When should DSM and DB be deployed on separate computers?

Deploying the Deep Security Manager (DSM) and the database (DB) on separate computers is particularly advantageous when the number of supported computers exceeds 1000. In larger environments, this separation of components helps improve performance and scalability.

As the scale of management increases, having the DSM on a separate machine allows for better resource allocation and load distribution. The DSM can focus on managing security policies, deployments, and compliance across a vast number of endpoints without being hindered by database queries or data storage operations. Similarly, having the DB on its dedicated server can ensure that database operations have the necessary resources to handle large volumes of data without impacting the DSM's performance.

Running both the DSM and DB on the same server could lead to performance degradation in large environments due to competing resource requirements, increasing the risk of latency and potential downtime. Therefore, for organizations managing over 1000 endpoints, deploying these components separately is essential for maintaining an efficient and effective security management framework.