Installing Deploy

Tanium as a Service automatically handles module installations and upgrades.

Use the Tanium Solutions page to install Deploy and choose either automatic or manual configuration:

  • Automatic configuration with default settings (Tanium Core Platform 7.4.2 or later only): Deploy is installed with any required dependencies and other selected products. After installation, the Tanium Server automatically configures the recommended default settings. This option is the best practice for most deployments. For more information about the automatic configuration for Deploy, see Import and configure Deploy with default settings.
  • Manual configuration with custom settings After installing Deploy, you must manually configure required settings. Select this option only if Deploy requires settings that differ from the recommended default settings. For more information, see Import and configure Deploy with custom settings.

Before you begin

Import and configure Deploy with default settings

When you import Deploy with automatic configuration, the following default settings are configured:

  • The Deploy service account is set to the account that you used to import the module.
  • Computer groups that Deploy requires are imported.
  • The Deploy action group is set to the All Computers computer group.
  • For action locked machines, only applicability scanning is enabled, so that deployments cannot run on action locked machines.
  • An Always On maintenance window is created, and enforced against the All Computers computer group.

To import Deploy and configure default settings, be sure to select the Apply Tanium recommended configurations check box while performing the steps in Tanium Console User Guide: Manage Tanium modules. After the import, verify that the correct version is installed: see Verify Deploy version.

Import and configure Deploy with custom settings

To import Deploy without automatically configuring default settings, be sure to clear the Apply Tanium recommended configurations check box while performing the steps in Tanium Console User Guide: Manage Tanium modules. After the import, verify that the correct version is installed: see Verify Deploy version.

Configure service account

The service account is a user that runs several background processes for Deploy. This user requires the Content Administrator, Deploy Service Account, and End-User Notifications Read Only User roles, or the Tanium Administrator role.

For more information about Deploy permissions, see User role requirements.

Organize computer groups

One way to deploy packages or bundles is by computer group. Create relevant computer groups to organize your endpoints. Some options include:

  • Endpoint type, such as servers or employee workstations
  • Endpoint location, such as by country or time zone
  • Endpoint priority, such as business-critical machines

For more information, see Tanium Core Platform User Guide: Managing computer groups.

Add computer groups to Deploy action group

Importing the Deploy module automatically creates an action group to target specific endpoints. Select the computer groups to include in the Deploy action group. By default, Deploy targets No Computers.

  1. From the Deploy Home page, in the Configure Deploy section, click Configure Action Group.

    If the Configure Deploy section is not visible on the Deploy Home page, click Manage Home Page, select Configure Deploy, and click Save.

  2. Select the computer groups that you want to include in the action group. If you select multiple computer groups, choose an operand (AND or OR) to combine the groups.
  3. (Optional) In the All machines currently included in this action group section, review the included endpoints.

    These results might take a few moments to populate.

  4. Click Save.

Initialize Deploy endpoints

Deploy installs a set of tools on each endpoint that you have targeted. Initializing the endpoints starts the Deploy service and starts the Deploy process on every endpoint where it is not running.

  1. From the Deploy Home page, click Help , and then click the Support tab if needed.
  2. Click Initialize Endpoints and confirm your action.

After deploying the tools for the first time, endpoints can take up to four hours to display status.

Install Tanium End-User Notifications

With the Tanium End-User Notifications solution, you can create a notification message with your deployment to Windows endpoints to notify the user that the system is about to begin a deployment, has completed a deployment, and if postponements are enabled, to give the user the option to postpone the deployment or restart now.

For more information, see Tanium End-User Notifications User Guide: End-User Notifications overview.

Upgrade Deploy

For the steps to upgrade Deploy, see Tanium Console User Guide: Manage Tanium modules. After the upgrade, verify that the correct version is installed: see Verify Deploy version.

Verify Deploy version

After you import or upgrade Deploy, verify that the correct version is installed:

  1. Refresh your browser.
  2. From the Main menu, go to Modules > Deploy to open the Deploy Overview page.
  3. To display version information, click Info Info.

What to do next

See Getting started for more information about using Deploy.