Contents
-
Introducing Tachyon
-
Quick Start
-
Implementing Tachyon
-
Using Settings
-
Using Explorer
-
Using Guaranteed State
-
Using Inventory
-
Using Experience
-
Using Patch Success
-
Troubleshooting
-
Extending Tachyon
-
Training
-
Tachyon Operator v5.0 Lab Guide
-
Ex 1 - TCN Opr v5.0 - Installing and Configuring Tachyon Prerequisites
-
Ex 2 - TCN Opr v5.0 - Installing Tachyon
-
Ex 3 - TCN Opr v5.0 - Exploring the Settings Application
-
Ex 4 - TCN Opr v5.0 - Instruction Sets and Management Groups
-
Ex 5 - TCN Opr v5.0 - Working with Instructions
-
Ex 6 - TCN Opr v5.0 - Working with Patch Success
-
Ex 7 - TCN Opr v5.0 - Working with Inventory
-
Ex 8 - TCN Opr v5.0 - Using Guaranteed State
-
Ex 9 - TCN Opr v5.0 - Microsoft Configuration Manager Integration
-
Ex 10 - TCN Opr v5.0 - Creating Instructions and Fragments Using TIMS
-
Ex 11 - TCN Opr v5.0 - Working with Experience
-
Ex 1 - TCN Opr v5.0 - Installing and Configuring Tachyon Prerequisites
-
Tachyon Advanced v5.0 Lab Guide
-
Tachyon - Nomad as Content Provider Lab Guide
-
Tachyon Operator v5.0 Lab Guide
-
Reference
Exercise Overview:
Installing and Configuring Tachyon Prerequisites
Tachyon has a few prerequisites which need to be installed before the server components can be installed. The installer will install the server roles and features via PowerShell scripts, however there are a few other prereqs we need to account for.
In this lab, you will learn how to install and configure the server upon which we will install all the Tachyon components.
In a production environment, Tachyon can scale to 250,000 connections on a single server. It is possible to have a split installation with different Tachyon components being installed on separate servers.
Create a DNS Alias
Each server that has Tachyon Stack components installed requires its own DNS Alias (with the exception of a remote SQL Server). Just one DNS Alias is required when using a single-Switch installation. This is used by Tachyon users, approvers and administrators to connect to the Explorer and Admin portals, and by Tachyon Agents to connect to the Switch and Background Channel. Therefore, it should have a convenient name such as Tachyon.<domainname>.com.
1ETRNDC
- On 1ETRNDC logon as 1ETRN\administrator. Search for DNS from the Start page
- Open DNS manager, expand 1ETRNDC> Forward Lookup Zones and select 1ETRN.LOCAL
- Select the Action menu and select New Alias (CNAME)…
- In the Alias name field, type TACHYON
DNS aliases are not case sensitive, so you can use lower case, upper case or any combination.
- In the Fully qualified domain name (FQDN) for target host, type 1ETRNAP.1ETRN.local
- Click OK
Your windows should look like this
- Open a CMD prompt and run Ping tachyon. Validate that it resolves to 1etrnap.1etrn.local (10.0.0.4)
Create a web certificate for the Tachyon website
Each server that has Tachyon Server components installed requires its own Web Server certificate (except for a remote SQL Server). This certificate must be enrolled prior to installation of Tachyon on the server. In this task, we will create a web server template for use with Tachyon, and then enroll the Tachyon server with the certificate.
1ETRNCM
In our lab, a CA has been installed and configured on 1ETRNCM. PKI is a complex subject, and different enterprises will have different configurations, or even use external certificates. Thus, PKI training is out of scope for this course.
- Log onto 1ETRNCM as 1ETRN\administrator
- From the start menu, launch Certification Authority
- Expand 1ETRN-1ETRNCM-CA. navigate to Certificate Templates
- Right-click on Certificate Templates and click Manage
- Within the Certificate Templates Console, locate the Web Server template
- Right-click on the Web Server template and select Duplicate Template
- On the General tab, enter Tachyon Web Server as the Template display name
- On the Request Handling tab, check Allow private key to be exported
- On the Security tab, click the Add button
- Click the Object Types button, and check Computers
- Type 1ETRNAP in the Enter the object names to select box and click the Check Names button
- Ensure 1ETRNAP has resolved. Click Ok
- Ensure 1ETRNAP has Read access. Check the Allow box for Enroll
- Click OK to save the template. Validate that the Tachyon Web Server template now exists in the Certificate Templates Console
- Close the Certificate Templates console and return to the Certificate Authority console
- Right-click on Certificate Templates, and select New > Certificate Template to Issue
- Select the Tachyon Web Server template and click OK
- Validate that the Tachyon Web Server template is now visible in the Certificate Templates space
- Close the CA console
- Restart the server
Make sure to type in 1ETRN\administrator. Just inputting administrator will cause you to log in as the local administrator on the server and you will not be able to create the certificate template.
The display name of the template is not relevant, however in an environment where many different certificates are being used for different things, it is always prudent to name the templates in an easily identifiable manner.
Rebooting the server is not something required specifically for certificates and would not be a required step in a production environment. However, due to the boot sequence in Skytap, there is a chance when attempting to enrol the certificate on 1ETRNAP the process will fail due to the CA server being unavailable. We are going to reboot the server to avoid that possible error.
Requesting the Web Certificate on the Tachyon server
1ETRNAP
- Restart 1ETRNAP
- Log into 1ETRNAP as 1ETRN\AppInstaller
- From the start menu, type Cer, and click on Manage computer certificates
- In the Computer Certificates console, right-click on Personal and select All Tasks > Request New Certificate
- In the Certificate Enrollment wizard, on the Before You Begin page, click Next
- On the Select Certificate Enrollment Policy page, click Next
- On the Request Certificates page, note that two certificates are available
- Under the Tachyon Web Server certificate, click on the link in blue next to the warning symbol. This will open Certificate Properties
- In the Subject name field, change the Type to Common name
- Enter tachyon.1etrn.local in the Value box. Click the Add button
- In the Alternate name field, change Type to DNS
- Enter tachyon.1etrn.local in the Value field. Click the Add button
- Enter 1ETRNAP.1etrn.local in the Value field. Click the Add button
You will see a warning under the Tachyon Web Server certificate. This certificate needs to be configured before it can be enrolled onto the personal certificate store.
Double check the values inputted in the fields here. If they are not accurate, the certificate will not work properly, and the Tachyon installation will fail.
- On the General tab of the Certificate Properties, input Tachyon Web Certificate in the Friendly Name space
- On the Private Key tab, expand Key options and ensure Make private key exportable is checked
- Click OK to close the Certificate Properties
- Select the Tachyon Web Server certificate and click Enroll. Once enrolled, click Finish
- In the Certificates console, expand Personal > Certificates, and validate that the certificate has been added
Note that the warning under the Tachyon Web Certificate is no more.
Lab Summary
In this lab, we managed the manual prerequisites required to install Tachyon. We set up a DNS alias to be used by Tachyon internally and externally, and we created a copy of the web certificate template and enrolled it on our Tachyon server. In the next lab, we will see the installer manage the remaining prerequisites.