Deploying Tanium Infrastructure
Follow these steps to deploy Tanium IaaS to an Amazon Web Services (AWS) virtual private cloud (VPC).
The deployment workflow assumes you have already designed your VPC network and configured the following AWS objects, which you select when you set up the Tanium component server stack:
- KeyName: The name of an the AWS SSH key pair you want to use. This user will be granted sudo privileges to all provisioned machines. For information on creating an AWS SSH key pair, see Amazon Elastic Compute Cloud User Guide for Linux Instances: Creating a Key Pair Using Amazon EC2.
- TargetVPC: The name of the AWS VPC where you can to deploy the Tanium Infrastructure servers. You can find it in your AWS VPC Dashboard. For information about AWS VPC and VPC subnets, see Amazon Virtual Private Cloud User Guide: Default VPC Components.
- PrivateSubnet: The name of a VPC subnet for the Tanium Server and Module Server roles.
- PublicSubnet: The name of a VPC subnet for the Zone Server (if selected).
- Go to https://content.tanium.com/files/cloud/index.html.
- Accept the license.
- Browse to the template that you want to use and click the icon to launch the link.
- Make sure the correct region is selected for your VPC and click Next.
- Complete the configuration as described in the following table and click Next.
Settings Guidelines Stack name Must be unique. BinaryURI URI to the Tanium component server binary files. The URI is a temporary link provided to you by your TAM. DatabaseSubnets Specify two private subnets for the redundant relational database servers. EndpointCount Maximum endpoints expected, including endpoints that connect to the Zone Server(s). KeyName Select the name of the key pair used to make SSH connections to the Tanium component server instances. OperatingSystem CentOS. PrivateSubnetAvailabilityZone1 Select the private subnet for the Tanium Server 1 and Module Server instances. PrivateSubnetAvailabilityZone2 Select the private subnet for the Tanium Server 2 instance. To support HA, specify a private subnet in a different availability zone from the Tanium Server 1 instance. PublicSubnetAvailabilityZone1 Select the public subnet for the Tanium Server 1 and Module Server instances. PublicSubnetAvailabilityZone2 Select the public subnet for the Tanium Server 2 instance. To support HA, specify a public subnet in a different availability zone from the Tanium Server 1 instance. TaniumConsolePassword Password for the initial Tanium Console user. It must be at least 8 characters and a maximum of 128 characters. TaniumModuleServerInstanceName Optional. Change the default name for the server instance. TaniumServer1InstanceName Optional. Change the default name for the server instance. TaniumServer2InstanceName Optional. Change the default name for the server instance. TaniumZoneServer1InstanceName Optional. Change the default name for the server instance. TaniumZoneServer2InstanceName Optional. Change the default name for the server instance. TargetVPC All component servers must be deployed to the same VPC. ZoneServerEndpointCount Number expected endpoint connections to the Zone Server. This count is included in EndpointCount.
- Optional. Add additional key value pairs, configure advanced AWS CloudFormation options, and click Next.
- Review the configuration, select the acknowledgment that the deployment creates IAM role, and click Create.
- Launch the EC2 instance for each component.
A job has been set up on the Tanium Server to copy the uploaded license to the Tanium Server instance. When the job is completed, the license file is added to the /opt/Tanium/TaniumServer directory, and the Tanium Server is restarted to apply the license file.
Last updated: 12/21/2018 6:57 AM | Feedback