Configuring optional components

You can install and configure optional components if they are necessary in your environment.

Installing individual Zone Servers

An Appliance Array is required to manage Tanium Servers and Tanium Module Servers in a Tanium Appliance deployment. For instructions on how to install an Appliance Array, see Installing and managing an Appliance Array.

Use the Appliance Array to manage Tanium Zone Servers as well. Install and configure a Zone Server separately from the Appliance Array only if the network in which the Zone Server is installed does not allow SSH communication.

If your deployment includes a Tanium Zone Server that is installed in a network that does not allow SSH communication, you can install and upgrade the Zone Server separately from the Appliance Array.

The Tanium Zone Server role installation creates the Tanium Zone Server and configuration database. You must also install the Tanium Zone Server Hub add-on on the Tanium Server and configure the Zone Server Hub to listen for connections from the Zone Server.

This section provides procedures for the following workflow:

1. Deploying one or more Zone Server appliances in the network
2. Installing the Zone Server Hub add-on on the Tanium Server appliance and configure a Zone Server list that defines the Zone Servers with which it can communicate
3. Establishing trust with the Tanium Server, Zone Server Hub, and Zone Server

After you install an individual Zone Server separately from the Appliance Array, you must also upgrade it separately at the same time you upgrade the Appliance Array. The procedure is the same, but it must be done separately on each Zone Server that is not an array member. See Upgrading software on Tanium Appliances.

Before you begin

• Make sure basic network, host, and user settings are configured.
  • For physical Tanium Appliance, see Completing the initial setup (physical Tanium Appliance).
  • For virtual Tanium Appliance, see Completing the initial setup (virtual Tanium Appliance).
  • For cloud-based Tanium Appliance, see Completing the initial setup (cloud-based Tanium Appliance).
• Make sure your network security administrator has configured security rules to allow communication on the TCP ports that the Tanium Core Platform components use. For a complete list of network requirements, see Network connectivity and firewall.

• Obtain the tokens URL from Tanium to gain access to RPM update files. This includes the RPM files for the Tanium Server, Tanium Module Server, and Tanium Zone Server.

  To avoid copying Tanium Server and Module Server files onto a host in a separate network, download the package from the tokens URL, extract only the Zone Server RPM from ZIP file, and use SFTP to copy only that file to the /incoming folder of the Zone Server appliance.

Install the Zone Server role

1. Sign in to the Zone Server appliance as a user with the tanadmin role.

2. Enter 1-4 (Tanium Installation > Install Tanium Zone Server).

3. Enter the line number of the Tanium Core Platform version that you want to install.

   If you did not upload the Zone Server RPM, you can enter T and then enter the tokens URL to download the installation package directly to the appliance. However, the best practice is to upload only the Zone Server RPM to the /incoming folder to avoid copying Tanium Server and Module Server files onto a host in a separate network.

4. Enter YES to continue with the installation.

Import the Tanium Server public key file to the Zone Server

1. Download the public key file (tanium-init.dat) through the Tanium Console. For steps, see Tanium Console User Guide: Download infrastructure configuration files (keys).
2. Use SFTP to copy the tanium-init.dat file to the /incoming directory on the Zone Server appliance.
3. Sign in to the Zone Server appliance as a user with the tanadmin role.

4. Enter 2 (Tanium Operations).

5. Enter I and follow the prompts to copy the Tanium Server public key file (tanium-init.dat) into the Zone Server installation directory. View screen

   >>> Tanium Operations -> TaniumZoneServer - Import Public Key <<< 
   
    This action is to install the incoming Tanium public key onto the Tanium Zone
    Server.
   
    Incoming tanium-init.dat: Yes  (MD5: c36c02a7aedec9521fc89569d2a83192)
   
    1) SFTP to this appliance using tancopy
    2) Upload the public key file (tanium-init.dat) into the incoming directory
    3) Continue below with yes, the file will be copied
   
    The Tanium Zone Server will restart as part of this operation.
   
    Would you like to install this file? [Yes|No]: yes
   
    Finished installing new public key
   
    Press enter to continue

Install the Zone Server hub

You must also install the Zone Server Hub add-on on the Tanium Server in the array.

1. Sign in to the Tanium Server appliance as a user with the tanadmin role.

2. Enter 1 (Tanium Installation).

3. Enter A and follow the prompts to install the Tanium Zone Server Hub add-on.

Set up AllowedHubs on the Zone Server appliance

1. Sign in to the Zone Server appliance as a user with the tanadmin role.

2. Enter 2-2 (Tanium Operations > Configuration Settings).

3. Enter 9 to edit the Tanium Zone Server settings. View screen

   >>> Tanium Operations -> Configuration Settings -> Edit <<< 
   
       Editing: Tanium Zone Server Config Settings 
   
     # Line Content                            
   
     1: FIPSMode 0
     2: LogVerbosityLevel 1
     3: Version 7.5.6.1113 
   
    A: Add a line
    R: Return to previous menu  RR: Return to top

4. Enter A to add a new setting.
5. For the key, enter AllowedHubs.
6. For the value, enter the IP address of the Tanium Server. View screen

   >>> Tanium Operations -> Configuration Settings -> Edit <<< 
   
       Editing: Tanium Zone Server Config Settings 
   
     # Line Content                            
   
     1: FIPSMode 0
     2: LogVerbosityLevel 1
     3: Version 7.5.6.1113 
   
    A: Add a line
    R: Return to previous menu  RR: Return to top
   
    Please select: a
   
    Please enter the new setting key: AllowedHubs
    Value: 10.10.10.50

Configure trust mappings

You must enable trust between the Tanium Server, Tanium Zone Server Hub, and Tanium Zone Servers so that they can communicate with each other.

The array installation process automatically establishes trust between the appliances in the array. Only perform these steps if you are installing a Zone Server separately because it cannot accept SSH communication.

Approve trust for the Zone Server Hub

1. Sign in to the TanOS console of the Zone Server Hub appliance as a user with the tanadmin role.
2. Enter @ to go to the About the Appliance page. Note the value of the TZS Hub Registration Fingerprint field. View screen

   Tanium Zone Server Pub Key MD5:   Not Available
   Tanium Zone Server Init Key MD5:  Not Available
   TZS Hub Registration Fingerprint: 43:e6:3b:8c:d7:98   <---------- 
   Tanium License MD5:               Not Available

3. Sign in to the Tanium Console with the Tanium role and the password you set when you installed the Tanium Server.
4. From the Tanium Console, go to Administration > Configuration > Tanium Server and open the Zone Server Hub Trusts tab.
5. Verify that the fingerprint of the Zone Server Hub matches the fingerprint shown in the TZS Hub Registration Fingerprint field in the About the Appliance page in the TanOS console.
6. If the fingerprints are identical, return to the Tanium Console, click Accept/Deny next to the Zone Server Hub, and click Accept.
   
   
   
   
   

   If the fingerprint or IP address of a Zone Server Hub is wrong, decommission the hub before denying trust for it. Denied trust is irreversible for any particular instance of a hub. To subsequently approve trust, you must uninstall and reinstall the hub so that it generates a new fingerprint.

7. Enter your credentials and click OK.

Map the Zone Server to the Zone Server Hub

After you approve trust for Zone Server Hub, perform the following steps for each Zone Server.

1. Sign in to the TanOS console of the Zone Server appliance as a user with the tanadmin role.
2. Enter @ to go to the About the Appliance page. Note the value of the TZS Registration Fingerprint field. View screen

   Tanium Zone Server Pub Key MD5:  Tanium zone server installed but no pub found
   TZS Registration Fingerprint:    fa:3f:30:13:c5:be   <---------- 
   Tanium License MD5:              Not Installed

3. Sign in to the Tanium Console with the Tanium role and the password you set when you installed the Tanium Server.
4. From the Tanium Console, go to Administration > Configuration > Tanium Server and open the Zone Server Hub Trusts tab.
5. Next to the Zone Server Hub, click Add Zone Server, enter the IP address of the Zone Server, and click OK.
6. Enter your credentials, click OK, and refresh the page. The Tanium Console might take a few minutes to show the mapping. When it does, the mapping Status appears as Pending next to the Zone Server. The mapping also appears in the Zone Servers to Zone Server Hub Mappings grid.
7. Verify that the fingerprint of the Zone Server matches the fingerprint shown in the TZS Registration Fingerprint field in the About the Appliance page in the TanOS console.
8. If the fingerprints are identical, return to the Tanium Console, click Accept/Deny next to the Zone Server, and click Accept.

   
   
   
   
   
   

   If the fingerprint or IP address of a Zone Server is wrong, decommission the Zone Server before denying trust for it. Denied trust is irreversible for any particular instance of a Zone Server. To subsequently approve trust, you must uninstall and reinstall the Zone Server so that it generates a new fingerprint.

9. Enter your credentials and click OK. In the Zone Server tile, the mapping Status changes to Approved.

What to do next

• If you plan to use Direct Connect, install the Direct Connect Zone Proxy on each Zone Server.
• Verify the installation, including uploading the Tanium license.

Installing and managing a Direct Connect Zone Proxy

About Direct Connect Zone Proxies

For installations with Direct Connect, install a zone proxy to enable connections to endpoints through the Zone Server appliance. This configuration is required to use Direct Connect with endpoints that connect to the Module Server through a Zone Server.

Import and configure Direct Connect

In the Tanium Console, go to Administration > Configuration > Solutions and import Direct Connect. See Direct Connect User Guide: Installing Direct Connect for steps on how to import Direct Connect, verify the installation, and then set up Direct Connect. When you reach the steps to configure zone proxies, use the following steps to install the Direct Connect Zone Proxy to the Zone Server appliance.

Obtain the Direct Connect Zone Proxy Installer file

Obtain the Direct Connect Zone Proxy installer file for the Zone Server appliance from Tanium Support. The upgrade package is provided as a token URL.

Install the Direct Connect Zone Proxy on each Zone Server appliance

For the initial installation, you must repeat the following procedure each Zone Server appliance in your array. You can either provide the token URL for the installer during the installation process or manually upload the RPM file to /incoming.

You can upgrade all Zone Proxy appliances at the same time from the Tanium Server appliance. For more information, see Upgrade the Direct Connect Zone Proxy on all Zone Server appliances.

1. Sign in to the TanOS console of the Zone Server appliance as a user with the tanadmin role.

2. Enter 1-D (Tanium Installation > Tanium Direct Connect Zone Proxy).

3. If you have not uploaded a file to /incoming, enter T to enter the URL of a token download, and follow the prompts to download the installer.
4. Enter a number from the list to install the Direct Connect Zone Proxy. View screen

     
   
    Please select: 1
    Tanium Direct Connext Zone Proxy rpm signature verified
   
    Installing Tanium Direct Connect Zone Proxy from tanium-direct-connect-zone-pro
   xy-1.0.0-33.x86_64.rpm
   Preparing...                          ################################# [100%]
   Updating / installing...
      1:tanium-direct-connect-zone-proxy-################################# [100%]
   Proxy configuration written to /opt/Tanium/TaniumDirectConnectZoneProxy/settings
   /settings.json
   
   The following steps are required to complete your Zone Proxy Server 
   configuration:
   1. IMPORTANT: Copy the provision secret and certificate from this console.
   2. In the Direct Connect settings, on the *Add Zone Proxy* configuration 
   page, paste the provision secret and certificate in the *Provisioning 
   Payload* field.
   3. Complete the remaining steps on the *Add Zone Proxy* configuration page.
   For more details on these steps, see the Direct Connect User Guide.
   
   -----BEGIN PROVISION SECRET-----
   g9Q7yWoLs9aZKFtPFvfEFE+18zqbfX0ARosgk)MMDLwyTAIOSzAO419FDiGIWHN
   ChQoK27yYOorvUAfLZUQtU06MAObziluTQ7tRAqLLvKq0sZMg7grmMA/nDHtmRK
   vc49dNA9nL8ygt44WnJXjKUjrjrEy63W1w3FNKwDHDtozGNHfOLtltmwiLvvFDg
   CRbjdb86uwT1wT1BLGxMipXEF1NmPSsYjgenuhJtpz0jowZVMvfYkr2GLJIdl2i
   UzBLU2295iwg7bYnC21v3A==
   -----END PROVISION SECRET-----
   -----BEGIN CERTIFICATE-----
   MIIC9DCCAdwCCQDbV02DC5Fy5DANBgkqhkiG9w0BAQsFADA8MQswCQYDVQQGEwJV
   UzELMAkGA1UECAwCQ0ExEzARBgNVBAcMCkVtZXJ5dmlsbGUxCzAJBgNVBAsMAklU
   MB4XDTIwMDExMjE2NTUwM1oXDTIxMDExMTE2NTUwM1owPDELMAkGA1UEBhMCVVMx
   CzAJBgNVBAgMAkNBMRMwEQYDVQQHDApFbWVyeXZpbGxlMQswCQYDVQQLDAJJVDCC
   ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAPWvZ1E/5cJ+dzHBW9gZ5rdD
   A2sto5NQrHyFScM6tVTHowjEEhWDJQUjTGSreOcn7/QvBATqddcDYfJzpTjz+8hw
   6cb+I17BhkcCzHhH7Jdz/7Ilx/5YFY7ooV1jTQnoW1oOJF/BhAg4R41YWRvp2pcB
   jUXVdz9bD1NinffrcyiZhQdw3BoVlE9PHZgXlwkvHiLNVu0RJnEtMDEUlHHNcnmP
   RqRgmm9a1yns3JyWmUv00hPn0eLucCYMIzutuAV6kEJmZG8F8lbYBRBlGGq7T2LJ
   aVDtHxF6pguocXxm4Sz93S2t1+zvjtTqB5GiINhgKjdWFAtGAobCq7WaQH8lY88C
   AwEAATANBgkqhkiG9w0BAQsFAAOCAQEAQtHLvLe0nsAiWtU79D+1PuDai+SqK61Y
   pIOvqC0/jJ93tU1Q+v9SUhGkDfIiynDhoZvDAN4+8PG532++zhrUN1QyCjJ27/ux
   CuTfq3QFo+viJHjR2TGvb5aH41tPKwS/Vxv/vO1GPsYcjZ73vErEI5ffRswZM1Tb
   ypgvG5bVRfCg/Q/O3/q5PoJ/BYmx6W7NH0pFFEs95SyhEaecKwjSALTztnCDRP+L
   8aXh9jKcdOfZtHocFgZtYTJgqlTryPGV8UJBVctKVz/C4TP0qrnznZDcjCKjxOkI
   777GHvH1vaU1pZ+6KZpTjHklJXWqIcyd1xeO5gYMfTLX5ZGRcYCTIA==
   -----END CERTIFICATE-----

5. Copy the provision secret and certificate that appears at the end of the installation. Follow the steps that appear to return to the Direct Connect settings in the Tanium Console to complete the configuration. For steps to configure a zone proxy in Direct Connect, see Direct Connect User Guide: Configure Zone Proxies.
6. Press Q and Enter to exit the installation.

Check installed versions of the Direct Connect Zone Proxy

You can check the version of the Direct Connect Zone Proxy that is installed on each Zone Proxy appliance from the Tanium Server appliance.

1. Sign in to the TanOS console of the Tanium Server appliance as a user with the tanadmin role.

2. Enter 1-D (Tanium Installation > Tanium Direct Connect Zone Proxy).

3. Enter L to display the versions of the Direct Connect Zone Proxy that are installed on Zone Servers in the array. View screen

   Please select: L
    
    Displaying versions of installed DEC Proxy on Zone Servers.
   
   zs1: 1.3.0-0
   zs2: 1.3.0-0
   zs3: 1.3.0-0

Upgrade the Direct Connect Zone Proxy on all Zone Server appliances

You can upgrade the Direct Connect Zone Proxy on all Zone Proxy appliances t the same time from the Tanium Server appliance. You can either provide the token URL for the installer during the installation process or manually upload the RPM file to /incoming.

1. Sign in to the TanOS console of the Tanium Server appliance as a user with the tanadmin role.

2. Enter 1-D (Tanium Installation > Tanium Direct Connect Zone Proxy).

3. If you have not uploaded a file to /incoming, enter T to enter the URL of a token download, and follow the prompts to download the installer.
4. Enter a number from the list to upgrade the Direct Connect Zone Proxy. View screen

    Please select: 1
   Filename: tanium-direct-connect-zone-proxy-1.3.0-0.x86_64.rpm
   Package Name: tanium-direct-connect-zone-proxy-1.3.0-0
   SHA256: bff47e35c34749140cf091f65aafd37ff9e9a04b2759608ff9f756e94e0f9a54
   
   zs1: 1.1.0-14
   zs2: 1.1.0-14
   zs3: 1.1.0-14
   
    Do you want to upgrade to Tanium Direct Connect Zone Proxy? [Yes|No]: Yes
   Copying file tanium-direct-connect-zone-proxy-1.3.0-0.x86_64.rpm to zs1 (10.0.72.125)
   Finished copying file
   Upgrading zs1 DEC Proxy to 1.3.0-0
   Copying file tanium-direct-connect-zone-proxy-1.3.0-0.x86_64.rpm to zs2 (10.0.72.126)
   Finished copying file
   Upgrading zs2 DEC Proxy to 1.3.0-0
   Copying file tanium-direct-connect-zone-proxy-1.3.0-0.x86_64.rpm to zs3 (10.0.72.127)
   Finished copying file
   Upgrading zs3 DEC Proxy to 1.3.0-0
   Removed symlink /etc/systemd/system/multi-user.target.wants/tanium-direct-connect-zone-proxy.service.
    Press enter to continue

5. Press Enter to exit the upgrade.

Remove the Direct Connect Zone Proxy

1. Sign in to the TanOS console of the Zone Server appliance as a user with the tanadmin role.

2. Enter 1-D (Tanium Installation > Tanium Direct Connect Zone Proxy).

3. Enter X and follow the prompts to remove the Direct Connect Zone Proxy.

Installing a Tanium All-in-One for demos

In an All-in-One deployment, the Tanium™ Server, the Tanium™ Module Server, and a database server reside on the same Tanium Appliance. All-in-One deployments are supported only for proof-of-concept (POC) demonstrations.

Use Tanium Appliances configured with the All-in-One role only for evaluation purposes. Tanium does not support All-in-One deployments in production environments. Do not allow a Tanium Appliance that is configured with the All-in-One role to accept inbound connections from the internet.

The All-in-One role installation creates the necessary component servers, SSL certificates, SSH keys, and configuration databases.

Before you begin

Make sure:

• Basic network, host, and user settings are configured.
  • For physical Tanium Appliances, see Completing the initial setup (physical Tanium Appliance).
  • For virtual Tanium Appliances, see Completing the initial setup (virtual Tanium Appliance).
  • For cloud-based Tanium Appliances, see Completing the initial setup (cloud-based Tanium Appliance).
• Network firewall rules allow Tanium processes to communicate as expected. See Network connectivity and firewall.

Install the Tanium All-in-One role

Before you begin

Obtain the tokens URL from Tanium to gain access to the installation packages for Tanium Core Platform. The installation package is a ZIP file (<tanium.version>_linux_server_package_8.zip) that includes files for the Tanium Server, Tanium Module Server, and Tanium Zone Server.

Alternatively, use SFTP to copy the ZIP file to the /incoming folder of the primary Tanium Server appliance. This method is necessary if you have a proxy server that your Tanium Server must use to reach the internet, or if you are in an air-gapped environment. After you install Tanium, you can configure proxy settings from the Tanium Console, which are used for future upgrades.

Install the All-in-One role

1. Sign in to the appliance as a user with the tanadmin role.

2. Enter 1-1 (Tanium Installation > Install Tanium All-in-One).

3. When prompted, specify a password for the initial Tanium Console user (tanium). View screen

   >>> Tanium Installation -> Install All in One <<< 
   
   Tanium Server installation detected.
   
   A password for the initial Tanium application user (tanium) is required.
   
   
   The password policy requires meeting these rules:
    - Minimum 10 characters long
    - Maximum 20 characters long
    - At least 1 upper case character
    - At least 1 lower case character
    - At least 1 numeric character
    - At least 1 other character
    - Must not be based on a dictionary word
    - Must not contain part of the username
   
   Please enter password (will not be displayed): 
   Password score: 50 out of 100 (strong)
   Please enter password again:

4. Choose an option to install the Tanium platform:
   • If you have the tokens URL, enter T, enter the URL, and then follow the prompts.
   • If you uploaded the file to the /incoming folder on the appliance, the installer discovers the file and prompts you to do the installation.
5. Enter YES to continue with the installation.

The installation takes approximately one minute to complete.

What to do next

Verify the installation, which includes uploading the Tanium license.

Installing and managing a Tanium Cloud Access Point

A Tanium Cloud Access Point is an optional component that facilitates communication with Tanium™ Cloud from networks that have restricted access to Tanium Cloud, when it is not possible to use a customer-supplied proxy server. A Tanium Appliance that is configured with the Tanium Cloud Access Point role resides within the restricted network, and Tanium Clients can use it as a proxy to reach the Tanium Cloud. A Tanium Cloud Access Point is not required for unrestricted networks.

Connect endpoints directly to Tanium Cloud when possible, and for restricted networks, use a customer-supplied proxy server when possible. Use a Tanium Cloud Access Point only when security restrictions prevent direct communication from endpoints to Tanium Cloud client edge URLs and a customer-provided connectivity solution is unavailable. For more information about using your own proxy server, see Tanium Client Management User Guide: Connect through an HTTPS forward proxy server.

For more information about Tanium Cloud, see the Tanium Cloud Deployment Guide.

Before you begin

Make sure:

• Basic network, host, and user settings are configured.
  • For physical Tanium Appliances, see Completing the initial setup (physical Tanium Appliance).
  • For virtual Tanium Appliances, see Completing the initial setup (virtual Tanium Appliance).

• Network firewall rules allow Tanium processes to communicate as follows:

  Source	Destination	Port	Protocol	Purpose
  Tanium Clients	Tanium Cloud Access Point	User-configured in Cloud Access Point	TCP	Client communication with the Tanium Cloud Access Point
  Tanium Cloud Access Point	Tanium Cloud	17472, 17486	TCP	Tanium Cloud Access Point communication to Tanium Cloud

  Additional requirements depend on your environment and how you provide administrative access to the appliance that you use for the Cloud Access Point. For more information, see Network communication ports used by Tanium Appliances and Tanium components.

Install the Tanium Cloud Access Point role

1. Sign in to the appliance as a user with the tanadmin role.

2. Enter 1-5 (Tanium Installation > Install Tanium Cloud Access Point).

3. When prompted, specify each host name from the Tanium Cloud client edge URLs and the port that you want Tanium Clients to use to communicate with the Cloud Access Point. View screen

   >>> Tanium Installation -> Install Tanium Cloud Access Point <<< 
   
   The Cloud Access Point role will be installed on this appliance.
   
   The following settings will be used to configure the Tanium Cloud Access Point
   service. Please have the provided hostnames for Tanium Client connections
   and the desired listen port ready for input.
   
   Would you like to continue? [Yes|No]: Yes
   
   Installing Cloud Access Point Role...
   
   Tanium Cloud Server 1: sample-zsb1
   
   Tanium Cloud Server 2: sample-zsb2
   
   Tanium Client Listen Port: 443

   You must include the port in the ProxyServers setting of Tanium Client on each endpoint.

What to do next

• Configure any existing Tanium Clients on the restricted network to connect to the Tanium Cloud Access Point. Use the Tanium Client command line interface (CLI) to configure the ProxyServers setting on each endpoint to the FQDN or IP address and port of the Tanium Cloud Access Point.

• When you deploy any new Tanium Clients, configure the ProxyServers setting to the FQDN or IP address and port of the Tanium Cloud Access Point during deployment.

For more information, see Tanium Client Management User Guide: Configure proxy connections without a PAC file.

Manage the Cloud Access Point service

You can start, stop, restart, enable, and view status details for the Cloud Access Point (squid) service.

1. Sign in to the TanOS console as a user with the tanadmin role.

2. Enter 2-P-S (Tanium Operations > Manage Cloud Access Point > Service Control).

3. Use the menu to select an action to start, stop, restart, enable, or view status details for the service.

4. Follow the prompts to perform the action.

Reconfigure a Tanium Cloud Access Point

You can change the Tanium Cloud server names and Tanium Client listening port for an existing Tanium Cloud Access Point.

1. Sign in to the appliance as a user with the tanadmin role.

2. Enter 2-P-C (Tanium Operations > Manage Cloud Access Point > Configure Cloud Access Point).

4. When prompted, specify each host name from the Tanium Cloud client edge URLs and the port that you want Tanium Clients to use to communicate with the Cloud Access Point. View screen

   >>> Tanium Installation -> Install Tanium Cloud Access Point <<< 
   
   The Cloud Access Point role will be installed on this appliance.
   
   The following settings will be used to configure the Tanium Cloud Access Point
   service. Please have the provided hostnames for Tanium Client connections
   and the desired listen port ready for input.
   
   Would you like to continue? [Yes|No]: Yes
   
   Installing Cloud Access Point Role...
   
   Tanium Cloud Server 1: sample-zsb1
   
   Tanium Cloud Server 2: sample-zsb2
   
   Tanium Client Listen Port: 443

   You must include the port in the ProxyServers setting of Tanium Client on each endpoint.

Review the Cloud Access Point log

The Cloud Access Point log records access information for Tanium Clients that connect to Tanium Cloud through the Cloud Access Point.

1. Sign in to the TanOS console as a user with the tanadmin role.

2. Enter 3-1-6 (Tanium Support > Logs > Cloud Access Point).

3. Select an item to view the log, follow its growth, delete it, or export it to the /outgoing directory.

When you view a log, you can use commands similar to ex editor commands to search for patterns (keywords).