Does not apply to Deep Security as a Service
Sizing guidelines for on-premise Deep Security deployments vary by the scale of your network, hardware, and software. See also Sizing for Azure Marketplace.
Database disk space
Required database disk space varies by:
- Number of computers
- Number of events (logs) recorded per second
- How long events are retained
With default settings, an average computer's logs require approximately 50 MB of Deep Security Manager database disk space. 1000 computers require 50 GB, 2000 computers require 100 GB, and so on.
With default settings, protection modules that consume the most disk space are (from most to least):
- Integrity monitoring
- Log inspection
Event retention settings can be configured in the policy and/or individual computer settings. (See Policies, inheritance, and overrides.) To configure disk space usage, see Events, including which events are logged for stateful firewall of TCP, UDP, and ICMP. See also Deep Security Manager performance features.
Including future growth, if your deployment is not expected to exceed 1000 computers (real or virtual), you can install Deep Security Manager and its database on the same computer. Otherwise, to ensure adequate performance during concurrent operations, you should install them on separate, dedicated servers in the same physical location.
Multiple server nodes
For better availability and scalability in larger deployments, use a load balancer, and install the same version of Deep Security Manager on multiple servers ("nodes"). Connect them to the same database storage.
Each manager node is capable of all tasks. No node is more important than any of the others. You can log in to any node, and agents, appliances, and relays can connect with any node. If one node fails, other nodes can still provide service, and no data will be lost.