Summary

A glossary of Tachyon terminology.

Alphabetical Glossary

Term

Definition

Action

In Tachyon an Action is a specific type of instruction that is sent to Tachyon Agent devices which can be used to modify the state of the target device. For example, setting a registry key, killing a process, deleting a file. Whereas a Question is an instruction that requests information from the target device, but does not change its state.

Generally an Action needs to undergo an approval process before it is sent.

Administration Log

The Administration Log page shows any notifications that have been generated by the Switch, Core and Workflow components. It also displays audit information related to installation, permissions, instruction set and consumer related operations carried out using Tachyon Explorer.

See The Admin Log page.

Agent

Tachyon enables rapid response to instructions using the Tachyon Agent, which supports the retrieval of information, running actions and device tagging. The Agent can also be extended to support additional features. The Agent connects to the Switch and the Background Channel.

On Windows OS, the Agent is installed as a service, with a small footprint.

See Tachyon Architecture and Communication Ports.

Agent Deployment Administrators

Agent Historic Data Capture

This is a Tachyon Agent feature, also known as inventory, which captures data from a number of sources on the Agent device, encrypts and stores in compressed form on the Agent device. Raw and summarized (aggregated) data is stored and can be queried using instructions.

See Agent Historic Data Capture configuration properties.

Agent Installer

Agent Installer Administrators

Agent Language

The Agent language is an interpretive programming language that is executed by the Agent in the form of an instruction payload. Instructions, and their payload, are based on instruction definitions which are stored in the Tachyon Master database. Definitions are uploaded into the database from the Tachyon Administrator console by dragging and dropping one or more Instruction Definition files, a Product Pack or ZIP file containing Instruction Definition files.

The language uses Agent modules and methods.

The language is documented in the SDK and is called SCALE.

Agent Module

A plug-in component for the Agent which encapsulates business logic.

Modules contain Methods, which can be invoked by the Agent Language.

Modules (and their methods) effectively provide a platform independent API. To that end, Modules and their Methods do not (generally) talk about anything platform specific (Windows, Linux, Android etc).

Examples:

  • FileSystem
  • OperatingSystem
  • Network
  • Software
Agent Provider

A plug-in component for the Agent which communicates with an external component, such as an operating system facility (e.g. Windows registry) or a service-provider application (e.g. 1E Nomad).

Agent Modules use Providers to get their work done.

Examples:

  • WMI provider
  • Registry provider
  • Nomad provider
  • BASH provider
Agent resources

Agent resources are:

  • files (such as scripts) associated with a particular instruction via their Instruction Definition file, which the Agent will download when it performs that instruction.
  • extensibles (normally in the form of DLLs on Windows), which the Agent will download when it self-updates. This allows additional Agent functionality to be deployed.

Agent resources are downloaded on demand via the Background Channel.

Agent Shopping Module

Agent WakeUp Module

Authentication service

Part of the two-factor authentication feature. See Two-factor authentication.

The Tachyon App, also known as Tachyon Auth mobile app, is deprecated and will be removed in a future release of Tachyon. As a consequence, the Registered mobile phones administration page is also deprecated.

The Authentication service is a web application on the Tachyon Server Website, actually named Authentication, and provides the following:

Background Channel

The Background Channel is a mechanism by which the Agent can download resources via HTTPS without loading the Switch. Since this traffic does not go through the Switch, the Agent is still able to receive and process instructions instructions while performing these downloads. From v2.0 onwards, the Agent is able to download resources via 1E Nomad.

The Background Channel is a web application on the Tachyon Server Website and provides the following:

  • Stores agent resources from the Consumer API in the Background Channel for Tachyon Agents to retrieve
  • Responds to Tachyon Agents retrieving agent resources from the Background Channel

See Tachyon Architecture and Communication Ports.

Configuration Manager Extensions

The Configuration Manager Extensions currently include.

  • Configuration Manager Agent emergency stop and resume actions
  • Configuration Manager Agent actionse
  • Client Health Check
  • Tachyon Run Instruction utility (used by the each of the above right-click actions to request Tachyon to run an instruction)
  • Tachyon Instruction Runner (a mini UI version of the Tachyon Explorer)

This feature is included in the Tachyon Toolkit.

Documentation for installing and using the Configuration Manager Extensions will be available soon.

Consumer
A Tachyon Consumer is any application that connects to and uses the Consumer API. An example is the Explorer portal.
Consumer Administrators

This is a Tachyon system role which allows assigned users to register additional Tachyon Consumers and view their settings.

Consumer API

The Consumer API is a documented set of API endpoints provided by a web application on the Tachyon Web Server called Consumer. It is referred to as the Consumer API in order to avoid confusion with Tachyon Consumers, which are 'consumers' of the API.

The Consumer API is a web application on the Tachyon Server Website, actually named Consumer, and provides the following:

See Tachyon Architecture and Communication Ports.

Consumer requests
A Tachyon Consumer sends requests to the Consumer API.
Coordinator Service

The Coordinator Service has two modules:

See Tachyon Architecture and Communication Ports.

Coordinator Instrumentation module

The Coordinator Instrumentation module is part of the Coordinator Service on the Tachyon Server which processes instrumentation data from the following components:

And responds to requests for instrumentation data from the Consumer API for viewing in the System Status Dashboard.

See Tachyon Architecture and Communication Ports.

Coordinator Workflow module

The Coordinator Workflow module is part of the Coordinator Service on the Tachyon Server that provides the following:

  • Forwards workflow commands from the Consumer API to the Core
  • Stores workflow in SQL
  • Connects to remote SMTP to send emails used in the approval process for actions

See Tachyon Architecture and Communication Ports.

Core

The Core is a Tachyon Server web component that does the following:

See Tachyon Architecture and Communication Ports.

Core Internal

Core Internal is the part of the Core which allows fast internal communication with the Switch using HTTP instead of HTTPS, restricted to the Switch server's local IP Address only.

See Tachyon Architecture and Communication Ports.

Coverage tags

Coverage tags can be used when setting the coverage for a particular question so that only Tachyon Agent devices with a particular Coverage tag name and value get the question. The names and values of Coverage tags must be pre-configured by Tachyon Custom Properties Administrators before setting them on a Tachyon Agent device using Coverage tag actions.

Coverage tags can also be queried directly by Coverage tag questions.

In Tachyon log files, coverage tags are also known a scopable tags.

Custom Role

Tachyon roles that define which Tachyon Users have access to which Instruction Set.

These roles can be modified in the Administration pages by users assigned to the Security Administrators role.

Custom Properties Administrators

This is a Tachyon system role which can add, edit or delete custom properties.

Custom Properties

Custom Properties Administrators can manage the custom properties using the Properties page in the Tachyon Explorer.

The only custom property type available after installing the Tachyon server is Coverage tags, further types may be added during installation of other Tachyon Consumers.

DNS Name

DNS Name FQDN is the term used in this documentation to represent the name of a Tachyon Server. Typically a Tachyon Server will have only one DNS Name, which will be the

CNAME or an (A) Host record that uniquely represents a server's IP Address. 1E normally recommends using an CNAME record.

In a Tachyon system, each Tachyon Server will have a DNS Name FQDN.

In a single-Switch installation the Switch is on the same server and uses the same DNS Name. When a Response Stack has more than one Switch, each Switch has its own IP Address, so you can choose if the will share the same DNS Name, or if each will have its own DNS Name. The Tachyon Server certificate must have all

NAME                    TYPE   VALUE
--------------------------------------------------
tachyon.acme.com.		CNAME  tachyon.acme.local.
tachyon.acme.local.     CNAME  foo.example.com.
foo.example.com.        A      192.0.2.23
tachyon.acme.com is an Alias record
tachyon.acme.local is a CNAME record
foo.example.com is a (A) Host record
Event Subscription
A type of instruction that can be sent to the Tachyon Agent. An Event Subscription tells the Agent to monitor an arbitrary event source for a period of time (defined by the Instruction's TTL), to capture events as they occur and to report them back via the Switch.
Explorer

The Explorer is the web portal used by Tachyon users and administrators. It is an example of a Tachyon Consumer.

It is a web application on the Tachyon Server Website and provides the following:

See Tachyon Architecture and Communication Ports.

Filters
There are two kinds of filter: Question filters are used to reduce the responses from the Tachyon Agents; View filters reduce the information displayed in the Tachyon Explorer on the Responses page.
Freeform tags

Freeform tags may be used to set properties on Tachyon Agent devices that can subsequently be used in Freeform tag questions. They cannot be used when defining the coverage for a question.

Freeform tags can be set with arbitrary names and values that are defined only when running a Freeform tag action.

In Tachyon log files, freeform tags are also known a non-scopable tags.

FQDN
Fully Qualified Domain Name. This is the complete domain name for a specific IP-connected device, and is unique within the network and unambiguous. The FQDN consists of two parts: the hostname and the domain name. For example tachyon.acme.com.
Global Actioners

This is a Tachyon system role which allows assigned users to ask questions, view responses and send actions for all instruction sets; use custom properties.

Global Administrators
This is a Tachyon system role which has the combined rights of all the other system roles.
Global Approvers
This is a Tachyon system role which allows assigned users to approve actions for all instruction sets. Users can approve unless the action was requested by themsleves.
Global Questioners
This is a Tachyon system role which allows assigned users to ask questions and view responses for all instruction sets; use custom properties.
Global Viewers
This is a Tachyon system role which allows assigned users to view instructions and responses for all instruction sets.
Infrastructure Administrators
This is a Tachyon system role which allows assigned users to view instrumentation on the system status dashboard.
Instruction

Instruction is the generic term used to describe:

An Instruction is sent to one or more Agents, and will yield one or more responses.

Instruction Definitions
Instruction Definitions are retrieved from the Tachyon Core by the Switch. They define the type and functionality of the instructions and are used to control the Tachyon Agents to respond in the appropriate way.
Instruction Definition Files
Instruction Definition files are XML format files that contain definitions for Instructions and any associated resources.
Instruction Sets
Instruction Sets, new to Tachyon version 3.1, provide a way of organizing instructions and setting permissions on those instructions. They can be created, modified and deleted from the Tachyon Administration console. Instruction Sets are a replacement for the Product Packs of earlier versions, whose contents could only be determined outside of Tachyon.
Instruction Set Administrators

This is a Tachyon system role (introduced in version 3.1) which allows assigned users to create, modify and delete Instruction Sets in the Tachyon Administration console.

They are able to import Instructions by dragging and dropping one or more Instruction Definition files, a Product Pack or ZIP file containing Instruction Definition files.

They can then organize imported Instructions into the Instruction Sets.

Instrumentation data
Each of the Tachyon components creates instrumentation data that can be used to display how the Tachyon system is performing. The data can be viewed on the System Status Dashboard page of the Tachyon Explorer.
JSON Provider

This is an internal provider within the Tachyon agent library, used to deserialize and return a JSON string as a data table. Analogous to the Windows specific PowerShell Provider.

Legacy OS

In this documentation, Windows XP, Vista and Windows Server 2003 are referred to as legacy OS.

Microsoft has withdrawn support for Windows XP and Windows Server 2003, but 1E includes Vista in this list because it is not significantly used by business organizations.

For details of limitations and additional considerations for these OS, please see Constraints of Legacy OS.

License file

1E will provide you with a Tachyon.lic license file that defines the products and features your Tachyon System is able to use, for how long, and how many devices it supports, this may be an evaluation or subscription license.

  • The license must be activated. Once activated it may be used only by the Tachyon System that activated it.
  • Licences can be renewed or updated, but if allowed to expire then the affected products or features will not be usable.
  • For a new installation the license file must exist in the folder required by the Server Installer.
  • For an existing installation the license file is copied into the folder: %PROGRAMDATA%\1E\Licensing on your Tachyon Server.

The Tachyon license must be validated on a regular basis via internet contact with the 1E license service https://license.1e.com/ , which needs to be whitelisted in your organization - so that it's accessible during setup and running of Tachyon. The regular validation period is set when the license is requested.

For whitelisting purposes, the Tachyon Server (specifically the Coordinator Workflow module in the Master Stack) requires an Internet connection to the 1E license service, as defined in the license file itself. If activation fails, then the system will install but not be usable until activation is completed.

License Service
The License Service is hosted in the cloud by 1E, and accessible via an internet connection.
Management Group Administrators
This is a Tachyon system role (introduced in version 3.3) which allows assigned users to create, modify and delete Management groups and modify their membership. In version 3.3 this is done using Scripts via the Consumer API.
Method
Methods are documented in the SDK.
Permissions

How the Role-Based Access Control feature assigns Tachyon Users to Tachyon Roles, providing access to Instruction Sets and Administration pages.

Permissions Administrators

This is a Tachyon system role which allows assigned users to:

This role was previously called Security Administrators.

Persistent Storage
The Tachyon Agent stores information in Persistent Storage which it needs each time it starts. For example the last processed instruction. A hash value of each item of information is stored in the registry, which the Agent uses to ensure it trusts each item.
PowerShell Provider

This is a Windows specific internal provider within the Tachyon agent library. It provides functionality to execute powershell.exe from a fixed location (System32\WindowsPowerShell\v1.0) on a Powershell (.sp1) script and return the result.

Some earlier versions of Windows (such as Windows XP) do not support PowerShell.

Product Pack

From Tachyon version 3.1 and above, Product Packs no longer exist inside the Tachyon Explorer. Product Packs, which can be obtained from the Tachyon forum, are now just zip files containing a number of Instruction Definition files. Once the Product Pack has been loaded into the Tachyon Explorer the result is a number of Instructions with no association with the Product Pack file they came from and that must then be organized into Instruction Sets by Instruction Set Administrators. The Instruction Sets are also used to set the permissions for accessing the instructions.

Product Pack Administrators

From Tachyon version 3.1 and above, Product Pack Administrators are no longer used. Instead there is a new Tachyon system role for Instruction Set Administrators that allows assigned users to add, update and delete Instruction Sets.

Push Messaging Service

The Tachyon App, also known as Tachyon Auth mobile app, is deprecated and will be removed in a future release of Tachyon. As a consequence, the Registered mobile phones administration page is also deprecated.

Tachyon Authentication service uses the Google and Apple push messaging services to send notifications to mobile devices that have Tachyon App installed and registered for the user using the Tachyon Registration service.

Question
In Tachyon a Question is a specific type of instruction that requests information from Tachyon Agent devices. The information is returned to Tachyon as responses.
Registration service

The Tachyon App, also known as Tachyon Auth mobile app, is deprecated and will be removed in a future release of Tachyon. As a consequence, the Registered mobile phones administration page is also deprecated.

Allows a user who has installed the Tachyon Authentication app on their mobile device to register it for use with the Two-factor authentication feature. See Two-factor authentication.

The Registration service is a web application on the Tachyon Server Website, actually named Registration. It acts as a proxy for the Authentication service, allowing Tachyon Users to register the Tachyon App on their mobiles devices to receive one-time authentication codes.

A proxy is required because the Registration service may need to be installed on a separate Tachyon Web Server to serve mobile devices that are not able to connect directly to the Tachyon Web Server.

Response
The data resulting from an Agent executing an instruction.
Role-Based Access Control

Also known as RBAC. This is a general term for assigning users to Tachyon roles which allow them access specific features of Tachyon.

Roles can be assigned to AD users and groups added in the Administration Security page.

A Tachyon role can be either of the following:

SCALE
Simple Cross-platform Agent Language for Extensibility.
SDK

The Tachyon SDK describes the following and is available here: TCNSDK

Securable
Refers to an item that may be secured by Tachyon using RBAC.
Server installation account

This is the account used to run Tachyon Setup (and the MSI installer) when installing or upgrading a Tachyon Server. The account is automatically defined as a Tachyon admin user with limited rights which cannot be edited. If you need this account to have additional Tachyon roles, then you will need to use an AD Security Group instead. The installation account has sufficient rights to add other Tachyon users, assign them to Tachyon roles, including the Permissions Administrator role, which should then be used for ongoing use and management of Tachyon.

When installing a Tachyon Server, the account must be an Active Directory domain account with various rights on the Tachyon Server and the SQL Server instance. For more detail see Server Installation Account.

For a new installation, only the Server installation account is able to use the Tachyon Explorer and assign user rights to other users and groups. Once these other users or groups have been assigned, then the Server installation account can be optionally disabled in AD pending future updates and upgrades.

The Server installation account is a system principal and cannot be deleted or granted additional rights; it is able to manage additional users and groups, create and edit custom roles, which are then used for ongoing use and management of the system. However, the account may be included in any AD security group assigned to a Tachyon system or custom role.

Single-Switch installation

A single-Switch installation is a type of single-server installation which has only one Switch. This is the simplest Tachyon Server configuration.

Single-server installation

A single-server installation is where all Tachyon Server components are installed on the same Web Server, with one to five Switches, and SQL Server either local or remote. A single-Switch installation is the simplest configuration. More than one Switch requires additional hardware resources.

If SQL Server is remote then it is also referred to as a split-server configuration. Best performance is achieved using a local SQL Server installation.

See Tachyon Architecture and Communication Ports.

SMTP gateway
Systems such as the Tachyon Server connect to the gateway in order to send emails. Also known as SMTP relay.
System Status Dashboard

The dashboard provides an overview of the performance of Tachyon using the instrumentation data reported to the Instrumentation service by the key Tachyon components.

See viewing Tachyon system status.

See Tachyon Architecture - Tachyon instrumentation layer.

Switch

The Switch component on the Tachyon Server provides the following:

On the Tachyon Server, the Switch Host service is responsible for managing all the local Switches

The Switch configuration is stored in the SwitchConfiguration table of the Tachyon Master database. This includes the number of slots and workers used by the Switch which controls the maximum number of devices that can be managed by each Switch. A Switch restart will fail if the Switch failed to de-register itself, therefore the registration entry in the Tachyon Master database will need to be manually removed after troubleshooting.

See Tachyon Architecture and Communication Ports.

Switch Host

The Switch Host service

  • is a Windows service that manages local Switches
  • automatically starts each Switch and if a Switch stops, the Switch Host will analyse the reason and attempt to restart it
  • has a configuration file contains entries for one or more Switches
  • has its own log file

See Tachyon Architecture and Communication Ports.

System Principal

A system principal is a Tachyon user which cannot be modified in the Administration pages, and is assigned to a system role.

The Server installation account is a system principal which is assigned to the Consumer Administrator, Security Administrator and Instruction Set Administrator system roles.

System Role

Tachyon roles which cannot be modified in the Administration pages. Tachyon users can be assigned to these roles.

The following are built-in system roles.

Tachyon App

The Tachyon App, also known as Tachyon Auth mobile app, is deprecated and will be removed in a future release of Tachyon. As a consequence, the Registered mobile phones administration page is also deprecated.

Currently the 1E Tachyon App is used only with the two-factor authentication feature. See Two-factor authentication.

This App can be installed on supported mobile devices. After installation, the App is used to register the mobile device for the user, which needs to be approved by a Tachyon Permissions Administrator.

Any mobile device that is successfully registered by a user, will receive an authentication code as a push notification each time that user attempts to run an action.

Tags

There are two types of tag: coverage tags and freeform tags.

In Tachyon log files, these tags are also known a scopable and non-scopable tags.

Tachyon Instruction Management Studio

This feature is included in the Tachyon Toolkit.

TIMS provides a user interface for developing and testing instructions using the Agent Language. It includes an isolated copy of the Tachyon Agent so that you can develop instructions for that Agent version, independent of the Agent version that may be installed on your computer.

By default TIMS and its Agent run under the security context of the user that started it. To use the context of Local System, as used by a normal Agent, you can start TIMS using PSexec.

More information about TIMS is available in the Tachyon Community on the 1E Support Portal.

TIMS is now able to save Instruction Definition files.

Tachyon Instruction Runner

This feature is the graphical user interface part of the Configuration Manager Extensions which is included in the Tachyon Toolkit. It is a mini UI version of the Tachyon Explorer.

It is an example of a Tachyon Consumer.

It should not to be confused with the Tachyon Run Instruction utility available in the Tachyon Toolkit.

Tachyon Master Stack

A Tachyon Master Stack is part of a Tachyon System. There is one Tachyon Master Stack that all the Tachyon Response Stacks communicate with. A Tachyon Master Stack contains the following components:

Tachyon Product Pack Editor

The Tachyon Product Pack Editor is no longer available in Tachyon 3.1 as Product Packs themselves are not used in the Tachyon Explorer. Instead Instruction Sets can be constructed using the Tachyon Administrator Console from imported instructions. One or more Instruction Definition files, a Product Pack or a zip file containing Instruction Definition files can be loaded into the Tachyon Administrator console by Instruction Set Administrators.

The ability to save Instruction Definition files is now included in the Tachyon Instruction Management Studio.

Tachyon Response Stacks

A Tachyon Response Stack is part of a Tachyon System. This is where one or more Response Stacks talk back to a single Tachyon Master Stack. Multiple Response Stacks are necessary when additional Switches are required for scale, security or for geographic or other network reasons. Each Switch can handle 50000 devices, so each Tachyon Response Stack can handle a maximum of 250000 devices.

Each Tachyon Response Stack has the following components:

A Response Stack will typically host Switches and Background Channel using the same DNS Alias.

Tachyon Role

Tachyon roles are used to implement Role-base access control (RBAC) and assign permissions to Tachyon users and restrict access to areas of the Tachyon Explorer and ability to use instructions in Instruction Sets. The roles may be system roles or custom roles related to specific Instruction Sets.

Tachyon Run Instruction utility

This command-line utility is included in the Tachyon Toolkit and is targeted at 3rd party integration, and can be used by scripts.

It is an example of a Tachyon Consumer.

It is used by the Configuration Manager Extensions which is also available in the Tachyon Toolkit.

More information about the Tachyon Run Instruction utility is available in the Tachyon Community on the 1E Support Portal.

Tachyon Server

A Tachyon Server is any server on which a Tachyon Server component is installed. The following are Tachyon Server components.

A Tachyon Server can have one or more Switches. See also single-server installation and single-Switch installation.

See Tachyon Architecture and Communication Ports.

Tachyon Stack

There are two types of Stack: Master Stack and Response Stack.

A Tachyon system consists of a single Master Stack and one or more Response Stacks, with optional DMZ Servers. Each Response Stack has a Tachyon Core component that supports an associated set of up to five Tachyon Switches, which is the primary mechanism for rapidly requesting and retrieving responses from the Tachyon Agents. As each Switch can handle up to 50000 devices there is a limit of 250000 devices per Response Stack.

The Tachyon Switches may be local or remote to the other components in the Response Stack. Tachyon Master and Responses databases are installed on SQL Server instance(s) that may also be local or remote to their respective Master or Response Stacks. It is also possible for multiple Response Stacks to share the same Responses database.

For more details about architecture and components, please see Tachyon Architecture. Also see Design Considerations.

Tachyon System

At the top-most level, a Tachyon System consists of Tachyon Server components, grouped into Tachyon Stacks, and a set of Tachyon Agents that are deployed onto the devices that you want to manage.

In addition, a system can have one or more Consumers (the built-in Consumer is Explorer).

See Tachyon Architecture and Communication Ports.

Tachyon Toolkit

The Tachyon Toolkit is a collection of the following tools, which can be installed on a Windows computer for use by a Tachyon User who has appropriate permissions.

The toolkit is available for download from the Tachyon Community in the 1E Support Portal.

Documentation for installing and using the Toolkit will be available soon.

Tachyon User

A domain account that is authorized to access the Tachyon Explorer portal and/or the Tachyon Administration pages.

Authorization is achieved by adding the AD account or group and assigning it to a Tachyon role.

Tachyon Master database

The SQL Server database which contains:

The configuration files for the following components contain SQL Connection strings for the Tachyon Master database.

Tachyon Responses database

The SQL Server database which contains:

Two-factor authentication

See Two-factor authentication.

This feature uses the following server components:

The Tachyon App, also known as Tachyon Auth mobile app, is deprecated and will be removed in a future release of Tachyon. As a consequence, the Registered mobile phones administration page is also deprecated.

This feature uses email and optionally uses the Tachyon App on supported mobile devices to receive authentication codes (one-time passwords) as push notifications.

Website

The Tachyon Website hosts the following web applications:

The Website has an HTTP binding and HTTPS binding.

  • The HTTP binding uses the server's hostname FQDN as a host header, and is used only by Switches to achieve fast communication with the Responses database via CoreInternal
  • The HTTPS binding uses the Tachyon Web Server certificate, the server's DNS Alias as the host name, and has SNI enabled.

See Tachyon Architecture and Communication Ports.

Workflow commands
Workflow commands determine how the Coordinator Workflow module processes an instruction, particularly in terms of the permissions required to run the instruction.