Performance requirements

Review the requirements before you install and use Performance.

Core platform dependencies

Make sure that your environment meets the following requirements:

Tanium license that includes Performance
- (Optional) To access performance scores in Performance, your Tanium license must include Tanium™ Engage.
Tanium™ Core Platform servers: 7.5.4.1158 or later
Tanium™ Client: Any supported version of Tanium Client. For the Tanium Client versions supported for each OS, see Tanium Client Management User Guide: Client version and host system requirements.
If you use a client version that is not listed, certain product features might not be available, or stability issues can occur that can only be resolved by upgrading to one of the listed client versions.
For supported endpoint operating systems, see Endpoints.

Computer group dependencies

When you first sign in to the Tanium Console after a fresh installation of Tanium Server 7.4.2 or later, the server automatically imports the All Computers computers group, which Performance requires. Tanium Cloud automatically imports the computer groups that Performance requires:

All Windows
All Linux
All Mac

For earlier versions of the Tanium Server, or after upgrading from an earlier version, you must manually create the computer groups. See Tanium Console User Guide: Create a computer group.

Solution dependencies

Other Tanium solutions are required for Performance to function (required dependencies) or for specific Performance features to work (feature-specific dependencies). The installation method that you select determines if the Tanium Server automatically imports dependencies or if you must manually import them.

Some Performance dependencies have their own dependencies, which you can see by clicking the links in the lists of Required dependencies and Feature-specific dependencies. Note that the links open the user guides for the latest version of each solution, not necessarily the minimum version that Performance requires.

Tanium recommended installation

If you select Tanium Recommended Installation when you import Performance, the Tanium Server automatically imports all your licensed solutions at the same time. See Tanium Console User Guide: Import all modules and services.

Import specific solutions

If you select only Performance to import and are using Tanium Core Platform 7.5.2.3531 with Tanium Console 3.0.72 or later, the Tanium Server automatically imports the latest available versions of any required dependencies that are missing. If some required dependencies are already imported but their versions are earlier than the minimum required for Performance, the server automatically updates those dependencies to the latest available versions.

If you select only Performance to import and you are using Tanium Core Platform 7.5.2.3503 or earlier with Tanium Console 3.0.64 or earlier, you must manually import or update required dependencies. See Tanium Console User Guide: Import, re-import, or update specific solutions.

Required dependencies

Performance has the following required dependencies at the specified minimum versions:

Tanium™ Console 3.4.53 or later
Tanium™ Core Content 1.1.1 or later
- Core Content 1.8.5 or later requires Tanium™ Client Management. See Tanium Client Management dependencies.
Tanium™ Criticality 1.1.58 or later
Tanium™ Direct Connect 2.1.0 or later is required for live endpoint connections
Tanium™ Endpoint Configuration 1.2 or later (installed as part of Tanium Tanium Client Management 1.5 or later)
Tanium™ Interact 2.14.96 or later
Tanium™ RDB Service 1.2.66 or later
Tanium™ Reporting 1.13.80 or later
Tanium™ System User Service 1.0.77 or later
Tanium™ Trends 3.6 or later

Feature-specific dependencies

If you select only Performance to import, you must manually import or update its feature-specific dependencies regardless of the Tanium Console or Tanium Core Platform versions. Performance has no feature-specific dependencies. However, if you are using any of the following Tanium solutions that use the Tanium Client Recorder Extension, you must use the specified minimum versions:

Tanium™ Integrity Monitor 1.7.0.0035 or later
Tanium™ Map 1.1.1.0006 or later
Tanium™ Threat Response 1.2.0.0037 or later
Tanium™ Trace 2.9.0.0035 or later

Client extensions

Tanium Endpoint Configuration installs client extensions for Performance on Windows and Linux endpoints. Client Extensions perform tasks that are common to certain Tanium solutions. The Tanium Client uses code signatures to verify the integrity of each client extension prior to loading the extension on the endpoint. Each client extension has recommended security exclusions to allow the Tanium processes to run without interference. See Security exclusions for more information. The following client extensions perform Performance functions:

Config CX - Provides installation and configuration of extensions on endpoints. Tanium Client Management installs this client extension.
Core CX - Provides a management framework API for all other client extensions and exposes operating system metrics. Tanium Client Management installs this client extension.
DEC CX - Provides a direct connection between endpoint and Module ServerTanium Cloud. Tanium Direct Connect installs this client extension.
Performance CX - Provides Performance functions on the endpoint. Tanium Performance installs this client extension.

Endpoints

Supported operating systems

The following endpoint operating systems are supported with Performance.

Operating System	Version	Notes
Windows	Windows 7 (SP1) and later Windows Server 2008 R2 (SP1) and later	Windows 7 SP1 requires Microsoft KB2758857. Windows Server 2008 R2 SP1 requires Microsoft KB2758857. If you are using Tanium Client Management 1.7.165 or earlier, a page file is required for metric collection.
macOS	Same as Tanium Client support
Linux	Red Hat Enterprise Linux (RHEL) 6.x, 7.x, 8.x, 9.x CentOS 6.x, 7.x, 8.x Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS Amazon Linux 2 LTS AlmaLinux 8.x Rocky Linux 8.x	Only POSIX-compliant file systems are supported.

Support for specific metrics varies by operating system. For more information, see Reference: Event Rules.

Disk space requirements

Performance requires 100 MB plus the amount specified in the Database Maximum Size parameter (1 GB by default).

The Performance database collects approximately 45 MB per day for busy servers and 25-35 MB per day for workstations.

Processor and memory requirements

Same as the Tanium Client. For detailed requirements, see Tanium Client Management User Guide: Client version and host system requirements.

Host and network security requirements

Specific ports and processes are needed to run Performance.

Ports

The following ports are required for Performance communication.

Source	Destination	Port	Protocol	Purpose
Tanium Client (internal)	Module Server	17475	TCP	Used by the Module Server for endpoint connections to internal clients.
Tanium Client (external)	Zone Server¹ Tanium Cloud	17486	TCP	Used by the Zone Server for endpoint connections to external clients. The default port number is 17486. If needed, you can specify a different port number when you configure the Zone Proxy.
Module Server	Zone Server¹	17487	TCP	Used by the Zone Server for Module Server connections. The default port number is 17487. If needed, you can specify a different port number when you configure the Zone Proxy.
Module Server	Zone Server¹	17488	TCP	Allows communication between the Zone Server and the Module Server. On TanOS, the Direct Connect Zone Proxy installer automatically opens port 17488 on the Zone Server. This port must be manually opened on Windows.
Module Server	Module Server (loopback)	17471	TCP	Internal purposes; not externally accessible
¹ These ports are required only when you use a Zone Server.

Configure firewall policies to open ports for Tanium traffic with TCP-based rules instead of application identity-based rules. For example, on a Palo Alto Networks firewall, configure the rules with service objects or service groups instead of application objects or application groups.

For Tanium Cloud ports, see Tanium Cloud Deployment Guide: Host and network security requirements.

For Direct Connect ports, see Direct Connect User Guide: Host and network security requirements.

Security exclusions

If security software is in use in the environment to monitor and block unknown host system processes, Tanium recommends that a security administrator create exclusions to allow the Tanium processes to run without interference. The configuration of these exclusions varies depending on AV software. For a list of all security exclusions to define across Tanium, see Tanium Core Platform Deployment Reference Guide: Host system security exclusions.

Performance security exclusions
Target Device	Notes	Exclusion Type	Exclusion
Module Server		Process	<Module Server>\services\performance-service\node.exe
		Process	<Module Server>\services\event-service\twsm.exe
		Process	<Module Server>\services\endpoint-configuration-service\TaniumEndpointConfigService.exe
Windows (x86 and x64) endpoints		File	<Tanium Client>\TaniumClientExtensions.dll
		File	<Tanium Client>\TaniumClientExtensions.dll.sig
		File	<Tanium Client>\extensions\TaniumDEC.dll
		File	<Tanium Client>\extensions\TaniumDEC.dll.sig
		File	<Tanium Client>\extensions\TaniumPerformance.dll
		File	<Tanium Client>\extensions\TaniumPerformance.dll.sig
		Process	<Tanium Client>\Tools\PerformanceTSDB\TaniumTSDB.exe
		File	<Tanium Client>\extensions\TaniumTSDB.dll
		File	<Tanium Client>\extensions\TaniumTSDB.dll.sig
		File	<Tanium Client>\extensions\SupportCX.dll
		File	<Tanium Client>\extensions\SupportCX.dll.sig
		File	<Tanium Client>\extensions\TaniumConfig.dll
		File	<Tanium Client>\extensions\TaniumConfig.dll.sig
		File	<Tanium Client>\extensions\performance\performance.db
		File	<Tanium Client>\extensions\performance\performance.db-shm
		File	<Tanium Client>\extensions\performance\performance.db-wal
	7.4.x clients	Folder	<Tanium Client>\Python38
	7.4.x clients¹	Process	<Tanium Client>\Python38\TPython.exe
		Process	<Tanium Client>\TaniumCX.exe
Linux (x86 and x64) endpoints		File	<Tanium Client>/libTaniumClientExtensions.so
		File	<Tanium Client>/libTaniumClientExtensions.so.sig
		File	<Tanium Client>/extensions/libTaniumDEC.so
		File	<Tanium Client>/extensions/libTaniumDEC.so.sig
		File	<Tanium Client>/extensions/libTaniumPerformance.so
		File	<Tanium Client>/extensions/libTaniumPerformance.so.sig
		Process	<Tanium Client>/Tools/PerformanceTSDB/TaniumTSDB
		File	<Tanium Client>/extensions/libTaniumTSDB.so
		File	<Tanium Client>/extensions/libTaniumTSDB.so.sig
		File	<Tanium Client>/extensions/libSupportCX.so
		File	<Tanium Client>/extensions/libSupportCX.so.sig
		File	<Tanium Client>/extensions/libTaniumConfig.so
		File	<Tanium Client>/extensions/libTaniumConfig.so.sig
		File	<Tanium Client>/extensions/performance/performance.db
		File	<Tanium Client>/extensions/performance/performance.db-shm
		File	<Tanium Client>/extensions/performance/performance.db-wal
	7.4.x clients	Folder	<Tanium Client>/python38
	7.4.x clients	Process	<Tanium Client>/python38/bin/pybin
		Process	<Tanium Client>/TaniumCX
macOS endpoints		File	<Tanium Client>/libTaniumClientExtensions.dylib
		File	<Tanium Client>/libTaniumClientExtensions.dylib.sig
		File	<Tanium Client>/extensions/libTaniumDEC.dylib
		File	<Tanium Client>/extensions/libTaniumDEC.dylib.so
		File	<Tanium Client>/extensions/libTaniumPerformance.dylib
		File	<Tanium Client>/extensions/libTaniumPerformance.dylib.sig
		Process	<Tanium Client>/Tools/PerformanceTSDB/TaniumTSDB
		File	<Tanium Client>/extensions/libTaniumTSDB.dylib
		File	<Tanium Client>/extensions/libTaniumTSDB.dylib.sig
		File	<Tanium Client>/extensions/libSupportCX.dylib
		File	<Tanium Client>/extensions/libSupportCX.dylib.sig
		File	<Tanium Client>/extensions/libTaniumConfig.dylib
		File	<Tanium Client>/extensions/libTaniumConfig.dylib.sig
		File	<Tanium Client>/extensions/performance/performance.db
		File	<Tanium Client>/extensions/performance/performance.db-shm
		File	<Tanium Client>/extensions/performance/performance.db-wal
	7.4.x clients	Folder	<Tanium Client>/python38
	7.4.x client	Process	<Tanium Client>/python38/bin/pybin
		Process	<Tanium Client>/TaniumCX
¹ = TPython requires SHA2 support to allow installation.

Performance security exclusions
Target Device	Notes	Exclusion Type	Exclusion
Windows (x86 and x64) endpoints		File	<Tanium Client>\TaniumClientExtensions.dll
		File	<Tanium Client>\TaniumClientExtensions.dll.sig
		File	<Tanium Client>\extensions\TaniumDEC.dll
		File	<Tanium Client>\extensions\TaniumDEC.dll.sig
		File	<Tanium Client>\extensions\TaniumPerformance.dll
		File	<Tanium Client>\extensions\TaniumPerformance.dll.sig
		Process	<Tanium Client>\Tools\PerformanceTSDB\TaniumTSDB.exe
		File	<Tanium Client>\extensions\TaniumTSDB.dll
		File	<Tanium Client>\extensions\TaniumTSDB.dll.sig
		File	<Tanium Client>\extensions\SupportCX.dll
		File	<Tanium Client>\extensions\SupportCX.dll.sig
		File	<Tanium Client>\extensions\TaniumConfig.dll
		File	<Tanium Client>\extensions\TaniumConfig.dll.sig
		File	<Tanium Client>\extensions\performance\performance.db
		File	<Tanium Client>\extensions\performance\performance.db-shm
		File	<Tanium Client>\extensions\performance\performance.db-wal
	7.4.x clients	Folder	<Tanium Client>\Python38
	7.4.x clients¹	Process	<Tanium Client>\Python38\TPython.exe
		Process	<Tanium Client>\TaniumCX.exe
Linux (x86 and x64) endpoints		File	<Tanium Client>/libTaniumClientExtensions.so
		File	<Tanium Client>/libTaniumClientExtensions.so.sig
		File	<Tanium Client>/extensions/libTaniumDEC.so
		File	<Tanium Client>/extensions/libTaniumDEC.so.sig
		File	<Tanium Client>/extensions/libTaniumPerformance.so
		File	<Tanium Client>/extensions/libTaniumPerformance.so.sig
		Process	<Tanium Client>/Tools/PerformanceTSDB/TaniumTSDB
		File	<Tanium Client>/extensions/libTaniumTSDB.so
		File	<Tanium Client>/extensions/libTaniumTSDB.so.sig
		File	<Tanium Client>/extensions/libSupportCX.so
		File	<Tanium Client>/extensions/libSupportCX.so.sig
		File	<Tanium Client>/extensions/libTaniumConfig.so
		File	<Tanium Client>/extensions/libTaniumConfig.so.sig
		File	<Tanium Client>/extensions/performance/performance.db
		File	<Tanium Client>/extensions/performance/performance.db-shm
		File	<Tanium Client>/extensions/performance/performance.db-wal
	7.4.x clients	Folder	<Tanium Client>/python38
	7.4.x clients	Process	<Tanium Client>/python38/bin/pybin
		Process	<Tanium Client>/TaniumCX
macOS endpoints		File	<Tanium Client>/libTaniumClientExtensions.dylib
		File	<Tanium Client>/libTaniumClientExtensions.dylib.sig
		File	<Tanium Client>/extensions/libTaniumDEC.dylib
		File	<Tanium Client>/extensions/libTaniumDEC.dylib.so
		File	<Tanium Client>/extensions/libTaniumPerformance.dylib
		File	<Tanium Client>/extensions/libTaniumPerformance.dylib.sig
		Process	<Tanium Client>/Tools/PerformanceTSDB/TaniumTSDB
		File	<Tanium Client>/extensions/libTaniumTSDB.dylib
		File	<Tanium Client>/extensions/libTaniumTSDB.dylib.sig
		File	<Tanium Client>/extensions/libSupportCX.dylib
		File	<Tanium Client>/extensions/libSupportCX.dylib.sig
		File	<Tanium Client>/extensions/libTaniumConfig.dylib
		File	<Tanium Client>/extensions/libTaniumConfig.dylib.sig
		File	<Tanium Client>/extensions/performance/performance.db
		File	<Tanium Client>/extensions/performance/performance.db-shm
		File	<Tanium Client>/extensions/performance/performance.db-wal
	7.4.x clients	Folder	<Tanium Client>/python38
	7.4.x clients	Process	<Tanium Client>/python38/bin/pybin
		Process	<Tanium Client>/TaniumCX
¹ = TPython requires SHA2 support to allow installation.

User role requirements

The following tables list the role permissions required to use Performance. To review a summary of the predefined roles, see Set up Performance users.

Do not assign the Performance Service Account role to users. This role is for internal purposes only.

For more information about role permissions and associated content sets, see Tanium Console User Guide: Managing RBAC.

Performance user role permissions
Permission	Performance Administrator^1,2,3,4,5	Performance Operator^1,2,3,4,5	Performance User^1,2,4,5	Performance Read Only User^1,2,4,5	Performance Endpoint Configuration Approver^2,3,4,5
Performance ADMINISTER: View all pages in Performance. Update settings and all profiles; can generate and retrieve a support bundle SHOW: View the Performance workbench	ADMINISTER SHOW	SHOW	SHOW	SHOW	SHOW
Performance Components Manage back-end components for Performance, such as actions
Performance Direct Connect⁶ Connect to an endpoint using Direct Connect and read data from that endpoint.	READ	READ	READ	READ
Performance Endpoint Configuration Allows approving endpoint configuration items					APPROVE
Performance Event View Performance events	READ	READ	READ	READ
Performance File Browse the file system and download a file from an endpoint that you connect to through Performance	DOWNLOAD	DOWNLOAD	DOWNLOAD
Performance Kill Terminate endpoint processes when you connect to an endpoint through Performance	PROCESS	PROCESS	PROCESS
Performance Process Groups READ: View Performance process groups WRITE: Modify Performance process groups	READ WRITE	READ WRITE	READ	READ
Performance Profile READ: View all Performance profiles WRITE: Modify all Performance profiles	READ WRITE	READ WRITE	READ	READ	READ
Performance Settings View Performance settings	READ	READ	READ	READ	READ
¹ This role provides module permissions for Tanium Direct Connect. You can view which Direct Connect permissions are granted to this role in the Tanium Console. For more information, see the Tanium Direct Connect User Guide: User role requirements. ² This role provides module permissions for Tanium Trends. You can view which Trends permissions are granted to this role in the Tanium Console. For more information, see the Tanium Trends User Guide: User role requirements. ³ This role provides module permissions for Tanium Endpoint Configuration. You can view which Endpoint Configuration permissions are granted to this role in the Tanium Console. For more information, see Tanium Endpoint Configuration User Guide: User role requirements. ⁴ This role provides module permissions for Tanium Interact. You can view which Interact permissions are granted to this role in the Tanium Console. For more information, see the Tanium Interact User Guide: User role requirements. ⁵ This role provides module permissions for Tanium Reporting. You can view which Reporting permissions are granted to this role in the Tanium Console. For more information, see the Tanium Reporting User Guide: User role requirements. 6 If you are using Direct Connect 1.10.39, users must also have the Data Collection Registration Read Interact permission to connect directly to endpoints. If you are using Direct Connect 2.0 or later, the Data Collection Registration Read Interact permission is not required.

Provided Performance administration and platform content permissions
Permission	Permission Type	Performance Administrator^1,2,3,4,5	Performance Operator^1,2,3,4,5	Performance User^1,2,3,4,5	Performance Read Only User^1,2,3,4,5	Performance Endpoint Configuration Approver^1,4,5
Action Group	Administration	READ	READ	READ	READ
Action	Platform content	WRITE	WRITE
Action for Saved Question	Platform content
Approve Action	Platform content
Dashboard	Platform content
Dashboard Group	Platform content
Filter Group	Platform content	READ	READ	READ	READ	READ
Own Action	Platform content	READ	READ
Package	Platform content	READ WRITE	READ WRITE
Plugin	Platform content	READ EXECUTE	READ EXECUTE	READ EXECUTE	READ EXECUTE	READ EXECUTE
Saved Question	Platform content	READ	READ	READ	READ
Sensor	Platform content	READ	READ	READ	READ	READ
To view which content set permissions are granted to a role, see Tanium Console User Guide: View effective role permissions. ¹ This role provides content set permissions for Tanium Trends. You can view which Trends content sets are granted to this role in the Tanium Console. For more information, see Tanium Trends User Guide: User role requirements. ² This role provides content set permissions for Tanium Endpoint Configuration. You can view which Endpoint Configuration content sets are granted to this role in the Tanium Console. For more information, see Tanium Endpoint Configuration User Guide: User role requirements. ³ This role provides content set permissions for Tanium Data Service. You can view which Tanium Data Service content sets are granted to this role in the Tanium Console. For more information, see the Tanium Interact User Guide: User role requirements. ⁴ This role provides content set permissions for Tanium Reporting. You can view which Reporting content sets are granted to this role in the Tanium Console. For more information, see the Tanium Reporting User Guide: User role requirements. ⁵ This role provides content set permissions for Tanium Criticality. You can view which Criticality content sets are granted to this role in the Tanium Console. For more information, see the Tanium Criticality User Guide: User role requirements.