Summary

How to quickly install, configure and run Tachyon for first use in a small scale lab, evaluation or pilot environment. To simplify things, this quick start assumes a simple design in which you will be installing Tachyon components on a single web server, with SQL Server installed either locally or remote (split). When implementing in a more complex environment you should instead follow the design, install and verify phases described in the Implementing Tachyon section.

This quick start is intended only for a fresh install. For upgrading or replacing an existing Tachyon system with Tachyon 4.0, please see Upgrading Tachyon.

There are four stages to the Tachyon quick start. Each of these stages touch upon the design, install and verify phases described in the Implementing Tachyon section.

Verifying Tachyon

This quick start provides an outline to installing, configuring and verifying a Tachyon system that is suitable for a lab-type environment. After the Prepare and Install sections, the Configure and Use sections provide steps that will verify the following aspects of the Tachyon system installation:

  1. Configure quick start users - confirms integration with Active Directory and the basic RBAC capabilities of Tachyon.
  2. Configure verification instructions - confirms the basic functionality for importing instruction definitions into Tachyon as well as confirming that licensing is working appropriately.
  3. Viewing connected devices - confirms that the Tachyon certificates have been correctly configured
  4. Asking a question - confirms that the Tachyon Agent communications are working
  5. Performing a follow-up action - confirms that two-factor authentication, email connections and the approval workflow are working. The stage 2 verification action also checks that the agent download mechanism is working and that the background channel has been correctly configured.

This run through of the basic Tachyon functionality listed above works as a verification of the installation of Tachyon in a lab environment. If you see any issues when running through these steps please check the Troubleshooting section for a list of known issues. For production environments a more formal verification process that uses the same 1E-TachyonPlatform.zip file as used in this quick start guide is provided on the Verifying page.

To run through the evaluation, you will need to ensure all prerequisites are met and prepare the installation environment.

With all server prerequisites met you can proceed with installation. First install the Tachyon Server, then follow by installing the Tachyon Agents.

Configure who has access to use Tachyon, and install Product Packs.

Once the Agents are reporting into the Server, you can use the Tachyon Explorer to start the evaluation.

Prepare

This quick start assumes a simple design in which you will be installing Tachyon components on a single web server, with SQL Server installed either locally or remote (split).

A summary of the preparation tasks:

  1. Obtain a suitable license file for the Tachyon web server
  2. Review your quick start infrastructure
  3. Prepare the quick start Tachyon server(s)
  4. Create the DNS Name
  5. Install IIS roles, role services and features on the Tachyon Server
  6. Obtain and install the Tachyon Server's web certificate
  7. Get the Tachyon files that will be used to complete the quick start
  8. Export the web certificate and use the 1E Tachyon CertPrep tool to create the Switch certificate files
  9. Prepare the quick start Agent devices
  10. Create the quick start user accounts

The below process assumes your quick start environment has a Microsoft Enterprise CA and you are familiar with how to:

  • configure your CA to use a CRL DP that supports HTTP or HTTPS
  • publish a Web Server certificate template or issue a PFX
  • use certlm.msc or the mmc certificates snap-in to request a web server certificate
  • deploy computer certificates to clients, optionally using auto-enrollment

Quick start infrastructure

A Tachyon system consists of:

  • Tachyon Server, which includes the Tachyon Switch component and website, hosted on an IIS web server
  • SQL Server instance, which hosts the Tachyon Master and Responses databases, can be local or remote (split)
  • Tachyon Agents on supported devices
  • Browsers used by Tachyon users and administrators to access the Tachyon Explorer and Admin portal

Your environment also requires:

  • A correctly routed network environment where each device is configured with a genuine default gateway
  • The server where Tachyon Web Server will be installed also needs internet access so that the licensing will work, specifically to  https://license.1e.com
  • AD domain for the Tachyon Server and user accounts, but Agent devices can be in workgroups or other domains
  • SMTP email server - See Design considerations - Email Requirements for more details
  • A PKI which serves the Tachyon Server and all Agent devices
  • Your CA(s) are able to issue certificates with a CRL DP that supports HTTP or HTTPS

Remote SQL

If using a remote SQL Server in a test environment, and you want to configure the Tachyon Server to support more than 500 devices, then you can either ignore the warning that you should have an additional network interface used for SQL traffic, or you can install and configure an additional network interface as described in Preparation - Configure a persistent route for SQL traffic.

PKI notes

If you have an existing PKI and have just added a new CDP to support HTTP/S then you will need to re-issue certificates to your servers and devices.

Tachyon deliberately does not work with self-signed certificates for security reasons. Therefore Tachyon Agent or Server cannot be installed on the same server as a Root CA, because its certificate is self-signed.

Tachyon uses TLSv1.2. If your PKI is using SHA512 then please ensure that your environment has relevant updates applied, as described in KB2973337. See Client issues: Enabling SHA-512 to work with TLSv1.2.

If you want Tachyon to manage legacy OSs that Microsoft no longer supports there may be issues with encrypted certificates described in Constraints of Legacy OS.

Quick start Tachyon servers

These are the servers required by Tachyon in addition to quick start infrastructure.

ServerSoftwareHardware
Tachyon Server

Windows Server 2012 R2

Full .NET Framework 4.5.1 or later

1 CPU Core, 1GB RAM if Web Server only.

2 CPU Core, 2GB RAM if using combined Web and SQL Server.

SQL Server

SQL Server 2016 Standard and Enterprise

1 CPU Core, 1GB RAM if SQL Server only.

Server(s) can be physical or virtual, and must be domain joined.

If using any other version of Windows OS or SQL Server, or more detail is required, please refer to Server Specifications in the main Design Considerations section, and Server Provisioning in the main Preparation section

If using a firewall on the Tachyon Server then ensure the following incoming ports are open:

  • Website HTTPS 443
  • Switch Port 4000

If more detail is required, refer to Communication Ports in the Reference section.

Install SQL Server 2012 Native Client


DNS Name

Create the DNS Name for the Tachyon Server, for example tachyon.acme.local

This can be a CNAME or a (A) Host record.

This DNS Name is used in the Web Server certificate that needs to be installed on the Tachyon Server.

Install IIS

Run the following PowerShell script on the Tachyon Server. Do this even if IIS is already installed because it will ensure all the required features and roles are installed.

If more detail is required, refer to IIS Configuration in the main Preparation section.

 View RolesInstall.ps1 ...

Download...

Configure IIS using PowerShell
Import-Module ServerManager

Get-WindowsFeature | Out-file $PSScriptRoot\ServerManager-1.txt -Append
Install-WindowsFeature Web-Server,
Web-Dyn-Compression,
# Web-Basic-Auth,
Web-IP-Security,
Web-Windows-Auth,
Web-Asp-Net45,
Web-Mgmt-Console,
Net-Framework-45-Core,
Net-Framework-45-ASPNET

Uninstall-WindowsFeature Web-DAV-Publishing
   
Get-WindowsFeature | Out-file $PSScriptRoot\ServerManager-2.txt -Append
Include Web-Basic-Auth if you will be installing 1E ITSM Connect.


Request a Web Server certificate

You will need to have requested a Web Server certificate from your Certificate Authority. To get the certificate in your organization you will have either:

  • Submitted a CSR and received a password protected PFX file
  • Used the Certificate Enrollment wizard to request a suitable Web Server certificate.

Once the Web Server certificate has been provided it must be imported into the Tachyon Server's local computer Personal Certificates store.

Each server that has Tachyon Server components installed requires its own Web Server certificate (with the exception of a remote SQL Server). This certificate is also used by the Tachyon Switch, therefore a single-server installation requires only one Web Server certificate. This certificate must be provided prior to installation of Tachyon on the server.

The Web Server certificate requires the minimum of the following:

  1. Issued by a trusted Certificate Authority (CA)
    • The certificate for the Root CA in the Certification Path must exist in the Trusted Root CA store
    • If the issuing CA is not the Root CA then the certificate for the issuing CA and any intermediate CA in the Certification Path must exist in the Intermediate CA store
    • The above CA certificates must exist on the Tachyon Web Server and Windows Agent devices
    • The above CA certificates will be exported and included in the PEM file used by the Switch and any non-Windows Agent devices
  2. Has at least the following Key Usage.
    • Digital signature
    • Key encipherment
  3. Has at least the following Enhanced Key Usages.
    • Server Authentication
  4. Private key must be available.
    • In Microsoft terminology, this means that the certificate allows the private key to be exported. The exported certificate is used by the Switch.
  5. Revocation information is included.
    • References at least one CRL Distribution point that uses HTTP.
  6. The certificate is issued with its fields set to one of the following options. Option 2 is typical.
The default template Web Server available with a Microsoft PKI is suitable for requesting a Tachyon Web Server certificate provided you enable Make private key exportable.
FieldsOption 1Option 2

Subject Common Name Field (subject:commonName)

The DNS Alias FQDN of the server

Example: CN=TACHYON.ACME.LOCAL

The hostname FQDN of the server

Example: CN=ACME-TCN01.ACME.LOCAL

Subject Alternative Name Extension (extensions:subjectAltName), type dnsName

The DNS Alias FQDN of the server

Example: DNS Name=TACHYON.ACME.LOCAL

The DNS Alias FQDN of the server

Example: DNS Name=TACHYON.ACME.LOCAL

Subject Alternative Name Extension (extensions:subjectAltName), type dnsName

The hostname FQDN of the server

Example: DNS Name=ACME-TCN01.ACME.LOCAL


Example


 Sample screenshots...

 

 

Get the Tachyon files

You will need to download the following to complete the quick start.

Server installers

The TachyonPlatform zip file can be downloaded from the 1E support portal page (https://1eportal.force.com). Extracting the zip will create a folder structure containing the following, where highlighted files are required by Tachyon Setup.

  • Licenses.txt
  • Tachyon Release Information.html
  • Tachyon.Setup.exe
  • Installers\1ECatalog.msi
  • Installers\SLA.BI.Installer.msi
  • Installers\SLA.Platform.Installer.msi
  • Installers\TachyonCertificateManager.exe
  • Installers\TachyonServer.msi
  • Installers\TachyonToolkit.msi
  • Installers\Apps\Explorer\Explorer.zip
  • Installers\Apps\Explorer\metadata.json
  • Installers\Apps\GuaranteedState\GuaranteedState.zip
  • Installers\Apps\GuaranteedState\metadata.json
  • Installers\Apps\PatchSuccess\metadata.json
  • Installers\Apps\PatchSuccess\PatchSuccess.zip
  • Installers\Apps\Settings\metadata.json
  • Installers\Apps\Settings\Platform.zip
  • PolicyTool\delete_all.bat
  • PolicyTool\Export_All.bat
  • PolicyTool\import_all.bat
  • PolicyTool\log4net.dll
  • PolicyTool\Newtonsoft.Json.dll
  • PolicyTool\Tachyon.Policy.exe
  • PolicyTool\Tachyon.Policy.exe.config
  • PolicyTool\Tachyon.Policy.exe.RoslynCA.json
  • PolicyTool\Tachyon.SDK.Consumer.dll
  • PolicyTool\Fragments\1E-GuaranteedState-*.xml
  • PolicyTool\Policies\Policy-Windows Client Health.xml
  • PolicyTool\Rules\Rule-*.xml
  • PolicyTool\TriggerTemplates\TriggerTemplate-*.xml

Agent installers

The TachyonAgent zip file contains the following files used to install the Tachyon Agent on Windows devices:

  • Tachyon-x64.msi
  • Tachyon-x86.msi 

Product Packs

The TachyonProductPacks zip file cotains the following product pack zips necessary to complete configuration and verification

  • 1E-ConfigMgrConsoleExtensions.zip
  • 1E-Explorer-TachyonAgent.zip
  • 1E-PatchSuccess.zip
  • 1E-TachyonPlatform.zip

Quick start Agent devices

The Tachyon Agent is supported on the following Windows OS in a quick start environment.

  • Windows Server 2019
  • Windows Server 2016
  • Windows Server 2012 R2
  • Windows 10 CB 1903
  • Windows 10 CB 1809
  • Windows 10 CB 1803
  • Windows 10 CB 1709
  • Windows 10 CB 1703
  • Windows 8.1

If using any other OS then please refer to Supported Platforms and Agent installation pages in the Reference section.

Tachyon users on the Agent devices can connect to the Tachyon Explorer portal using any of the following browsers:

Latest version of:

  • Google Chrome
  • Internet Explorer 11
  • Microsoft Edge
  • Mozilla Firefox

PowerShell is used by some Tachyon Product Packs. If more detail is required, refer to PowerShell on Windows OS in the main Design considerations section.

Each device requires a certificate with the following properties, in order for the Tachyon Agent to be authenticated by the Tachyon Switch.

  1. Issued by a trusted Certificate Authority (CA)
    • The certificate for the Root CA in the Certification Path must exist in the Trusted Root CA store
    • If the issuing CA is not the Root CA then the certificate for the issuing CA and any intermediate CA in the Certification Path must exist in the Intermediate CA store
    • If the above CA certificates are different to those used by the Tachyon Web Server, they will need to be exported and then
      1. imported on the Tachyon Web Server
      2. included in the PEM file used by the Tachyon Switch
  2. Has at least the following Enhanced Key Usage
    • Client Authentication
  3. Has a private key
    • For a non-Windows device, this must be exportable
  4. Revocation information is included.
    • References at least one CRL Distribution point that uses HTTP.
  5. Has a Subject Name of type Common Name (CN=<hostname>) or Subject Alternative Name (DNS Name=<hostname>) where <hostname> depends on the type of device:
    • On domain-joined Windows PCs this must be the hostname FQDN of the computer, for example W701.ACME.LOCAL
    • On workgroup Windows PCs and non-Windows devices, this must be the hostname of the computer - as returned by the hostname command, for example on Windows PC this could be W701, and on a Mac this could be MAC01.local

The Agent device's certificate is stored differently depending on the type of OS.

  • For Windows devices, the certificate is stored in the Windows Local Computer personal certificates store. 
  • For non-Windows devices, the Tachyon Agent does not use proprietary certificate stores. Instead the Agent requires the certificate exists as a PFX in the Agent installation folder structure (see non-Windows Device Certificate).

Quick start user accounts

For simplicity in the quick start guide we use just two Tachyon user accounts, the installation account and another global administrator account.

Note

To get things up and running quickly in a lab environment you may want to make use of the global administrator role. This will help minimize the number of users required for an evaluation and reduce the initial configuration required.

To further minimize the number of users needed, you can also enable the Windows account used to install Tachyon to assume the Tachyon global administrator role. The installation account is added as the system principal user in Tachyon by the installer and it's Tachyon permissions are locked down by default. You can allow it to assume the global administrator role using the following steps:

  1. Create a Tachyon user from an existing AD security group
  2. Apply the Tachyon global administrator role to the user
  3. Add the installation account to the AD security group.

In the short term it's fine to make use of global administrators in this way, but this practice is not really suitable for large scale deployments and should be used with care for the following reasons:

  • The global administrator role has permissions to do everything in Tachyon. It has across the board permissions to all Instruction Sets and therefore can be used to run actions that can have a major impact on your network.
  • The global administrator accounts receive emails for all the transactions that are performed by Tachyon.

For the purposes of the quick start, which uses two-factor authentication, each account must have its AD account configured with an email address.

If two-factor authentication is enabled (as it is by default) email is required for any user who intends to run an action, in this case TCNInstaller01.

Using just the following accounts we can perform all the installation, Tachyon administration, verification questions, actions and approval tasks shown in this quick start guide.

AccountDescriptionTachyon roles
TCNInstaller01

Server installation account, used to install Tachyon Server and configure initial security user and roles settings.

This account requires the following rights:

  • Full Administrator rights on the Tachyon Server
  • Sysadmin rights on the SQL Server instance

This account should be a member of the TCNGAdministrators group

The roles for this account cannot be changed directly, but this account may be added to AD groups with other Tachyon permissions assigned.


TCNAdmin01

A user account that will be used in combination with the TCNInstaller01 user to enable the request and approval of actions.

No direct Tachyon roles applied to this account.
TCNGAdministratorsAn AD Universal group with two members: TNCInstaller01 and TCNAdmin01.Global Administrators role.

Quick start service accounts

The table below describes all the service accounts and were they are used. Where domain accounts are required, you should create separate domain user accounts for each service.

AccountDescription
CATSVC

1E Catalog Update Service account.

Used by the 1E Catalog Update service to connect to the 1E Cloud service via the Internet to download catalog updates and upload anonymous details about newly detected software.

Used by the Catalog web application pool to connect to the 1ECatalog database on the SQL Server database instance.

BISSASSVC

Business Intelligence (BI) SSAS user account.

Used to access the BI cube on the SSAS instance by services on the web server and the linked server on the SQL Server database instance.

SLATACHYON

A Tachyon user account that will be used by the Tachyon Connector which provides the Tachyon Powered Inventory.

This account will be a member of the 1E Inventory custom role which has questioner permissions on the 1E Inventory instructions set. The instruction set contains four Tachyon instructions. You can choose different names for this role and instruction set.

Network Service

On local servers, this is NT AUTHORITY\Network Service; on remote servers, this is: ACME\computer$ where computer is the computer name of the Tachyon Server.

Used by the following for connection to databases on the SQL Server database instance:

  • all web application pools for Tachyon and SLA, except where noted elsewhere in this table
  • all Windows services for Tachyon and SLA except where noted elsewhere in this table

Used by the 1E Tachyon Coordinator service to connect to the 1E License Cloud to validate and activate the Tachyon license.

Used by the System Center Configuration Manager (SCCM) Connector if the connector configuration has Use Windows Authentication enabled instead of a SQL Login.

Local System

Used by the following:

  • 1E Tachyon Switch Host service

Install

Tachyon Server

After obtaining your Tachyon.lic file from 1E you should store it in a secure location. In our example we've placed the Tachyon.lic file in the installation directory where Tachyon.Setup.exe is located.

Logon to the server using the server installation account TCNInstaller01.

Install interactively using Tachyon.Setup.exe using the following steps, as shown in the animation opposite:

Launch the Tachyon Setup wizard by double-clicking on Tachyon.Setup.exe. Then fill out the screens of the wizard using the following information:

ScreenActions
Welcome

Click Next to skip to the next screen.

Documentation

This page provides some links to some online information about Tachyon. Click Next to skip to the next screen.

License agreementAccept the license agreement by checking the I accept the terms of the license agreement checkbox and click Next.
Select configuration

This screen lets you select the configuration you want to install, which determines which components are installed on the server. The quick start example installs all the Tachyon Server components onto a single-server with the databases on a remote SQL instance, so ensure that the All components on a single server option is selected and then click Next.

Check prerequisites

This screen performs prerequisite checks on the local server and user account.

Click Start Checking to start the checks.

If any of the checks fail Tachyon Setup may be able to install the missing prerequisites. To install these click the Install missing prereqs. button.

Not all prerequisite checks have automated fixes. If your environment fails a check and the Install missing prereqs. button has not been enabled you will need to fix the conditions for that check by hand.

You can click Check Again to re-run the checks once any remediation steps have been made.

Server certificate

This screen displays a list of certificates from the Local Computer\Personal certificate store and you select the certificate created earlier, as described in the Request a Web Server certificate heading. Tachyon Setup will then evaluate the suitability of the selected certificate according to how specific properties of the certificate have been configured.

In this quick start example we select the certificate with the friendly name of Tachyon Web Certificate, which happens to be the only certificate available, confirm that all checks pass and click Next to continue.

Client certificates

On this screen you can set whether client certificates are required to be presented by the Tachyon Agents.

If your clients do not have certificates then uncheck the Switches require client certificates to be presented by Tachyon Agents checkbox. If your clients do have certificates issued by different Certificate Authorities than the Tachyon Server certificate, then you must add the public keys for those certs to the CACERT.PEM file used by the Switch.

For the quick start client certificates are required from the Tachyon Agents, and as all the Tachyon Agents in the quick start example use the same certificate authority as the Tachyon Server you can skip this screen by clicking Next to continue.

License File

Enter the location for your Tachyon Server Tachyon.lic license file, or click Browse to locate the file using the system file browser. When the .lic file is selected it will be verified with the Tachyon license server. If everything is ok then click Next.

Database Servers

Select the SQL server instance name for the Tachyon Master and Responses databases as well as the SQL server instance names for the 1E Catalog, SLA and BI databases. In the quick start example these will all be installed on the ACME-SQL01 instances. It's also a good idea to click the Validate button to ensure that the specified instance is valid before continuing by clicking Next.

BI SSAS database settings

Here you enter the SQL Server Analysis Service (SSAS) instance where the BI cube will be created. You also need to set the domain account details for the BI SSAS user. This user will be used to create a linked server for the BI database to access the BI cube and enable BI services on the server to query the cube.

In the quick start example the SSAS instance is set to ACME-SQL01, where an SSAS instance has been setup alongside the SQL Server instance used for the main Tachyon databases. The account name and password for the domain account ACME\BISSASSVC are used.

Number of devicesEnter the number of devices that matches your license key. In the quick start example this is set to 50 by virtue of the Tachyon.lic file selected on the License File screen. This can be changed from the default but should not be set larger than your permitted licenses.
Switch ConfigurationThe default switch configuration displayed is determined by the number of devices set on the Number of devices page. For the quick start we leave this as the suggested default. In the quick start example we click Validate to check that the selected configuration is appropriate, all the checks pass so we then click Next to continue.
Website Configuration

Verify the following details for website bindings:

HTTP Host HeaderHostname FQDN of the Tachyon Server. In the quick start example this is set to ACME-TCN01.acme.local.
HTTP Port80
HTTPS Host HeaderDNS Name FQDN of the Tachyon Server. In the quick start example this is set to TACHYON.acme.local.
HTTPS Port443
IP Address*

Verify the following service ports:

Workflow port8081
Integrate REST port6002

In the quick start example we click Validate to check that the options are valid and then click Next to continue.

Active Directory and Email

Enter the following:

Active DirectoryGC://
Enable email

Emails are used to inform approvers of pending notifications, and users of pending results expiry.

You should only enable this if you have a working email system which supports SMTP.
SMTP ServerFQDN of your SMTP gateway. In the quick start example this is ACME-EXC01.ACME.LOCAL.
SMTP Port25
Mail FromMail-from email address used by the Tachyon Server when it sends emails to users. In the quick start example this is set to Tachyon@acme.local.
Enable two-factor authentication

Emails are used to send authentication codes to users who submit actions.

ONLY enable this if you have a working email system which supports SMTP.

In the quick start example we click Validate to check that the options are valid and then click Next to continue.

Configuration for 1E Catalog

On this screen you enter the user name and password for the domain account that will be used for the 1E Catalog Update Service.

In the quick start example the account name and password for the domain account ACME\CATSVC are used.

Ready to installHaving entered all the necessary values, click the Install! button to begin the installation.
Installation results

Installation results displays the log messages from the installer as they occur.

Confirm that the installation has succeeded by checking that the concluding log message says: The installer exited and reported successful completion then click Next.

Post-installation checks

Run the post-installation checks by clicking the Start checking button. Confirm that all checks pass.

You can click on the Open link to the right of the Tachyon Portal web application responds check to open the Tachyon Portal.

If you get green ticks all the way down then your Tachyon Server installation has been successful and you can now close the Tachyon Setup wizard by clicking the Close button.

If any of the checks failed you can see more information about the check in the Info column. Which you can then use in combination with the Troubleshooting section to help track down the cause of the issue.

If more detail on the Tachyon Setup wizard is required, see Tachyon Setup in the main Installation section.

You can now choose to launch the Tachyon Portal by browsing to: https://<TachyonDNSName>/Tachyon, where <TachyonDNSName> is the DNS name you have configured for Tachyon in your environment. In our example this is https://tachyon.acme.local/Tachyon.

Tachyon Agents

When installing a Tachyon Agent the following installation settings are mandatory and must be supplied. Other Tachyon Agent configuration settings are optional and have been assigned default values.

The following properties can be entered manually when installing from the Windows Installer wizard. Alternatively, the properties can be included as part of a Windows msiexec command-line launch.

PropertyMandatorySetting
BACKGROUNDCHANNELURLYes

Set to the previously configured Tachyon DNS Name FQDN. You will also need to specify the port and the rest of the background channel URL. By default the port is set to 443. In our example this would be set to:

https://TACHYON.ACME.local:443/Background/

SWITCH

Yes

Set to the previously configured Tachyon DNS Name FQDN. From version 3.1 onwards you will also need to specify the port. By default this is set to 4000. In our example this would be set to:

TACHYON.ACME.local:4000

Here's an example Windows Tachyon Agent installer command-line:

msiexec /i Tachyon-x64.msi SWITCH="tachyon.acme.com:4000" BACKGROUNDCHANNELURL="https://tachyon.acme.com:443/Background/" /qn /l*vx C:\Windows\temp\tachyon-install.log

Example command-line with the Shopping module enabled, and not connected to any Tachyon Server:

msiexec /i Tachyon-x64.msi SWITCH=none BACKGROUNDCHANNELURL=none MODULE.SHOPPING.ENABLED=true MODULE.SHOPPING.SHOPPINGCENTRALURL="http://appstore.acme.local/shopping" MODULE.SHOPPING.LOOPBACKEXEMPTIONENABLED=true /qn /l*vx C:\Windows\temp\tachyon-install.log

Use Tachyon-x64.msi for 64-bit Windows and Tachyon-x86.msi for 32-bit Windows. For non-Windows platforms, platform specific packages for Linux, Solaris and Mac are available.

When installing interactively through the Windows installer wizard, logon using an account that has local administrator rights.

For further details including how to deploy the Tachyon Agent to a non-Windows platform, see Deploying Tachyon Agents in the main Installation section.

Export all responses feature

This step is optional, only if you require this feature. Please refer to Tachyon Server post-installation tasks - Configure the Tachyon Server to support the Export all responses feature for more details.

Configure

Set security roles

After installation you will only be able to log onto the Tachyon Explorer using the installation account. This account is purposefully restricted to just allowing the configuration of security roles. So the first step must be to add other users to access the other capabilities of Tachyon.

Users for administration

We suggest that you add a user or group to handle the administration tasks for your evaluation environment.

Users for performing actions

To perform actions you will need at least two other users. One an actioner and the other an approver, otherwise you won't be able to perform actions.

A Tachyon AD group tutorial

For this quick start guide we use two specific accounts and a security group to assign to the roles we need. You may want to use AD groups to define Tachyon access and we have provided a complete tutorial on adding users and roles via AD groups, on the Configuring Access Rights - tutorial page, which you may find useful.

Configure quick start users

At this point we will configure the user accounts, as listed in Quick start guide user accounts, to their different roles in Tachyon.

Using these accounts the user roles configuration is done via the following steps:

  1. Logon to Tachyon using the installation account. The Tachyon Portal website will be available after installation via the Tachyon DNS Name FQDN, configured during the prepare phase of the quick start. In our quick start environment this is tachyon.acme.local. So the URL for the Tachyon Portal is:

    https://tachyon.acme.local/Tachyon

    The first time you log in the Tachyon applications will be set up.

  2. Initially the installer account has purposefully limited Tachyon permissions and the permissions for this account cannot be modified directly. This means that the account cannot access any of the applications. To resolve this for the quick start guide we need to create a new Tachyon user account for the TCNGAdministrators group and assign global administrator permissions to that user. To do this you need to navigate to the Settings  application page using one of the following methods:
    1. If you're on the home page click on the Settings item. 
    2. If you've already navigated to another application click on the Settings item on the Switch app menu.
  3. Once you're in the Settings application, to add the TCNGAdministrators group Tachyon user:
    1. Expand the Permissions node.
    2. Click on Users to display the Users page.
    3. Click the Add button to display the Add user popup.
    4. Enter some text in the Select user field (for example, TCNG) that matches the required user or group name.
    5. A list of matching users and groups from AD will be displayed. Select TCNGAdministrators and click Add.
  4. To set the global administrators role for the new ACME\TCNGAdministrators Tachyon user:
    1. Click on the new ACME\TCNGAdministrators user name link to display its details.
    2. On the Roles tab click the Edit button to display the Edit roles assigned to user popup.
    3. Select Global Administrators from the list of available roles.
    4. Click the Save button to assign the selected roles to the user.

You can check which users belong to the group by clicking on the Group members tab. In our example you can see that there are two users in the group: TCNAdmin01 and TCNInstaller01. Both of these accounts should now have the Global Administrators role applied.

In our example, to demonstrate this for the logged on TCNInstaller01 account all they need to do is refresh the page in the browser. They now have all the permissions related to the Global Administrator role and will therefore be able to see all of the configuration items in the Settings application and they can also now browse to the Tachyon Explorer application.

Configure verification instructions

The following steps for uploading product packs, creating a new instruction set and moving instructions into an instruction set are illustrated in the animation shown opposite.

Uploading product packs

Before you can do anything with Tachyon, other than administration, you will need to add product packs. These are zip files containing instruction definitions for questions and actions.

  1. Log on to Tachyon with the TCNInstaller01 global administrator account setup during the previous steps.
  2. Open the Settings application.
  3. Navigate to Instructions→Instruction sets.
  4. Click on the Upload button.
  5. In the Open dialog navigate to the location of the 1E-TachyonPlatform.zip file on your local computer.
  6. Select 1E-TachyonPlatform.zip and click Open.

Creating a new instruction set

All the instructions contained in the zip file will initially be added to the default Unassigned instruction set. Instructions in the Unassigned instruction set cannot be used, so first you will need to create a new instruction set with the verification instructions.

  1. Select the instructions you want to add to the new set, by clicking the checkbox at the start of each instruction row in the list.
  2. Click the Add new set button in the button panel to the right of the page.
  3. In the Add new instruction set popup subsequently displayed, type in a suitable name, in our case this will be Verification.
  4. Ensure that the Include 2 selected instructions checkbox is checked.
  5. Click the Add button to add the new instruction set, with the selected instructions.

Use

Using Tachyon

Having configured the users who will access Tachyon we can now go on to demonstrate the basic functionality of Tachyon including: viewing connected devices, asking a question and seeing the responses, requesting to perform an action and the associated approval process.

Viewing connected devices

Perhaps one of the first things you should do after installing and configuring the role-based access to Tachyon is to check what devices are connected. This gives you instant feedback on whether the Tachyon Agent devices have been installed correctly and are able to communicate back to Tachyon.

In our quick start example we log on to Tachyon as TCNInstaller01, and navigate from Settings to Explorer in order to view the Devices page, as shown in the animation opposite. Here, as you can see, all the devices are shown as online so there are no issues.

The quick start example

To illustrate the workflow for asking questions, filtering responses and performing follow-up actions we will use a simple example where we ask the Tachyon Platform verification stage 1 question. We'll then run the Tachyon Platform verification stage 2 action to complete the verification.

Asking a question

The first step in the example is to ask the question and view the responses in the Tachyon Explorer. The question we want to ask is Tachyon Platform verification stage 1. The following steps show how to select and ask the question then view the responses. Still logged on as the TCNInstaller01 account, the steps are shown in the animation opposite and are as follows:

  1. The usual way to run instructions is from the Explorer Home page, click on Home to view the Home page.
  2. Type some letters from the name of the stage 1 question into the Tachyon Explorer field, in our example we type the text verif. This will display a list of questions that match the text. You will see the two instructions; the stage 1 question and the stage 2 action.
  3. Select the Tachyon Platform verification stage 1 question from the list of matches.
  4. The question is added to the explorer window. Depending on the question you may need to set some attributes and for all questions you can set parameters, such as the duration, coverage and question filters. In our example this simple question has no attributes and will be asked of all the devices with no filtering, so we click on the Ask this question button directly.
  5. The question gets asked of all the Tachyon Agent devices. If they are currently connected they will respond immediately. If they are offline they will respond if they connect within the duration of the question. In our example all the devices are currently connected, so the responses come back immediately.

Performing an action

In Tachyon v4.0 you no longer need to ask a question before you can run an action from the Explorer Home page.

To do this:

  1. In the edit field of the Home page type verif and select the Tachyon Platform verification stage 2 action from the list displayed.
  2. Run this action with default parameters by clicking the Perform this action button. Doing this triggers the action approval workflow.
  3. Tachyon will ask you to confirm your user name and password credentials. This is a safeguard to prevent actions from being run on unlocked devices where you are temporarily absent.
  4. By default, if email has been configured, Tachyon provides two-factor authentication - so after the credentials have been set and the Confirm and send button is clicked, you will see that the instruction requires authentication. You will then need to check your email for the authentication code.
  5. After retrieving the authentication code, return to Tachyon and enter it into the prompt. The instruction will then go into a pending approval state and a notification will be sent to the approver. As a further safeguard, Tachyon actions cannot be approved by the person requesting the action. In our example this means that TCNInstaller01 cannot approve their own action, approval must be done by the other user TCNAdmin01.
  6. The approver will receive an email saying that the action is pending their approval. If the approver logs on to Tachyon using the link provided in the email, they will be directed to their Notifications page.
  7. Scrolling to the bottom of the Notifications page the approver gets an opportunity to provide a comment for their approval or rejection decision. If they want to approve the action they must first check the I understand approving my request impacts my IT environment checkbox and then click the Approve button. In our example TCNAdmin01 enters a suitable comment, checks the box and clicks Approve to approve the service start action.
  8. The approver is then immediately notified that their decision has been implemented.
  9. At the same time Tachyon also enables the action to go ahead. In our example the results of running the action are displayed showing that all twelve connected devices responded and were able to run the verification of the background channel.

These steps are illustrated in the animation opposite.

In conclusion

In this quick start guide we've shown how to configure an example environment, how to implement the Tachyon Server and Agents onto the environment, how to configure the Tachyon users and import product packs. Finally we've shown those users accessing the Tachyon Explorer to investigate the devices that are currently connected and then asking a question and performing and approving an action.

Next Steps

Using the Explorer and Settings applications

If you have not already looked at the documention for the Settings or Explorer applications, please refer to Using Settings and Using Explorer.

You can download product packs containing more instructions from the Tachyon Exchange, and ask questions in Tachyon Forum.

Creating your own instructions

If you want to develop your own custom Tachyon instructions, or modify those of other authors, then you will need to sign them using your own code signing certificate so that they can be licensed, imported and run in your Tachyon system. You don't need to do this for instructions that are provided with the product or that have been downloaded from the Tachyon Exchange as they've already been code signed and licensed using the Platform and Exchange certificates from 1E.

Ideally all of your Tachyon instruction developers should share a single code signing certificate between them. Each code signing certificate must be registered in your Tachyon license and associated with your organisations instruction name prefix. When you have chosen your prefix and have your code signing certificate(s) you then need to send details of these to 1E, who will update your Tachyon license. This will then automatically activate on your Tachyon Server (assuming it has connection to the Internet).

For a detailed step-by-step process, please refer to Setting up custom Tachyon Instructions for the first time.

The Tachyon SDK is where you can find comprehensive resources for using Tachyon Instruction Management Studio (TIMS) and authoring your instructions.

Using Patch Success

To configure Patch Success please refer to Configuring Patch Success. The steps described there get you started and verify it's working.

Using Guaranteed State

To configure Guaranteed State please refer to Configuring Guaranteed State

The steps described there get you started and verify it's working.

Using Configuration Manager Console Extensions

If you have Microsoft System Center Configuration Manager (SCCM, ConfigMgr) then you can install the Tachyon toolkit on each computer that has Configuration Manager Console installed, in order to add right-click tools. Please refer to to The Tachyon Toolkit