Install Tenable Identity Exposure

Tenable Identity Exposure's installation program installs the following components on three different machines:

  • A Storage Manager (SM) to host all data based on MSSQL.

  • A Directory Listener (DL) to target audited domains.

  • A Security Engine Node (SEN) to perform security analysis and serve the user interface.

    For more information about how to install the SEN on several machines, see Split Security Engine Node (SEN) Services.

All three machines and installed binaries support the application of any security update for the underlying OS, either through Windows Server Update Services (WSUS) or System Center Configuration Manager (SCCM).

For more information about different TLS setups, see Installation Options.

The Tenable Identity Exposure executable program from Tenable’s Downloads site is the main installer for most on-premises and SaaS (excluding SaaS-TLS) deployments.

For SaaS-TLS deployments, you must download the Tenable Identity Exposure Security Probe installer. You must also have your customized certs.zip file containing the required certificates that the Tenable Identity Exposure team provides.

Starting from version 3.11, the Tenable Identity Exposure Security Probe Installer is only compatible with SaaS-TLS deployments. To install a Directory Listener node, you must use the Tenable Identity Exposure Installer file and select the "Directory Listener" component only.

Note: Tenable requires that you reboot all machines before you start a new installation.

Reserve the following resources and have their information on hand before you install Tenable Identity Exposure:

  • Network — Private IP addresses.

  • Access — DNS name used to access Tenable Identity Exposure’s web portal.

  • Security — TLS certificate and its associated private key to secure access to the web portal.

If the installation program cannot install Tenable Identity Exposure on a machine, you can forward the log file to our support (https://community.tenable.com/s/).

This log file is in your %tmp% folder, and its name always starts with “MSI” followed by random numbers, such as MSI65931.LOG.

To generate log files in another location (for example, if you placed the installer on the desktop):

  1. In the command line of the local machine, type cd desktop.

  2. Type .\installername.exe /LOGS "c:\<path>\logsmsi1.txt".