Requirements

Review the requirements before you install and use Deploy.

Tanium dependencies

In addition to a license for the Deploy product module, make sure that your environment also meets the following requirements.

Component Requirement
Platform 7.0.314.6319 or later.

Enhanced functionality is available with version 7.0.314.6573 and later. Installing Taniumâ„¢ Interact is also suggested.

For role-based access control (RBAC), you must have Tanium Platform 7.1.314.3214 or later.

7.2.314.3019 or later.

Tanium Client

6.0.314.1540 or later (Windows 7 Service Pack 1 or later, and Windows Server 2008 or later).

7.2.314.2962 or later (Windows 7 Service Pack 1 or later, and Windows Server 2008 or later).

Tanium End-User Notifications 1.4.0.0003 or later.

Tanium Server and Module Server

Deploy is installed and runs as a service on the Module Server host computer. The impact on the Module Server is minimal and depends on usage.

The Deploy service on the Module Server requires access to the websites to download binaries for the packages gallery templates.

Software Package Domain Port
7-zip 7-zip.org 443
Adobe AIR download.macromedia.com 80
Adobe Flash Player fpdownload.macromedia.com 443
Dropbox clientupdates.dropboxstatic.com 443
Google Chrome Enterprise dl.google.com 80
Mozilla Firefox releases.mozilla.org 80
Notepad++ notepad-plus-plus.org 443
Wireshark 1.na.dl.wireshark.org 443
Zoom d11yldzmag5yn.cloudfront.net 443

For more information about Tanium Server and Module Server sizing guidelines, see Tanium Core Platform Installation Guide: Host system sizing guidelines.

Endpoints

Contact your Technical Account Manager (TAM) for customized tuning to your environment. For more information, see Tanium Platform User Guide: Managing Global Settings.

System environment variables

The use of environment variables when you refer to file paths in Deploy is recommended over the use of explicit file paths. This method provides independence from differing paths based on operating system language or architecture, and allows the construction of a dynamic path at the time of execution.

Process Architecture System Environment Variable Path
32-bit process on 32-bit Windows %PROGRAMFILES% C:\Program Files
%COMMONPROGRAMFILES% C:\Program Files\Common Files
32-bit process on 64-bit Windows %PROGRAMFILES% C:\Program Files (x86)
%PROGRAMFILESX86% C:\Program Files (x86)
%COMMONPROGRAMFILES% C:\Program Files (x86)\Common Files
%COMMONPROGRAMFILES(X86)% C:\Program Files (x86)\Common Files
%COMMONPROGRAMW6432% C:\Program Files\Common Files
%PROGRAMW6432% C:\Program Files

Additional environment variables that are available to the System account, such as %SystemDrive%, %SystemRoot%, %WinDir%, are also supported.

Host and network security requirements

Specific processes and URLs are needed to run Deploy.

Security exclusions

If security software is in use in the environment to monitor and block unknown host system processes, your security administrator must create exclusions to allow the Tanium processes to run without interference.

Target device Process
Module Server node.exe

or

"<Tanium Module Server>\services\deploy-service\node.exe" service.js

Endpoint computers

<Tanium>\Tanium End User Notification Tools\bin\client-ui.exe

<Tanium Client>\Python27\TPython.exe

<Tanium Client>\Tools\Deploy\py\deploy\tools\active-user-sessions.exe

Exclude the following directories from on-access or real-time scans:

  • <Tanium>\Tanium End User Notification Tools
  • <Tanium Client>

User role requirements

Tanium 7.0

The following user roles are supported in Deploy:

Administrator

Can install Deploy; can create, modify, or delete packages and bundles; can create, modify, delete, or run deployments

Content Administrator

Can create, modify, or delete packages and bundles; can create, modify, delete, or run deployments

Tanium 7.1 or later

For Tanium Platform version 7.1.314.3214 or later, Deploy uses RBAC permissions that control access to the Deploy workbench. The three predefined roles are Deploy Admin, Deploy User, and Deploy Read Only User.

Table 1:   Deploy user role privileges for Tanium 7.1.314.3214 or later
Privilege Deploy Administrator Deploy User Deploy Read Only User

Show Deploy

View the Deploy workbench


1

1

1

Deploy Use Api

Perform Deploy operations using the API


1

1

1

Deploy Module Read

Read access to the Deploy module





Deploy Module Write

Write access to the Deploy module





Deploy Settings Write

Write access to global settings in the Deploy module




1 Denotes a provided permission.

 

Table 2:   Provided Deploy Micro Admin and Advanced user role permissions for Tanium 7.1.314.3214 or later
Permission Role Type Content Set for Permission Deploy Administrator Deploy User Deploy Read Only User
Read User Group Micro Admin  
Read Computer Group Micro Admin  
Ask Dynamic Questions Advanced  
Read Sensor Advanced Reserved
Read Sensor Advanced Default
Read Sensor Advanced Base
Read Sensor Advanced Deploy Content Set
Read Action Advanced Deploy Content Set
Read Action1 Advanced End-User Notifications
Write Action Advanced Deploy Content Set
Write Action1 Advanced End-User Notifications
Approve Action Advanced Deploy Content Set
Execute Plugin Advanced Deploy Content Set
Read Package Advanced Deploy Content Set
Read Package1 Advanced End-User Notifications
Write Package Advanced Deploy Content Set
Read Saved Question Advanced Deploy Content Set
Read Saved Question1 Advanced End-User Notifications
Write Saved Question Advanced Deploy Content Set
Write Saved Question1 Advanced End-User Notifications

1 Denotes a provided permission when the Tanium End-User Notifications 1.4.0.003 solution is installed.

For more information and descriptions of content sets and permissions, see the Tanium Core Platform User Guide: Users and user groups.

Last updated: 11/13/2018 3:10 PM | Feedback