This guide provides installation instructions for Tanium Server 6.5.
Express versus custom installation
This document provides instructions for an express installation of Tanium Server 6.5 using the default configuration and settings.
A custom installation of Tanium Server is appropriate in cases where you want to change or confirm the default settings or configuration. For information on common customizations of Tanium Server, see the Tanium Knowledge Base.
Configure an Active-Active Array
You can deploy Tanium Server in the configuration of a redundant server array. The servers in a Tanium Server array communicate with each other and share the same databases. The workload created by the reporting of managed clients is distributed between the servers in the array. For more information, see Active-Active Server Setup.
Tanium Server 6.5 has the following basic requirements for hardware, software, and settings.
The hardware requirements for Tanium Server depend on the configuration of the security network, including:
- Whether the server device is physical or virtual.
- The number of managed endpoints.
The minimum requirements to run Tanium Server on a Windows-based server device are as follows:
- 4 processor cores
- 8 GB RAM
- 100 GB disk space
For detailed guidance on how to allocate a server device for Tanium Server and other components of Tanium Endpoint Platform, see System Requirements.
Tanium Server 6.5 runs on 64-bit editions of Microsoft Windows Server operating systems including:
- Microsoft Windows Server 2012 R2 or later versions
- Microsoft Windows Server 2008 R2 SP1 or later versions
Tanium Server requires the following additional software to support the Tanium databases:
- Microsoft SQL Server 2008 or later
- Microsoft SQL Server Management Studio
For detailed information about how the use of other editions of Microsoft SQL Server affect deployments of more than 500 managed nodes, see System Requirements.
Requirement for Microsoft SQL Server
Tanium Server requires Microsoft SQL Server for the Tanium databases. You can install the application locally or remotely before installing Tanium Server. Alternately, the use of Microsoft SQL Express Edition may be feasible for small networks or proof-of-concept (POC) deployments. If the use of Microsoft SQL Express Edition is feasible, select the Express option for automatic installation with Tanium Server.
Download the Tanium Server installer
Your Tanium Technical Account Manager will provide a download location for the installer.
Launch the Tanium Server installer
The Tanium Server installer must be run as Administrator.
To run Tanium Server installer
- Right-click the installer, and choose Run as Administrator.
The Tanium Server installer displays the Welcome screen.
- Click Next to continue. The installer displays the Tanium Server license agreement.
- Click Agree to begin the check for prerequisite SQL components.
Verify installation of SQL components
The Tanium Server installer verifies installation of the following:
- SQL Server Native Client Library
- SQL Server command-line utility sqlcmd.
The sqlcmd utility is used to create the Tanium databases.
Install SQL components with Tanium Server
If the SQL components cannot be found, the installer displays an error message and presents options for installation.
- To use an existing local or remote SQL database, choose:
Download and install SQL Server Native Client library and SQL Server command line utility sqlcmd
- To create a named instance of SQL Server Express and a new local or remote SQL database, choose:
Download and install SQL Server Express Edition
This option also installs SQL Server Native Client Library and the SQL Server command-line utility.
- To exit the installer and install Microsoft SQL manually, choose:
To Exit the installer
Select the Tanium Server installation
After the installer confirms the existence of the required SQL components, you are prompted to select the type of installation: Express or Custom.
The Express Installation option completes setup of Tanium Server with the following default values.
- Application installation folders: \Program Files\Tanium\Tanium Server
- Use of an existing SQL Server instance or a new local instance to host the Tanium Server data
To deploy an Express installation select Express Install.
Tanium Console and Adobe Flash Player
If Adobe Flash is not installed on the Tanium Server machine, you will receive an error message with a link to download the Flash player. If you do not want to install the Adobe Flash player on the Tanium Server machine, you can access Tanium Console from any computer with Flash-enabled browser that has network access to the server device.
To launch Tanium Console from another device, use the fully qualified domain name (FQDN) of the Tanium Server machine as part of the URL. For example: https://tanium.organization.com
Login to Tanium Console
Tanium uses NTLM credentials—local Windows or Active Directory account—to validate users that are logging into the system. This process makes it possible to:
- Add Tanium administrators to the system one time.
- Create domain policies that enforce password complexity, password age, and any other credential policies in the enterprise.
- Automatically terminate access to Tanium Console by a user who is removed from Active Directory.
To login to Tanium Console
- Enter the local or Active Directory credentials that you defined during the installation process for the Administrator account.
To provide console access for other users
- In Windows Server Administration settings, navigate to the Users page to define the respective Active Directory or local server user accounts and establish any role or device restrictions.
For information about granting access to the Tanium databases using the db_owner fixed role, see SQL Server Privileges. For information about granting access without the use of the db_owner role, see "Configure database access without the db_owner fixed database role" in SQL Server Privileges.
Download of initial content
The first login to Tanium Console triggers a one-time request to the Tanium content server to retrieve the most recent "content" to use to populate the Tanium database. This process usually takes a few minutes. The initial content includes sensors, saved questions, dashboards, scheduled actions, and packages that allow you to perform tasks including patch management, asset inventory, and security vulnerability assessments. Tanium Console displays a message when the download and import of the intial content begins.
If your installation of Tanium Server will access the Internet through a proxy server, see the configuration instructions at Server Proxy Settings.
Installation Verification and Troubleshooting
Consider verifying the installation by browsing to https://<server>/info. This page has useful information such as how many nodes are connected, license state, and key configuration settings.
Tanium Module Server
By default, the Tanium Server 6.5 installation will automatically install a Tanium Module Server component on the same server. For production deployments that intend to utilize any of the Workbench modules such as Trace, Connect, Patch, etc, it is recommended that the Tanium Module Server be installed on separate hardware from the Tanium Server.