Verifying the deployment
Log into the Tanium™ Console to verify proper communication among deployment components:
- Successful installation of Tanium™ content packs verifies communication with content.tanium.com.
- Successful installation of Tanium™ Interact verifies communication between the Tanium™ Server and Module Server.
- Successful registration by Tanium™ Clients verifies communication with clients.
- Successful registration by a Tanium Client configured to use the Zone Server address verifies communication between the Zone Server and Zone Server hub service.
- In a web browser, go to https://Tanium_Server_FQDN[:port] to log into the Tanium Console.
Tanium_Server_FQDN is the fully-qualified domain name for the Tanium Server appliance. The default port is 8443, and it is redirected to 443. You do not have to specify port if you use the default.
- Enter the user name tanium and the password you set when you installed the Tanium Server.
When you first log into the Tanium Console, it automatically initiates the following actions:
- Imports the Initial Content - Base content pack. The Initial Content packs include the sensors, packages, saved questions, and dashboards that are essential for getting started with Tanium.
- Imports the Client Maintenance content pack. The Client Maintenance pack includes the sensors, packages, actions, and saved questions that are used to perform hygiene checks on Tanium Clients.
Imports the Interact workbench. The Interact workbench includes the user interface for questions and results.
This installation guide includes a brief section on deploying Tanium Clients so that you can use basic client-server registration to verify successful installation of the Tanium core server components.
For comprehensive information on client deployment options, see the Tanium Client Deployment Guide.
Before you begin
- You have a Windows computer on which you can install the Tanium™ Client Deployment Tool (CDT).
- Network firewall rules allow the Tanium CDT to make connections to the target endpoints. See Tanium Core Platform Deployment Reference Guide: Network ports.
- You know the username and password of an administrator account that can log into the target endpoint and install the Tanium Client.
- Download the Tanium Server public key file so you can include it in Tanium Client installation packages. See Download the Tanium Server public key file.
- Contact your TAM to learn how to download the latest Tanium CDT.
Install the Tanium Client Deployment Tool
- Right-click the TaniumClientDeploymentToolSetup.exe file and select Run as administrator.
The installation wizard prompts you for one value—the installation directory. The default is C:\Program Files (x86)\Tanium\Tanium Client Deployment Tool.
- In Windows, select Start > Tanium Client Deployment Tool to open the tool.
- Click OK to download the latest endpoint software.
The software is downloaded to C:\Program Files (x86)\Tanium\Tanium Client Deployment Tool\clients\.
- If you plan to use Microsoft PSExec to push Tanium Client to endpoints:
Deploy the Tanium Client
- Open the Tanium CDT.
- Configure the following settings.
Username/Password Local or domain user with administrative privileges on the targeted endpoints. The deployment tool uses this account when it connects to the targeted endpoint and executes the client installer. Tanium.pub Path to the Tanium Server public key file (tanium.pub). Server Name The FQDN for the Tanium Server. Specify a comma-separated list. For example, ts1.example.com,ts2.example.com. Port 17472 Log Verbosity Level Specify 1 for this initial deployment. Level 1 writes a minimal logs that might be useful if there are issues with the initial deployment. Execution Method Select PSEXEC if you downloaded it in the previous procedure.
- Use the Computer List tab to specify the computer names, IP addresses or IP address ranges for a few endpoints in your lab.
- Click Install to deploy the client to a few host computers in your lab.
- In Interact, verify the endpoints respond to the following query:
Get Computer Name and Tanium Server Name from all machines
- Review the results grid to verify that all clients on which Tanium Client software was deployed are now reporting.
- You can also go to the System Status page to review recent client registration details. Go to Administration > System Status to display the page.
- Use the Tanium CDT to deploy the Tanium Client to a client in your lab. In the configuration, for Tanium Server, specify the Zone Server FQDN (appliance-zs.tam.local in this example).
- In Interact, ask Get Computer Name and Tanium Server Name from all machines and verify that the Tanium Client on the Zone Server is reporting via the Tanium Zone Server.
Last updated: 8/21/2019 2:18 PM | Feedback