Installing Tanium Module Server on a Dedicated Server Device

Tanium Server requires the installation of Tanium Module Server on a dedicated device. The remote location of Tanium Module Server helps to prevent the execution of malicious or otherwise unauthorized code on the Tanium Server device or across the security network.

NOTE
Tanium Module Server does not support silent mode installation.
 

Requirements

Tanium Module Server 6.5 has the following basic requirements for hardware and software.

Hardware

The hardware requirements for Tanium Module Server 6.5 depend on the configuration of the security network, including:

  • Whether the server device is physical or virtual
  • The number of managed endpoints

The minimum requirements to run Tanium Module Server 6.5 on a Windows-based server device are as follows:

  • 4 processor cores
  • 8 GB RAM
  • 150 GB disk space

For detailed guidance on how to allocate a server device for Tanium Module Server, see System Requirements.

Software

Tanium Module Server 6.5 runs on 64-bit editions of Microsoft Windows Server operating systems including:

  • Microsoft Windows Server 2008 R2 or later versions

Before you install Tanium Module Server

The Tanium Module Server installation process requires certificate and key files that are distributed with Tanium Server. These files must be copied into a directory on the Tanium Module Server device before installation. The Module Server installer uses information from these files during the installation process.

To copy the certificate and key files

  1. Locate the SOAPServer.crt and SOAPServer.key files on your Tanium Server. They are located in the Tanium Server folder by default.
  2. Copy them onto the Tanium Module Server device, into the directory that contains SetupPluginServer, the Tanium Module Server installer.

Installation

Your Technical Account Manager (TAM) will provide a link to download Tanium Module Server after it is licensed.

To install Tanium Module Server

  1. Right-click SetupPluginServer and select Run as Administrator.
    Fig20_ms_install_1.png
     
    Figure 1: Run the Tanium Module Server installer as Administrator

    The Tanium Module Server installation wizard opens.

    600px-Fig21_ms_wizard_welcome_2.png
     
    Figure 2: Tanium Module Server Setup Wizard
  2. Click Next to review the License Agreement.
    600px-Fig22_ms_license_agreement_3.png
     
    Figure 3: Tanium Module Server License Agreement
  3. Click I Agree.
    600px-Fig22_ms_install_location_4.png
     
    Figure 4: Choose the installation location
  4. (Optional) Change the directory location where Tanium Module Server will be installed. By default, this location is C:\Program Files\Tanium\Tanium Plugin Server.
  5. Click Next.
    600px-Fig23_ms_port_spec_5.png
     
    Figure 5: Set the configuration of the Module Server
  6. (Optional) In Plugin Server Port, change the number of the port that Tanium Module Server uses.
  7. Select Use Existing Certificate and Key. The installer will detect these files if they have been copied into the same directory. 
    If necessary, for Certificate Path and for Key Path, click Browse and select the appropriate file.
  8. Click Install.
    600px-Fig24_ms_install_prog_5.png
     
    Figure 6: Installing Tanium Module Server

    The installation process begins.

    600px-Fig25_ms_wizard_complete_6.png
     
    Figure 7: The setup wizard completes

    At the end of the installation process, the wizard displays a completion message.
  9. Click Finish.

After you install Tanium Module Server

Tanium Module Server typically requires the following post-installation tasks.

Migrate proxy settings

If your deployment of Tanium Server uses proxy servers, you will need to configure those settings on Tanium Module Server.

Modify Windows Registry

After you deploy a Tanium Module Server to a remote device, Tanium Server must be configured to use the remote instance. This requires a change to the Tanium key in Windows Registry on the Tanium Server device. Note that this must be done for each instance of Tanium Server deployed using the Tanium Server installer.

To configure Tanium Module Server

  1. On the Tanium Server device, in Run, type "regedit.exe" and press ENTER.
  2. Navigate to the Tanium hive, and locate the following Registry key:
    HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Tanium\Tanium Server
  3. Replace the value of the key with the fully qualified hostname of the Tanium Module Server device.
    600px-Fig25_ms_registry_config_7.png
     
    Figure 8: Modying the Module Server Registry key

    After Windows Registry is configured to use the remote instance of Tanium Module Server, you can uninstall the local instance that is installed by default with Tanium Server. 

    600px-Fig26_ms_localSrv_uninstall_7.png
     
    Figure 9: The Module Server is shown in the list of local services on the Tanium Server device

To uninstall the local instance of Tanium Module Server

  1. On the Tanium Server device, click Control Panel.
  2. Click Programs and Features.
    600px-Fig28_ms_uninstall_conf_8.png
     
    Figure 10: Tanium Module Server service is uninstalled from the Tanium Server device

    When the uninstallation process is complete, a success message appears.

    You can confirm the uninstallation on the Tanium Server device, in Server Manager.

    600px-Fig26_ms_uninstall_verify.png
     
    Figure 11: Verifying uninstallation of the Module Server from the Tanium Server device

To confirm the removal of the local Tanium Module Server service

  1. On the Tools menu, select Services.
  2. Check the Names column on the Services (Local) page for Tanium Plugin Server or Tanium Module Server. Neither should appear.

Verify the installation of Tanium Module Server

To verify the remote instance of Tanium Module Server, confirm that the Module Server service is visible and available to Tanium Server.

To verify the installation

  1. Open a web browser.
  2. Use Secure HTTP to view the information page for the Tanium Server service. For example: https://172.0.0.1/info
  3. In the left pane, in Module Cache, confirm that the hostname or IP address of Tanium Module Server is listed with the port number. By default, the port number is 17477.
Have more questions? Submit a request