Tenable Nessus Scanner Hardware Requirements
Enterprise networks can vary in performance, capacity, protocols, and overall activity. Resource requirements to consider for Tenable Nessus deployments include raw network speed, the size of the network, and the configuration of Tenable Nessus.
The following recommendations are guidelines for the minimum hardware allocations. Certain types of scans are more resource intensive. If you run complex scans, especially those with credentials, you may require more disk space, memory, and processing power.
Tip: For information on maximizing your scan performance and scan configuration tips, see the Tenable Nessus Scan Tuning Guide.
Note: For Linux environments, the disk space requirements apply to the /opt folder.
Note: In addition to the minimum recommended disk spaces listed in the following sections, consider how much additional disk space your organization needs to store Tenable Nessus log files. By default, nessusd.dump and nessusd.messages can store up to 50 GB of log files each, but you can configure this size to be larger or smaller depending on your organization's needs. For more information, see the dumpfile_max_files, dumpfile_max_size, logfile_max_files, and logfile_max_size settings in the Tenable Nessus User Guide Advanced Logging Settings.
Tenable Nessus Scanners and Tenable Nessus Professional
The following table lists the hardware requirements for Tenable Nessus scanners and Tenable Nessus Professional.
|
Scenario |
Minimum Recommended Hardware |
|---|---|
|
Scanning up to 50,000 hosts per scan |
CPU: 4 2GHz cores Memory: 4 GB RAM (8 GB RAM recommended) Disk space: 30 GB, not including space used by the host operating system Note: Your usage (e.g., scan results, plugin updates, and logs) increases the amount of disk space needed over time. |
|
Scanning more than 50,000 hosts per scan |
CPU: 8 2GHz cores Memory: 8 GB RAM (16 GB RAM recommended) Disk space: 30 GB, not including space used by the host operating system Note: Your usage (e.g., scan results, plugin updates, and logs) increases the amount of disk space needed over time. |
Tenable Nessus Manager
The following table lists the hardware requirements for Tenable Nessus Manager.
|
Scenario |
Minimum Recommended Hardware |
|---|---|
|
Tenable Nessus Manager with 0-10,000 agents |
CPU — 4 2GHz cores Memory — 16 GB RAM Disk space — 5 GB per 5,000 agents per concurrent scan Note: Scan results and plugin updates require more disk space over time. |
|
Tenable Nessus Manager with 10,001-20,000 agents
|
CPU — 8 2GHz cores Memory — 32 GB RAM Disk space — 5 GB per 5,000 agents per concurrent scan Notes:
|
Tenable Nessus with Web Application Scanning Enabled
The following table lists the hardware requirements for Tenable Nessus Expert with web application scanning enabled and Tenable Nessus scanners with web application scanning enabled in Tenable Security Center:
| Hardware | Minimum Requirement |
|---|---|
| Processor | > 8 2GHz cores |
| RAM |
> 8 GB Tenable recommends using 16 GB RAM for the best results. Note: In addition to > 8 GB of system RAM, you must ensure that Docker is configured to deploy with a memory limit of 8 GB or more. For more information, see the Docker documentation. |
| Disk Space |
> 40 GB, not including space used by the host operating system Your overall usage (scan results, plugin updates, logging) increase the amount of disk space needed over time. |
Storage Requirements
Tenable Nessus only supports storage area networks (SANs) or network-attached storage (NAS) configurations when installed on a virtual machine managed by an enterprise class hypervisor. Tenable Nessus Manager requires higher disk throughput and may not be appropriate for remote storage. If you install Tenable Nessus on a non-virtualized host, you must do so on direct-attached storage (DAS) devices.
Tenable recommends a minimum of 5,000 MB of temporary space for the Nessus scanner to run properly.
Note:Tenable Nessus is a CPU-intensive application. If you deploy Tenable Nessus in a virtualized infrastructure, take care to avoid running Tenable Nessus in a manner in which it may attempt to draw on oversubscribed resources, especially CPU. Refer to your vendor-specific virtualized infrastructure documentation for guidance on optimizing virtual infrastructure resource allocation.
NIC Requirements
Tenable recommends you configure the following, at minimum, to ensure network interface controller (NIC) compatibility with Tenable Nessus:
-
Disable NIC teaming or assign a single NIC to Tenable Nessus.
-
Disable IPv6 tunneling on the NIC.
-
Disable packet capture applications that share a NIC with Tenable Nessus.
-
Avoid deploying Tenable Nessus in a Docker container that shares a NIC with another Docker container.
For assistance confirming if other aspects of your NIC configuration are compatible with Tenable Nessus, contact Tenable Support.
Virtual Machines
Tenable Nessus can be installed on a virtual machine that meets the same requirements. If your virtual machine is using Network Address Translation (NAT) to reach the network, many of the Tenable Nessus vulnerability checks, host enumeration, and operating system identification are negatively affected.
Note:Tenable Nessus is a CPU-intensive application. If you deploy Tenable Nessus in a virtualized infrastructure, take care to avoid running Tenable Nessus in a manner in which it may attempt to draw on oversubscribed resources, especially CPU. Refer to your vendor-specific virtualized infrastructure documentation for guidance on optimizing virtual infrastructure resource allocation.