Change IP Addresses or FQDNs for Tenable Identity Exposure Nodes

Changing the IP addresses or fully qualified domain names (FQDNs) of machines running the Storage Manager (SM), Security Engine Nodes (SEN), and Directory Listener (DL) is a required task in certain situations, such as disaster recovery testing. Using scripts to modify environment variables with the new IPs or FQDNs and to restart services is the most efficient way to perform this operation which also minimizes downtime.

To change the IP addresses or FQDN for Tenable Identity Exposure nodes:

  1. If your Tenable Identity Exposure installation type uses:

    • Default TLS: Generate and replace all self-signed TLS certificates with the new IP addresses or FQDNs.

    • Custom TLS: Generate and replace all custom TLS certificates with the new IP addresses or FQDNs.

    • No TLS: Proceed to the next step.

  1. In PowerShell, list all the IP/FQDN-related environment variables with the new IPs or FQDNs, such as in the following example:

Note: The following scripts only show the environment variables that you would need to update in a conventional setup of Tenable Identity Exposure. It excludes any setup using split SENs or multiple DLs.

  • Security Engine Node (SEN):

    Copy
    Update environment variables with new IPs or FQDNs for SEN
    # Script to run on the Security Engine Node Server
    $vars = @{
        ERIDANIS_MSSQL_HOST = ""  # Storage Manager Server IP Address
        ALSID_CASSIOPEIA_EVENT_LOGS_DECODER_Service__EventLogsStorage__Host = ""  # Storage Manager Server IP Address
        ALSID_CASSIOPEIA_CYGNI_Service__EventLogsStorage__Host = ""  # Storage Manager Server IP Address
        HEALTHCHECK_MSSQL_HOST = ""  # Storage Manager Server IP Address
    }

    # Prompt the user once for the value to set all environment variables to
    $value = Read-Host "Please enter the value for Storage Manager IP Address"
    Write-Output "You have entered: $value"

    # Use a temporary hashtable to store updated values
    $tempVars = @{}

    # Populate the temporary hashtable with the same value for all keys
    ForEach ($key in $vars.Keys) {
        $tempVars[$key] = $value
    }

    # Update the original hashtable with values from the temporary hashtable
    ForEach ($key in $tempVars.Keys) {
        $vars[$key] = $tempVars[$key]
    }


    # Set environment variables
    ForEach ($var in $vars.GetEnumerator()) {
        [System.Environment]::SetEnvironmentVariable($var.Name, $var.Value, 'Machine')
        Write-Output "Environment variable set: $($var.Name) = $($var.Value)"
    }

    # Restart all services
    Get-Service alsid* | Restart-Service
    Get-Service tenable* | Restart-Service

  • Directory Listener (DL):

    Copy
    Update environment variables with new IPs or FQDNs for DL
    # To run on the Directory Listener Server
    $vars = @{
        ALSID_CASSIOPEIA_CETI_Service__Broker__Host = ""  # Directory Listener Server IP Address
    }

    # Prompt the user once for the value to set all environment variables to
    $value = Read-Host "Please enter the value for Security Engine Node Server IP Address"
    Write-Output "You have entered: $value"

    # Use a temporary hashtable to store updated values
    $tempVars = @{}

    # Populate the temporary hashtable with the same value for all keys
    ForEach ($key in $vars.Keys) {
        $tempVars[$key] = $value
    }

    # Update the original hashtable with values from the temporary hashtable
    ForEach ($key in $tempVars.Keys) {
        $vars[$key] = $tempVars[$key]
    }

    # Set environment variables
    ForEach ($var in $vars.GetEnumerator()) {
        [System.Environment]::SetEnvironmentVariable($var.Name, $var.Value, 'Machine')
        Write-Output "Environment variable set: $($var.Name) = $($var.Value)"
    }

    # Restart all services
    Get-Service alsid* | Restart-Service
    Get-Service tenable* | Restart-Service