Deploying Tanium Infrastructure
Follow these steps to deploy Tanium IaaS to a Microsoft Azure virtual private cloud (VPC).
The deployment workflow assumes you have already designed your VPC network and configured the following Microsoft Azure objects, which you select when you set up the Tanium component server stack:
- A Microsoft Azure subscription. Ensure that Azure DB for PostgreSQL is enabled for the Azure subscription.
- Admin Public Key: The public key to use when logging in from a management computer via SSH.
- Azure virtual networks for each of host server in a joint resource group dedicated to this deployment. Joining them into one dedicated resource group makes later cleanup easier (if necessary).
- For builds with a remote Azure DB for PostgreSQL Server, you must enable the resource provider and enable service endpoints on the target virtual network. See Microsoft Azure: Virtual Network Service Endpoints.
- Go to https://content.tanium.com/files/cloud/index.html.
- Accept the license.
- Browse to the template that you want to use and click the icon to launch the link.
- Complete the configuration as described in the following table.
Settings Guidelines Subscription Select the Azure subscription for the resources used by this deployment. Resource group Select a resource group that is dedicated for the Tanium deployment. If the dedicated resource group has not already been created, click Create new and create it. Location Select a regional location. Tanium Server1Name Optional. Change the prepopulated name for the server instance. TanimServer2Name Optional. Change the prepopulated name for the server instance. Tanium Module Server Name Optional. Change the prepopulated name for the server instance. Tanium Zone Server1Name Optional. Change the prepopulated name for the server instance. Tanium Zone Server2Name Optional. Change the prepopulated name for the server instance. Admin Username Specify a username for an account to be given sudo privileges on all provisioned server instances. Admin Public Key Select the name of the SSH public key for the admin user specified above. The SSH key pair is used to secure SSH connections to the Tanium component server instances. Virtual Network Name Specify the name of the Azure virtual network you set up for the Tanium deployment. Virtual Network Resource Group Specify the name of the Azure virtual network resource group that is dedicated for the Tanium deployment. Virtual Network Subnet_Tanium Server Specify the name of the virtual network subnet to which to deploy the Tanium Server. Virtual Network Subnet_Tanium Module Server Specify the name of the virtual network subnet to which to deploy the Tanium Module Server. Virtual Network Subnet_Tanium Zone Server Specify the name of the virtual network subnet to which to deploy the Tanium Zone Server. Binary URI URI to the Tanium component server binary files. The URI is a temporary link provided to you by your TAM. Tanium User Password Password for the initial Tanium Console user. It must be at least 8 characters and a maximum of 128 characters. Endpoint Count Select the maximum number of endpoints expected, including endpoints that connect to the Zone Server(s). Zone Server Endpoint Count Select the number of endpoint connections to the Zone Server expected. This count is included in EndpointCount.
- Review the configuration and agreement and click Purchase.
A job has been set up on the Tanium Server to copy the uploaded license to the Tanium Server instance. When the job is completed, the license file is added to the /opt/Tanium/TaniumServer directory, and the Tanium Server is restarted to apply the license file.
Last updated: 12/21/2018 7:03 AM | Feedback