Tenable Security Center Cloud Requirements
The primary method to deploy Tenable Security Center in a cloud environment is with Tenable Core + Tenable Security Center. For more information, see the Tenable Core User Guide.
However, you can install Tenable Security Center in vendor-supported version of your cloud environment that meets the operating system requirements to run Tenable Security Center.
The following guidelines can help you install Tenable Security Center in an Amazon Elastic Compute Cloud (Amazon EC2) cloud-based environment or an Azure Virtual Machine (Azure Virtual Image) cloud-based environment, but they do not cover all deployment scenarios or cloud environments. For assistance with a different cloud environment, contact Tenable Professional Services.
Supported Amazon EC2 Instance Types
You can install Tenable Security Center in an Amazon Elastic Compute Cloud (Amazon EC2) cloud-based environment that meets all of the following requirements.
Tenable Security Center uses a balance of networking and compute resources and requires persistent storage for proper operation. To meet these requirements, Tenable supports installing Tenable Security Center on M5 instances with General Purpose SSD (gp2) EBS storage.
Tenable recommends the following Amazon EC2 instance types based on your Tenable Security Center deployment size.
Requirements When Running Basic Network Scans + Local Checks
# of Hosts Managed by Tenable Security Center | EC2 Instance Type | Disk Space Used for Vulnerability Trending |
---|---|---|
1 to 2,500 | m5.2xlarge |
90 days: 125 GB 180 days: 250 GB |
2,501 to 10,000 | m5.4xlarge |
90 days: 450 GB 180 days: 900 GB |
10,001 to 25,000 | m5.8xlarge |
90 days: 2.4 TB 180 days: 5 TB |
25,001 to 50,000 |
m5.12xlarge |
90 days: 4.5 TB 180 days: 9 TB |
50,001 or more | For assistance with large enterprise deployments greater than 50,000 active IP addresses, contact your Tenable representative. |
Requirements When Running Basic Network Scans + Local Checks + 1 Configuration Audit
# of Hosts Managed by Tenable Security Center | EC2 Instance Type | Disk Space Used for Vulnerability Trending |
---|---|---|
1 to 2,500 | m5.4xlarge |
90 days: 225 GB 180 days: 450 GB |
2,501 to 10,000 | m5.8xlarge |
90 days: 900 GB 180 days: 1.8 TB |
10,001 to 25,000 | m5.8xlarge |
90 days: 4.5 TB 180 days: 9 TB |
25,001 to 50,000 |
m5.12xlarge |
90 days: 9 TB 180 days: 18 TB |
50,001 or more | For assistance with large enterprise deployments greater than 50,000 active IP addresses, contact your Tenable representative. |
Supported Amazon Machine Images (AMIs)
Tenable provides an AMI for Tenable Core, but not for other cloud deployments without Tenable Core. Tenable supports using the following Amazon Marketplace AMI for Tenable Security Center without Tenable Core:
AMI | Required Configuration Changes |
---|---|
CentOS 7 (x86_64) - with Updates HVM |
|
Supported Azure Instance Types
You can install Tenable Security Center in an Azure Virtual Machine (Azure Virtual Image) cloud-based environment that meets all of the following requirements.
Tenable recommends the following virtual machine instance types based on your Tenable Security Center deployment size. You may need to increase the storage allocated to the virtual machine instance depending on usage.
Requirements When Running Basic Network Scans + Local Checks
# of Hosts Managed by Tenable Security Center | Virtual Machine Instance | Disk Space Used for Vulnerability Trending |
---|---|---|
1 to 2,500 | D3V2 |
90 days: 125 GB 180 days: 250 GB |
2,501 to 10,000 | D4V2 |
90 days: 450 GB 180 days: 900 GB |
10,001 to 25,000 | F16 |
90 days: 2.4 TB 180 days: 5 TB |
25,001 to 50,000 |
F32SV2 |
90 days: 4.5 TB 180 days: 9 TB |
50,001 or more | For assistance with large enterprise deployments greater than 50,000 active IP addresses, contact your Tenable representative. |
Requirements When Running Basic Network Scans + Local Checks + 1 Configuration Audit
# of Hosts Managed by Tenable Security Center | EC2 Instance Type | Disk Space Used for Vulnerability Trending |
---|---|---|
1 to 2,500 | D3V2 |
90 days: 125 GB 180 days: 250 GB |
2,501 to 10,000 | D4V2 |
90 days: 900 GB 180 days: 1.8 TB |
10,001 to 25,000 | F16 |
90 days: 4.5 TB 180 days: 9 TB |
25,001 to 50,000 |
D32SV3 |
90 days: 9 TB 180 days: 18 TB |
50,001 or more | For assistance with large enterprise deployments greater than 50,000 active IP addresses, contact your Tenable representative. |
Supported Azure Machine Images
Tenable provides an Azure image for Tenable Core, but not for other cloud deployments without Tenable Core. Tenable supports using the following Azure image for Tenable Security Center:
AMI | Required Configuration Changes |
---|---|
CIS CentOS Linux 7 Benchmark L1 |
|
Tenable Security Center in Kubernetes Requirements
Note: Tenable recommends using an empty Kubernetes cluster for Tenable Security Center deployments. These requirements assume that the Kubernetes cluster where you install Tenable Security Center has nothing else installed.
Tenable strongly recommends using high-performance disks when you deploy Tenable Security Center in a Kubernetes cluster. Tenable Security Center is a disk-intensive application and using disks with high read/write speeds (for example, SSDs or NVMe SSDs) results in the best performance. The requirements in the following tables are based on AWS M5 or better processor specifications. Using slower processors, like those found in AWS M5a instances, will impact performance for your Tenable Security Center in Kubernetes deployment.
For supported Kubernetes environments and installation instructions, see Tenable Security Center in Kubernetes.
Requirements When Running Basic Network Scans + Local Checks
# of Hosts Managed by Tenable Security Center |
CPU |
Memory |
Disk Space used for Vulnerability Trending |
---|---|---|---|
1 to 2,500 active IPs |
8000 m |
32 GiB |
90 days: 125 GB 180 days: 250 GB |
2,501 to 10,000 active IPs |
16000 m |
64 GiB |
90 days: 450 GB 180 days: 900 GB |
10,001 to 25,000 active IPs |
32000 m |
128 GiB |
90 days: 2.4 TB 180 days: 5 TB |
25,001 to 50,000 active IPs |
48000 m |
192 GiB |
90 days: 4.5 TB 180 days: 9 TB |
Requirements When Running Basic Network Scans + Local Checks + 1 Configuration Audit
# of Hosts Managed by Tenable Security Center |
CPU |
Memory |
Disk Space used for Vulnerability Trending |
---|---|---|---|
1 to 2,500 active IPs |
16000 m |
64 GiB |
90 days: 225 GB 180 days: 450 GB |
2,501 to 10,000 active IPs |
32000 m |
128 GiB |
90 days: 900 GB 180 days: 1.8 TB |
10,001 to 25,000 active IPs |
32000 m |
128 GiB |
90 days: 4.5 TB 180 days: 9 TB |
25,001 to 50,000 active IPs |
48000 m |
192 GiB |
90 days: 9 TB 180 days: 18 TB |
External PostgreSQL Requirements
You can install Tenable Security Center configured to work with a PostgreSQL instance managed by you. PostgreSQL is required for certain features
This is a required configuration if you have more than 100K hosts. The minimum version of PostgreSQL that Tenable Security Center requires is version 16. It is also recommended that wal_segment_size is set to be at least 64MB.
If you set up your PostgreSQL instance in a cloud environment, the following are guidelines for choosing your instance size. Note that the disk space in the following table is only for PostgreSQL data, and does not include any other OS or other dependencies you have.
# of Hosts Managed by Tenable Security Center |
AWS |
Azure |
Minimum Disk Space Required for PostgreSQL Data |
---|---|---|---|
2,500 active IPs |
r6g.xlarge | E4ps |
10 GB |
10,000 active IPs |
r6g.2xlarge | E8ps |
40 GB |
25,000 active IPs |
r6g.4xlarge | E16ps |
100 GB |
100,000 active IPs |
r6g.8xlarge | E20ps |
400 GB |