Reference: Installing a Tanium Cloud Access Point

A Tanium Cloud Access Point is an optional component that facilitates communication with Tanium™ Cloud from networks that have restricted access to Tanium Cloud, when it is not possible to use a customer-supplied proxy server. A Tanium Appliance that is configured with the Tanium Cloud Access Point role resides within the restricted network, and Tanium Clients can use it as a proxy to reach the Tanium Cloud. A Tanium Cloud Access Point is not required for unrestricted networks.

Connect endpoints directly to Tanium Cloud when possible, and for restricted networks, use a customer-supplied proxy server when possible. Use a Tanium Cloud Access Point only when security restrictions prevent direct communication from endpoints to Tanium Cloud client edge URLs and a customer-provided connectivity solution is unavailable. For more information about using your own proxy server, see Tanium Client Management User Guide: Connect through an HTTPS forward proxy server.

Though the Tanium Cloud Access point is supplied by Tanium, management of the Tanium Cloud Access Point is a customer responsibility, as part of the customer responsibility to provide Tanium Client access to Tanium Cloud. For more information about customer responsibilities in Tanium Cloud, see Tanium Cloud Deployment Guide: Responsibilities.

For more information about Tanium Cloud, see the Tanium Cloud Deployment Guide.

Before you begin

Make sure:

Install the Tanium Cloud Access Point role

  1. Sign in to the appliance as a user with the tanadmin role.
  2. Enter 1 to go to the Tanium Installation menu. ClosedView screen
  3. Enter 5 to initiate a Cloud Access Point installation.
  4. When prompted, specify each host name from the Tanium Cloud client edge URLs and the port that you want Tanium Clients to use to communicate with the Cloud Access Point. ClosedView screen

    You must include the port in the ProxyServers setting of Tanium Client on each endpoint.

What to do next

  • Configure any existing Tanium Clients on the restricted network to connect to the Tanium Cloud Access Point. Use the Tanium Client command line interface (CLI) to configure the ProxyServers setting on each endpoint to the FQDN or IP address and port of the Tanium Cloud Access Point.
  • When you deploy any new Tanium Clients, configure the ProxyServers setting to the FQDN or IP address and port of the Tanium Cloud Access Point during deployment.

For more information, see Tanium Client Management User Guide: Configure proxy connections without a PAC file.

Manage the Cloud Access Point service

You can start, stop, restart, enable, and view status details for the Cloud Access Point (squid) service.

  1. Sign in to the TanOS console as a user with the tanadmin role.

  2. Enter 2 to go to the Tanium Operations menu.
  3. Enter P to go to the Manage Cloud Access Point menu.
  4. Enter Sto go to the Service Control menu.ClosedView screen

  5. Use the menu to select an action to start, stop, restart, enable, or view status details for the service.

  6. Follow the prompts to perform the action.

Reconfigure a Tanium Cloud Access Point

You can change the Tanium Cloud server names and Tanium Client listening port for an existing Tanium Cloud Access Point.

  1. Sign in to the appliance as a user with the tanadmin role.
  2. Enter 2 to go to the Tanium Operations menu.
  3. Enter P to go to the Manage Cloud Access Point menu.
  4. Enter C to configure the Cloud Access Point.
  5. When prompted, specify each host name from the Tanium Cloud client edge URLs and the port that you want Tanium Clients to use to communicate with the Cloud Access Point. ClosedView screen

    You must include the port in the ProxyServers setting of Tanium Client on each endpoint.