Cloud Requirements
The primary method to deploy Tenable Security Center in a cloud environment is with Tenable Core + Tenable Security Center. For more information, see the Tenable Core User Guide.
However, you can install Tenable Security Center in vendor-supported version of your cloud environment that meets the operating system requirements to run Tenable Security Center.
The following guidelines can help you install Tenable Security Center in an Amazon Elastic Compute Cloud (Amazon EC2) cloud-based environment or an Azure Virtual Machine (Azure Virtual Image) cloud-based environment, but they do not cover all deployment scenarios or cloud environments. For assistance with a different cloud environment, contact Tenable Professional Services.
Supported Amazon EC2 Instance Types
You can install Tenable Security Center in an Amazon Elastic Compute Cloud (Amazon EC2) cloud-based environment that meets all of the following requirements.
Tenable Security Center uses a balance of networking and compute resources and requires persistent storage for proper operation. To meet these requirements, Tenable supports installing Tenable Security Center on M5 instances with General Purpose SSD (gp2) EBS storage.
Tenable recommends the following Amazon EC2 instance types based on your Tenable Security Center deployment size.
Requirements When Running Basic Network Scans + Local Checks
|
# of Hosts Managed by Tenable Security Center |
EC2 Instance Type |
Disk Space Used for Vulnerability Trending |
|---|---|---|
|
1 to 2,500 |
m5.2xlarge |
90 days: 130 GB 180 days: 260 GB |
|
2,501 to 10,000 |
m5.4xlarge |
90 days: 450 GB 180 days: 900 GB |
|
10,001 to 25,000 |
m5.8xlarge |
90 days: 2.4 TB 180 days: 5 TB |
|
25,001 to 50,000 |
m5.12xlarge |
90 days: 4.5 TB 180 days: 9 TB |
|
50,001 or more |
For assistance with large enterprise deployments greater than 50,000 active IP addresses, contact your Tenable representative. |
|
Requirements When Running Basic Network Scans + Local Checks + 1 Configuration Audit
|
# of Hosts Managed by Tenable Security Center |
EC2 Instance Type |
Disk Space Used for Vulnerability Trending |
|---|---|---|
|
1 to 2,500 |
m5.2xlarge |
90 days: 225 GB 180 days: 450 GB |
|
2,501 to 10,000 |
m5.4xlarge |
90 days: 900 GB 180 days: 1.8 TB |
|
10,001 to 25,000 |
m5.8xlarge |
90 days: 4.5 TB 180 days: 9 TB |
|
25,001 to 50,000 |
m5.12xlarge |
90 days: 9 TB 180 days: 18 TB |
|
50,001 or more |
For assistance with large enterprise deployments greater than 50,000 active IP addresses, contact your Tenable representative. |
|
Supported Amazon Machine Images (AMIs)
Tenable provides an AMI for Tenable Core, but not for other cloud deployments without Tenable Core. Tenable supports using the following Amazon Marketplace AMI for Tenable Security Center without Tenable Core:
Configuration considerations:
-
These AMIs may not include Java, but Tenable Security Center requires OpenJDK or the Oracle Java JRE to export PDF reports.
You must install OpenJDK or the Oracle Java JRE onto your AMI before hosting Tenable Security Center. For more information, see Dependencies.
-
These AMIs may configure an SELinux enforcing mode policy, which requires customization to be compatible with Tenable Security Center.
You must use the SELinux sealert tool to identify errors and solutions. For more information, see Customize SELinux Enforcing Mode Policies for Tenable Security Center.
-
You must confirm these AMIs meet all other standard requirements for operating systems. For more information, see Operating System Requirements.
Supported Azure Instance Types
You can install Tenable Security Center in an Azure Virtual Machine (Azure Virtual Image) cloud-based environment that meets all of the following requirements.
Tenable recommends the following virtual machine instance types based on your Tenable Security Center deployment size. You may need to increase the storage allocated to the virtual machine instance depending on usage.
Requirements When Running Basic Network Scans + Local Checks
|
# of Hosts Managed by Tenable Security Center |
Virtual Machine Instance |
Disk Space Used for Vulnerability Trending |
|---|---|---|
|
1 to 2,500 |
D4s_v3 |
90 days: 130 GB 180 days: 260 GB |
|
2,501 to 10,000 |
D16s_v3 |
90 days: 450 GB 180 days: 900 GB |
|
10,001 to 25,000 |
D32s_v3 |
90 days: 2.4 TB 180 days: 5 TB |
|
25,001 to 50,000 |
D48s_v3 |
90 days: 4.5 TB 180 days: 9 TB |
|
50,001 or more |
For assistance with large enterprise deployments greater than 50,000 active IP addresses, contact your Tenable representative. | |
Requirements When Running Basic Network Scans + Local Checks + 1 Configuration Audit
|
# of Hosts Managed by Tenable Security Center |
EC2 Instance Type |
Disk Space Used for Vulnerability Trending |
|---|---|---|
|
1 to 2,500 |
D4s_v3 |
90 days: 225 GB 180 days: 400 GB |
|
2,501 to 10,000 |
D16s_v3 |
90 days: 900 GB 180 days: 1.8 TB |
|
10,001 to 25,000 |
D32s_v3 |
90 days: 4.5 TB 180 days: 9 TB |
|
25,001 to 50,000 |
D48s_v3 |
90 days: 9 TB 180 days: 18 TB |
|
50,001 or more |
For assistance with large enterprise deployments greater than 50,000 active IP addresses, contact your Tenable representative. |
|
Supported Azure Machine Images
Tenable provides an Azure image for Tenable Core, but not for other cloud deployments without Tenable Core. Tenable supports using the following Azure images for Tenable Security Center:
Configuration considerations:
-
These images may not include Java, but Tenable Security Center requires OpenJDK or the Oracle Java JRE to export PDF reports.
You must install OpenJDK or the Oracle Java JRE onto your image before hosting Tenable Security Center. For more information, see Dependencies.
-
These images may configure an SELinux enforcing mode policy, which requires customization to be compatible with Tenable Security Center.
You must use the SELinux sealert tool to identify errors and solutions. For more information, see Customize SELinux Enforcing Mode Policies for Tenable Security Center.
- You must confirm these images meet all other standard requirements for operating systems. For more information, see Operating System Requirements.
Supported Google Cloud Platform (GCP) Instance Types
You can install Tenable Security Center in a GCP cloud-based environment that meets all of the following requirements. Tenable Security Center uses a balance of networking and compute resources and requires persistent storage for proper operation.
Tenable recommends the following GCP instance types based on your Tenable Security Center deployment size.
Requirements When Running Basic Network Scans + Local Checks
|
# of Hosts Managed by Tenable Security Center |
EC2 Instance Type |
Disk Space Used for Vulnerability Trending |
|---|---|---|
|
1 to 2,500 |
c4a-standard-8 |
90 days: 130 GB 180 days: 260 GB |
|
2,501 to 10,000 |
c4a-standard-16 |
90 days: 450 GB 180 days: 900 GB |
|
10,001 to 25,000 |
c4a-standard-32 |
90 days: 2.4 TB 180 days: 5 TB |
|
25,001 to 50,000 |
c4a-standard-48 |
90 days: 4.5 TB 180 days: 9 TB |
|
50,001 or more |
For assistance with large enterprise deployments greater than 50,000 active IP addresses, contact your Tenable representative. |
|
Requirements When Running Basic Network Scans + Local Checks + 1 Configuration Audit
|
# of Hosts Managed by Tenable Security Center |
EC2 Instance Type |
Disk Space Used for Vulnerability Trending |
|---|---|---|
|
1 to 2,500 |
c4a-standard-8 |
90 days: 225 GB 180 days: 450 GB |
|
2,501 to 10,000 |
c4a-standard-16 |
90 days: 900 GB 180 days: 1.8 TB |
|
10,001 to 25,000 |
c4a-standard-32 |
90 days: 4.5 TB 180 days: 9 TB |
|
25,001 to 50,000 |
c4a-standard-48 |
90 days: 9 TB 180 days: 18 TB |
|
50,001 or more |
For assistance with large enterprise deployments greater than 50,000 active IP addresses, contact your Tenable representative. |
|
External PostgreSQL Requirements
You can install Tenable Security Center configured to work with a PostgreSQL instance managed by you. PostgreSQL is required for certain features. For more information about connecting a PostgreSQL database, see Connect an External PostgreSQL Server.
This is a required configuration if you have more than 100K hosts.
If you set up your PostgreSQL instance in a cloud environment, the following are guidelines for choosing your instance size. Note that the disk space in the following table is only for PostgreSQL data, and does not include any other OS or other dependencies you have.
|
# of Hosts Managed by Tenable Security Center |
AWS |
Azure | Google Cloud Platform (GCP) |
Minimum Disk Space Required for PostgreSQL Data |
|---|---|---|---|---|
|
2,500 active IPs |
m6g.xlarge |
D4s_v3 |
t2a-standard-4 |
20 GB |
|
10,000 active IPs |
m6g.2xlarge |
D16s_v3 |
t2a-standard-8 |
50 GB |
|
25,000 active IPs |
m6g.4xlarge |
D32s_v3 |
t2a-standard-16 |
100 GB |
|
100,000 active IPs |
m6g.8xlarge |
D48s_v3 |
t2a-standard-32 |
400GB |
|
250,000 active IP |
m6g.16xlarge |
D64s_v3 |
t2a-standard-48 |
1 TB |