Creating a new Deep Security Manager tenant connected to SQL Server Always On Availability Group

Follow the standard instructions to create new tenant in Deep Security Manager web console. After the new tenant has been created, proceed with subsequent instructions below.

Open SQL Server Management Studio (SSMS) and connect to the SQL Availability Group listener using database administrator credential. Notice that there is a new database created but it is not marked as synchronized. In this example, the new database is dsm_1.

The newly added database is tagged as not synchronized in the SSMS.

Change recovery model of the tenant database from default Simple to Full.

Right click the tenant database and select Properties. Then, click Options and find the Recovery Model field. Change to Full.

Always On Availability Group only supports the Full recovery model.

The recovery model field of the new tenant database is changed from Simple to Full

Perform full back up on database.

Right click the tenant database and select Tasks → Back Up.

Perform a full back up for the database under the Tasks option

The Back-Up Database dialog box displays the database name and back-up destination

Add database to Availability Groups.

Right click your Availability Groups and select Add Database.

Choose the tenant database and click Next.

Right-click to Add Database and initiate the process

Connect to all existing replica to sync data.

Add Database to Availability Group dialog box displays Connect to Replicas information

Select your preferred synchronization method. After the validation is successful, click Finish.

Alternatively, you may use SQL command below to add database to Availability Group:

ALTER AVAILABILITY GROUP [YourAvailabilityGroupName] ADD DATABASE [TenantDatabaseName];

Verify that tenant database is now tagged as synchronized.

The newly added database is now tagged as synchronized in the SSMS.

Deleting existing Deep Security Manager tenant connected to SQL Server Always On Availability Group

Begin by following the standard procedure to delete an existing tenant using the Deep Security Manager web console. Once the tenant status is marked as pending deletion, proceed with the steps outlined below.

Identify the corresponding tenant database name that will be used in subsequent instructions.

You can find the database name in Administration page → Tenants → Database Name column.

The Deep Security Administration page displays the Database Name of the database to be deleted

It is critical to verify the accuracy of the database name to prevent accidental deletion of the wrong tenant data.

Open SQL Server Management Studio (SSMS) and connect to the SQL Availability Group listener using database administrator credential.

Expand the Always On High Availability tree. Right click the tenant database that you want to delete then choose Remove Database from Availability Group. In this example, the database to delete is dsm_2.

The Remove Database from Availability Group option can be found by right-clicking the database name

Deep Security Manager will periodically check for tenant database that has status of pending-for-deletion. After soft deletion time exceeds 7 days, DSM will automatically delete the database in primary replica.

After the tenant database is deleted from the primary replica, it may still exist in the secondary replica.

The deleted database in the primary replica has to be deleted manually in the secondary replica

Connect to secondary replica and manually delete the replica database.

Notes and Best Practices

Always perform backups before adding/removing databases from the Availability Group.
Ensure all replicas are healthy before making changes.

How to Add or Delete Tenant for Deep Security Manager (DSM) that is connected to SQL Server Always On Availability Group database

Product / Version includes:

Deep Security 20.0

Last updated: 2025/12/05

Solution ID: KA-0021838

Category: Configure

Summary

When operating Deep Security Manager (DSM) in multi-tenant mode, creating a new tenant results in the creation of an independent database for that tenant. However, if DSM is connected to a SQL Server Always On Availability Group, any new tenant database will not be automatically added to the existing Availability Group.

Similarly, when a tenant is deleted, the corresponding database is not automatically removed from the Availability Group. In both cases, manual operations by a database administrator are required to prepare, add, or remove the tenant database from the Availability Group.

This article explains how to properly add a new tenant and remove an existing tenant for Deep Security Manager.

Creating a new Deep Security Manager tenant connected to SQL Server Always On Availability Group

Follow the standard instructions to create new tenant in Deep Security Manager web console. After the new tenant has been created, proceed with subsequent instructions below.
Open SQL Server Management Studio (SSMS) and connect to the SQL Availability Group listener using database administrator credential. Notice that there is a new database created but it is not marked as synchronized. In this example, the new database is dsm_1.
Change recovery model of the tenant database from default Simple to Full.
Right click the tenant database and select Properties. Then, click Options and find the Recovery Model field. Change to Full.

Always On Availability Group only supports the Full recovery model.
Perform full back up on database.
Right click the tenant database and select Tasks → Back Up.
Add database to Availability Groups.
Right click your Availability Groups and select Add Database.

Choose the tenant database and click Next.

Connect to all existing replica to sync data.

Select your preferred synchronization method. After the validation is successful, click Finish.

Alternatively, you may use SQL command below to add database to Availability Group:
```
ALTER AVAILABILITY GROUP [YourAvailabilityGroupName] ADD DATABASE [TenantDatabaseName];
```
Verify that tenant database is now tagged as synchronized.

Deleting existing Deep Security Manager tenant connected to SQL Server Always On Availability Group

Begin by following the standard procedure to delete an existing tenant using the Deep Security Manager web console. Once the tenant status is marked as pending deletion, proceed with the steps outlined below.
Identify the corresponding tenant database name that will be used in subsequent instructions.

You can find the database name in Administration page → Tenants → Database Name column.

It is critical to verify the accuracy of the database name to prevent accidental deletion of the wrong tenant data.

Open SQL Server Management Studio (SSMS) and connect to the SQL Availability Group listener using database administrator credential.
Expand the Always On High Availability tree. Right click the tenant database that you want to delete then choose Remove Database from Availability Group. In this example, the database to delete is dsm_2.
Deep Security Manager will periodically check for tenant database that has status of pending-for-deletion. After soft deletion time exceeds 7 days, DSM will automatically delete the database in primary replica.
After the tenant database is deleted from the primary replica, it may still exist in the secondary replica.

Connect to secondary replica and manually delete the replica database.

Notes and Best Practices

Always perform backups before adding/removing databases from the Availability Group.
Ensure all replicas are healthy before making changes.

Was this article helpful?

Featured

Automation Center

Education Portal

Online Help Center

Service Status

TrendConnect

How to Add or Delete Tenant for Deep Security Manager (DSM) that is connected to SQL Server Always On Availability Group database

Creating a new Deep Security Manager tenant connected to SQL Server Always On Availability Group

Deleting existing Deep Security Manager tenant connected to SQL Server Always On Availability Group

How to Add or Delete Tenant for Deep Security Manager (DSM) that is connected to SQL Server Always On Availability Group database

Product / Version includes:

Summary

Creating a new Deep Security Manager tenant connected to SQL Server Always On Availability Group

Deleting existing Deep Security Manager tenant connected to SQL Server Always On Availability Group