Installing a Direct Connect Zone Proxy

About Direct Connect Zone Proxies

For installations with Direct Connect, install a zone proxy to enable connections to endpoints through the Zone Server appliance. This configuration is required to use Direct Connect with endpoints that connect to the Module Server through a Zone Server.

Import and configure Direct Connect

In the Tanium Console, go to Administration > Configuration > Solutions and import Direct Connect. See Direct Connect User Guide: Installing Direct Connect for steps on how to import Direct Connect, verify the installation, and then set up Direct Connect. When you reach the steps to configure zone proxies, use the following steps to install the Direct Connect Zone Proxy to the Zone Server appliance.

Obtain the Direct Connect Zone Proxy Installer file

Obtain the Direct Connect Zone Proxy installer file for the Zone Server appliance from Contact Tanium Support. The upgrade package is provided as a token URL.

Install the Direct Connect Zone Proxy on each Zone Server Appliance

For the initial installation, you must repeat the following procedure each Zone Server Appliance in your array. You can either provide the token URL for the installer during the installation process or manually upload the RPM file to /incoming.

You can upgrade all Zone Proxy Appliances at the same time from the Tanium Server Appliance. For more information, see Upgrade the Direct Connect Zone Proxy on all Zone Server Appliances.

1. Sign in to the TanOS console of the Zone Server Appliance as a user with the tanadmin role.
2. Enter 1 to go to the Tanium Installation menu. View screen

   ------------------------------------------------------
   
                >>> Tanium Installation <<< 
   
   Currently installed Role: Tanium Zone Server
   Currently installed Add-On: No add-ons installed
   
   To change the role, first perform a software reset
   
   ------------------------------------------------------
   
            M: Manage Appliance Array
            U: Upgrade Tanium Software
            D: Tanium Direct Connect Zone Proxy
   
            R: Return to previous menu  RR: Return to top
   
   ------------------------------------------------------

3. Enter D to go to the Tanium Direct Connect Zone Proxy menu. View screen

    ------------------------------------------------------
   
           >>> Installation -> Tanium Direct Connect Zone Proxy <<< 
   
   
    Tanium Direct Connect Zone Proxy is not currently installed.
   
    Download the desired Tanium Direct Connect Zone Proxy (DEC Proxy) package
    from Tanium, or upload to incoming. Then select it from the list to install.
   
             T: Download from Tanium
             1: tanium-direct-connect-zone-proxy-1.3.0.0.x86_64.rpm
   
             V: View DEC Provision Instructions
             X: Remove DEC Proxy
   
             R: Return to previous menu  RR: Return to top
   
    Please select:
   

4. If you have not uploaded a file to /incoming, enter T to enter the URL of a token download, and follow the prompts to download the installer.
5. Enter a number from the list to install the Direct Connect Zone Proxy. View screen

     
   
    Please select: 1
    Tanium Direct Connext Zone Proxy rpm signature verified
   
    Installing Tanium Direct Connect Zone Proxy from tanium-direct-connect-zone-pro
   xy-1.0.0-33.x86_64.rpm
   Preparing...                          ################################# [100%]
   Updating / installing...
      1:tanium-direct-connect-zone-proxy-################################# [100%]
   Proxy configuration written to /opt/Tanium/TaniumDirectConnectZoneProxy/settings
   /settings.json
   
   The following steps are required to complete your Zone Proxy Server 
   configuration:
   1. IMPORTANT: Copy the provision secret and certificate from this console.
   2. In the Direct Connect settings, on the *Add Zone Proxy* configuration 
   page, paste the provision secret and certificate in the *Provisioning 
   Payload* field.
   3. Complete the remaining steps on the *Add Zone Proxy* configuration page.
   For more details on these steps, see the Direct Connect User Guide.
   
   -----BEGIN PROVISION SECRET-----
   g9Q7yWoLs9aZKFtPFvfEFE+18zqbfX0ARosgk)MMDLwyTAIOSzAO419FDiGIWHN
   ChQoK27yYOorvUAfLZUQtU06MAObziluTQ7tRAqLLvKq0sZMg7grmMA/nDHtmRK
   vc49dNA9nL8ygt44WnJXjKUjrjrEy63W1w3FNKwDHDtozGNHfOLtltmwiLvvFDg
   CRbjdb86uwT1wT1BLGxMipXEF1NmPSsYjgenuhJtpz0jowZVMvfYkr2GLJIdl2i
   UzBLU2295iwg7bYnC21v3A==
   -----END PROVISION SECRET-----
   -----BEGIN CERTIFICATE-----
   MIIC9DCCAdwCCQDbV02DC5Fy5DANBgkqhkiG9w0BAQsFADA8MQswCQYDVQQGEwJV
   UzELMAkGA1UECAwCQ0ExEzARBgNVBAcMCkVtZXJ5dmlsbGUxCzAJBgNVBAsMAklU
   MB4XDTIwMDExMjE2NTUwM1oXDTIxMDExMTE2NTUwM1owPDELMAkGA1UEBhMCVVMx
   CzAJBgNVBAgMAkNBMRMwEQYDVQQHDApFbWVyeXZpbGxlMQswCQYDVQQLDAJJVDCC
   ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAPWvZ1E/5cJ+dzHBW9gZ5rdD
   A2sto5NQrHyFScM6tVTHowjEEhWDJQUjTGSreOcn7/QvBATqddcDYfJzpTjz+8hw
   6cb+I17BhkcCzHhH7Jdz/7Ilx/5YFY7ooV1jTQnoW1oOJF/BhAg4R41YWRvp2pcB
   jUXVdz9bD1NinffrcyiZhQdw3BoVlE9PHZgXlwkvHiLNVu0RJnEtMDEUlHHNcnmP
   RqRgmm9a1yns3JyWmUv00hPn0eLucCYMIzutuAV6kEJmZG8F8lbYBRBlGGq7T2LJ
   aVDtHxF6pguocXxm4Sz93S2t1+zvjtTqB5GiINhgKjdWFAtGAobCq7WaQH8lY88C
   AwEAATANBgkqhkiG9w0BAQsFAAOCAQEAQtHLvLe0nsAiWtU79D+1PuDai+SqK61Y
   pIOvqC0/jJ93tU1Q+v9SUhGkDfIiynDhoZvDAN4+8PG532++zhrUN1QyCjJ27/ux
   CuTfq3QFo+viJHjR2TGvb5aH41tPKwS/Vxv/vO1GPsYcjZ73vErEI5ffRswZM1Tb
   ypgvG5bVRfCg/Q/O3/q5PoJ/BYmx6W7NH0pFFEs95SyhEaecKwjSALTztnCDRP+L
   8aXh9jKcdOfZtHocFgZtYTJgqlTryPGV8UJBVctKVz/C4TP0qrnznZDcjCKjxOkI
   777GHvH1vaU1pZ+6KZpTjHklJXWqIcyd1xeO5gYMfTLX5ZGRcYCTIA==
   -----END CERTIFICATE-----

6. Copy the provision secret and certificate that appears at the end of the installation. Follow the steps that appear to return to the Direct Connect settings in the Tanium Console to complete the configuration. For steps to configure a zone proxy in Direct Connect, see Direct Connect User Guide: Configure Zone Proxies.
7. Press Q and Enter to exit the installation.

Check installed versions of the Direct Connect Zone Proxy

You can check the version of the Direct Connect Zone Proxy that is installed on each Zone Proxy appliance from the Tanium Server Appliance.

1. Sign in to the TanOS console of the Tanium Server Appliance as a user with the tanadmin role.
2. Enter 1 to go to the Tanium Installation menu. View screen

   ------------------------------------------------------
   
                >>> Tanium Installation <<< 
   
   Currently installed Role: Tanium Zone Server
   Currently installed Add-On: No add-ons installed
   
   To change the role, first perform a software reset
   
   ------------------------------------------------------
   
            M: Manage Appliance Array
            U: Upgrade Tanium Software
            D: Tanium Direct Connect Zone Proxy
   
            R: Return to previous menu  RR: Return to top
   
   ------------------------------------------------------

3. Enter D to go to the Tanium Direct Connect Zone Proxy menu. View screen

    ------------------------------------------------------
   
           >>> Installation -> Tanium Direct Connect Zone Proxy <<< 
   
   
    Tanium Direct Connect Zone Proxy is not currently installed.
   
    Download the desired Tanium Direct Connect Zone Proxy (DEC Proxy) package
    from Tanium, or upload to incoming. Then select it from the list to install.
   
             T: Download from Tanium
             1: tanium-direct-connect-zone-proxy-1.3.0.0.x86_64.rpm
   
             L: List Installed DEC Proxy Versions
   
             R: Return to previous menu  RR: Return to top
   
    Please select:
   

4. Enter L to display the versions of the Direct Connect Zone Proxy that are installed on Zone Servers in the array. View screen

   Please select: L
    
    Displaying versions of installed DEC Proxy on Zone Servers.
   
   zs1: 1.3.0-0
   zs2: 1.3.0-0
   zs3: 1.3.0-0

Upgrade the Direct Connect Zone Proxy on all Zone Server Appliances

You can upgrade the Direct Connect Zone Proxy on all Zone Proxy appliances t the same time from the Tanium Server Appliance. You can either provide the token URL for the installer during the installation process or manually upload the RPM file to /incoming.

1. Sign in to the TanOS console of the Tanium Server Appliance as a user with the tanadmin role.
2. Enter 1 to go to the Tanium Installation menu. View screen

   ------------------------------------------------------
   
                >>> Tanium Installation <<< 
   
   Currently installed Role: Tanium Zone Server
   Currently installed Add-On: No add-ons installed
   
   To change the role, first perform a software reset
   
   ------------------------------------------------------
   
            M: Manage Appliance Array
            U: Upgrade Tanium Software
            D: Tanium Direct Connect Zone Proxy
   
            R: Return to previous menu  RR: Return to top
   
   ------------------------------------------------------

3. Enter D to go to the Tanium Direct Connect Zone Proxy menu. View screen

    ------------------------------------------------------
   
           >>> Installation -> Tanium Direct Connect Zone Proxy <<< 
   
   
    Tanium Direct Connect Zone Proxy is not currently installed.
   
    Download the desired Tanium Direct Connect Zone Proxy (DEC Proxy) package
    from Tanium, or upload to incoming. Then select it from the list to install.
   
             T: Download from Tanium
             1: tanium-direct-connect-zone-proxy-1.3.0.0.x86_64.rpm
   
             L: List Installed DEC Proxy Versions
   
             R: Return to previous menu  RR: Return to top
   
    Please select:
   

4. If you have not uploaded a file to /incoming, enter T to enter the URL of a token download, and follow the prompts to download the installer.
5. Enter a number from the list to upgrade the Direct Connect Zone Proxy. View screen

    Please select: 1
   Filename: tanium-direct-connect-zone-proxy-1.3.0-0.x86_64.rpm
   Package Name: tanium-direct-connect-zone-proxy-1.3.0-0
   SHA256: bff47e35c34749140cf091f65aafd37ff9e9a04b2759608ff9f756e94e0f9a54
   
   zs1: 1.1.0-14
   zs2: 1.1.0-14
   zs3: 1.1.0-14
   
    Do you want to upgrade to Tanium Direct Connect Zone Proxy? [Yes|No]: Yes
   Copying file tanium-direct-connect-zone-proxy-1.3.0-0.x86_64.rpm to zs1 (10.0.72.125)
   Finished copying file
   Upgrading zs1 DEC Proxy to 1.3.0-0
   Copying file tanium-direct-connect-zone-proxy-1.3.0-0.x86_64.rpm to zs2 (10.0.72.126)
   Finished copying file
   Upgrading zs2 DEC Proxy to 1.3.0-0
   Copying file tanium-direct-connect-zone-proxy-1.3.0-0.x86_64.rpm to zs3 (10.0.72.127)
   Finished copying file
   Upgrading zs3 DEC Proxy to 1.3.0-0
   Removed symlink /etc/systemd/system/multi-user.target.wants/tanium-direct-connect-zone-proxy.service.
    Press enter to continue

6. Press Enter to exit the upgrade.

Remove the Direct Connect Zone Proxy

1. Sign in to the TanOS console of the Zone Server Appliance as a user with the tanadmin role.
2. Enter 1 to go to the Tanium Installation menu. View screen

   ------------------------------------------------------
   
                >>> Tanium Installation <<< 
   
   Currently installed Role: Tanium Zone Server
   Currently installed Add-On: No add-ons installed
   
   To change the role, first perform a software reset
   
   ------------------------------------------------------
   
            M: Manage Appliance Array
            U: Upgrade Tanium Software
            D: Tanium Direct Connect Zone Proxy
   
            R: Return to previous menu  RR: Return to top
   
   ------------------------------------------------------

3. Enter D to go to the Tanium Direct Connect Zone Proxy menu. View screen

    ------------------------------------------------------
   
           >>> Installation -> Tanium Direct Connect Zone Proxy <<< 
   
   
    Tanium Direct Connect Zone Proxy is not currently installed.
   
    Download the desired Tanium Direct Connect Zone Proxy (DEC Proxy) package
    from Tanium, or upload to incoming. Then select it from the list to install.
   
             T: Download from Tanium
             1: tanium-direct-connect-zone-proxy-1.3.0.0.x86_64.rpm
   
             V: View DEC Provision Instructions
             X: Remove DEC Proxy
   
             R: Return to previous menu  RR: Return to top
   
    Please select:
   

4. Enter X and follow the prompts to remove the Direct Connect Zone Proxy.