Contents
Tachyon client settings
The following table shows Tachyon client settings, all are included in the template configuration file, except where indicated.
If Tachyon client features are not required then the connection to Tachyon Platform is not required, and both Switch and BackgroundChannelUrl settings must be set to none when doing a non-interactive (silent/quiet) install using installer properties on a command-line or in a MST transform file. When doing an interactive install then you must uncheck the Enable Tachyon checkbox. Tachyon client features are not required if the 1E Client is being installed only to support Nomad, Shopping, or WakeUp.
Core setting | Default | Description | ||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
AuthenticationPolicy | optional | Determines whether the Tachyon client presents a certificate when authenticating with a Tachyon Switch. A Switch will reject a connection if configured to require certificates from clients and a client does not present a valid certificate. The value must be set to one of the following. The default value is set to Optional.
| ||||||||||||
BackgroundChannelUrl | If Tachyon client features are not required then the connection to Tachyon Platform is not required, and both Switch and BackgroundChannelUrl settings must be set to none when doing a non-interactive (silent/quiet) install using installer properties on a command-line or in a MST transform file. When doing an interactive install then you must uncheck the Enable Tachyon checkbox. Tachyon client features are not required if the 1E Client is being installed only to support Nomad, Shopping, or WakeUp. To connect to the Tachyon platform then BackgroundChannelUrl will have one or more entries in the format: BackgroundChannelUrl=https://<BackgroundChannelServer>:<BackgroundChannelPort>/Background/ <BackgroundChannelServer> is the DNS Name FQDN of the server, which is the same as:
<BackgroundChannelPort> is the Port number, which is the same as:
In systems with multiple server and multiple DNS Names, there will be multiple entries on one line using a semi-colon (;) as the delimiter between entries. For example: BackgroundChannelUrl=https://tachyon.acme.local:443/Background/;https://tachyon.acme.com:443/Background/ Multiple DNS Names may exist in complex systems where there are multiple servers, Switches, and devices on different networks, such as the Internet as well as the corporate network. Each time Tachyon needs to download content, it will try each entry in turn, starting at the first, until it is able to download or stops trying and reports an error. | |||||||||||||
ConnectionKeepaliveTimeInSecondsMinConnectionKeepaliveTimeInSecondsMax | Min: 600 (10 minutes) Max: 840 (14 minutes) | Determines the time in seconds for the Tachyon client to wait between sending a keep-alive messages to the Switch. Tachyon client will wait a random amount of time between the two values set as minimum and maximum. Range is 0 to 900 seconds (No keepalive to 15 minutes). | ||||||||||||
ConnectionRetryTimeInSecondsMinConnectionRetryTimeInSecondsMax | Min: 30 (seconds) Max: 900 (15 minutes) | Determines the time in seconds the Tachyon client waits before trying to reconnect to a Switch after a connection failure. The Tachyon client tries once for each Switch in the list of Switches, and if it fails to connect then it waits before trying again. The wait is a random amount of time between the two values set as minimum and maximum. Range is 5 to 86400 (5 seconds to 24 hours). See also FastReconnectTimeInSeconds. | ||||||||||||
ConnectionTimeout | 30 (seconds) | The maximum time in seconds that can elapse between the Tachyon client initialising the connection with a Switch and having a fully established websocket. Range is 1 to 60. | ||||||||||||
CRLChecks | soft | Determines whether Tachyon client does Certificate Revocation List (CRL) checking for:
The value must be set to one of the following. The default value is set to soft.
If a certificate error occurs then Tachyon client will not proceed, or will not start in the case of a digital signing certificate error. By default, the Switch will reject the connection if it cannot check a certificate presented by Tachyon client. If CRL checking is not possible then please contact 1E for guidance on how to configure Switches so they do not require CRL checking. | ||||||||||||
CRLTimeoutInSecondsThis setting does not have an equivalent Windows Installer property and is not in the template configuration file. | 3 (seconds) | The maximum time in seconds that is allowed to elapse whilst the Tachyon client attempts to download a Certificate Revocation List (CRL) from a CRL Distribution Point. The range is 1 to 10 seconds. | ||||||||||||
DefaultStaggerRangeSeconds | 300 (5 minutes) | Some operations (including HTTPS downloads from the BackgroundChannel) are randomly time-staggered across Tachyon clients. This property dictates the upper-limit on the default randomization period in seconds. Range is 0 to 3600. Default is 300. Use 0 to instruct Tachyon client not stagger operations by default. Do not change this value unless advised by 1E. Only use 0 or a low value in systems that support less than 500 clients. This setting is not used for HTTPS downloads from the BackgroundChannel if NomadContentDownloadEnabled is true, because Nomad does the bandwidth management. | ||||||||||||
EnablePayloadCompression | true | Determines whether the Tachyon client should attempt to compress payloads when responding to instructions, if it looks like compression would be beneficial. Must be set to true or false. | ||||||||||||
FastReconnectTimeInSecondsThis setting does not have an equivalent Windows Installer property and is not in the template configuration file. | 15 (seconds) | During machine wakeup, following a machine sleep or hibernation, the first reconnect attempt to the Switch will occur in <FastReconnectTimeInSeconds> seconds. This value is configurable between 5 and 60 seconds. For the majority of Windows devices the default value of 15 seconds is more than adequate for the Windows network stack to stabilise on wakeup. On non-Windows platforms this property is currently ignored. See also ConnectionRetryTimeInSecondsMin/Max. | ||||||||||||
LoggingLevel | Info | Determines how much logging information is generated. This may be set to one of the following values. The default value is info.
Logging levels should only be changed from info only if requested by 1E Support and reset to info after investigation is complete. | ||||||||||||
LogPathThis setting is shared with the 1E Client. | 1E Client logs on Windows%ALLUSERSPROFILE%\1E\Client\1E.Client.log (used by 1E Client and Tachyon features, and Shopping client) %ALLUSERSPROFILE%\1E\Client\NomadBranchUninstall-YYYY_MM_HHTMM_HH_SS_000Z.log 1E Client logs on macOS/Library/Logs/1E.Client.Daemon.log (shows any service start errors) /Library/Logs/1E.Client.log (shows the current operation of the 1E Client) 1E Client logs on other non-Windows platforms/var/log/1E/Client/1E.Client.log | The LogPath setting is stored in the 1E.Client.Conf file and determines the full path and filename of the 1E Client log file. The 1E Client log is shared by:
To change the logging level, please refer to LoggingLevel in the 1E.Client.CONF file. The following are not configurable in this version:
See Log files for more details about 1E Client logs. | ||||||||||||
NomadContentDownloadEnabled | true | The Nomad integration feature is for Windows clients only. The feature is enabled if this value is set to true and 1E Nomad v6.0.100 or later version is running on the device. There is no dependency on Configuration Manager which Nomad also integrates with.
| ||||||||||||
NomadContentDownloadTimeoutSecs | 600 (10 minutes) | The Nomad integration feature is only for Windows computers. If this feature is enabled, and requested content is not provided within the timeout period, Tachyon client will fall back to downloading directly from the Background Channel The most likely reason for a timeout is if Nomad is busy downloading other content. The range is 10 to 3600 (1 hour). On all non-Windows platforms this property defaults to 0 and is ignored. | ||||||||||||
PolicyEnabled | true | Determines if the Policy feature of the Tachyon client is enabled (true) or not (false). The Policy feature is responsible for downloading, evaluating and reporting on policy rules defined in the Tachyon Guaranteed State application on Tachyon Server Must be set to true or false. | ||||||||||||
SelectRowsLimitThis setting does not have an equivalent Windows Installer property, but is in the template configuration file. | 100000 (105) | Limits the number of rows returned by a SELECT expression. The principle is that if there is more than this number of rows then something has gone wrong. This limit prevents an unexpectedly excessive amount of both data and CPU usage. The range is 1 to 1000000000 (109). The default value is 100000 (105). It is not considered an execution error if the limit is reached, although a warning will be written to the 1E Client log. | ||||||||||||
SSL | TLSv1.2 | Determines which security protocol the Tachyon client uses when connecting to Tachyon Switches and Background Channel. SSL must be set to one of the following values:
| ||||||||||||
Switch | If Tachyon client features are not required then the connection to Tachyon Platform is not required, and both Switch and BackgroundChannelUrl settings must be set to none when doing a non-interactive (silent/quiet) install using installer properties on a command-line or in a MST transform file. When doing an interactive install then you must uncheck the Enable Tachyon checkbox. Tachyon client features are not required if the 1E Client is being installed only to support Nomad, Shopping, or WakeUp. To connect to the Tachyon platform then Switch will have one or more entries in the format: Switch=<SwitchName>:<SwitchPort> <SwitchName> is the DNS Name FQDN for one or more Switches. This is the same as the following except in a custom configuration where the Switch is installed on its own:
<SwitchPort> is the Port number, which has default value of 4000. Any other port number is used only in a complex configuration if advised by 1E. In systems where there are multiple DNS Names, there will be multiple entries using a semi-colon (;) as the delimiter between entries. For example: Switch=tachyon.acme.local:4000;tachyon.acme.com:4000 Multiple DNS Names may exist in complex systems where there are multiple servers, Switches, and devices on different networks, such as the Internet as well as the corporate network. When the Tachyon client attempts to find a Switch, it will try each entry in turn, starting at the first. If all attempts fail Tachyon restarts the connection process after a period determined by ConnectionRetryTimeInSecondsMin/Max. | |||||||||||||
WorkerThreads | 2 | Determines the number of threads that will execute instructions concurrently. This property enables instructions to be run simultaneously and prevents long running instructions from blocking others. Range is 1 to 8. 1 means all instructions are run sequentially on the same thread. |
Inventory module settings
This section describes configuration settings for the Tachyon Activity Record feature provided by the Inventory module.
The Tachyon client, while running, continuously captures details of certain activities and events as they happen, similar to Windows Task Manager or Perfmon. During startup, the Tachyon client is able to detect some events that occurred when it was not running. Data is regularly written into a local, compressed and encrypted persistent storage tables, that are accessible to SCALE as SQL tables. The Tachyon client periodically aggregates data in order to minimize the amount of storage required, so that each capture source has a live, hourly, daily and monthly table. The whole process is designed to minimize impact on device performance, storage and security. Please refer to Tachyon SDK - Tachyon Activity Record for details of what data is captured and how to query these tables.
These settings are not included in the template configuration file, and therefore use default values. To set any other value for these the setting must be added to the configuration file.
Capture sources
The table below lists the capture sources supported by the Tachyon Activity Record feature (also known as the Inventory module) and on which OS they are supported. The source name is used in each of the Capture source settings.
Source Name | Description | Windows | macOS | Linux | Solaris |
---|---|---|---|---|---|
ARP | ARP cache entries - the Inventory module captures the results of cached IP address to physical address resolutions | 3.2 | n/a | n/a | n/a |
DevicePerformance | Device performance metrics for device performance by interrogating Windows Performance Counters. These metrics cover disk, memory, network and processor performance. This capture source is required by the 1E Experience application. | 5.0 | n/a | n/a | n/a |
DNS | DNS resolution queries - the Inventory module captures whenever a DNS address is resolved | 2.1 | 2.1 | n/a | n/a |
OperatingSystemPerformance | Performance metrics for OS - the metrics executable runs every 4 hours by default This capture source is required by the 1E Experience application. | 5.0 | n/a | n/a | n/a |
Process | Process execution - the Inventory module captures whenever a process starts on the device | 2.1 | 2.1 | 2.1 | 2.1 |
ProcessStabilization | The time taken for a process execution to be considered stable whenever a monitored process starts on the device | 3.2 | n/a | n/a | n/a |
ProcessUsage | A daily summary of the launches and terminations of processes. The Process Usage capture source is required by the Tachyon Powered Inventory feature (Tachyon connector). Process Usage capture can generate high disk I/O while capturing process usage on virtual machine hosts with guests starting at the same time. | 3.2 | n/a | n/a | n/a |
SensitiveProcess | Performance metrics for sensitive processes - the metrics executable runs every 4 hours by default This capture source is required by the 1E Experience application. | 5.0 | n/a | n/a | n/a |
Software | Software installs/uninstalls/presence - the Inventory module captures whenever software is installed/uninstalled, and also captures which software is present on a device | 2.1 | 2.1 | 2.1 | 2.1 |
SoftwarePerformance | Performance metrics for software - Software performance polling is every 10 seconds by default This capture source is required by the 1E Experience application. | 5.0 | n/a | n/a | n/a |
TCP | Outbound TCP connections - the Inventory module captures whenever an outbound TCP connection is made | 2.1 | 2.1 | 2.1 | n/a |
UserUsage | A daily summary of all the logons and logoffs of users. This capture source is required by the Tachyon Powered Inventory feature (Tachyon connector). | 3.2 | n/a | n/a | n/a |
Global capture settings
The table below lists configuration properties that affect all capture sources.
Inventory module setting | Installation default | Description |
---|---|---|
Module.Inventory.Enabled | true | Determines whether the Tachyon Activity Record feature is enabled or disabled. Must be set to true or false. Must be set to true if using the Tachyon Powered Inventory feature (Tachyon connector). If set to true then individual capture sources can be enabled or disabled by setting Module.Inventory.<source>.Enabled to true or false. If set to false then this setting takes precedence over individual capture source settings with all being disabled. |
Module.Inventory.NoEventTracingThis setting does not have an equivalent Windows Installer property and is not in the template configuration file. | false | Controls whether the Inventory module will, on Windows, use a polling-based mechanism to capture data instead of event-based. The Inventory module will use Windows operating system events to capture data, if the host operating system supports it. If this setting is true, the Inventory module will instead use a polling-based approach to capture data. This setting is ignored on other operating systems. |
Module.Inventory.AggregationIntervalSecondsThis setting does not have an equivalent Windows Installer property and is not in the template configuration file. | 60 (seconds) | Determines the frequency, in seconds, at which the Inventory module will write the capture buffers to the live and aggregated tables. More frequent aggregations will make captured data available for querying sooner, at the cost of more processing on the device. Range is 30 to 600 (10 minutes). |
Capture source settings
The table below lists the 8 settings used to configure each capture source. The relevant <source> name needs to be included in each of the setting names (not case-sensitive):
The following settings do not have an equivalent Windows Installer property and are not in the template configuration file.
Capture source setting | Installation default | Description |
---|---|---|
Module.Inventory.<source>.Enabled | true (all sources) | Controls whether this capture source is active (true) and will capture data. To disable capture of this data, use false. Disabling the Tachyon Activity Record feature by setting Module.Inventory.Enabled to false, takes precedence over individual capture source settings. The Process Usage capture source is required by the Tachyon Powered Inventory feature (Tachyon connector). Process Usage capture can generate high disk I/O while capturing process usage on virtual machine hosts with guests starting at the same time. |
Module.Inventory.<source>.BufferSize | 1000 (all sources) | Determines the maximum number of capture entries held in memory during an aggregation period. The Inventory module will store data in memory prior to writing it to disk (as determined by the Module.Inventory.AggregationIntervalSeconds setting described above). This setting controls the size of the capture buffer available for this data. If this capture buffer is exceeded, older entries will be discarded to make room for newer ones. For example, based on the default values, if more than 1000 DNS lookups occur within 60 seconds. A higher value will allow the Inventory module can capture higher volumes of events at the cost of additional memory use. Range is 100 to 10000. |
Module.Inventory.<source>.PollIntervalSeconds | 30 (all sources except Software and OperatingSystemPerformance) 120 (2 minutes for Software) 14,400 (4 hours for OperatingSystemPerformance) | Determines the frequency, in seconds, at which the capture source will poll for data. This setting is ignored if the Inventory module is using an event-based mechanism to capture data. A lower value (more frequent polls) is likely to capture more data at the cost of additional processing overhead on the device. Range is 5 to 600 (10 minutes) for all sources except for OperatingSystemPerformance. Do not change the Module.Inventory.OperatingSystemPerformance.PollIntervalSeconds setting unless advised by 1E. |
Module.Inventory.<source>.AggregationsBeforeGroom | 3 (all sources) | Determines the number of aggregation cycles that should occur before old data is removed (groomed) from the Inventory module’s live disk-based store. See the three Retention settings below. The Inventory module will store captured data for a limited time before removing it. This setting determines how frequently the grooming operation will be performed. The clean-up operation happens every N aggregation cycles. A lower value (more frequent deletion) will remove old data more quickly at the cost of additional processing overhead on the device. Range is 1 to 50. |
Module.Inventory.<source>.LiveRetention | 5000 (all sources) | Determines the maximum number of capture entries that will be stored in the Inventory module’s live disk-based storage. The Inventory module stores detailed (non-aggregate, live) capture entries on disk, as well as aggregated capture entries per hour, day and month (see below). This setting determines the limit of the detailed entries. When the limit is reached, older entries are deleted to make room for newer ones. A higher value allows storage of a longer period of detailed entries at the cost of additional disk space on the device. Storing more data will also cause queries on that data to take longer. Range is 100 to 50000. |
Module.Inventory.<source>.HourlyRetentionModule.Inventory.<source>.DailyRetentionModule.Inventory.<source>.MonthlyRetention | Hourly: 24 (all sources) Daily: 31 (all sources) Monthly: 12 (all sources) | Determines the maximum number of hours/days/months for which aggregated data will be kept in the Inventory module’s disk-based storage. The Inventory module will discard data from its hourly/daily/monthly store to make room for newer data. A higher value allows a longer record of data to kept at the cost of additional disk space on the device. Storing more data will also cause queries on that data to take longer. Note that these settings are independent of one another – for example, it is not necessary to specify an “hourly” value of 24 or greater to be able to capture “daily” values. A value of zero means “disable data aggregation at this resolution”. Again, since the settings are independent, it is valid to disable hourly data aggregation yet keep daily and monthly aggregation active. Range is 0 (disabled) to 100. |
Settings unique to specific capture sources
The following settings do not have an equivalent Windows Installer property and are not in the template configuration file.
Capture source setting | Installation default | Description |
---|---|---|
Module.Inventory.ProcessStabilization.Fuzziness | 5 | Modifies the margins within which a process is considered stable. The default is 5, and the range is 1 to 66 inclusive. This setting should be left unchanged. |
Module.Inventory.ProcessStabilization.MonitoredProcesses | This is a comma separated, case insensitive list of executable names (with extensions) of any processes that require stabilization monitoring. By default, this is not set and therefore process stabilization monitoring is disabled. The list should not exceed 15 executables. | |
Module.Inventory.ProcessUsage.VerboseLogging | false | Enables or disables Process Usage log messages, which typically appear for each data capture refresh. ProcessUsage is used by the Tachyon Powered Inventory feature. |
Module.Inventory.UserUsage.VerboseLogging | false | Enables or disables User Usage log messages, which typically appear for each data capture refresh. UserUsage is used by the Tachyon Powered Inventory feature. |