Reference: Tanium Operations menu
Tanium™ operations include management of Tanium services, configuration settings, and certificate and public key files.
Start, stop, and restart Tanium services
Manage Tanium™ Core Platform servers and the database server with these common service control commands:
- Start
- Stop
- Restart
- Disable
- Enable
Use the TanOS menus to stop, start, or restart a service, regardless if the service is enabled or disabled.
To issue a command:
- Sign in to the TanOS console as a user with the tanadmin role.
- Enter 2 to go to the Tanium Operations menu.
View screen------------------------------------------------------
>>> Tanium Operations Menu <<<
1: Tanium Service Control
2: Tanium Configuration Settings
4: Install Custom SOAP Cert
5: Manage Custom Signing Keys
7: Download SOAP Certificate
9: Import CAC Certificate
A: Configure Module Server(s)
B: Configure Tanium Cluster
C: Manage Content
M: Module Operations
I: Import public key to Tanium Zone Server
X: Advanced Operations
R: Return to previous menu RR: Return to top
------------------------------------------------------
- Enter 1 to go to the Tanium Service Control menu. View screen
------------------------------------------------------
>>> Tanium Operations -> Tanium Service Control <<<
1: ipsec enabled started
2: postgresql-tms enabled stopped
3: postgresql-ts-firewall enabled started
4: postgresql-ts enabled started
5: slapd enabled started
6: taniumserver enabled started
A: Restart ALL enabled Tanium services
B: Stop ALL Tanium services
C: Start ALL enabled Tanium services
D: Disable ALL Tanium services
E: Enable ALL Tanium services
R: Return to previous menu RR: Return to top
------------------------------------------------------
- Enter the line number of the service that you want to manage to view the service commands. View screen
>>> Tanium Operations -> Tanium Service Control -> Service <<<
Service State Status
taniumserver enabled running
1: Start service
2: Stop service
3: Restart service
4: Disable service
5: Enable service
6: Status Details
R: Return to previous menu
------------------------------------------------------
- Enter the number associated with the service control command to issue it.
Change a Tanium server configuration
Use the Configuration Settings menu to change the log level or the Tanium component server configuration settings. Contact Tanium Support before changing Tanium configuration settings.
Edit server settings
- Sign in to the TanOS console as a user with the tanadmin role.
- Enter 2 to go to the Tanium Operations menu. View screen
------------------------------------------------------
>>> Tanium Operations Menu <<<
1: Tanium Service Control
2: Tanium Configuration Settings
4: Install Custom SOAP Cert
5: Manage Custom Signing Keys
7: Download SOAP Certificate
9: Import CAC Certificate
A: Configure Module Server(s)
B: Configure Tanium Cluster
C: Manage Content
M: Module Operations
I: Import public key to Tanium Zone Server
X: Advanced Operations
R: Return to previous menu RR: Return to top
------------------------------------------------------
- Enter 2 to go to the Configuration Settings menu. View screen
------------------------------------------------------
>>> Tanium Operations -> Configuration Settings <<<
Note: Some settings may require a service restart to take effect.
1: Edit Tanium Server Settings
2: Edit Tanium Server TDL Settings
3: Add Tanium Server TDL Auth User
4: Add Tanium Server TDL Auth Cert
5: Edit Tanium Module Server Settings
6: Edit Tanium Module Server TDL Settings
7: Add Tanium Module Server TDL Auth User
8: Add Tanium Module Server TDL Auth Cert
9: Edit Tanium Zone Server Settings
11: Edit isolated subnets list
12: Edit separated subnets list
13: Control Root CA Certs
R: Return to previous menu RR: Return to top
------------------------------------------------------
- Use the menu to view and edit Tanium component server settings.
Add an authentication user for TDownloader
Tanium Downloader (TDL) is a utility that the Tanium Core Platform uses to download files from other servers, including updates from content.tanium.com. Some servers require user authentication. Use this menu to add user credentials for the Tanium Server TDownloader instance or the Module Server TDownloader instance.
If you have Tanium Core Platform 7.5.3 or later, and Tanium Console 3.1 or later, you can use the Tanium Console to manage authentication certificates for remote sources. For information, see Tanium Console User Guide: Managing downloads authentication.
- Sign in to the TanOS console as a user with the tanadmin role.
- Enter 2 to go to the Tanium Operations menu. View screen
------------------------------------------------------
>>> Tanium Operations Menu <<<
1: Tanium Service Control
2: Tanium Configuration Settings
4: Install Custom SOAP Cert
5: Manage Custom Signing Keys
7: Download SOAP Certificate
9: Import CAC Certificate
A: Configure Module Server(s)
B: Configure Tanium Cluster
C: Manage Content
M: Module Operations
I: Import public key to Tanium Zone Server
X: Advanced Operations
R: Return to previous menu RR: Return to top
------------------------------------------------------
- Enter 2 to go to the Configuration Settings menu. View screen
------------------------------------------------------
>>> Tanium Operations -> Configuration Settings <<<
Note: Some settings may require a service restart to take effect.
1: Edit Tanium Server Settings
2: Edit Tanium Server TDL Settings
3: Add Tanium Server TDL Auth User
4: Add Tanium Server TDL Auth Cert
5: Edit Tanium Module Server Settings
6: Edit Tanium Module Server TDL Settings
7: Add Tanium Module Server TDL Auth User
8: Add Tanium Module Server TDL Auth Cert
9: Edit Tanium Zone Server Settings
11: Edit isolated subnets list
12: Edit separated subnets list
13: Control Root CA Certs
R: Return to previous menu RR: Return to top
------------------------------------------------------
- Enter 3 (Tanium Server TDL Auth User) or 7 (Tanium Module Server TDL Auth User) and follow the prompts to configure user credentials for the server URL or Windows file share from which you want to download files. View screen
------------------------------------------------------
>>> Tanium Operations -> Configuration Settings <<<
Note: Some settings may require a service restart to take effect.
1: Edit Tanium Server Settings
2: Edit Tanium Server TDL Settings
3: Add Tanium Server TDL Auth User
4: Add Tanium Server TDL Auth Cert
5: Edit Tanium Module Server Settings
6: Edit Tanium Module Server TDL Settings
7: Add Tanium Module Server TDL Auth User
8: Add Tanium Module Server TDL Auth Cert
9: Edit Tanium Zone Server Settings
11: Edit isolated subnets list
12: Edit separated subnets list
13: Control RedHat CA Cert
R: Return to previous menu RR: Return to top
------------------------------------------------------
TanOS Version:1.7.6
Please select: 7
URL: https://www.test.com/share
Username: taniumsvc
Password:
Password (confirm):The URL field can contain the path for a Windows file share, such as \\tam.local\dc1\share. For file access using Tanium, read-only permissions are sufficient. If you want to share files from a Windows share location, you must provide read-write permissions at a minimum. See the Microsoft Windows documentation for information about file and share permissions.
For security reasons, Tanium does not support hidden shares, such as c$.
- Review the resulting configuration.
Edit TDownloader settings
Use this menu to add and edit settings for the Tanium Server TDownloader instance or the Module Server TDownloader instance. For example, if your deployment uses proxies and contains only IPV6 addresses, add the ForceIPV6 setting to force the TDownloader to resolve proxy addresses as IPV6.
For a list of supported settings, see Tanium Core Platform Deployment Reference Guide: Tanium Core Platform server settings.
- Sign in to the TanOS console as a user with the tanadmin role.
- Enter 2 to go to the Tanium Operations menu. View screen
------------------------------------------------------
>>> Tanium Operations Menu <<<
1: Tanium Service Control
2: Tanium Configuration Settings
4: Install Custom SOAP Cert
5: Manage Custom Signing Keys
7: Download SOAP Certificate
9: Import CAC Certificate
A: Configure Module Server(s)
B: Configure Tanium Cluster
C: Manage Content
M: Module Operations
I: Import public key to Tanium Zone Server
X: Advanced Operations
R: Return to previous menu RR: Return to top
------------------------------------------------------
- Enter 2 to go to the Configuration Settings menu. View screen
------------------------------------------------------
>>> Tanium Operations -> Configuration Settings <<<
Note: Some settings may require a service restart to take effect.
1: Edit Tanium Server Settings
2: Edit Tanium Server TDL Settings
3: Add Tanium Server TDL Auth User
4: Add Tanium Server TDL Auth Cert
5: Edit Tanium Module Server Settings
6: Edit Tanium Module Server TDL Settings
7: Add Tanium Module Server TDL Auth User
8: Add Tanium Module Server TDL Auth Cert
9: Edit Tanium Zone Server Settings
11: Edit isolated subnets list
12: Edit separated subnets list
13: Control Root CA Certs
R: Return to previous menu RR: Return to top
------------------------------------------------------
- Enter 2 to show the TDL settings. View screen
------------------------------------------------------
>>> Tanium Operations -> Configuration Settings -> Edit <<<
Editing: Tanium Server Downloader Settings
# Line Content
1 LogVerbosityLevel 1
2 TrustedCertPath /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
3 TrustedHostList ts1.tam.local,localhost,127.0.0.1,ts2.tam.local
A: Add a line
R: Return to previous menu
Please select a line number or menu item:- To add a new setting, enter A and follow the prompts to enter a key-value pair.
- To edit a setting, enter the line number of the setting, enter E, and type in the new value of the setting.
- To delete a setting, enter the line number of the setting, and enter D.
- For a list of settings, see Tanium Core Platform Deployment Reference Guide: Proxy server settings.
You can use the Tanium Console to manage proxy settings. For information, see Tanium Console User Guide: Configure proxy server settings.
Add an authentication certificate for TDownloader
If you have Tanium Core Platform 7.5.3 or later, and Tanium Console 3.1 or later, you can use the Tanium Console to manage authentication certificates for remote sources. For information, see Tanium Console User Guide: Managing downloads authentication.
Servers from which you want to download files might require certificate authentication. Use this menu to add a client certificate and key to the Tanium Server TDownloader instance or the Module Server TDownloader instance.
-
Use SFTP to copy the client certificate file and key file to the /incoming folder.
- Sign in to the TanOS console as a user with the tanadmin role.
- Enter 2 to go to the Tanium Operations menu. View screen
------------------------------------------------------
>>> Tanium Operations Menu <<<
1: Tanium Service Control
2: Tanium Configuration Settings
4: Install Custom SOAP Cert
5: Manage Custom Signing Keys
7: Download SOAP Certificate
9: Import CAC Certificate
A: Configure Module Server(s)
B: Configure Tanium Cluster
C: Manage Content
M: Module Operations
I: Import public key to Tanium Zone Server
X: Advanced Operations
R: Return to previous menu RR: Return to top
------------------------------------------------------
- Enter 2 to go to the Configuration Settings menu. View screen
------------------------------------------------------
>>> Tanium Operations -> Configuration Settings <<<
Note: Some settings may require a service restart to take effect.
1: Edit Tanium Server Settings
2: Edit Tanium Server TDL Settings
3: Add Tanium Server TDL Auth User
4: Add Tanium Server TDL Auth Cert
5: Edit Tanium Module Server Settings
6: Edit Tanium Module Server TDL Settings
7: Add Tanium Module Server TDL Auth User
8: Add Tanium Module Server TDL Auth Cert
9: Edit Tanium Zone Server Settings
11: Edit isolated subnets list
12: Edit separated subnets list
13: Control Root CA Certs
R: Return to previous menu RR: Return to top
------------------------------------------------------
- Enter 4 (Add Tanium Server TDL Auth Cert) or 8 (Add Tanium Module Server TDL Auth Cert) and follow the prompts to upload the certificate and key file and configure TDownloader to use them for the server URL from which you want to download files. View screen
------------------------------------------------------
>>> Tanium Operations -> Configuration Settings <<<
Note: Some settings may require a service restart to take effect.
1: Edit Tanium Server Settings
2: Edit Tanium Server TDL Settings
3: Add Tanium Server TDL Auth User
4: Add Tanium Server TDL Auth Cert
5: Edit Tanium Module Server Settings
6: Edit Tanium Module Server TDL Settings
7: Add Tanium Module Server TDL Auth User
8: Add Tanium Module Server TDL Auth Cert
9: Edit Tanium Zone Server Settings
11: Edit isolated subnets list
12: Edit separated subnets list
13: Control Root CA Certs
R: Return to previous menu RR: Return to top
------------------------------------------------------
TanOS Version: 1.7.6
Please select: 4
Upload the certificate and key files into tancopy's incoming/ directory and
then provide the names of those files here to be loaded into the configuration
database.
URL: https://cdn.redhat.com
Certificate filename: client-certificate.pem
Key filename: client-key.pem
- Review the resulting configuration.
Manage authentication certificates for Tanium Patch connections with Red Hat
Tanium™ Patch downloads files from a Red Hat Satellite Server that requires certificate authentication.
If you have Tanium Core Platform 7.5.3 or later, and Tanium Console 3.1 or later, you can use the Tanium Console to manage authentication certificates for remote sources. For information, see Tanium Console User Guide: Managing downloads authentication.
- Download a client certificate and key file from the Red Hat website that is specific to your subscription entitlement and create files named client-certificate.pem and client-key.pem. For more information, see Tanium Patch User Guide: Enable and configure Linux features.
- Use SFTP to copy the certificate file and key file to the /incoming folder.
- Sign in to the TanOS console as a user with the tanadmin role.
- Enter 2 to go to the Tanium Operations menu. View screen
------------------------------------------------------
>>> Tanium Operations Menu <<<
1: Tanium Service Control
2: Tanium Configuration Settings
4: Install Custom SOAP Cert
5: Manage Custom Signing Keys
7: Download SOAP Certificate
9: Import CAC Certificate
A: Configure Module Server(s)
B: Configure Tanium Cluster
C: Manage Content
M: Module Operations
I: Import public key to Tanium Zone Server
X: Advanced Operations
R: Return to previous menu RR: Return to top
------------------------------------------------------
- Enter 2 to go to the Configuration Settings menu. View screen
------------------------------------------------------
>>> Tanium Operations -> Configuration Settings <<<
Note: Some settings may require a service restart to take effect.
1: Edit Tanium Server Settings
2: Edit Tanium Server TDL Settings
3: Add Tanium Server TDL Auth User
4: Add Tanium Server TDL Auth Cert
5: Edit Tanium Module Server Settings
6: Edit Tanium Module Server TDL Settings
7: Add Tanium Module Server TDL Auth User
8: Add Tanium Module Server TDL Auth Cert
9: Edit Tanium Zone Server Settings
11: Edit isolated subnets list
12: Edit separated subnets list
13: Control Root CA Certs
R: Return to previous menu RR: Return to top
------------------------------------------------------
- Enter 4 (Tanium Server TDL Auth Cert) and follow the prompts to upload the certificate file and key file and to configure TDownloader to use them for the server URL from which you want to download files. View screen
------------------------------------------------------
>>> Tanium Operations -> Configuration Settings <<<
Note: Some settings may require a service restart to take effect.
1: Edit Tanium Server Settings
2: Edit Tanium Server TDL Settings
3: Add Tanium Server TDL Auth User
4: Add Tanium Server TDL Auth Cert
5: Edit Tanium Module Server Settings
6: Edit Tanium Module Server TDL Settings
7: Add Tanium Module Server TDL Auth User
8: Add Tanium Module Server TDL Auth Cert
9: Edit Tanium Zone Server Settings
11: Edit isolated subnets list
12: Edit separated subnets list
13: Control Root CA Certs
R: Return to previous menu RR: Return to top
------------------------------------------------------
TanOS Version: 1.7.6
Please select: 4
Upload the certificate and key files into tancopy's incoming/ directory and
then provide the names of those files here to be loaded into the configuration
database.
URL: https://cdn.redhat.com
Certificate filename: client-certificate.pem
Key filename: client-key.pem
- Enter 13 and use the menu to install the Red Hat enterprise CA certificate file (redhat-uep.pem). View screen
>>> Control Root CA Certs <<<
1: redhat-uep.pem (Not installed)
A: Add Root CA Cert
R: Return to previous menu
------------------------------------------------------
Edit Zone Server isolated subnets list
Use the TanOS menus to configure the isolated subnets list for Zone Servers.
For Tanium Servers (not Zone Servers), use the Tanium Console to configure the isolated subnets list. For more information, see Tanium Client Management User Guide: Configure isolated subnets.
- Sign in to the TanOS console of the Zone Server appliance as a user with the tanadmin role.
- Enter 2 to go to the Tanium Operations menu. View screen
------------------------------------------------------
>>> Tanium Operations Menu <<<
1: Tanium Service Control
2: Tanium Configuration Settings
4: Install Custom SOAP Cert
5: Manage Custom Signing Keys
7: Download SOAP Certificate
9: Import CAC Certificate
A: Configure Module Server(s)
B: Configure Tanium Cluster
C: Manage Content
M: Module Operations
I: Import public key to Tanium Zone Server
X: Advanced Operations
R: Return to previous menu RR: Return to top
------------------------------------------------------
- Enter 2 to go to the Configuration Settings menu. View screen
------------------------------------------------------
>>> Tanium Operations -> Configuration Settings <<<
Note: Some settings may require a service restart to take effect.
1: Edit Tanium Server Settings
2: Edit Tanium Server TDL Settings
3: Add Tanium Server TDL Auth User
4: Add Tanium Server TDL Auth Cert
5: Edit Tanium Module Server Settings
6: Edit Tanium Module Server TDL Settings
7: Add Tanium Module Server TDL Auth User
8: Add Tanium Module Server TDL Auth Cert
9: Edit Tanium Zone Server Settings
11: Edit isolated subnets list
12: Edit separated subnets list
13: Control Root CA Certs
R: Return to previous menu RR: Return to top
------------------------------------------------------
- Enter 11 to edit the IsolatedSubnets.txt file. View screen
>>> Tanium TanOS -> Tools -> Edit Files -> IsolatedSubnets.txt <<<
#: Line Content
1: 192.168.1.0/24
A: Add a line
R: Return to previous menu
------------------------------------------------------
- Use the menu to specify the CIDR IP address for subnets in which clients should never peer.
Change a Tanium component server port
Perform the following steps to change a Tanium component server port. For more information about appliance ports, see Tanium network ports.
- Sign in to the TanOS console as a user with the tanadmin role.
- Enter 2 to go to the Tanium Operations menu. View screen
------------------------------------------------------
>>> Tanium Operations Menu <<<
1: Tanium Service Control
2: Tanium Configuration Settings
4: Install Custom SOAP Cert
5: Manage Custom Signing Keys
7: Download SOAP Certificate
9: Import CAC Certificate
A: Configure Module Server(s)
B: Configure Tanium Cluster
C: Manage Content
M: Module Operations
I: Import public key to Tanium Zone Server
X: Advanced Operations
R: Return to previous menu RR: Return to top
------------------------------------------------------
- Enter 2 to go to the Configuration Settings menu. View screen
------------------------------------------------------
>>> Tanium Operations -> Configuration Settings <<<
Note: Some settings may require a service restart to take effect.
1: Edit Tanium Server Settings
2: Edit Tanium Server TDL Settings
3: Add Tanium Server TDL Auth User
4: Add Tanium Server TDL Auth Cert
5: Edit Tanium Module Server Settings
6: Edit Tanium Module Server TDL Settings
7: Add Tanium Module Server TDL Auth User
8: Add Tanium Module Server TDL Auth Cert
9: Edit Tanium Zone Server Settings
11: Edit isolated subnets list
12: Edit separated subnets list
13: Control Root CA Certs
R: Return to previous menu RR: Return to top
------------------------------------------------------
- Enter the line number for the Tanium component server to modify.
- Use the menu to select and edit the Tanium component server port settings.
- Restart the service for the modified server. For more information, see Start, stop, and restart Tanium services.
Install a custom SOAP certificate
You can replace the self-signed certificates generated by the Tanium Server and Tanium Module Server installers with an SSL certificate issued by a commercial or enterprise certificate authority (CA).
In a Tanium cluster, repeat the following procedures to upload and install the certificate and key files to each Tanium Server.
For detailed information about the SSL certificates used in a Tanium deployment, see the Tanium Core Platform Deployment Reference Guide: Securing Tanium Console, API, and Module Server access.
Install the SOAP certificate file
Install the new, CA-issued certificate and associated private key on the Tanium Server. In an active-active deployment, perform these steps on each Tanium Server. Because the steps include stopping and restarting the servers, perform this task during a maintenance window.
-
Use SFTP to copy the new CA-issued SOAP certificate and key files to the /incoming directory on the appliance.
- Sign in to the TanOS console as a user with the tanadmin role.
- Enter 2 to go to the Tanium Operations menu. View screen
------------------------------------------------------
>>> Tanium Operations Menu <<<
1: Tanium Service Control
2: Tanium Configuration Settings
4: Install Custom SOAP Cert
5: Manage Custom Signing Keys
7: Download SOAP Certificate
9: Import CAC Certificate
A: Configure Module Server(s)
B: Configure Tanium Cluster
C: Manage Content
M: Module Operations
I: Import public key to Tanium Zone Server
X: Advanced Operations
R: Return to previous menu RR: Return to top
------------------------------------------------------
- Enter 4 to initiate the Install Custom SOAP Cert process. View screen
------------------------------------------------------
>>> Tanium Operations -> Install Custom SOAP Cert <<<
This menu will allow you to install a custom SOAP Certificate on the Tanium server.
The detailed process and requirements can be reviewed at:
https://docs.tanium.com/platform_deployment_reference/platform_deployment_reference/
ssl_certificates.html#Appliance
Attention: the Tanium Server service will be restarted during this operation!
Please ensure that you have completed the following steps before continuing:
1) Follow the instructions on docs.tanium.com to generate a key/cert pair
2) Upload the SOAPServer.key and SOAPServer.crt files into the incoming
Would you like to continue? [Yes|No]:
- Follow the prompts to install the certificate and key files that you uploaded:
- Enter Yes at the prompt to proceed with the installation.
Select the certificate that you are importing, verify that the displayed certificate details are correct, and enter Yes at the prompt. View screen
>>> Tanium Operations -> Install Custom SOAP Cert -> Select Certificate <<<
Pick a certificate (.pem or *.crt) to import. Press ENTER to re-scan the incoming directory.
1: SOAPServer.crt 2.1K
subject= /C=DE/ST=BE/L=Berlin/OU=IT
R: Return, no selection
Please select: 1
Examining SOAPServer.crt
MD5: fd9bbe48d6ea10037d3d240f96c0c211
Not After: Sep 2 09:43:41 2023 GMT
Subject: C=DE, ST=BE, L=Berlin, OU=IT
SOAPServer.crt: C=DE, ST=BE, L=Berlin, OU=IT
Use this file? [Yes|No]:
- Select the private key that you are importing.
The appliance verifies that the key is valid and matches the certificate. View screen
>>> Tanium Operations -> Install Custom SOAP Cert -> Select Key <<<
Pick a key (.key or *.key.pem) to import. Press ENTER to re-scan the incoming directory.
1: SOAPServer.key 1.8K
Valid RSA Key, matching certificate
R: Return, no selection
Please select: 1
Creating backup of existing files.
Would you like to backup existing SOAP files to tancopy outgoing? [Yes|No]:
- Enter Yes at the prompt to create a backup of the files in the /outgoing directory of the tancopy user.
The Tanium Appliance stops the Tanium Server service, installs the new certificate and key, and restarts the service. View screen
Creating backup of existing files.
Would you like to backup existing SOAP files to tancopy outgoing? [Yes|No]: yes
Existing SOAP files have been placed in the sftp outgoing directory.
This location will be cleaned daily at 02:00am appliance time
Stopping the Tanium Server service - this might take a while...
Installing new certificate...
Starting the Tanium Server service...
Successfully installed new SOAP certificate and restarted the Tanium Server
- If the appliances are in an array, the last step is to re-register the Module Server: enter Yes at the prompt and enter the password of the Tanium Console admin user. View screen
This appliance is part of an Appliance Array containing a remote Tanium Module Server.
The TMS needs to re-register with this appliance to begin using the newly loaded certificate.
Do you want to register the TMS now? [Yes|No]: yes
Enter Tanium Console admin user (tanium) password for 10.1.20.30:
Otherwise, if the appliance is not in an array, press Enter to continue and perform the steps described in Re-register the remote Module Server with each Tanium Server. View screen
Local Tanium Module Server service found - updating trusted.crt.
Restarting the Tanium Module Server service.
Finished updating trusted .crt and restarted Tanium Module Server.
Restart of other module services may be required.
Validate all other module services are functioning as expected and use the service control options to restart as required.
Custom SOAP Cert installation completed
Press enter to continue
Re-register the remote Module Server with each Tanium Server
After you replace the certificate and private key on the Tanium Server, re-register the Module Server if you did not already do so in the preceding task. In an active-active deployment, you must re-register with each Tanium Server. Because the steps include stopping and restarting services, perform this task during a maintenance window.
- Repeat the remote Module Server configuration steps to update the certificates that are used to validate SOAPServer.crt and ssl.crt on each server: trusted.crt on the Module Server appliance and trusted-module-servers.crt on the Tanium Server appliance. See Tanium Appliance Deployment Guide: Configure the Tanium Server to use the remote Module Server.
- Restart all Tanium services on the Module Server appliance. See Tanium Appliance Deployment Guide: Start, stop, and restart Tanium services.
Manage content signing keys
- Sign in to the TanOS console as a user with the tanadmin role.
- Enter 2 to go to the Tanium Operations menu. View screen
------------------------------------------------------
>>> Tanium Operations Menu <<<
1: Tanium Service Control
2: Tanium Configuration Settings
4: Install Custom SOAP Cert
5: Manage Custom Signing Keys
7: Download SOAP Certificate
9: Import CAC Certificate
A: Configure Module Server(s)
B: Configure Tanium Cluster
C: Manage Content
M: Module Operations
I: Import public key to Tanium Zone Server
X: Advanced Operations
R: Return to previous menu RR: Return to top
------------------------------------------------------
- Enter 5 to go to the Install Content Signing Keys menu. View screen
------------------------------------------------------
>>> Tanium Operations -> Install Content Signing Keys <<<
L: List Content Signing Keys
A: Add Content Signing Key
D: Delete Content Signing Key
R: Return to previous menu RR: Return to top
------------------------------------------------------
- Use the menus to add, delete, or list the key files.
Enable import of user-created content
The Tanium Server requires content files that are imported into the Tanium Console to be signed, and the signatures are verified by public keys stored on the Tanium Server. The public keys for content developed by Tanium and delivered through content.tanium.com are included with the installation. To import user-created content, you must use a utility provided by Tanium to sign the content, and you must upload the public key from that pair to the Tanium Server. In an active-active cluster, perform the following steps for each active Tanium Server in the deployment.
- Contact Tanium Support for instructions on how to download the content signing key utility (keyutility.exe). For more information, see Support for Tanium Appliances.
- Use keyutility.exe to generate a cryptographic key pair and use it to sign the user-created content you want to import into the Tanium Server. See Tanium Core Platform User Guide: Authenticating content files.
- Rename the public key file from that key pair import.pub and use SFTP to upload it to the /incoming folder of the Tanium Server appliance.
- Sign in to the TanOS console as a user with the tanadmin role.
- Enter 2 to go to the Tanium Operations menu. View screen
------------------------------------------------------
>>> Tanium Operations Menu <<<
1: Tanium Service Control
2: Tanium Configuration Settings
4: Install Custom SOAP Cert
5: Manage Custom Signing Keys
7: Download SOAP Certificate
9: Import CAC Certificate
A: Configure Module Server(s)
B: Configure Tanium Cluster
C: Manage Content
M: Module Operations
I: Import public key to Tanium Zone Server
X: Advanced Operations
R: Return to previous menu RR: Return to top
------------------------------------------------------
- Enter 5 to go to the Install Content Signing Keys menu. View screen
------------------------------------------------------
>>> Tanium Operations -> Install Content Signing Keys <<<
L: List Content Signing Keys
A: Add Content Signing Key
D: Delete Content Signing Key
R: Return to previous menu RR: Return to top
------------------------------------------------------
- Enter A to go to the Add Content Signing Key menu and follow the prompts to import the public key file. View screen
>>> Tanium Operations -> Install Content Signing Certificate -> Add Content Signing Key <<<
Please use the tancopy account to transfer the public key via sftp into the incoming directory
The filename of the public key must be import.pub
Would you like to continue? [Yes|No]: yes
Continue with adding content signing key.
Found candidate file with md5 dc170530b4a5f957dd3e97b1edbd076a
Please enter the key's owner first name: John
Please enter the key's owner last name: Doe
Installed new content signing key for the Tanium Server:
SELF_John_Doe_1521239953.pub with md5 dc170530b4a5f957dd3e97b1edbd076a
Installed new content signing key for the Tanium Module Server:
SELF_John_Doe_1521239953.pub with md5 dc170530b4a5f957dd3e97b1edbd076a
Press enter to exit.
You can now upload signed user-created content to the Tanium Server on the appliance. In a Tanium Cluster, Tanium Servers write content to the shared Tanium database. Therefore, after you import content on a Tanium Server in an Tanium cluster, the content is available on the other Tanium Server.
Watch the tutorial about how to manage content signing keys for the Tanium Appliance.
Download the Tanium Server SOAP certificate
Download the Tanium Server SOAP certificate file for configuration of a remote Windows Module Server, or other use.
- Sign in to the TanOS console as a user with the tanadmin role.
- Enter 2 to go to the Tanium Operations menu. View screen
------------------------------------------------------
>>> Tanium Operations Menu <<<
1: Tanium Service Control
2: Tanium Configuration Settings
4: Install Custom SOAP Cert
5: Manage Custom Signing Keys
7: Download SOAP Certificate
9: Import CAC Certificate
A: Configure Module Server(s)
B: Configure Tanium Cluster
C: Manage Content
M: Module Operations
I: Import public key to Tanium Zone Server
X: Advanced Operations
R: Return to previous menu RR: Return to top
------------------------------------------------------
- Enter 7 to go to the Download SOAP Certificate procedure.
- Follow any prompts to copy the SOAP certificate file to the /outgoing directory. View screen
>>> Tanium Operations -> Download SOAP Certificate <<<
There is a certificate already in the outgoing directory.
If you copy again we will overwrite the certificate.
Do you want to continue to copy again? [Yes|No]: yes
SOAP Certificate (SOAPServer.crt) has been copied to tancopy
outgoing and to the pub directory of the Tanium web server.
You can connect with tancopy via sftp to outgoing directory
to download or use https://<tanium server>/pub/SOAPServer.crt
and then distribute as required.
Press enter to continue
- Use SFTP to copy the tanium.pub file from the /outgoing directory on the appliance to your management computer.
Import a common access card certificate file
The Tanium Console supports smart card authentication. A smart card is a physical credential that has a microchip and data, such as secure certificates and keys. Smart cards are also known as common access cards (CAC) and personal identity verification (PIV) cards. Endpoint systems are set up with smart card readers, and end users use their smart card to authenticate and gain access. For more information, see the Tanium Core Platform Deployment Reference Guide: Smart card authentication.
Upload the certificate file
- Use SFTP to copy the certificate file (PEM format) to the /incoming directory on the Tanium Server appliance.
Install the certificate file
- Sign in to the TanOS console as a user with the tanadmin role.
- Enter 2 to go to the Tanium Operations menu. View screen
------------------------------------------------------
>>> Tanium Operations Menu <<<
1: Tanium Service Control
2: Tanium Configuration Settings
4: Install Custom SOAP Cert
5: Manage Custom Signing Keys
7: Download SOAP Certificate
9: Import CAC Certificate
A: Configure Module Server(s)
B: Configure Tanium Cluster
C: Manage Content
M: Module Operations
I: Import public key to Tanium Zone Server
X: Advanced Operations
R: Return to previous menu RR: Return to top
------------------------------------------------------
- Enter 9 and follow the prompts to import and install the CAC certificate file.
Manually register a Tanium Module Server with the Tanium Server
If you replace the certificate and private key on the Tanium Server, you must manually register the Module Server with the Tanium Server. This process includes configuring the Module Server on the Tanium Server and then enabling the Module Server. In an active-active deployment, you must register the Module Server with each Tanium Server.
Configure the Module Server on the Tanium Server
- Sign in to a Tanium Server appliance as a user with the tanadmin role.
- Enter 2 to go to the Tanium Operations menu. View screen
------------------------------------------------------
>>> Tanium Operations Menu <<<
1: Tanium Service Control
2: Tanium Configuration Settings
4: Install Custom SOAP Cert
5: Manage Custom Signing Keys
7: Download SOAP Certificate
9: Import CAC Certificate
A: Configure Module Server(s)
B: Configure Tanium Cluster
C: Manage Content
M: Module Operations
I: Import public key to Tanium Zone Server
X: Advanced Operations
R: Return to previous menu RR: Return to top
------------------------------------------------------
- Enter A to go to the Configure Module Server(s) menu. View screen
------------------------------------------------------
>>> Tanium Operations -> Configure Module Server(s)
Active Module Server: tms1.test.tanium.local
Module Server 1:
Name: tms1.test.tanium.local
TMS Sync Role: source
TMS Sync Ready: no
Module Server 2:
Name: tms2.test.tanium.local
TMS Sync Role: target
TMS Sync Ready: yes
TMS FailoverP: Promote TMS
S: Assign TMS Sync Role
Manual TMS Configuration1: Step 1 -> Configure Module Server Address (on Tanium Server)
2: Step 2 -> Register Module Server (on Tanium Module Server)
3: Read about Remote Module Server configuration
R: Return to previous menu RR: Return to top
- Enter 1 and follow the prompts to configure the Module Server address, which specifies the address the Tanium Server uses to connect to the Module Server. Be sure to copy the certificate fingerprint. You need the certificate fingerprint to configure the Module Server. View screen
>>> Tanium Operations -> Configure Module Server(s) -> Configure Module Server Address <<<
Before continuing, please have the following at hand:
- Hostname of the remote module server
- Domain name of the remote module server
- IP of the remote module server
After completing this step and until step 2 (registration) has been completed on the remote
module server, this Tanium Server will have limited functionality!
The following fingerprint is required for step 2:
800BBFB2942BD9A033F39CBC61049BCE68DEBDF789B38E05569AC0C0794D0BD985C1CF9A0CB73420FCC53F01756E51F28
7D29B6D62DFFD5781909E8BCA6E7202
Would you like to continue? [Yes|No]: yes
Continue with change.
Please enter the IP of the remote module server: 10.10.10.103
Please enter the hostname (NOT FQDN) of the remote module server: appliance-tms1
Please enter the domain name of the remote module server: tam.local
Disabling local module server instance (if exist)
Setting new Tanium Module Server address 10.10.10.103
Changing hosts file
Would you like to restart the Tanium Server service?
Attention - this might take a long time! [Yes|No]: yes
Restarting the Tanium server service
Attention:
Step 1 of the Remote Module Server configuration process completed successful.
Step 2 needs to be completed on the Remote Module Server. Follow the instructions
in "Tanium Operations (2) -> Register Remote Module Server (A)"
This Tanium Server will not be functional until step 2 has been completed as well.
The following fingerprint is required for step 2 - please copy it:
800BBFB2942BD9A033F39CBC61049BCE68DEBDF789B38E05569AC0C0794D0BD985C1CF9A0CB73420FCC53F01756E51F28
7D29B6D62DFFD5781909E8BCA6E7202
Press enter to continue
Enable the remote Module Server
- Sign in to the Tanium Module Server appliance as a user with the tanadmin role.
- Enter 2 to go to the Tanium Operations menu. View screen
------------------------------------------------------
>>> Tanium Operations Menu <<<
1: Tanium Service Control
2: Tanium Configuration Settings
4: Install Custom SOAP Cert
5: Manage Custom Signing Keys
A: Register Module Server
D: Configure Module Server sync
M: Module Operations
X: Advanced Operations
R: Return to previous menu RR: Return to top
------------------------------------------------------
- Enter A to go to the Register Module Server menu.
- Enter 2 and follow the prompts to enable the remote Module Server and to configure its connection with the Tanium Server. Specify the Tanium Console admin user (tanium, not a TanOS user). View screen
>>> Tanium Operations -> Configure Module Server(s) -> Enable Module Server <<<
Before continuing, please have the following at hand:
- Hostname of the Tanium server
- Domain name of the Tanium server
- IP of the Tanium server
- Credentials of a Tanium User with administrative privileges
- Fingerprint of the Tanium Server certificate (obtained in Step 1)
Would you like to continue? [Yes|No]: yes
Going ahead with module server registration
Please enter the IP of the Tanium server: 10.10.10.101
Please enter the hostname (NOT FQDN) of the Tanium server: appliance-ts1
Please enter the domain name of the Tanium server: tam.local
Please enter the Tanium Console administrative user name: tanium
Please enter the password (will not be displayed):
Please enter the fingerprint of the Tanium servers certificate: 800BBFB2942BD9A033F39CBC61049BCE
68DEBDF789B38E05569AC0C0794D0BD985C1CF9A0CB73420FCC53F01756E51F287D29B6D62DFFD5781909E8BCA6E7202
Verified entered fingerprint successfully
Registering module server with 10.10.10.101 (60 second timeout)...
Added hosts entry
Registration completed successful
Restarting module server to ensure settings have taken
Restart complete
Press enter to continue
For a cluster, register the Tanium servers individually. View screen
>>> Tanium Operations -> Configure Remote Module Server -> Enable Module Server <<<
Before continuing, please have the following at hand:
- Hostname of the Tanium server
- Domain name of the Tanium server
- IP of the Tanium server
- Credentials of a Tanium User with administrative privileges
- Fingerprint of the Tanium Server certificate (obtained in Step 1)
Would you like to continue? [Yes|No]: yes
Going ahead with module server registration
Please enter the IP of the Tanium server: 10.10.10.102
Please enter the hostname (NOT FQDN) of the Tanium server: appliance-ts2
Please enter the domain name of the Tanium server: tam.local
Please enter the Tanium Console administrative user name: tanium
Please enter the password (will not be displayed):
Please enter the fingerprint of the Tanium servers certificate: 800BBFB2942BD9A033F39CBC6
1049BCE68DEBDF789B38E05569AC0C0794D0BD985C1CF9A0CB73420FCC53F01756E51F287D29B6D62DFFD5781
909E8BCA6E7202
Verified entered fingerprint successfully
Registering module server with 10.10.10.102 (60 second timeout)...
Added hosts entry
Registration completed successful
Restarting module server to ensure settings have taken
Restart complete
Press enter to continue
Manage a Tanium cluster
A Tanium cluster uses two Tanium Servers to provide continuous availability during scheduled maintenance or an outage. For more information, see Configuring a Tanium cluster.
Manually configure a Tanium cluster
For the best results, use an Appliance Array for easier setup and management of the appliances in your deployment. When you install two Tanium Server roles in an array, TanOS automatically configures a Tanium cluster. For instructions on how to install an Appliance Array, including the necessary Tanium Appliance server roles, see
Installing and managing an Appliance Array.
If you are unable to use the Appliance Array, see Tanium Appliance Deployment Guide (version 1.7.2): Configure a Tanium cluster for instructions to manually configure a Tanium cluster.
Perform database failover
- On the secondary, or passive, appliance, sign in to the TanOS console as a user with the tanadmin role.
- Enter 2 to go to the Tanium Operations menu. View screen
------------------------------------------------------
>>> Tanium Operations Menu <<<
1: Tanium Service Control
2: Tanium Configuration Settings
4: Install Custom SOAP Cert
5: Manage Custom Signing Keys
7: Download SOAP Certificate
9: Import CAC Certificate
A: Configure Module Server(s)
B: Configure Tanium Cluster
C: Manage Content
M: Module Operations
I: Import public key to Tanium Zone Server
X: Advanced Operations
R: Return to previous menu RR: Return to top
------------------------------------------------------
- Enter B to go to the Cluster Configuration menu. View screen
------------------------------------------------------
>>> Tanium Operations -> Cluster Configuration <<<
1: Step 1 -> Initialize cluster (Primary member)
2: Step 2 -> Join cluster (Secondary member)
3: Read about cluster operations
A: Database Server Failover
S: Replication Status
L: Remove Cluster
B: Reinitialize Replication
C: SSH Key management
D: IPSEC management
R: Return to previous menu RR: Return to top
------------------------------------------------------
- Enter A to go to the Database Server Failover screen.
- Follow the prompts to to perform the failover to the secondary appliance database and promote the secondary appliance database to primary.
- To demote the original primary Tanium Server database to the passive role, on the original primary appliance, reinitialize replication. For instructions, see Reinitialize replication.
Check replication status
- On either Tanium Server in the cluster, sign in to the TanOS console as a user with the tanadmin role.
- Enter 2 to go to the Tanium Operations menu. View screen
------------------------------------------------------
>>> Tanium Operations Menu <<<
1: Tanium Service Control
2: Tanium Configuration Settings
4: Install Custom SOAP Cert
5: Manage Custom Signing Keys
7: Download SOAP Certificate
9: Import CAC Certificate
A: Configure Module Server(s)
B: Configure Tanium Cluster
C: Manage Content
M: Module Operations
I: Import public key to Tanium Zone Server
X: Advanced Operations
R: Return to previous menu RR: Return to top
------------------------------------------------------
- Enter B to go to the Cluster Configuration menu. View screen
------------------------------------------------------
>>> Tanium Operations -> Cluster Configuration <<<
1: Step 1 -> Initialize cluster (Primary member)
2: Step 2 -> Join cluster (Secondary member)
3: Read about cluster operations
A: Database Server Failover
S: Replication Status
L: Remove Cluster
B: Reinitialize Replication
C: SSH Key management
D: IPSEC management
R: Return to previous menu RR: Return to top
------------------------------------------------------
- Enter S to display the replication status between the cluster members.
Reinitialize replication
You can reinitialize replication on the passive, or secondary, database, which removes all existing database contents and replaces them with the contents from the currently active database. After you perform a failover, you can initialize replication from the newly active secondary appliance to the original primary appliance by performing this procedure on the original primary appliance.
- On the Tanium Server appliance with the passive database, sign in to the TanOS console as a user with the tanadmin role.
- Enter 2 to go to the Tanium Operations menu. View screen
------------------------------------------------------
>>> Tanium Operations Menu <<<
1: Tanium Service Control
2: Tanium Configuration Settings
4: Install Custom SOAP Cert
5: Manage Custom Signing Keys
7: Download SOAP Certificate
9: Import CAC Certificate
A: Configure Module Server(s)
B: Configure Tanium Cluster
C: Manage Content
M: Module Operations
I: Import public key to Tanium Zone Server
X: Advanced Operations
R: Return to previous menu RR: Return to top
------------------------------------------------------
- Enter B to go to the Cluster Configuration menu. View screen
------------------------------------------------------
>>> Tanium Operations -> Cluster Configuration <<<
1: Step 1 -> Initialize cluster (Primary member)
2: Step 2 -> Join cluster (Secondary member)
3: Read about cluster operations
A: Database Server Failover
S: Replication Status
L: Remove Cluster
B: Reinitialize Replication
C: SSH Key management
D: IPSEC management
R: Return to previous menu RR: Return to top
------------------------------------------------------
- Enter B to go to the Reinitialize Replication screen.
- Follow the prompts to reinitialize replication between the cluster members, and, if applicable, demote the original primary Tanium Server.
Change the Tanium content manifest URL
- Sign in to the TanOS console as a user with the tanadmin role.
- Enter 2 to go to the Tanium Operations menu. View screen
------------------------------------------------------
>>> Tanium Operations Menu <<<
1: Tanium Service Control
2: Tanium Configuration Settings
4: Install Custom SOAP Cert
5: Manage Custom Signing Keys
7: Download SOAP Certificate
9: Import CAC Certificate
A: Configure Module Server(s)
B: Configure Tanium Cluster
C: Manage Content
M: Module Operations
I: Import public key to Tanium Zone Server
X: Advanced Operations
R: Return to previous menu RR: Return to top
------------------------------------------------------
- Enter C to go to the Manage Content menu. View screen
------------------------------------------------------
>>> Tanium Operations -> Manage Content <<<
Manifest: Default
https://content.tanium.com/files/initialcontent/75/manifest.xml
Labs Manifest: Default
https://content.tanium.com/files/initialcontent/75/labs_manifest.xml
1: Install Airgap Content
2: Airgap Usage Report
3: Prune Airgap Content
4: Manage Web Server Content
B: Set Manifest
R: Return to previous menu RR: Return to top
------------------------------------------------------
- Enter B to go to the Manifest URL Change menu. View screen
------------------------------------------------------
>>> Tanium Operations -> Manifest URL Change <<<
Manifest change should be performed with the prior agreement of your TAM.
Only modify the manifest if you intend to test non general releases of
versions of Tanium Modules or content, or if you are using the airgap
installer.
Manifest: Default
https://content.tanium.com/files/initialcontent/73/manifest.xml
Labs Manifest: Default
https://content.tanium.com/files/initialcontent/73/labs_manifest.xml
1: Set Manifest
2: Set Labs Manifest
D: Restore Default Manifest Values
R: Return to previous menu RR: Return to top
------------------------------------------------------
- Use the menu to change the manifest URL.
Schedule sync jobs
- Sign in to the source Module Server appliance as a user with the tanadmin role.
- Enter 2 to go to the Tanium Operations menu.
- Enter D to go to the Module Server Sync menu.
- Enter 5 to go to the Schedule TMS Sync menu. View screen
>>> Schedule TMS Sync <<<
Current time: Thu 2019-05-16 21:06:37 UTC
Active: Disabled
Day of Month | 1 | 00:00 UTC
Crontab formatted time string: 00 00 1 * *
Pending: Disabled
Day of Month | 1 | 00:00 UTC
Crontab formatted time string: 00 00 1 * *
1: Disable Schedule
2: Enable Schedule
4: Schedule by Day of Month
5: Schedule by Day of Week
6: Select Time of Day
7: Activate Schedule Settings
R: Return to previous menu RR: Return to top
------------------------------------------------------The top of the menu shows active and pending settings. The changes you make are pending until you use menu 7 to make them active.
- Use the menu to configure the schedule:
- Enter 1 or 2 to toggle the enabled/disabled status for the schedule.
- Enter 4 or 5 to set the schedule by days of the month or days in a week.
- A comma (,) indicates separate days. For example, 1,15.
- A hyphen (-) indicates contiguous days. For example, mon-fri.
- Specify days of the week with three-letter abbreviations: sun, mon, tue, wed, thu, fri, sat.
- Enter 6 to set the time of day.
- Enter 7 to make your changes active.
View detailed status for Module Server sync
The top of the Module Server Sync menu shows configuration status and the last return code for the sync job. You can use menu 1 to view detailed status.
- Sign in to the source Module Server appliance as a user with the tanadmin role.
- Enter 2 to go to the Tanium Operations menu.
- Enter D to go to the Module Server Sync menu.
- Enter 1 to view the status. View screen
Secured connectivity to remote IP 10.0.72.129 is working
>>> Database Replication Health <<<
Cluster Role: Primary Server
Cluster member: 10.0.72.129
Sender Process: RUNNING (pass)
WAL Process: walsender
WAL Process Segment: 0/5000148
WAL Process Status: streaming
Replication Active: Yes (pass)
Replication Lag
In Recovery Mode: NO (pass)
Remote DB Address: 10.0.72.129
Remote DB Net Latency: 1ms
State: streaming
Sync State: async
Backend Start: 2022-08-2622:38:21.93646+00
Sent Log Location: 0/5000148
Write Log Location: 0/5000148
Replay Log Location: 0/5000148
Flush Log Location: 0/5000148
SSL Mode: ON (pass)
SSL CRL File: ON (pass)
Max Replication slots in postgresql configuration: 1 (pass)
Replication slot is active (pass)
Slot Name: node_a_slot
Slot Type: physical
Slot Active: t
Slot Active PID: 5257
Slot Restart LSN: 0/5000148
Active sync state (source)
Current time: Fri Aug 26 23:07:50 UTC 2022
Last sync log:
#### Starting module server sync ####
Start time: Fri Aug 26 22:47:08 UTC 2022
SYNC_ROLE 1 found
===============
2022-08-26 22:47:08 Starting 1/3: TaniumModuleServer (top)
2022-08-26 22:49:16 Finished 1/3: TaniumModuleServer (top)
===============
2022-08-26 22:51:24 Starting 2/3: Grouping directories by running services
2022-08-26 22:51:24 Finished 2/3: Grouping directories by running services
===============
2022-08-26 22:51:24 Starting 3/3: Final cleanup
2022-08-26 22:57:47 Finished 3/3: Final cleanup
End time: Fri Aug 26 22:57:47 UTC 2022
%%%% Ended module server sync %%%%%
Last return code: OK 2022-08-26T22:47:08
Promote the standby Module Server
The Module Server service on the standby appliance is not enabled while the active appliance is running. To make the standby appliance active, such as in the event of a failure on the active Module Server, perform the following steps to promote the standby Module Server.
- Sign in to the Tanium Server appliance as a user with the tanadmin role.
- Enter 2 to go to the Tanium Operations menu.
- Enter A to go to the Configure Module Server(s) menu.
- Enter P to Promote TMS. View screen
>>> Tanium Operations -> Configure Module Server(s) -> Promote TMS <<<
Active Module Server: tms1.test.tanium.local
Module Server 1:
Name: tms1.test.tanium.local
TMS Sync Role: Active sync (source)
TMS Sync File Ready: Yes
TMS Sync Replication: Active
Module Server 2:
Name: tms2.test.tanium.local
TMS Sync Role: Target
TMS Sync File Ready: Yes
TMS Sync Replication: Active
Note: Promoting TMS requires sync to be re-enabled.
Which Module Server should be promoted to active?
1: tms1.test.tanium.local
2: tms2.test.tanium.local
R: Return to previous menu RR: Return to top
Please select:
- Enter the line number of the Module Server to promote to active.
- Enter the administrative user name for the web-based Tanium Console. This is different from TanOS console tanadmin users.
- Enter the password for the Tanium Console administrative user and press Enter.
After you perform this procedure, the two Module Servers are disconnected from each other and the standby Module Server is active and registered with the Tanium Server. To use the non-active Module Server as a standby appliance, disable synchronization on the non-active Module Server, assign the Module Server synchronization role of source to the active Module Server, and assign the Module Server synchronization role of target to the new standby Module Server.
