Overview - Trend Micro Deep Security on AWS


Before You Begin

This document assumes that you have used AWS before and are familiar with AWS services. If you are new to AWS, see the Getting Started section of the AWS documentation. You should also be familiar with the following AWS technologies:

  • Amazon VPC – The Amazon Virtual Private Cloud (Amazon VPC) service lets you provision a private, isolated section of the AWS Cloud where you can launch AWS services and other resources in a virtual network that you define. You have complete control over your virtual networking environment, including selection of your own IP address range, creation of subnets, and configuration of route tables and network gateways.

  • Amazon EC2 – The Amazon Elastic Compute Cloud (Amazon EC2) service enables you to launch virtual machine instances with a variety of operating systems. You can choose from existing Amazon Machine Images (AMIs) or import your own virtual machine images.

  • AWS CloudFormation – AWS CloudFormation enables you to create and provision AWS infrastructure components reliably and predictably, using a JSON scripting environment. This Quick Start uses AWS CloudFormation templates to configure and automate the Trend Micro Deep Security deployment.

  • Amazon RDS – Amazon Relational Database Service (Amazon RDS) is a web service that makes it easy to set up, operate, and scale a relational database in the cloud. It provides cost-efficient, resizable capacity for an industry-standard relational database and manages common database administration tasks.

Cost and Licenses

You are responsible for the cost of the AWS services used while running this Quick Start reference deployment. There is no additional cost for using the Quick Start. The cost of the resources created by the Quick Start varies based on how many instances you want to protect. For details, see the pricing pages for each AWS service you will be using in this Quick Start.

Because this Quick Start uses AMIs from the AWS Marketplace, you must subscribe to Trend Micro Deep Security for AWS Marketplace before you launch the Quick Start. There are two licensing options: Per Protected Instance Hour and Bring Your Own License (BYOL). See step 2 in the deployment section for details and links.


This Quick Start will set up Deep Security to protect instances in the virtual private cloud (VPC) where the Deep Security Manager is deployed. You can subsequently modify your deployment to protect instances across your entire AWS infrastructure. For free assistance, please contact aws@trendmicro.com.

The Quick Start builds the following environment in an existing VPC.

        Trend Micro Deep Security Architecture on AWS

Figure 1: Trend Micro Deep Security architecture on AWS

Best Practices

The architecture built by this Quick Start supports AWS best practices for high availability and security:

  • The Amazon RDS database server used by the Deep Security Manager is deployed across two Availability Zones (where available), providing high availability at the database layer.

  • The AWS security groups created by the template are configured to only allow traffic that is required.