Verifying the installation

Log into the Tanium™ Console to verify proper communication among deployment components:

  • Successful installation of Tanium™ content packs verifies communication with content.tanium.com.
  • Successful installation of Tanium™ Interact verifies communication between the Tanium™ Server and Module Server.
  • Successful registration by a Tanium™ Client through the Zone Server verifies communication between the Tanium Server and the Zone Server, as well as communication with clients.

Create a bastion host

Access to all Tanium Server components is allowed only via the bastion host. The bastion host security group controls access. You can jump through the bastion host into the Tanium Server.

Figure  1:  Bastion host

The launch template created a bastion server instance but did not enable it.

Enable your bastion server

  1. Go to Services > EC2 > Auto Scaling Groups.
  2. Edit the bastion server configuration. Set Desired Capacity to 1.
  3. Save the bastion server configuration.
  4. Go to Services > EC2 > Instances and locate the public IP address of the bastion server.

Initiate SSH session jumping through the bastion host

ssh -J [email protected]<bastion host public IP address> [email protected]<Tanium Server private IP>

For example:

ssh -J [email protected] [email protected]

Initiate SSH session with port forwarding

ssh -L 8443:<Tanium Server private IP>:443 [email protected]<bastion host public IP address>

For example:

ssh -L 8443:10.0.29.143:443 [email protected]

Log into the Tanium Console

  1. From your localhost, initiate port forwarding:

    ssh -L 8443:<tanium server private IP>:443 [email protected]<Bastion Host public IP address>

    For example:

    ssh -L 8443:10.0.29.143:443 [email protected]

  2. From your localhost, open the Tanium Console URL. With port forwarding enabled, the Tanium Console URL has the following form:

    https://localhost:8443

  3. Log in with the username taniumconsole and password you set when you created the Tanium Server instance.

When you first log into the Tanium™ Console, it automatically initiates the following actions:

  • Imports the Initial Content - Base content pack. The Initial Content packs include the sensors, packages, saved questions, and dashboards that are essential for getting started with Tanium.
  • Imports the Client Maintenance content pack. The Client Maintenance pack includes the sensors, packages, actions, and saved questions that are used to perform hygiene checks on Tanium Clients.
  • Imports the Tanium™ Interact workbench. The Interact workbench includes the user interface for questions and results.

Verify the Tanium Server connection to the remote Module Server

Go to the Tanium Console info page (https://<fqdn>/info) and search for Module Cache. It should list the remote Module Server.

Use the CDT to deploy the Tanium Client

This guide includes a brief section on deploying Tanium Client so that you can use basic client-server registration to verify successful installation of the Tanium™ Core Platform server components. For comprehensive information on client deployment options, see the Tanium Client Deployment Guide.

Before you begin

  • Upload the latest Tanium™ Client Deployment Tool (CDT) to a management host computer (Windows) that can access the endpoints to which you want to deploy the Tanium Client.
  • Copy the tanium.pub file from the S3 storage to the management computer so you can include it in deployments to target endpoints.
  • Make sure that network firewall rules allow the Tanium CDT to make connections to the target endpoints.
  • Make sure you know the username and password of an administrator account that can log into the target endpoint and install the Tanium Client.

Install the CDT

  1. Right-click the TaniumClientDeploymentToolSetup.exe file and select Run as administrator.

    The installation wizard prompts you for one value—the installation directory. The default is C:\Program Files (x86)\Tanium\Tanium Client Deployment Tool.

  2. In Windows, select Start > Tanium Client Deployment Tool to open the tool.

    Upon initialization, the tool prompts you to download the latest endpoint software from secure Tanium download servers.

  3. Click OK to download the latest endpoint software.

    The software is downloaded to C:\Program Files (x86)\Tanium\Tanium Client Deployment Tool\clients\.

  4. If you plan to use Microsoft PSExec to push Tanium Client to endpoints:
    1. When prompted, follow the link to download PSTools from the Microsoft download site.
    2. Unzip the package and copy the PsExec.exe file to the CDT installation directory.
    3. Restart the Tanium CDT.

Deploy the client to the Tanium Platform Windows host systems

  1. Under Settings, specify:
    Tanium pub fileType or browse to the Tanium Server public key file. The Tanium Server public key you specify here is included in the client installation.
    Server Name

    A comma-separated list of IP addresses of the Zone Servers. For example, 13.52.166.154,13.52.70.165. The Tanium Client registers through the Zone Server you specify here.

    PortPort used by Tanium Clients to communicate with the Tanium Server and with their designated peers. The default is 17472.
    Log Verbosity LevelSets the Tanium Client log level:
    • 0: Disable logging. Recommended for clients installed to sensitive endpoints or VDI endpoints.
    • 1: Recommended logging level during normal operation.
    • 41: Recommended logging during troubleshooting.
    • >= 91: Enable the most detailed log levels for short periods of time only.
  2. For deployments to Windows endpoints, specify:
    UsernameLocal or domain user with administrative privileges on the targeted endpoints. The deployment tool uses this account when it connects to the targeted endpoint and executes the client installer.
    PasswordThe corresponding password.
    Target Folder Override Specify an installation folder if you do not want to use the default. On Windows, the default is C:\Program Files (x86)\Tanium\Tanium Client.
    Execution MethodFor Windows endpoints, specify which Windows operating system command line utility the tool uses to analyze target computers and perform the remote installation of the client:
    • PSEXEC: Recommended because it is faster.
    • WMIC: Recommended if analysis using PSEXEC returns endpoints with OS Unknown and status Processing.
    Impersonate UserSelect this option to use the PSEXEC user impersonation option. The credentials specified in the Settings section are used to connect to endpoint using a PSEXEC process that is run under those credentials on the Client Deployment tool host computer. Those credentials are also used to install the client.
  3. Use the Active Directory tab to search for the target endpoints.
    1. Domain: Specify the Active Directory domain to which the targeted endpoints belong. For example, example.com.
    2. Connect using credentials: Select this option to use the administrator credentials specified in Settings instead of the logged in user credentials.
    3. Include computers in child containers: When this option is unchecked, computer names from endpoints within only the first level are included in the target list, not computers contained in child containers. When checked, all computers within an Organizational Unit or container and all child Organization Units or containers are included in the list.
    4. Click Analyze to query the AD tree and populate the results table. Click Retry Bind if necessary in the event the AD query fails.
  4. Select one or more rows in the results table and click Install.

    The Status table has information about the installation attempt. Review the information to confirm deployment. Click Clear Completed or Clear All to clear Status table entries.

Review Tanium Client registration and ask a question

  1. Go to Administration > System Status to review recent client registration details.
  2. In Interact, verify the endpoints respond to the following query:

    Get Computer Name and Tanium Server Name from all machines

  3. Review the results grid to verify that all endpoints with Tanium Client software installed are now reporting.

Last updated: 4/4/2019 3:35 PM | Feedback