Summary

How to quickly install, configure and run Tachyon for first use in a small scale lab, evaluation or pilot environment. To simplify things, this quick start assumes a simple design in which you will be installing Tachyon components on a single web server, with SQL Server installed either locally or remote (split). When implementing in a more complex environment you should instead follow the design, install and verify phases described in the Implementing Tachyon section.

This quick start is intended only for a fresh install. For upgrading or replacing an existing Tachyon system with Tachyon 3.3, please see Upgrading Tachyon.

There are four stages to the Tachyon quick start. Each of these stages touch upon the design, install and verify phases described in the Implementing Tachyon section.

Verifying Tachyon

This quick start provides an outline to installing, configuring and verifying a Tachyon system that is suitable for a lab-type environment. After the Prepare and Install sections, the Configure and Use sections provide steps that will verify the following aspects of the Tachyon system installation:

  1. Configure quick start users - confirms integration with Active Directory and the basic RBAC capabilities of Tachyon.
  2. Configure verification instructions - confirms the basic functionality for importing instruction definitions into Tachyon as well as confirming that licensing is working appropriately.
  3. Viewing connected devices - confirms that the Tachyon certificates have been correctly configured
  4. Asking a question - confirms that the Tachyon Agent communications are working
  5. Performing a follow-up action - confirms that two-factor authentication, email connections and the approval workflow are working. The stage 2 verification action also checks that the agent download mechanism is working and that the background channel has been correctly configured.

This run through of the basic Tachyon functionality listed above works as a verification of the installation of Tachyon in a lab environment. If you see any issues when running through these steps please check the Troubleshooting section for a list of known issues. For production environments a more formal verification process that uses the same 1E-TachyonPlatform.zip file as used in this quick start guide is provided on the Verifying page.


To run through the evaluation, you will need to ensure all prerequisites are met and prepare the installation environment.


With all server prerequisites met you can proceed with installation. First install the Tachyon Server, then follow by installing the Tachyon Agents.


Configure who has access to use Tachyon, and install Product Packs.


Once the Agents are reporting into the Server, you can use the Tachyon Explorer to start the evaluation.

Prepare

This quick start assumes a simple design in which you will be installing Tachyon components on a single web server, with SQL Server installed either locally or remote (split).

A summary of the preparation tasks:

  1. Obtain a suitable license file for the Tachyon web server
  2. Review your quick start infrastructure
  3. Prepare the quick start Tachyon server(s)
  4. Create the DNS Name
  5. Install IIS roles, role services and features on the Tachyon Server
  6. Obtain and install the Tachyon Server's web certificate
  7. Get the Tachyon files that will be used to complete the quick start
  8. Export the web certificate and use the 1E Tachyon CertPrep tool to create the Switch certificate files
  9. Prepare the quick start Agent devices
  10. Create the quick start user accounts

The below process assumes your quick start environment has a Microsoft Enterprise CA and you are familiar with how to:

  • configure your CA to use a CRL DP that supports HTTP or HTTPS
  • publish a Web Server certificate template or issue a PFX
  • use certlm.msc or the mmc certificates snap-in to request a web server certificate
  • deploy computer certificates to clients, optionally using auto-enrollment

Quick start infrastructure

A Tachyon system consists of:

  • Tachyon Server, which includes the Tachyon Switch component and website, hosted on an IIS web server
  • SQL Server instance, which hosts the Tachyon Master and Responses databases, can be local or remote (split)
  • Tachyon Agents on supported devices
  • Browsers used by Tachyon users and administrators to access the Tachyon Explorer and Admin portal

Your environment also requires:

  • A correctly routed network environment where each device is configured with a genuine default gateway
  • The server where Tachyon Web Server will be installed also needs internet access so that the licensing will work, specifically to  https://license.1e.com
  • AD domain for the Tachyon Server and user accounts, but Agent devices can be in workgroups or other domains
  • SMTP email server - See Design considerations - Email Requirements for more details
  • A PKI which serves the Tachyon Server and all Agent devices
  • Your CA(s) are able to issue certificates with a CRL DP that supports HTTP or HTTPS

Remote SQL

If using a remote SQL Server in a test environment, and you want to configure the Tachyon Server to support more than 500 devices, then you can either ignore the warning that you should have an additional network interface used for SQL traffic, or you can install and configure an additional network interface as described in Preparation - Configure a persistent route for SQL traffic.

PKI notes

If you have an existing PKI and have just added a new CDP to support HTTP/S then you will need to re-issue certificates to your servers and devices.

Tachyon deliberately does not work with self-signed certificates for security reasons. Therefore Tachyon Agent or Server cannot be installed on the same server as a Root CA, because its certificate is self-signed.

Tachyon uses TLSv1.2. If your PKI is using SHA512 then please ensure that your environment has relevant updates applied, as described in KB2973337. See Enabling SHA-512 to work with TLSv1.2.

If you want Tachyon to manage legacy OSs that Microsoft no longer supports there may be issues with encrypted certificates described in Constraints of Legacy OS.

Quick start Tachyon servers

These are the servers required by Tachyon in addition to quick start infrastructure.

ServerSoftwareHardware
Tachyon Server

Windows Server 2012 R2

Full .NET Framework 4.5.1 or later

1 CPU Core, 1GB RAM if Web Server only.

2 CPU Core, 2GB RAM if using combined Web and SQL Server.

SQL Server

SQL Server 2016 Standard and Enterprise

1 CPU Core, 1GB RAM if SQL Server only.

Server(s) can be physical or virtual, and must be domain joined.

If using any other version of Windows OS or SQL Server, or more detail is required, please refer to Server Specifications in the main Design Considerations section, and Server Provisioning in the main Preparation section

If using a firewall on the Tachyon Server then ensure the following incoming ports are open:

  • Website HTTPS 443
  • Switch Port 4000

If more detail is required, refer to Communication Ports in the Reference section.

DNS Name

Create the DNS Name for the Tachyon Server, for example tachyon.acme.local

This can be a CNAME or a (A) Host record.

This DNS Name is used in the Web Server certificate that needs to be installed on the Tachyon Server.

Install IIS

Run the following PowerShell script on the Tachyon Server. Do this even if IIS is already installed because it will ensure all the required features and roles are installed.

If more detail is required, refer to IIS Configuration in the main Preparation section.


 View RolesInstall.ps1 ...

Download...

Configure IIS using PowerShell
Import-Module ServerManager

Get-WindowsFeature | Out-file $PSScriptRoot\ServerManager-1.txt -Append

Install-WindowsFeature Web-Server,
# Web-Basic-Auth,
Web-IP-Security,
Web-Windows-Auth,
Web-Asp-Net45,
Web-Mgmt-Console,
Net-Framework-45-Core,
Net-Framework-45-ASPNET

Uninstall-WindowsFeature Web-DAV-Publishing
   
Get-WindowsFeature | Out-file $PSScriptRoot\ServerManager-2.txt -Append
Include Web-Basic-Auth if you will be installing 1E ITSM Connect.

Request a Web Server certificate

You will need to have requested a Web Server certificate from your Certificate Authority. To get the certificate in your organization you will have either:

  • Submitted a CSR and received a password protected PFX file
  • Used the Certificate Enrollment wizard to request a suitable Web Server certificate.

Once the Web Server certificate has been provided it must be imported into the Tachyon Server's local computer Personal Certificates store.

Each server that has Tachyon Server components installed requires its own Web Server certificate (with the exception of a remote SQL Server). This certificate is also used by the Tachyon Switch, therefore a single-server installation requires only one Web Server certificate. This certificate must be provided prior to installation of Tachyon on the server.

The Web Server certificate requires the minimum of the following:

  1. Issued by a trusted Certificate Authority (CA)
    • The certificate for the Root CA in the Certification Path must exist in the Trusted Root CA store
    • If the issuing CA is not the Root CA then the certificate for the issuing CA and any intermediate CA in the Certification Path must exist in the Intermediate CA store
    • The above CA certificates must exist on the Tachyon Web Server and Windows Agent devices
    • The above CA certificates will be exported and included in the PEM file used by the Switch and any non-Windows Agent devices
  2. Has at least the following Key Usage.
    • Digital signature
    • Key encipherment
  3. Has at least the following Enhanced Key Usages.
    • Server Authentication
  4. Private key must be available.
    • In Microsoft terminology, this means that the certificate allows the private key to be exported. The exported certificate is used by the Switch.
  5. Revocation information is included.
    • References at least one CRL Distribution point that uses HTTP.
  6. The certificate is issued with its fields set to one of the following options. Option 2 is typical.
The default template Web Server available with a Microsoft PKI is suitable for requesting a Tachyon Web Server certificate provided you enable Make private key exportable.
FieldsOption 1Option 2

Subject Common Name Field (subject:commonName)

The DNS Alias FQDN of the server

Example: CN=TACHYON.ACME.LOCAL

The hostname FQDN of the server

Example: CN=ACME-TCN01.ACME.LOCAL

Subject Alternative Name Extension (extensions:subjectAltName), type dnsName

The DNS Alias FQDN of the server

Example: DNS Name=TACHYON.ACME.LOCAL

The DNS Alias FQDN of the server

Example: DNS Name=TACHYON.ACME.LOCAL

Subject Alternative Name Extension (extensions:subjectAltName), type dnsName

The hostname FQDN of the server

Example: DNS Name=ACME-TCN01.ACME.LOCAL


Example


 Sample screenshots...

 

 

Get the Tachyon files

You will need to download the following to complete the quick start. These can all be found on the 1E support portal page (https://1eportal.force.com). You will need to provide your support login details to access this page.

FileDescription
Tachyon ServerDownloads a zip file containing the Tachyon.Setup.exe and TachyonServer.msi used to install the Tachyon Server
Tachyon Windows AgentDownloads a zip file containing the Tachyon-x64.msi and Tachyon-x86.msi files used to install the Tachyon Agent on Windows devices.
Tachyon Product PacksDownloads a zip file containing the Tachyon starter Product Packs, including 1E-TachyonPlatform.zip used later on in this Quick Start guide for verifying Tachyon installations.

Quick start Agent devices

The Tachyon Agent is supported on the following Windows OS in a quick start environment.

  • Windows Server 2019
  • Windows Server 2016
  • Windows Server 2012 R2
  • Windows 10 CB 1903
  • Windows 10 CB 1809
  • Windows 10 CB 1803
  • Windows 10 CB 1709
  • Windows 10 CB 1703
  • Windows 8.1

If using any other OS then please refer to Supported Platforms and Agent installation pages in the Reference section.

Tachyon users on the Agent devices can connect to the Tachyon Explorer portal using any of the following browsers:

Latest version of:

  • Google Chrome
  • Internet Explorer 11
  • Microsoft Edge
  • Mozilla Firefox

PowerShell is used by some Tachyon Product Packs. If more detail is required, refer to PowerShell on Windows OS in the main Design considerations section.

Each device requires a certificate with the following properties, in order for the Tachyon Agent to be authenticated by the Tachyon Switch.

  1. Issued by a trusted Certificate Authority (CA)
    • The certificate for the Root CA in the Certification Path must exist in the Trusted Root CA store
    • If the issuing CA is not the Root CA then the certificate for the issuing CA and any intermediate CA in the Certification Path must exist in the Intermediate CA store
    • If the above CA certificates are different to those used by the Tachyon Web Server, they will need to be exported and then
      1. imported on the Tachyon Web Server
      2. included in the PEM file used by the Tachyon Switch
  2. Has at least the following Enhanced Key Usage
    • Client Authentication
  3. Has a private key
    • For a non-Windows device, this must be exportable
  4. Revocation information is included.
    • References at least one CRL Distribution point that uses HTTP.
  5. Has a Subject Name of type Common Name (CN=<hostname>) or Subject Alternative Name (DNS Name=<hostname>) where <hostname> depends on the type of device:
    • On domain-joined Windows PCs this must be the hostname FQDN of the computer, for example W701.ACME.LOCAL
    • On workgroup Windows PCs and non-Windows devices, this must be the hostname of the computer - as returned by the hostname command, for example on Windows PC this could be W701, and on a Mac this could be MAC01.local

The Agent device's certificate is stored differently depending on the type of OS.

  • For Windows devices, the certificate is stored in the Windows Local Computer personal certificates store. 
  • For non-Windows devices, the Tachyon Agent does not use proprietary certificate stores. Instead the Agent requires the certificate exists as a PFX in the Agent installation folder structure (see non-Windows Device Certificate).

Quick start user accounts

For simplicity in the quick start guide we use just two user accounts, the installation account and another global administrator account.

Note

To get things up and running quickly in a lab environment you may want to make use of the global administrator role. This will help minimize the number of users required for an evaluation and reduce the initial configuration required.

To further minimize the number of users needed, you can also enable the Windows account used to install Tachyon to assume the Tachyon global administrator role. The installation account is added as the system principal user in Tachyon by the installer and it's Tachyon permissions are locked down by default. You can allow it to assume the global administrator role using the following steps:

  1. Create a Tachyon user from an existing AD security group
  2. Apply the Tachyon global administrator role to the user
  3. Add the installation account to the AD security group.

In the short term it's fine to make use of global administrators in this way, but this practice is not really suitable for large scale deployments and should be used with care for the following reasons:

  • The global administrator role has permissions to do everything in Tachyon. It has across the board permissions to all Instruction Sets and therefore can be used to run actions that can have a major impact on your network.
  • The global administrator accounts receive emails for all the transactions that are performed by Tachyon.

For the purposes of the quick start, which uses two-factor authentication, each account must have its AD account configured with an email address.

If two-factor authentication is enabled (as it is by default) email is required for any user who intends to run an action, in this case TCNInstaller01.

Using just the following accounts we can perform all the installation, Tachyon administration, verification questions, actions and approval tasks shown in this quick start guide.

AccountDescriptionTachyon roles
TCNInstaller01

Server installation account, used to install Tachyon Server and configure initial security user and roles settings.

This account requires the following rights:

  • Full Administrator rights on the Tachyon Server
  • Sysadmin rights on the SQL Server instance

This account should be a member of the TCNGAdministrators group

The roles for this account cannot be changed directly, but this account may be added to AD groups with other Tachyon permissions assigned.
TCNAdmin01

A user account that will be used in combination with the TCNInstaller01 user to enable the request and approval of actions.

No direct Tachyon roles applied to this account.
TCNGAdministratorsAn AD Universal group with two members: TNCInstaller01 and TCNAdmin01.Global Administrators role.

Install

Tachyon Server

in the folder where your TachyonServer.msi is located. In our example we will also locate the Tachyon.lic file in the same installation directory.

Logon to the server using the server installation account TCNInstaller01.

Install interactively using Tachyon.Setup.exe using the following steps, as shown in the animation opposite:

Launch the Tachyon Setup wizard by double-clicking on Tachyon.Setup.exe. Then fill out the screens of the wizard using the following information:

ScreenActions
Welcome

Click Next to skip to the next screen.

Documentation

This page provides some links to some online information about Tachyon. Click Next to skip to the next screen.

License AgreementAccept the license agreement by checking the I accept the terms of the license agreement checkbox and click Next
Select Features

This screen lets you select which Tachyon features you want to install. The quick start example installs all the Tachyon Server components onto a single-server with the databases on a remote SQL instance, so ensure that the Install all components on a single server option is selected and then click Next.

Check prerequisites

This screen performs prerequisite checks on the local server and user account.

Click Start Checking to start the checks.

If any of the checks fail Tachyon Setup may be able to install the missing prerequisites. To install these click the Install missing prereqs. button.

Not all prerequisite checks have automated fixes. If your environment fails a check and the Install missing prereqs. button has not been enabled you will need to fix the conditions for that check by hand.

You can click Check Again to re-run the checks once any remediation steps have been made.

Select certificate

This screen displays a list of certificates from the Local Computer\Personal certificate store, select the certificate created earlier, as described in the Request a Web Server certificate heading. Tachyon Setup will then evaluate the suitability of the selected certificate according to how specific properties of the certificate have been configured.

In this quick start example we select the certificate with the friendly name of Tachyon Web Certificate, which happens to be the only certificate available, confirm that all checks pass and click Next to continue.

Manage Trusted Authorities

As all the Tachyon Agents in the quick start example use the same certificate authority you can skip this screen by clicking Next to continue.

License FileEnter the location for your Tachyon Server Tachyon.lic license file, or click Browse to locate the file using the system file browser, then click Next.
Database Servers

Select the SQL server instance name for both the Master and Responses databases. In the quick start example these will both be installed on the ACME-SQL01 instances. It's also a good idea to click the Validate button to ensure that the specified instance is valid before continuing by clicking Next.

Number of devicesEnter the number of devices that matches your license key. In the quick start example this is set to 50 by virtue of the Tachyon.lic file selected on the License File screen. This can be changed from the default but should not be set larger than your permitted licenses.
Switch ConfigurationThe default switch configuration displayed is determined by the number of devices set on the Number of devices page. For the quick start we leave this as the suggested default. In the quick start example we click Validate to check that the selected configuration is appropriate, all the checks pass so we then click Next to continue.
Website Configuration

Verify the following:

HTTP Host HeaderHostname FQDN of the Tachyon Server. In the quick start example this is set to ACME-TCN01.acme.local.
HTTP Port80
HTTPS Host HeaderDNS Name FQDN of the Tachyon Server. In the quick start example this is set to TACHYON.acme.local.
HTTPS Port443
IP Address*

In the quick start example we click Validate to check that the options are valid and then click Next to continue.

Active Directory and Email

Enter the following:

Active DirectoryGC://
Enable email

ONLY enable this if you have a working email system which supports SMTP.

Emails are used to inform approvers of pending notifications, and users of pending results expiry.

SMTP ServerFQDN of your SMTP gateway. In the quick start example this is ACME-EXC01.ACME.LOCAL.
SMTP Port25
Mail FromMail-from email address used by the Tachyon Server when it sends emails to users. In the quick start example this is set to Tachyon@acme.local.
Enable two-factor authentication

ONLY enable this if you have a working email system which supports SMTP.

Emails are used to send authentication codes to users who submit actions.

In the quick start example we click Validate to check that the options are valid and then click Next to continue.

Ready to installHaving entered all the necessary values, click the Install ! button to begin the installation.
Installation results

Installation results displays the log messages from the installer as they occur.

Confirm that the installation has succeeded by checking that the concluding log message says: The installer exited and reported successful completion then click Next.

Post-installation checks

Run the post-installation checks by clicking the Start checking button. Confirm that all checks pass.

If you get green ticks all the way down then your Tachyon Server installation has been successful and you can now close the Tachyon Setup wizard by clicking the Close button.

If any of the checks failed you can see more information about the check in the Info column. Which you can then use in combination with the Troubleshooting section to help track down the cause of the issue.

If more detail on the Tachyon Setup wizard is required, see Tachyon Setup in the main Installation section.

Tachyon Agents

When installing a Tachyon Agent the following installation settings are mandatory and must be supplied. Other Tachyon Agent configuration settings are optional and have been assigned default values.

The following properties can be entered manually when installing from the Windows Installer wizard. Alternatively, the properties can be included as part of a Windows msiexec command-line launch.

PropertyMandatorySetting
BACKGROUNDCHANNELURLYes

Set to the previously configured Tachyon DNS Name FQDN. From version 3.1 onwards you will also need to specify the port and the rest of the background channel URL. By default the port is set to 443. In our example this would be set to:

https://TACHYON.ACME.local:443/Background/

SWITCH

Yes

Set to the previously configured Tachyon DNS Name FQDN. From version 3.1 onwards you will also need to specify the port. By default this is set to 4000. In our example this would be set to:

TACHYON.ACME.local:4000

Here's an example Windows Tachyon Agent installer command-line:

msiexec /i Tachyon-x64.msi SWITCH="tachyon.acme.com:4000" BACKGROUNDCHANNELURL="https://tachyon.acme.com:443/Background/" /qn /l*vx C:\Windows\temp\tachyon-install.log

Example command-line with the Shopping module enabled, and not connected to any Tachyon Server:

msiexec /i Tachyon-x64.msi SWITCH=none BACKGROUNDCHANNELURL=none MODULE.SHOPPING.ENABLED=true MODULE.SHOPPING.SHOPPINGCENTRALURL="http://appstore.acme.local/shopping" MODULE.SHOPPING.LOOPBACKEXEMPTIONENABLED=true /qn /l*vx C:\Windows\temp\tachyon-install.log

Use Tachyon-x64.msi for 64-bit Windows and Tachyon-x86.msi for 32-bit Windows. For non-Windows platforms, platform specific packages for Linux, Solaris and Mac are available.

When installing interactively through the Windows installer wizard, logon using an account that has local administrator rights.

For further details including how to deploy the Tachyon Agent to a non-Windows platform, see Deploying Tachyon Agents in the main Installation section.

Export all responses feature

This step is optional, only if you require this feature. Please refer to Tachyon Server post-installation tasks - Configure the Tachyon Server to support the Export all responses feature for more details.

Configure

Set security roles

After installation you will only be able to log onto the Tachyon Explorer using the installation account. This account is purposefully restricted to just allowing the configuration of security roles. So the first step must be to add other users to access the other capabilities of Tachyon.

Users for administration

We suggest that you add a user or group to handle the administration tasks for your evaluation environment.

Users for performing actions

To perform actions you will need at least two other users. One an actioner and the other an approver, otherwise you won't be able to perform actions.

A Tachyon AD group tutorial

For this quick start guide we use two specific accounts and a security group to assign to the roles we need. You may want to use AD groups to define Tachyon access and we have provided a complete tutorial on adding users and roles via AD groups, on the Configuring Access Rights - Tutorial page, which you may find useful.

Configure quick start users

At this point we will configure the user accounts, as listed in Quick start guide user accounts, to their different roles in Tachyon.

Using these accounts the user roles configuration is done via the following steps:

  1. Logon to Tachyon using the installation account. The Tachyon Explorer website will be available after installation via the Tachyon DNS Name FQDN, configured during the prepare phase of the quick start. In our quick start environment this is tachyon.acme.local. So the URL for the Tachyon Explorer is:

    https://tachyon.acme.local/Explorer

  2. After logging in, navigate to the Administration Permissions page
  3. Add the TCNGAdministrators group and set their role (as shown in the animation opposite):
    1. Click on the add user icon 
    2. Enter some text (for example, TCNGAdm) that matches the user name and click Search to locate the user in AD
    3. Select the matching TCNGAdministrators group and click Ok
    4. Click the Add role button
    5. Select Global Administrators from the Role list
    6. Click the Save and Add button to save the user

In our example, the next time the TCNInstaller01 account logs on to Tachyon they will then have all the permissions related to Global Administrators and will therefore be able to see all of the pages in Tachyon Explorer.

Configure verification instructions

The following steps for uploading product packs, creating a new instruction set and moving instructions into an instruction set are illustrated in the animation shown opposite.

Uploading product packs

Before you can do anything with Tachyon, other than administration, you will need to add product packs. These are zip files containing instruction definitions for questions and actions.

  1. Log on to Tachyon with the TCNInstaller01 global administrator account setup during the previous steps
  2. Navigate to the Administration Instruction sets page
  3. Locate the product pack zip files on your local hard drive
  4. Drag the 1E-TachyonPlatform.zip file onto the dropzone at the top of the Administration Instruction sets page, as shown illustrated in the animation opposite.

Creating a new instruction set

All the instructions contained in the zip file will initially be added to the default Unassigned instruction set. Instructions in the Unassigned instruction set cannot be used, so first you will need to create a new instruction set and then move the instructions you want to use there.

  1. Select the instructions you want to add to the new set, by clicking the checkbox at the start of each instruction row in the list
  2. Click the New set button in the button panel to the right of the page, this is only available if a selection has been made from the list
  3. In the New set from selected instructions popup subsequently displayed, type in a suitable name, in our case this will be Verification
  4. Ensure that the Include selected checkbox is checked
  5. Click the Create button to define the new instruction set, with the selected instructions already added

Use

Using Tachyon

Having configured the users who will access Tachyon we can now go on to demonstrate the basic functionality of Tachyon including: viewing connected devices, asking a question and seeing the responses, requesting to perform an action and the associated approval process.

Viewing connected devices

Perhaps one of the first things you should do after installing and configuring the role-based access to Tachyon is to check what devices are connected. This gives you instant feedback on whether the Tachyon Agent devices have been installed correctly and are able to communicate back to Tachyon.

In our quick start example we log on to Tachyon as TCNInstaller01 to view the Devices page, as shown in the animation opposite. Here, as you can see, all the devices are shown as online so there are no issues.

The quick start example

To illustrate the workflow for asking questions, filtering responses and performing follow-up actions we will use a simple example where we ask the Tachyon Platform verification stage 1 question. We'll then run the Tachyon Platform verification stage 2 action to complete the verification.

Asking a question

The first step in the example is to ask the question and view the responses in the Tachyon Explorer. The question we want to ask is Tachyon Platform verification stage 1. The following steps show how to select and ask the question then view the responses. Still logged on as the TCNInstaller01 account, the steps are shown in the animation opposite and are as follows:

  1. On the Administration Instruction sets page check the instructions from the 1E-TachyonPlatform.zip file, loaded earlier and then added to the Verification instruction set. You will see the two instructions; the stage 1 question and the stage 2 action.
  2. Having reviewed the two instructions, click on Home to view the Home page.
  3. Type some words from the name of the stage 1 question into the Tachyon Explorer field. This will display a list of questions that match the text. You can use the All questions button to browse the questions, but if you roughly know the name this is a very quick means of getting to the question you want. In our example we type Stage 1 then select the Tachyon Platform verification stage 1 question from the list of matches.
  4. The question is added to the explorer window. Depending on the question you may need to set some attributes and for all questions you can set parameters, such as the duration, coverage and question filters. In our example this simple question has no attributes and will be asked of all the devices with no filtering, so you can scroll to the bottom of the page and click the Ask this question button directly.
  5. The question gets asked of all the Tachyon Agent devices. If they are currently connected they will respond immediately. If they are offline they will respond if they connect within the duration of the question. In our example all the devices are currently connected, so the responses come back immediately.

Performing a follow-up action

Having run the stage 1 question we can now select and run the stage 2 action .

To do this:

  1. Click the Actions tab on the Responses page for the Stage 1... question
  2. In the edit field of the Action tab type stage 2 and select the Tachyon Platform verification stage 2 action from the list displayed.
  3. Run this action with default parameters by clicking the Perform this action button. Doing this triggers the action approval workflow.
  4. Tachyon will ask you to confirm your user name and password credentials. This is a safeguard to prevent actions from being run on unlocked devices where you are temporarily absent.
  5. By default, if email has been configured, Tachyon provides two-factor authentication - so after the credentials have been set and the Confirm and send button is clicked, you will see that the instruction requires authentication. You will then need to check your email for the authentication code.
  6. After retrieving the authentication code, return to Tachyon and enter it into the prompt. The instruction will then go into a pending approval state and a notification will be sent to the approver. As a further safeguard, Tachyon actions cannot be approved by the person requesting the action. In our example this means that TCNInstaller01 cannot approve their own action, approval must be done by the other user TCNAdmin01.
  7. The approver will receive an email saying that the action is pending their approval. If the approver logs on to Tachyon using the link provided in the email, they will be directed to their Notifications page.
  8. Scrolling to the bottom of the Notifications page the approver gets an opportunity to provide a comment for their approval or rejection decision. If they want to approve the action they must first check the I understand approving my request impacts my IT environment checkbox and then click the Approve button. In our example TCNAdmin01 enters a suitable comment, checks the box and clicks Approve to approve the service start action.
  9. The approver is then immediately notified that their decision has been implemented.
  10. At the same time Tachyon also enables the action to go ahead. In our example the results of running the action are displayed showing that the specified service has been started. 

These steps are illustrated in the animation opposite.

In conclusion

In this quick start guide we've shown how to configure an example environment, how to implement the Tachyon Server and Agents onto the environment, how to configure the Tachyon users and import product packs. Finally we've shown those users accessing the Tachyon Explorer to investigate the devices that are currently connected and then asking a question and performing and approving an action.

Next Steps

You can download product packs containing more instructions from the Tachyon Exchange, and ask questions in Tachyon Forum.

If you want to develop your own custom Tachyon instructions, or modify those of other authors, then you will need to sign them using your own code signing certificate so that they can be licensed, imported and run in your Tachyon system. You don't need to do this for instructions that are provided with the product or that have been downloaded from the Tachyon Exchange as they've already been code signed and licensed using the Platform and Exchange certificates from 1E.

Ideally all of your Tachyon instruction developers should share a single code signing certificate between them. Each code signing certificate must be registered in your Tachyon license and associated with your organisations instruction name prefix. When you have chosen your prefix and have your code signing certificate(s) you then need to send details of these to 1E, who will update your Tachyon license. This will then automatically activate on your Tachyon Server (assuming it has connection to the Internet).

For a detailed step-by-step process, please refer to Setting up custom Tachyon Instructions for the first time.

The Tachyon SDK is where you can find comprehensive resources for using Tachyon Instruction Management Studio (TIMS) and authoring your instructions.