Installing Direct Connect

Tanium Cloud automatically handles module installations and upgrades.

For information about configuring Direct Connect for Tanium™ Cloud, see Configuring Direct Connect.

Use the Solutions page to install Direct Connect and choose either automatic or manual configuration:

Automatic configuration with default settings (Tanium Core Platform 7.4.2 or later only): Direct Connect is installed with any required dependencies and other selected products. After installation, the Tanium Server automatically configures the recommended default settings. This option is the best practice for most deployments. For details about the automatic configuration for Direct Connect, see Import Direct Connect with default settings.
Manual configuration with custom settings: After installing Direct Connect, you must manually configure required settings. Select this option only if Direct Connect requires settings that differ from the recommended default settings. For more information, see Import Direct Connect with custom settings.

Use the Automatic configuration with default settings option.

Before you begin

Read the Release Notes.
Review the Direct Connect requirements.
If you are upgrading from a previous version, see Upgrade Direct Connect.
Assign the correct roles to users for Direct Connect . Review the User role requirements.
- To import the Direct Connect solution, you must be assigned the Administrator reserved role.
- To configure the Direct Connect action group, you must be assigned the Administrator reserved role, Content Administrator reserved role, or a role that has the Action Group write permission.
Determine if some endpoints connect to the Module Server through a Tanium™ Zone Server. To enable connections to endpoints through a Zone Server, you must configure a zone proxy after you import Direct Connect. For more information, see Configure zone proxies.

Import Direct Connect with default settings

(Tanium Core Platform 7.4.5 or later only) You can set the Direct Connect action group to target the No Computers filter group by enabling restricted targeting before adding Direct Connect to your Tanium licenseimporting Direct Connect . This option enables you to control tools deployment through scheduled actions that are created during the import and that target the Tanium Direct Connect action group. For example, you might want to test tools on a subset of endpoints before deploying the tools to all endpoints. In this case, you can manually deploy the tools to an action group that you configured to target only the subset. To configure an action group, see Tanium Console User Guide: Managing action groups. To enable or disable restricted targeting, see Tanium Console User Guide: Dependencies, default settings, and tools deployment.

When you import Direct Connect with automatic configuration, the following default settings are configured:

The following default setting is configured:

Setting	Default Value
Action group	Restricted targeting disabled (default): All Computers computer group Restricted targeting enabled: No Computers computer group
Fully Qualified Domain Name for the module server	The Fully Qualified Domain Name setting in the Endpoint Connection settings is set to the first-detected IPv4 address that is closest to the Tanium Server IP address. (This is often the IP address of the module server.) The IP address or FQDN that is specified for this setting must resolve to the Module Server from all endpoints in all direct endpoint connections. After the initial installation and configuration completes, you can verify this value on the Endpoint Connection tab in the Direct Connect settings and update it if needed.

Setting

Default Value

Action group

Restricted targeting disabled (default): All Computers computer group
Restricted targeting enabled: No Computers computer group

Fully Qualified Domain Name for the module server

The Fully Qualified Domain Name setting in the Endpoint Connection settings is set to the first-detected IPv4 address that is closest to the Tanium Server IP address. (This is often the IP address of the module server.)

The IP address or FQDN that is specified for this setting must resolve to the Module Server from all endpoints in all direct endpoint connections. After the initial installation and configuration completes, you can verify this value on the Endpoint Connection tab in the Direct Connect settings and update it if needed.

To import Direct Connect and configure default settings, see Tanium Console User Guide: Import all modules and services. After the import, verify that the correct version is installed: see Verify Direct Connect version.

Import Direct Connect with custom settings

To import Direct Connect without automatically configuring default settings, be sure to clear the Apply All Tanium recommended configurations check box while performing the steps in Tanium Console User Guide: Import, re-import, or update specific solutions. After the import, verify that the correct version is installed: see Verify Direct Connect version.

To configure the Direct Connect action group, see (Optional) Configure the Direct Connect action group.

To configure Endpoint Connection settings, see Configure Endpoint Connection settings.

To configure connection certificates, see Configure certificates.

Manage solution dependencies

When you start the Direct Connect workbench for the first time, the Tanium Server checks whether all the Tanium modules and shared services (solutions) that are required for Direct Connect are installed at the required versions. The Direct Connect workbench cannot load unless all required dependencies are installed. If you selected Tanium Recommended Installation when you imported Direct Connect , the Tanium Server automatically imported all your licensed solutions at the same time. Otherwise, if you manually imported Direct Connect and did not import all its dependencies, the Tanium Console displays a banner that lists the dependencies and the required versions. See Solution dependencies.

Install the dependencies as described in Tanium Console User Guide: Import, re-import, or update specific solutions.
From the Main menu, go to Administration > Shared Services > Direct Connect to open the Direct Connect Overview page and verify that the Console no longer displays a banner to list missing dependencies.

Upgrade Direct Connect

For the steps to upgrade Direct Connect, see Tanium Console User Guide: Import, re-import, or update specific solutions. After the upgrade, verify that the correct version is installed: see Verify Direct Connect version.

In Direct Connect 2.5, the steps required to configure the service account are no longer necessary due to the adoption of the System User Service, which performs these tasks automatically.

For the steps to upgrade a Direct Connect Zone Proxy, see Install or upgrade the Direct Connect Zone Proxy.

Verify Direct Connect version

After you import or upgrade Direct Connect , verify that the correct version is installed:

Refresh your browser.
From the Main menu, go to Administration > Shared Services > Direct Connect .
To display version information, click Info .