Database requirements

Deep Security Manager uses a database server. Before you install Deep Security Manager, you must install a database server that meets the following requirements:

After reviewing the requirements, you are ready to install the database server.

Software requirements

Deep Security supports the following databases:

  • PostgreSQL 16.n (Core, Amazon RDS, or Amazon Aurora distributions only)
  • PostgreSQL 15.n (Core, Amazon RDS, or Amazon Aurora distributions only)
  • PostgreSQL 14.n (Core, Amazon RDS, or Amazon Aurora distributions only)
  • PostgreSQL 13.n (Core or Amazon RDS distributions only)
  • PostgreSQL 12.n (Core or Amazon RDS distributions only)
  • Microsoft SQL Server 2022 and its service packs
  • Microsoft SQL Server 2019 and its service packs
  • Microsoft SQL Server 2017 and its service packs
  • Microsoft SQL Server 2016 and its service packs
  • Microsoft SQL Relational Database Service (RDS)
  • Azure SQL Database (except multi-tenancy)
  • Oracle 19c when deployed as software or when used with Amazon RDS
  • Oracle 23c when deployed as software

Note the following:

Microsoft SQL Server Express considerations

Some deployments might be able to use Microsoft SQL Server Express for the Deep Security Manager database. If you think your deployment cannot operate within the following limitations, use another database or migrate to the Enterprise edition.

  • Express edition size limitations: Microsoft SQL Server Express has a 10 GB maximum database size and other important limits. High load scenarios are not supported by Express. Symptoms can include database connection errors.
  • Express edition LocalDB preset: Express has a LocalDB preset. Additional configuration may be required to accept remote connections.
  • Limited number of protected computers: Do not use Microsoft SQL Server Express if your deployment has more than 50 protected computers. More events generated from the computer result in a larger database which Microsoft SQL Server Express cannot handle.
  • Lack of multi-node support: Multi-node Deep Security Manager, required for larger deployments, is not supported by Express.
  • Security module limitations: Only Deep Security Anti-Malware and Intrusion Prevention modules are supported with a Microsoft SQL Server Express database due to its limitations. If you require any other protection modules, use another supported database.
Exceeding these limits can result in a service outage. You would need to upgrade to a paid version of Microsoft SQL Server.

Hardware requirements

  • The database CPU, memory, and disk space should conform to the recommendations in Database sizing.
  • The database should be installed on a dedicated server that is separate from the manager nodes.

Network requirements

  • The database should be located on the same network as Deep Security Manager. The network should have a 1 GB LAN connection to ensure unhindered communication between the two (WAN connections are not recommended). The same applies to additional Deep Security Manager nodes. 2 milliseconds latency or less is recommended for the connection from the manager to the database.
  • Databases hosted in the cloud should not use multiple availability zones ("multi-AZ"), which can increase network latency.

VMware requirements

In a VMware environment, Deep Security Manager and its database should always run in the same ESXi host. You can configure it as follows:

  1. In the vCenter Web Client, go to Host and Clusters and select the cluster.
  2. Go to the Manage tab and click VM/Host Rules > Add.
  3. Type a name for the rule.
  4. Select Enable rule.
  5. From Type, select Keep Virtual Machines Together.
  6. Click Add and select the manager and database VMs.

Scaling requirements

  • You should use database load balancing, mirroring, and high availability (HA) mechanisms for scalability and service uptime. Consult your database vendor's documentation for setup details.
  • If you decide to replicate the database, you should use database mirroring over database replication. Database replication technologies sometimes add columns to the database tables during replication. This changes the Deep Security database schema and can result in critical failures. Deep Security works with any failover protection technology that does not change its schema.