Upgrading software on Tanium Appliances

Use the built-in TanOS upgrade functionality to upgrade the TanOS system and the Tanium Appliance roles (Tanium Server, Module Server, Zone Server, and Zone Server Hub).

Upgrade TanOS

TanOS periodically checks the TanOS manifest for available upgrades and informs you on the tanadmin menu screen when an upgrade is available. ClosedView screen

Additionally, a health check reports when an upgrade is available. For more information, see Run the Health Check.

If you are upgrading from version 1.7.4 or 1.7.5, TanOS 1.7.6 appears as the available upgrade version. Follow the procedures in this section to first upgrade to version 1.7.6 and then version 1.8.1.

When Tanium Appliances query the TanOS manifest for available updates at content.tanium.com, Tanium might collect non-identifiable metadata about the appliance, including version and feature usage information, to further support, develop, and improve its products.

  • If you are upgrading from any version earlier than 1.7.6, you must first upgrade to version 1.7.6 before you upgrade to version 1.8.1. The necessary steps are included in this topic.

  • TanOS 1.8.1 requires Tanium™ Core Platform 7.5.6 or later. If necessary, upgrade Tanium™ Core Platform servers to at least this version while TanOS 1.7.6 is installed, before you perform the final upgrade to version 1.8.1.

Before you begin

  1. Read the release notes for the TanOS versions that were released after your current version to stay informed about expected behavior.

  2. If your current deployment does not use an Appliance Array, create an array. See Installing and managing an Appliance Array.

    If you are upgrading from a version earlier than 1.6.4, you must upgrade TanOS before you can create an array. See Upgrade from TanOS releases earlier than 1.6.4 to version 1.7.2.

  3. Plan a maintenance window that accounts for all necessary upgrade tasks. If you manage a Zone Server separately from the Appliance Array, you must also upgrade it separately during the same maintenance window in which you upgrade the Appliance Array. The procedure is the same, but it must be done separately on each Zone Server that is not an array member. For more information about Zone Servers installed outside of an array, see Documentation Home > Tanium Core Platform > Tanium Appliance Deployment Guide.
  4. Verify the current deployment is working as expected, including all Tanium Core Platform and solutions.
  5. Run a health check on each appliance to check the status of network services and Tanium services.

  6. Create a backup of the appliance. If you have an inactive partition on a physical Tanium Appliance or virtual Tanium Appliance, you can choose to perform a partition sync to back up the active partition to the inactive partition. Alternatively, for virtual or cloud appliances, you can create a snapshot of the virtual image before you upgrade.

    Though a normal upgrade does not require you to restore from a backup, the backup lets you quickly restore the appliances to a known functional state if you encounter issues during an upgrade.

  7. Perform version-specific tasks:

    • Versions earlier than 1.8.1:

      • TanOS 1.8.1 or later uses different Tanium Core Platform binaries from TanOS 1.7.6 and earlier. As a one-time task for the upgrade from version 1.7.6 to version 1.8.1, you must manually provide the correct Tanium Core Platform installation package to the primary Tanium Server in the Appliance Array. The installation package for version 1.8.1 ends in _8, and you must use the installation package for the same version and build that is installed on your TanOS 1.7.6 deployment. For example, if you have Tanium Core Platform 7.5.6.1113 installed before you upgrade, you must provide the file 7.5.6.1113_linux_server_package_8.zip.

        Tanium Core Platform 7.5.6 is required for TanOS 1.8.1. If you have an earlier version installed, upgrading Tanium Core Platform will be part of the process to upgrade TanOS from version 1.7.6 to version 1.8.1.

        Contact Tanium Support to obtain a token URL for the updated Tanium Core Platform installation package for the version of Tanium Core Platform that you have installed or will have installed before upgrading to TanOS 1.8.1. You will need the URL (in internet-connected environments) or the downloaded package (in air-gapped environments) during the upgrade from version 1.7.6 to version 1.8.1. Carefully follow the prescribed upgrade paths for the steps to provide this package at the appropriate time.

      • If you use Tanium™ Discover, you must have Discover 4.7.164 or later installed prior to upgrading to TanOS 1.8.1.

    • Versions earlier than 1.7.3: Verify that TMS Sync is either healthy and active or disabled. If you are upgrading from version 1.7.3 or later, the upgrade process performs this verification automatically in the pre-upgrade checks.

      In TanOS 1.7.0–1.7.2, this verification includes confirming PostgreSQL replication is streaming. You can confirm PostgreSQL replication and file synchronization from menu 2-D-1 (Show Detailed Status).

    • Versions earlier than 1.6.7 on a physical Tanium Appliance: Make sure all firmware is up-to-date with your current TanOS version. For more information, see Install a firmware update. If you upgrade from TanOS 1.6.7 or later, these are already up-to-date.

      The TanOS upgrade automatically upgrades BIOS, iDRAC, PERC, and NIC firmware, as well as the operating system packages, to the latest versions.

Understand the upgrade process

Use the primary Tanium Server appliance to perform the upgrade. This automatically manages the upgrade on all appliances in the Appliance Array. The upgrade process runs pre-upgrade checks on all appliances in the array before upgrading any of the appliances. If you see the message Pre-upgrade checks failed, not upgrading, fix the issue that is reported with the message before attempting the upgrade again.

During an upgrade, TanOS stops all Tanium services, and resumes services after rebooting the appliance. It is safe to restart the Tanium Appliance upgrade if it is interrupted, such as if you lose your SSH connection to the appliance. The upgrade checks the status of all appliances in the array before proceeding from where the interruption occurred. If you have problems restarting an upgrade that was interrupted, contact Tanium Support.

To avoid issues with dropped SSH connections, upgrade using the physical Tanium Appliance iDRAC virtual console or the virtual console of your hypervisor or cloud provider.

To troubleshoot TanOS upgrade issues, review the upgrade log from the appliance that had an issue. See View the TanOS upgrade log.

Upgrade paths

Carefully follow the prescribed upgrade paths. Multiple manual steps are required for an upgrade from TanOS 1.7.6 or earlier to a version later than 1.7.6, including the following:

  • If you are upgrading from any version earlier than 1.7.6, you must first upgrade to version 1.7.6 before you upgrade to version 1.8.1. The necessary steps are included in this topic.
  • When you upgrade from version 1.7.6 to version 1.8.1, you must, as a one-time task, use a token URL provided by Tanium Support to manually provide the correct Tanium Core Platform installation package with updated binaries that are necessary for TanOS 1.8.1 and later.

  • You cannot upgrade directly to TanOS 1.7.6 from a version earlier than 1.6.4. For best results if you are upgrading from an earlier version, upgrade to TanOS 1.7.2 as an intermediate step.

Follow the upgrade path for your starting TanOS version.

Version 1.7.6

  1. If a version of Tanium Core Platform older than 7.5.6 is installed, upgrade Tanium Core Platform servers to 7.5.6 or later. See Upgrade Tanium Core Platform.
  2. Provide the updated Tanium Core Platform installation package for TanOS 1.8.1, using the following procedure: Provide the Tanium Core Platform installation package for an upgrade from TanOS 1.7.6 to TanOS 1.8.1.

  3. Upgrade TanOS to version 1.8.1 using one of the following procedures:

Version 1.7.4–1.7.5

  1. Update the RDB solution to version 1.2.174 or later. See Tanium Console User Guide: Import or update specific solutions.

  2. Upgrade TanOS to version 1.7.6 using one of the following procedures:

  3. Complete the steps for Version 1.7.6.

Version 1.6.6–1.7.3

  1. Update the RDB solution to version 1.2.174 or later. See Tanium Console User Guide: Import or update specific solutions.

  2. Upgrade TanOS to version 1.7.6 using one of the following procedures:

  3. Complete the steps for Version 1.7.6.

Version 1.6.4–1.6.5

  1. Update the RDB solution to version 1.2.174 or later. See Tanium Console User Guide: Import or update specific solutions.

  2. Upgrade TanOS to version 1.7.6 using the steps in Upgrade by manually uploading an RPM file.

  3. Complete the steps for Version 1.7.6.

Versions earlier than 1.6.4

  1. Upgrade TanOS to version 1.7.2 using the steps in Tanium Appliance Deployment Guide (version 1.7.2): Upgrade an individual appliance from TanOS 1.5.6 or higher.
  2. Create an Appliance Array. See Installing and managing an Appliance Array.
  3. Update the RDB solution to version 1.2.174 or later. See Tanium Console User Guide: Import or update specific solutions.

  4. Upgrade TanOS to version 1.7.6 using one of the following procedures:

  5. Complete the steps for Version 1.7.6.

Upgrade tasks

The following sections provide detailed steps for the tasks that are necessary as part of upgrades from different starting versions. Make sure you perform these tasks according to the upgrade path for your environment and starting TanOS version, as shown in Upgrade paths.

Provide the Tanium Core Platform installation package for an upgrade from TanOS 1.7.6 to TanOS 1.8.1

TanOS 1.8.1 or later uses different Tanium Core Platform binaries from TanOS 1.7.6 and earlier. As a one-time task for the upgrade from version 1.7.6 to version 1.8.1, you must manually provide the correct Tanium Core Platform installation package to the primary Tanium Server in the Appliance Array. The installation package for version 1.8.1 ends in _8, and you must use the installation package for the same version and build that is installed on your TanOS 1.7.6 deployment. For example, if you have Tanium Core Platform 7.5.6.1113 installed before you upgrade, you must provide the file 7.5.6.1113_linux_server_package_8.zip.

If you manage a Zone Server separately from the Appliance Array, you must also provide the installation package to the Zone Server separately. For more information about Zone Servers installed outside of an array, see Documentation Home > Tanium Core Platform > Tanium Appliance Deployment Guide. As a best practice, do not upload the entire upgrade package to the Zone Server or use the tokens download steps. To avoid copying Tanium Server and Module Server files onto a host in a separate network, download the package from the tokens URL, extract only the Zone Server RPM from ZIP file, and use SFTP to copy only that file to the /incoming folder of the Zone Server appliance.

Internet-connected environments

  1. If you did not already do so, contact Tanium Support to obtain a token URL for the Tanium Core Platform package file.

  2. On the primary Tanium Server, sign in to the TanOS console as a user with the tanadmin role.
  3. Enter B to go to the Appliance Maintenance menu.
  4. Enter T to go to the Tokens Download menu, and follow the prompts to download the package.
Air-gapped environments

  1. If you did not already do so, contact Tanium Support to obtain a token URL for the Tanium Core Platform package file, and download the file.

  2. Use SFTP to copy the TanOS upgrade file to the /incoming directory on the primary Tanium Server appliance.

Upgrade from the TanOS manifest

On TanOS 1.7.4 or later in an internet-connected environment, you can download the latest available version that appears in the TanOS manifest directly from Tanium. This is the simplest upgrade method.

If you are upgrading from version 1.7.4 or 1.7.5, TanOS 1.7.6 appears as the available upgrade version. Follow these steps to upgrade to version 1.7.6, perform the steps listed in What to do next at the end of this section, and then repeat this procedure to upgrade to version 1.8.1.

  1. On the primary Tanium Server, sign in to the TanOS console as a user with the tanadmin role.

  2. Enter B-3 (Appliance Maintenance > Upgrade TanOS).

  3. At the prompt, enter Yes to upgrade all appliances in the array. ClosedView screen
  4. Enter D to download the version available from the manifest. ClosedView screen

  5. After TanOS downloads the upgrade RPM, enter the number for the downloaded file, and follow the prompts to perform the upgrade.

    ClosedView screen

    When prompted to back up the active partition to the inactive partition, enter Yes.

    6. The TanOS Console displays the upgrade process for each appliance in the array during the upgrade.

What to do next

Perform the following steps after you upgrade TanOS.

  1. Run a health check to check the status of network services and Tanium services.
  2. Verify the installation. If verification fails, see Support and Troubleshooting.

If you completed the upgrade to version 1.7.6 and you are preparing to upgrade to version 1.8.1, follow the upgrade path for Version 1.7.6.

Upgrade with a token URL

On TanOS 1.6.6 or later in an internet-connected environment, you can use a token URL upgrade package to upgrade to TanOS 1.8.1.

Use these steps to upgrade to TanOS 1.7.6, and then follow the upgrade path for Version 1.7.6.

  1. Obtain the token URL for the TaniumTanOS_Upgrade-1.7.6-0127.noarch.rpm upgrade package from Tanium Support.
  2. On the primary Tanium Server, sign in to the TanOS console as a user with the tanadmin role.

  3. Enter B-3 (Appliance Maintenance > Upgrade TanOS).

  4. At the prompt, enter Yes to upgrade all appliances in the array. ClosedView screen
  5. Enter T to enter the URL of a token download, and follow the prompts to perform the upgrade. ClosedView screen

    When prompted to back up the active partition to the inactive partition, enter Yes.

    6. The TanOS Console displays the upgrade process for each appliance in the array during the upgrade.

What to do next

Perform the following steps after you upgrade TanOS to version 1.7.6.

  1. Run a health check to check the status of network services and Tanium services.
  2. Verify the installation. If verification fails, see Support and Troubleshooting.
  3. Follow the upgrade path for Version 1.7.6.

Upgrade by manually uploading an RPM file

On TanOS 1.6.4 or later in an internet-connected or air-grapped environment, you can manually upload the TaniumTanOS_Upgrade-1.8.1-0149.noarch.rpm upgrade package downloaded from the token URL to upgrade to TanOS 1.8.1.

If you are upgrading form a version earlier than 1.7.6, use these steps to upgrade to TanOS 1.7.6, and then follow the upgrade path for Version 1.7.6. For an air-gapped environment, use the appropriate upgrade package for the specific version to which you are upgrading, and continue to follow the appropriate upgrade path.

  1. Obtain the token URL for the upgrade package from Tanium Support, and download the file.
  2. Use SFTP to copy the TanOS upgrade file to the /incoming directory on the primary Tanium Server appliance.
  3. On the primary Tanium Server, sign in to the TanOS console as a user with the tanadmin role.

  4. Enter B-3 (Appliance Maintenance > Upgrade TanOS).

  5. At the prompt, enter Yes to upgrade all appliances in the array. ClosedView screen
  6. Enter the line number of the RPM file to use, and follow the prompts to perform the upgrade.
    When prompted to back up the active partition to the inactive partition, enter Yes.

    7. The TanOS Console displays the upgrade process for each appliance in the array during the upgrade.

What to do next
  1. Run a health check to check the status of network services and Tanium services.
  2. Verify the installation. If verification fails, see Support and Troubleshooting.
  3. Continue the upgrade as necessary:

    • Internet-connected environment: If you upgraded to version 1.7.6, follow the upgrade path for Version 1.7.6.

    • Air-grapped environment: Continue the upgrade path for the appropriate version.

Upgrade from TanOS releases earlier than 1.6.4 to version 1.7.2

You cannot upgrade directly to TanOS 1.7.6 from a version earlier than 1.6.4. For best results if you are upgrading from an earlier version, upgrade to TanOS 1.7.2 as an intermediate step. For instructions, see Tanium Appliance Deployment Guide (version 1.7.2): Upgrade TanOS.

After upgrading to TanOS 1.7.2, create an Appliance Array before upgrading further. See Tanium Appliance Deployment Guide (version 1.7.2): Installing an Appliance Array.

What to do next

Perform the following steps after you upgrade TanOS to version 1.7.2.

  1. Run a health check to check the status of network services and Tanium services.
  2. Verify the installation. If verification fails, see Support and Troubleshooting.
  3. Continue the upgrade using the steps in Upgrade with a token URL (or, for air-gapped environments, Upgrade by manually uploading an RPM file).

View the TanOS upgrade log

  1. Sign in to the TanOS console as a user with the tanadmin role.

  2. Enter 3-1-1-2 (Tanium Support > Tanium Log Files > TanOS Appliance > Upgrade Log).

  3. Enter V to view the TanOS upgrade log file.

Upgrade Tanium Core Platform

In the Tanium Console, the Solutions page (Administration > Confiugration > Solutions) indicates at the top-right if Tanium Core Platform servers are up-to-date or if an update is available.

For air-gapped environments, install a full air gap update, which includes updates to solution modules, production content packs, and lab content packs. See Install a full update.

Upgrade path

Check with Tanium Support to understand the ramifications of direct upgrade and whether intermediate steps are recommended. For more information, contact Tanium Support.

Before you begin

  • Read the release notes for all of the Tanium Core Platform versions that were released after your current version to stay informed about expected behavior.
  • All servers must have the same version number (for example, 7.5.6.1113); be prepared to upgrade all Tanium Core Platform servers in your environment. The maintenance window for upgrading Tanium Core Platform servers is usually under an hour.

  • Contact Tanium Support to obtain a token URL for the upgrade package file.

    TanOS 1.8.1 uses different Tanium Core Platform binaries from TanOS 1.7.6 and earlier. Use the correct package file for your TanOS version.

    • If you are upgrading Tanium Core Platform on TanOS 1.7.6 or earlier during an intermediate phase of a TanOS upgrade, use the package that does not end in _8—for example, 7.5.6.1113_linux_server_package.zip

      .
    • If you are upgrading Tanium Core Platform on TanOS 1.8.1, use the package that ends in _8—for example, 7.5.6.1113_linux_server_package_8.zip.
  • Upgrade all appliances to TanOS 1.7.3 or later to use the following steps. See Upgrade TanOS.
  • Make sure the current deployment is working as expected, including all Tanium Core Platform servers and solutions.
  • Perform a backup of the appliance. See TanOS backup options.

Upgrade the Tanium Core Platform

To upgrade Tanium Core Platform, use the following procedure to have TanOS download the Tanium Server upgrade package from download.tanium.com and upgrade all appliances within an array. This procedure upgrades all Tanium Servers, Tanium Module Servers, Tanium Zone Servers, and Tanium Zone Server Hubs within the array. You can either provide the token URL for the upgrade package during the upgrade process or manually upload the RPM package to /incoming.

If you are upgrading an individual Zone Server that is not part of the Appliance Array, do not upload the entire upgrade package to the Zone Server or use the tokens download in TanOS during the upgrade. To avoid copying Tanium Server and Module Server files onto a host in a separate network, download the package from the tokens URL, extract only the Zone Server RPM from ZIP file, and use SFTP to copy only that file to the /incoming folder of the Zone Server appliance. For more information about Zone Servers installed outside of an array, see Documentation Home > Tanium Core Platform > Tanium Appliance Deployment Guide.

  1. Sign in to the TanOS console as a user with the tanadmin role.

  2. Enter 1-U (Tanium Installation > Upgrade Tanium Software).

  3. Enter Yes to upgrade Tanium Core Platform on all appliances in the array. ClosedView screen
  4. If you have uploaded the RPM file to /incoming, enter the line number of the upgrade package. Otherwise, enter T and paste the upgrade token URL provided by Tanium.

What to do next

After you upgrade Tanium Core Platform software, perform the steps listed in Verifying the installation to make sure the deployment works as expected. If verification fails, see Support and Troubleshooting.