Resource Sizing
To ensure correct behavior, the Tenable Identity Exposure components — Storage Manager, Security Engine Nodes, Secure Relay, and Directory Listener — require a certain amount of memory and computing power.
- These required resources scale depending on the size of the Active Directory (AD) infrastructure that you monitor.
- Tenable Identity Exposure uses the number of active users as a metric to compute the sizing requirements. This includes the regular user accounts and the service accounts that applications use.
To compute the AD volume:
-
Run the following PowerShell command line on each Active Directory domain to monitor:
CopyImport-Module ActiveDirectory
(Get-ADUser -Server "dc.domain.com" -Filter 'enabled -eq $true').Count
where:
-Server specifies the Active Directory Domain Services (ADDS) instance to connect to.
dc.domain.com is the fully qualified domain name (FQDN) of the domain controller to use for counting.
Sizing Requirements
After you compute the number of active users to monitor, see the following sections for the appropriate sizing requirements:
-
The Secure Relay is a mode of transfer for your Active Directory data from your network to Tenable Identity Exposure.
Required sizing for the system hosting the Secure Relay:
Customer Size Tenable Identity Exposure Services Instance Required vCPU (per instance) Memory (per instance) Available Disk Space (per instance) Disk Topology Any size
tenable_Relay
tenable_envoy
1 2 vCPU 8 GB of RAM 30 GB Partition for logs separate from the system partition
-
The Directory Listeners receive real-time Active Directory flows.
Required sizing for the system hosting the Directory Listener components:
Directory Listener Active AD users
Instance required
vCPU (per instance)
Memory
(per instance)Disk space
(per instance)1 – 25,000
1 virtual machine
2 cores on 2 sockets
16 GB of RAM
30 GB (Silver)
25,001 – 50,000
1 virtual machine
4 cores on 2 sockets
16 GB of RAM
30 GB (Silver)
50,001 - 75,000
1 virtual machine
4 cores on 2 sockets
32 GB of RAM
30 GB (Silver)
75,001 – 100,000
1 virtual machine
4 cores on 2 sockets
32 GB of RAM
30 GB (Silver)
100,001 – 150,000
1 virtual machine
8 cores on 2 sockets
64 GB of RAM
30 GB (Silver)
150,001 – 300,000
1 virtual machine
8 cores on 2 sockets
64 GB of RAM
30 GB (Silver)
300,001 – 500,001+
1 virtual machine
8 cores on 2 sockets
64 GB of RAM
30 GB (Silver)
-
The Security Engine Nodes support Tenable Identity Exposure’s security engine, storage services, and end users.
Required sizing for the system hosting the Security Engine Node components:
Security Engine Node Active AD users
Instance required
vCPU (per instance)
Memory
(per instance)Disk space
(per instance)1 – 25,000
1 virtual machine
8 cores on 2 sockets
16 GB of RAM
200 GB (Gold)
25,001 – 50,000
1 virtual machine
8 cores on 2 sockets
32 GB of RAM
300 GB (Gold)
50,001 - 75,000
1 virtual machine
10 cores on 3 sockets
32 GB of RAM
300 GB (Gold)
75,001 – 100,000
1 virtual machine
12 cores on 4 sockets
64 GB of RAM
400 GB (Gold)
100,001 – 150,000
1 virtual machine
16 cores on 4 sockets
96 GB of RAM
400 GB (Gold)
Split Security Engine Node 150,001 – 300,000
5 virtual machines
VM1: 8 cores on 2 sockets
VM1: 16 GB of RAM
VM1: 1 TB
VM2: 8 cores on 4 sockets
VM2: 16 GB of RAM
VM2: 300 GB
VM3: 16 cores on 4 sockets
VM3: 32 GB of RAM
VM3: 100 GB
VM4: 16 cores on 4 sockets
VM4: 16 GB of RAM
VM4: 100 GB
VM5: 16 cores on 4 sockets VM5: 48 GB of RAM VM5: 100 GB
300,001 – 500,001+
5 virtual machines
VM1: 8 cores on 2 sockets
VM1: 16 GB of RAM
VM1: 1 TB
VM2: 8 cores on 4 sockets
VM2: 16 GB of RAM
VM2: 300 GB
VM3: 12 cores on 4 sockets
VM3: 32 GB of RAM
VM3: 100 GB
VM4: 16 cores on 4 sockets
VM4: 32 GB of RAM
VM4: 100 GB
VM5: 16 cores on 4 sockets VM5: 64 GB of RAM VM5: 100 GB
-
The Storage Manager provides hot and cold storage support for the Directory Listeners and the security nodes services.
Required sizing for the system hosting the Storage Manager components:
Storage Manager Active AD users Instance Required
vCPU (per instance)
Memory (per instance)
Disk Space (per instance) 1 – 25,000
1 virtual machine
8 cores on 2 sockets
16 GB of RAM
600 GB 25,001 – 50,000
1 virtual machine
8 cores on 2 sockets
16 GB of RAM
800 GB 50,001 - 75,000
1 virtual machine
12 cores on 4 sockets
32 GB of RAM
1.2 TB 75,001 – 100,000
1 virtual machine
12 cores on 4 sockets
32 GB of RAM
2 TB 100,001 – 150,000
1 virtual machine
12 cores on 4 sockets
64 GB of RAM
4 TB 150,001 – 300,000
1 virtual machine
16 cores on 4 sockets
64 GB of RAM
6 TB 300,001 – 500,001+
1 virtual machine
16 cores on 4 sockets
128 GB of RAM
8 TB For information about disk performance, see Storage Manager Disk Requirements.
Storage Policy Management
Gold, silver, and bronze storage are different tiers or levels of storage services based on performance, reliability, and cost. Definitions may vary among providers.
-
Gold is the highest tier with the best performance and reliability, suitable for critical workloads.
-
Silver is a mid-tier option with balanced performance and cost.
-
Bronze is the lower tier with lower performance and reliability, often chosen for less critical workloads.
Sizing Example
An Information System made of three Active Directory domains has the following sizing.
|
Domain |
Number of Active AD users |
|---|---|
|
Domain A |
45,000 |
|
Domain B |
15,000 |
|
Domain C |
150 |
|
Total: |
60,150 |
Following the sizing matrix, this Tenable Identity Exposure deployment requires the following resources.
|
Tenable Identity Exposure services |
Instance Required |
vCPU (per instance) |
Memory (per instance) |
Disk Space (per instance) |
|---|---|---|---|---|
|
Directory Listeners |
1 |
4 cores, at least 2.6 GHz |
32 GB of RAM |
30 GB |
|
Security Engine Nodes |
1 |
10 cores, at least 2.6 GHz |
32 GB of RAM |
300 GB |
|
Storage Managers |
1 |
12 cores, at least 2.6 GHz |
32 GB of RAM |
1.2 TB with 10,000 IOPs |