Tenable Security Center Environment Requirements

You can run Tenable Security Center on hardware, with or without Tenable Core. For more information about Tenable Core, see the Tenable Core User Guide.

Note:Tenable strongly discourages running Tenable Security Center or Tenable CoreTenable Security Center in an environment shared with other Tenable applications.

Storage Requirements

Tenable recommends installing Tenable Security Center on direct-attached storage (DAS) devices (or storage area networks [SANs], if necessary) with a storage latency of 10 milliseconds or less.

Tenable does not support installing Tenable Security Center on network-attached storage (NAS).

Disk Space Requirements

Enterprise networks can vary in performance, capacity, protocols, and overall activity. Resource requirements to consider for deployments include raw network speed, the size of the network being monitored, and the configuration of the application. Processors, memory, and network cards are heavily based on the former. Disk space requirements vary depending on usage based on the amount and length of time data is stored on the system.

An important consideration is that Tenable Security Center can be configured to save a snapshot of vulnerability archives each day. In addition, the size of the vulnerability data stored by Tenable Security Center depends on the number and types of vulnerabilities, not just the number of hosts. For example, 100 hosts with 100 vulnerabilities each could consume as much data as 1,000 hosts with 10 vulnerabilities each. In addition, the output for vulnerability check plugins that do directory listings, etc. is larger than Open Port plugins from discovery scans.

For networks of 35,000 to 50,000 hosts, Tenable has encountered data sizes of up to 25 GB. That number is based on storage of 50,000 hosts and approximately 500 KB per host.

Additionally, during active scanning sessions, large scans, and multiple smaller scans have been reported to consume as much as 150 GB of disk space as results are acquired. Once a scan has completed and its results are imported, that disk space is freed up.

Requirements When Running Basic Network Scans + Local Checks

# of Hosts Managed by Tenable Security Center

CPU Cores

Memory

Disk Space used for Vulnerability Trending

2,500 active IPs

4 2GHz cores

8 GB RAM

90 days: 125 GB

180 days: 250 GB

10,000 active IPs

8 3GHz cores

16 GB RAM

90 days: 450 GB

180 days: 900 GB

25,000 active IPs

16 3GHz cores

32 GB RAM

90 days: 1.2 TB

180 days: 2.4 TB

100,000 active IPs

32 3GHz cores

64 GB RAM

90 days: 4.5 TB

180 days: 9 TB

Requirements When Running Basic Network Scans + Local Checks + 1 Configuration Audit

# of Hosts Managed by Tenable Security Center

CPU Cores

Memory

Disk Space used for Vulnerability Trending

2,500 active IPs

4 2GHz cores

8 GB RAM

90 days: 225 GB

180 days: 450 GB

10,000 active IPs

8 3GHz cores

16 GB RAM

90 days: 900 GB

180 days: 1.8 TB

25,000 active IPs

16 3GHz cores

32 GB RAM

90 days: 2.25 TB

180 days: 4.5 TB

100,000 active IPs

32 3GHz cores

128 GB RAM

90 days: 9 TB

180 days: 18 TB

Note: Tenable Security Center is a memory and disk I/O-intensive application. If you deploy Tenable Security Center in a virtualized infrastructure, take care to avoid running Tenable Security Center in a manner in which it may attempt to draw on oversubscribed resources, especially memory and disk I/O. Refer to your vendor-specific virtualized infrastructure documentation for guidance on optimizing virtual infrastructure resource allocation, such as Best Practices for Oversubscription of CPU, Memory and Storage in vSphere Virtual Environments for VMware.

Disk Partition Requirements

Tenable Security Center installs into /opt/sc. Tenable highly recommends that you create the /opt directory on a separate disk partition. If you want to increase performance, consider using two disks: one for the operating system and one for the system deployed to /opt.

Tenable strongly recommends using high-performance disks. Tenable Security Center is a disk-intensive application and using disks with high read/write speeds, such as SSDs, results in the best performance.

If required disk space exists outside of the /opt file system, mount the desired target directory using the command mount –-bind <olddir> <newdir>. Make sure that the file system is automatically mounted on reboot by editing the /etc/fstab file appropriately.

Note: Tenable Security Center does not support using symbolic links for /opt/sc/. You can use symbolic links within /opt/sc/ subdirectories if instructed by Tenable Security Center documentation or Tenable Support.

Deploying Tenable Security Center on a server configured with RAID disks can also dramatically boost performance.

Tip:Tenable does not require RAID disks for even our largest customers. However, in one instance, response times for queries with a faster RAID disk for a customer with more than 1 million managed vulnerabilities moved from a few seconds to less than a second.

Network Interface Requirements

You can install Tenable Security Center in externally connected or air-gapped environments. For more information about special considerations for air-gapped environments, see Considerations for Air-Gapped Environments.

Gigabit or faster network cards are recommended for use on the Tenable Security Center server. This is to increase the overall performance of web sessions, emails, Tenable Log Correlation Engine queries, and other network activities.