Installing the Tanium Server
This topic describes how to install a standalone Tanium Server on a dedicated Windows Server host. For details about the Tanium Server and its deployment options, see Tanium Server. To install Tanium Servers in a high availability deployment, see Installing the Tanium Server in an active-active HA cluster.
The Tanium Server installer performs the following actions:
- Installs any necessary database tools, such as Microsoft SQL Server client tools and utilities.
- Creates the Tanium databases on a remote database server and initializes the database tables in those databases.
- Opens required ports in the local host computer Windows Firewall.
- Installs Tanium Server on the local host computer and starts the Tanium Server service. The service starts the application server that hosts the Tanium Console. HTTPS access is set up using the certificate and key specified during installation.
- You can access the installer package and license file.
- The host system meets the hardware and software requirements suitable for your deployment.
- Your Microsoft Active Directory administrator has set up the accounts your team needs for the Tanium platform deployment.
- Your network administrator has configured firewall rules to allow communication on the TCP ports Tanium uses.
- Your security team has configured exceptions to host-based security policies to allow Tanium processes to operate smoothly and at optimal performance.
- Your database administrator has created a database server for the Tanium Core Platform deployment and that there is a privileged domain administrator account that you can use to create the Tanium databases when you run the installer.
The Windows Secondary Login service (seclogon) must have its Startup type set to Automatic or Manual, not Disabled, or else the Tanium database installation will fail.
Decide the type of database to use:
- PostgreSQL server: Check with your Technical Account Manager (TAM) if you are interested in deploying Tanium with a PostgreSQL Server. A special distribution of PostgreSQL Server is required. For details, see the Tanium Support Knowledge Base article (login required).
- Microsoft SQL server: If you plan to deploy with an SQL Server, the best practice is to install SQL Server Management Studio on the Tanium Server host computer before you run the installer. SQL Server Management Studio is optional, but most Tanium administrators find it useful to verify database transactions and to manage the databases. If you install SQL Server Management Studio before you run the installer, the installer does not call the Microsoft SQL Server utilities installers.
As a best practice for additional security, provision a non-system hard drive for the Tanium Server installation.
- Log into the host system as a local administrator or domain user with administrator permissions.
- Copy the installation package file and license to a temporary location.
- Right-click the SetupServer.exe file and select Run as administrator.
- Complete the installation wizard. The following table provides guidelines for key settings.
- PostgreSQL Server
Install a local database server and utilities.
- Microsoft SQL Server
The installer displays additional pages for selecting database server and client utilities options.
- Install and configure local Postgres Server.
This option supports only proof-of-concept (POC) deployments.
- Use remote Postgres Server.
This option supports production deployments.
- Exit the installer now.
Select this option if you are not ready to make the connection to the remote PostgreSQL Server.
- Download and Install SQL 2012 Native Client and SQL 2012 Command Line Utilities now.
Select this option to install the utilities necessary to connect to a remote SQL server and create databases. If you select this option, and the Tanium installer detects that these utilities are already present on the host system, it does not overwrite the existing installation; it simply does not call the Microsoft installer for the utilities.
- Download and Install SQL Server 2014 SP2 Express Edition with Tools now.
Select this option only for limited, proof-of-concept (POC) deployments.
- Exit the installer now. (Download and install manually)
Select this option if you want to install the utilities yourself. After you have done so, if you re-run the Tanium installer, you can select the first option, and the Tanium installer will verify that the utilities are present and not call the Microsoft installer.
- Custom Install
Select this option for production deployments.
- Express Install
Select this option only for limited, POC deployments.
- User Name: Just the account name portion of the credentials. For example, taniumsvc.
- Domain: The fully qualified domain name. For example, example.com.
- Password: The corresponding password.
- Generate Self-Signed Certificate and Key
The SSL certificate and key are used for secure communication with Tanium Console users and API users. If you select this option, the installer generates a self-signed certificate and key. Specify the fully qualified domain name (FQDN) of the Tanium Server. For example, ts1.example.com or ts1.example.com. If you are deploying a cluster, specify the FQDN for both servers, separated by a comma (no spaces). For example, ts1.example.com,ts2.example.com.
- Use Existing Certificate and Key
If you purchased a commercial CA or generated an enterprise CA, use this option to select the certificate file and key file.
- Use Local Database
This option is supported only for POC deployments. When SQL Server is installed on the local host computer, you can select a database server from the Local Instance list box.
- Use Remote Database
Select this option and specify the path to the remote database server in the Remote SQL Path text box. The syntax is <hostname>\<database server name>. For example, SQL1\SQLEXPRESS.
localhost for a local server or the FQDN or IP address of the remote server.
You must enter IPv6 addresses within square brackets (for example, [2001:db8::1]).
Additional parameters to pass in the connection. Typically, this is dbname and port. For example, dbname=postgres port=5432 user=postgres.
|Database Server Type||
|Postgres Not Found||
If you set the Database Server Type to PostgreSQL Server and the installer cannot find a local PostgreSQL Server installation, the following options appear:
|SQL Command Line Utilities Not Found||
|Choose Service Account for Tanium Server and Database Access||Specify Account
This option is required for production deployments. Specify a service account that can connect to the remote database server and has permissions to create databases. The account you specify will also run the Tanium Server service on the local host computer. Specify the following details:
|Local System Account
This option is supported for limited POC deployments where the Tanium Server and database server are co-located on the local host system.
|Choose Install Location||The default is C:\Program Files\Tanium\Tanium Server. As a best practice for additional security in enterprise production deployments, install the Tanium Server on a non-system hard drive.|
|License Configuration||Browse and select the directory where you copied the Tanium license file.|
|Server Console/API Port||The default is 443.|
|SSL Certificate and Key||
|Server Port||The default is 17472.|
|SQL server and database||
If you are setting up a connection to an SQL Server, you have the following options:
Click Test to test the connection.
Tip: If the SQL Server listens on a custom-assigned port (not 1433), specify the port in the Remote SQL Path text box. For example, SQL1\SQLEXPRESS,1444.
If you are setting up a connection to a Postgres server, you must specify the following settings:
Click Test to test the connection.
|Install local Tanium Module Server||Select this option only if you are installing a POC deployment.|
|Open Tanium Ports in Windows Firewall||Select this option to open the Tanium Server ports in Windows Firewall. Ports 443 and 17472 are the default port numbers.|
|Set Administrator Account||Set the user name and password for the initial Tanium Console administrator account. This is the account that must be used in the initial login. From there, the administrator can create additional users. For Active Directory accounts, use DOMAIN\username or UPN format. For example, TAM\TaniumAdmin or [email protected]. For local accounts, use MACHINE\username syntax.|
|Choose Start Menu Folder||The default is Tanium Server.|
Install the remote Module Server. See Installing the Tanium Module Server.
Last updated: 8/20/2019 1:19 PM | Feedback