Installing an individual Tanium Server

The Taniumâ„¢ Server role installation creates the Tanium Server and database server, SSL certificates, SSH keys, and Tanium Server configuration database.

Before you begin

Make sure:

Import keys (optional)

Beginning in Tanium Core Platform 7.4, the Tanium Server includes a pki.db file that contains the root keys, Tanium Server TLS keys, and message-signing keys for the Tanium Server. If you migrate from a Windows installation with Tanium Core Platform 7.4 or later, or if you restore the Tanium Server appliance from a backup, you can reuse the previous pki.db file to maintain existing trusts.

  1. Obtain a copy of the pki.db file from your existing Tanium Server or from a backup file.
  2. Use SFTP to copy the pki.db file to the /incoming folder on the appliance before the install.

Install Tanium Server

  1. Log into the Tanium Server appliance as a user with the tanadmin role.

    The TanOS console displays the tanadmin menu. ClosedView screen

  2. Enter 1 to go to the Tanium Installation menu. ClosedView screen
  3. Enter 2 to install the Tanium Server.
  4. Enter NO when asked if you are setting up a cluster. For instructions on how to install a Tanium Server in a cluster, see TODO
  5. When prompted, specify a password for the initial Tanium Console admin user (tanium). ClosedView screen

    You specify the Tanium Console admin user (tanium) and password when you complete the Module Server registration with the Tanium Server and when you log into the Tanium Console for the first time. Make sure you specify a password that you will be able to recall.

  6. When prompted, specify the Tanium platform version that you want to install.
  7. If you copied the pki.db file to the /incoming folder on the appliance, the installer discovers the file and prompts you to install it. Enter YES to continue. ClosedView screen

The installation takes approximately one minute to complete.

Set up TLS for the Tanium Server deployment

Installation of the Tanium Server automatically sets up TLS for Tanium Client to Tanium Server connections. One setting is set implicitly to a non-disruptive value by default: 

  • RequireIncomingEncryption is set to 0 (TLS not required)

Tanium Core Platform version 7.3 or prior

To change the default values, go to the Tanium Operations menu and use the Configuration Settings menu to change the values. See Change a Tanium server configuration

Tanium Core Platform version 7.4 or later

When you install the Tanium Zone Server role, TLS is enabled by default in Tanium Core Platform 7.4.

For detailed information about TLS communication in a Tanium deployment, see Tanium Core Platform Deployment Reference Guide: Setting up TLS communication.

What to do next

  1. Verify the installation. If you installed Tanium Server 7.4 or later, this includes uploading the Tanium license.
  2. Download the Tanium Server public key file so you can include it in Tanium Client installation packages.
  3. Install the Tanium Module Server.