Resource Sizing

To ensure correct behavior, the Tenable Identity Exposure components — Storage Manager, Security Engine Nodes, and Directory Listener — require a certain amount of memory and computing power.

These required resources scale depending on the size of the Active Directory (AD) infrastructure that you monitor.
Tenable Identity Exposure uses the number of active users as a metric to compute the sizing requirements. This includes the regular user accounts and the service accounts that applications use.

To compute the AD volume:

Run the following PowerShell command line on each Active Directory domain to monitor:

Copy

Import-Module ActiveDirectory
(Get-ADUser -Server "dc.domain.com" -Filter 'enabled -eq $true').Count

where:

-Server specifies the Active Directory Domain Services (ADDS) instance to connect to.

dc.domain.com is the fully qualified domain name (FQDN) of the domain controller to use for counting.

Sizing Requirements

After you compute the number of active users to monitor, see the following sections for the appropriate sizing requirements:

The Directory Listeners receive real-time Active Directory flows.

Required sizing for the system hosting the Directory Listener components:

Directory Listener
Active AD users	Instance required	vCPU (per instance)	Memory (per instance)	Disk space (per instance)
1 – 25,000	1 virtual machine	2 cores on 2 sockets	16 GB of RAM	30 GB (Silver)
25,001 – 50,000	1 virtual machine	4 cores on 2 sockets	16 GB of RAM	30 GB (Silver)
50,001 - 75,000	1 virtual machine	4 cores on 2 sockets	32 GB of RAM	30 GB (Silver)
75,001 – 100,000	1 virtual machine	4 cores on 2 sockets	32 GB of RAM	30 GB (Silver)
100,001 – 150,000	1 virtual machine	8 cores on 2 sockets	64 GB of RAM	30 GB (Silver)
150,001 – 300,000	1 virtual machine	8 cores on 2 sockets	64 GB of RAM	30 GB (Silver)
300,001 – 500,001+	1 virtual machine	8 cores on 2 sockets	64 GB of RAM	30 GB (Silver)

The Security Engine Nodes support Tenable Identity Exposure’s security engine, storage services, and end users.

Note: If you spread the SEN services over several machines, see Split Security Engine Node (SEN) Services for detailed resource sizing.

Required sizing for the system hosting the Security Engine Node components:

Security Engine Node
Active AD users	Instance required	vCPU (per instance)	Memory (per instance)	Disk space (per instance)
1 – 25,000	1 virtual machine	8 cores on 2 sockets	16 GB of RAM	200 GB (Gold)
25,001 – 50,000	1 virtual machine	8 cores on 2 sockets	32 GB of RAM	300 GB (Gold)
50,001 - 75,000	1 virtual machine	10 cores on 3 sockets	32 GB of RAM	300 GB (Gold)
75,001 – 100,000	1 virtual machine	12 cores on 4 sockets	64 GB of RAM	400 GB (Gold)
100,001 – 150,000	1 virtual machine	16 cores on 4 sockets	96 GB of RAM	400 GB (Gold)
Split Security Engine Node
150,001 – 300,000	5 virtual machines	VM1: 8 cores on 2 sockets	VM1: 16 GB of RAM	VM1: 1 TB
		VM2: 8 cores on 4 sockets	VM2: 16 GB of RAM	VM2: 300 GB
		VM3: 16 cores on 4 sockets	VM3: 32 GB of RAM	VM3: 100 GB
		VM4: 16 cores on 4 sockets	VM4: 16 GB of RAM	VM4: 100 GB
		VM5: 16 cores on 4 sockets	VM5: 48 GB of RAM	VM5: 100 GB
300,001 – 500,001+	5 virtual machines	VM1: 8 cores on 2 sockets	VM1: 16 GB of RAM	VM1: 1 TB
VM2: 8 cores on 4 sockets	VM2: 16 GB of RAM	VM2: 300 GB
VM3: 12 cores on 4 sockets	VM3: 32 GB of RAM	VM3: 100 GB
VM4: 16 cores on 4 sockets	VM4: 32 GB of RAM	VM4: 100 GB
VM5: 16 cores on 4 sockets	VM5: 64 GB of RAM	VM5: 100 GB

The Storage Manager provides hot and cold storage support for the Directory Listeners and the security nodes services.

Required sizing for the system hosting the Storage Manager components:

Storage Manager
Active AD users	Instance Required	vCPU (per instance)	Memory (per instance)	Disk Space (per instance)
1 – 25,000	1 virtual machine	8 cores on 2 sockets	16 GB of RAM	600 GB
25,001 – 50,000	1 virtual machine	8 cores on 2 sockets	16 GB of RAM	800 GB
50,001 - 75,000	1 virtual machine	12 cores on 4 sockets	32 GB of RAM	1.2 TB
75,001 – 100,000	1 virtual machine	12 cores on 4 sockets	32 GB of RAM	2 TB
100,001 – 150,000	1 virtual machine	12 cores on 4 sockets	64 GB of RAM	4 TB
150,001 – 300,000	1 virtual machine	16 cores on 4 sockets	64 GB of RAM	6 TB
300,001 – 500,001+	1 virtual machine	16 cores on 4 sockets	128 GB of RAM	8 TB

Storage Policy Management

Gold, silver, and bronze storage are different tiers or levels of storage services based on performance, reliability, and cost. Definitions may vary among providers.

Gold is the highest tier with the best performance and reliability, suitable for critical workloads.
Silver is a mid-tier option with balanced performance and cost.
Bronze is the lower tier with lower performance and reliability, often chosen for less critical workloads.

Sizing Example

An Information System made of three Active Directory domains has the following sizing.

Domain	Number of Active AD users
Domain A	45,000
Domain B	15,000
Domain C	150
Total:	60,150

Following the sizing matrix, this Tenable Identity Exposure deployment requires the following resources.

Tenable Identity Exposure services	Instance Required	vCPU (per instance)	Memory (per instance)	Disk Space (per instance)
Directory Listeners	1	4 cores, at least 2.6 GHz	32 GB of RAM	30 GB
Security Engine Nodes	1	10 cores, at least 2.6 GHz	32 GB of RAM	300 GB
Storage Managers	1	12 cores, at least 2.6 GHz	32 GB of RAM	1.2 TB with 10,000 IOPs For upgrade: At least 20 GB available