Documentation Home > Tanium Core Platform Deployment Guide for Windows

Installing Tanium Server

Overview

The Tanium Server is the Tanium Core Platform server that communicates with Tanium Clients and all other platform and solution components, as well as the content.tanium.com servers that host Tanium content packs. Tanium Clients communicate with the Tanium Server directly or through a Tanium Zone Server that acts as a proxy (see Installing Tanium Zone Server). The Tanium Server also runs the Tanium Console and API services.

The Tanium Server supports the following deployment options.

Standalone or active-active high availability (HA) cluster (see Installing the Tanium Server in an active-active HA cluster)
Windows server (see Server host system requirements), cloud service environment (see Requirements), or Tanium™ Appliance see (see the Tanium Appliance Installation Guide)
Dedicated host that is separate from the Tanium Module Server and database server, or an all-in-one host that all three servers share. Use a dedicated host for enterprise production and lab environments; the all-in-one architecture is just for proof-of-concept deployments (see Overview).

This topic describes how to install a standalone (non-HA) Tanium Server on a dedicated Windows Server host. The Tanium Server installer takes the following actions:

Installs any necessary database tools, such as Microsoft SQL Server client tools and utilities.
Creates the Tanium databases on a remote database server and initializes the database tables in those databases.
Opens required ports in the local host computer Windows Firewall.
Installs Tanium Server on the local host computer and starts the Tanium Server service. The service starts the application server that hosts the Tanium Console. HTTPS access is set up using the certificate and key specified during installation.

Before you begin

Make sure:

You can access the installer package and license file.
The host system meets the hardware and software requirements suitable for your deployment.
Your Microsoft Active Directory administrator has set up the accounts your team needs for the Tanium platform deployment.
Your database administrator has created a database server for the Tanium platform deployment and that there is a privileged domain administrator account that you can use to create the Tanium databases when you run the installer.
The Windows Secondary Login service (seclogon) must have its Startup type set to Automatic or Manual, not Disabled, or else the Tanium database installation will fail.
Your network administrator has configured firewall rules to allow communication on the TCP ports Tanium uses.
Your security team has configured exceptions to host-based security policies to allow Tanium processes to operate smoothly and at optimal performance.

As a best practice for additional security, provision a non-system hard drive for the Tanium Server installation.

PostgreSQL Server

Check with your technical account manager (TAM) if you are interested in deploying Tanium with a PostgreSQL Server. A special distribution of PostgreSQL Server is required. For details, see the Tanium Support Knowledge Base article (login required).

Microsoft SQL Server

If you plan to deploy with an SQL Server, the best practice is to install SQL Server Management Studio on the Tanium Server host computer before you run the installer. SQL Server Management Studio is optional, but most Tanium administrators find it useful to verify database transactions and to manage the databases. If you install SQL Server Management Studio before you run the installer, the installer does not call the Microsoft SQL Server utilities installers.

Install Tanium Server

Log into the host system as a local administrator or domain user with administrator privileges.
Copy the installation package file and license to a temporary location.
Right-click the SetupServer.exe file and select Run as administrator.
Complete the installation wizard. The following table provides guidelines for key settings.

Settings	Guidelines
Database Server Type	PostgreSQL Server Install a local database server and utilities. Microsoft SQL Server Call additional installer pages to select database server and client utilities options.
Postgres Not Found	If you select Postgres, the installer checks for a local PostgreSQL Server installation. If none found, it presents you with the following options: Install and configure local Postgres Server. This option supports proof-of-concept (POC) deployments only. Use remote Postgres Server. This option supports production deployments. Exit the installer now. Select this option if you are not ready to make the connection to the remote PostgreSQL Server.
SQL Command Line Utilities Not Found	If you select SQL Server, the installer checks for a local SQL Server installation and SQL utilities. If none found, it presents you with the following options: Download and Install SQL 2012 Native Client and SQL 2012 Command Line Utilities now. Select this option to install the utilities necessary to connect to a remote SQL server and create databases. If you select this option, and the Tanium installer detects that these utilities are already present on the host system, it does not overwrite the existing installation; it simply does not call the Microsoft installer for the utilities. Download and Install SQL Server 2014 SP2 Express Edition with Tools now. Do not select this option for a production deployment. It is intended only for limited, proof-of-concept installations. Exit the installer now. (Download and install manually) Select this option if you want to install the utilities yourself. After you have done so, if you re-run the Tanium installer, you can select the first option, and the Tanium installer will verify that the utilities are present and not call the Microsoft installer.
Installation Type	Custom Install Select this option for production deployments. Express Install Do not select this option for a production deployment. It is intended only for limited, proof-of-concept installations.
Choose Service Account for Tanium Server and Database Access	Specify Account This option is required for production deployments. Specify a service account that can connect to the remote database server and has privileges to create databases. The account you specify will also run the Tanium Server Service on the local host computer. Specify the following details: User Name: Just the account name portion of the credentials. For example, taniumsvc. Domain: The fully qualified domain name. For example, example.com. Password: The corresponding password.
	Local System Account This option is supported for limited proof-of-concept deployments where the Tanium Server and database server are co-located on the local host system.
Choose Install Location	The default is C:\Program Files\Tanium\Tanium Server. As a best practice for additional security in enterprise production deployments, install the Tanium Server on a non-system hard drive.
License Configuration	Browse and select the directory where you have copied the license file.
Server Console/API Port	The default is 443.
SSL Certificate and Key	Generate Self-Signed Certificate and Key The SSL certificate and key is used for secure communication with console users and API users. If you select this option, the installer generates a self-signed certificate and key. Specify the fully qualified domain name (FQDN) of the Tanium Server. For example, ts1.example.com or ts1.example.com. If you are deploying a cluster, specify the FQDN for both servers, separated by a comma (no spaces). For example, ts1.example.com,ts2.example.com. Use Existing Certificate and Key If you have purchased a commercial CA or generated an enterprise CA, use this option to select the certificate file and key file.
Server Port	The default is 17472.
SQL server and database	If you are setting up a connection to an SQL Server, you have the following options: Use Local Database This option is supported for proof-of-concept deployments only. When SQL Server is installed on the local host computer, you can select a database server from the Local Instance list box. Use Remote Database Select this option and specify the path to the remote database server in the Remote SQL Path text box. The syntax is <hostname>\<database server name>. For example, SQL1\SQLEXPRESS. Click Test to test the connection. Tip: If the SQL Server listens on a custom-assigned port (not 1433), specify the port in the Remote SQL Path text box. For example, SQL1\SQLEXPRESS,1444.
Postgres Configuration	If you are setting up a connection to a Postgres server, you must specify the following settings: Server localhost for a local server or the FQDN or IP address of the remote server. You must enter IPv6 addresses within square brackets (for example, [2001:db8::1]). Options Additional parameters to pass in the connection. Typically, this is dbname and port. For example, dbname=postgres port=5432 user=postgres. Click Test to test the connection.
Install local Tanium Module Server	Select this option only if you are installing an "proof-of-concept" deployment.
Open Tanium Ports in Windows Firewall	Select this option to open the Tanium Server ports in Windows Firewall. Ports 443 and 17472 are the default port numbers.
Set Administrator Account	Set the user name and password for the initial Tanium Console administrator account. This is the account that must be used in the initial login. From there, the administrator can create additional users. For Active Directory accounts, use DOMAIN\username or UPN format. For example, TAM\TaniumAdmin or [email protected]. For local accounts, use MACHINE\username syntax.
Choose Start Menu Folder	The default is Tanium Server.

Next steps

Install the remote Module Server. See Installing Tanium Module Server.

Last updated: 4/23/2019 11:16 AM | Feedback