Visualize how the Service Gateway appliance fits into your network environment before planning your deployment.
The following maps provide an overview of several typical Service Gateway appliance
deployment scenarios. Use these maps to help guide your deployment plans to best meet
the
needs of your network. View the Deployment guides when
you are ready to set up your Service Gateway appliance.
Service Gateway single appliance deployment
The simplest deployment for Service Gateway is a single Service Gateway virtual appliance
within your network environment, behind your firewall and proxy.
-
Scenario 1: Single Service Gateway appliance with forward proxy service for endpointsThis scenario is for network environments where only endpoints with the security agent installed connect to the Service Gateway appliance and there are no other Trend Micro or third-party on-premises products.
Note
When using a Service Gateway appliance with the forward proxy service as the sole gateway for endpoints connecting to Trend Vision One, deploying a backup Service Gateway appliance is strongly recommended. See the section on Service Gateway backup appliance deployment below for more information.
-
Scenario 2: Single Service Gateway appliance with connected on-premises security productsThis scenario is for network environments with Trend Micro or third-party on-premises security products. This scenario operates similarly to the single Service Gateway with forward proxy service scenario. Use this mapping for connecting products such as Deep Discovery Inspector, or third-party products which connect with Trend Vision One.
Service Gateway multiple appliance deployment
For networks with a large number of endpoints or higher traffic needs, deploying multiple
Service Gateway appliances can help to spread the load of your environment to meet
your
networking needs.
-
Scenario 1: Service Gateway appliance group with forward proxy service for endpointsThis scenario is for network environments where only endpoints with the security agent installed connect to the Service Gateway appliances and there are no other Trend Micro or third-party on-premises products. This scenario can be used for load balancing with a network that contains a large number of endpoints. Endpoints automatically connect to a Service Gateway appliance within the group based on availability and workload. For best results, each Service Gateway appliance must have a unique FQDN and IP address.
-
Scenario 2: Service Gateway appliance group with a network load balancerThis scenario is for network environments where only endpoints with the security agent installed connect to the Service Gateway appliances and there are no other Trend Micro or third-party on-premises products. In this scenario, a dedicated network load balancer directs traffic to each Service Gateway appliance based on availability rather than relying on the endpoints to automatically direct traffic. For best results, each Service Gateway appliance must have the same FQDN with the FQDN mapped by the DNS server, and each Service Gateway appliance must be configured to use the DNS server.
-
Scenario 3: Multiple Service Gateway appliances with connected on-premises security productsThis scenario is for network environments with Trend Micro or third-party on-premises products deployed which require more than one Service Gateway appliance to manage connections. Unlike endpoints, on-premises products cannot automatically connect to an appliance in a group based on availability. Each product must be configured to connect to a specified Service Gateway appliance. For best results, each Service Gateway appliance must have a unique FQDN and IP address.
Service Gateway backup appliance deployment
Deploying a Service Gateway appliance with a backup Service Gateway appliance is a
good way
to ensure redundancy in your network. Should your primary Service Gateway appliance
become
unhealthy or require maintenance, you can simply power on the backup appliance, reducing
interruption and downtime for your network. For best results, the primary and backup
appliance must have the same network settings including FQDN and IP address.
-
Scenario 1: Service Gateway backup appliance with forward proxy service for endpointsThis scenario is for network environments where only endpoints with the security agent installed connect to the Service Gateway appliances and there are no other Trend Micro or third-party on-premises products. This scenario typically operates the same as the single Service Gateway appliance with forward proxy service. This scenario is strongly recommended if you plan to use the Service Gateway appliance with forward proxy service as the sole method for endpoints to connect to Trend Vision One.
-
Scenario 2: Service Gateway backup appliance with connected on-premises security productsThis scenario is for network environments with Trend Micro or third-party on-premises security products. This scenario typically operates the same as the single Service Gateway appliance with connected on-premises security products.
Service Gateway cloud deployment
You can deploy the Service Gateway virtual appliance to supported cloud services.
Deploying
to the cloud helps reduce the hardware requirements needed to deploy within your
environment. Traffic is routed from the endpoints, through your firewall to the Service
Gateway virtual appliance.
-
Scenario 1: AWS cloud deploymentFor more information on AWS deployment, see Deploying a Service Gateway virtual appliance with AWS.
-
Scenario 2: Azure cloud deploymentFor more information on Azure deployment, see Deploying a Service Gateway virtual appliance with Microsoft Azure.
