Tanium Containers requirements

Review the requirements before you install and use Tanium Containers.

Resource requirements

The resource requirements for the Tanium Client Container, whether it is operating in client mode or tools mode, are the same as the Tanium Client. See Tanium Client Management User Guide: Hardware requirements.

Third-party software

Tanium Containers supports the following container versions in on-premises and cloud environments.

Confirm that the Tanium Client Container is hosted on a private container registry to securely provide the Tanium Client Container image. Do not host the image on a public container registry.

Software	Requirement	Supported runtime environments
Kubernetes	1.15 or later	Use Linux-based worker nodes with the following operating systems (OSes): Bottlerocket CoreOS Ubuntu Any Linux OS supported by the Tanium Client. For more information, see Tanium Client Management User Guide: Client version and host system requirements. Use a private container registry or similar to provide the Tanium Client Container to the worker nodes. Use Containerd, cRIO, or Docker as the container runtime.
Red Hat OpenShift	3.x or later	Red Hat Enterprise Linux (RHEL) Red Hat Enterprise Linux CoreOS (RHCOS)

Host and network security requirements

Specific ports and processes are needed to run Tanium Containers.

Ports

The following ports are required for Tanium Containers communication.

Source	Destination	Port	Protocol	Purpose
Module Server	Module Server (loopback)	17527	TCP	Internal purposes; not externally accessible

Configure firewall policies to open ports for Tanium traffic with TCP-based rules instead of application identity-based rules. For example, on a Palo Alto Networks firewall, configure the rules with service objects or service groups instead of application objects or application groups.

For Tanium Cloud ports, see Tanium Cloud Deployment Guide: Host and network security requirements.