Deploying software

Use deployments to install, update, or uninstall software on a set of target computers. Deployments can run once or be ongoing to meet requirements such as:

  • Maintain operational hygiene and system baselines.
  • Manage systems which may be online for short periods.
  • Rerun packages which become applicable as system states change.

Deployments do not run outside of a maintenance window unless the Override maintenance window option is selected in the deployment options. You must create at least one maintenance window for other deployments to run. For more information about creating a maintenance window, see Managing maintenance windows.

Before you begin

Create a deployment template

You can create a deployment template to save settings for a deployment that you can issue repeatedly. You can either create a deployment template from the Deployment Templates menu item, or you can select an option when you create a deployment to save the options as a template.

  1. From the Deploy menu, go to Deployment Templates and then click Create Deployment Template.
  2. Specify a name and optionally a description for your deployment template.
  3. Select deployment options. These options are the same as the options you can configure in an individual deployment.
  4. For self service deployments that are set for the future, use the Make Available Before Start Time option.

  5. Click Create Deployment Template.

You can use this template when you create a deployment.

Set the default deployment template

The default deployment template is applied when you create deployments. Importing Deploy with automatic configuration creates three deployment templates and sets one of them as the default. You can change the default template or remove a template as the default.

  1. From the Deploy menu, go to Deployment Templates.
  2. Select a template and click Set as Default.
  3. To remove the default designation from a template, select the default template and click Remove as Default.

Delete a deployment template

  1. From the Deploy menu, go to Deployment Templates.
  2. Select one or more templates and click Delete.

You can also click the name of your deployment template and then click Delete .

Deploy a software package or bundle

  1. From the Deploy menu, go to Deployments and then click Create Deployment.

    You can also create a deployment from the Software page. Select a software package and click Deploy Package.

  2. Provide a name for the deployment and optionally provide a description.
  3. Do one of the following, as needed:
    • Select Software Package, select the package from the drop-down list, and then select the software package operation. You can filter packages by typing the platform, vendor name, or package title.
    • Select Software Bundle and then select the bundle from the drop-down list.

      A software bundle is platform-specific and each software package evaluates and installs independently, but is available only for the specified OS platform. If an individual package fails to install during a bundle deployment, you can decide if the bundle should continue and install the remaining packages, or you can choose to stop on failure and report the failure.

  4. Add targets.

    Select either or both of the following targeting methods and complete the fields as needed. If you select both targeting methods, then they are joined by an OR operator. If you use multiple targets, the deployment applies to endpoints that match any of the targets you specify.

    • Select Computer Groups provides a drop-down list of computer groups available to be managed in Deploy.
    • Set Targeting Criteria lets you add any Tanium question filter as a target. When you use this option, you must also select a limiting group from the Select Limiting Group drop-down list of computer groups. For example, to target endpoints in the 192.168.1.0/24 subnet, you can type Tanium Client IP Address starts with 192.168.1 in the Filter Bar or use the Filter Builder to select the Tanium Client IP Address sensor, and then apply the same filter. After that, set the All Windows 10 computer group as the limiting group to make the deployment apply to all Windows 10 endpoints with an IP address that starts with 192.168.1.

    • The Select Computer Groups and Set Targeting Criteria options are joined by an OR operator. If you use multiple targets, the deployment applies to endpoints that match any of the targets you specify. If you use Set Targeting Criteria, you must also specify a limiting group that limits all targets. For example, if you select All Laptops as the target computer group, the deployment goes to all laptops managed by Deploy. However, if you also add Tanium Client IP Address starts with 192.168.1 as the targeting criteria, and then select All Windows 10 as the limiting group, then the deployment goes to all Windows 10 devices that are either laptops or have an IP address starting with 192.168.1.

  5. Select deployment options.
    1. Choose whether you want to use an existing deployment template. To create a new deployment template based on this template, select Do not use existing template and then select Save Deployment Options as template. For more information, see Create a deployment template.
    2. Specify a deployment frequency. You can either do a single deployment with a specific start and end time, or an ongoing deployment that does not have an end time.
    3. Designate the deployment time. You can choose from the local time on the endpoint or UTC time.
    4. Select self service options.

      For self service deployments that are set for the future, use the Make Available Before Start Time option.

    5. If you want the endpoints to download the deployment content before the installation time, select the option for Download Immediately.

      Select this option for future deployments. Files for the package are downloaded immediately only if the package is applicable.

    6. (Windows and macOS endpoints) To enable pre-deployment end user notifications, select Notify User Before Running in the Pre-Notify User section. To minimize disruptions to end users, configure a notification for Update and Remove operations, as they could affect applications that are in use on an endpoint.
    7. To minimize concurrent CPU utilization and disk input/output, select Enabled for the Distribute Over Time option and indicate a time.
    8. If you want to ignore deployment restrictions, select Override maintenance windows.
    9. Select whether to restart the endpoint. To avoid suddenly restarting a macOS or Windows endpoint while an end user is working, configure a notification if the deployment requires a restart.
    10. (Windows and macOS endpoints) Select Notify User After Running in the Post-Notify User section to configure a post-deployment end user notification.

      Use a post-deployment notification if a deployment also uses a pre-deployment notification to inform users that an operation is complete.

  6. Click Show Preview to Continue and review the deployment.
  7. Click Deploy Software.

Configure end user notifications

(Windows and macOS endpoints) You can enable pre- and post-deployment notifications to warn end users about changes to endpoints. Pre-deployment notifications are especially important for Update and Remove operations, as they can affect applications that are in use on an endpoint. Post-deployment notifications are especially important for deployments that require restarts, as they can occur while end users are working on an endpoint.

Notification Options

  • Duration of Notification Period: Specify the amount of time before the notification must be accepted. The deadline is calculated by adding this value to the time the deployment completed for each endpoint.

  • Final Countdown to Deadline: Specify the amount of time for end users to accept the notification. The notification also shows a countdown until end users must accept. If end users dismiss the notification and a restart is required, the notification will reappear in the last minute of the final countdown to deadline before the computer restarts.

  • Allow User to Postpone: If you want to give the user an option to defer accepting the notification for a specified amount of time, select this option. A user cannot postpone beyond the deadline.

  • User Postponement Options: Specify the amount of time a user can postpone the notification. The total amount of time specified must be less than the Duration of Notification Period value. Note that this is only the amount of time to defer the notification from being displayed again; it does not affect when the countdown to deadline appears.

  • Show Countdown: Select this option to show the final countdown to deadline in the preview. You can use the slider to adjust the time remaining in the countdown.

Message Content

  • Specify the title and body of the notification message. Upload optional icon and body images for branding to avoid confusing users and to limit support calls. Optionally, enable additional languages and provide translated title and body text. By default, the notification displays content in the system language on the endpoints. If you enable additional languages, the user can select other languages to display.

    You can use ||OPERATION||, ||PACKAGENAME||, or ||DEPLOYMENTNAME|| as variables in the title or body. If you are deploying a software bundle, the bundle name is used for the ||PACKAGENAME|| variable.

Review deployment summary

You can get the deployment results by status, any error messages, and the deployment configuration details.

  1. From the Deploy menu, go to Deployments.
  2. Select either the Active or Inactive tab.
  3. Click the deployment name.
  4. Review the sections.
    • Deployment Details provides the deployment details, such as the package or bundle name, status, operation, OS platform, and execution information.
    • Targeting lists the targeted computer groups for the deployment.
    • Error Messages includes a brief description and the count of affected endpoints, which links to Interact if you want to drill down for more information about specific endpoints.
    • <Operation> Workflow and Notifications shows information about the deployment workflow and notifications.

Stop a deployment

You can stop a package or bundle deployment, but it does not remove packages that have already completed installation.

  1. From the Deploy menu, go to Deployments.
  2. On the Active tab, click the deployment name, and then click Stop.
  3. Go to the Inactive tab and click the deployment name to verify the status.

Reissue a deployment

You can restart a stopped deployment or reissue a one-time deployment. Reissuing a deployment creates a new deployment with the same configuration and targets.

  1. From the Deploy menu, go to Deployments.
  2. On the Inactive tab, click the deployment name, and then click Reissue.
  3. Make changes if necessary and then click Deploy Software.

Clone a deployment

You can clone an active deployment if you want to create a deployment that is similar to an existing deployment. When a deployment is cloned, the name is automatically prepended with Clone: and the targets are removed.

  1. From the Deploy menu, go to Deployments.
  2. On the Active tab, click the deployment name, and then click Clone.
  3. Make changes and then click Deploy Software.