Configure the database

Basic configuration

1. Connect to the PostgreSQL database server using a client program such as psql or pgAdmin.
2. Create an empty database instance and a database user with the appropriate permissions:

   CREATE DATABASE "<database-name>";

   CREATE ROLE "<dsm-username>" WITH PASSWORD '<password>' LOGIN;

   GRANT ALL ON DATABASE "<database-name>" TO "<dsm-username>";

   GRANT CONNECT ON DATABASE "<database-name>" TO "<dsm-username>";

This user will be used by Deep Security Manager to connect to the database instance.

Multi-tenancy configuration

If Deep Security Manager will have multiple tenants:

• Keep the main database name short. It will be easier to read your tenants' database names. (For example, if the main database is "dsm", the first tenant's database name will be "dsm_1", the second tenant's database name will be "dsm_2", and so on.)
• Also grant the right to create new databases and roles for tenants:

  ALTER ROLE <dsm-username> CREATEDB CREATEROLE;

Optional PostgreSQL tuning

See Maintain PostgreSQL.

Basic configuration

1. Connect to Microsoft SQL Server by opening Microsoft SQL Server Management Studio (SSMS).
2. Create an empty database instance. This database instance will be used by Deep Security Manager.
3. Create a database account with db_owner rights. This account will be used by Deep Security Manager to connect to the database.
4. Enable the TCP/IP protocol for the database instance (see https://docs.microsoft.com/en-us/previous-versions/bb909712(v=vs.120)?redirectedfrom=MSDN).
5. Configure connection timeouts. Go SQL management studio > SQL Server properties > Connections > Remote query timeout and select 0 (No Timeout). This setting prevents database connection timeouts that can occur when you upgrade if each database schema migration operation takes a long time to complete.

Multi-tenancy configuration

If Deep Security Manager will have multiple tenants:

• Keep the main database name short. It will be easier to read your tenants' database names. (For example, if the main database is "dsm", the first tenant's database name will be "dsm_1", the second tenant's database name will be "dsm_2", and so on.)
• Also grant dbcreator rights to the database account used by the Deep Security Manager.

Basic configuration

1. Connect to Oracle Database using a client program such as SQL*Plus or SQL Developer.
2. Start the "Oracle Listener" service. Verify that it accepts TCP connections.
3. Create an empty database instance. This database instance will be used by Deep Security Manager.
4. Create a database account that will be used by Deep Security Manager to connect to the database. When creating the account, follow these guidelines:
   • Assign the CONNECT and RESOURCE roles and UNLIMITED TABLESPACE, CREATE SEQUENCE, CREATE TABLE and CREATE TRIGGER permissions.
   • Don't use special characters in Deep Security Manager's database user name. Although Oracle allows special characters when configuring the database user object if they are surrounded by quotes, Deep Security does not support special characters for the database user.

Oracle RAC configuration

If you're using Oracle RAC, disable the Firewall module or customize the Firewall settings according to the instructions in Firewall settings with Oracle RAC.

Multi-tenancy configuration

If Deep Security Manager will have multiple tenants:

• Keep the main database name short. It will be easier to read your tenants' database names. (For example, if the main database is "MAINDB", the first tenant's database name will be "MAINDB_1", the second tenant's database name will be "MAINDB_2", and so on.)
• Also grant CREATE USER, DROP USER, ALTER USER, GRANT ANY PRIVILEGE and GRANT ANY ROLE to the Deep Security Manager's database user.
• Don't use the Oracle container database (CDB) configuration. It is not supported with Deep Security Manager multi-tenancy.