TOC & Recently Viewed

Recently Viewed Topics

Tenable.io On-prem Environments

Instead of hardware requirements, Tenable provides a transparent look at successful environments where on-prem has been tested. Consider the tested environments below and customize your environment depending on the needs of your organization.

Note: The Small asset size environment is the minimum supported environment for deploying Tenable.io on-prem

Number of Assets Tested Environment
Small (25,000 - 50,000)

Processor: 2 x Intel Xeon E5-2620v4.

Memory: 4 x 32GB RAM (128GB).

Disk: 1.5TB usable capacity. For more information, see Raid Controller Guidelines, Disk Space Usage Guidelines, and Disk Speed Guidelines.

Network: 1 x 1GB.

Medium (50,001 - 75,000)

Processor: 2 x Intel Xeon E5-2650v4.

Memory: 8 x 32GB RAM (256GB).

Disk: 1.5TB usable capacity). For more information, see Raid Controller Guidelines, Disk Space Usage Guidelines, and Disk Speed Guidelines.

Network: 1 x 1GB.

Large (75,001 - 100,000)

Processor: 2 x Intel Xeon E5-2699v4.

Memory: 8 x 32GB RAM (256GB).

Disk: 1.5TB usable capacity. For more information, see Raid Controller Guidelines, Disk Space Usage Guidelines, and Disk Speed Guidelines.

Network: 1 x 1GB.

Raid Controller Guidelines

Your RAID controller must have Write-Back cache mode enabled and at least 1GB of RAID controller cache, protected by an integrated battery backup unit (BBU).

Disk Space Usage Guidelines

You may want to increase your available disk space depending on your number of assets and expected scan frequency.

On-prem monitors your disk space usage and automatically shuts down the Tenable.io interface if your disk space usage exceeds 90% capacity on a filesystem. After automatic shutdown, power down your server and add disk space. Then, power up the hardware and resize the filesystem.

Note: The following guidelines are based on average-sized scan results. If your scan results are smaller or larger than average, your actual usage varies.

Number of Assets Disk Space Used if Scanning Daily Disk Space Used if Scanning Weekly Disk Space Used if Scanning Monthly
25,000 10950 GB per year 1560 GB per year 360 GB per year
50,000 27375 GB per year 3900 GB per year 900 GB per year
100,000 54750 GB per year 7800 GB per year 1800 GB per year

Disk Speed Guidelines

Tenable runs hardware tests on environments meeting the following disk speeds.

Number of Assets Maximum Read Maximum Write
25,000 608 IOPS 204 IOPS
50,000 1703 IOPS 568 IOPS
75,000 1945 IOPS 650 IOPS
100,000 38633 IOPS 12865 IOPS

Tenable recommends estimating your random read and write access performance by running a Flexible I/O workload test:

./fio --randrepeat=1 --ioengine=libaio --direct=1 --gtod_reduce=1 --name=test --filename=test --bs=4k --iodepth=64 --size=8G --readwrite=randrw --rwmixread=75

Browser Requirements

For more information about on-prem configuration interface browser requirements, see http://cockpit-project.org/running.

Internet Access Requirements

Your Tenable.io on-prem deployment requires access to the internet, with or without going through a proxy server. On-prem performs best with network speeds of 100 Mbps or above.

Network Requirements

Your Tenable.io on-prem deployment reserves 10.96.0.0/20 and 10.32.0.0/20 for its internal networks. If you want a device to communicate with on-prem, you must place the device outside the 10.96.0.0/20 and 10.32.0.0/20 IP address blocks.

Port Access Requirements

Your Tenable.io on-prem deployment requires access to specific ports for inbound and outbound traffic.

Inbound Traffic

Port Traffic
22 All SSH connections.
443 The Tenable.io interface and NNM, Nessus scanner, and Nessus agent connections.
3000 The Grafana interface, if enabled.
8000 The Tenable.io on-prem configuration interface.
8900 The Kibana interface, if enabled.

Outbound Traffic

Port Traffic
22 All SSH connections.
443 The appliance.cloud.tenable.com server (for system updates) and the plugins.nessus.org server (for activation and plugin updates).

Copyright 2017-2018 Tenable, Inc. All rights reserved. Tenable Network Security, Nessus, SecurityCenter, SecurityCenter Continuous View and Log Correlation Engine are registered trademarks of Tenable, Inc. Tenable, Tenable.io, Assure, and The Cyber Exposure Company are trademarks of Tenable, Inc. All other products or services are trademarks of their respective owners.