1E Client features and modules
You will need to decide which client features and modules to enable and configure. Unless otherwise stated, modules are only available on Windows computers. Please refer to Supported Platforms for details of supported OS platforms.
|1E Client||This is the main service that determines which features and modules are enabled, including uninstallation of legacy versions of the 1E clients listed below.|
1E Client feature which replaces Tachyon Agent to support Tachyon 4.1 and later but will work with earlier versions of Tachyon Server.
Must be enabled on each end-user device to provide Real-time and Inventory features to support the following Tachyon applications: Explorer, Experience, Guaranteed State, Patch Success, Application Migration, and AppClarity. Also required to support Tachyon integration with NightWatchman and Nomad.
Supports Windows and non-Windows devices.
Full Tachyon infrastructure including Master and Response Stacks.
See Tachyon infrastructure below.
1E Client module which replaces Shopping Agent and Windows Servicing Assistant (WSA) to support Shopping 5.5.200 and later. This version contains hotfixes.
Must be enabled on each end-user device to support access to the Shopping web portal, and WSA features to support OS rebuilds and upgrades.
|Shopping Central website and Shopping Receiver services are required, as described in Shopping infrastructure below.|
1E Client module which replaces WakeUp Agent to support WakeUp Server 7.2.500 and later. This version contains hotfixes.
Must be enabled on each end-user device to support Wake-on-LAN and Configuration Manager policy refresh. Also integrates with the 1E NightWatchman Agent.
|WakeUp Servers are required, as described in NightWatchman and WakeUp infrastructure below.|
1E Client module which replaces the NomadBranch client to support Nomad 7.0 and later, as well as Tachyon clients use of the Nomad content download feature.
Must be enabled on each end-user device to provide bandwidth efficient download of content for Tachyon clients, as well as Configuration Manager clients. It is optionally used by PXE Everywhere.
ActiveEfficiency Server is required for several Nomad features, as described in Nomad infrastructure below.
All modules including the Tachyon client feature can be optionally enabled during deployment of the 1E Client or after deployment by enabling features in its configuration file.
1E Client deployment
You will need to plan the deployment of 1E Client using whichever software deployment tools you have. For details of interactive and command-line installation, please refer to Deploying 1E Client on Windows.
The 1E Client Deployment Assistant (CDA) can be used with Microsoft System Center Configuration Manager to deploy 1E Client, and also 1E NightWatchman Agent and PXE Everywhere.
Upgrading to 1E Client
Upgrading from 1E Client 4.1 to 1E Client 5.0 simply requires deploying the new version, using the same or different configuration settings.
If you are upgrading from Tachyon Agent, Shopping Agent, NomadBranch and/or 1E Agent (for NightWatchman and WakeUp) then please refer to Upgrading to 1E Client.
Tachyon infrastructure dependencies
Please refer to Tachyon 5.0 documentation for more details.
If you intend using Tachyon for its Real-time, Inventory, Patch Success, or Guaranteed State features, then you require at least one Tachyon Server and a Tachyon license.
Organizations with less than 50000 devices will typically have a single-server system with one Tachyon Switch, but there may be reasons why a more complex configuration would be required. Key factors are the location of servers and how devices and users will connect to them.
Every Tachyon system has a single Master Stack, which provides web services for Tachyon applications.
Tachyon Real-time features requires Response Stacks, and optional DMZ Servers. Each Response Stack has a Tachyon Core component that supports an associated set of up to five Tachyon Switches, which is the primary mechanism for rapidly requesting and retrieving responses from the Tachyon clients. As each Switch can handle up to 50,000 devices there is a limit of 250,000 devices per Response Stack.
The Tachyon Switches may be local or remote to the other components in the Response Stack. Tachyon, Catalog, SLA and BI databases are installed on SQL Server database instance(s) that may also be local or remote to their respective Master or Response Stacks. It is also possible for multiple Response Stacks to share the same Responses database. The Experience and BI cubes are installed on a local or remote SQL Server Analysis Services (SSAS) instance.
PKI and certificates
Client-Switch communication uses WebSocket Secure protocol, whereby each Tachyon client establishes a secure link to the Switch which is then used by the Switch to send instructions to the Tachyon client. This is shown as a dotted line in the pictures in the Communication Ports page.
All other communications from external devices use HTTPS, including Tachyon client connecting to the Background Channel in order to download resources that may be required by instructions, and using the Tachyon Portal to administer and use the system.
All communication is encrypted, which requires a Public Key Infrastructure (PKI). More specifically, PKI is required for:
- Tachyon web server certificate - prerequisite for each Tachyon Server website, must contain all the DNS Names used for the server
- Tachyon Server certificate - usually an exported version of the website certificate
- Tachyon client certificates - each Tachyon client uses the device's client certificate to authenticate itself to Tachyon Switches
- Certificate Revocation Lists (CRLs) - Tachyon clients and Switches use HTTP-based CRL Distribution Points to validate certificates
- Code signing certificates - used for signing custom and modified instructions, so they can be imported into Tachyon and then run
- Digital signing certificates - used for signing 1E software
You can use Tachyon Setup to install Tachyon Server so it does not require Tachyon clients to present certificates to the Tachyon Switch. The Platform can be reconfigured later to re-enable use of client certificates when your environment is ready. The Tachyon Server requires a Web Server certificate. If this is an issue for you then please contact 1E.
In addition to PKI and network requirements, other infrastructure dependencies are:
- DNS - each Tachyon Server requires a DNS Name, this is also useful for ActiveEfficiency Server if it is installed
- Active Directory - for installation and user accounts; Tachyon can be configured to use LDAP but uses GC by default
- IIS - a standard configuration required on each Tachyon Server
- SQL Server - for Tachyon Master and Response Stack databases, Catalog SLA and BI databases, and ActiveEfficiency if installed
- SQL Analysis Services - must be installed in multi-dimensional mode, for Business Intelligence (SLA BI cube) required by Patch Success
- Email - optional for approval and notification emails, but required if using two-factor authentication (2FA)
- Internet access - the Master Stack requires access to the 1E license service via the Internet in order to keep the Tachyon license activated, and 1E Catalog requires access to the 1E Catalog Cloud service to download Catalog updates
For more detail about client certificates, please refer to Tachyon client requirements: Client Certificates.
Tachyon client downloads content from the Tachyon Background Channel. Content is mainly scripts and other files required by Tachyon instructions. It also includes client resources such as extensible modules, providers, and other dependencies to maintain the 1E Client. In most cases, client resources are version controlled to prevent repeated downloads. Tachyon instructions always request a download even if they have run an instruction before, unless the content for that instruction has been cached in memory.
You may need to consider the impact on the network if there is a large amount of content included in an instruction. This is more of an operational consideration instead of a design consideration.
1E Nomad is an optionally licensed component of the 1E Client. It makes software deployment, patching and downloading content more efficient and reduces the impact on the network. It removes the need for remote Distribution Point servers in Microsoft System Center Configuration Manager systems. When Nomad is installed on computers it automatically elects a peer to download content from a server over the WAN and then peer-shares the content with other PCs at the same location. The downloaded content is cached locally on each PC in case it is needed again.
Tachyon can optionally use Nomad to download content from servers irrespective of whether Nomad is integrated with Configuration Manager or not, and also uses advanced Nomad features which use ActiveEfficiency.
Nomad integration disabled
If Nomad integration is not used, the following apply:
- Tachyon client waits a randomized stagger period defined by its DefaultStaggerRangeSeconds setting, and then downloads content from the specified Background Channel.
- Tachyon client retains modules and extensibles that it has downloaded, but does not retain instruction scripts after they have been run. Any instruction that requires a script or other file will download the latest version each time the instruction is run.
Nomad integration enabled
Nomad integration is available on Windows PC devices and is enabled by default, but can be disabled during installation of the 1E Client.
With the Nomad integration feature enabled, Tachyon client will detect if Nomad v6.0.100 or later version is running on the device.
- Tachyon client immediately requests Nomad to download content from the specified HTTP source such as the Background Channel. Nomad behaves in the same way as it does with Configuration Manager by ensuring the latest version of content is obtained and electing a master to perform the actual download.
- Nomad maintains its own cache of downloaded content which avoids the need for repeat downloads over the WAN, and provides content to peers that require the same resources which avoids peer devices having to download over the WAN.
- If the Nomad integration feature is enabled, and requested content is not provided within the timeout period, the Tachyon client will fall back to downloading directly from the HTTP source. The most likely reason for a timeout is if Nomad is busy downloading other content.
To use Nomad, there is no special configuration of Tachyon Servers. The Background Channel is a web application on the Tachyon Server which uses HTTPS and default port is 443. The URL for the Background Channel is defined in the 1E Client configuration file and is specified during installation of the 1E Client if Tachyon features are enabled. The Tachyon client passes this URL to Nomad when it requests content to be downloaded. Instructions can also specify other HTTP sources.
Nomad does not need to be configured to use certificates in order to communicate with the Background Channel (the Nomad CertIssuer and CertSubject settings are used only with Configuration Manager Distribution Points that are configured to validate device certificates).
Nomad Single-Site Download (SSD) feature uses ActiveEfficiency Server to further reduce the impact downloading content over the WAN.
Shopping infrastructure dependencies
Please refer to Shopping 5.6 documentation for more details.
Shopping requires an ActiveEfficiency Server, and ActiveEfficiency Scout to import data from Configuration Manager into ActiveEfficiency.
A Shopping solution requires a Shopping Central server on a web server, and a Shopping Receiver installed on each Configuration Manager Site server that has client reporting to it, and on a CAS if using Shopping for OS Deployment.
If users are using Edge or Metro browsers then you must enable the loopback feature. This feature implements a mechanism for passing information between the Shopping client, the browser's secure sandboxed environment and the local machine. This mechanism affects these browsers as a whole and is not just restricted for use by Shopping.
NightWatchman and WakeUp infrastructure dependencies
Please refer to NightWatchman Enterprise 7.2.500 documentation for more details.
A NightWatchman Management Center server is required if implementing NightWatchman or WakeUp solutions.
If implementing WakeUp, or Nomad integration with WakeUp, then you require at least one WakeUp Server. If you have Configuration Manager you require a WakeUp Server on each Site server that has clients reporting into it. If you do not have Configuration Manager you require one or more independent WakeUp Servers.
1E NightWatchman Agent is a separately installed client agent, that can optionally be used to help with power management of computers. It is not included in 1E Client, but is included in the 1E Client Deployment Assistant (CDA) which assists with deploying Windows versions of 1E clients via Configuration Manager. When 1E NightWatchman Agent is installed alongside the WakeUp client it will optionally manage the computer returning to its original power state after being woken using 1E WakeUp and the computer is not busy, for example installing patches.
Web WakeUp is an optional server component that is typically installed on the NightWatchman Management Center server. It is a web portal for users and administrators to search for computers to wake. It optionally provides a remote desktop link to the woken computer.
Nomad infrastructure dependencies
Please refer to Nomad 7.0 documentation for more details.
In addition to deploying 1E Client (with Nomad client module enabled) on all computers and on Configuration Manager Distribution Points, the following are also required:
- Nomad tools installed on Configuration Manager sites and SMS Providers
- Nomad Configuration Manager Console extensions on Configuration Manager site servers any other computer that has the Configuration Manager Console installed
As explained above, Nomad can be used for downloading content for Tachyon clients, as well as Configuration Manager clients.
The following Nomad features require ActiveEfficiency:
- Single-site download
- Single-site Peer Backup Assistant
- Nomad pre-caching
- Nomad Dashboard
- WakeUp integration (also requires NightWatchman Management Center server, WakeUp Servers installed on Configuration Manager sites, and Single-site download)
- Nomad Download Pause (also requires Tachyon infrastructure)
If you will be using any of these features with Nomad 7.0 you must install ActiveEfficiency 1.10 with the latest accumulated hotfix available on the 1E Support Portal (https://1eportal.force.com/s/article/LatestHotfixes).
PXE Everywhere is a separately installed client agent, that can be optionally used to help with OS Deployment. It is not included in 1E Client, but is included in the 1E Client Deployment Assistant (CDA) which assists with deploying Windows versions of 1E clients via Configuration Manager. PXE Everywhere does not depend on Nomad but is often used with Nomad. Nomad helps with distribution of PXE boot images via Configuration Manager.