Recommended design for Trend Micro antivirus management

I need to plan the design for a centralized antivirus management architecture using Trend Micro Control Manager 3.5 and Office Scan 8.0 Client Edition for Windows. Because I'm new to Trend Micro products I don't have an overview about Trend Micros management infrastructure an I'm also not yet familiar with the best practices.

The goal is to manage Office Scan Clients in a lot of remote subnets from a single central server. Each subnet is connected to the central server by a VPN-WAN link. Each subnet contains a different Windows domain and there are no trusts between the central server's domain and the remote domains. All antivirus related tasks (installation, configuration, troubleshooting and reporting) have to be managed from the central server.

Where do I have to place the different Trend Micro infrastructure components (Trend Micro Control Manager, Office Scan Server, Office Scan Clients) for this scenario? I guess the 'root' in this design will be a central Trend Micro Control Manager (TMCM) on the central server. But which component is the best to be deployed in each subnet? An Office Scan Server (managed by the central TMCM) or an child TMCM? What would be the advantages/disadvantages for each product? In addition would it be a good idea to 'attach' Office Scan Clients in remote subnets directly to the central TMCM (without a local Office Scan Server or TMCM) if there are only 5 computers in in the remote subnet?

Would one of the architectures offer the possibility to trigger an antivirus client installation to a computer in a remote subnet with loading the setup packages from a repository that is in the same LAN as the target computer? This would be useful to avoid that setup packages are transferred from the central TMCM via VPN links to the remote target computers.

Any help is appreciated!
LVL 11
Who is Participating?
The company I work for has use Trend product for many years with great success. We are a large manufacturing company with location all over the country every location is connect via MPLS WAN. I have setup 2 control manager server one located at the main IT office and one at our corporate office for load balancing. The TMCM server at our main IT office is the main server or the Parent and the TMCM server at our corporate is the child this configuration all me to manage all Trend Micro products from one location. As for Officescan each location has a Domain controller and I have install Officescan at each location That way all the clients can get the updates from the local server instead of going across the WAN to pull the updates down. Each officescan server is register to one of the 2 TMCM servers  depend on it location. Office scan allows you to put in multiple sources to get its updates from so depending on what TMCM server it is register with determines which server it will get it updates from but I also put in the second TMCM server just in case that server is offline or the WAN link is down. As for clients they get there update from the local server unless the local server is unavailable then they go to Trend Micro web site for updates. This is for our remote users that have laptop these users travel so this will grantee that they will always have current updates.  All of this is reported back to both TMCM server and the system e-mails a daily report  everyday tell me the client that are out of date or failed to get the update and who is infected and if the infection was cleaned.  
I hope this helps if you need more information Please feel free to contact me.

PS as side note we have been Beta testing TMCM 5 for the last month and as soon as it is released I would suggest upgrading to it which will be a free upgrade as long as you license are current. There are many features that gives more central control and reporting of your Trend Product plus it allow for custom query to be performed on the DB.

Michael Draeger
Field Support Rep
Silgan Containers Corp.
ghanaAuthor Commented:
Hello silganit,

thanks for your reply and for sharing your experience with Trend Micro (TM) products! Just to check that I really understand the TM architecture:

The jobs of TMCM are:
a) providing signature and product updates for multiple Office Scan Servers
b) providing a central point of configuration for multiple Office Scan Servers

The jobs of Office Scan Server are:
a) providing signature and product updates for their Office Scan Clients as recieved by TMCM
b) providing antivirus policies for their Office Scan Clients as recieved by TMCM
c) sending antivirus events recieved from their Office Scan Clients to TMCM
d) performing Office Scan Client push installations in their LAN as configured in TMCM

The jobs of Office Scan Client are:
a) antivirus and antimalware scanning
b) enforcing the antivirus policies as recieved by their Office Scan Server
c) reporting events to the Office Scan Server

That means: TMCM communicates only with Office Scan Servers and these Office Scan Servers perform all the tasks that were defined in TMCM. Office Scan Clients are always connected to 1 Office Scan Server but never directly to TMCM.

For the TM antivirus architecture: The top hierarchy level will be TMCM (and for redundancy/load sharing one/some child TMCMs), on the second hierarchy level there will be the Office Scan Servers at each site and they will manage their local Office Scan Clients as third hierarchy level. Communication will only take place between neighbour hierarchy levels but not between top level (TMCM) and third level (Office Scan Client).

Is this correct? Did I miss something?
BTW: Do you know the release date for TMCM v5?

Your right on the money on everything except you left out the fact that the TMCM also has Damage clean up services if you bought the license for it and the this is also a feature with officescan  providing you have the license for it. Also you do not need to set up a child TMCM if you do not have that many Officescan servers my company has 53 officescan servers plus, Scanmail , DSC, and Network Virus Wall Which all connect to the Control manager to get its update and policies. This is why I setup two so not just one server is getting hit will all the traffic. If you want I can send you a Viso Digram of how we have our AV architecture setup if that will help

As for when TMCM 5 will be released I am not sure the exact date but right now beta 2 will be released 12/10 all test script are due 10/20 and the public release is sometime in January.  
ghanaAuthor Commented:
Thank you very much! You really helped me to get an overview about TM antivirus architecture. If the Visio diagramm doesn't contain business critical information of your company that should kept secret it would be a great additional information for me to setup our design.
it is no problem the digram I would send you would be a very basic diagram of just how our Trend architecture is setup nothing secret, it does not repesent how our network is designed or function if you send me you e-mail address I will foward it on to you you can e-mail me at
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.