Introduction

This procedure covers the main steps required to deploy a Tanium Server on TanOS in an on-premises environment. It includes the initial appliance configuration, user preparation, backup steps, array creation, role installation, module server association, web-based solution installation, and TanOS upgrade.

Requirements

SSH Keys and Local Accounts

Before initializing the appliance, prepare SSH keys for the local administrative and transfer accounts.

  • tanadmin: primary administrative account. Configure SSH public key authentication and disable password access after key installation if your operating model allows it.
  • tancopy: file transfer account used for backups, logs, and package transfers. Configure SSH public key authentication and do not allow password login.
  • tanrecovery: emergency administrative account. Create it manually, assign the admin role, configure SSH public key authentication, and disable password login.

Required Workstation Software

  • PuTTY for SSH access.
  • PuTTYgen to generate SSH keys in a PuTTY-compatible format.
  • WinSCP for secure file transfers to and from the appliance.

Initial Appliance Configuration

Set Keyboard Layout

Menu path: B -> 8

  1. Open the Virtual Console Keymap menu.
  2. Display the list of available keymaps.
  3. Select the required keyboard layout, for example fr-azerty.

Set Hostname

Menu path: A -> 1 -> 1

  1. Open the hostname configuration option.
  2. Enter the fully qualified domain name of the appliance, for example tanium-core01.example.local.

Configure DNS Server

Menu path: A -> 1 -> 2

  1. Open the DNS configuration option.
  2. Enter the DNS server address used by your environment.

Configure NTP

Menu path: A -> 3 -> A

  1. Open the NTP configuration option.
  2. Enter the NTP server used by the appliance.
  3. If needed, use a public example such as pool.ntp.org in lab documentation.

Accept the EULA and Finish Initial Setup

Menu path: Q from the TanOS main menu to view the EULA.

  1. Open the EULA viewer.
  2. Exit the viewer after review.
  3. Enter the email address required for license acceptance.
  4. Finish the initial setup and return to the main TanOS menu.

Checks after completion: keyboard, hostname, DNS, NTP, and EULA acceptance are completed before moving to account configuration.

User Account Configuration

Menu path: C -> U for existing TanOS users and C -> L for local Tanium users.

  1. Open the User Administration Menu.
  2. Open the existing user account list.
  3. Configure the tanadmin account: use C -> U -> x -> C to change or enable the password if required, and C -> U -> x -> A to manage SSH authorized keys.
  4. Configure the tancopy account: use C -> U -> x -> A to add the SSH public key and C -> U -> x -> N to disable password access if required.
  5. Create the tanrecovery account if it does not already exist by using C -> L -> 1.
  6. Manage the account with C -> L -> 2, then assign the admin role, add the SSH public key, and disable password authentication.

Checks after completion: all required accounts exist and the expected SSH keys are configured.

Backup Preparation

Add SSL Backup Key

Menu path: B -> 1 -> E

  1. Install OpenSSL on the management workstation if it is not already available.
  2. Generate a 3072-bit RSA key pair.
  3. Keep the private key offline and protected.
  4. Connect to the appliance using tanadmin.
  5. Open Appliance Maintenance -> Backup -> Edit key.
  6. Paste the public key contents and save the configuration.

Checks after completion: the public backup key is stored on the appliance and the private key is secured offline.

Screenshot to add: backup key menu and key import screen.

Export the GRUB Key

Menu path: B -> X -> 6

  1. Open Appliance Maintenance Menu.
  2. Open Advanced Configuration.
  3. Select Export GRUB Key.
  4. Use an SFTP client such as WinSCP with the tancopy account to retrieve the generated archive from the outgoing directory.
  5. Store the file in a protected backup location.

Checks after completion: the GRUB key archive is exported, downloaded, and stored securely.

Screenshot to add: Advanced Configuration menu, Export GRUB Key option, and outgoing SFTP directory.

Create the Appliance Array

Menu path: 1 -> M, then C to create the array and A to add members.

  1. Open the Tanium Installation Menu.
  2. Open Manage Appliance Array.
  3. Select Create a new array.
  4. Enter a name for the array, for example Tanium-Array-01.
  5. Add additional appliances one by one and authenticate with the administrative account when prompted.

Checks after completion: all required appliances are visible in the array and communication between members is healthy.

Screenshot to add: Manage Appliance Array menu, array creation screen, and member addition screen.

Install the Tanium Server Role

Requirement: if you perform a manual or offline installation, upload the required RPM package first with the tancopy account.

Install the Core Server

Menu path: 1 -> 2

  1. Open the Tanium Installation Menu.
  2. Select Install the Tanium Server.
  3. Set the initial Tanium web console administrator password when prompted.
  4. On the first appliance in the array, download the server role package if required by the installation workflow.

Checks after completion: the Tanium Server role is installed and the web console administrator password is set.

Install the Module Server

Menu path: 1 -> 3

  1. On the second appliance, open the Tanium Installation Menu.
  2. Select Tanium Module Server.
  3. Let the appliance coordinate the role installation with the existing array.

Checks after completion: the module server role is installed and visible as part of the appliance array.

Associate the Core Server and Module Server

Menu path: 2 -> A, then use 3 to read the instructions and the module-server registration steps available on the appliance.

  1. On both appliances, open the Tanium Operations Menu.
  2. Open Configure Module Server.
  3. Open View Instructions to review the guided pairing steps.
  4. On the core server appliance, select Configure Core Server.
  5. On the module server appliance, select Configure Module Server.
  6. Follow the guided prompts until the association completes.

Checks after completion: the core server and module server are paired and the module configuration is healthy on both appliances.

Complete the Web Installation

  1. Open the appliance web interface in a browser by using the appliance hostname or IP address over HTTPS.
  2. Upload the license file.
  3. Open the configuration area.
  4. Open the Solutions submenu.
  5. Select the recommended installation proposed by Tanium.
  6. Wait until the solution deployment completes.

Checks after completion: the license is imported, the recommended solutions are installed, and the console is accessible.

David Wuibaille

Similar Posts

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.