SummaryAn overview of all the Tachyon features and enhancements.
Tachyon provides a Tachyon Setup that installs all of the separate parts of the Tachyon Platform using their individual installers. It is used to validate a server prior to running the installers, and supports a range of configurations as described in Design Considerations - Tachyon Setup configuration choices.
Tachyon Agent installation packages are also provided for Windows and for supported non-Windows OS.
The Explorer application gives you the ability to investigate, remediate issues and manage operations across all your endpoints in real-time. For more information please refer to the Using Explorer section of this documentation.
Here's an overview of the features available in the Explorer application.
Questions, actions and their responses
Tachyon lets you question the devices on the network directly and, based on the responses, run any associated actions.
Questions, actions and responses are presented to the user via the Tachyon Explorer, a web-based portal that lets Tachyon users interact with Tachyon and its agents.
The questions, responses and actions feature includes:
- Graphical display of response information
- Instruction impact assessment
- Response history.
Exporting data from Explorer
Results visible in Explorer can be exported to files containing comma-separated values (CSV) or, in the case of the Export all option on the instruction response page, tab-separated values (TSV), and results can be marked for export at the point of asking a question to automate the process. Explorer lets you export the data on a number of pages to CSV files:
- Instruction history
- Responses - you can export a single page or all results once the Instruction has finished gathering responses - these can then be used for auditing purposes or to drive external programs
- Drill-down responses
- Device information
For more information on exporting data from Explorer please refer to:
Coverage, question filters, view filters and follow-on instructions
Questions and responses can be tailored to focus on specific ranges of device through the use of coverage and filters:
- Coverage acts first to let you restrict the devices that will be asked a given question
- Question filters act before devices have responded to narrow the responses that are sent
- View filters act after the responses have been sent to focus the responses presented to the user and to determine the input into the follow-on instructions
The responses to initial questions can be further refined by asking follow-on questions or actions, allowing Tachyon questioners and actioners to focus in on the results they want to see.
For more information on coverage, question filters, view filters and follow-on instructions please refer to:
To enhance the safety of running actions in the Tachyon system, there is an approval workflow that ensures that every Tachyon action requires the approval of designated approvers before it can be run. To make it even safer, someone with approval permissions cannot approve their own action.
When an attempt is made to run an action the Tachyon approval workflow sends an email and a Tachyon notification to all the approvers associated with the action. Any of the approvers may approve or reject the request to run the action.
Users must provide their user credentials when attempting to run an action, this prevents unauthorised access by a third-party attempting to make use of an unattended computer.
Actions can also be configured to require two-factor authentication, where the user attempting to run an action is challenged to enter a unique, one-time Tachyon authorization code that has been sent to them via an alternative method - such as email or via a registered mobile.
For more information on authentication please refer to:
Task-based organization for accessing and scheduling instructions
Tachyon provides a way of accessing the questions and actions that is organized around the way that network administrators typically interact with their network. This interface also lets you run the Instruction using a schedule.
The Explorer→Instructions→Tasks page in Tachyon Explorer provides a structured view of the instructions defined in the product packs. It also lets you schedule the tasks so they can be run in the future or according to a particular schedule.
Using task groups
The benefit of using Tasks lies in the task group structure that is defined in the product packs. It is this structure that enables you to focus in on specific task areas to find the particular instruction that you want.
For example you may be interested in instructions related to particular software vendor's products. Depending on the Instructions that you have uploaded to your Tachyon system you may see the following structure:
- At the top-level there is a Software Vendors task group whose children are 1E and Microsoft.
- Underneath the 1E task group there is a Tachyon group that contains Configuration, Diagnostics and Verification groups as well as a couple of Instructions.
- Underneath the Microsoft task group is the Configuration Manager task group containing Instructions related to that product.
Inventory and connectivity
The Devices page in the Tachyon Explorer shows you all the devices that have connected with Tachyon and their current connection status. There are two views provided that let you research the devices: the devices table and the devices dashboard, please refer to Checking inventory and connectivity - The Devices table and Checking inventory and connectivity - The Devices dashboard for more details.
Guaranteed State features
The Guaranteed State application gives you the ability to ensure endpoint compliance to enterprise IT policies. For more information please refer to the Using Guaranteed State section of this documentation.
Here's an overview of the features available in the Guaranteed State application.
Policies and Rules
The Guaranteed State of an endpoint is enforced by the Tachyon Agent at the endpoint. One or more policies are deployed to endpoints according to the management groups the endpoints belong to. Each policy consists of one or more rules that are either check rules or fix rules:
- Check rules - allow you to verify that an endpoint has a particular state, such as a registry key having a specific value. You can then view summary and detail reports which show endpoints which are compliant and not compliant with the check rules
- Fix rules - allow you to define a desired state for the endpoint and then enforce that state. For example, you could mandate that a registry key exists and contains a specific value. Again, you can report on the application of these fix rules to endpoints.
For an explanation of management groups, please refer to the Management groups page. Management groups allow endpoints to be flexibly grouped, based on management group rules. This means you can easily administer endpoints based on, for instance, their Active Directory Organisational Unit, or their operating system version, or any other criteria supported by the management group rules.
For more information on policies and rules please refer to:
The Guaranteed State Overview page
The Overview page lets you view the current state of your enterprise in terms of the devices and policies that have been defined and applied. It consists of a number of charts that let you monitor the state in real-time.
For more information on the Guaranteed State Overview page please refer to:
Guaranteed State Reports
The Guaranteed State application provides three reports that let you view the details for the currently defined Policies, Rules and Devices. The information in these reports is consolidated into the Guaranteed State Overview page charts.
For more information on the Policies, Rules and Devices reports pages please refer to:
Guaranteed State provides a Devices page where you can view the currently connected devices. On this page you can also select one or more of the devices and click an Explore button that launches the Explorer application. You can then run an instruction using the selected devices as the coverage for the instruction.
For more information on exploring devices please refer to:
Device criticality is an attribute of a device that defines its importance within an organisation. As defined by default in Tachyon, criticality has the following settings
- Undefined (or not set).
At present, criticality settings do not affect the primary operation of Guaranteed State. However it is possible to use Tachyon to set device criticality and to view it within Guaranteed State.
Tachyon also supports the use of the criticality setting when defining coverage for an instruction. For example, you can target an instruction to be sent only to devices whose criticality is not 'Critical'
For more information on device criticality please refer to:
Patch Success features
The Patch Success application lets you maximize enterprise-wide patch deployment success. For more information please refer to the Using Patch Success section of this documentation.
Here's an overview of the features available in the Patch Success application.
The overview page contains three charts that show the current device patch status, the security updates by severity level and patch performance across all the devices connected to Tachyon.
The charts are interactive letting you easily drill-down into details on specific items in the display.
For more information on the Overview page please refer to:
The Patches page shows a full list of patches that are applicable to devices within your estate and you can select an individual patch to view its details. From this page you can also launch the Explorer application with the coverage set to the selected devices.
For more information on the Patches, Patch installations and Patch details page please refer to:
The Settings application lets you configure Tachyon system and application settings. For more information please refer to the Using Settings section of this documentation.
Here's an overview of the features available in the Settings application.
Instructions, product packs, Instruction sets and permissions
Tachyon lets you investigate your network using questions and actions, which are collectively known as Instructions.
You can load Instructions into Tachyon, either individually or via a Product Pack, which is essentially a zip file containing one or more Instructions. Tachyon comes with a range of pre-framed questions and actions in the form of product packs, providing extensive out-of-the-box capabilities that can be extended as new and updated product packs are made available.
Tachyon permissions for the Instructions are handled using Instruction sets. You create Instruction sets, then define roles which specify particular permissions on those sets and then assign the roles to users. Each Instruction is only allowed to reside in one Instruction Set, which associates it with a role and thereby the users that have that role and can run the Instruction. The roles have associated Management groups that determine the devices that users with the role have access to.
When Instructions are loaded into Tachyon they are placed in the default Unassigned Instruction Set, so you must move them into previously created Instruction sets before they can be run.
Connectors are used to connect to other 1E and third party systems and populate repositories. When more than one connector to different data sources are used, the information from those different data sources is de-duplicated and normalized into a single cohesive view that is then stored in a repository. In this way you can use the data from different sources to augment each other and build a better picture of "what's out there?". For example, you can sync inventory data from Configuration Manager into an inventory repository, which will fetch information about your Windows devices. You could then augment that with inventory data synced from Tachyon which could include information about non-Windows devices where the Tachyon agent has been installed.
For more information on connectors please refer to:
The following connectors are supported:
- BigFix connector — Connects to a BigFix Inventory database server.
- BigFixInv connector — Connects to a BigFix Inventory database.
- File Upload connector — Uploads inventory data from a folder containing tab (TSV) and comma (CSV) separated value file(s).
- Oracle LMS connector — Connects to Oracle LMS and queries it for inventory information.
- ServiceNow connector — Connects to a ServiceNow instance to import basic inventory data into SLA Platform.
- System Center Configuration Manager connector — Connects to a Configuration Manager database and pulls in inventory and usage data.
- Tachyon connector — Connects the Tachyon and SLA Platform components to support Management group and Tachyon Powered Inventory features.
- vCenter connector — Connects to a vCenter server and pulls in inventory data.
- Windows Server Update Services connector — Connects to a WSUS database and pulls in patch data.
Repositories are used by applications to process and store information. For example the Patch Success application uses both an inventory and a BI repository to process the information needed to report on how successful patching is in your enterprise. Normally a connector is used to connect a data source to an appropriate repository.
Repositories are also useful when you want to segregate different types of data. For example, you could have one inventory repository for Configuration Manager inventory data, and another one for BigFix data. Alternatively, you can have connectors to different inventory sources pushing data into one repository. Any Management Groups that you create will span all the repositories you have.
For more information on managing repositories please refer to:
Custom properties are generally associated with Explorer and can be used when setting coverage tags to target Instructions to particular devices. The custom properties must be defined by a custom properties administrator before they can be used to tag devices or used to set the coverage of Instructions.
This is done from the Settings→Configuration→Custom properties page, which can be viewed by users with any of the following roles:
- Global Administrators
- Custom Properties Administrators.
For more information on managing and using custom properties please refer to:
Schedules can be created to execute specific operations on repositories in Tachyon so that they are kept up to date with their data sources and processing. These operations include:
- Syncing data sources to repositories using connectors
- Processing the BI data cube.
Repository schedules are different to Instruction schedules that can be set in Explorer.
For more information on setting schedules please refer to:
Consumers, Applications, Components and Providers
There are pages in the Settings application for each of these. They are described in the following table:
These can access Tachyon using the Tachyon Consumer API. To enhance the security of the Tachyon system, only consumers that have been registered on the Settings→Configuration→Consumers page will be allowed to access Tachyon.
|Applications||Features of Tachyon that are hosted in the Tachyon Portal. Applications are generally Consumers as they need to interact with Tachyon using the Tachyon API. These are available on the Switch App menu.|
|Components||These form part of SLA and cannot be changed or altered by a user. These can be viewed using the Settings→Configuration→Components page.|
|Providers||These are components that can be configured to provide a particular operation in SLA. These can be viewed and configured using the Settings→Configuration→Providers page.|
Information on your Tachyon license is available, as well as the ability to re-activate it following an update.
You can view information on the Tachyon system information for the Consumer, Coordinator, Background channel, Core and Switch.
Monitoring log files
The monitoring pages let you view how Tachyon is performing its tasks. Four key log pages are provided:
|Process log||Whenever you execute a sync or process a repository the steps are displayed here. This page is updated in real-time and shows the status of each step as it happens.|
|Sync log||The results of performing a sync are displayed here.|
|Infrastructure log||Information on the Tachyon infrastructure is displayed here, such as: license status and instruction workflow.|
|Audit information log||This page displays information on the Instructions that have been run in Explorer. This includes the instruction text and the user that requested it.|
Defining users and roles
Tachyon users or groups can be added from AD. They can be assigned roles that determine what aspects of Tachyon they can access. Custom roles can be created that let you associate particular permissions on particular Instruction sets for particular management groups.
Management groups use inventory-based rules to define groups of particular devices, they are implemented in SLA and then made available to Tachyon applications and other consumers. After a management group is defined, each time the inventory is updated the device membership of the groups is re-evaluated by applying the management group's rules to the new inventory.
Custom roles can be created that tie particular Instruction sets to particular management groups. This means you can not only set the permissions for users to access the Instructions in specific Instructions sets, you can also determine which devices they can target using those Instructions.
Once defined, management groups can then be used to set the coverage for Instructions in Explorer and also which devices can be targeted by particular users. Management groups are also used by the Patch success and Guaranteed state applications to determine which devices are being targeted.
Uploading Instructions into Tachyon and creating Instruction sets
You determine the capabilities of Explorer by uploading Instructions from product packs into Tachyon. Product packs are either provided with the release or downloaded from the Tachyon Exchange. Once the Instructions have been uploaded into Tachyon you then need to put them into Instruction sets. The Instruction sets can then be associated with custom roles to determine the permissions applied to the Instructions. The custom roles are then applied to users to determine which Instructions each user has access to.
The Tachyon Agent
Tachyon enables rapid response to instructions using the Tachyon Agent, which supports the retrieval of information, running actions and device tagging. The Agent can also be extended to support additional features. On Windows OS, the Agent is installed as a service, with a small footprint.
Tachyon Agent Historic Data Capture
On Tachyon Windows Agent devices Tachyon continuously captures events, which enables Tachyon to capture all significant events as they happen. This should be contrasted with polling, which to a certain degree relies on luck to capture conditions that are brief enough to fall between polls. In this way Tachyon Agent Historic Data Capture compares with the Windows Task Manager or Perfmon. Tachyon captures the data to a compressed and encrypted database to ensure that it has a very low impact on device performance and security.
System status bar and notification area
Tachyon includes a system status bar that displays the number of Tachyon instructions in progress and current and historical connectivity information for the total number of devices connected to Tachyon.
The notification area provides information on the logged on user or administrator and access to their notifications.
Tachyon uses certificates on the Tachyon Server and Tachyon Agent devices to maintain the security of the system. Any custom Instructions must be code-signed with a certificate that has been registered in your 1E license before they can be run in Tachyon.
The certificates feature includes:
Support for Cryptographic Next Generation certificates
Upgrade to latest version of OpenSSL v1.0.2h
Security to enforce Tachyon Agent device certificates
Tachyon can integrate with 3rd party products. It integrates seamlessly with Microsoft System Center Configuration Manager, it can use 1E Nomad to add content download capabilities, provides a fully-featured consumer API and can even be used as a response delivery mechanism by 3rd party applications.
Tachyon provides a dedicated page where the 3rd party consumers can be enabled and managed by Tachyon Consumer Administrators, as described in Consumers.
Microsoft System Center Configuration Manager console integration
Configuration Manager users can use all the features of Tachyon from within the Configuration Manager console.
- Run questions and actions that target the devices in Configuration Manager collections.
Agent integration with 1E Nomad to enable efficient download of content
Tachyon can leverage the features of the industry-respected 1E Nomad to enable content to be downloaded to the Tachyon Agent device. Using 1E Nomad provides the following benefits:
- Significantly reduces the bandwidth required for delivering software
- Small offices or sites connected via poor network links can receive software updates more reliably
- Reduces the need for large numbers of Configuration Manager servers
- Faster Configuration Manager implementations because fewer servers are required
- Distribute software to home, mobile and remote office users
- Low cost – easy to deploy
- No new infrastructure or skills required
- Reduces software distribution costs
The feature is a set-and-forget option on the Tachyon Agent. By default it is enabled and means that Tachyon will automatically use Nomad to download content if it is installed on the Tachyon Agent device (Nomad is currently supported on Windows devices only). The prerequisites for using Nomad are given on Supported Platforms. The options for configuring Nomad integration are NomadContentDownloadEnabled and NomadContentDownloadTimeoutSecs in the Tachyon Agent configuration file.
Tachyon consumer API
Tachyon implements a complete API for controlling the questions, answers, responses and workflows that implement the Tachyon features for third-party applications including ServiceNow.
The Tachyon API feature includes:
- Consumer API versioning
- Improved version and error reporting support in Consumer API
- Extended RBAC API extensions for consumers
Tachyon can offload responses directly to 3rd party applications
Tachyon can be used as the means to gather data for 3rd party applications. Using its fast response time to gather the data it then be configured to pass the data on without storing it locally. The offloading is configured for each consumer on the Consumers page. To use this feature the consumer must be configured to use the offloaded responses data.