Does not apply to Deep Security as a Service
The amount of database space required by the Deep Security Manager per computer is a function of the number of logs (events) recorded and how long they are retained. To control settings such as the maximum size of the event log files and the number of log files to retain at any given time, go to the Computers or Policies page, double-click the computer or policy that you want to edit, and then click Settings >Advanced. Similarly, the TCP, UDP, and ICMP tabs on a firewall stateful configuration's Properties window lets you configure how firewall stateful configuration event logging is performed.
These event collection settings can be fine-tuned at the policy and individual computer level (see Policies, inheritance, and overrides).
When logging is left at default levels, an average computer will require approximately 50 MB of Deep Security Manager database disk space. One thousand computers will require 50 GB, 2000 computers will require 100 GB and so on.
Accounting for future growth, if your deployment is not expected to exceed 1000 computers (real or virtual), Deep Security Manager and its database can be installed on the same computer. Otherwise, they should be installed on separate, dedicated servers. It is also important that the database and the Deep Security Manager be co-located to ensure unhindered communication between the two. The same applies to additional Deep Security Manager nodes: dedicated, co-located servers.
Deep Security Virtual Appliance memory heap size
You can protect an unlimited number of virtual machines (VMs) with a Deep Security Virtual Appliance on one VMware ESXi server. To do this, you must set the maximum size of heap memory in the filter driver to the size required by that number of VMs.
The default size of the memory heap for the filter driver is 256 MB. To increase the size, log in to the console and enter the "esxcfg-module" command with the maximum heap size in bytes.
For example, to configure a memory heap for up to 32 VMs, you would calculate the size of the memory heap like this:
<number of VMs> x 3MB + <number of VMs> x 512 Bytes x <UDP connections + TCP connections> + 10MB for vMotion state configuration
So for 50 VMs, and 5000 UDP and 5000 TCP connections:
50x512x10000=256000000 Bytes (or 256 MB)
416x1048576=436207616 Bytes (estimated heap memory needed)
And the command to set the value is:
% esxcfg-module -s DSAFILTER_HEAP_MAX_SIZE=436207616 dvfilter-dsa
To verify the setting, execute:
% esxcfg-module -g dvfilter-dsa
The setting will not take effect until the driver is reloaded. Reloading will either require a reboot (best option) of the ESXi server or unload/load the driver by executing the commands:
% esxcfg-module -u dvfilter-dsa
% esxcfg-module dvfilter-dsa