Deployment options summary

Deploying the Tanium Client to your enterprise computers, and integrating the deployment into your standard IT processes, involves multiple phases. Each phase involves various tools and options. Discuss these options with your technical account manager (TAM).

The following table summarizes Tanium recommendations for each phase.

Phase Recommendations
Pilot The Tanium Client Deployment Tool (CDT) is a free and simple tool you can use to deploy the Tanium Client to target computers during your pilot deployment. Pilots usually target fewer than 5,000 endpoints. The CDT supports deployment in batches of 250-500 endpoints. The endpoints must be currently joined in an Active Directory domain (Windows only) or currently connected to the network and match an IP address range that you specify (Windows, Linux, and macOS).

See Using the Tanium Client Deployment Tool.

During your pilot, we recommend you test deployment of the Tanium Client with the standard software package deployment tool of your organization, such as Active Directory (AD) Group Policy Objects (GPO),  System Center Configuration Manager (SCCM), Altiris, LANDESK, Puppet, Casper, and custom scripts.

You can use the Tanium CDT to prepare .exe, .msi, .iso, .rpm, .deb, and .pkg installation package files for these standard methods. For details, see:

Initial deployment After the pilot, an intial deployment into your enterprise might target 500,000 endpoints or more, and the deployment might reach across data center, headquarter, and branch locations. We recommend you use the standard software distribution methods your IT organization and end users are already familiar with for the initial rollout.
If your organization does not have an existing software package distribution solution, you can use the Tanium CDT. The CDT supports deployment in batches of 250-500 endpoints.
Onboarding new computers Plan to integrate Tanium Client installation into your standard new computer build processes, such as Microsoft Deployment Toolkit task sequences.

You can install Tanium Client within the reference OS images used to provision new computers and VDI instances. When the new computer boots for the first time, the Tanium Client starts and then tries to register with the Tanium Server.

See Preparing the Tanium Client on OS images.

Ongoing hygiene After the initial rollout, you want to put policies and procedures in place to enforce use of Tanium Client on the endpoints in your enterprise network. Many organizations have used AD computer startup scripts to ensure Tanium Client is installed and the Tanium Client service is started.

Contact your TAM for details.

Use Tanium Discover to scan for previously unmanaged and even previously unknown endpoints.

See the Tanium Discover User Guide for details.

Last updated: 6/4/2019 4:22 PM | Feedback