Installing a Direct Connect Zone Proxy

About Direct Connect Zone Proxies

For installations with Direct Connect, install a zone proxy to enable connections to endpoints through the Zone Server appliance. This configuration is required to use Direct Connect with endpoints that connect to the Module Server through a Zone Server.

Import and configure Direct Connect

In the Tanium Console, go to Administration > Configuration > Solutions and import Direct Connect. See Direct Connect User Guide: Installing Direct Connect for steps on how to import Direct Connect, verify the installation, and then set up Direct Connect. When you reach the steps to configure zone proxies, use the following steps to install the Direct Connect Zone Proxy to the Zone Server appliance.

Obtain the Direct Connect Zone Proxy Installer file

Work with Tanium Support to obtain the Direct Connect Zone Proxy Installer file for the Zone Server appliance. For more information, see Contact Tanium Support.

Install or upgrade the Direct Connect Zone Proxy on the Zone Server Appliance

1. Use SFTP to copy the file to the Zone Server /incoming folder.
2. Sign in to the TanOS console of the Zone Server Appliance as a user with the tanadmin role.
3. Enter 1 to go to the Tanium Installation menu. View screen

   ------------------------------------------------------
   
                >>> Tanium Installation <<< 
   
   Currently installed Role: Tanium Zone Server
   Currently installed Add-On: No add-ons installed
   
   To change the role, first perform a software reset
   
   ------------------------------------------------------
   
            M: Manage Appliance Array
            U: Upgrade Tanium Software
            D: Tanium Direct Connect Zone Proxy
   
            R: Return to previous menu  RR: Return to top
   
   ------------------------------------------------------

4. Enter D to go to the Tanium Direct Connect Zone Proxy menu. View screen

    ------------------------------------------------------
   
           >>> Installation -> Tanium Direct Connect Zone Proxy <<< 
   
   
    Tanium Direct Connect Zone Proxy is not currently installed.
   
    Download the desired Tanium Direct Connect Zone Proxy (DEC Proxy) package
    from Tanium, or upload to incoming. Then select it from the list to install.
   
             T: Download from Tanium
             1: tanium-direct-connect-zone-proxy-1.3.0.0.x86_64.rpm
   
             V: View DEC Provision Instructions
             X: Remove DEC Proxy
   
             R: Return to previous menu  RR: Return to top
   
    Please select:
   

5. Select an option from the list to install or upgrade the Direct Connect Zone Proxy. View screen

     
   
    Please select: 1
    Tanium Direct Connext Zone Proxy rpm signature verified
   
    Installing Tanium Direct Connect Zone Proxy from tanium-direct-connect-zone-pro
   xy-1.0.0-33.x86_64.rpm
   Preparing...                          ################################# [100%]
   Updating / installing...
      1:tanium-direct-connect-zone-proxy-################################# [100%]
   Proxy configuration written to /opt/Tanium/TaniumDirectConnectZoneProxy/settings
   /settings.json
   
   The following steps are required to complete your Zone Proxy Server 
   configuration:
   1. IMPORTANT: Copy the provision secret and certificate from this console.
   2. In the Direct Connect settings, on the *Add Zone Proxy* configuration 
   page, paste the provision secret and certificate in the *Provisioning 
   Payload* field.
   3. Complete the remaining steps on the *Add Zone Proxy* configuration page.
   For more details on these steps, see the Direct Connect User Guide.
   
   -----BEGIN PROVISION SECRET-----
   g9Q7yWoLs9aZKFtPFvfEFE+18zqbfX0ARosgk)MMDLwyTAIOSzAO419FDiGIWHN
   ChQoK27yYOorvUAfLZUQtU06MAObziluTQ7tRAqLLvKq0sZMg7grmMA/nDHtmRK
   vc49dNA9nL8ygt44WnJXjKUjrjrEy63W1w3FNKwDHDtozGNHfOLtltmwiLvvFDg
   CRbjdb86uwT1wT1BLGxMipXEF1NmPSsYjgenuhJtpz0jowZVMvfYkr2GLJIdl2i
   UzBLU2295iwg7bYnC21v3A==
   -----END PROVISION SECRET-----
   -----BEGIN CERTIFICATE-----
   MIIC9DCCAdwCCQDbV02DC5Fy5DANBgkqhkiG9w0BAQsFADA8MQswCQYDVQQGEwJV
   UzELMAkGA1UECAwCQ0ExEzARBgNVBAcMCkVtZXJ5dmlsbGUxCzAJBgNVBAsMAklU
   MB4XDTIwMDExMjE2NTUwM1oXDTIxMDExMTE2NTUwM1owPDELMAkGA1UEBhMCVVMx
   CzAJBgNVBAgMAkNBMRMwEQYDVQQHDApFbWVyeXZpbGxlMQswCQYDVQQLDAJJVDCC
   ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAPWvZ1E/5cJ+dzHBW9gZ5rdD
   A2sto5NQrHyFScM6tVTHowjEEhWDJQUjTGSreOcn7/QvBATqddcDYfJzpTjz+8hw
   6cb+I17BhkcCzHhH7Jdz/7Ilx/5YFY7ooV1jTQnoW1oOJF/BhAg4R41YWRvp2pcB
   jUXVdz9bD1NinffrcyiZhQdw3BoVlE9PHZgXlwkvHiLNVu0RJnEtMDEUlHHNcnmP
   RqRgmm9a1yns3JyWmUv00hPn0eLucCYMIzutuAV6kEJmZG8F8lbYBRBlGGq7T2LJ
   aVDtHxF6pguocXxm4Sz93S2t1+zvjtTqB5GiINhgKjdWFAtGAobCq7WaQH8lY88C
   AwEAATANBgkqhkiG9w0BAQsFAAOCAQEAQtHLvLe0nsAiWtU79D+1PuDai+SqK61Y
   pIOvqC0/jJ93tU1Q+v9SUhGkDfIiynDhoZvDAN4+8PG532++zhrUN1QyCjJ27/ux
   CuTfq3QFo+viJHjR2TGvb5aH41tPKwS/Vxv/vO1GPsYcjZ73vErEI5ffRswZM1Tb
   ypgvG5bVRfCg/Q/O3/q5PoJ/BYmx6W7NH0pFFEs95SyhEaecKwjSALTztnCDRP+L
   8aXh9jKcdOfZtHocFgZtYTJgqlTryPGV8UJBVctKVz/C4TP0qrnznZDcjCKjxOkI
   777GHvH1vaU1pZ+6KZpTjHklJXWqIcyd1xeO5gYMfTLX5ZGRcYCTIA==
   -----END CERTIFICATE-----

6. If you are performing initial installation of the Direct Connect Zone Proxy, copy the provision secret and certificate that appears at the end of the installation. Follow the steps that appear to return to the Direct Connect settings in the Tanium Console to complete the configuration. For steps to configure a zone proxy in Direct Connect, see Direct Connect User Guide: Configure Zone Proxies.
7. Press Q and Enter to exit the installation.

Remove the Direct Connect Zone Proxy

1. Sign in to the TanOS console of the Zone Server Appliance as a user with the tanadmin role.
2. Enter 1 to go to the Tanium Installation menu. View screen

   ------------------------------------------------------
   
                >>> Tanium Installation <<< 
   
   Currently installed Role: Tanium Zone Server
   Currently installed Add-On: No add-ons installed
   
   To change the role, first perform a software reset
   
   ------------------------------------------------------
   
            M: Manage Appliance Array
            U: Upgrade Tanium Software
            D: Tanium Direct Connect Zone Proxy
   
            R: Return to previous menu  RR: Return to top
   
   ------------------------------------------------------

3. Enter D to go to the Tanium Direct Connect Zone Proxy menu. View screen

    ------------------------------------------------------
   
           >>> Installation -> Tanium Direct Connect Zone Proxy <<< 
   
   
    Tanium Direct Connect Zone Proxy is not currently installed.
   
    Download the desired Tanium Direct Connect Zone Proxy (DEC Proxy) package
    from Tanium, or upload to incoming. Then select it from the list to install.
   
             T: Download from Tanium
             1: tanium-direct-connect-zone-proxy-1.3.0.0.x86_64.rpm
   
             V: View DEC Provision Instructions
             X: Remove DEC Proxy
   
             R: Return to previous menu  RR: Return to top
   
    Please select:
   

4. Enter X and follow the prompts to remove the Direct Connect Zone Proxy.