On-premises Architectures

The Tenable Identity Exposure platform relies on several Windows services hosted on virtual machines (VMs). Your environment must support the following infrastructure:

The Tenable Identity Exposure platform consists of three components: Directory Listeners, Security Engine Nodes, and Storage Managers.

  • The Directory Listeners: working closely with the monitored domain controllers, the Directory Listeners receive real-time Active Directory flows and apply several treatments to decode, isolate, and correlate security changes.

  • The Security Engine Nodes: hosting analysis-related services, the security engine nodes support the Tenable Identity Exposure security engine, internal communication bus, and end-user applications (such as the Web portal, the REST API, or the alert notifier). This component builds on different isolated Windows services.

  • The Storage Managers: providing hot and cold storage support, the Storage Managers oversee serving data to the Directory Listeners and the Security Engine Nodes. This component is the only one that must remain persistent to save information. Internally, they use Microsoft MS SQL Server to store internal data and configuration.

For the number and sizing of these components, see Resource Sizing.


Tenable Identity Exposure's on-premises solution uses a software package hosted in a dedicated Windows Server environment that you provide and manage, based on the following architectures: