At Tufinovate 2020, AERAsec has been nominated as

EMEA SDP / Service Partner of the Year

Thanks to Tufin for this award!




Many thanks to Tufin for nominating us at Tufinnovate EMEA 2019 in Lisbon. We are proud to be awarded to be

  2018 EMEA Service Provider of the Year

So about one year after becoming the first Tufin Service Delivery Partner in Central Europe, it's an honor for us to be awarded with this price.

Award Ceremony Tufinnovate 2019, Lisbon - Portugal, 11.09.2019
From left to right:
- Ruvi Kitov, CEO and Co-Founder Tufin Technologies
- Kevin Raff, IT Security Consultant AERAsec
- Dr. Matthias Leu, CEO and Founder AERAsec
- Mike Menegay, VP of Global Channels Tufin Technologies
- Remko Postma, Director of Channels EMEA Tufin Technologies




Many installations use Tufin Appliances to run SecureTrack and/or SecureChange with SecureApp. In some situations it feels as if with each new version of TOS the performance becomes slower and slower while in parallel the load of the machine becomes higher - even if there is no change in the number of monitored devices, log volume or number of concurrent users.

Looking at older versions like e.g. 17-1, the requirements for SecureTrack and SecureChange on a machine were 4 processor cores and 4 GB RAM. Recommendation for productive environments were at least 4 processor cores and 8 to 12 GB RAM.

Since then many features have been added to Tufin Orchestration Suite, so the software package has become much bigger, e.g. 16-1 was about 750 MB, 17-1 was about 810 MB while 18-1 has grown up to approximately 1.4 GB. A possible reason are many new features that are added to the code. The size of the code has nearly doubled which in consequence leads to an increase of hardware requirements. These are today:

  • CPU: 24 Cores
  • RAM: 32 GB
  • HD: 1 TB usable space in RAID

For a production environment recommended hardware is

  • CPU: 32 Cores
  • RAM: 64 GB
  • HD: 2 TB usable space in RAID

Following these recommendations, a Tufin T-510 fulfills minimum requirements only. Even if this machine has been suitable for some environments about two or three years ago, it's currently recommended to use in productive environments the appliances T-1100 or T-1100XL only.
The load on a machine can be reduced using Tufin Distributed Architecture. In this configuration, Remote Collectors and Distribution Servers take load from the Central Server. Additional licenses are not required, only additional hardware.

The "real requirements" depend not only on the number of monitored devices, but also on the size and complexity of rule bases as well as the number of logs, concurrent users etc. Please consult your Tufin SE to get more detailed information about your individual hardware requirements.





Many thanks to Tufin Technologies for nominating us at Tufinnovate EMEA 2017:

AERAsec is Tufin "Partner of the Year 2016 Central EMEA"



Award Ceremony Tufinnovate 2017, Frankfurt/Main - Germany, 19.10.2017
from left to right:
- Ruvi Kitov, CEO and Co-Founder Tufin Technologies
- Dr. Matthias Leu, CEO and Founder AERAsec
- Ian Rigby, VP EMEA Tufin Technologies

 Please see also:






To find a serial number of a Tufin Appliance like T-1100 is quite easy - just have a look at the hardware and you will find this number. But what if there is no physical access to the box itself? You can find out the serial number via console also by using the command

[root@TufinOS ~]# dmidecode -s chassis-serial-number

It sounds easy, and yes - it's easy to get the serial number of a Tufin Appliance using CLI.



For administration of Tufin SecureTrack and Tufin SecureChange you need at least one administrative account. This account must not be lost and the password must not be forgotten.

If it is forgotten, there is a way to reset the admin account if CLI access is possible as root.


SecureChange / SecureApp

Resetting the admin account here is quite easy. Just type

#  scw help
scw: Usage: scw help|info|version|reset-admin

and you see the solution. Resetting the account by

#  scw reset-admin

will deliver the password admin which needs to be changed at the next login.



The procedure shown for SecureChange doesn't work for SecureTrack. But there is a command that will allow you to define a new (administrative) user.

# st_add_user

This command starts a routine to define a new user. You will be asked questions about username, password, Mail-Address and -configuration as well as real name adn date format.
After this procedure this user can be taken for a login and for modifying the "old" admin user. If needed, this new user can be deleted after having the password for the other admin account resetted.