This Partner Solution deploys Deep Security using AWS CloudFormation templates and offers two license models. You can also launch this Partner Solution with either licensing option in the AWS GovCloud (US) Region.
The default configuration protects instances in the virtual private cloud (VPC) where the Deep Security Manager is deployed. After deployment, you can modify your setup to protect instances across your entire AWS infrastructure.
This Partner Solution was developed by Trend Micro in collaboration with AWS. Trend Micro is an AWS Partner.
AWS Service Catalog administrators can add this architecture to their own catalog.
-
What you'll build
-
How to deploy
-
Costs and licenses
-
What you'll build
-
This Partner Solution sets up the following:
- A highly available architecture that spans two Availability Zones.*
- A VPC configured with public and private subnets, according to AWS best practices, to provide you with your own virtual network on AWS.*
- An internet gateway that connects the VPC to the internet.
- In the public subnets:
- Amazon Elastic Compute Cloud (Amazon EC2) instances for Deep Security Manager.
- Elastic Load Balancing that distributes incoming traffic across the Amazon EC2 instances (not shown).
- In the private subnets:
- Amazon Relational Database Service (Amazon RDS) to set up, operate, and scale a relational database.
-
How to deploy
-
To deploy this Partner Solution, follow the steps in the deployment guide, which includes these steps. The stack takes about 1 hour to launch.
- If you don't already have an AWS account, sign up at https://aws.amazon.com and set up your VPC. The VPC must have two private subnets in different Availability Zones, and one public subnet with an attached internet gateway.
- Subscribe to Deep Security, choosing the Per Protected Instance Hour or BYOL licensing option.
- Launch the Partner Solution for the licensing option you selected. Each deployment takes less than an hour. You can choose from four options:
- Log in to the Deep Security Manager console.
- Deploy agents to protect your instances.
Amazon may share user-deployment information with the AWS Partner that collaborated with AWS on this solution.
- If you don't already have an AWS account, sign up at https://aws.amazon.com and set up your VPC. The VPC must have two private subnets in different Availability Zones, and one public subnet with an attached internet gateway.
-
Costs and licenses
-
You are responsible for the cost of the AWS services and any third-party licenses used while running this Partner Solution reference deployment. There is no additional cost for using the Partner Solution.
Because this Partner Solution uses Amazon Machine Images (AMIs) from AWS Marketplace, you must subscribe to Trend Micro Deep Security. There are two licensing options:
- Per Protected Instance Hour is a consumption-based option that allows you to pay hourly per protected instance. Your costs are determined by the number of instances you protect per hour.
- Bring Your Own License (BYOL) is a perpetual license for organizations that prefer traditional procurement. For a license key, contact aws@trendmicro.com.
Note: This Partner Solution supports a deployment of up to 2,000 protected instances. If you are protecting more than 2,000 instances, contact aws@trendmicro.com for assistance.
Tip: After you deploy the Partner Solution, create AWS Cost and Usage Reports to track costs associated with the Partner Solution. These reports deliver billing metrics to an Amazon Simple Storage Service (Amazon S3) bucket in your account. They provide cost estimates based on usage throughout each month and aggregate the data at the end of the month. For more information about the report, refer to What are AWS Cost and Usage Reports?