Change IP Addresses or FQDNs for Tenable.ad Nodes

Changing the IP addresses or fully qualified domain names (FQDNs) of machines running the Storage Manager (SM), Security Engine Nodes (SEN), and Directory Listener (DL) is a required task in certain situations, such as disaster recovery testing. Using scripts to modify environment variables with the new IPs or FQDNs and to restart services is the most efficient way to perform this operation which also minimizes downtime.

To change the IP addresses or FQDN for Tenable Identity Exposure nodes:

  1. If your Tenable Identity Exposure installation type uses:

    • Default TLS: Generate and replace all self-signed TLS certificates with the new IP addresses or FQDNs.

    • Custom TLS: Generate and replace all custom TLS certificates with the new IP addresses or FQDNs.

    • No TLS: Proceed to the next step.

  1. In PowerShell, list all the IP/FQDN-related environment variables with the new IPs or FQDNs, such as in the following example:

Note: The following scripts only show the environment variables that you would need to update in a conventional setup of Tenable Identity Exposure. It excludes any setup using split SENs or multiple DLs.

  • Security Engine Node (SEN):

    Copy
    Update environment variables with new IPs or FQDNs for SEN
    $vars = @{
        ERIDANIS_MSSQL_HOST                 = $MssqlNodeIp            # Storage Manager Node IP Address
        ERIDANIS_MSSQL_PORT                 = $MssqlNodePort         # Storage Manager Node Default Port 1433
        ERIDANIS_KAPTEYN_PUBLIC_DOMAIN      = $WebAppHostName        # FQDN or IP Address of Web UI
        ALSID_CASSIOPEIA_EVENT_LOGS_DECODER_Service__EventLogsStorage__Host        = $DecoderIP        # Storage Manager Node IP Address
        ALSID_CASSIOPEIA_EVENT_LOGS_DECODER_Service__EventLogsStorage__Port        = $DecorderPort        # Default Port 4244
        ALSID_CASSIOPEIA_CYGNI_Service__EventLogsStorage__Host                    = $DecoderIP        # Storage Manager Node IP Address
        ALSID_CASSIOPEIA_CYGNI_Service__EventLogsStorage__Port                    = $DecorderPort        # Default Port 4244
    }

    ForEach ($var in $vars.GetEnumerator()) {
        [System.Environment]::SetEnvironmentVariable($var.Name, $var.Value, 'Machine')
    }

  • Directory Listener (DL):

    Copy
    Update environment variables with new IPs or FQDNs for DL
    $vars = @{
        ALSID_CASSIOPEIA_CETI_Service__Broker__Host                 = $SecurityEngineNodeIP            # Security EngineNode IP Address
        ALSID_CASSIOPEIA_CETI_Service__Broker__Port                 = $SecurityEngineNodePort            # Security EngineNode Port 
    }

    ForEach ($var in $vars.GetEnumerator()) {
        [System.Environment]::SetEnvironmentVariable($var.Name, $var.Value, 'Machine')
    }

  1. Restart all services on each machine.

    Copy
    Restart services on each machine
    # Restart all services
    Get-Service alsid* | Restart-Service
    Get-Service tenable* | Restart-Service