Installing Tanium Module Server

The Tanium™ Module Server role installation and registration workflow creates the Module Server and the configuration and certificates that are required for secure communication with the Tanium Server. The steps you complete with the Configure Remote Module Server menu register the Module Server with the Tanium Server. During registration, the two servers generate and install the required certificates—trusted.crt on the Module Server appliance and trusted-module-servers.crt on the Tanium Server appliance.

  • You must repeat the remote Module Server configuration steps for each node to register the Module Server with each node in a Tanium Server cluster.
  • If you use the Tanium Operations menu to replace the self-signed SOAP certificate on the Tanium Server with a CA-provided certificate, you must redo the remote Module Server configuration steps to update the certificates that are derived from that certificate on each server.

Before you begin

Make sure:

  • Basic network, host, and user settings are configured. See Completing the initial setup (hardware appliances).
  • Network firewall rules allow communication between Tanium Server and Tanium Module Server on TCP port 17477.
  • You know the Tanium Console admin user (tanium) password. You are prompted to specify the Tanium Console admin user (tanium) and password when you register the Module Server with the Tanium Server.

Install the Tanium Module Server

  1. Log into the Module Server appliance as a user with the tanadmin role.
  2. From the tanadmin menu, enter 1 to go to the Tanium Installation menu.
  3. Enter 3 to install the Tanium Module Server.
  4. When prompted, specify the Tanium platform version you want to install.

The installation is completed in about 30 seconds.

Configure the Tanium Server to use the remote Module Server

  1. Log into the Tanium Server appliance as a user with the tanadmin role.
  2. From the tanadmin menu, enter 2 to go to the Tanium Operations menu.
  3. Enter A to go to the Configure Remote Module Server menu.
  4. Enter 1 and then follow the prompts to configure the Tanium Server to use the remote Module Server. Be sure to copy the certificate fingerprint. You need it when you configure the Module Server.

Enable the remote Module Server

  1. Log into the Tanium Module Server appliance as a user with the tanadmin role.
  2. From the tanadmin menu, enter 2 to go to the Tanium Operations menu.
  3. Enter A to go to the Register Module Server menu.
  4. Enter 2 and then follow the prompts to enable the remote Module Server and to configure its connection with the Tanium Server. Specify the Tanium Console admin user (tanium, not a TanOS user). For a cluster, register the Tanium servers one-at-a-time.

What to do next