17
sandbox management
images
importing, A-17
network connection, A-19
session duration (for management console),
A-3
support
resolve issues faster, 6-4
system maintenance
cluster tab
primary appliance, A-33
remove, A-32
secondary appliance, A-30, A-32,
A-33
test connection, A-30
nodes list, A-23
system settings
Network Tab, A-10
Proxy Tab, A-12
Time Tab, A-13
IN-1
Was this manual useful for you? yes no
Thank you for your participation!

* Your assessment is very important for improving the work of artificial intelligence, which forms the content of this project

Download PDF

advertising