Cloud Requirements

The primary method to deploy Tenable Security Center in a cloud environment is with Tenable CoreTenable Security Center. For more information, see the Tenable Core User Guide.

However, you can install Tenable Security Center in vendor-supported version of your cloud environment that meets the operating system requirements to run Tenable Security Center.

The following guidelines can help you install Tenable Security Center in an Amazon Elastic Compute Cloud (Amazon EC2) cloud-based environment or an Azure Virtual Machine (Azure Virtual Image) cloud-based environment, but they do not cover all deployment scenarios or cloud environments. For assistance with a different cloud environment, contact Tenable Professional Services.

Supported Amazon EC2 Instance Types

You can install Tenable Security Center in an Amazon Elastic Compute Cloud (Amazon EC2) cloud-based environment that meets all of the following requirements.

Tenable Security Center uses a balance of networking and compute resources and requires persistent storage for proper operation. To meet these requirements, Tenable supports installing Tenable Security Center on M5 instances with General Purpose SSD (gp2) EBS storage.

Tenable recommends the following Amazon EC2 instance types based on your Tenable Security Center deployment size.

Requirements When Running Basic Network Scans + Local Checks

# of Hosts Managed by Tenable Security Center

EC2 Instance Type

Disk Space Used for Vulnerability Trending

1 to 2,500

m5.2xlarge

90 days: 130 GB

180 days: 260 GB

2,501 to 10,000

m5.4xlarge

90 days: 450 GB

180 days: 900 GB

10,001 to 25,000

m5.8xlarge

90 days: 2.4 TB

180 days: 5 TB

25,001 to 50,000

m5.12xlarge

90 days: 4.5 TB

180 days: 9 TB

50,001 or more

For assistance with large enterprise deployments greater than 50,000 active IP addresses, contact your Tenable representative.

Requirements When Running Basic Network Scans + Local Checks + 1 Configuration Audit

# of Hosts Managed by Tenable Security Center

EC2 Instance Type

Disk Space Used for Vulnerability Trending

1 to 2,500

m5.2xlarge

90 days: 225 GB

180 days: 450 GB

2,501 to 10,000

m5.4xlarge

90 days: 900 GB

180 days: 1.8 TB

10,001 to 25,000

m5.8xlarge

90 days: 4.5 TB

180 days: 9 TB

25,001 to 50,000

m5.12xlarge

90 days: 9 TB

180 days: 18 TB

50,001 or more

For assistance with large enterprise deployments greater than 50,000 active IP addresses, contact your Tenable representative.

Supported Amazon Machine Images (AMIs)

Tenable provides an AMI for Tenable Core, but not for other cloud deployments without Tenable Core. Tenable supports using the following Amazon Marketplace AMI for Tenable Security Center without Tenable Core:

Configuration considerations:

  • These AMIs may not include Java, but Tenable Security Center requires OpenJDK or the Oracle Java JRE to export PDF reports.

    You must install OpenJDK or the Oracle Java JRE onto your AMI before hosting Tenable Security Center. For more information, see Dependencies.

  • These AMIs may configure an SELinux enforcing mode policy, which requires customization to be compatible with Tenable Security Center.

    You must use the SELinux sealert tool to identify errors and solutions. For more information, see Customize SELinux Enforcing Mode Policies for Tenable Security Center.

  • You must confirm these AMIs meet all other standard requirements for operating systems. For more information, see Operating System Requirements.

Supported Azure Instance Types

You can install Tenable Security Center in an Azure Virtual Machine (Azure Virtual Image) cloud-based environment that meets all of the following requirements.

Tenable recommends the following virtual machine instance types based on your Tenable Security Center deployment size. You may need to increase the storage allocated to the virtual machine instance depending on usage.

Requirements When Running Basic Network Scans + Local Checks

# of Hosts Managed by Tenable Security Center

Virtual Machine Instance

Disk Space Used for Vulnerability Trending

1 to 2,500

D4s_v3

90 days: 130 GB

180 days: 260 GB

2,501 to 10,000

D16s_v3

90 days: 450 GB

180 days: 900 GB

10,001 to 25,000

D32s_v3

90 days: 2.4 TB

180 days: 5 TB

25,001 to 50,000

D48s_v3

90 days: 4.5 TB

180 days: 9 TB

50,001 or more

For assistance with large enterprise deployments greater than 50,000 active IP addresses, contact your Tenable representative.

Requirements When Running Basic Network Scans + Local Checks + 1 Configuration Audit

# of Hosts Managed by Tenable Security Center

EC2 Instance Type

Disk Space Used for Vulnerability Trending

1 to 2,500

D4s_v3

90 days: 225 GB

180 days: 400 GB

2,501 to 10,000

D16s_v3

90 days: 900 GB

180 days: 1.8 TB

10,001 to 25,000

D32s_v3

90 days: 4.5 TB

180 days: 9 TB

25,001 to 50,000

D48s_v3

90 days: 9 TB

180 days: 18 TB

50,001 or more

For assistance with large enterprise deployments greater than 50,000 active IP addresses, contact your Tenable representative.

Supported Azure Machine Images

Tenable provides an Azure image for Tenable Core, but not for other cloud deployments without Tenable Core. Tenable supports using the following Azure images for Tenable Security Center:

Configuration considerations:

  • These images may not include Java, but Tenable Security Center requires OpenJDK or the Oracle Java JRE to export PDF reports.

    You must install OpenJDK or the Oracle Java JRE onto your image before hosting Tenable Security Center. For more information, see Dependencies.

  • These images may configure an SELinux enforcing mode policy, which requires customization to be compatible with Tenable Security Center.

    You must use the SELinux sealert tool to identify errors and solutions. For more information, see Customize SELinux Enforcing Mode Policies for Tenable Security Center.

  • You must confirm these images meet all other standard requirements for operating systems. For more information, see Operating System Requirements.

Supported Google Cloud Platform (GCP) Instance Types

You can install Tenable Security Center in a GCP cloud-based environment that meets all of the following requirements. Tenable Security Center uses a balance of networking and compute resources and requires persistent storage for proper operation.

Tenable recommends the following GCP instance types based on your Tenable Security Center deployment size.

Requirements When Running Basic Network Scans + Local Checks

# of Hosts Managed by Tenable Security Center

EC2 Instance Type

Disk Space Used for Vulnerability Trending

1 to 2,500

c4a-standard-8

90 days: 130 GB

180 days: 260 GB

2,501 to 10,000

c4a-standard-16

90 days: 450 GB

180 days: 900 GB

10,001 to 25,000

c4a-standard-32

90 days: 2.4 TB

180 days: 5 TB

25,001 to 50,000

c4a-standard-48

90 days: 4.5 TB

180 days: 9 TB

50,001 or more

For assistance with large enterprise deployments greater than 50,000 active IP addresses, contact your Tenable representative.

Requirements When Running Basic Network Scans + Local Checks + 1 Configuration Audit

# of Hosts Managed by Tenable Security Center

EC2 Instance Type

Disk Space Used for Vulnerability Trending

1 to 2,500

c4a-standard-8

90 days: 225 GB

180 days: 450 GB

2,501 to 10,000

c4a-standard-16

90 days: 900 GB

180 days: 1.8 TB

10,001 to 25,000

c4a-standard-32

90 days: 4.5 TB

180 days: 9 TB

25,001 to 50,000

c4a-standard-48

90 days: 9 TB

180 days: 18 TB

50,001 or more

For assistance with large enterprise deployments greater than 50,000 active IP addresses, contact your Tenable representative.

External PostgreSQL Requirements

You can install Tenable Security Center configured to work with a PostgreSQL instance managed by you. PostgreSQL is required for certain features. For more information about connecting a PostgreSQL database, see Connect an External PostgreSQL Server.

This is a required configuration if you have more than 100K hosts. Tenable Security Center requires PostgreSQLversions 13 through 17.It is also recommended that wal_segment_size is set to be at least 64MB.

If you set up your PostgreSQL instance in a cloud environment, the following are guidelines for choosing your instance size. Note that the disk space in the following table is only for PostgreSQL data, and does not include any other OS or other dependencies you have.

# of Hosts Managed by Tenable Security Center

AWS

Azure Google Cloud Platform (GCP)

Minimum Disk Space Required for PostgreSQL Data

2,500 active IPs

m6g.xlarge

D4s_v3

t2a-standard-4

20 GB

10,000 active IPs

m6g.2xlarge

D16s_v3

t2a-standard-8

50 GB

25,000 active IPs

m6g.4xlarge

D32s_v3

t2a-standard-16

100 GB

100,000 active IPs

m6g.8xlarge

D48s_v3

t2a-standard-32

400GB

250,000 active IP

m6g.16xlarge

D64s_v3

t2a-standard-48

1 TB