I need to plan the design for a centralized antivirus management architecture using Trend Micro Control Manager 3.5 and Office Scan 8.0 Client Edition for Windows. Because I'm new to Trend Micro products I don't have an overview about Trend Micros management infrastructure an I'm also not yet familiar with the best practices.
The goal is to manage Office Scan Clients in a lot of remote subnets from a single central server. Each subnet is connected to the central server by a VPN-WAN link. Each subnet contains a different Windows domain and there are no trusts between the central server's domain and the remote domains. All antivirus related tasks (installation, configuration, troubleshooting and reporting) have to be managed from the central server.
Where do I have to place the different Trend Micro infrastructure components (Trend Micro Control Manager, Office Scan Server, Office Scan Clients) for this scenario? I guess the 'root' in this design will be a central Trend Micro Control Manager (TMCM) on the central server. But which component is the best to be deployed in each subnet? An Office Scan Server (managed by the central TMCM) or an child TMCM? What would be the advantages/disadvantages for each product? In addition would it be a good idea to 'attach' Office Scan Clients in remote subnets directly to the central TMCM (without a local Office Scan Server or TMCM) if there are only 5 computers in in the remote subnet?
Would one of the architectures offer the possibility to trigger an antivirus client installation to a computer in a remote subnet with loading the setup packages from a repository that is in the same LAN as the target computer? This would be useful to avoid that setup packages are transferred from the central TMCM via VPN links to the remote target computers.
Any help is appreciated!