Tanium Cloud requirements
Review the requirements before you use Tanium Cloud.
|Tanium™ Client||7.4 or later|
Because Tanium Cloud requires Tanium Client 7.4 or later, some legacy operating systems might not be supported. For more information, see Tanium Client Management User Guide: Client version and host system requirements.
Supported operating systems
The following endpoint operating systems are supported with Tanium Cloud.
For Tanium Client operating system support, see Tanium Client Management User Guide: Client version and host system requirements.
To use Tanium Cloud in production, each customer must bring a Security Assertion Markup Language (SAML 2.0) compliant identity provider with two-factor authentication (2FA) enabled. Configuration of multiple identity providers for a single Tanium Cloud instance is supported. Examples of these providers include:
- Microsoft Active Directory Federation Services (ADFS)
- Azure Active Directory (AD)
Specific ports and processes are needed to run Tanium Cloud.
The following ports are required for Tanium Cloud communication.
|Tanium Client||Tanium Client||17472||TCP||Bi-directional communication between Tanium Client installations|
|Tanium Client||Tanium Cloud||17472||TCP||Outbound communication from the Tanium Client and inbound communication to Tanium Cloud|
|Tanium Client||Tanium Cloud||17486||TCP||Outbound communication from the Tanium Client and inbound communication to Tanium Cloud for direct endpoint connections|
Configure firewall policies to open ports for Tanium traffic with TCP-based rules instead of application identity-based rules. For example, on a Palo Alto Networks firewall, configure the rules with service objects or service groups instead of application objects or application groups.
To see additional port requirements that are specific to Tanium™ modules and shared services, click the following links to access the associated user guides:
- API Gateway
- Client Management
- Comply: No additional port requirements
- Direct Connect
- Endpoint Configuration
- End-User Notifications
- Integrity Monitor: No additional port requirements
- Interact: No additional port requirements
- Map: No additional port requirements
- Patch: No additional port requirements
- Threat Response
If security software is in use in the environment to monitor and block unknown host system processes, Tanium recommends that a security administrator create exclusions to allow the Tanium processes to run without interference. The configuration of these exclusions varies depending on AV software. For a list of all security exclusions to define across Tanium, see Tanium Core Platform Deployment Reference Guide: Host system security exclusions.
Tanium Cloud works with clients in networks with firewalls (direct route), as long as the clients can reach two internet IP addresses on two TCP ports.
Tanium Cloud works with clients in networks with proxies (indirect route), as long as the clients can reach two internet IP addresses on two TCP ports.
For more information about proxies, see Tanium Client Management User Guide: Connect through an HTTPS forward proxy server.
For more information about role permissions and associated content sets, see Tanium Core Platform User Guide: Managing RBAC.
To use Tanium Cloud, customers must provide the following information to Tanium:
- Service Vanity URL for the Tanium Console and clients: This <customerURL>.cloud.tanium.com URL is used to access the Tanium Console, and for clients to connect to the service. Choose a string for <customerURL> that meets the requirements (allowed: a-z, 0-9, and hyphen; maximum length: 40 characters).
This URL is a publicly searchable URL.
- Primary Tanium Administrator email address: Provide the email address for whomever is the primary Tanium administrator, which can manage identity provider configurations, create other users, and build RBAC as needed.
- Data Hosting Region Selection: The region choice has no performance dependencies, and is only for regional data hosting consideration.
Last updated: 5/12/2022 6:14 PM | Feedback