Resource Sizing

To ensure correct behavior, the Tenable Identity Exposure components — Storage Manager, Security Engine Nodes, and Directory Listener — require a certain amount of memory and computing power.

  • These required resources scale depending on the size of the Active Directory (AD) infrastructure that you monitor.
  • Tenable Identity Exposure uses the number of active users as a metric to compute the sizing requirements. This includes the regular user accounts and the service accounts that applications use.

To compute the AD volume:

  • Run the following PowerShell command line on each Active Directory domain to monitor:

Copy 
Import-Module ActiveDirectory
(Get-ADUser -Server "dc.domain.com" -Filter 'enabled -eq $true').Count

where:

  • -Server specifies the Active Directory Domain Services (ADDS) instance to connect to.

  • dc.domain.com is the fully qualified domain name (FQDN) of the domain controller to use for counting.

Sizing Requirements

After you compute the number of active users to monitor, see the following sections for the appropriate sizing requirements:

  • The Directory Listeners receive real-time Active Directory flows.

    Directory Listener

    Active AD users

    Instance required

    vCPU (per instance)

    Memory
    (per instance)

    Disk space
    (per instance)

    1 – 25,000

    1 virtual machine

    2 cores on 2 sockets

    16 GB of RAM

    30 GB (Silver)

    25,001 – 50,000

    1 virtual machine

    4 cores on 2 sockets

    16 GB of RAM

    30 GB (Silver)

    50,001 - 75,000

    1 virtual machine

    4 cores on 2 sockets

    32 GB of RAM

    30 GB (Silver)

    75,001 – 100,000

    1 virtual machine

    4 cores on 2 sockets

    32 GB of RAM

    30 GB (Silver)

    100,001 – 150,000

    1 virtual machine

    8 cores on 2 sockets

    64 GB of RAM

    30 GB (Silver)

    150,001 – 300,000

    1 virtual machine

    8 cores on 2 sockets

    64 GB of RAM

    30 GB (Silver)

    300,001 – 500,001+

    1 virtual machine

    8 cores on 2 sockets

    64 GB of RAM

    30 GB (Silver)

  • The Security Engine Nodes support Tenable Identity Exposure’s security engine, storage services, and end users.

    Security Engine Node

    Active AD users

    Instance required

    vCPU (per instance)

    Memory
    (per instance)

    Disk space
    (per instance)

    1 – 25,000

    1 virtual machine

    8 cores on 2 sockets

    16 GB of RAM

    200 GB (Gold)

    25,001 – 50,000

    1 virtual machine

    8 cores on 2 sockets

    32 GB of RAM

    300 GB (Gold)

    50,001 - 75,000

    1 virtual machine

    10 cores on 3 sockets

    32 GB of RAM

    300 GB (Gold)

    75,001 – 100,000

    1 virtual machine

    12 cores on 4 sockets

    64 GB of RAM

    400 GB (Gold)

    100,001 – 150,000

    1 virtual machine

    16 cores on 4 sockets

    96 GB of RAM

    400 GB (Gold)

    Split Security Engine Node

    150,001 – 300,000

    5 virtual machines

    VM1: 8 cores on 2 sockets

    VM1: 16 GB of RAM

    VM1: 1 TB

       

    VM2: 8 cores on 4 sockets

    VM2: 16 GB of RAM

    VM2: 300 GB

       

    VM3: 16 cores on 4 sockets

    VM3: 32 GB of RAM

    VM3: 100 GB

       

    VM4: 16 cores on 4 sockets

    VM4: 16 GB of RAM

    VM4: 100 GB

        VM5: 16 cores on 4 sockets VM5: 48 GB of RAM

    VM5: 100 GB

    300,001 – 500,001+

    5 virtual machines

    VM1: 8 cores on 2 sockets

    VM1: 16 GB of RAM

    VM1: 1 TB

    VM2: 8 cores on 4 sockets

    VM2: 16 GB of RAM

    VM2: 300 GB

    VM3: 12 cores on 4 sockets

    VM3: 32 GB of RAM

    VM3: 100 GB

    VM4: 16 cores on 4 sockets

    VM4: 32 GB of RAM

    VM4: 100 GB

    VM5: 16 cores on 4 sockets VM5: 64 GB of RAM

    VM5: 100 GB

  • The Storage Manager provides hot and cold storage support for the Directory Listeners and the security nodes services.

    Storage Manager
    Active AD users

    Instance Required

    vCPU (per instance)

    Memory (per instance)

    		 Disk Space (per instance)

    1 – 25,000

    1 virtual machine

    8 cores on 2 sockets

    16 GB of RAM

    		600 GB

    25,001 – 50,000

    1 virtual machine

    8 cores on 2 sockets

    16 GB of RAM

    		800 GB

    50,001 - 75,000

    1 virtual machine

    12 cores on 4 sockets

    32 GB of RAM

    		1.2 TB

    75,001 – 100,000

    1 virtual machine

    12 cores on 4 sockets

    32 GB of RAM

    		2 TB

    100,001 – 150,000

    1 virtual machine

    12 cores on 4 sockets

    64 GB of RAM

    		4 TB

    150,001 – 300,000

    1 virtual machine

    16 cores on 4 sockets

    64 GB of RAM

    		6 TB

    300,001 – 500,001+

    1 virtual machine

    16 cores on 4 sockets

    128 GB of RAM

    		8 TB
    For information about disk performance, see Storage Manager Disk Requirements.

Storage Policy Management

Gold, silver, and bronze storage are different tiers or levels of storage services based on performance, reliability, and cost. Definitions may vary among providers.

  • Gold is the highest tier with the best performance and reliability, suitable for critical workloads.

  • Silver is a mid-tier option with balanced performance and cost.

  • Bronze is the lower tier with lower performance and reliability, often chosen for less critical workloads.

Sizing Example

An Information System made of three Active Directory domains has the following sizing.

Domain

Number of Active AD users

Domain A

45,000

Domain B

15,000

Domain C

150

Total:

60,150

Following the sizing matrix, this Tenable Identity Exposure deployment requires the following resources.

Tenable Identity Exposure services

Instance Required

vCPU (per instance)

Memory (per instance)

Disk Space (per instance)

Directory Listeners

1

4 cores, at least 2.6 GHz

32 GB of RAM

30 GB

Security Engine Nodes

1

10 cores, at least 2.6 GHz

32 GB of RAM

300 GB

Storage Managers

1

12 cores, at least 2.6 GHz

32 GB of RAM

1.2 TB with 10,000 IOPs