Configure the database

After installing the database, you are ready to configure it for Deep Security Manager.

First, configure a database instance, a database user, and several other vendor-specific settings. See one of the following sections:

Basic configuration

  1. Connect to the PostgreSQL database server using a client program, such as psql or pgAdmin.
  2. Create an empty database instance and a database user with the appropriate permissions by executing the following commands:

    CREATE DATABASE "<database-name>";

    CREATE ROLE "<dsm-username>" WITH PASSWORD '<password>' LOGIN;

    GRANT ALL ON DATABASE "<database-name>" TO "<dsm-username>";

    GRANT CONNECT ON DATABASE "<database-name>" TO "<dsm-username>";

    ALTER DATABASE "<database-name>" OWNER TO "<dsm-username>";

This user will be used by Deep Security Manager to connect to the database instance.

Optional PostgreSQL tuning

See Maintain PostgreSQL.

Basic configuration

  1. Connect to Microsoft SQL Server by opening Microsoft SQL Server Management Studio (SSMS).
  2. Create an empty database instance. This database instance will be used by Deep Security Manager.
  3. Create a database account with db_owner rights. This account will be used by Deep Security Manager to connect to the database.
  4. Enable the TCP/IP protocol for the database instance (see https://docs.microsoft.com/en-us/previous-versions/bb909712(v=vs.120)?redirectedfrom=MSDN).
  5. Configure connection timeouts. Go SQL management studio > SQL Server properties > Connections > Remote query timeout and select 0 (No Timeout). This setting prevents database connection timeouts that can occur when you upgrade if each database schema migration operation takes a long time to complete.

Basic configuration

  1. Connect to Oracle Database using a client program such as SQL*Plus or SQL Developer.
  2. Start the "Oracle Listener" service. Verify that it accepts TCP connections.
  3. Create an empty database instance. This database instance will be used by Deep Security Manager.
  4. Create a database account that will be used by Deep Security Manager to connect to the database. When creating the account, follow these guidelines:
    • Assign the CONNECT and RESOURCE roles and UNLIMITED TABLESPACE, CREATE SEQUENCE, CREATE TABLE and CREATE TRIGGER permissions.
    • Don't use special characters in Deep Security Manager's database user name. Although Oracle allows special characters when configuring the database user object if they are surrounded by quotes, Deep Security does not support special characters for the database user.

Oracle RAC configuration

If you're using Oracle RAC, disable the Firewall module or customize the Firewall settings according to the instructions in Firewall settings with Oracle RAC.

Next, perform the following configurations:

  1. Synchronize both time and time zone. Use the same time source on both the database and Deep Security Manager servers.
  2. Allow network connections between Deep Security Manager and the database server. See Port numbers, URLs, and IP addresses.
  3. Optionally, configure encryption. See Encrypt communication between the Deep Security Manager and the database.