Planning the Tanium Client deployment

Deploying the Tanium Client to your enterprise computers and integrating the deployment into your standard IT processes involves multiple phases, as illustrated in the following figure. Each phase involves various tools and options. Contact Tanium Support for details about these options.

Figure 1: Tanium Client deployment options

Review the following best practices for each phase.

Pilot

Pilots usually target fewer than 5,000 endpoints. As a best practice during your pilot, test deploying the Tanium Client with the standard software package deployment tool of your organization.

Some standard third-party tools include System Center Configuration Manager (SCCM), Altiris, LANDESK, Puppet, and Casper. You can also use custom scripts. For details about the installer files and client settings that are required to deploy the client, see:

The available deployment tools are:

Tanium Client Management service: You can deploy all versions of the Tanium Client to any number of endpoints in a single operation. For details, see the Tanium Client Management User Guide.
Existing application package deployment tools: Some standard third-party tools include System Center Configuration Manager (SCCM), Altiris, LANDESK, Puppet, and Casper. You can also use custom scripts. For details about the installer files and client settings that are required to deploy the client, see:

This guide does not describe third-party tool-specific procedures for deploying the Tanium Client. Contact Tanium Support for details on using these tools.

Initial deployment

After the pilot, an initial deployment into your enterprise might target 500,000 endpoints or more, and the deployment might reach across data center, headquarter, and branch locations. As a best practice for the initial rollout, use the standard application package deployment tools with which your IT organization and end users are already familiar. You can also use Client Management for the initial rollout.

Onboarding new computers

Plan to integrate the Tanium Client installation into your standard build processes for new computers, such as Microsoft Deployment Toolkit task sequences. You can install the client within operating system-specific images if your organization uses these to provision new computers and virtual desktop infrastructure (VDI) instances: see Preparing the Tanium Client on OS images. When a new computer boots for the first time, the Tanium Client starts and registers with TaaS the Tanium Server.

Continuous hygiene

After the initial rollout, establish policies and procedures to enforce the use of the Tanium Client on endpoints in your enterprise network. Many organizations use Active Directory (AD) computer startup scripts to ensure that the Tanium Client is installed and that the Tanium Client service is started. Contact Tanium Support for details.

Use Tanium™ Discover to scan for previously unmanaged or even unknown endpoints: see the Tanium Discover User Guide.