Database requirements

Deep Security Manager uses a database server. Before you install Deep Security Manager, you must install a database server that meets the following requirements:

You should use use the Deep Security Quick Start on AWS to deploy Deep Security Manager and its database on AWS automatically. If you use this method, you can disregard the database installation and configuration steps because the Quick Start takes care of these tasks for you. For information on the Quick Start, see Deploy the Deep Security AMI Quick Start.

After reviewing the requirements, you are ready to install the database server.

Software requirements

Deep Security supports the following databases:

  • PostgreSQL 16.n (Core, Amazon RDS, or Amazon Aurora distributions only)
  • PostgreSQL 15.n (Core, Amazon RDS, or Amazon Aurora distributions only)
  • PostgreSQL 14.n (Core, Amazon RDS, or Amazon Aurora distributions only)
  • PostgreSQL 13.n (Core or Amazon RDS distributions only)
  • PostgreSQL 12.n (Core or Amazon RDS distributions only)
  • Microsoft SQL Server 2022 and its service packs
  • Microsoft SQL Server 2019 and its service packs
  • Microsoft SQL Server 2017 and its service packs
  • Microsoft SQL Server 2016 and its service packs
  • Microsoft SQL Relational Database Service (RDS)
  • Azure SQL Database (except multi-tenancy)
  • Oracle 19c when deployed as software or when used with Amazon RDS
  • Oracle 23c when deployed as software

Note the following:

Microsoft SQL Server Express considerations

Some deployments might be able to use Microsoft SQL Server Express for the Deep Security Manager database. If you think your deployment cannot operate within the following limitations, use another database or migrate to the Enterprise edition.

  • Express edition size limitations: Microsoft SQL Server Express has a 10 GB maximum database size and other important limits. High load scenarios are not supported by Express. Symptoms can include database connection errors.
  • Express edition LocalDB preset: Express has a LocalDB preset. Additional configuration may be required to accept remote connections.
  • Limited number of protected computers: Do not use Microsoft SQL Server Express if your deployment has more than 50 protected computers. More events generated from the computer result in a larger database which Microsoft SQL Server Express cannot handle.
  • Lack of multi-node support: Multi-node Deep Security Manager, required for larger deployments, is not supported by Express.
  • Security module limitations: Only Deep Security Anti-Malware and Intrusion Prevention modules are supported with a Microsoft SQL Server Express database due to its limitations. If you require any other protection modules, use another supported database.
Exceeding these limits can result in a service outage. You would need to upgrade to a paid version of Microsoft SQL Server.

Hardware requirements

We recommend that you use an AWS RDS or Aurora instance, but you can also use a stand-alone database server. If you choose to use a stand-alone database server:

  • The database CPU, memory, and disk space should conform to the recommendations in Database sizing.
  • The database should be installed on a dedicated server that is separate from the manager nodes.

Network requirements

  • The database should be located on the same network as Deep Security Manager. The network should have a 1 GB LAN connection to ensure unhindered communication between the two (WAN connections are not recommended). The same applies to additional Deep Security Manager nodes. 2 milliseconds latency or less is recommended for the connection from the manager to the database.
  • Databases hosted in the cloud should not use multiple availability zones ("multi-AZ"), which can increase network latency.

Scaling requirements

  • You should use database load balancing, mirroring, and high availability (HA) mechanisms for scalability and service uptime. Consult your database vendor's documentation for setup details.
  • If you decide to replicate the database, you should use database mirroring over database replication. Database replication technologies sometimes add columns to the database tables during replication. This changes the Deep Security database schema and can result in critical failures. Deep Security works with any failover protection technology that does not change its schema.