Resource Sizing

To ensure correct behavior, the Tenable Identity Exposure components — Storage Manager, Security Engine Nodes, and Directory Listener — require a certain amount of memory and computing power.

  • These required resources scale depending on the size of the Active Directory (AD) infrastructure that you monitor.
  • Tenable Identity Exposure uses the number of active users as a metric to compute the sizing requirements. This includes the regular user accounts and the service accounts that applications use.

To compute the AD volume:

  • Run the following PowerShell command line on each Active Directory domain to monitor:

Copy
Import-Module ActiveDirectory
(Get-ADUser -Server "dc.domain.com" -Filter 'enabled -eq $true').Count

where:

  • -Server specifies the Active Directory Domain Services (ADDS) instance to connect to.

  • dc.domain.com is the fully qualified domain name (FQDN) of the domain controller to use for counting.

Sizing Requirements

After you compute the number of active users to monitor, see the following sections for the appropriate sizing requirements:

  • The Directory Listeners receive real-time Active Directory flows.

  • The Security Engine Nodes support Tenable Identity Exposure’s security engine, storage services, and end users.

    Note: If you spread the SEN services over several machines, see Split Security Engine Node (SEN) Services for detailed resource sizing.
  • The Storage Manager provides hot and cold storage support for the Directory Listeners and the security nodes services.

Storage Policy Management

Gold, silver, and bronze storage are different tiers or levels of storage services based on performance, reliability, and cost. Definitions may vary among providers.

  • Gold is the highest tier with the best performance and reliability, suitable for critical workloads.

  • Silver is a mid-tier option with balanced performance and cost.

  • Bronze is the lower tier with lower performance and reliability, often chosen for less critical workloads.

Sizing Example

An Information System made of three Active Directory domains has the following sizing.

Domain

Number of Active AD users

Domain A

45,000

Domain B

15,000

Domain C

150

Total:

60,150

Following the sizing matrix, this Tenable Identity Exposure deployment requires the following resources.

Tenable Identity Exposure services

Instance Required

vCPU (per instance)

Memory (per instance)

Disk Space (per instance)

Directory Listeners

1

4 cores, at least 2.6 GHz

32 GB of RAM

30 GB

Security Engine Nodes

1

10 cores, at least 2.6 GHz

32 GB of RAM

300 GB

Storage Managers

1

12 cores, at least 2.6 GHz

32 GB of RAM

1.2 TB with 10,000 IOPs