Secure Relay - FAQs
![Closed](../../Skins/Default/Stylesheets/Images/transparent.gif)
No, Secure Relays replace multiple DLs). Tenable Identity Exposure now only supports one DL; multiple DLs create unknown issues.
![Closed](../../Skins/Default/Stylesheets/Images/transparent.gif)
Yes, you can. However, make sure to combine the resource requirements for a DL and a Secure Relay. For example, if the RAM for a DL is 5 GB and for 1 GB for the Secure Relay, your machine must have 6 GB (5 GB + 1 GB).
You can also install the Secure Relay on a separate VM, as long as it can contact the DL.
![Closed](../../Skins/Default/Stylesheets/Images/transparent.gif)
With the 3.59, in its simplest form, we add a Secure Relay between your Active Directory (AD) and the DL. That means:
-
The communication between your AD and the Secure Relay is the same as the communication between your AD and the DL previously.
-
The communication between the DL and the rest of the platform is the same as previously.
-
What changes is that Tenable Identity Exposure uses HTTPS between one or more Secure Relays and the DL. You must allow this new network flow.
![Closed](../../Skins/Default/Stylesheets/Images/transparent.gif)
In the folder C:\Tenable\Tenable.ad\DirectoryListener\Updates\.
![Closed](../../Skins/Default/Stylesheets/Images/transparent.gif)
You can use either one as they are usually the same version. The one in the folder C:\Tenable\Tenable.ad\DirectoryListener\Updates\ does not require a login to access the binary.
![Closed](../../Skins/Default/Stylesheets/Images/transparent.gif)
The Secure Relay installation launches after the DL server reboots, so make sure first and foremost that you did reboot after the DL installation/upgrade.
Other problems could arise from the AV/EDR blocking the installation process from running after the reboot. Make sure to review their full logs.
The timeframe to look for in these logs depends on the AV/EDR blocking the installation process, so make sure to check some time before (during the DL installation) and after the reboot.
![Closed](../../Skins/Default/Stylesheets/Images/transparent.gif)
Multiple elements need to be retrieved when installation fails, before any other attempt:
-
The installation logs: Extract these from the MSI dialog box when a failure occurs.
-
The Relay logs: Located in the <install path>\SecureRelay\logs\Relay.log.
-
The Envoy logs: Located in the <install path>\SecureRelay\logs\envoy.logs.
-
The envoy.yaml configuration file: Located at <install path>\SecureRelay\envoy.yaml. There’s an API key that you can redact if necessary (although we also have it in the database).
-
The environment variables: Fetched using one of the following commands:
Copy(cmd.exe) set
(powershell.exe) ls env: | fl
See also