Tanium Containers requirements

Review the requirements before you install and use Tanium Containers.

Core platform dependencies

Make sure that your Tanium™ Core Platform servers are 7.4.1 or later. You need access to the tanium-init.dat.

Solution dependencies

Other Tanium solutions are required for Tanium Containers to function (required dependencies) or for specific Tanium Containers features to work (feature-specific dependencies).

Required dependencies

Tanium Containers has the following required dependencies at the specified minimum versions:

  • Tanium™ Interact 2.4.50 or later. Queries the Container sensors.

Feature-specific dependencies

Tanium Containers has the following feature-specific dependencies at the specified minimum versions:

  • Tanium™ Trends 3.6 or later. Used to view the Containers board.

Resource requirements

The resource requirements for the Tanium Client Container, whether it is operating in client mode or tools mode, are the same as the Tanium Client. See Tanium Client Management User Guide: Hardware requirements.

Third-party software

Tanium Containers supports the following container versions in on-premises and cloud environments.

Confirm that the Tanium Client Container is hosted on a private container registry to securely provide the Tanium Client Container image. Do not host the image on a public container registry.

Software Requirement Supported runtime environments
Kubernetes 1.15 or later
  • Use Linux-based worker nodes with the following operating systems (OSes):
  • Use a private container registry or similar to provide the Tanium Client Container to the worker nodes.
  • Use Containerd, cRIO, or Docker as the container runtime.
Red Hat OpenShift 3.x or later
  • Red Hat Enterprise Linux (RHEL)

  • Red Hat Enterprise Linux CoreOS (RHCOS)

Host and network security requirements

Specific ports and processes are needed to run Tanium Containers.

Ports

The following ports are required for Tanium Containers communication.

Source Destination Port Protocol Purpose
Module Server Module Server (loopback) 17527 TCP Internal purposes; not externally accessible

Configure firewall policies to open ports for Tanium traffic with TCP-based rules instead of application identity-based rules. For example, on a Palo Alto Networks firewall, configure the rules with service objects or service groups instead of application objects or application groups.

For Tanium Cloud ports, see Tanium Cloud Deployment Guide: Host and network security requirements.