Deployment options summary
The deployment of Tanium™ Client to your enterprise computers and into your standard IT processes has multiple phases. During each phase, there are a number of tools and options. Discuss these options with your technical account manager (TAM).
The following table summarizes our recommendations.
|Pilot||The Tanium Client Deployment Tool (CDT) is a free and simple tool you can use to deploy the Tanium Client to target computers during your pilot deployment. Pilots usually target fewer than 5,000 endpoints. The CDT supports deployment in batches of 250-500 endpoints. The endpoints must be currently joined in an Active Directory domain (Windows only) or currently connected to the network and match an IP address range that you specify (Windows, Linux, and macOS).|
During your pilot, we recommend you test deployment of the Tanium Client with your organization's standard software package deployment tool, such as AD Group Policy Objects (GPO), System Center Configuration Manager (SCCM), Altiris, LANDESK, Puppet, Casper, and custom scripts.
You can use the Tanium CDT to prepare .exe, .msi, .iso, .rpm, .deb, and .pkg installation package files for these standard methods.
|Initial deployment||After the pilot, an intial deployment into your enterprise might target 500,000 endpoints or more, and the deployment might reach across datacenter, headquarter, and branch locations. We recommend you use the standard software distribution methods your IT organization and end users are already familiar with for the intial rollout.|
|If your organization does not have an existing software package distribution solution, you can use the Tanium CDT. The CDT supports deployment in batches of 250-500 endpoints.|
|Onboarding new computers||
Plan to integrate Tanium Client installation into your standard new computer build processes, such as Microsoft Deployment Toolkit task sequences.
You can install Tanium Client within the reference OS images used to provision new computers and VDI instances. When the new computer boots for the first time, the Tanium Client is started, and it attempts to register with the Tanium Server.
After the initial rollout, you want to put policies and procedures in place to enforce use of Tanium Client on the endpoints in your enterprise network. Many organizations have used Active Directory computer startup scripts to ensure Tanium Client is installed and the Tanium Client service is started.
Contact your TAM for details.
Use Tanium Discover to scan for previously unmanaged and even previously unknown endpoints.
See the Tanium Discover User Guide for details.
Last updated: 11/6/2018 5:16 PM | Feedback