From Nexpose_Administrators_Guide

Configuring maximum performance in an Enterprise Environment.

General info about Nexpose.

The security Console is the base of operations in a deployment.

- The security console can manage scan engines and creates a repository of
information about each scan.
- The security console updates the repository while maintaining all historical
data about scans, assets and vulnerabilities.
- The security console is designed to meet the scaling demand of an enterprise
level deployment.

One security console can handle hundreds of scan engines, thousands of assets, and
any number of reports.

Scan volume drives resource requirements

For resource sizing requirements, consider these:

 Numbers of IP Addresses that the application will scan:

Every target generate a certain amount of data for the security console to
store in its database, more targets mean more data.
 The frequency with which it will scan those assets
 The depth of scanning a web scan typically require more time and resources
 The amount of detailed, historical scan data that it will retain over time.

Selecting a Security Console

The security console is available in Windows and Linux version

- Software version of Security Console is more appropriate for bigger

deployments since you can scale its host system to match the demands of an
expanding target asset environment.
- Hardware configuration recommended to host the security console.
“enterprise level” can vary.

Important : from past experience deployment indicates that:

- 25.000 ip addresses or more, scanned with any reasonable frequency

warrants this recommended configuration.
 Vendor: IBM or HP
 Processor : 2x Intel quad core Xeon 55xx (2 sockets , 8 core, 16 Threads
total).
 RAM : 48 – 96 GB with error-correction code (ECC) memory;
 Storage: 8-12 x 7200 RPM SATA/SAS hard drives, either 3.5” or 2.5”(if
the chassis can only )
 Network interface card (NIC): 2x 1 GbE (one for scans, and one for
redundancy or for a private-management subnet)

Examples of products that meet these specifications include the following:

1: HP Proliant DL 380 G6

2: IBM System x3650 M2y

Maintaining the database

During a database backup, Nexpose goes into a maintenance mode and cannot run
scans.
Planning a deployment involves coordinating backup periods with scan windows.
The time needed for backing up the database depends on the amount of data and
may take several hours to complete.
A backups saves the following items:
The database, configuration files (nsc.xml, nse.xml, userdb.xml, console.xml),
licenses, keystores, report images, custom report templates, custom scan templates,
generated reports, scan logs.

Database maintenance routines on a regular basis:

 Clean up the database optimization to remove leftover data that is associated
with deleted objects, such as sites, assets, or users.
 Compress database tables to free up unused table space.
 Rebuild database indexes that may have become fragmented or corrupted
over time