Performance Requirements

The following guidelines provide a general idea of the infrastructure requirements for Vulnerability ProtectionDeep Security deployments of different scales.

Disk Space

The amount of space required per computer is a function of the number of logs (events) recorded and how long they are retained. To control settings such as the maximum size of the event log files and the number of log files to retain at any given time, go to the Computers or Policies page, double-click the computer or policy that you want to edit, and then click Settings > Network Engine. Similarly, the TCP, UDP, and ICMP tabs on a Firewall Stateful Configuration's Properties window lets you configure how Firewall Stateful Configuration Event logging is performed.

These Event collection settings can be fine-tuned at the Policy and individual computer level. (See Policies, Inheritance and Overrides.)

When logging is left at default levels, an average computer will require approximately 50 MB of database disk space. One thousand computers will require 50 GB, 2000 computers will require 100 GB, etc.

At their default settings, the following modules generally consume the most disk space, in descending order: Firewall, Integrity Monitoring, Log Inspection.

Dedicated Servers

The Vulnerability ProtectionDeep Security Manager and the database can be installed on the same computer if your final deployment is not expected to exceed 1000 computers (real or virtual). If you think you may exceed 1000 computers, the Vulnerability ProtectionDeep Security Manager and the database should be installed on dedicated servers. It is also important that the database and the Vulnerability ProtectionDeep Security Manager be co-located to ensure unhindered communication between the two. The same applies to additional Vulnerability ProtectionDeep Security Manager Nodes: dedicated, co-located servers.

It is a good idea to run multiple Manager Nodes for redundancy reasons, whether you have 1000 managed computers or not.

Deep Security Virtual Appliance

This section applies only if you are running pre-9.6 versions of the Deep Security Virtual Appliance and Filter Driver.

You can protect an unlimited number of virtual machines with a Virtual Appliance on a single ESXi server. You will need to set the maximum size of heap memory in the Filter Driver to the size appropriate for the number of virtual machines.

The default heap memory size is 256MB.

To permanently increase the maximum size of heap memory in the Filter Driver, log in to the console and issue the "esxcfg-module" command and provide a maximum heap size in bytes.

For example, to configure up to 32 virtual machines, do the following:

The formula is:

<number of VMs> x 3MB + <number of VMs> x 512 Bytes x <UDP connections + TCP connections> + 10MB for vMotion state configuration

So for 50 VMs, and 5000 UDP and 5000 TCP connections:

50x3=150MB
50x512x10000=256000000 Bytes (or 256MB)
150M+256MB=10MB=416MB
416x1048576=436207616 Bytes (estimated heap memory needed)

And the command to set the value is:

% esxcfg-module -s DSAFILTER_HEAP_MAX_SIZE=436207616 dvfilter-dsa

To verify the setting, execute:

% esxcfg-module -g dvfilter-dsa

The setting will not take effect until the driver is reloaded. Reloading will either require a reboot (best option) of the ESXi server or unload/load the driver by executing the commands:

% esxcfg-module -u dvfilter-dsa
% esxcfg-module dvfilter-dsa


The above unload/load will require all the protected VMs on the ESXi server and the DVSA to shut down.