Deploying Tanium Infrastructure

Follow these steps to deploy Tanium IaaS to an Amazon Web Services (AWS) virtual private cloud (VPC).

Before you begin

The deployment workflow assumes you have already designed your VPC network and configured the following AWS objects, which you select when you set up the Tanium component server stack:

Create the Tanium component server stack

  1. Go to https://content.tanium.com/files/cloud/index.html.
  2. Accept the license.
  3. Browse to the template that you want to use and click the icon to launch the link.
  4. Make sure the correct region is selected for your VPC and click Next.
  5. Complete the configuration as described in the following table and click Next.
    SettingsGuidelines
    Stack nameMust be unique.
    BinaryURIURI to the Tanium component server binary files. The URI is a temporary link provided to you by your TAM.
    DatabaseSubnetsSpecify two private subnets for the redundant relational database servers.
    EndpointCountMaximum endpoints expected, including endpoints that connect to the Zone Server(s).
    KeyNameSelect the name of the key pair used to make SSH connections to the Tanium component server instances.
    OperatingSystemCentOS.
    PrivateSubnetAvailabilityZone1Select the private subnet for the Tanium Server 1 and Module Server instances.
    PrivateSubnetAvailabilityZone2Select the private subnet for the Tanium Server 2 instance. To support HA, specify a private subnet in a different availability zone from the Tanium Server 1 instance.
    PublicSubnetAvailabilityZone1Select the public subnet for the Tanium Server 1 and Module Server instances.
    PublicSubnetAvailabilityZone2Select the public subnet for the Tanium Server 2 instance. To support HA, specify a public subnet in a different availability zone from the Tanium Server 1 instance.
    TaniumConsolePasswordPassword for the initial Tanium Console user. It must be at least 8 characters and a maximum of 128 characters.
    TaniumModuleServerInstanceNameOptional. Change the default name for the server instance.
    TaniumServer1InstanceNameOptional. Change the default name for the server instance.
    TaniumServer2InstanceNameOptional. Change the default name for the server instance.
    TaniumZoneServer1InstanceNameOptional. Change the default name for the server instance.
    TaniumZoneServer2InstanceNameOptional. Change the default name for the server instance.
    TargetVPCAll component servers must be deployed to the same VPC.
    ZoneServerEndpointCountNumber expected endpoint connections to the Zone Server. This count is included in EndpointCount.
  6. Optional. Add additional key value pairs, configure advanced AWS CloudFormation options, and click Next.
  7. Review the configuration, select the acknowledgment that the deployment creates IAM role, and click Create.

    It takes approximately 40 minutes to build the component server instances. When the process is complete, the tanium.pub file is copied to your S3 storage.

  8. Launch the EC2 instance for each component.

Install the Tanium license

Upload the tanium.license file to your Amazon S3 (storage) bucket.

A job has been set up on the Tanium Server to copy the uploaded license to the Tanium Server instance. When the job is completed, the license file is added to the /opt/Tanium/TaniumServer directory, and the Tanium Server is restarted to apply the license file.

What to do next

Verify the deployment.

Last updated: 12/21/2018 6:57 AM | Feedback