Cloud Requirements

The primary method to deploy Tenable Security Center in a cloud environment is with Tenable CoreTenable Security Center. For more information, see the Tenable Core User Guide.

However, you can install Tenable Security Center in vendor-supported version of your cloud environment that meets the operating system requirements to run Tenable Security Center.

The following guidelines can help you install Tenable Security Center in an Amazon Elastic Compute Cloud (Amazon EC2) cloud-based environment or an Azure Virtual Machine (Azure Virtual Image) cloud-based environment, but they do not cover all deployment scenarios or cloud environments. For assistance with a different cloud environment, contact Tenable Professional Services.

Supported Amazon EC2 Instance Types

You can install Tenable Security Center in an Amazon Elastic Compute Cloud (Amazon EC2) cloud-based environment that meets all of the following requirements.

Tenable Security Center uses a balance of networking and compute resources and requires persistent storage for proper operation. To meet these requirements, Tenable supports installing Tenable Security Center on M5 instances with General Purpose SSD (gp2) EBS storage.

Tenable recommends the following Amazon EC2 instance types based on your Tenable Security Center deployment size.

Requirements When Running Basic Network Scans + Local Checks

# of Hosts Managed by Tenable Security Center EC2 Instance Type Disk Space Used for Vulnerability Trending
1 to 2,500 m5.2xlarge

90 days: 125 GB

180 days: 250 GB

2,501 to 10,000 m5.4xlarge

90 days: 450 GB

180 days: 900 GB

10,001 to 25,000 m5.8xlarge

90 days: 2.4 TB

180 days: 5 TB

25,001 to 50,000

m5.12xlarge

90 days: 4.5 TB

180 days: 9 TB

50,001 or more For assistance with large enterprise deployments greater than 50,000 active IP addresses, contact your Tenable representative.

Requirements When Running Basic Network Scans + Local Checks + 1 Configuration Audit

# of Hosts Managed by Tenable Security Center EC2 Instance Type Disk Space Used for Vulnerability Trending
1 to 2,500 m5.4xlarge

90 days: 225 GB

180 days: 450 GB

2,501 to 10,000 m5.8xlarge

90 days: 900 GB

180 days: 1.8 TB

10,001 to 25,000 m5.8xlarge

90 days: 4.5 TB

180 days: 9 TB

25,001 to 50,000

m5.12xlarge

90 days: 9 TB

180 days: 18 TB

50,001 or more For assistance with large enterprise deployments greater than 50,000 active IP addresses, contact your Tenable representative.

Supported Amazon Machine Images (AMIs)

Tenable provides an AMI for Tenable Core, but not for other cloud deployments without Tenable Core. Tenable supports using the following Amazon Marketplace AMI for Tenable Security Center without Tenable Core:

AMI Required Configuration Changes
CentOS 7 (x86_64) - with Updates HVM
  • This AMI does not include Java, but Tenable Security Center requires OpenJDK or the Oracle Java JRE to export PDF reports.

    You must install OpenJDK or the Oracle Java JRE onto your AMI before hosting Tenable Security Center. For more information, see Dependencies.

  • This AMI configures an SELinux enforcing mode policy, which requires customization to be compatible with Tenable Security Center.

    You must use the SELinux sealert tool to identify errors and solutions. For more information, see Customize SELinux Enforcing Mode Policies for Tenable Security Center.

  • You must confirm this AMI meets all other standard requirements for operating systems. For more information, see Operating System Requirements.

Supported Azure Instance Types

You can install Tenable Security Center in an Azure Virtual Machine (Azure Virtual Image) cloud-based environment that meets all of the following requirements.

Tenable recommends the following virtual machine instance types based on your Tenable Security Center deployment size. You may need to increase the storage allocated to the virtual machine instance depending on usage.

Requirements When Running Basic Network Scans + Local Checks

# of Hosts Managed by Tenable Security Center Virtual Machine Instance Disk Space Used for Vulnerability Trending
1 to 2,500 D3V2

90 days: 125 GB

180 days: 250 GB

2,501 to 10,000 D4V2

90 days: 450 GB

180 days: 900 GB

10,001 to 25,000 F16

90 days: 2.4 TB

180 days: 5 TB

25,001 to 50,000

F32SV2

90 days: 4.5 TB

180 days: 9 TB

50,001 or more For assistance with large enterprise deployments greater than 50,000 active IP addresses, contact your Tenable representative.

Requirements When Running Basic Network Scans + Local Checks + 1 Configuration Audit

# of Hosts Managed by Tenable Security Center EC2 Instance Type Disk Space Used for Vulnerability Trending
1 to 2,500 D3V2

90 days: 125 GB

180 days: 250 GB

2,501 to 10,000 D4V2

90 days: 900 GB

180 days: 1.8 TB

10,001 to 25,000 F16

90 days: 4.5 TB

180 days: 9 TB

25,001 to 50,000

D32SV3

90 days: 9 TB

180 days: 18 TB

50,001 or more For assistance with large enterprise deployments greater than 50,000 active IP addresses, contact your Tenable representative.

Supported Azure Machine Images

Tenable provides an Azure image for Tenable Core, but not for other cloud deployments without Tenable Core. Tenable supports using the following Azure image for Tenable Security Center:

AMI Required Configuration Changes
CIS CentOS Linux 7 Benchmark L1
  • This image does not include Java, but Tenable Security Center requires OpenJDK or the Oracle Java JRE to export PDF reports.

    You must install OpenJDK or the Oracle Java JRE onto your image before hosting Tenable Security Center. For more information, see Dependencies.

  • This image configures an SELinux enforcing mode policy, which requires customization to be compatible with Tenable Security Center.

    You must use the SELinux sealert tool to identify errors and solutions. For more information, see Customize SELinux Enforcing Mode Policies for Tenable Security Center.

  • You must confirm this image meets all other standard requirements for operating systems. For more information, see Operating System Requirements.

Tenable Security Center in Kubernetes Requirements

Note: Tenable recommends using an empty Kubernetes cluster for Tenable Security Center deployments. These requirements assume that the Kubernetes cluster where you install Tenable Security Center has nothing else installed.

Tenable strongly recommends using high-performance disks when you deploy Tenable Security Center in a Kubernetes cluster. Tenable Security Center is a disk-intensive application and using disks with high read/write speeds (for example, SSDs or NVMe SSDs) results in the best performance. The requirements in the following tables are based on AWS M5 or better processor specifications. Using slower processors, like those found in AWS M5a instances, will impact performance for your Tenable Security Center in Kubernetes deployment.

For supported Kubernetes environments and installation instructions, see Tenable Security Center in Kubernetes.

Requirements When Running Basic Network Scans + Local Checks

# of Hosts Managed by Tenable Security Center

CPU

Memory

Disk Space used for Vulnerability Trending

1 to 2,500 active IPs

8000 m

32 GiB

90 days: 125 GB

180 days: 250 GB

2,501 to 10,000 active IPs

16000 m

64 GiB

90 days: 450 GB

180 days: 900 GB

10,001 to 25,000 active IPs

32000 m

128 GiB

90 days: 2.4 TB

180 days: 5 TB

25,001 to 50,000 active IPs

48000 m

192 GiB

90 days: 4.5 TB

180 days: 9 TB

Requirements When Running Basic Network Scans + Local Checks + 1 Configuration Audit

# of Hosts Managed by Tenable Security Center

CPU

Memory

Disk Space used for Vulnerability Trending

1 to 2,500 active IPs

16000 m

64 GiB

90 days: 225 GB

180 days: 450 GB

2,501 to 10,000 active IPs

32000 m

128 GiB

90 days: 900 GB

180 days: 1.8 TB

10,001 to 25,000 active IPs

32000 m

128 GiB

90 days: 4.5 TB

180 days: 9 TB

25,001 to 50,000 active IPs

48000 m

192 GiB

90 days: 9 TB

180 days: 18 TB

External PostgreSQL Requirements

You can install Tenable Security Center configured to work with a PostgreSQL instance managed by you. PostgreSQL is required for certain features introduced in Tenable Security Center 6.5.0. For more information about connecting a PostgreSQL database, see Connect an External PostgreSQL Server.

This is a required configuration if you have more than 100K hosts. The minimum version of PostgreSQL that Tenable Security Center requires is version 16. It is also recommended that wal_segment_size is set to be at least 64MB.

If you set up your PostgreSQL instance in a cloud environment, the following are guidelines for choosing your instance size. Note that the disk space in the following table is only for PostgreSQL data, and does not include any other OS or other dependencies you have.

# of Hosts Managed by Tenable Security Center

AWS

Azure

Minimum Disk Space Required for PostgreSQL Data

2,500 active IPs

r6g.xlarge E4ps

10 GB

10,000 active IPs

r6g.2xlarge E8ps

40 GB

25,000 active IPs

r6g.4xlarge E16ps

100 GB

100,000 active IPs

r6g.8xlarge E20ps

400 GB