Deploying software

Use deployments to install, update, or uninstall software on a set of target computers. Deployments can run once or be ongoing to meet requirements such as:

  • Maintain operational hygiene and system baselines.
  • Manage systems which may be online for short periods.
  • Rerun packages which become applicable as system states change.

Deployments do not run outside of a maintenance window unless the Override maintenance window option is selected in the deployment options. You must create at least one maintenance window for other deployments to run. For more information about creating a maintenance window, see Managing maintenance windows.

Before you begin

Create a deployment template

You can create a deployment template to save settings for a deployment that you can issue repeatedly. You can either create a deployment template from the Deployment Templates menu item, or you can select an option when you create a deployment to save the options as a template.

  1. From the Deploy menu, go to Deployment Templates and then click Create Deployment Template.
  2. Specify a name and optionally a description for your deployment template.
  3. Select deployment options. These options are the same as the options you can configure in an individual deployment. For more information, see Deploy a software package or bundle.
  4. For self service deployments that are set for the future, use the Make Available Before Start Time option.

  5. Click Create Deployment Template.

You can use this template when you create a deployment.

Set the default deployment template

The default deployment template is applied when you create deployments. Importing Deploy with automatic configuration creates three deployment templates and sets one of them as the default. You can change the default template or remove a template as the default.

  1. From the Deploy menu, go to Deployment Templates.
  2. Select a template and click Set as Default.
  3. To remove the default designation from a template, select the default template and click Remove as Default.

Delete a deployment template

  1. From the Deploy menu, go to Deployment Templates.
  2. Select one or more templates and click Delete Deployment Templates.

You can also click the name of your deployment template and then click Delete .

Deploy a software package or bundle

  1. From the Deploy menu, go to Deployments and then click Create Deployment.

    You can also create a deployment from the Software page. Select a software package and click Deploy Package.

  2. Provide a name for the deployment and optionally provide a description.
  3. Do one of the following, as needed:
    • Select Software Package, select the package from the drop-down list, and then select the software package operation. You can filter packages by typing the platform, vendor name, or package title.
    • Select Software Bundle and then select the bundle from the drop-down list.

      A software bundle is platform-specific and each software package evaluates and installs independently, but is available only for the specified OS platform. If an individual package fails to install during a bundle deployment, you can decide if the bundle should continue and install the remaining packages, or you can choose to stop on failure and report the failure.

  4. Add targets.

    Select either or both of the following targeting methods and complete the fields as needed. If you select both targeting methods, then they are joined by an OR operator. If you use multiple targets, the deployment applies to endpoints that match any of the targets you specify.

    • Select Computer Groups provides a drop-down list of computer groups available to be managed in Deploy.
    • Set Targeting Criteria lets you add any Tanium question filter as a target. When you use this option, you must also select a limiting group from the Select Limiting Group drop-down list of computer groups. For example, to target endpoints in the subnet, you can type Tanium Client IP Address starts with 192.168.1 in the Filter Bar or use the Filter Builder to select the Tanium Client IP Address sensor, and then apply the same filter. After that, set the All Windows 10 computer group as the limiting group to make the deployment apply to all Windows 10 endpoints with an IP address that starts with 192.168.1.

    • The Select Computer Groups and Set Targeting Criteria options are joined by an OR operator. If you use multiple targets, the deployment applies to endpoints that match any of the targets you specify. If you use Set Targeting Criteria, you must also specify a limiting group that limits all targets. For example, if you select All Laptops as the target computer group, the deployment goes to all laptops managed by Deploy. However, if you also add Tanium Client IP Address starts with 192.168.1 as the targeting criteria, and then select All Windows 10 as the limiting group, then the deployment goes to all Windows 10 devices that are either laptops or have an IP address starting with 192.168.1.

  5. Select deployment options.
    1. Choose whether you want to use an existing deployment template. To create a new deployment template based on this template, select Do not use existing template and then select Save Deployment Options as template. For more information, see Create a deployment template.
    2. Specify a deployment frequency. You can either do a single deployment with a specific start and end time, or an ongoing deployment that does not have an end time.

      After a software package operation starts, it continues even if you stop the deployment, the deployment ends, or the maintenance window closes.

      After the deployment ends or the maintenance window closes, restarts do not occur, End-User Notification messages do not appear, and remaining steps in a software bundle (if applicable) do not run.

    3. Designate the deployment time. You can choose from the local time on the endpoint or UTC time.
    4. Select self service options.

      For self service deployments that are set for the future, use the Make Available Before Start Time option.

    5. To prepare the endpoints for future deployments by downloading the deployment content before the installation time, select the option for Download Immediately.
      • For a software package deployment, files for the package are downloaded immediately only if the software package is applicable.
      • For a software bundle deployment, all software package files in the bundle are downloaded immediately, even if the software packages are not applicable. Only select this option for large software bundle deployments if all software packages are applicable on all targeted endpoints.
    6. (Windows and macOS endpoints) To enable pre-deployment end user notifications, select Notify User Before Running in the Pre-Notify User section. To minimize disruptions to end users, configure a notification for Update and Remove operations, as they could affect applications that are in use on an endpoint.
    7. To protect shared compute resources in a virtual environment, select Enabled for the Distribute Over Time option and indicate an amount of time. The value you indicate for Distribute Over Time must be less than the deployment duration.

      Distribute Over Time randomizes the deployment start time on each endpoint by an amount of time up to the value configured. This option reduces concurrent consumption of shared compute resources in a virtual environment.

      Specify a Distribute Over Time value that is at least two hours less than the length of the deployment window and any maintenance windows. If the value exceeds deployment and maintenance windows, some endpoints will not be able to run the deployment or will run a software package operation outside of the maintenance window.

    8. If you want to ignore deployment restrictions, select Override maintenance windows.
    9. (Windows and macOS endpoints) Select whether to restart the endpoint. To avoid suddenly restarting a endpoint while an end user is working, configure a notification if the deployment requires a restart.
    10. (Windows and macOS endpoints) Select Notify User After Running in the Post-Notify User section to configure a post-deployment end user notification.

      Use a post-deployment notification if a deployment also uses a pre-deployment notification to inform users that an operation is complete.

  6. Click Show Preview to Continue and review the deployment.
  7. Click Deploy Software.

Configure end user notifications

(Windows and macOS endpoints) You can enable pre- and post-deployment notifications to warn end users about changes to endpoints. Pre-deployment notifications are especially important for Update and Remove operations because they can affect applications that are in use on an endpoint. Post-deployment notifications are especially important for deployments that require restarts because they can occur while end users are working on an endpoint.

Notification Options

  • Duration of Notification Period: Specify the amount of time before the notification must be accepted. The deadline is calculated by adding this value to the time the deployment completed for each endpoint.

  • Allow User to Postpone: If you want to give the user an option to defer accepting the notification for a specified amount of time, select this option. A user cannot postpone beyond the deadline.

  • User Postponement Options: Specify the amount of time a user can postpone the notification. The total amount of time specified must be less than the Duration of Notification Period value. Note that this is only the amount of time to defer the notification from being displayed again; it does not affect when the countdown to deadline appears.

  • Final Countdown to Deadline: Specify the amount of time for end users to accept the notification. The notification also shows a countdown until end users must accept. If end users dismiss the notification and a restart is required, the notification will reappear in the last minute of the final countdown to deadline before the computer restarts.

Message Content

  • Specify the title and body of the notification message. Upload optional icon and body images for branding to avoid confusing users and to limit support calls. Optionally, enable additional languages and provide translated title and body text. By default, the notification displays content in the system language on the endpoints. If you enable additional languages, the user can select other languages to display.

    You can use ||OPERATION||, ||PACKAGENAME||, or ||DEPLOYMENTNAME|| as variables in the title or body. If you are deploying a software bundle, the bundle name is used for the ||PACKAGENAME|| variable.

If your deployment is configured for a pre-notification, but the endpoint does not have the End-User Notifications tools installed, the deployment fails and triggers the following error: EunIncompatible: EUN is not installed or the version installed is too old. For more information about installing End-User Notifications tools on endpoints, see Tanium End-User Notifications User Guide: Configuring End-User Notifications.

Review deployment summary

You can get the deployment results by status, any error messages, and the deployment configuration details.

  1. From the Deploy menu, go to Deployments.
  2. Select the Active, Inactive, or Self Service tab.

    A software package or bundle appears in the Self Service tab after it is included in a self service profile and applicability counts appear after a user installs, updates, or removes the item in the End-User Self Service Client application.

  3. Click the deployment name. The Status section shows the status and substatus, links to deployment results, OS, online endpoints, information about the last time the status or initialization was updated, and any error messages.
  4. In the Deployment Details area, expand the section you want to see, or click Expand All to expand all sections.
    • Content to deploy provides all the configuration information, including installation details, execution information, installation workflow and notifications, patch lists, and patches.
    • Endpoints to target lists the targeted endpoints for the deployment.
    • Deployment type and schedule shows the deployment frequency, time zone, and schedule.
    • User notifications has the information about any end user notifications associated with the deployment.

Stop a deployment

You can stop a package or bundle deployment, but it does not remove packages that have already completed installation.

  1. From the Deploy menu, go to Deployments.
  2. On the Active tab, click the deployment name, and then click Stop.
  3. Go to the Inactive tab and click the deployment name to verify the status.

Reissue a deployment

You can restart a stopped deployment or reissue a one-time deployment. Reissuing a deployment creates a new deployment with the same configuration and targets.

  1. From the Deploy menu, go to Deployments.
  2. On the Inactive tab, click the deployment name, and then click Reissue.
  3. Make changes if necessary and then click Deploy.

Clone a deployment

You can clone an active deployment if you want to create a deployment that is similar to an existing deployment. When a deployment is cloned, the name is automatically prepended with Clone: and the targets are removed.

  1. From the Deploy menu, go to Deployments.
  2. On the Active tab, click the deployment name, and then click Clone.
  3. Make changes and then click Deploy.