Installing an individual Tanium Module Server
The Taniumâ„¢ Module Server role installation and registration workflow creates the Module Server and the configuration and certificates that are required for secure communication with the Tanium Server. The steps you complete with the Configure Remote Module Server menu register the Module Server with the Tanium Server. During registration, the two servers generate and install the required certificates: trusted.crt on the Module Server appliance and trusted-module-servers.crt on the Tanium Server appliance.
- You must repeat the remote Module Server configuration steps for each node to register the Module Server with each node in a Tanium Server cluster.
- If you use the Tanium Operations menu to replace the self-signed SOAP certificate on the Tanium Server with an SSL certificate provided by a Certificate Authority, you must redo the remote Module Server configuration steps to update the certificates that are derived from that certificate on each server.
Before you begin
Make sure:
-
Basic network, host, and user settings are configured. See Completing the initial setup (Tanium Cloud Appliance).
- Network firewall rules allow communication between Tanium Server and Tanium Module Server on TCP port 17477.
- You know the Tanium Console admin user (tanium) password. You are prompted to specify the Tanium Console admin user (tanium) and password when you register the Module Server with the Tanium Server.
Install the Tanium Module Server
To add an appliance with a Tanium Module Server role to an existing Appliance Array, add the appliance to the array, assign a role to the appliance, and then install the pending role. For steps, see Add an appliance to an Appliance Array. After you install the pending role, you must configure the Tanium Server to use the Module Server and then enable the Module Server.
- Sign into the Module Server appliance as a user with the tanadmin role.
- Enter 1 to go to the Tanium Installation menu.
View screen------------------------------------------------------
>>> Tanium Installation <<<
Currently installed Role: Tanium Role not installed
Currently installed Add-On: No add-ons installed
------------------------------------------------------
M: Manage Appliance Array
1: Install Tanium Server (All-in-one)
2: Install Tanium Server Service
3: Install Tanium Module Server Service
4: Install Tanium Zone Server Service
H: Help
R: Return to previous menu
------------------------------------------------------
- Enter 3 to install the Tanium Module Server.
- When prompted, specify the Tanium platform version that you want to install.
The installation takes approximately 30 seconds to complete.
Configure the Tanium Server to use the remote Module Server
- Sign into the Tanium Server appliance as a user with the tanadmin role.
- Enter 2 to go to the Tanium Operations menu.
View screen------------------------------------------------------
>>> Tanium Operations Menu <<<
1: Tanium Service Control
2: Tanium Configuration Settings
3: Change Tanium Port
4: Install Custom SOAP Cert
5: Manage Custom Signing Keys
6: Download Public Key
7: Download SOAP Certificate
9: Import CAC Certificate
A: Configure Remote Module Server
B: Configure Tanium Cluster
C: Manage Content
M: Module Operations
I: Import public key to Tanium Zone Server
X: Advanced Operations
H: Help
R: Return to previous menu
------------------------------------------------------
- Enter A to go to the Configure Remote Module Server menu.
View screen------------------------------------------------------
>>> Tanium Operations -> Configure Remote Module Server (v7.2) <<<
1: Step 1 -> Configure Remote Module Server Address (on Tanium Server)
2: Step 2 -> Register Module Server (on Tanium Module Server)
3: Read about Remote Module Server configuration
H: Help
R: Return to previous menu
------------------------------------------------------
- Enter 1 and follow the prompts to configure the Tanium Server to use the remote Module Server. Be sure to copy the certificate fingerprint. You need it when you configure the Module Server.
View screen>>> Tanium Operations -> Configure Remote Module Server (v7.2) -> Configure Remote Module Server Address <<<
Before continuing, please have the following at hand:
- Hostname of the remote module server
- Domain name of the remote module server
- IP of the remote module server
After completing this step and until step 2 (registration) has been completed on the remote module server,
this Tanium Server will have limited functionality!
The following fingerprint is required for step 2:
800BBFB2942BD9A033F39CBC61049BCE68DEBDF789B38E05569AC0C0794D0BD985C1CF9A0CB73420FCC53F01756E51F287D29B6D62DFFD5781909E8BCA6E7202
Would you like to continue? [Yes|No]: yes
Continue with change.
Please enter the IP of the remote module server: 10.10.10.103
Please enter the hostname (NOT FQDN) of the remote module server: appliance-tms1
Please enter the domain name of the remote module server: tam.local
Disabling local module server instance (if exist)
Setting new Tanium Module Server address 10.10.10.103
Changing hosts file
Would you like to restart the Tanium Server service? Attention - this might take a long time! [Yes|No]: yes
Restarting the Tanium server service
Attention:
Step 1 of the Remote Module Server configuration process completed successful.
Step 2 needs to be completed on the Remote Module Server. Follow the instructions
in "Tanium Operations (2) -> Register Remote Module Server (A)"
This Tanium Server will not be functional until step 2 has been completed as well.
The following fingerprint is required for step 2 - please copy it:
800BBFB2942BD9A033F39CBC61049BCE68DEBDF789B38E05569AC0C0794D0BD985C1CF9A0CB73420FCC53F01756E51F287D29B6D62DFFD5781909E8BCA6E7202
Press enter to continue
Enable the remote Module Server
- Sign into the Tanium Module Server appliance as a user with the tanadmin role.
- Enter 2 to go to the Tanium Operations menu.
View screen------------------------------------------------------
>>> Tanium Operations Menu <<<
1: Tanium Service Control
2: Tanium Configuration Settings
3: Change Tanium Port
4: Install Custom SOAP Cert
5: Manage Custom Signing Keys
A: Register Module Server
D: Configure Module Server sync
M: Module Operations
X: Advanced Operations
H: Help
R: Return to previous menu
------------------------------------------------------
- Enter A to go to the Configure Remote Module Server menu.
- Enter 2 and follow the prompts to enable the remote Module Server and to configure its connection with the Tanium Server. Specify the Tanium Console admin user (tanium, not a TanOS user).
View screen>>> Tanium Operations -> Configure Remote Module Server -> Enable Module Server <<<
Before continuing, please have the following at hand:
- Hostname of the Tanium server
- Domain name of the Tanium server
- IP of the Tanium server
- Credentials of a Tanium User with administrative privileges
- Fingerprint of the Tanium Server certificate (obtained in Step 1)
Would you like to continue? [Yes|No]: yes
Going ahead with module server registration
Please enter the IP of the Tanium server: 10.10.10.101
Please enter the hostname (NOT FQDN) of the Tanium server: appliance-ts1
Please enter the domain name of the Tanium server: tam.local
Please enter the administrative user name: tanium
Please enter the password (will not be displayed):
Please enter the fingerprint of the Tanium servers certificate: 800BBFB2942BD9A033F39CBC61049BCE68DEBDF789B38E05569AC0C0794D0BD985C1CF9A0CB73420FCC53F01756E51F287D29B6D62DFFD5781909E8BCA6E7202
Verified entered fingerprint successfully
Registering module server with 10.10.10.101 (60 second timeout)...
Added hosts entry
Registration completed successful
Restarting module server to ensure settings have taken
Restart complete
Press enter to continue
For a cluster, register the Tanium servers individually.
View screen
>>> Tanium Operations -> Configure Remote Module Server -> Enable Module Server <<<
Before continuing, please have the following at hand:
- Hostname of the Tanium server
- Domain name of the Tanium server
- IP of the Tanium server
- Credentials of a Tanium User with administrative privileges
- Fingerprint of the Tanium Server certificate (obtained in Step 1)
Would you like to continue? [Yes|No]: yes
Going ahead with module server registration
Please enter the IP of the Tanium server: 10.10.10.102
Please enter the hostname (NOT FQDN) of the Tanium server: appliance-ts2
Please enter the domain name of the Tanium server: tam.local
Please enter the administrative user name: tanium
Please enter the password (will not be displayed):
Please enter the fingerprint of the Tanium servers certificate: 800BBFB2942BD9A033F39CBC61049BCE68DEBDF789B38E05569AC0C0794D0BD985C1CF9A0CB73420FCC53F01756E51F287D29B6D62DFFD5781909E8BCA6E7202
Verified entered fingerprint successfully
Registering module server with 10.10.10.102 (60 second timeout)...
Added hosts entry
Registration completed successful
Restarting module server to ensure settings have taken
Restart complete
Press enter to continue
What to do next