Installing Direct Connect

You can install Direct Connect from the Tanium Solutions page.

Before you begin

Import Direct Connect

Import Direct Connect from the Tanium Solutions page.

  1. In the Tanium Content section, select the Direct Connect row and click Import Solution.
  2. In the Content Import Preview window, review the Tanium content that is being installed. Click Import.
  3. After the installation process completes, refresh your browser.
  4. From the Main menu, in the Tanium Services section, click Direct Connect . The Direct Connect Home page displays.

Verify installation

To verify that Direct Connect is installed, go to the Supported Solutions tab in the Tanium Content section of the Tanium Solutions page and check the Imported Version. To check the installed version from the Direct Connect Home page, click Info .

Set up Direct Connect

Configure the Direct Connect action group

The action group defines the set of endpoints to which you are deploying the Direct Connect packages. By default, the Computer Group Targets setting for the Direct Connect action group is set to No Computers. You can set the action group to All Computers or any computer groups that you have defined.

  1. From the Direct Connect Home page, in the Configuration section, click the Configure Action Group step and click Configure Action Group.
  2. Select the computer group for the group of endpoints that you want to use for Direct Connect . Click Save.

Configure the service account

The Direct Connect service account runs background processes for the Direct Connect service. The credentials that you provide must be reconfigured after each upgrade of Direct Connect . The Direct Connect service account should have the Direct Connect Cron Exec permission.

  1. From the Direct Connect Home page, in the Configuration section, click the Configure Service Account step and click Configure Service Account.
  2. Enter the Tanium credentials and click Save.
  3. You can also set or update the service account from the Direct Connect settings. Click Settings , and update the service account settings on the Service Account tab. Click Save.

Configure Endpoint Connection settings

Specify Endpoint Connection settings to define the domain name to use to connect to the Tanium Module Server, certificates to authenticate connections to the Tanium Module server and endpoints, and the port to use for connections.

  1. From the Direct Connect Home page, in the Configuration section, click the Configure Endpoint Connection step and click Configure Endpoint Connection.
  2. In the FQDN section, provide a domain name to use to connect to the Tanium Module server. The domain name that you provide must resolve to the Tanium Module Server from all endpoints in all direct endpoint connections. Direct Connect validates the name you provide to ensure the format. Verify the accuracy of the domain name you provide.
  3. The Port is set to 17475 by default and cannot be modified. Make sure that incoming connections to this port are allowed by applicable firewall configurations.
  4. In the Server Certificate section, the Install a new certificate option is selected by default and cannot be modified during the initial configuration. A certificate is generated and installed to authenticate the server when an endpoint starts a connection.

    After a certificate is installed on the server, the expiration date for the certificate displays. If a certificate is installed, you can select Install a new certificate to generate and install a new certificate.

  5. In the Client Certificate section, the Install a new certificate option is selected by default and cannot be modified during the initial configuration. A certificate is generated, installed, and deployed to endpoints to authenticate that the endpoint is a Tanium client with permission to connect to the server.

    After a certificate is installed, the expiration date for the certificate displays. If a certificate is installed, you can select Install a new certificate to generate and install a new certificate.

  6. Click Save.

If the Fully Qualified Domain Name validates successfully, success messages display:
The endpoint connection settings saved successfully.
Content build is in progress. Connection settings will deploy to endpoints once complete.

If an error occurs, correct the fully qualified domain name and save again. If the information validates and saves successfully, packages for each supported operating system are created with the configuration information that is needed to use Direct Connect. These packages are distributed using a scheduled action to the Tanium Direct Connect action group.

Configure Zone Proxies

You can optionally configure a zone proxy to enable connections to endpoints through a Taniumâ„¢ Zone Server. This configuration is required to use Direct Connect with endpoints that connect to the Module Server through a Zone Server.

Figure  1:  Zone Proxy Server Overview

For best results, do not use a load balancer in front of your zone server. If you must use a load balancer, it must be configured for persistent TCP connections and the port that you configure in the Direct Connect Zone Proxy for the Endpoint Inbound Port must be open on the load balancer. By default, this port is 17486.

Before you begin

Work with your TAM to obtain the Direct Connect Zone Proxy Installer file for your Zone Server operating system.

Install and configure the Direct Connect Zone Proxy

  1. Copy the Direct Connect Zone Proxy Installer to the Zone Server.
  2. Run the Direct Connect Zone Proxy Installer on the Zone Server to install the Direct Connect Zone Proxy.

    During the installation process, the Provision Secret and Certificate, referred to as the Provision Payload, display in the console where you run the install file. You must copy these and save them to use during the subsequent configuration steps. This information cannot be retrieved later if you do not save it during the installation.

    After the installation completes and you save the provisioning payload (provision secret and certificate), return to Direct Connect.

  3. From the Direct Connect Home page, click Settings .
  4. Click the Zone Proxies tab and click Add Zone Proxy.
  5. Specify the Zone Proxy Name.
  6. Paste the Provision Secret and Certificate that you saved during the installation into the Provision Payload field.
  7. Configure the Endpoint Connection to the Zone Server:

    1. Specify the Endpoint Target Hostname.

      This value is the hostname, fully qualified domain name, or IP address that is used by endpoints to connect to the zone server.

    2. Specify the Endpoint Inbound IP Address.

      This value is the binding IP address that is used by the Zone Server for endpoint connections.

    3. Specify the Endpoint Inbound Port.

      This value is the binding port that is used by the Zone Server for endpoint connections. The default value is 17486.

  8. Configure the Tanium Module Server Connection to the Zone Server:

    1. Specify the Module Server Target Hostname.

      This value is the hostname, fully qualified domain name, or IP address that is used by the Module Server to connect to the Zone Server.

    2. Specify the Module Server Inbound IP Address.

      This value is the binding port that is used by the zone server for module server connections.

      In most environments, this value is not the same as the IP address of the Module Server.

    3. Specify the Module Server Inbound Port.

      This value is the binding IP address that is used by the zone server for module server connections. The default value is 17487.

  9. Click Save.

The status of the Zone Proxy displays in the Status column. When the configuration is complete, the status is Connected.

Due to the provisioning process, you cannot modify existing Zone Proxy configurations. If needed, you can delete the configuration and recreate it with different values. To delete a configuration, hover over the configuration and click Delete.

Upgrade Direct Connect

Upgrade Direct Connect to the latest version from the Tanium Solutions page.

  1. From the Main menu, click Tanium Solutions.
  2. Locate Direct Connect and click Upgrade to X.X.X.XX.
  3. Click OK.
    The Import Solution window opens with a list of all the changes and import options.
  4. Click Proceed with Import and enter your password.
    The installation and configuration process begins.
  5. To confirm the upgrade, return to the Tanium Solutions page and check the Installed: X.X.X.XX version for Direct Connect .

If the Direct Connect version is not updated, refresh your browser window.

What to do next

See Getting started for more information about using Direct Connect .

Last updated: 11/19/2019 7:37 PM | Feedback