Exercise Overview:

Installing and Configuring Tachyon Prerequisites


Tachyon has a few prerequisites which need to be installed before the server components can be installed. The installer will install the server roles and features via PowerShell scripts, however there are a few other prereqs we need to account for.
In this lab, you will learn how to install and configure the server upon which we will install all the Tachyon components.


In a production environment, Tachyon can scale to 250,000 connections on a single server. It is possible to have a split installation with different Tachyon components being installed on separate servers.

Create a DNS Alias

Each server that has Tachyon Stack components installed requires its own DNS Alias (with the exception of a remote SQL Server). Just one DNS Alias is required when using a single-Switch installation. This is used by Tachyon users, approvers and administrators to connect to the Explorer and Admin portals, and by Tachyon Agents to connect to the Switch and Background Channel. Therefore, it should have a convenient name such as Tachyon.<domainname>.com.
1ETRNDC
  1. On 1ETRNDC logon as 1ETRN\administrator. Search for DNS from the Start page
  2. Open DNS manager, expand 1ETRNDC> Forward Lookup Zones and select 1ETRN.LOCAL
  3. Select the Action menu and select New Alias (CNAME)…
  4. In the Alias name field, type TACHYON


DNS aliases are not case sensitive, so you can use lower case, upper case or any combination.
  1. In the Fully qualified domain name (FQDN) for target host, type 1ETRNAP.1ETRN.local
  2. Click OK

Your windows should look like this

  1. Open a CMD prompt and run Ping tachyon. Validate that it resolves to 1etrnap.1etrn.local (10.0.0.4)

Create a web certificate for the Tachyon website

Each server that has Tachyon Server components installed requires its own Web Server certificate (except for a remote SQL Server). This certificate must be enrolled prior to installation of Tachyon on the server. In this task, we will create a web server template for use with Tachyon, and then enroll the Tachyon server with the certificate.


1ETRNCM
In our lab, a CA has been installed and configured on 1ETRNCM. PKI is a complex subject, and different enterprises will have different configurations, or even use external certificates. Thus, PKI training is out of scope for this course.
  1. Log onto 1ETRNCM as 1ETRN\administrator
  2. Make sure to type in 1ETRN\administrator. Just inputting administrator will cause you to log in as the local administrator on the server and you will not be able to create the certificate template.
  3. From the start menu, launch Certification Authority
  4. Expand 1ETRN-1ETRNCM-CA. navigate to Certificate Templates
  5. Right-click on Certificate Templates and click Manage
  6. Within the Certificate Templates Console, locate the Web Server template
  7. Right-click on the Web Server template and select Duplicate Template
  8. On the General tab, enter Tachyon Web Server as the Template display name
  9. The display name of the template is not relevant, however in an environment where many different certificates are being used for different things, it is always prudent to name the templates in an easily identifiable manner.
  10. On the Request Handling tab, check Allow private key to be exported
  11. On the Security tab, click the Add button
  12. Click the Object Types button, and check Computers
  13. Type 1ETRNAP in the Enter the object names to select box and click the Check Names button
  14. Ensure 1ETRNAP has resolved. Click Ok
  15. Ensure 1ETRNAP has Read access. Check the Allow box for Enroll
  16. Click OK to save the template. Validate that the Tachyon Web Server template now exists in the Certificate Templates Console
  17. Close the Certificate Templates console and return to the Certificate Authority console
  18. Right-click on Certificate Templates, and select New > Certificate Template to Issue
  19. Select the Tachyon Web Server template and click OK
  20. Validate that the Tachyon Web Server template is now visible in the Certificate Templates space
  21. Close the CA console
  22. Restart the server
  23. Rebooting the server is not something required specifically for certificates and would not be a required step in a production environment. However, due to the boot sequence in Skytap, there is a chance when attempting to enrol the certificate on 1ETRNAP the process will fail due to the CA server being unavailable. We are going to reboot the server to avoid that possible error.

Requesting the Web Certificate on the Tachyon server

1ETRNAP
  1. Restart 1ETRNAP
  2. Log into 1ETRNAP as 1ETRN\AppInstaller
  3. From the start menu, type Cer, and click on Manage computer certificates
  4. In the Computer Certificates console, right-click on Personal and select All Tasks > Request New Certificate
  5. In the Certificate Enrollment wizard, on the Before You Begin page, click Next
  6. On the Select Certificate Enrollment Policy page, click Next
  7. On the Request Certificates page, note that two certificates are available
  8. You will see a warning under the Tachyon Web Server certificate. This certificate needs to be configured before it can be enrolled onto the personal certificate store.
  9. Under the Tachyon Web Server certificate, click on the link in blue next to the warning symbol. This will open Certificate Properties
  10. In the Subject name field, change the Type to Common name
  11. Enter tachyon.1etrn.local in the Value box. Click the Add button
  12. In the Alternate name field, change Type to DNS
  13. Enter tachyon.1etrn.local in the Value field. Click the Add button
  14. Enter 1ETRNAP.1etrn.local in the Value field. Click the Add button

Double check the values inputted in the fields here. If they are not accurate, the certificate will not work properly, and the Tachyon installation will fail.

  1. On the General tab of the Certificate Properties, input Tachyon Web Certificate in the Friendly Name space
  2. On the Private Key tab, expand Key options and ensure Make private key exportable is checked
  3. Click OK to close the Certificate Properties
  4. Note that the warning under the Tachyon Web Certificate is no more.
  5. Select the Tachyon Web Server certificate and click Enroll. Once enrolled, click Finish
  6. In the Certificates console, expand Personal > Certificates, and validate that the certificate has been added

Lab Summary

In this lab, we managed the manual prerequisites required to install Tachyon. We set up a DNS alias to be used by Tachyon internally and externally, and we created a copy of the web certificate template and enrolled it on our Tachyon server. In the next lab, we will see the installer manage the remaining prerequisites.


Next Page
Ex 2 - TCN Opr v5.0 - Installing Tachyon