Tenable Identity Exposure Deployment
You install Tenable Identity Exposure as an application package hosted in a dedicated Windows environment that must fulfill specific hosting specifications.Tenable Identity Exposure requires access to the operating system's master image on the system where you install it.
Required account permissions: The account you use to deploy Tenable Identity Exposure must have these specific permissions: SeBackupPrivilege, SeDebugPrivilege, and SeSecurityPrivilege.
Tenable preconfigures the application package with only Tenable services and your specific requirements. This deployment option offers maximum flexibility and integrates seamlessly into your specific environment.

The following table details unsupported configurations:
Configuration |
Description |
---|---|
Active anti-virus or Endpoint Detection and Response (EDR) solution |
The Tenable Identity Exposure platform requires intensive disk I/O.
|
FIPS-compliant algorithms |
For data privacy reasons, do not activate Federal Information Processing Standards (FIPS)-compliant algorithms for encryption. |
Firewalls |
Do the following to allow Tenable Identity Exposure services to communicate with each other to have reliable security monitoring:
|
Erlang |
|

Deploying Tenable Identity Exposure’s platform in a non-certified environment can create unexpected side effects.
In particular, the deployment of third-party applications (such as a specific agent or daemon) in the master image can cause stability or performance issues.
Tenable strongly recommends that you reduce the number of third-party applications to a minimum.

Tenable Identity Exposure’s platform requires local administrative rights to operate and ensure a proper service management.
-
You must provide the Tenable technical lead with the credentials (username and password) associated with the administrative account of the host machine.
-
When deploying to a production environment, consider a password renewal process that you validate jointly with the Tenable technical lead.

As part of its upgrade program, Tenable frequently publishes updates to its systems to provide new detection capabilities and new product features.
-
In this deployment, Tenable only provides updates for Tenable Identity Exposure components. You must ensure a proper management of your operating systems, including the frequent deployment of security patches. For more information about Tenable Identity Exposure releases, see the Tenable Identity Exposure Release Notes.
-
Tenable Identity Exposure's micro-services architecture supports the immediate application of operating system patches.