Install Tenable Identity Exposure

Required User Role: Administrator on the local machine

Tenable Identity Exposure's installation program installs the following components on different servers:

  • A Storage Manager (SM) to host all data based on MSSQL.

  • A Directory Listener (DL) to target audited domains.

  • A Security Engine Node (SEN) to perform security analysis and serve the user interface.

    For more information about how to install the SEN on several machines, see Split Security Engine Node (SEN) Services.

  • A Secure Relay (a separate installer) to allow you to configure domains from which it forwards the data to the Data Listener component, which collects AD objects.

All machines and installed binaries support the application of any security update for the underlying OS, either through Windows Server Update Services (WSUS) or System Center Configuration Manager (SCCM).

Installation Order

To install Tenable Identity Exposure 3.59, proceed in the following order:

Before you start

  • Download the executable programs for Tenable Identity Exposure and Secure Relay from Tenable’s Downloads site.

  • Review the Pre-deployment Requirements.

    Caution: Starting with Tenable Identity Exposure version 3.59.5, ensure that your TLS certificates use OpenSSL 3.0.x.
  • Review On-Premises Architectures and select the TLS Installation Types for your platform.

  • Reserve the following resources and have their information on hand before you install Tenable Identity Exposure:

    • Network — Private IP addresses.

    • Access — DNS name used to access Tenable Identity Exposure’s web portal.

    • Security — TLS certificate and its associated private key to secure access to the web portal.

      For more information, see Network Requirements.

  • Run the installer as a local user or a domain user who is a member of the Local Administrators group.

  • Have account permissions: The account you use to deploy Tenable Identity Exposure must have these specific permissions: SeBackupPrivilege, SeDebugPrivilege, and SeSecurityPrivilege.

  • Restart your server before launching the Tenable Identity Exposure installer for each component.

Installation Procedures

The following procedures install the Tenable Identity Exposure components in TLS with autogenerated and self-signed certificates (Default). For more information, see TLS Installation Types.