TOC & Recently Viewed

Recently Viewed Topics

Large-scale Deployments

If you want to deploy agents across a large-scale environment, your deployment strategy must ensure that all agents are continuously active and stay connected to Tenable.io or Nessus Manager.

Deployment Strategy

When deploying a large number of agents, consider using software to push agents through the network. For example: 

Additionally, you should deploy batches of agents over a period of 24 hours when deploying a large amount of agents. This prevents the agents from attempting a full plugin set update at the same time. After an agent is initially installed and gets its first plugin update, it sets its timer to attempt the next update 24 hours from that time. As a result, if you deploy 10,000 agents all at once, all of those agents would attempt a full plugin set download at the same time each day, resulting in an excessive amount of bandwidth utilization. Please refer to Plugin Updates for more information on plugin update time frames.

Agent Groups

Tenable recommends that you size agent groups appropriately, particularly if you are managing scans in Nessus Manager or Tenable.io and then importing the scan data into SecurityCenter. You can size agent groups when you manage agents in Nessus Manager or Tenable.io.

The more agents that you scan and include in a single agent group, the more data that the manager must process in a single batch. The size of the agent group determines the size of the .nessus file that must be imported into SecurityCenter. The .nessus file size affects hard drive space and bandwidth.

Group Sizing

Product Agents Assigned per Group
Tenable.io

Unlimited agents per group if not sending to SecurityCenter

1,000 agents per group if sending to SecurityCenter

Tenable.io On-prem Unlimited
Nessus Manager

20,000 agents per group if not sending to SecurityCenter

1,000 agents per group if sending to SecurityCenter

Caution: If you scan multiple groups of agents in a single scan, the total number of agents per scan might not match the total number of agents per group. For example, if you have three groups of 750 agents, all in one scan, then data for 2,250 agents would be imported into SecurityCenter at one time and may overwhelm it.

Group Types

Before you deploy agents to your environment, create groups based on your scanning strategy.

The following are example group types:

Operating System

Asset Type or Location

You can also add agents to more than one group if you have multiple scanning strategies.

Scan Profile Strategy

Once agents are deployed to all necessary assets, you can create scan profiles and tie them to existing agent groups. A few scan strategies are described below.

Operating System Scan strategy

The following strategy is useful if your scanning strategy is based off of the operating system of an asset.

Basic Agent Scan - Linux

In this example, a scan is created based on the Basic Agent Scan template, and is assigned the group Amazon Linux, CentOS, and Red Hat. This scan will only scan these assets.

Asset Type or Location Scan Strategy

The following strategy is useful if your scanning strategy is based off of the asset type or location of an asset.

Basic Agent Scan - Production Servers

In this example, a scan is created a scan based on the Basic Agent Scan template, and is assigned the group Production Servers. This scan will only scan production server assets.

Basic Agent Scan - Workstations

In this example, a scan is created based on the Basic Agent Scan template, and is assigned the group Workstations. This scan will only scan workstation assets.

Note: Workstation scans may want to be configured for longer scan windows, as most organizations cannot guarantee when these systems will be online (as opposed to servers which are typically on 24/7).

Scan Staggering

While scans with the Nessus Agents are more efficient in many ways than traditional network scans, scan staggering is something to consider on certain types of systems.

For example, if you install Nessus Agents on virtual machines, you may want to distribute agents among several groups and have their associated scan windows start at slightly different times.

Staggering scans limits the one-time load on the virtual host server, because agents run their assessments as soon as possible at the start of the scan window. Virtual environments that are oversubscribed or resource-limited may experience performance issues if agent assessments start on all systems at the same time.

Copyright 2018 Tenable, Inc. All rights reserved. Tenable Network Security, Nessus, SecurityCenter, SecurityCenter Continuous View and Log Correlation Engine are registered trademarks of Tenable, Inc. Tenable, Tenable.io, Assure, and The Cyber Exposure Company are trademarks of Tenable, Inc. All other products or services are trademarks of their respective owners.