System Requirements
To install and run Tenable Core + OT Security or Tenable OT Security Sensor, your application and system must meet the following requirements.
Note: Tenable Support does not assist with issues related to your host operating system, even if you encounter them during installation or deployment.
| Environment | Tenable Core File Format | More Information | |
|---|---|---|---|
| Virtual Machine | VMware | .ova file | |
|
Hardware Tenable-provided hardware |
.iso image |
Install Tenable Core on Hardware Note: Tenable Core + OT Security requires Tenable-provided hardware. For more information, contact your Tenable representative. |
|
Note: While you could use the packages to run Tenable Core in other environments, Tenable does not provide documentation for those procedures.
Note: Tenable does not recommend deploying multiple applications on a single instance of Tenable Core. If you want to deploy several applications on Tenable Core, deploy a unique instance for each application.
Tenable Core + OT Security ships with the latest version of OT Security included.
You can Install OT Security on a hypervisor1 or directly on user-supplied hardware running Tenable Core.
Note: Tenable strongly discourages running Tenable Core + OT Security in an environment shared with other Tenable applications. For example, installing two products on the same virtual machine, or in the same Tenable Core system.
Tenable recommends installing OT Security on direct-attached storage (DAS) devices, preferably solid-state drives (SSD), for best performance. Tenable strongly encourages the use of solid-state storage (SSS) that have a high drive-writes-per-day (DWPD) rating to ensure longevity.
Tenable does not support installing OT Security on network-attached storage (NAS) devices. Storage area networks (SAN) with a storage latency of 10 milliseconds or less, or Tenable hardware appliances, are a good alternative in such cases.
Enterprise networks can vary in performance, capacity, protocols, and overall activity. Resource requirements to consider for deployments include raw network speed, the size of the network to monitor, and the configuration of the application. Processors, memory, and network card selection rely heavily on these deployment configurations. Disk space requirements vary depending on usage based on the amount of data, and length of time you store data on the system.
OT Security needs to perform full packet captures of monitored traffic, and the size of the policy event data stored by OT Security depends on the number of devices and the type of environment.
You can calculate storage requirements per day (GB/day) by multiplying the traffic rate (Mbps) * 2.7 - based on a compression factor of 0.25.
In an example with two sensors receiving 23 Mbps SPAN traffic each, the storage requirements per day (GB/day) is calculated as (23*2)*2.7=124 GB of space per day for traffic storage.
ICP System Requirement Guidelines (Virtual or Tenable Core)
| Maximum SPAN/TAP Throughput (Mbps) | CPU Cores2 | Memory (DDR4) | Storage Requirements | Network Interfaces |
|---|---|---|---|---|
| 50 Mbps or less | 4 | 16 GB RAM | 128 GB | Minimum 4 x 1 Gbps |
| 50-150 Mbps | 16 | 32 GB RAM | 512 GB | Minimum 4 x 1 Gbps |
| 150-300 Mbps | 32 | 64 GB RAM | 1 TB | Minimum 4 x 1 Gbps |
| 300 Mbps to 1 GB | 32-64 | 128 GB RAM or more | 2 TB or more | Minimum 4 x 1 Gbps |
OT Security uses the following mounted partitions:
| Partition | Content |
|---|---|
| / | operating system |
| /opt | application and database files |
| /var/pcap | packet captures (full packet capture, event, query) |
The standard process places these partitions on the same disk. Tenable recommends moving these to partitions on separate disks to increase throughput. OT Security is a disk-intensive application and using disks with high read/write speeds, such as SSDs, results in the best performance. Tenable recommends using an SSD with high DWPD ratings on customer-supplied hardware installations when using the packet capture feature in OT Security.
Tip: Deploying OT Security on a hardware platform configured with a redundant array of independent disks (RAID 0) can dramatically boost performance.
Tip: Tenable does not require RAID disks for even our largest customers. However, in one instance, response times for queries with a faster RAID disk for a customer with more than one million managed vulnerabilities decreased from a few seconds to less than a second.
Network Interface Requirements
You must have four network interfaces present on your device before installing OT Security. Tenable recommends the use of gigabit interfaces. The VMWare OVA creates these interfaces automatically. Create these interfaces manually when you install the ISO on your own hardware.
Note: Tenable does not provide SR-IOV support for the use of 10 G network cards and does not guarantee 10 G speeds with the use of 10 G network cards.
nic0 (192.168.1.5) and nic3 (192.168.3.3) have static IP addresses when you install Tenable Core + OT Security in a hardware or virtual environment. Other network interface controllers (NICs) use DHCP.
nic3 (192.168.3.3) has a static IP address when you deploy Tenable Core + OT Security on VMware. Other NICs use DHCP. Confirm that the Tenable Corenic1 MAC address matches the NIC MAC address in your VMware passive scanning configuration. Modify your VMware configuration to match your Tenable Core MAC address if necessary.
For more information, see Manually Configure a Static IP Address, Manage System Networking and the VMware Documentation.