Database requirements

Before you install Deep Security Manager, you must install a database server for Deep Security Manager to use. This database server must meet the following requirements.

After reviewing the requirements, you are ready to install the database server.

Software requirements

Deep Security supports these databases:

  • PostgreSQL 11.x (only Core, Amazon RDS, or Amazon Aurora distributions)[1]
  • PostgreSQL 10.x (only Core, Amazon RDS, or Amazon Aurora distributions)
  • PostgreSQL 9.6.x (only Core, Amazon RDS, or Amazon Aurora distributions)
  • Microsoft SQL Server 2019
  • Microsoft SQL Server 2017
  • Microsoft SQL Server 2016
  • Microsoft SQL Server 2014
  • Microsoft SQL Server 2012
  • Microsoft SQL RDS
  • Azure SQL Database (SaaS) (multi-tenancy is not supported)
  • Oracle 11g, 12c, all supported when deployed as software or when used with Amazon RDS
  • Oracle 18, 19c, all supported when deployed as software or when used with Amazon RDS[1]

Deep Security supports these Oracle RAC versions:

  • Oracle RAC12c Release 1 (v12.1.0.2.0) on SUSE Linux Enterprise Server 11 SP3
  • Oracle RAC 12c Release 1 (v12.1.0.2.0) on Red Hat Linux Enterprise Server 6.6
  • Oracle RAC 12c Release 1 (v12.1.0.2) on Red Hat Linux Enterprise Server 7.0
  • PostgreSQL minor versions for the above releases are also supported.
  • Microsoft SQL Server Express is only supported in very limited deployments. See Microsoft SQL Server Express considerations.
  • Microsoft SQL Server service packs for these versions are also supported.
  • Microsoft SQL Server is only supported when database containment is set to NONE. For details, see this Microsoft webpage on contained databases.
  • Oracle Database Express (XE) is not supported.
  • Oracle container database (CDB) configuration is not supported with Deep Security Manager multi-tenancy.
  • [1] This database is supported in Deep Security Manager FR 2019-10-23and more recent releases.

Microsoft SQL Server Express considerations

Some deployments might be able to use Microsoft SQL Server Express for the Deep Security Manager database. Important limitations are below. If you think your deployment cannot operate within these limitations, use another database, or migrate to the Enterprise edition.

If you exceed the limits, you will experience a service outage and you will need to upgrade to a paid version of Microsoft SQL Server.
  • Express edition size limitations: Microsoft SQL Server Express has a 10 GB maximum database size and other important limits. High load scenarios are not supported by Express. Symptoms can include database connection errors.
  • Express edition 'LocalDB' preset: Express has a "LocalDB" preset. More configuration may be required to accept remote connections.
  • Limited number of protected computers: Do not use Microsoft SQL Server Express if your deployment has more than 50 protected computers. More computers' events will cause a larger database which Microsoft SQL Server Express cannot handle.
  • Lack of multi-node support: Multi-node Deep Security Manager, required for larger deployments, is not supported by Express.
  • Security module limitations: Only Deep Security Anti-Malware and Intrusion Prevention modules are supported with a Microsoft SQL Server Express database due to its limitations. If you require any other protection modules, use another supported database.

Hardware requirements

  • The database CPU, memory, and disk space should conform to the recommendations in Database sizing.
  • The database should be installed on a dedicated server that is separate from the manager nodes.

Network requirements

  • The database should be located on the same network as Deep Security Manager. The network should have a 1 GB LAN connection to ensure unhindered communication between the two. (WAN connections are not recommended.) The same applies to additional Deep Security Manager nodes. 2 ms latency or less is recommended for the connection from the manager to the database.
  • Databases hosted in the cloud should not use multiple availability zones ("multi-AZ"), which can increase network latency.

VMware requirements

In a VMware environment, Deep Security Manager and its database should always run in the same ESXi host. To configure this:

  1. In the vCenter Web Client, go to Host and Clusters and select the cluster.
  2. Go to the Manage tab and click VM/Host Rules > Add.
  3. Type a name for the rule.
  4. Select Enable rule.
  5. From Type select Keep Virtual Machines Together.
  6. Click Add and select the manager and database VMs.

Scaling requirements

  • You should use database load balancing, mirroring, and high availability (HA) mechanisms for scalability and service uptime. Consult your database vendor's documentation for setup details.
  • If you decide to replicate the database, you should use database mirroring over database replication. Database replication technologies sometimes add columns to the database tables during replication. This changes the Deep Security database schema and can result in critical failures. Deep Security works with any failover protection technology that does not change its schema.