Contents

Tachyon client settings

Summary

Installer properties and configuration file settings for the Tachyon client features of the 1E Client. These settings are common to Windows and non-Windows platforms.

Installer properties:

Configuration file settings

Where <source> is :

Configuration file settings can be managed using 1E Client reconfiguration, Tachyon Explorer configuration instructions, Tachyon Guaranteed State policies, Configuration Manager baselines or other means. Registry settings can also be managed by Windows Group Policy.

On this page:

Tachyon client settings

The following table shows Tachyon client settings, all are included in the template configuration file, except where indicated.

If Tachyon client features are not required then the connection to Tachyon Platform is not required, and both Switch and BackgroundChannelUrl settings must be set to none when doing a non-interactive (silent/quiet) install using installer properties on a command-line or in a MST transform file. When doing an interactive install then you must uncheck the Enable Tachyon checkbox. Tachyon client features are not required if the 1E Client is being installed only to support Nomad, Shopping, or WakeUp.

Core settingDefaultDescription

AuthenticationPolicy

optional

Determines whether the Tachyon client presents a certificate when authenticating with a Tachyon Switch. A Switch will reject a connection if configured to require certificates from clients and a client does not present a valid certificate.

The value must be set to one of the following. The default value is set to Optional.

ValueDescription
none

Do not present a certificate. This option is not visible when installing the 1E Client interactively, but can be configured using a command-line installer property.

optional

Present a certificate if a suitable one exists. If none exists continue with the connection anyway. This is the default value.

This option is useful if you are deploying the 1E Client before you have deployed certificates. Tachyon Switches can be configured so they do not require client certificates, but if you did not select that option during installation then you can change the server setting.

requiredPresent a certificate if a suitable one exists, otherwise fail the connection.

BackgroundChannelUrl


If Tachyon client features are not required then the connection to Tachyon Platform is not required, and both Switch and BackgroundChannelUrl settings must be set to none when doing a non-interactive (silent/quiet) install using installer properties on a command-line or in a MST transform file. When doing an interactive install then you must uncheck the Enable Tachyon checkbox.

Tachyon client features are not required if the 1E Client is being installed only to support Nomad, Shopping, or WakeUp.

To connect to the Tachyon platform then BackgroundChannelUrl will have one or more entries in the format:

BackgroundChannelUrl=https://<BackgroundChannelServer>:<BackgroundChannelPort>/Background/

<BackgroundChannelServer> is the DNS Name FQDN of the server, which is the same as:

  • the HTTPS Host Header specified on the Website Configuration screen of Tachyon Setup, which is the HTTPS binding for the Tachyon website
  • the same as <SwitchName>
  • the DNS Name specified in the Tachyon Server's Web Certificate

<BackgroundChannelPort> is the Port number, which is the same as:

  • the HTTPS Port specified on the Website Configuration screen of Tachyon Setup, which is the HTTPS binding for the Tachyon website
  • if using the default HTTPS port 443, then the port can be omitted from the URL

In systems with multiple server and multiple DNS Names, there will be multiple entries on one line using a semi-colon (;) as the delimiter between entries. For example:

BackgroundChannelUrl=https://tachyon.acme.local:443/Background/;https://tachyon.acme.com:443/Background/

Multiple DNS Names may exist in complex systems where there are multiple servers, Switches, and devices on different networks, such as the Internet as well as the corporate network.

Each time Tachyon needs to download content, it will try each entry in turn, starting at the first, until it is able to download or stops trying and reports an error.

ConnectionKeepaliveTimeInSecondsMin

ConnectionKeepaliveTimeInSecondsMax

Min: 600 (10 minutes)

Max: 840 (14 minutes)

Determines the time in seconds for the Tachyon client to wait between sending a keep-alive messages to the Switch.

Tachyon client will wait a random amount of time between the two values set as minimum and maximum. Range is 0 to 900 seconds (No keepalive to 15 minutes).

ConnectionRetryTimeInSecondsMin

ConnectionRetryTimeInSecondsMax

Min: 30 (seconds)

Max: 900 (15 minutes)

Determines the time in seconds the Tachyon client waits before trying to reconnect to a Switch after a connection failure.

The Tachyon client tries once for each Switch in the list of Switches, and if it fails to connect then it waits before trying again. The wait is a random amount of time between the two values set as minimum and maximum. Range is 5 to 86400 (5 seconds to 24 hours).

See also FastReconnectTimeInSeconds.

ConnectionTimeout

30 (seconds)

The maximum time in seconds that can elapse between the Tachyon client initialising the connection with a Switch and having a fully established websocket.

Range is 1 to 60.

CRLChecks

soft

Determines whether Tachyon client does Certificate Revocation List (CRL) checking for:

  • the certificate it presents to the Switch when requesting a connection (see also AuthenticationPolicy, which determines whether Tachyon clients present a certificate or not)
  • the certificate received from the Switch when requesting a connection
  • the certificate received from the Background Channel server before attempting to download content
  • the certificate received from any other HTTPS-based endpoint from which Tachyon client downloads content
  • the certificates used for digital signing of 1E Client executables (typically the certificate is found in the Trusted Publishers Store)

The value must be set to one of the following. The default value is set to soft.

ValueDescription
offNo CRL checking is performed by the 1E Client.
soft

This is the default.

Full CRL checking is performed by the 1E Client for each certificate in the list above. However if a CRL Distribution Point (CDP) is unreachable then only a warning will be reported.

A certificate error occurs if a CDP is available and the CRL cannot be retrieved or refreshed, or the certificate is revoked.

hard

Full CRL checking is performed by the 1E Client for each certificate in the list above. If a certificate error occurs then Tachyon client stops processing the request.

A certificate error occurs if a CDP is not available, or the CRL cannot be retrieved or refreshed, or the certificate is revoked.

If a certificate error occurs then Tachyon client will not proceed, or will not start in the case of a digital signing certificate error.

By default, the Switch will reject the connection if it cannot check a certificate presented by Tachyon client. If CRL checking is not possible then please contact 1E for guidance on how to configure Switches so they do not require CRL checking.

CRLTimeoutInSeconds

This setting does not have an equivalent Windows Installer property and is not in the template configuration file.

3 (seconds)

The maximum time in seconds that is allowed to elapse whilst the Tachyon client attempts to download a Certificate Revocation List (CRL) from a CRL Distribution Point.

The range is 1 to 10 seconds.

DefaultStaggerRangeSeconds


300 (5 minutes)

Some operations (including HTTPS downloads from the BackgroundChannel) are randomly time-staggered across Tachyon clients. This property dictates the upper-limit on the default randomization period in seconds.

Range is 0 to 3600. Default is 300.

Use 0 to instruct Tachyon client not stagger operations by default.

Do not change this value unless advised by 1E. Only use 0 or a low value in systems that support less than 500 clients.

This setting is not used for HTTPS downloads from the BackgroundChannel if NomadContentDownloadEnabled is true, because Nomad does the bandwidth management.

EnablePayloadCompression

true

Determines whether the Tachyon client should attempt to compress payloads when responding to instructions, if it looks like compression would be beneficial.

Must be set to true or false.

FastReconnectTimeInSeconds

This setting does not have an equivalent Windows Installer property and is not in the template configuration file.

15 (seconds)

During machine wakeup, following a machine sleep or hibernation, the first reconnect attempt to the Switch will occur in <FastReconnectTimeInSeconds> seconds.

This value is configurable between 5 and 60 seconds.

For the majority of Windows devices the default value of 15 seconds is more than adequate for the Windows network stack to stabilise on wakeup.

On non-Windows platforms this property is currently ignored.

See also ConnectionRetryTimeInSecondsMin/Max.

LoggingLevel

Info

Determines how much logging information is generated. This may be set to one of the following values. The default value is info.

ValueDescription
Error

Only outputs errors. An error is a serious problem, typically requiring operator intervention of some sort to restore full functionality.

Warn

Outputs errors and warnings. A warning indicates a potential problem, where the system can nonetheless function without intervention.

Info

Outputs general information in addition to the errors and warnings. This is the default.

Debug

Outputs debugging information in addition to all the previous levels.

TraceOutputs the maximum information available. Used only in exceptional circumstances as it will generate huge amounts of logging output.
Logging levels should only be changed from info only if requested by 1E Support and reset to info after investigation is complete.

LogPath 

This setting is shared with the 1E Client.

1E Client logs on Windows

%ALLUSERSPROFILE%\1E\Client\1E.Client.log (used by 1E Client and Tachyon features, and Shopping client)

%ALLUSERSPROFILE%\1E\Client\NomadBranchUninstall-YYYY_MM_HHTMM_HH_SS_000Z.log

1E Client logs on macOS

/Library/Logs/1E.Client.Daemon.log (shows any service start errors)

/Library/Logs/1E.Client.log (shows the current operation of the 1E Client)

1E Client logs on other non-Windows platforms

/var/log/1E/Client/1E.Client.log

The LogPath setting is stored in the 1E.Client.Conf file and determines the full path and filename of the 1E Client log file.

The 1E Client log is shared by:

  • 1E Client
  • Tachyon client features
  • Shopping client module (only available on Windows OS)

To change the logging level, please refer to LoggingLevel in the 1E.Client.CONF file.

The following are not configurable in this version:

  • Maximum size of 5MB
  • 5 rollover files numbered 1 (newest) to 5 (oldest) with the rollover number included as n.log

By default, Windows resolves %ALLUSERSPROFILE% as C:\ProgramData\

See Log files for more details about 1E Client logs.

NomadContentDownloadEnabled

true

The Nomad integration feature is for Windows clients only. The feature is enabled if this value is set to true and 1E Nomad v6.0.100 or later version is running on the device. There is no dependency on Configuration Manager which Nomad also integrates with.

ValueDescription
False

  • Tachyon client waits a randomized stagger period defined by its DefaultStaggerRangeSeconds setting, and then downloads content from the specified Background Channel.
  • Tachyon client retains modules and extensibles that it has downloaded, but does not retain instruction scripts after they have been run. Any instruction that requires a script or other file will download the latest version each time the instruction is run.

True

  • Tachyon client immediately requests Nomad to download content from the specified HTTP source such as the Background Channel. Nomad behaves in the same way as it does with Configuration Manager by ensuring the latest version of content is obtained and electing a master to perform the actual download.
  • Nomad maintains its own cache of downloaded content which avoids the need for repeat downloads over the WAN, and provides content to peers that require the same resources which avoids peer devices having to download over the WAN.

NomadContentDownloadTimeoutSecs

600 (10 minutes)

The Nomad integration feature is only for Windows computers. If this feature is enabled, and requested content is not provided within the timeout period, Tachyon client will fall back to downloading directly from the Background Channel

The most likely reason for a timeout is if Nomad is busy downloading other content.

The range is 10 to 3600 (1 hour).

On all non-Windows platforms this property defaults to 0 and is ignored.

PolicyEnabled

true

Determines if the Policy feature of the Tachyon client is enabled (true) or not (false). The Policy feature is responsible for downloading, evaluating and reporting on policy rules defined in the Tachyon Guaranteed State application on Tachyon Server

Must be set to true or false.

SelectRowsLimit

This setting does not have an equivalent Windows Installer property, but is in the template configuration file.

100000 (105)

Limits the number of rows returned by a SELECT expression. The principle is that if there is more than this number of rows then something has gone wrong. This limit prevents an unexpectedly excessive amount of both data and CPU usage.

The range is 1 to 1000000000 (109). The default value is 100000 (105).

It is not considered an execution error if the limit is reached, although a warning will be written to the 1E Client log.

SSL

TLSv1.2

Determines which security protocol the Tachyon client uses when connecting to Tachyon Switches and Background Channel.

SSL must be set to one of the following values:

ValueDescription
TLSv1.2

TLS version 1.2 is a cryptographic protocol aimed at securing the network transport layer, and has recently been adopted by all the major browsers. It is considered to be more secure than SSLv3. This is the default.

Always use the default TLSv1.2 unless advised by 1E.

Switch


If Tachyon client features are not required then the connection to Tachyon Platform is not required, and both Switch and BackgroundChannelUrl settings must be set to none when doing a non-interactive (silent/quiet) install using installer properties on a command-line or in a MST transform file. When doing an interactive install then you must uncheck the Enable Tachyon checkbox.

Tachyon client features are not required if the 1E Client is being installed only to support Nomad, Shopping, or WakeUp.

To connect to the Tachyon platform then Switch will have one or more entries in the format:

Switch=<SwitchName>:<SwitchPort>

<SwitchName> is the DNS Name FQDN for one or more Switches. This is the same as the following except in a custom configuration where the Switch is installed on its own:

  • the HTTPS Host Header specified on the Website Configuration screen of the Tachyon Server installer, which is the HTTPS binding for the Tachyon Web Site
  • the same as <BackgroundChannelServer>
  • the DNS Name specified in the Tachyon Server's Web Certificate.

<SwitchPort> is the Port number, which has default value of 4000. Any other port number is used only in a complex configuration if advised by 1E.

In systems where there are multiple DNS Names, there will be multiple entries using a semi-colon (;) as the delimiter between entries. For example:

Switch=tachyon.acme.local:4000;tachyon.acme.com:4000

Multiple DNS Names may exist in complex systems where there are multiple servers, Switches, and devices on different networks, such as the Internet as well as the corporate network.

When the Tachyon client attempts to find a Switch, it will try each entry in turn, starting at the first. If all attempts fail Tachyon restarts the connection process after a period determined by ConnectionRetryTimeInSecondsMin/Max.

WorkerThreads

2

Determines the number of threads that will execute instructions concurrently. This property enables instructions to be run simultaneously and prevents long running instructions from blocking others.

Range is 1 to 8. 1 means all instructions are run sequentially on the same thread.

Inventory module settings

This section describes configuration settings for the Tachyon Activity Record feature provided by the Inventory module. 

The Tachyon client, while running, continuously captures details of certain activities and events as they happen, similar to Windows Task Manager or Perfmon. During startup, the Tachyon client is able to detect some events that occurred when it was not running. Data is regularly written into a local, compressed and encrypted persistent storage tables, that are accessible to SCALE as SQL tables. The Tachyon client periodically aggregates data in order to minimize the amount of storage required, so that each capture source has a live, hourly, daily and monthly table. The whole process is designed to minimize impact on device performance, storage and security. Please refer to Tachyon SDK - Tachyon Activity Record for details of what data is captured and how to query these tables.

These settings are not included in the template configuration file, and therefore use default values. To set any other value for these the setting must be added to the configuration file.

Capture sources

The table below lists the capture sources supported by the Tachyon Activity Record feature (also known as the Inventory module) and on which OS they are supported. The source name is used in each of the Capture source settings.

Source NameDescriptionWindowsmacOSLinuxSolaris
ARP
ARP cache entries - the Inventory module captures the results of cached IP address to physical address resolutions3.2n/an/an/a
DevicePerformance

Device performance metrics for device performance by interrogating Windows Performance Counters. These metrics cover disk, memory, network and processor performance.

This capture source is required by the 1E Experience application.

5.0n/an/an/a
DNS
DNS resolution queries - the Inventory module captures whenever a DNS address is resolved2.12.1n/an/a
OperatingSystemPerformance

Performance metrics for OS - the metrics executable runs every 4 hours by default

This capture source is required by the 1E Experience application.

5.0n/an/an/a
Process
Process execution - the Inventory module captures whenever a process starts on the device2.12.12.12.1
ProcessStabilization
The time taken for a process execution to be considered stable whenever a monitored process starts on the device3.2n/an/an/a
ProcessUsage

A daily summary of the launches and terminations of processes.

The Process Usage capture source is required by the Tachyon Powered Inventory feature (Tachyon connector).

Process Usage capture can generate high disk I/O while capturing process usage on virtual machine hosts with guests starting at the same time.

3.2n/an/an/a
SensitiveProcess

Performance metrics for sensitive processes - the metrics executable runs every 4 hours by default

This capture source is required by the 1E Experience application.

5.0n/an/an/a
Software

Software installs/uninstalls/presence - the Inventory module captures whenever software is installed/uninstalled, and also captures which software is present on a device

2.12.12.12.1
SoftwarePerformance

Performance metrics for software - Software performance polling is every 10 seconds by default

This capture source is required by the 1E Experience application.

5.0n/an/an/a
TCP
Outbound TCP connections - the Inventory module captures whenever an outbound TCP connection is made2.12.12.1n/a
UserUsage

A daily summary of all the logons and logoffs of users.

This capture source is required by the Tachyon Powered Inventory feature (Tachyon connector).

3.2n/an/an/a

Global capture settings

The table below lists configuration properties that affect all capture sources.

Inventory module settingInstallation defaultDescription

Module.Inventory.Enabled

true

Determines whether the Tachyon Activity Record feature is enabled or disabled.

Must be set to true or false.

Must be set to true if using the Tachyon Powered Inventory feature (Tachyon connector).

If set to true then individual capture sources can be enabled or disabled by setting Module.Inventory.<source>.Enabled to true or false.

If set to false then this setting takes precedence over individual capture source settings with all being disabled.

Module.Inventory.NoEventTracing

This setting does not have an equivalent Windows Installer property and is not in the template configuration file.

false

Controls whether the Inventory module will, on Windows, use a polling-based mechanism to capture data instead of event-based.

The Inventory module will use Windows operating system events to capture data, if the host operating system supports it. If this setting is true, the Inventory module will instead use a polling-based approach to capture data.

This setting is ignored on other operating systems.

Module.Inventory.AggregationIntervalSeconds

This setting does not have an equivalent Windows Installer property and is not in the template configuration file.

60 (seconds)

Determines the frequency, in seconds, at which the Inventory module will write the capture buffers to the live and aggregated tables.

More frequent aggregations will make captured data available for querying sooner, at the cost of more processing on the device.

Range is 30 to 600 (10 minutes).

Capture source settings

The table below lists the 8 settings used to configure each capture source. The relevant <source> name needs to be included in each of the setting names (not case-sensitive): 

The following settings do not have an equivalent Windows Installer property and are not in the template configuration file.

Capture source settingInstallation defaultDescription
Module.Inventory.<source>.Enabled

true (all sources)

Controls whether this capture source is active (true) and will capture data. To disable capture of this data, use false

Disabling the Tachyon Activity Record feature by setting Module.Inventory.Enabled to false, takes precedence over individual capture source settings.

The Process Usage capture source is required by the Tachyon Powered Inventory feature (Tachyon connector).

Process Usage capture can generate high disk I/O while capturing process usage on virtual machine hosts with guests starting at the same time.

Module.Inventory.<source>.BufferSize
1000 (all sources) 

Determines the maximum number of capture entries held in memory during an aggregation period.

The Inventory module will store data in memory prior to writing it to disk (as determined by the Module.Inventory.AggregationIntervalSeconds setting described above). This setting controls the size of the capture buffer available for this data. 

If this capture buffer is exceeded, older entries will be discarded to make room for newer ones. 

For example, based on the default values, if more than 1000 DNS lookups occur within 60 seconds. 

A higher value will allow the Inventory module can capture higher volumes of events at the cost of additional memory use. 

Range is 100 to 10000.

Module.Inventory.<source>.PollIntervalSeconds

30 (all sources except Software and OperatingSystemPerformance)

120 (2 minutes for Software)

14,400 (4 hours for OperatingSystemPerformance)

Determines the frequency, in seconds, at which the capture source will poll for data. This setting is ignored if the Inventory module is using an event-based mechanism to capture data.

A lower value (more frequent polls) is likely to capture more data at the cost of additional processing overhead on the device. 

Range is 5 to 600 (10 minutes) for all sources except for OperatingSystemPerformance.

Do not change the Module.Inventory.OperatingSystemPerformance.PollIntervalSeconds setting unless advised by 1E.

Module.Inventory.<source>.AggregationsBeforeGroom
3 (all sources)

Determines the number of aggregation cycles that should occur before old data is removed (groomed) from the Inventory module’s live disk-based store. See the three Retention settings below.

The Inventory module will store captured data for a limited time before removing it. This setting determines how frequently the grooming operation will be performed. The clean-up operation happens every N aggregation cycles. 

A lower value (more frequent deletion) will remove old data more quickly at the cost of additional processing overhead on the device. 

Range is 1 to 50.

Module.Inventory.<source>.LiveRetention
5000 (all sources)

Determines the maximum number of capture entries that will be stored in the Inventory module’s live disk-based storage. 

The Inventory module stores detailed (non-aggregate, live) capture entries on disk, as well as aggregated capture entries per hour, day and month (see below). This setting determines the limit of the detailed entries. When the limit is reached, older entries are deleted to make room for newer ones. 

A higher value allows storage of a longer period of detailed entries at the cost of additional disk space on the device. Storing more data will also cause queries on that data to take longer.

Range is 100 to 50000.

Module.Inventory.<source>.HourlyRetention
Module.Inventory.<source>.DailyRetention
Module.Inventory.<source>.MonthlyRetention

Hourly: 24 (all sources)

Daily: 31 (all sources)

Monthly: 12 (all sources)

Determines the maximum number of hours/days/months for which aggregated data will be kept in the Inventory module’s disk-based storage. 

The Inventory module will discard data from its hourly/daily/monthly store to make room for newer data. 

A higher value allows a longer record of data to kept at the cost of additional disk space on the device. Storing more data will also cause queries on that data to take longer. 

Note that these settings are independent of one another – for example, it is not necessary to specify an “hourly” value of 24 or greater to be able to capture “daily” values. 

A value of zero means “disable data aggregation at this resolution”. Again, since the settings are independent, it is valid to disable hourly data aggregation yet keep daily and monthly aggregation active. 

Range is 0 (disabled) to 100.

Settings unique to specific capture sources

The following settings do not have an equivalent Windows Installer property and are not in the template configuration file.

Capture source settingInstallation defaultDescription
Module.Inventory.ProcessStabilization.Fuzziness
5Modifies the margins within which a process is considered stable. The default is 5, and the range is 1 to 66 inclusive. This setting should be left unchanged.
Module.Inventory.ProcessStabilization.MonitoredProcesses

This is a comma separated, case insensitive list of executable names (with extensions) of any processes that require stabilization monitoring. By default, this is not set and therefore process stabilization monitoring is disabled. The list should not exceed 15 executables.

Module.Inventory.ProcessUsage.VerboseLogging
falseEnables or disables Process Usage log messages, which typically appear for each data capture refresh. ProcessUsage is used by the Tachyon Powered Inventory feature.
Module.Inventory.UserUsage.VerboseLogging
falseEnables or disables User Usage log messages, which typically appear for each data capture refresh. UserUsage is used by the Tachyon Powered Inventory feature.