Upgrade Tenable Identity Exposure to Use Secure Relay

Upgrading Tenable Identity Exposure to Tenable Identity Exposure with Secure Relay entails making several important changes for a seamless transition. One significant change involves the relay taking over the direct receipt of Active Directory (AD) feeds, which requires at least one relay installation.

To ensure a smooth upgrade, observe the following guidelines:

  • Auto-update: If you have an on-premise platform, note that you do not update Secure Relay directly. Instead, you only have to update your Directory Listener (DL) machine during the upgrade process.

  • Installer placement: During the upgrade, the installer Tenable.ie.exe places the Secure Relay installer in an accessible location for download and installation on each Secure Relay machine.

For on-premise platforms migrating to Tenable Identity Exposure with Secure Relay, you must make the following configurations:

  • Relay Configuration: Configure relay settings through the Tenable Identity Exposure user interface (UI). For more information, see Configure the Relay in the Tenable Identity Exposure Administrator Guide.

    • Domain Mapping: Replace multiple-DL application settings or network environment variables with necessary domain settings (the number of edits may vary).

    • Alert Mapping: Ensure that you correctly map alerts.

If your platform uses multiple DL instances, consider the following:

  • For multi-DL setups, transition them to become multi-relay configurations.

  • If you have several DL instances, you must first uninstall them and install relays in their place. Thoroughly test this process.

Additionally, specific configurations on your Storage Manager virtual machine (VM) for email/Syslog alerting or TLS management (such as certificates on the VM or network exceptions) are no longer required. The relay now handles the sending process, aligning with the network flow and any potential connections to 'Trusted Certificate Authorities.'