Topics on this page
Leverage Application Security in different regions
Application Security is available in several regions, providing the ability to deploy the Application Security service while being compliant to data sovereignty requirements.
When an account is created in a given region, all data associated with the account, for example the protection groups and security policy, are all persisted in the specific region, and only in that specific region. Likewise, the agent credentials are only associated with the specific region in which the protection group was created. Therefore, the Application Security agents need to connect to the service in the right region, for connectivity and service to work as expected.
There are two sets of URLs that need to take into account the region where Application Security is used:
The Application Security service APIs
The Agents connectivity
Regions supported by Application Security
The following table lists the regions currently supported by Application Security
Application Security service APIs and the regions
The regions in which Application Security is used, needs to be taken into account in the base URL when integrating with the service API.
The base URL for connecting and using the Application Security API in a given region is:
For example, the base URL for connecting to the US region is:
All endpoint calls are done using this base URL. Refer to Regions supported by Application Security for list of Regions Codes.
Configure agent connectivity for regions
The Application Security agents connect back to the Application Security service for reporting the security events, amongst other things. It is therefore important to configure the agents to connect to the right region. For more recent agent versions, the agents have the built-in capability to determine the proper region where to connect. For older versions of agents, which didn't include the multi-region capability, the URL pointing to the proper region needs to be explicitly configured in the agent configuration.
Connectivity for multi-region aware agents
Recent agent versions include the multi-region aware connectivity, which enables the agents to automatically determine which region to connect. For those agents, there is no need to add additional configuration in the agent, that is the hello_url configuration parameter doesn't need to be added to the agent configuration. The multi-region aware connectivity module in the agents enables the agent connections to be redirected to the right region when the closest region is not the right one.
The following table lists the minimum agent versions required for multi-region aware capability on various platforms:
|Minimum Version required for Multi-Region capability
|4.6.2 and up
|4.4.5 and up
|not available yet
|not available yet
|not available yet
Configure the connectivity for agents without the multi-region aware capability
The section Connectivity for multi-region aware agents lists the agent versions that support the multi-region redirection.
In the case where the agent is an older version or the multi-region aware agent version for the required programming language is not yet available, the agent can be configured to connect to the appropriate region. The configuration can be added in the agent configuration file or by setting the agent environment variable.
The configuration parameter that needs to be set with the proper region information is
hello_url, but it can be configured also as environment variable,
TREND_AP_HELLO_URL. The generic URL structure to configure for the agents is:
The following table provides the list of URLs for the corresponding region.
For example, a protection group created in an account in region in-1, for an agent of version prior to the version in the table, should have the following configuration set:
Refer to section Regions supported by Application Security for the list of region codes for the regions supported by Application Security.
hello_url = https://agents.in-1.application.cloudone.trendmicro.com/
or environment variable
TREND_AP_HELLO_URL = https://agents.in-1.application.cloudone.trendmicro.com/