Tanium Containers requirements

Review the requirements before you install and use Tanium Containers.

Core platform dependencies

Make sure that your Tanium™ Core Platform servers are 7.4.1 or later. You need access to the tanium-init.dat.

Solution dependencies

Other Tanium solutions are required for Tanium Containers to function (required dependencies) or for specific Tanium Containers features to work (feature-specific dependencies).

Required dependencies

Tanium Containers has the following required dependencies at the specified minimum versions:

Tanium™ Interact 2.4.50 or later. Queries the Container sensors.

Feature-specific dependencies

Tanium Containers has the following feature-specific dependencies at the specified minimum versions:

Tanium™ Trends 3.6 or later. Used to view the Containers board.

Third-party software

Tanium Containers supports the following container versions in on-premises and cloud environments.

Confirm that the Tanium Client Container is hosted on a private container registry to securely provide the Tanium Client Container image. Do not host the image on a public container registry.

Software	Requirement	Supported runtime environments
Kubernetes	1.15 or later	Use Linux-based worker nodes with the following operating systems (OSes): Bottlerocket CoreOS Ubuntu Any Linux OS supported by the Tanium Client. For more information, see Tanium Client Management User Guide: Client version and host system requirements. Use a private container registry or similar to provide the Tanium Client Container to the worker nodes. Use Containerd, cRIO, or Docker as the container runtime.
Red Hat OpenShift	3.x or later	Red Hat Enterprise Linux (RHEL) Red Hat Enterprise Linux CoreOS (RHCOS)

Host and network security requirements

Specific ports and processes are needed to run Tanium Containers.

Ports

The following ports are required for Tanium Containers communication.

Source	Destination	Port	Protocol	Purpose
Module Server	Module Server (loopback)	17527	TCP	Internal purposes; not externally accessible

Configure firewall policies to open ports for Tanium traffic with TCP-based rules instead of application identity-based rules. For example, on a Palo Alto Networks firewall, configure the rules with service objects or service groups instead of application objects or application groups.

For Tanium Cloud ports, see Tanium Cloud Deployment Guide: Host and network security requirements.