Secure Relay Architectures for On-Premises Platforms

Tenable Identity Exposure supports the following architectures comprising the Storage Manager (SM), Security Engine Node (SEN), Directory Listener (DL), and Secure Relay (SR):

Standard 3 Servers with DL and SR on the Same Server

This architecture transitions from a standard 3-servers architecture (SM, SEN, and DL) to one with a DL running the SR on the same server.

3.42 3.59 3.77
  • The Security Engine Node:

    • Sends email and Syslog alerts

    • Provides LDAP authentication

  • The Directory Listener runs the Secure Relay, which:

    • Sends email and Syslog alerts

    • Provides LDAP authentication

Note: This architecture requires that you combine the required resources for the DL and SR in one virtual machine.

Standard 3 Servers with DL and SR on a Separate Server

This architecture transitions from a standard 3-servers architecture (SM, SEN, and DL) to one with the DL and SR running on separate servers.

3.42 3.59 3.77
  • The Security Engine Node:

    • Sends email and Syslog alerts

    • Provides LDAP authentication

  • Requires a new server for the Directory Listener

  • The Secure Relay:

    • Replaces the Directory Listener

    • Sends email and Syslog alerts

    • Provides LDAP authentication

Multiple DLs to a Single DL Running SR

This architecture transitions from a multiple-DLs architecture to one with a single DL running the SR.

3.42 3.59 3.77
  • Directory Listeners communicate with Security Engine using AMQP over TLS

  • The Security Engine Node:

    • Sends email and Syslog alerts

    • Provides LDAP authentication

The first Directory Listener owns the Secure Relay and acts as the "concentrator" for all deployed Secure Relays deployed (former Directory Listeners) and communicate with these using TLS. This Secure Relay:

  • Sends email and Syslog alerts

  • Provides LDAP authentication

Multiple DLs to a New DL Communicating with SR(s)

This architecture transitions from a multiple-DLs architecture to one with a new DL that communicates with Secure Relays (replacing old Directory Listeners).

3.42 3.59 3.77
  • Directory Listeners communicate with Security Engine using AMQP over TLS

  • The Security Engine Node:

    • Sends email and Syslog alerts

    • Provides LDAP authentication

A new server for the Directory Listener acts as the "concentrator" for all deployed Secure Relays (former Directory Listeners) which communicate with the Directory Listener using TLS.

The Secure Relay:

  • Sends email and Syslog alerts

  • Provides LDAP authentication

See also

Secure Relay for Tenable Identity Exposure 3.77