Client Management requirements
Review the requirements before you install and use Client Management.
Tanium dependencies
In addition to a license for Client Management, make sure that your environment meets the following requirements.
| Component | Requirement |
|---|---|
| Tanium™ Core Platform | 7.2 or later |
| Tanium products |
If you clicked Install with Recommended Configurations when you installed Client Management, the Tanium Server automatically installed all your licensed modules at the same time. Otherwise, you must manually install Tanium Discover, as described under Tanium Console User Guide: Manage Tanium modules.
|
Tanium™ Module Server
Client Management is installed and runs as a service on the Module Server host computer. The impact on the Module Server is minimal and depends on usage.
Endpoints
For a list of supported operating systems for the Tanium Client, see Tanium Client Guide: Host system requirements.
Supported operating systems
The following endpoint operating systems are supported with Client Management.
| Operating System | Version |
|---|---|
| Microsoft Windows Server | 2008 R2 with Service Pack 1 or later |
| Microsoft Windows Workstation | 7 and later |
| macOS | Same as Tanium Client support. See Tanium Client User Guide: Host system requirements. |
| Linux |
Same as Tanium Client support. See Tanium Client User Guide: Host system requirements. |
| Solaris | Same as Tanium Client support. See Tanium Client User Guide: Host system requirements. |
| AIX | Same as Tanium Client support. See Tanium Client User Guide: Host system requirements. |
Host and network security requirements
Specific ports and processes are needed to run Client Management.
For information about preparing endpoints for remote installation, see Prepare for deployment to Linux, macOS, or UNIX endpoints and Prepare for deployment to Windows endpoints.
Ports
The following ports are required for Client Management communication.
| Component | Port | Direction | Purpose |
|---|---|---|---|
| Module Server (Windows) |
22/TCP
|
Outbound | Communicate with endpoints during client installation RPC must be enabled from the module server |
| Module Server (Non-Windows) | 22/TCP
135/TCP 445/TCP |
Outbound | Communicate with endpoints during client installation |
| Endpoints (Windows) | 17472, 135, 445 | Inbound, Outbound | Communicate with Module Server during client installation |
| Endpoints (Non-Windows) | 17472, 22 | Inbound, Outbound | Communicate with Module Server during client installation This port is opened automatically on macOS systems |
Security exclusions
If security software is in use in the environment to monitor and block unknown host system processes, your security administrator must create exclusions to allow the Tanium processes to run without interference.
| Target Device | Process |
|---|---|
| Module Server | "<Tanium Module Server>\services\client-management-service\node.exe" service.js |
| <Tanium Module Server>\services\twsm-v1\twsm.exe | |
| Endpoints | <Tanium> (during client installation) <Tanium Client> |
Internet URLs
If security software is deployed in the environment to monitor and block unknown URLs, your security administrator might need to add the following URL to the whitelist.
- https://content.tanium.com
User role requirements
| Permission | Client Management Administrator | Client Management User | Client Management API User | Client Management Auditor | Client Management Credentials Administrator | Client Management Read-Only User |
|---|---|---|---|---|---|---|
|
Show Client-management1 View the Client Management workbench |
 2
|
2
|
2
|
|
2
|
2
|
|
Client-management Configurations Read Read client and deployment configurations |
2
|
|
|
|
|
|
|
Client-management Configurations Write Create and modify client and deployment configurations |
|
|
|
|
|
|
|
Client-management Credentials Read Read credentials list, but not view associated passwords or key data |
2
|
|
|
|
2
|
|
|
Client-management Credentials Write Create and modify credentials lists |
|
|
|
|
2
|
|
|
Client-management Credentials View View passwords or key data for credentials lists |
|
|
|
|
|
|
|
Client-management Deployments Read View data about client deployments |
2
|
2
|
|
|
|
|
|
Client-management Deployments Write Create deployments of Tanium Client to unmanaged endpoints |
|
|
|
|
|
|
|
Client-management Settings Write Write access to global settings in the Client Management module |
|
|
|
|
|
|
|
Client-management Read Audit Log Read audit log with API |
|
|
|
|
|
|
|
Client-management Use API Write access to global settings in the Client Management module |
|
|
|
|
|
|
|
Trends Data Read3 Run data queries against sources |
|
|
|
|
|
|
|
Trends API Board Read3 View boards, sections, and panels for specified content sets |
|
|
|
|
|
|
|
Trends API Board Write3 Create, edit, delete, and configure boards, sections, and panels for specified content sets |
|
|
|
|
|
|
|
Trends API Source Read3 View and list sources for specified content sets |
|
|
|
|
|
|
|
Trends API Source Write3 Create, edit, and delete sources for specified content sets |
|
|
|
|
|
|
|
1 To install Client Management, you must have the reserved role of Administrator. 2 Denotes a provided permission. 3 Denotes a permission that applies to the Reserved content set. |
||||||
| Permission | Content Set for Permission | Client Management Administrator | Client Management User | Client Management API User | Client Management Auditor | Client Management Credentials Administrator | Client Management Read-Only User |
|---|---|---|---|---|---|---|---|
| Execute Plugin | Tanium Client Management |
|
|
|
|
|
|
| Execute Plugin | Reserved |
|
|
|
|
|
|
| Role | Enables |
|---|---|
| Discover Read Only User | For service account: Deploy to endpoints based on Discover labels |
For more information and descriptions of content sets and permissions, see Tanium Core Platform User Guide: Managing roles.
Last updated: 5/22/2020 10:31 AM | Feedback