Deploying Tanium Infrastructure

Follow these steps to deploy Tanium IaaS to a Microsoft Azure virtual private cloud (VPC).

Before you begin

The deployment workflow assumes you have already designed your VPC network and configured the following Microsoft Azure objects, which you select when you set up the Tanium component server stack:

  • A Microsoft Azure subscription. Ensure that Azure DB for PostgreSQL is enabled for the Azure subscription.
  • Admin Public Key: The public key to use when logging in from a management computer via SSH.
  • Azure virtual networks for each of host server in a joint resource group dedicated to this deployment. Joining them into one dedicated resource group makes later cleanup easier (if necessary).
  • For builds with a remote Azure DB for PostgreSQL Server, you must enable the resource provider and enable service endpoints on the target virtual network. See Microsoft Azure: Virtual Network Service Endpoints.

Create the Tanium component server stack

  1. Go to https://content.tanium.com/files/cloud/index.html.
  2. Accept the license.
  3. Browse to the template that you want to use and click the icon to launch the link.
  4. Complete the configuration as described in the following table.
    SettingsGuidelines
    SubscriptionSelect the Azure subscription for the resources used by this deployment.
    Resource groupSelect a resource group that is dedicated for the Tanium deployment. If the dedicated resource group has not already been created, click Create new and create it.
    LocationSelect a regional location.
    Tanium Server1NameOptional. Change the prepopulated name for the server instance.
    TanimServer2NameOptional. Change the prepopulated name for the server instance.
    Tanium Module Server NameOptional. Change the prepopulated name for the server instance.
    Tanium Zone Server1NameOptional. Change the prepopulated name for the server instance.
    Tanium Zone Server2NameOptional. Change the prepopulated name for the server instance.
    Admin UsernameSpecify a username for an account to be given sudo privileges on all provisioned server instances.
    Admin Public KeySelect the name of the SSH public key for the admin user specified above. The SSH key pair is used to secure SSH connections to the Tanium component server instances.
    Virtual Network NameSpecify the name of the Azure virtual network you set up for the Tanium deployment.
    Virtual Network Resource GroupSpecify the name of the Azure virtual network resource group that is dedicated for the Tanium deployment.
    Virtual Network Subnet_Tanium ServerSpecify the name of the virtual network subnet to which to deploy the Tanium Server.
    Virtual Network Subnet_Tanium Module Server Specify the name of the virtual network subnet to which to deploy the Tanium Module Server.
    Virtual Network Subnet_Tanium Zone Server Specify the name of the virtual network subnet to which to deploy the Tanium Zone Server.
    Binary URIURI to the Tanium component server binary files. The URI is a temporary link provided to you by your TAM.
    Tanium User PasswordPassword for the initial Tanium Console user. It must be at least 8 characters and a maximum of 128 characters.
    Endpoint CountSelect the maximum number of endpoints expected, including endpoints that connect to the Zone Server(s).
    Zone Server Endpoint CountSelect the number of endpoint connections to the Zone Server expected. This count is included in EndpointCount.
  5. Review the configuration and agreement and click Purchase.

    It takes approximately 20 minutes to build all of the component server instances. When the process is complete, the tanium.pub file is copied to your Azure transfer disk.

Install the Tanium license

Upload the tanium.license file to your provisioned cloud storage and copy it to the Blob called transfer.

A job has been set up on the Tanium Server to copy the uploaded license to the Tanium Server instance. When the job is completed, the license file is added to the /opt/Tanium/TaniumServer directory, and the Tanium Server is restarted to apply the license file.

What to do next

Verify the deployment.

Last updated: 12/21/2018 7:03 AM | Feedback