Recently Viewed Topics
Follow these hardware requirements and guidelines to maximize your SecurityCenter performance. Always consider the specific needs of your organization.
Recommended Minimum Hardware Requirements
For specific hardware recommendations, see the General Requirements Guide.
Tenable also recommends considering the following when planning your deployment environment:
- If the Nessus scanner is deployed on the same system as SecurityCenter, there will be less CPU and memory available during scans, causing slower performance. Use multi-core and/or multiple CPU servers to alleviate this. It is strongly recommended that the scanner is placed on a secondary machine.
- For deployments of SecurityCenter with more than 25 active users, add additional memory or CPUs to improve performance.
- As a general rule, use the aggregate of the individual software product resource requirements for determining total hardware system requirements. Hosting multiple Tenable products on the same server is not recommended due to potential memory and CPU constraints.
Network Interface Requirements
Gigabit or faster network cards are recommended for use on the SecurityCenter server. This is to increase the overall performance of web sessions, emails, LCE queries, and other network activities.
If Nessus is deployed on the same server as SecurityCenter, consider configuring the server with multiple network cards and IP addresses. Nessus uses default routes when scanning target networks and will correctly scan a system from the appropriate interface.
Disk Space Requirements
Adequate disk space is critical to a successful SecurityCenter deployment. An important consideration is that SecurityCenter can be configured to save a snapshot of vulnerability archives each day. In addition, the size of the vulnerability data stored by SecurityCenter depends on the number and types of vulnerabilities, not just the number of hosts. For example, 100 hosts with 100 vulnerabilities each could consume as much data as 1,000 hosts with 10 vulnerabilities each. In addition, the output for vulnerability check plugins that do directory listings, etc. is much larger than Open Port plugins from discovery scans.
For networks of 35,000 to 50,000 hosts, Tenable has encountered data sizes of up to 25 GB. That number is based on storage of 50,000 hosts and approximately 500 KB per host.
Additionally, during active scanning sessions, large scans and multiple smaller scans have been reported to consume as much as 150 GB of disk space as results are acquired. Once a scan has completed and its results are imported, that disk space is freed up.
Disk Partition Requirements
SecurityCenter is installed into
/opt/sc by default. Tenable highly recommends that the
/opt directory be created on a separate disk partition. For higher performance, using two disks, one for the operating system and one for the system deployed to
/opt, can be more efficient.
Note: If required disk space exists outside of the
/opt file system, mount the desired target directory using the command
mount –-bind <olddir> <newdir>. Make sure that the file system is automatically mounted on reboot by editing the
/etc/fstab file appropriately.
Deploying SecurityCenter on a server configured with RAID disks can also dramatically boost performance.
Note: SecurityCenter does not require RAID disks for even our largest customers. However, in one instance, response times for queries with a faster RAID disk for a customer with more than 1 million managed vulnerabilities moved from a few seconds to less than a second.