Installing Direct Connect

Tanium as a Service automatically handles module installations and upgrades.

For information about configuring Direct Connect for Tanium as a Service (TaaS), see Configuring Direct Connect.

Use the Solutions page to install Direct Connect and choose either automatic or manual configuration:

  • Automatic configuration with default settings (Tanium Core Platform 7.4.2 or later only): Direct Connect is installed with any required dependencies and other selected products. After installation, the Tanium Server automatically configures the recommended default settings. This option is the best practice for most deployments. For details about the automatic configuration for Direct Connect, see Import Direct Connect with default settings.
  • Manual configuration with custom settings: After installing Direct Connect, you must manually configure required settings. Select this option only if Direct Connect requires settings that differ from the recommended default settings. For more information, see Import Direct Connect with custom settings.

Use the Automatic configuration with default settings option.

Before you begin

  • Read the Release Notes.
  • Review the Direct Connect requirements.
  • If you are upgrading from a previous version, see Upgrade Direct Connect.
  • Assign the correct roles to users for Direct Connect . Review the User role requirements.
    • To import the Direct Connect solution, you must be assigned the Administrator reserved role or a role that has the Import Signed Content permission.
    • To configure the Direct Connect action group, you must be assigned the Administrator reserved role, Content Administrator reserved role, or a role that has the Action Group write permission.
  • Determine if some endpoints connect to the Module Server through a Tanium™ Zone Server. To enable connections to endpoints through a Zone Server, you must configure a zone proxy after you import Direct Connect. For more information, see Configure zone proxies.

Import Direct Connect with default settings

(Tanium Core Platform 7.4.5 or later only) You can set the module action group to target the No Computers filter group by enabling restricted targeting before adding the module to your Tanium licenseimporting the module. This option enables you to control tools deployment through scheduled actions that are created during the import and that target the module action group. For example, you might want to test tools on a subset of endpoints before deploying the tools to all endpoints. In this case, you can manually deploy the tools to an action group that you configured to target only the subset. To configure an action group, see Tanium Console User Guide: Managing action groups. To enable or disable restricted targeting, see Tanium Console User Guide: Dependencies, default settings, and tools deployment.

When you import Direct Connect with automatic configuration, the following default settings are configured:

The following default setting is configured:

Setting Default Value
Action group
  • Restricted targeting disabled (default): All Computers computer group
  • Restricted targeting enabled: No Computers computer group
Service account

The service account is set to the account that you used to import the module.

Configuring a unique service account for each Tanium solution is an extra security measure to consider in consultation with the security team of your organization. See Configure service account.

Fully Qualified Domain Name for the module server

The Fully Qualified Domain Name setting in the Endpoint Connection settings is set to the first-detected IPv4 address that is closest to the Tanium Server IP address. (This is often the IP address of the module server.)

The IP address or FQDN that is specified for this setting must resolve to the Module Server from all endpoints in all direct endpoint connections. After the initial installation and configuration completes, you can verify this value on the Endpoint Connection tab in the Direct Connect settings and update it if needed.

To import Direct Connect and configure default settings, see Tanium Console User Guide: Import all modules and services. After the import, verify that the correct version is installed: see Verify Direct Connect version.

Import Direct Connect with custom settings

To import Direct Connect without automatically configuring default settings, be sure to clear the Apply All Tanium recommended configurations check box while performing the steps in Tanium Console User Guide: Import, re-import, or update specific solutions. After the import, verify that the correct version is installed: see Verify Direct Connect version.

To configure the service account, see Configure service account.

To configure the Direct Connect action group, see Configure the Direct Connect action group.

To configure Endpoint Connection settings, see Configure Endpoint Connection settings.

To configure connection certificates, see Configure certificates.

Manage dependencies for Tanium solutions

When you start the Direct Connect workbench for the first time, the Tanium console ensures that all of the required dependencies for Direct Connect are installed at the required version. You must install all required Tanium dependencies before the Direct Connect workbench can load. A banner appears if one or more Tanium dependencies are not installed in the environment. The Tanium Console lists the required Tanium dependencies and the required versions.

  1. From the Main menu, go to Administration > Configuration > Solutions.
  2. Select the required solutions, click Import Selected, and then click Begin Import. When the import is complete, you are returned to the Tanium Solutions page.
  3. From the Main menu, go to Administration > Shared Services > Direct Connect to open the Direct Connect Overview page after you import all of the required Tanium dependencies.

Upgrade Direct Connect

For the steps to upgrade Direct Connect, see Tanium Console User Guide: Import, re-import, or update specific solutions. After the upgrade, verify that the correct version is installed: see Verify Direct Connect version.

For the steps to upgrade a Direct Connect Zone Proxy, see Install or upgrade the Direct Connect Zone Proxy.

Verify Direct Connect version

After you import or upgrade Direct Connect , verify that the correct version is installed:

  1. Refresh your browser.
  2. From the Main menu, go to Administration > Shared Services > Direct Connect to open the Direct Connect Overview page.
  3. To display version information, click Info Info.