Hardware Requirements

Enterprise networks can vary in performance, capacity, protocols, and overall activity. Resource requirements to consider for Nessus deployments include raw network speed, the size of the network, and the configuration of Nessus.

The following recommendations are guidelines for the minimum hardware allocations. Certain types of scans are more resource intensive. If you run complex scans, especially those with credentials, you may require more disk space, memory, and processing power.

Tip: For information about Tenable Core + Nessus, see Requirements in the Tenable Core User Guide.

Storage Requirements

Tenable Nessus only supports storage area networks (SANs) or network-attached storage (NAS) configurations when installed on a virtual machine managed by an enterprise class hypervisor. Tenable Nessus Manager requires higher disk throughput and may not be appropriate for remote storage. If you install Tenable Nessus on a non-virtualized host, you must do so on direct-attached storage (DAS) devices.

Tenable recommends a minimum of 5,000 MB of temporary space for the Nessus scanner to run properly.

Note:Tenable Nessus is a CPU-intensive application. If you deploy Tenable Nessus in a virtualized infrastructure, take care to avoid running Tenable Nessus in a manner in which it may attempt to draw on oversubscribed resources, especially CPU. Refer to your vendor-specific virtualized infrastructure documentation for guidance on optimizing virtual infrastructure resource allocation, such as Best Practices for Oversubscription of CPU, Memory and Storage in vSphere Virtual Environments for VMware.

NIC Requirements

Tenable recommends you configure the following, at minimum, to ensure network interface controller (NIC) compatibility with Tenable Nessus:

  • Disable NIC teaming or assign a single NIC to Tenable Nessus.

  • Disable IPv6 tunneling on the NIC.

  • Disable packet capture applications that share a NIC with Tenable Nessus.

  • Avoid deploying Tenable Nessus in a Docker container that shares a NIC with another Docker container.

For assistance confirming if other aspects of your NIC configuration are compatible with Tenable Nessus, contact Tenable Support.

Tenable Nessus Scanners and Tenable Nessus Professional

The following table lists the hardware requirements for Tenable Nessus scanners and Tenable Nessus Professional.

Scenario

Minimum Recommended Hardware

Scanning up to 50,000 hosts per scan

CPU: 4 2GHz cores

Memory: 4 GB RAM (8 GB RAM recommended)

Disk space: 30 GB, not including space used by the host operating system

Note: Your usage (e.g., scan results, plugin updates, and logs) increases the amount of disk space needed over time.

Scanning more than 50,000 hosts per scan

CPU: 8 2GHz cores

Memory: 8 GB RAM (16 GB RAM recommended)

Disk space: 30 GB, not including space used by the host operating system

Note: Your usage (e.g., scan results, plugin updates, and logs) increases the amount of disk space needed over time.

Tenable Nessus Expert with Web Application Scanning

The following table lists the hardware requirements for web application scanning in Tenable Nessus Expert:

Hardware Minimum Requirement
Processor > 8 2GHz cores
RAM

> 8 GB

Tenable recommends using 16 GB RAM for the best results.
Disk Space

> 40 GB, not including space used by the host operating system

Your overall usage (scan results, plugin updates, logging) increase the amount of disk space needed over time.

Tenable Nessus Manager

The following table lists the hardware requirements for Tenable Nessus Manager.

Note: The suggested minimum recommended hardware is based on the total number of agents that check into the manager daily.

Scenario

Minimum Recommended Hardware

Nessus Manager with 0-10,000 agents

CPU: 4 2GHz cores

Memory: 16 GB RAM

Disk space: 5 GB per 5,000 agents per concurrent scan

Note: Scan results and plugin updates require more disk space over time.

Nessus Manager with 10,001-20,000 agents

 

CPU: 8 2GHz cores

Memory: 32 GB RAM

Disk space: 5 GB per 5,000 agents per concurrent scan

Note: Scan results and plugin updates require more disk space over time.

Note: Engage with your Tenable representative for large deployments.

Virtual Machine

You can install Tenable Nessus on a Virtual Machine that meets the same requirements.

Note: Using Network Address Translation (NAT) to connect your virtual machine to the network negatively affects many of the Tenable Nessus vulnerability checks, host enumeration, and operating system identification.

Nessus Agents

Tenable Nessus Agents are lightweight and only minimal system resources. Generally, a Tenable Nessus Agent uses 40 MB of RAM (all pageable). A Tenable Nessus Agent uses almost no CPU while idle, but is designed to use up to 100% of CPU when available during jobs.

For more information on Tenable Nessus Agent resource usage, see Agent Software Footprint.

The following table outlines the minimum recommended hardware for operating a Tenable Nessus Agent. You can install Tenable Nessus Agents on a virtual machine that meets the same requirements specified.

Hardware

Minimum Requirement

Processor

1 Dual-core CPU

Processor Speed

> 1 GHz
RAM > 1 GB
Disk Space

  • Agents 7.7.x and earlier: > 1 GB, not including space used by the host operating system

  • Agents 8.0.x and later: > 3 GB, not including space used by the host operating system

  • Agents 10.0.x and later: > 2 GB, not including space used by the host operating system

The agent may require more space during certain processes, such as a plugins-code.db defragmentation operation.
Disk Speed 15-50 IOPS
Note: You can control the priority of the Tenable Nessus Agent relative to the priority of other tasks running on the system. For more information see Agent CPU Resource Control in the Tenable Nessus Agent Deployment and User Guide.