Tanium IaaS Cloud Solution Deployment Guide for Microsoft Azure

Similar documents
Tanium Map User Guide. Version 1.0.0

Tanium Discover User Guide. Version 2.5.1

Tanium Network Quarantine User Guide

Tanium Core Platform Installation Guide

Tanium Asset User Guide. Version 1.1.0

Tanium Asset User Guide. Version 1.3.1

Tanium Patch User Guide. Version 2.1.5

Tanium Patch User Guide. Version 2.3.0

Tanium Discover User Guide. Version 2.x.x

Tanium Integrity Monitor User Guide

Tanium Appliance Installation Guide

Tanium Comply User Guide. Version 1.7.3

SonicWall Secure Mobile Access SMA 500v Virtual Appliance 8.6. Getting Started Guide

Tanium Protect User Guide. Version 1.9.3

Authentication Services ActiveRoles Integration Pack 2.1.x. Administration Guide

Authenticating Cisco VCS accounts using LDAP

One Identity Active Roles 7.2. Azure AD and Office 365 Management Administrator Guide

SonicWall Global VPN Client Getting Started Guide

Quest VROOM Quick Setup Guide for Quest Rapid Recovery for Windows and Quest Foglight vapp Installers

Cisco Expressway Authenticating Accounts Using LDAP

Quest VROOM Quick Setup Guide for Quest Rapid Recovery for Windows and Quest Foglight vapp Installers

Cisco TelePresence Authenticating Cisco VCS Accounts Using LDAP

Tanium Connect User Guide. Version 4.8.3

Cisco Meeting Management

SonicWall Secure Mobile Access

Tanium Protect User Guide. Version 1.0.7

vanalytics Endpoint Monitoring Technical Deployment Guide for Real Time Endpoint Monitoring and Alerts

Quest Collaboration Services 3.6. Installation Guide

SonicWall SonicOS 5.9

One Identity Password Manager User Guide

Quest VROOM Quick Setup Guide for Quest Rapid Recovery and Foglight Windows Installers

Tetration Cluster Cloud Deployment Guide

SonicWall Secure Mobile Access

One Identity Active Roles 7.2. Replication: Best Practices and Troubleshooting Guide

Quest VROOM Quick Setup Guide for Quest Rapid Recovery and Foglight Windows Installers

Rapid Recovery License Portal Version User Guide

Tanium Interact User Guide. Version 1.1.0

Cloud Access Manager How to Deploy Cloud Access Manager in a Virtual Private Cloud

Cisco UCS C-Series IMC Emulator Quick Start Guide. Cisco IMC Emulator 2 Overview 2 Setting up Cisco IMC Emulator 3 Using Cisco IMC Emulator 9

Cisco TelePresence Management Suite Extension for Microsoft Exchange Version 3.1.2

Quest NetVault Backup Plug-in for SnapMirror To Tape. User s Guide. version 7.6. Version: Product Number: NTG EN-01 NTG

Setting up the DR Series System on Acronis Backup & Recovery v11.5. Technical White Paper

Tanium Interact User Guide. Version 2.0.0

Silver Peak EC-V and Microsoft Azure Deployment Guide

LiteSpeed for SQL Server 6.1. Configure Log Shipping

Authenticating Devices

One Identity Active Roles 7.2

Tanium Incident Response User Guide

NetApp Cloud Volumes Service for AWS

SonicWall SMA 8200v. Getting Started Guide

VMware AirWatch Database Migration Guide A sample procedure for migrating your AirWatch database

Cisco TelePresence Management Suite Extension for Microsoft Exchange Version 3.1.3

One Identity Active Roles 7.2. Configuration Transfer Wizard Administrator Guide

SonicWall Content Filtering Client for Windows and Mac OS

SonicWall Web Application Firewall 2.0. AWS Deployment Guide

One Identity Starling Two-Factor Desktop Login 1.0. Administration Guide

Metalogix ControlPoint 7.6. for Office 365 Installation Guide

SPListX for SharePoint Installation Guide

1.0. Quest Enterprise Reporter Discovery Manager USER GUIDE

One Identity Manager 8.0. Administration Guide for Connecting to Azure Active Directory

Migrating vrealize Automation 6.2 to 7.2

Spotlight Management Pack for SCOM. User Guide

July SonicWall SonicOS 6.2 Upgrade Guide

Cloud Access Manager Configuration Guide

SonicWall Mobile Connect ios 5.0.0

One Identity Manager Administration Guide for Connecting to SharePoint Online

Oracle Hospitality Simphony Venue Management Installation Guide Release 3.10 E March 2018

NNMi Integration User Guide for CiscoWorks Network Compliance Manager 1.6

Managing Device Software Images

Cisco CSPC 2.7.x. Quick Start Guide. Feb CSPC Quick Start Guide

SonicWall Analyzer 8.4 SP1

One Identity Manager 8.0. Administration Guide for Connecting to Cloud Applications

Metalogix Essentials for Office Creating a Backup

One Identity Starling Two-Factor AD FS Adapter 6.0. Administrator Guide

Cisco WebEx Meetings Server Administration Guide

Dell GPOADmin 5.7. About Dell GPOADmin 5.7. New features. Release Notes. December 2013

AltaVault Cloud Integrated Storage Installation and Service Guide for Cloud Appliances

Cisco TEO Adapter Guide for SAP Java

x10data Application Platform v7.1 Installation Guide

Spotlight on SQL Server Enterprise Spotlight Management Pack for SCOM

One Identity Starling Two-Factor HTTP Module 2.1. Administration Guide

HYCU SCOM Management Pack for F5 BIG-IP

One Identity Starling Two-Factor Authentication. Administration Guide

Forescout. eyeextend for IBM BigFix. Configuration Guide. Version 1.2

4.0. Resynchronizing Public Folders, Mailboxes, and Calendars

Multifactor Authentication Installation and Configuration Guide

Quest Unified Communications Diagnostics Data Recorder User Guide

Cloud Link Configuration Guide. March 2014

271 Waverley Oaks Rd. Telephone: Suite 206 Waltham, MA USA

Cisco TelePresence Video Communication Server Basic Configuration (Single VCS Control)

Cisco has more than 200 offices worldwide. Addresses, phone numbers, and fax numbers are listed on the Cisco website at

SonicWall Security 9.0.6

One Identity Manager 8.0. Administration Guide for Connecting Unix-Based Target Systems

TROUBLESHOOTING GUIDE. HYCU Data Protection for Nutanix

Dell SonicWALL SonicOS 5.9 Upgrade Guide

Oracle Enterprise Manager. 1 Introduction. System Monitoring Plug-in for Oracle Enterprise Manager Ops Center Guide 11g Release 1 (

Videoscape Distribution Suite Software Installation Guide

Setting up the DR Series System with vranger. Technical White Paper

Creating and Installing SSL Certificates (for Stealthwatch System v6.10)

Symantec Ghost Solution Suite Web Console - Getting Started Guide

Transcription:

Tanium IaaS Cloud Solution Deployment Guide for Microsoft Azure Version: All December 21, 2018

The information in this document is subject to change without notice. Further, the information provided in this document is provided as is and is believed to be accurate, but is presented without any warranty of any kind, express or implied, except as provided in Tanium s customer sales terms and conditions. Unless so otherwise provided, Tanium assumes no liability whatsoever, and in no event shall Tanium or its suppliers be liable for any indirect, special, consequential, or incidental damages, including without limitation, lost profits or loss or damage to data arising out of the use or inability to use this document, even if Tanium Inc. has been advised of the possibility of such damages. Any IP addresses used in this document are not intended to be actual addresses. Any examples, command display output, network topology diagrams, and other figures included in this document are shown for illustrative purposes only. Any use of actual IP addresses in illustrative content is unintentional and coincidental. Please visit https://docs.tanium.com for the most current Tanium product documentation. Tanium is a trademark of Tanium, Inc. in the U.S. and other countries. Third-party trademarks mentioned are the property of their respective owners. 2018 Tanium Inc. All rights reserved. 2018 Tanium Inc. All Rights Reserved Page 2

Table of contents Overview 4 Requirements 5 Deploying Tanium Infrastructure 6 Before you begin 6 Create the Tanium component server stack 6 Install the Tanium license 9 What to do next 9 Verifying the installation 10 Log into the Tanium Console 10 Verify the Tanium Server connection to the remote Module Server 12 Use the CDT to deploy the Tanium Client 13 Before you begin 13 Install the CDT 13 Deploy the client to the Tanium Platform Windows host systems 15 Review Tanium Client registration and ask a question 18 Monitoring Tanium Infrastructure 19 Maintaining Tanium Infrastructure 20 Take snapshots 20 Upgrade 20 Change log 22 2018 Tanium Inc. All Rights Reserved Page 3

Overview The Tanium Infrastructure as a Service (IaaS) solution can be deployed in a Microsoft Azure virtual private cloud (VPC) environment. The cloud templates provided by Tanium optimize the VPC resources allocated for the target deployment size you specify, and they enforce best practices for Tanium server deployments. In particular: Tanium Core Platform components are deployed into multiple Azure Availability Sets to ensure availability in the event of underlying hardware resources failures. All provisioned disks that store Tanium data are encrypted by default using cloud native options. The connections between Tanium Core Platform server components use transport layer security (TLS). Network security rules that restrict access to only the application port and user access required for the Tanium deployment. This documentation may provide access to or information about content, products (including hardware and software), and services provided by third parties ( Third Party Items ). With respect to such Third Party Items, Tanium Inc. and its affiliates (i) are not responsible for such items, and expressly disclaim all warranties and liability of any kind related to such Third Party Items and (ii) will not be responsible for any loss, costs, or damages incurred due to your access to or use of such Third Party Items unless expressly set forth otherwise in an applicable agreement between you and Tanium. Further, this documentation does not require or contemplate the use of or combination with Tanium products with any particular Third Party Items and neither Tanium nor its affiliates shall have any responsibility for any infringement of intellectual property rights caused by any such combination. You, and not Tanium, are responsible for determining that any combination of Third Party Items with Tanium products is appropriate and will not cause infringement of any third party intellectual property rights. 2018 Tanium Inc. All Rights Reserved Page 4

Requirements Microsoft Azure A Microsoft Azure subscription. Ensure that Azure DB for PostgreSQL is enabled for the Azure subscription. Admin Public Key: The public key to use when logging in via SSH. Azure virtual networks for each of host server in a joint resource group dedicated to this deployment. Joining them into one dedicated resource group makes it easier for you to isolate access to the Tanium deployment and also makes later cleanup easier (if necessary). For builds with a remote Azure DB for PostgreSQL Server, you must enable the resource provider and enable service endpoints on the target virtual network. See Microsoft Azure: Virtual Network Service Endpoints. A secure management computer or jumpbox that you can use to access the Tanium Server from a remote management computer. See Microsoft Azure: Security management in Azure. Tanium A download URL for the Tanium installation RPM file. Contact your Tanium technical account manager (TAM). A Tanium license. 2018 Tanium Inc. All Rights Reserved Page 5

Deploying Tanium Infrastructure Follow these steps to deploy Tanium IaaS to a Microsoft Azure virtual private cloud (VPC). Before you begin The deployment workflow assumes you have already designed your VPC network and configured the following Microsoft Azure objects, which you select when you set up the Tanium component server stack: A Microsoft Azure subscription. Ensure that Azure DB for PostgreSQL is enabled for the Azure subscription. Admin Public Key: The public key to use when logging in from a management computer via SSH. Azure virtual networks for each of host server in a joint resource group dedicated to this deployment. Joining them into one dedicated resource group makes later cleanup easier (if necessary). For builds with a remote Azure DB for PostgreSQL Server, you must enable the resource provider and enable service endpoints on the target virtual network. See Microsoft Azure: Virtual Network Service Endpoints. Create the Tanium component server stack 1. Go to https://content.tanium.com/files/cloud/index.html. 2. Accept the license. 2018 Tanium Inc. All Rights Reserved Page 6

3. Browse to the template that you want to use and click the icon to launch the link. 4. Complete the configuration as described in the following table. Settings Guidelines Subscription Resource group Location Tanium Server1Name TanimServer2Name Tanium Module Server Name Tanium Zone Server1Name Tanium Zone Server2Name Admin Username Select the Azure subscription for the resources used by this deployment. Select a resource group that is dedicated for the Tanium deployment. If the dedicated resource group has not already been created, click Create new and create it. Select a regional location. Optional. Change the prepopulated name for the server instance. Optional. Change the prepopulated name for the server instance. Optional. Change the prepopulated name for the server instance. Optional. Change the prepopulated name for the server instance. Optional. Change the prepopulated name for the server instance. Specify a username for an account to be given sudo privileges on all provisioned server instances. 2018 Tanium Inc. All Rights Reserved Page 7

Settings Admin Public Key Virtual Network Name Virtual Network Resource Group Virtual Network Subnet_Tanium Server Virtual Network Subnet_Tanium Module Server Virtual Network Subnet_Tanium Zone Server Binary URI Tanium User Password Endpoint Count Zone Server Endpoint Count Guidelines Select the name of the SSH public key for the admin user specified above. The SSH key pair is used to secure SSH connections to the Tanium component server instances. Specify the name of the Azure virtual network you set up for the Tanium deployment. Specify the name of the Azure virtual network resource group that is dedicated for the Tanium deployment. Specify the name of the virtual network subnet to which to deploy the Tanium Server. Specify the name of the virtual network subnet to which to deploy the Tanium Module Server. Specify the name of the virtual network subnet to which to deploy the Tanium Zone Server. URI to the Tanium component server binary files. The URI is a temporary link provided to you by your TAM. Password for the initial Tanium Console user. It must be at least 8 characters and a maximum of 128 characters. Select the maximum number of endpoints expected, including endpoints that connect to the Zone Server(s). Select the number of endpoint connections to the Zone Server expected. This count is included in EndpointCount. 2018 Tanium Inc. All Rights Reserved Page 8

5. Review the configuration and agreement and click Purchase. It takes approximately 20 minutes to build all of the component server instances. When the process is complete, the tanium.pub file is copied to your Azure transfer disk. Install the Tanium license Upload the tanium.license file to your provisioned cloud storage and copy it to the Blob called transfer. A job has been set up on the Tanium Server to copy the uploaded license to the Tanium Server instance. When the job is completed, the license file is added to the /opt/tanium/taniumserver directory, and the Tanium Server is restarted to apply the license file. What to do next Verify the deployment. 2018 Tanium Inc. All Rights Reserved Page 9

Verifying the installation Log into the Tanium Console to verify proper communication among deployment components: Successful installation of Tanium content packs verifies communication with content.tanium.com. Successful installation of Tanium Interact verifies communication between the Tanium Server and Module Server. Successful registration by Tanium Clients verifies communication with clients. Log into the Tanium Console 1. Open the Tanium Console URL. The Tanium Console URL has the following form: https://<fqdn> 2. Log in with the username tanium and password you set when you created the Tanium Server instance. When you first log into the Tanium Console, it automatically initiates the following actions: Imports the Initial Content - Base content pack. The Initial Content packs include the sensors, packages, saved questions, and dashboards that are essential for getting started with Tanium. 2018 Tanium Inc. All Rights Reserved Page 10

Imports the Client Maintenance content pack. The Client Maintenance pack includes the sensors, packages, actions, and saved questions that are used to perform hygiene checks on Tanium Clients. 2018 Tanium Inc. All Rights Reserved Page 11

Imports the Tanium Interact workbench. The Interact workbench includes the user interface for questions and results. Verify the Tanium Server connection to the remote Module Server Go to the Tanium Console info page (https://<fqdn>/info) and search for Module Count. It should list the remote Module Server. If it lists 127.0.0.1, it is using the local Module Server, and you must revisit the steps you took to install the Tanium Server and remote Module Server. 2018 Tanium Inc. All Rights Reserved Page 12

Use the CDT to deploy the Tanium Client This guide includes a brief section on deploying Tanium Client so that you can use basic client-server registration to verify successful installation of the Tanium Core Platform server components. For comprehensive information on client deployment options, see the Tanium Client Deployment Guide. Before you begin Upload the latest Tanium Client Deployment Tool (CDT) to a management host computer (Windows) that can access the endpoints to which you want to deploy the Tanium Client. Copy the tanium.pub file from the Blob storage to the management computer so you can include it in deployments to target endpoints. Make sure that network firewall rules allow the Tanium CDT to make connections to the target endpoints. Make sure you know the username and password of an administrator account that can log into the target endpoint and install the Tanium Client. Install the CDT 1. Right-click the TaniumClientDeploymentToolSetup.exe file and select Run as administrator. The installation wizard prompts you for one value the installation directory. The default is C:\Program Files (x86)\tanium\tanium Client Deployment Tool. 2. In Windows, select Start > Tanium Client Deployment Tool to open the tool. 2018 Tanium Inc. All Rights Reserved Page 13

Upon initialization, the tool prompts you to download the latest endpoint software from secure Tanium download servers. 3. Click OK to download the latest endpoint software. 2018 Tanium Inc. All Rights Reserved Page 14

The software is downloaded to C:\Program Files (x86)\tanium\tanium Client Deployment Tool\clients\. 4. If you plan to use Microsoft PSExec to push Tanium Client to endpoints: a. When prompted, follow the link to download PSTools from the Microsoft download site. b. Unzip the package and copy the PsExec.exe file to the CDT installation directory. c. Restart the Tanium CDT. Deploy the client to the Tanium Platform Windows host systems 1. Under Settings, specify: Tanium pub file Server Name Port Type or browse to the Tanium Server public key file. The Tanium Server public key you specify here is included in the client installation. The FQDN of the Tanium Server. For example, ts1.example.com. The Tanium Client registers with the Tanium Server you specify here. In HA deployments and deployments with Zone Servers, you can send a server list. Enter the FDQN for all servers, separated by a comma. For example: ts1.example.com,ts2.example.com,zs1.example.com. Port used by Tanium Clients to communicate with the Tanium Server and with their designated peers. The default is 17472. 2018 Tanium Inc. All Rights Reserved Page 15

Log Verbosity Level Sets the Tanium Client log level: 0: Disable logging. Recommended for clients installed to sensitive endpoints or VDI endpoints. 1: Recommended logging level during normal operation. 41: Recommended logging during troubleshooting. >= 91: Enable the most detailed log levels for short periods of time only. 2. For deployments to Windows endpoints, specify: Username Password Target Folder Override Execution Method Impersonate User Local or domain user with administrative privileges on the targeted endpoints. The deployment tool uses this account when it connects to the targeted endpoint and executes the client installer. The corresponding password. Specify an installation folder if you do not want to use the default. On Windows, the default is C:\Program Files (x86)\tanium\tanium Client. For Windows endpoints, specify which Windows operating system command line utility the tool uses to analyze target computers and perform the remote installation of the client: PSEXEC: Recommended because it is faster. WMIC: Recommended if analysis using PSEXEC returns endpoints with OS Unknown and status Processing. Select this option to use the PSEXEC user impersonation option. The credentials specified in the Settings section are used to connect to endpoint using a PSEXEC process that is run under those credentials on the Client Deployment tool host computer. Those credentials are also used to install the client. 2018 Tanium Inc. All Rights Reserved Page 16

3. Use the Active Directory tab to search for the target endpoints. a. Domain: Specify the Active Directory domain to which the targeted endpoints belong. For example, example.com. b. Connect using credentials: Select this option to use the administrator credentials specified in Settings instead of the logged in user credentials. c. Include computers in child containers: When this option is unchecked, computer names from endpoints within only the first level are included in the target list, not computers contained in child containers. When checked, all computers within an Organizational Unit or container and all child Organization Units or containers are included in the list. d. Click Analyze to query the AD tree and populate the results table. Click Retry Bind if necessary in the event the AD query fails. 4. Select one or more rows in the results table and click Install. The Status table has information about the installation attempt. Review the information to confirm deployment. Click Clear Completed or Clear All to clear Status table entries. 2018 Tanium Inc. All Rights Reserved Page 17

Review Tanium Client registration and ask a question 1. Go to Administration > System Status to review recent client registration details. 2. In Interact, verify the endpoints respond to the following query: Get Computer Name and Tanium Server Name from all machines 3. Review the results grid to verify that all endpoints with Tanium Client software installed are now reporting. 2018 Tanium Inc. All Rights Reserved Page 18

Monitoring Tanium Infrastructure Use Microsoft Azure Monitor to monitor the virtual machines. See Microsoft Azure: Monitoring data collected by Azure Monitor. 2018 Tanium Inc. All Rights Reserved Page 19

Maintaining Tanium Infrastructure Use Microsoft Azure features to back up the virtual machines. Use standard Linux server functionality to upgrade Tanium software. Take snapshots In Microsoft Azure, a snapshot is a full, read-only copy of a virtual hard disk (VHD). Use Microsoft Azure portal to take a snapshot or Azure backup to schedule backups. For details, see Microsoft Azure: Create a snapshot and Microsoft Azure: Back up a virtual machine in Azure. Upgrade 1. Upgrade Tanium software 2. Obtain the upgrade RPM files from your TAM. 3. Upload RPM files to the server host in Microsoft Azure. 2018 Tanium Inc. All Rights Reserved Page 20

4. Use the following commands to upgrade. #systemctl stop taniumserver #systemctl disable taniumserver #rpm -Uv TaniumServer-7.*.rpm Preparing packages... TaniumServer-7.3.314.3195-1.rhe7.x86_64 Found and restored previous TaniumServer settings TaniumServer-7.3.314.3195-1.rhe7.x86_64 #systemctl enable taniumserver #systemctl start taniumserver 2018 Tanium Inc. All Rights Reserved Page 21

Change log Date December 21, 2018 Revision Summary Initial publication. 2018 Tanium Inc. All Rights Reserved Page 22

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback