On-Premises Architectures

The Tenable Identity Exposure platform relies on several Windows services hosted on virtual machines (VMs). Your environment must support the following infrastructure:

The Tenable Identity Exposure platform consists of the following components:

  • The Storage Manager: Providing hot and cold storage support, the Storage Managers oversee serving data to the Directory Listeners and the Security Engine Nodes. This component is the only one that must remain persistent to save information. Internally, they use Microsoft MS SQL Server to store internal data and configuration.

  • The Security Engine Nodes: Hosting analysis-related services, the security engine nodes support the Tenable Identity Exposure security engine, internal communication bus, and end-user applications (such as the Web portal, the REST API, or the alert notifier). This component builds on different isolated Windows services.

  • The Directory Listener: Working closely with the monitored domain controllers, the Directory Listeners receive real-time Active Directory flows and apply several treatments to decode, isolate, and correlate security changes.

  • The Secure Relay: a mode of transfer for your Active Directory data from your network to Tenable Identity Exposure using Transport Layer Security (TLS) instead of a VPN. The Relay feature also supports HTTP proxy with or without authentication if your network requires a proxy server to reach the internet. Tenable Identity Exposure can support multiple Secure Relays which you can map to domains according to your needs. See Secure Relay Architectures for On-Premises Platforms.

For the number and sizing of these components, see Resource Sizing.


Tenable Identity Exposure's on-premises solution uses a software package hosted in a dedicated Windows Server environment that you provide and manage, based on the following architectures: