Storage Manager Disk Requirements
As part of its security analysis, Tenable Identity Exposure stores the differences for each Active Directory (AD) change either from the AD database or the SYSVOL network share.
The Storage Manager component oversees the storage of these events using the following:
-
An event log storage for attacks related events
-
A Microsoft SQL Server instance for all other events
Tenable provides both minimum and recommended hardware requirements depending on your Active Directory activity:
-
A minimum sizing configuration to start and run the platform in most infrastructures.
-
A recommended sizing configuration to cover the needs of most event-intensive AD infrastructures.
Tenable Identity Exposure also requires the implementation of a specific disk layout to store the different database files and to ensure that I/O performances are compatible with its activity.
Due to the amount of Active Directory data it processes, Tenable Identity Exposure is a disk-intensive application. To avoid any bottleneck introduced by the storage (disk or SAN), Tenable Identity Exposure offers a minimal and recommended configuration.
-
As with sizing, the minimal disk performances generally cover the needs of most infrastructures.
-
The recommended infrastructure offers better experience for large or active AD infrastructures.
Supported and Recommended Disk Layout
Some specific environments require splitting the database files across different disks:
-
One data file disk
-
One temporary DB disk
-
One log file disk
-
(Optional) 1 backup disk
Minimum and Recommended Disk Sizing
The following tables describe the minimal and recommended disk sizing to store six months of Active Directory events in Tenable Identity Exposure.
|
Storage managers – Disk Sizing Matrix |
|||||||
|---|---|---|---|---|---|---|---|
|
Active AD users |
Disk Space (per instance) |
Data File Disk Space |
Log File Disk Space |
TempDb Disk Space |
|||
| Minimum | Recommended | Minimum | Recommended | Minimum | Recommended | ||
|
1 – 25,000 |
600 GB |
340 GB |
375 GB |
100 GB |
200 GB |
10 GB |
25 GB |
|
25,001 – 50,000 |
800 GB |
400 GB |
500 GB |
125 GB |
250 GB |
25 GB |
50 GB |
|
50,001 - 75,000 |
1.2 TB |
600 GB |
775 GB |
150 GB |
350 GB |
50 GB |
75 GB |
|
75,001 – 100,000 |
2 TB |
725 GB |
1.3 TB |
200 GB |
600 GB |
75 GB |
100 GB |
|
100,001 – 150,000 |
4 TB |
1.6 TB |
3 TB |
300 GB |
800 GB |
100 GB |
200 GB |
|
150,001 – 300,000 |
6 TB |
2.45 TB |
4.7 TB |
400 GB |
1 TB |
150 GB |
300 GB |
|
300,001 – 500,001+ |
8 TB |
3.3 TB |
6.4 TB |
500 GB |
1.2 TB |
200 GB |
400 GB |
Minimum and Recommended Disk Performance
The limiting factor of the database is usually the underlying disk performances. The better disk throughput/IOPS, the better overall performances of Tenable Identity Exposure are. A low latency is also necessary (<5 ms).
| Storage managers – Disk Performance Matrix | ||||
|---|---|---|---|---|
|
Active AD users
|
Minimal Disk Performance |
Recommended Disk Performance |
||
|
Throughput (MB/sec) |
IOPs (read/write) |
Throughput (MB/sec) |
IOPs (read/write) |
|
|
1 – 25,000 |
150 |
2,500 |
300 |
5,000 |
|
25,001 – 50,000 |
200 |
5,000 |
400 |
10,000 |
|
50,001 - 75,000 |
200 |
5,000 |
400 |
10,000 |
|
75,001 – 100,000 |
200 |
5,000 |
400 |
10,000 |
|
100,001 – 150,000 |
250 |
7,500 |
500 |
15,000 |
|
150,001 – 300,000 |
250 |
7,500 |
500 |
15,000 |
|
300,001 – 500,001+ |
500 |
16,000 |
1,000 |
32,000 |