Deep Security 20 release strategy and lifecycle policy
Deep Security 20 is a long-term support (LTS) release. Its release management and lifecycle changes are designed to be more straighforward:
- Deep Security 20 updates include both new features and fixes.
- Feature releases (FR) are no longer available.
The manager supports older agent versions, but you should still upgrade agents when possible. New agent releases provide more security features and protection, higher quality, performance improvements, and updates to stay in sync with OS releases. Regular software upgrades also ensure that, if an agent fix is required, you can simply update once — not install multiple updates along a supported upgrade path. Each agent has an end-of-life date. For details, see Deep Security Agent LTS life cycle date and Deep Security Agent FR life cycle dates.
Supported upgrade paths
Deep Security supports upgrades from the last two major releases for all Deep Security components, as long as the release that is subject to upgrade is still within its support period. See the support periods for LTS releases or for FR releases to ensure that the version being upgraded is supported.
You can upgrade to Deep Security 20 from the following versions until they reach their end-of-support dates:
- Deep Security 11 (LTS)
- Deep Security 12 (LTS)
- Deep Security 12 (FR)
You can also update any currently supported Deep Security 20 release to a more recent update release of it. Rolling back to a previous release is not supported.
Deep Security 20 update schedule
Similar to previous LTS releases, Deep Security 20 updates are released monthly. If needed (such as due to critical fixes or vulnerabilities), more frequent releases are provided.
Each component may be released independently. Agents for different platforms (Windows, Linux, Unix) may also be released separately. An update can include one or more components and platforms. Typically, the global release process is completed within one week after the release date, at which point the update becomes available through the Download Center.
If you require a fix for a currently supported software release, then Trend Micro releases an update that can be directly applied during the support period. For example, if you had Deep Security 20 Update 2 and have an issue, then when the latest update is released (for example, Deep Security 20 Update 10), you could update directly from Update 2 to Update 10.
LTS release support duration and upgrade best practices
The oftware updates process should be well-defined, regularly scheduled, and, ideally, automated, so all components are updated regularly.
The following table summarizes the updates release timeframe, the support duration of the released component, and considerations that should be taken when determining your upgrade strategy.
Deep Security 20 LTS updates span multiple years, with support periods changing in 2023: before 2023, support was based on the update's release year; since 2023, support is based on the specific release date. For example, all Deep Security 20 LTS updates released:
- in 2020 have standard support until December 31, 2023 and extended support until December 31, 2024.
- in 2021 have standard support until December 31, 2024 and extended support until December 31, 2025.
- in 2022 have standard support until December 31, 2025 and extended support until December 31, 2026.
- on July 25, 2023 have standard support until July 24, 2026 and extended support until July 24, 2027.
- on March 20, 2024 have standard support until March 19, 2027 and extended support until March 19, 2028.
| Component | Updates released | Support | Upgrade considerations |
|---|---|---|---|
| Deep Security Manager | LTS updates are released monthly | Before 2023:
Standard support until 3 years after the year of release. Extended support until 4 years after the year of release. In 2023 and later: Standard support until 3 years after the release date. Extended support until 4 years after the release date. |
Plan to upgrade regularly so that you are always using a supported release, and can upgrade to the latest software with a single upgrade. |
| Deep Security Agent | LTS updates are released monthly | Before 2023:
Standard support until 3 years after the year of release. Extended support until 4 years after the year of release. In 2023 and later: Standard support until 3 years after the release date. Extended support until 4 years after the release date. |
LTS agents support upgrades from the last two major releases (for example, Deep Security Agent 11.0 to Deep Security Agent 20 LTS) that are still within their support period. Plan to upgrade regularly so that you are always using a supported release and are able to upgrade to the latest software with a single upgrade. |
| Deep Security Agent (platforms where an older release of the agent is the latest agent for that platform) | LTS updates are released monthly | Platform-specific | If platform support is only provided by an older release of Deep Security Agent (for example, Windows 2000 uses a 9.6 agent and Red Hat Enterprise Linux 5 uses a 10.0 agent), use the latest agent for that platform and upgrade as updates are released. For details on which agent versions are supported for each platform, see Agent platform compatibility. |
| Deep Security Relay | LTS updates are released monthly | Same as agent | Deep Security Relay is simply a Deep Security Agent that has relay functionality enabled. The upgrade recommendations and support policies for agents also apply to relays. |
| Deep Security Virtual Appliance | Released with each LTS release of Deep Security | Standard support until 3 years after GA. Extended support until 4 years after GA. |
Appliance SVM - plan to upgrade yearly. Embedded agent - plan to upgrade using one of the following schedules:
|
Support services
The following table provides details about the artifacts supported during the Deep Security 20 lifecycle. Extended support is provided to all customers at no additional cost.
| Support item | LTS - standard support | LTS - extended support | LTS - limited support | Delivery mechanism |
|---|---|---|---|---|
| New features1 | ✔ | ✔ | LTS update | |
| Small enhancements (no change to core functionality)1 | ✔ | ✔ | LTS update | |
| Linux kernel updates | ✔ | On request | Linux Kernel Support Package (LKP) | |
| General bug fixes1 | ✔ | ✔ | LTS update | |
| Critical bug fixes (system crash or hang, or loss of major functionality) | ✔ | ✔ | LTS update or hotfix | |
| Critical and high vulnerability fixes | ✔ | ✔ | LTS update or hotfix | |
| Medium and low vulnerability fixes | ✔ | ✔ | LTS update | |
| Anti-Malware pattern updates | ✔ | ✔ | ✔ | iAU (Active Update) |
| Intrusion Prevention, Integrity Monitoring, and Log Inspection rule updates | ✔ | ✔ | ✔ | iAU (Active Update) |
| Support for agents and Deep Security Manager on new versions of supported operating systems | ✔ | ✔ | LTS update |
Footnotes:
| 1 |
Agent platforms that are not supported are not included. See Agent platform compatibility. |
Agent platform support policy
Trend Micro recognizes that sometimes you must commit to an OS for many years. The agent platform support policy is designed to provide predictable support for the platform's lifespan.
-
Many platforms are supported. See Agent platform compatibility.
-
Platforms are supported until at least the OS vendor's end-of-extended-support date. Trend Micro might extend support beyond this date. However, once an OS vendor no longer supports its platform, there is a risk that some technical issues might not be fixable without the support of the OS vendor. Should this happen, Trend Micro notifies you immediately, but it could result in loss of functionality.
-
Trend Micro notifies you in advance if it needs to end support for a platform.
-
After General Availability (GA) of software, Trend Micro not shorten its support lifecycle, except possibly if the OS vendor stops supporting the platform.
-
Consider how long the agent version is supported. For example, agent 11.0, 12.0, and so on (LTS releases) have 3 years of standard support and 4 years of extended support. If you are planning to use an OS for longer than that, then you must be prepared to regularly upgrade the agent so that you are always using an agent version that is currently supported.
-
A new version of the agent is usually released for all supported platforms. However, to support older platforms, sometimes a deployment must include a previous release of the agent, and therefore its end-of-support dates are adjusted accordingly.
For example, the newest agent for Windows 2000 is Deep Security Agent 9.6, so Deep Security Manager 11.0 supports it, even though the rest of the deployment uses Deep Security Agent 11.0. Therefore in this context, the older agent uses the EOL dates for Deep Security 11.0, not Deep Security 9.6.
To obtain the latest performance and security updates from your OS vendor, Trend Micro strongly encourages you to upgrade to the latest OS version for which an agent is available.