Client Management requirements

Review the requirements before you install and use Client Management.

Tanium dependencies

In addition to a license for Client Management, make sure that your environment meets the following requirements.

Component Requirement
Tanium™ Core Platform 7.2 or later
Tanium products

If you clicked Install with Recommended Configurations when you installed Client Management, the Tanium Server automatically installed all your licensed modules at the same time. Otherwise, you must manually install Tanium Discover, as described under Tanium Console User Guide: Manage Tanium modules.

  • (Optional) Tanium Discover 3.1 or later. With Discover, you can target endpoints based on Discover tags.
  • (Optional) Tanium Trends 2.4 or later.

Tanium™ Module Server

Client Management is installed and runs as a service on the Module Server host computer. The impact on the Module Server is minimal and depends on usage.

Endpoints

For a list of supported operating systems for the Tanium Client, see Tanium Client Guide: Host system requirements.

Supported operating systems

The following endpoint operating systems are supported with Client Management. 

Operating System Version
Microsoft Windows Server 2008 R2 with Service Pack 1 or later
Microsoft Windows Workstation 7 and later
macOS Same as Tanium Client support. See Tanium Client User Guide: Host system requirements.
Linux

Same as Tanium Client support. See Tanium Client User Guide: Host system requirements.

Solaris Same as Tanium Client support. See Tanium Client User Guide: Host system requirements.
AIX Same as Tanium Client support. See Tanium Client User Guide: Host system requirements.

Host and network security requirements

Specific ports and processes are needed to run Client Management.

For information about preparing endpoints for remote installation, see Prepare for deployment to Linux, macOS, or UNIX endpoints and Prepare for deployment to Windows endpoints.

Ports

The following ports are required for Client Management communication.

Component Port Direction Purpose
Module Server (Windows)

22/TCP
135/TCP
139/TCP
445/TCP

Outbound Communicate with endpoints during client installation
RPC must be enabled from the module server
Module Server (Non-Windows) 22/TCP
135/TCP
445/TCP
Outbound Communicate with endpoints during client installation
Endpoints (Windows) 17472, 135, 445 Inbound, Outbound Communicate with Module Server during client installation
Endpoints (Non-Windows) 17472, 22 Inbound, Outbound Communicate with Module Server during client installation

This port is opened automatically on macOS systems

Security exclusions

If security software is in use in the environment to monitor and block unknown host system processes, your security administrator must create exclusions to allow the Tanium processes to run without interference.

Table 1:   Client Management security exclusions
Target Device Process
Module Server "<Tanium Module Server>\services\client-management-service\node.exe" service.js
<Tanium Module Server>\services\twsm-v1\twsm.exe
Endpoints <Tanium> (during client installation)
<Tanium Client>

Internet URLs

If security software is deployed in the environment to monitor and block unknown URLs, your security administrator might need to add the following URL to the whitelist.

  • https://content.tanium.com

User role requirements

Table 2:   Client Management user role permissions
Permission Client Management Administrator Client Management User Client Management API User Client Management Auditor Client Management Credentials Administrator Client Management Read-Only User

Show Client-management1

View the Client Management workbench


2

2

2


2

2

Client-management Configurations Read

Read client and deployment configurations


2






Client-management Configurations Write

Create and modify client and deployment configurations








Client-management Credentials Read

Read credentials list, but not view associated passwords or key data


2




2


Client-management Credentials Write

Create and modify credentials lists






2

Client-management Credentials View

View passwords or key data for credentials lists








Client-management Deployments Read

View data about client deployments


2

2





Client-management Deployments Write

Create deployments of Tanium Client to unmanaged endpoints








Client-management Settings Write

Write access to global settings in the Client Management module







Client-management Read Audit Log

Read audit log with API 







Client-management Use API

Write access to global settings in the Client Management module







Trends Data Read3

Run data queries against sources







Trends API Board Read3

View boards, sections, and panels for specified content sets







Trends API Board Write3

Create, edit, delete, and configure boards, sections, and panels for specified content sets







Trends API Source Read3

View and list sources for specified content sets







Trends API Source Write3

Create, edit, and delete sources for specified content sets







1 To install Client Management, you must have the reserved role of Administrator.

2 Denotes a provided permission.

3 Denotes a permission that applies to the Reserved content set.

 

Table 3:   Provided Client Management Advanced user role permissions
Permission Content Set for Permission Client Management Administrator Client Management User Client Management API User Client Management Auditor Client Management Credentials Administrator Client Management Read-Only User
Execute Plugin Tanium Client Management
Execute Plugin Reserved

 

Table 4:   Optional roles for Client Management
Role Enables
Discover Read Only User For service account: Deploy to endpoints based on Discover labels

For more information and descriptions of content sets and permissions, see Tanium Core Platform User Guide: Managing roles.