Tiered Deployments

Related Reading: Tiered Remote Repositories in the Tenable Security Center User Guide and Hardware Requirements in the General Requirements Guide

A tiered remote repository configuration uses remote repositories to share data between multiple Tenable Security Center instances.

If you plan to support 100,000-249,999 hosts, Tenable recommends a tiered remote repository configuration.
If you plan to support 250,000 or more hosts, Tenable requires a tiered remote repository configuration.

Tiered Tenable Security Center instances perform informal roles in your overall Tenable Security Center deployment. Tenable recommends at least one designated reporting Tenable Security Center and an additional Tenable Security Center instance for every 100,000 to 150,000 hosts on your network.

A scanning tier Tenable Security Center optimizes scanning by managing scan jobs across your attached scanners. Scanning tier Tenable Security Center instances prioritize efficient collection of scan data.
A reporting tier Tenable Security Center optimizes dashboards and reporting by centralizing the data collected by scanning tier Tenable Security Center instances.

Note: Your scanning tier and reporting tier Tenable Security Center instances must be running the same Tenable Security Center version.

Without a tiered remote repository configuration, enterprise-scale scanning and analysis may cause performance issues on a single Tenable Security Center. Tiered remote repositories optimize your analysis and report generation without negatively impacting scanning performance.

Tip: While you could connect two Tenable Security Center instances as offline repositories, offline repositories do not establish a true connection between the instances. All data must be transferred manually between offline repositories.

Connect Tiers Using Repositories

Connect your scanning tiers to your reporting tiers as read-only repositories in your reporting tier Tenable Security Center deployments.

To configure a tiered remote repository deployment:

On the scanning tier Tenable Security Center instance, create one or more repositories for storing scan result data.

Note: To view trend data for scanning tier Tenable Security Center instances on your reporting tier Tenable Security Center instance, enable the Generate Trend Data option for each repository on your scanning tier Tenable Security Center instances. For more information, see Agent Repositories and IPv4/IPv6 Repositories.
On the scanning tier Tenable Security Center instance, run scans to populate the repositories with data.
On the reporting tier Tenable Security Center instance, create a remote repository for each repository on your scanning tier Tenable Security Center instance.

The reporting tier Tenable Security Center syncs scan result data from the scanning tier Tenable Security Center repositories.

By default, remote repositories synchronize daily. You can use the Tenable Security Center API to initiate more frequent data refreshes.

Version and Upgrade Considerations

Your scanning tier and reporting tier Tenable Security Center instances must be running the same Tenable Security Center version. When upgrading to a new version of Tenable Security Center, update your reporting tier instance before your scanning tier instances.

Hardware Considerations

For optimal performance, customize the hardware on your scanning tier and reporting tier instances.

Scanning Tier Instance	Reporting Tier Instance
Scanning tier instances benefit from: High CPU speeds High disk I/O speeds Consider adding additional CPU and disk I/O resources to support your active scanning and sensor management.	Reporting tier instances benefit from: High capacity, high-speed RAM High capacity disk space Consider adding additional RAM and disk space to support your reporting, user management, and data queries. Tenable recommends 128 GB of RAM for every 100,000 active IP addresses (for example, for 150,000 IP addresses, allocate 192 GB of RAM).

Scanning Tier Instance

Reporting Tier Instance

Scanning tier instances benefit from:

High CPU speeds
High disk I/O speeds

Consider adding additional CPU and disk I/O resources to support your active scanning and sensor management.

Reporting tier instances benefit from:

High capacity, high-speed RAM
High capacity disk space

Consider adding additional RAM and disk space to support your reporting, user management, and data queries.

Tenable recommends 128 GB of RAM for every 100,000 active IP addresses (for example, for 150,000 IP addresses, allocate 192 GB of RAM).

For more information, see Performance.

Plan User Access Control

Grant users access to match the purpose of your scanning tier and reporting tier instances.

Scanning Tier Instance	Reporting Tier Instance
Create accounts for: Technical users who need to configure administrative settings on the instance Technical users who need to configure and run scans Technical users who need to generate reports for organization-wide analysis	Create accounts for: Technical users who need to manage your repositories and tiered configuration. Business users who need a centralized view of cumulative and trend data for vulnerability analysis.

Scanning Tier Instance

Reporting Tier Instance

Create accounts for:

Technical users who need to configure administrative settings on the instance
Technical users who need to configure and run scans
Technical users who need to generate reports for organization-wide analysis

Create accounts for:

Technical users who need to manage your repositories and tiered configuration.
Business users who need a centralized view of cumulative and trend data for vulnerability analysis.