System requirements

Each part of a Deep Security deployment has its own system requirements:

Requirements vary by version: for older versions of Deep Security Manager, agents, relays, or virtual appliances, consult the corresponding documentation.

If you are planning to operate Deep Security in FIPS mode, see FIPS 140 support for additional requirements.

Deep Security Manager requirements

For a list of agent versions that are compatible with this version of the manager, see Agent platform compatibility.

System component Requirements
Minimum memory (RAM)

Minimum RAM requirements depend on the number of agents that are being managed. See Deep Security Manager sizing.

On Linux, reserved system memory is separate from process memory. Therefore, although the installer's estimate might be similar, it detects less RAM than the computer actually has. To verify the computer's actual total RAM, log in with a superuser account and execute the following command:
grep MemTotal /proc/meminfo

Minimum disk space 1.5 GB (200 GB recommended)
Operating system
  • Red Hat Enterprise Linux 9 (64-bit)
  • Red Hat Enterprise Linux 8 (64-bit)
  • Red Hat Enterprise Linux 7 (64-bit)
  • Windows Server 2019 (64-bit)
  • Windows Server 2016 (64-bit)
  • Windows Server 2012 or 2012 R2 (64-bit)
  • Windows Server 2022 (64-bit)

Windows operating systems running in a Server Core configuration are not currently supported.

If you are upgrading your Deep Security Manager and are currently using Windows Server 2008, you should add a new Deep Security Manager node on a supported operating system (see Install Deep Security Manager on multiple nodes). When done, decommission the node running on Windows Server 2008.

Database
  • PostgreSQL 16.n (Core, Amazon RDS, or Amazon Aurora distributions only)
  • PostgreSQL 15.n (Core, Amazon RDS, or Amazon Aurora distributions only)
  • PostgreSQL 14.n (Core, Amazon RDS, or Amazon Aurora distributions only)
  • PostgreSQL 13.n (Core or Amazon RDS distributions only)
  • PostgreSQL 12.n (Core or Amazon RDS distributions only)
  • Microsoft SQL Server 2022 and its service packs
  • Microsoft SQL Server 2019 and its service packs
  • Microsoft SQL Server 2017 and its service packs
  • Microsoft SQL Server 2016 and its service packs
  • Microsoft SQL Relational Database Service (RDS)
  • Azure SQL Database (except multi-tenancy)
  • Oracle 19c when deployed as software or when used with Amazon RDS
  • Oracle 23c when deployed as software

Note the following:

Web browser

Cookies must be enabled.

It is recommended to use the latest version of the following browsers:

  • Firefox
  • Microsoft Edge
  • Google Chrome
  • Apple Safari on a Mac

Deep Security Agent requirements

Windows Agent

System component Requirements
CPU
  • Physical server: Intel Pentium Dual-Core or equivalent minimum, 4-Core or greater recommended
  • Virtual machine: 4 vCPU or greater recommended
RAM 2 GB minimum, 4 GB recommended
Disk 1 GB

Linux Agent

System component Requirements
CPU
  • Physical server: Intel Pentium Dual-Core or equivalent minimum, 4-Core or greater recommended
  • Virtual machine: 4 vCPU or greater recommended
RAM 2 GB minimum, 5 GB recommended
Disk 1 GB

Solaris Agent

System component Requirements
CPU Oracle SPARC processors
RAM 4 GB minimum, 4 GB recommended
Disk 2 GB

AIX Agent

System component Requirements
CPU IBM Power processors
RAM 4 GB minimum, 4 GB recommended
Disk 2 GB

Installing the agent is only supported if the AIX Operating System is configured with the en_US locale.

Red Hat OpenShift Agent

System component Requirements
CPU
  • Physical server: Intel Pentium Dual-Core or equivalent minimum, 4-Core or greater recommended
  • Virtual machine: 4 vCPU or greater recommended
RAM 2 GB remaining memory in the node
Disk 1.5 GB

For information on supported operating systems, see Agent platform compatibility.

For information on supported features, see Supported Deep Security features vary by platform.

The agent installer permits installation on any supported platform. RAM and disk space requirements are not checked.

Deep Security Relay requirements

Requirements are the same as those of the Deep Security Agent, with the following constraints:

  • Relays are only supported on 64-bit operating systems.
  • Relays are not supported on Solaris, AIX, or Red Hat OpenShift.
  • Disk space requirements are greater for the Relay.
Platform Minimum RAM Recommended RAM Minimum disk space for relay
Windows 2 GB 4 GB 30 GB
Linux 2 GB 4 GB 30 GB

If protected computers use VMware vMotion, add 10 GB of disk space to the Deep Security Relay to which the agent is connected.

Generally, relays require more disk space if you install Deep Security Agent on many different platforms, as relays store update packages for each platform. For details, see Get Deep Security Agent software.

In smaller deployments, relays can be co-located with a Deep Security Manager. However, if your deployment has a large number of agents (more than 10,000), then relays should be installed on separate, dedicated servers, as overloaded relays slow down update redistribution. See also Plan the best number and location of relays.

Deep Security Virtual Appliance requirements

Since the appliance uses the same protection modules as agents, if you import an update to the 64-bit agent for Red Hat Linux, you may receive a notification about new software available for the appliance, similarly to notifications for Red Hat agents.

VMware does not support running nested ESXi servers in production environments. For more information, see the VMware Knowledge Base article.
System component Requirements
CPU

64-bit, Intel-VT or AMD-V present and enabled in UEFI.

The number of CPUs varies by the number of VMs being protected. See Deep Security Virtual Appliance sizing.

Minimum memory (RAM)

Varies by the number of VMs being protected. See Deep Security Virtual Appliance sizing.

Minimum disk space Varies by the number of VMs being protected. See Deep Security Virtual Appliance sizing.
VMware
vSwitches

The chosen vSwitch of the appliance must be able to communicate with the manager at the management network level. It can be any one of the following types:

  • vSphere Standard Switch (vSS)
  • vSphere Distributed Switch (vDS)
  • NSX-T Virtual Distributed Switch (N-VDS)

Note that an NSX-T 3.n network vSwitch configuration has specific requirements.

Guest VMs

The VMs (guests) to be protected by the virtual appliance have the following requirements:

  • Supported operating systems: see Deep Security Virtual Appliance 20 (NSX) supported guest operating systems.
  • Compatible vSphere versions: see VMware Compatibility Guide.
  • Required drivers: if you plan to enable Anti-Malware protection through the virtual appliance, you must install the Guest Introspection Thin Agent with the File Introspection driver (vsepflt) on each guest. For installation instructions, see your VMware NSX-V documentation or NSX-T documentation and search for Install the Guest Introspection Thin Agent.
  • To use Network Introspection (E-W) with NSX-T, the VMs (guests) must be linked to one of the following switches:

    • NSX-T Virtual Distributed Switch (N-VDS)
    • vSphere Distributed Switch (vDS) - new in vSphere 7.0:
      • vDS 7.0 requires NSX-T 3.0, vCenter 7.0 and ESXi 7.0 or later
Deep Security Manager Deep Security Manager 20.