System and License Requirements
To install and run Tenable Core + Tenable.ot, your application and system must meet the following requirements.
Note: Tenable Support does not assist with issues related to your CentOS 7 operating system, even if you encounter them during installation or deployment.
| Environment | Tenable Core File Format | More Information | |
|---|---|---|---|
| Virtual Machine | VMware | .ova file | |
|
Tenable-provided hardware |
.iso image |
Install Tenable Core on Tenable-Provided Hardware Note: Tenable Core + Tenable.ot requires Tenable-provided hardware. For more information, contact your Tenable representative. |
|
Note: While you could use the packages to run Tenable Core in other environments, Tenable does not provide documentation for those procedures.
Tenable.ot Requirements
Note: Tenable does not recommend deploying multiple applications on a single instance of Tenable Core. If you want to deploy several applications on Tenable Core, deploy a unique instance for each application.
Tenable Core + Tenable.ot ships with the latest version of Tenable.ot included.
For more information about requirements specifically for Tenable.ot, see Tenable.ot in the General Requirements Guide.
Tenable.ot System Requirements
You can Install Tenable.ot on a hypervisor1 or directly on user-supplied hardware running Tenable Core.
Note: Tenable strongly discourages running Tenable Core + Tenable.ot in an environment shared with other Tenable applications. (For example, installing two products on the same virtual machine, or in the same Tenable Core system.)
Tenable recommends installing Tenable.ot on direct-attached storage (DAS) devices, preferably solid-state drives (SSD), for best performance. Tenable strongly encourages the use of solid-state storage (SSS) that have a high drive-writes-per-day (DWPD) rating to ensure longevity.
Tenable does not support installing Tenable.ot on network-attached storage (NAS) devices. Storage area networks (SAN) with a storage latency of 10 milliseconds or less, or Tenable hardware appliances, are a good alternative in such cases.
Enterprise networks can vary in performance, capacity, protocols, and overall activity. Resource requirements to consider for deployments include raw network speed, the size of the network to monitor, and the configuration of the application. Processors, memory, and network card selection are heavily based on these deployment configurations. Disk space requirements vary depending on usage based on the amount of data, and length of time, you store data on the system.
Note:Tenable.ot needs to be able to perform full packet captures of monitored traffic2, and the size of the policy event data stored by Tenable.ot depends on the number of devices and the type of environment.
ICP System Requirement Guidelines (Virtual or Tenable Core)
| Site Size | Maximum SPAN/TAP Throughput (Mbps) | CPU Cores3 | Memory (DDR4) | Storage Requirements | Network Interfaces |
|---|---|---|---|---|---|
| Small | 150 Mbps or less | 4 x 2 GHz | 12 GB RAM | 128 GB | Minimum 4 x 1 Gbps |
| Medium | 150-300 Mbps | 8 x 2 GHz | 16 GB RAM | 512 GB | Minimum 4 x 1 Gbps |
| Large | 300-600 Mbps | 16 x 2 GHz | 32 GB RAM | 1 TB | Minimum 4 x 1 Gbps |
| XL | 600 Mbps to 1 GB | 32 x 3 GHz | 64 GB RAM or more | 2 TB or more | Minimum 4 x 1 Gbps |
Tenable.ot uses the following mounted partitions:
| Partition | Content |
|---|---|
| / | operating system |
| /opt | application and database files |
| /var/pcap | packet captures (full packet capture, event, query) |
The standard install process places these partitions on the same disk. Tenable recommends moving these to partitions on separate disks to increase throughput. Tenable.ot is a disk-intensive application and using disks with high read/write speeds, such as SSDs, results in the best performance. Tenable recommends using an SSD with high DWPD ratings on customer-supplied hardware installations when using the packet capture feature in Tenable.ot.
Tip: Deploying Tenable.ot on a hardware platform configured with a redundant array of independent disks (RAID 0) can dramatically boost performance.
Tip: Tenable does not require RAID disks for even our largest customers. However, in one instance, response times for queries with a faster RAID disk for a customer with more than one million managed vulnerabilities moved from a few seconds to less than a second.
Network Interface Requirements
You must have four network interfaces present on your device before installing Tenable.ot. Tenable recommends the use of gigabit interfaces. The VMWare OVA creates these interfaces automatically. Create these interfaces manually when you are installing the ISO on your own hardware.
Note: Tenable does not provide SR-IOV support for the use of 10 G network cards and does not guarantee 10 G speeds with the use of 10 G network cards.
nic0(192.168.1.5) and nic3 (192.168.3.3) have static IP addresses when you install Tenable Core + Tenable.ot in a hardware, or virtual, environment. Other network interface controllers (NICs) use DHCP.
nic3 (192.168.3.3) has a static IP address when you deploy Tenable Core + Tenable.ot on VMware. Other NICs use DHCP. Confirm that the Tenable Core nic1 MAC address matches the NIC MAC address in your VMware passive scanning configuration. Modify your VMware configuration to match your Tenable Core MAC address if necessary.
For more information, see Manually Configure a Static IP Address, Manage System Networking, and the VMware Documentation.