System Requirements

• What infrastructure is required to run Tanium?
• What is required to run the Tanium Server?
• What are the resource requirements for the Tanium Client?
• What platforms does the Tanium Client run on?
• How big is the Tanium Database, and can I host it on a SAN, or a SQL Server farm?

Scalability

• How many operators can concurrently use Tanium?
• How many questions can be asked at the same time in Tanium?

Architecture and Security

• What open network ports does Tanium need?
• How does Tanium's security model work?
• What peer-to-peer (P2P) technology does Tanium use?
• If a system is compromised with Tanium access how will the compromise not be replicated throughout the environment?

Administration and Management

• How granular are the access controls for administering Tanium?
• Can users be limited to "read only" and not be able to "write" to a device?

Use Cases

• Can Tanium work on remote clients such as laptops that are rarely plugged in at a campus site?
• How would Tanium handle a malformed virus definition that caused blue-screens on service startup?
• Can Tanium do anything to fix machines where the operating system won't boot?
• Can I use Tanium as a desktop monitoring tool?
• Can I use Tanium to monitor virtual machines? Can you provide additional information for Citrix or VMware systems?
• Can I track custom or in-house applications and show how they are performing?

Sales

• How is Tanium priced?
• How does Tanium react if its license expires?

What infrastructure is required to run Tanium?

Tanium requires only a single piece of infrastructure to manage up to 400,000 managed nodes. That single server can allow hundreds of administrators to concurrently administer the computers in the environment, asking hundreds of questions per second, with no noticeable load on the Tanium Clients, or the network.

What is required to run the Tanium Server?

Use a single server to scale up to your entire enterprise network. Take a look at our server requirements for more details.

What are the resource requirements for the Tanium Client?

The Tanium Client is extremely lightweight and requires very few resources during use. Take a look at our client hardware requirements for more details.

What platforms does the Tanium Client run on?

The Tanium Client runs on Windows, Mac OS, UNIX, and Linux. For specific flavors, take a look at our client hardware requirements for more details.

How big is the Tanium Database, and can I host it on a SAN, or a SQL Server farm?

The Tanium Server's database size varies with the number of managed nodes and the number of questions that are being historically tracked. Please see the Server specifications section above for more information. However, in all cases, the Database can be hosted on a SAN or SQL Server farm if desired.

How many operators can concurrently use Tanium?

Hundreds of console operators can concurrently use Tanium Consoles to administer the managed nodes in the environment.

How many questions can be asked at the same time in Tanium?

Hundreds of questions per second can be processed by the Tanium infrastructure concurrently, with no increase in the latency of answers that are returned.

What open network ports does Tanium need?

In the latest version, the Tanium Client requires only one open port. The enterprise can set them to whatever they would like, but by default, port 17472 used by the client to communicate with the server and with each other. Note that in all cases, the traffic is directed TCP, and that the traffic lends itself easily to deep-packet inspection if desired.

To access the Tanium Console, inbound ports 8080 and 8081 need to be open. These ports are also configurable.

How does Tanium's security model work?

Tanium was designed from the ground up with security in mind, and our communications architecture uses FIPS 140-2 certified cryptography to digitally sign client-to-client and client-to-server communications. Encryption can be quickly enabled if additional security is needed.

Take a look at our product security details for more information.

What peer-to-peer (P2P) technology does Tanium use?

The Tanium communications model is a proprietary implementation, which does not rely on existing P2P technologies to function. We started from first principles because in our estimation, existing P2P methods were too chatty and unregulated for enterprise use, did not lend themselves to packet inspection, used multicast technologies that were not enterprise-viable, and did not have the security layer built in as an integral part of their implementation. As such, Tanium implemented a fully throttled, bandwidth frugal, FIPS 140-2 crypto-secured peer-to-peer architecture that relies solely on point-to-point TCP traffic, and is able to dynamically add and remove clients as they come online with no administrator interaction at all. Since its development, the tool has been security reviewed and production implemented by some of the largest and most demanding enterprises in the world, with very solid results.

If a system is compromised with Tanium access how will the compromise not be replicated throughout the environment?

Every message in Tanium is digitally signed by the server using FIPS 140-2 certified 512-bit elliptical cryptography, and that signature is validated by every client upon receipt prior to processing the message or passing it along. As such, if a system were compromised and tried to insert corrupted data into the stream, it would be immediately rejected by the next client due to failure of the signature.

How granular are the access controls for administering Tanium?

Tanium's management rights structure is based around roles, which can be created by the organization (Tanium comes with 3 suggested roles out of the box, but that is fully extensible). A role can include (or not include) the following rights:

• Ask questions
• Execute existing actions
• Author new actions
• Author new sensors
• Create users
• Assign management rights to other users

As such, it is possible to create an account that can only generate reports, but not take Actions, author new sensors, etc. You could also create a user who is only able to ask questions and author sensors, but not take actions, for example, or a role that can ask question, take and define actions and sensors, but cannot create other users.

Can users be limited to "read only" and not be able to "write" to a device?

Yes. There is a setting that controls whether actions can be executed on a per client basis. At some customers, they have automated the state of that setting through integration with a maintenance window database - please note, however, that this requires a bit of work on their side to set up the query on the database and the action generation to set it. Please also note that Tanium administrator privileges can also be used to restrict who can take actions on particular machines, which allows another axis of control over sensitive assets.

Can Tanium work on remote clients such as laptops that are rarely plugged in at a campus site?

Yes.If hosts VPN into the network, no special configuration needs to be made to support them at all - as far as Tanium is concerned, they are in your core network.

If hosts are not VPN'd in, but instead are just on the internet in general, Tanium can still manage those machines. To do so, Tanium's server component can be placed in the DMZ, allowing clients that are not in the network at all to reach it over the reporting port (or two ports, in the current version), which would allow any clients that are installed with your Tanium Client (and your Tanium Client public key) to be managed, regardless of where they are on the internet. Many of our larger customers deploy in this way, since from a data leak protection and vulnerability standpoint, their hosts that are sitting in Starbucks, for example, are the most likely sources of data leakage or getting viruses/worms.

Also take a look at our sample Use Case Document to see some other use cases our clients are seeing.

How would Tanium handle a malformed virus definition that caused blue-screens on service startup?

We worked with a number of customers during the last event with McAfee. In some cases, they were aware of the potential for blue-screen on reboot in advance of many of their computers actually experiencing the issue, but with other systems management solutions, defining a new policy and distributing it to all computers in their environment would have taken days, which would have allowed most computers that were going to experience the problem to have been affected before a fix could be pushed out.

With Tanium, those customers were able to implement a fix in a Tanium Action, and distribute it to all affected computers within a couple minutes, preventing substantial damage within their environments. Defining a strategy like stopping the scanning service and setting it to manual, deploying a new def, or disabling autoupdate are all seconds of effort in Tanium, compared to days in other systems, which is exactly why Tanium is so useful for triage situations like this one.

Also take a look at our sample Use Case Document to see some other use cases our clients are seeing.

Can Tanium do anything to fix machines where the operating system won't boot?

Tanium does not have the capability to do bare-metal provisioning/reimaging. Doing a restore or reimage to fix affected machines that cannot boot at all is outside of scope currently. That said, we anticipate that we may look to our Intel vPro integration to provide that capability in the future, however.

Also take a look at our sample Use Case Document to see some other use cases our clients are seeing.

Can I use Tanium as a desktop monitoring tool?

That is one of the primary use cases that our customers are currently using the tool for. Since WMI and VBScript give you pretty universal access to performance counters, currently user information (e.g. which application has focus currently for the user), state information (e.g. which services are currently using more than 5% of CPU), etc., we can retrieve all of those out of the box. One of my favorite demonstrations is to ask a question like "give me the cpu utilization of firefox" and see back within 15 seconds off of all the computers the % CPU firefox is consuming.

You can monitor anything you can script in VBScript, Javascript, Perl, Python, WMI, BigFix, etc. so the sky is the limit, and you can find a VBScript that will pull almost anything back in 5 minutes of google searching, which makes it very easy to add a new property to watch.

Here are some Tanium queries and sensors:

• Performance (CPU, Mem, Disk Queues, Ports bound, Network throughput, latency, etc.)
• Application Info (Busy applications by CPU, which apps are currently running, what versions are installed, etc.)
• Security (Which critical services are disabled, which computers have USB drives attached, which computers are using bad DNS servers that are unmanaged, unmanaged browsers, etc.)
• Compliance (which users are logged in using local admin accounts, which computers don't have the screensaver settings enabled, which computers aren't running DLP right now, etc.)

Again, anything that you can script in almost any scripting language that your team knows, you can find in Tanium in 15 seconds.

Also take a look at our sample Use Case Document to see some other use cases our clients are seeing.

Can I use Tanium to monitor virtual machines? Can you provide additional information for Citrix or VMware systems?

Tanium has sensors for VMWare hosts, GUIDs, Client information, etc. It can retrieve all of the other sensors that normally execute as well, allowing you to see the state of your VM images just as quickly as you can for physical boxes. Huge boon there, because VMs go up and down so quickly in some environments that latent data is completely useless, especially if it is days old, as other systems often are. We can give you aggregate performance counters for all clients that are running off a given host as well (e.g. which hosts have clients with high disk queue lengths, which can help pinpoint realtime issues in the virtual environment). We can give similar information for Citrix, e.g. which Citrix servers were saturated, having high CPU utilization, having high disk queues, running out of space, lost connection to their SAN, etc.

Also take a look at our sample Use Case Document to see some other use cases our clients are seeing.

Can I track custom or in-house applications and show how they are performing?

Yes, we can very easily track that type of data, and many of our customers do. You can parse log files with regular expression comparison, look at CPU/Mem/Disk/Network consumption, and see that as a historical trend. That is all out of the box.

Also take a look at our sample Use Case Document to see some other use cases our clients are seeing.

How is Tanium priced?

Tanium is licensed per managed asset that the Tanium Client is installed on. There is no licensing costs for the Tanium Server, the number of Console Operators, or any other characteristic of the environment.

The Tanium has three different licensing models:

• Month-to-Month Commitment

  For enterprises who are just beginning to use Tanium, this is often an attractive option. With a month-to-month commitment, the enterprise can validate the ROI from the Tanium system with very little risk.

• Annual (or multi-year) Commitment

  For enterprises more familiar with the Tanium system, Tanium offers a discount to commit to annual, or multiple year durations, rather than month-to-month.

• Perpetual License

  For enterprises that are very confident that they want to use Tanium for the long-term, Perpetual Licenses are offered, with maintenance charged for support and upgrades thereafter.

How does Tanium react if its license expires?

Tanium prompts the administrators, upon login, that the license is expired and that their Tanium liason should contact Tanium for a renewal. That dialog does not interfere with the system in any way, however, and can be dismissed.