Use a deployment script to download and install the agent on your endpoints.
The deployment script feature allows you to download and install the agent package
using the command line interface of the target endpoint. The deployment script is
customized for your environment when you select the parameters in Endpoint
Inventory. You can also use the deployment script with a software management system
to quickly deploy to multiple endpoints.
ImportantThe deployment script is region specific based on your Trend Vision One account. The deployment script cannot be
used to deploy agents across multiple regions.
Deployment script does not support Standard Endpoint Protection agents. Support is
coming soon.
|
Procedure
- In the Trend Vision One console, go to .
- Click Agent Installer.
- In the Agent Installer window, go to Deployment Script.
- Select the Protection type.
-
Server & Workload Protection: Deploy the Trend Vision One Endpoint Security agent with the Endpoint Sensor and Server & Workload Protection features.
-
Endpoint Sensor: Deploy the Trend Vision One Endpoint Security agent with the Endpoint Sensor only.
-
- Select the Operating system of the target endpoint.
- If you are deploying a Server & Workload Protection agent, assign the Protection Manager.You must assign a Protection Manager. All other endpoint group settings are optional.
- Select the Protection Manager instance to manage the endpoint agent.
- Select the Group to assign the endpoint agent.
- Select the Agent policy.
- Select the Relay group.
Tip
You can edit the group, agent policy, and relay group directly in the deployment script by modifying the following attributes:-
GROUP_ID
-
POLICY_ID
-
RELAY_GROUP_ID
- Select the Proxy for deployment.
-
Direct connect: The agent installer attempts to connect directly to Trend Vision One without using a proxy.
-
Custom proxy: The agent installer attempts to connect using a user-defined proxy.To use this option, you must provide values the following attributes in the custom script before attempting to deploy:
-
PROXY_ADDR_PORT
: The IP address or FQDN and port of the proxy server. For example: 127.0.0.1:40 -
PROXY_USERNAME
: If the proxy server requires credentials, provide the username. -
PROXY_PASSWORD
: If the proxy server requires credentials, provide the password.
-
-
Service Gateway: The agent installer attempts to connect using a deployed Service Gateway with Forward Proxy Service enabled.This option requires a Service Gateway with Forward Proxy Service installed and enabled. For more information, see Deploy a Service Gateway and Configure Firewall Exceptions.
Important
The deployment script does not utilize the custom proxies defined in the Agent Installer Proxy settings. Agents adopt the Runtime Proxy settings assigned to their endpoint group after installation and registration is successfully completed. -
- To include TLS validation, select Validate Trend Vision One server
TLS certificate.When enabled, the deployment script checks if the Trend Vision One download server is using a valid TLS certificate from a trusted certificate authority (CA). Trend Micro recommends enabling this feature to help prevent "man in the middle" attacks.
- To include signature validation, select Validate the signature on
the agent installer.When enabled, the deployment script performs a digital signature check on the downloaded agent installer file. The installation process is stopped if the check fails.
- Review and obtain the deployment script.
-
Click the download icon () to save the script.For Windows deployments, the script is saved as a PowerShell script (.PS1). For Linux deployments, the script is saved as a Bash script (.SH).
-
Click the copy icon () to copy the script.
-
- Copy or download the script to your target endpoint.
- Run the script from the command line interface.Use the command which corresponds to your operating system and interface:
-
Windows
-
Command prompt: Run the command
powershell.exe -File scriptname.ps1
-
PowerShell: Run the command
.\scriptname.ps1
-
-
Linux terminal: Add the execute permission to the file and run
./scriptname.sh
The deployment script downloads the agent installer package to the endpoint and begins installation. After installation successfully completes, the agent registers to Trend Vision One and appears in the Endpoint Inventory. The agent automatically adopts any settings or policies assigned to the managing endpoint group. -