Hardware Requirements

Enterprise networks can vary in performance, capacity, protocols, and overall activity. Resource requirements to consider for Tenable Nessus deployments include raw network speed, the size of the network, and the configuration of Tenable Nessus.

The following recommendations are guidelines for the minimum hardware allocations. Certain types of scans are more resource intensive. If you run complex scans, especially those with credentials, you may require more disk space, memory, and processing power.

Tip: For information on maximizing your scan performance and scan configuration tips, see the Tenable Nessus Scan Tuning Guide.

Note: In addition to the minimum recommended disk spaces listed in the following sections, consider how much additional disk space your organization needs to store Tenable Nessus log files. By default, nessusd.dump and nessusd.messages can store up to 50 GB of log files each, but you can configure this size to be larger or smaller depending on your organization's needs. For more information, see the dumpfile_max_files, dumpfile_max_size, logfile_max_files, and logfile_max_size settings in the Tenable Nessus User GuideAdvanced Logging Settings.

Tenable Nessus Scanners and Tenable Nessus Professional

The following table lists the hardware requirements for Tenable Nessus scanners and Tenable Nessus Professional.

(missing or bad snippet)

Tenable Nessus Manager

The following table lists the hardware requirements for Tenable Nessus Manager.

Note: To view the hardware requirements for Nessus Manager clustering, see Clustering System Requirements.
(missing or bad snippet)

Tenable Nessus with Web Application Scanning Enabled

The following table lists the hardware requirements for Tenable Nessus Expert with web application scanning enabled and Tenable Nessus scanners with web application scanning enabled in Tenable Security Center:

(missing or bad snippet)

Storage Requirements

Tenable Nessus only supports storage area networks (SANs) or network-attached storage (NAS) configurations when installed on a virtual machine managed by an enterprise class hypervisor. Tenable Nessus Manager requires higher disk throughput and may not be appropriate for remote storage. If you install Tenable Nessus on a non-virtualized host, you must do so on direct-attached storage (DAS) devices.

Tenable recommends a minimum of 5,000 MB of temporary space for the Nessus scanner to run properly.

Note:Tenable Nessus is a CPU-intensive application. If you deploy Tenable Nessus in a virtualized infrastructure, take care to avoid running Tenable Nessus in a manner in which it may attempt to draw on oversubscribed resources, especially CPU. Refer to your vendor-specific virtualized infrastructure documentation for guidance on optimizing virtual infrastructure resource allocation, such as Best Practices for Oversubscription of CPU, Memory, and Storage in vSphere Virtual Environments for VMware.

NIC Requirements

Tenable recommends you configure the following, at minimum, to ensure network interface controller (NIC) compatibility with Tenable Nessus:

  • Disable NIC teaming or assign a single NIC to Tenable Nessus.

  • Disable IPv6 tunneling on the NIC.

  • Disable packet capture applications that share a NIC with Tenable Nessus.

  • Avoid deploying Tenable Nessus in a Docker container that shares a NIC with another Docker container.

For assistance confirming if other aspects of your NIC configuration are compatible with Tenable Nessus, contact Tenable Support.

Virtual Machines

Tenable Nessus can be installed on a virtual machine that meets the same requirements. If your virtual machine is using Network Address Translation (NAT) to reach the network, many of the Tenable Nessus vulnerability checks, host enumeration, and operating system identification are negatively affected.

Note: Only one virtualized Tenable Nessus scanner can be run on any physical host. Tenable Nessus relies on low-level network operations and requires full access to the host's network interface controller (NIC). In a virtualization environment (for example, Hyper-V, Docker), this can cause incorrect scanner behavior, or host instability, if more than one virtualized Tenable Nessus scanner attempts to share a single physical NIC.

Note:Tenable Nessus is a CPU-intensive application. If you deploy Tenable Nessus in a virtualized infrastructure, take care to avoid running Tenable Nessus in a manner in which it may attempt to draw on oversubscribed resources, especially CPU. Refer to your vendor-specific virtualized infrastructure documentation for guidance on optimizing virtual infrastructure resource allocation, such as Best Practices for Oversubscription of CPU, Memory, and Storage in vSphere Virtual Environments for VMware.