About Security Recommendations
External Database Connection Security
The IM and Presence Service provides a secure TLS/SSL connection to the external database but only when
Oracle or Microsoft SQL Server is chosen as the database type. We recommend that you consider this security
limitation when you plan your IM and Presence Service deployment, and consider the security recommendations
we provide in this topic.
Maximum Limit Connection Setup
For additional security, you can limit the maximum number of permitted connections to the external database.
Use the guideline we provide here to calculate the number of database connections that are appropriate for
your deployment. This section is optional configuration. The guideline infers that:
• You are running the managed file transfer, message archiver (compliance), and persistent group chat
features on the IM and Presence Service.
• You configure the default number of connections to the database for the persistent group chat feature on
the Cisco Unified CM IM and Presence Administration interface.
Guideline
PostgreSQL — max_connections = (N ×15) + Additional Connections
Oracle — QUEUESIZE = (N ×15) + Additional Connections
Microsoft SQL Server — the maximum number of concurrent connections = (N x15) + Additional Connections
• N is the number of nodes in your IM and Presence Service cluster.
• 15 is the default number of connections to the database on the IM and Presence Service, that is, five
connections each for the managed file transfer, message archiver, and persistent group chat features.
• Additional Connections represents any independent administration or database administrator (DBA)
connections to the database server.
PostgreSQL
To limit the number of PostgreSQL database connections, configure the max_connections value in the
postgresql.conf file located in the install_dir/data directory. We recommend that you set the
value of the max_connections parameter equal to, or slightly larger than, the above guideline.
For example, if you have an IM and Presence Service cluster containing six nodes, and you require an additional
three DBA connections, using the guideline above, you set the max_connections value to 93.
Oracle
To limit the number of Oracle database connections, configure the QUEUESIZE parameter in the listener.ora
file located in the install_dir/data directory. We recommend that you set the value of the QUEUESIZE
parameter equal to the above guideline.
Database Setup Guide for the IM and Presence Service, Release 12.5(1)SU2
5
External Database Requirements
About Security Recommendations