Planning the Tanium Client deployment

Deploying the Tanium Client to your enterprise computers, and integrating the deployment into your standard IT processes, involves multiple phases. Each phase involves various tools and options. Discuss these options with your Technical Account Manager (TAM).

Review the following best practices for each phase.

Pilot

Pilots usually target fewer than 5,000 endpoints. As a best practice during your pilot, test deploying the Tanium Client with the standard software package deployment tool of your organization. The available deployment tools are as follows:

• Tanium Client Management module: You can deploy all versions of the Tanium Client to any number of endpoints in a single operation. For details, see the Tanium Client Management User Guide.
• Existing application package deployment tools: Some standard third-party tools include Active Directory (AD) Group Policy Objects (GPO), System Center Configuration Manager (SCCM), Altiris, LANDESK, Puppet, and Casper. You can also use custom scripts. For details, see:
  • Deploying the Tanium Client to Windows endpoints
  • Deploying the Tanium Client to macOS endpoints
  • Deploying the Tanium Client to Linux endpoints
  • Deploying the Tanium Client to Solaris endpoints
  • Deploying the Tanium Client to AIX endpoints

Initial deployment

After the pilot, an initial deployment into your enterprise might target 500,000 endpoints or more, and the deployment might reach across data center, headquarter, and branch locations. As a best practice, use the standard application package deployment tools that your IT organization and end users are already familiar with for the initial rollout. If your organization does not have an existing deployment tool, use the Tanium Client Management module.

Onboarding new computers

Plan to integrate the Tanium Client installation into your standard build processes for new computers, such as Microsoft Deployment Toolkit task sequences. You can install the client within the reference OS images that are used to provision new computers and virtual desktop infrastructure (VDI) instances. When a new computer boots for the first time, the Tanium Client starts and registers with the Tanium Server. For details, see Preparing the Tanium Client on OS images.

Continuous hygiene

After the initial rollout, establish policies and procedures to enforce the use of the Tanium Client on endpoints in your enterprise network. Many organizations use AD computer startup scripts to ensure that the Tanium Client is installed and that the Tanium Client service is started (contact your TAM for details). Use the Tanium™ Discover module to scan for previously unmanaged or even unknown endpoints (see the Tanium Discover User Guide for details).