Contents
-
Introducing Tachyon
-
Quick Start
-
Implementing Tachyon
-
Using Settings
-
Using Explorer
-
Using Guaranteed State
-
Using Inventory
-
Using Experience
-
Using Patch Success
-
Troubleshooting
-
Extending Tachyon
-
Training
-
Tachyon Operator v5.0 Lab Guide
-
Ex 1 - TCN Opr v5.0 - Installing and Configuring Tachyon Prerequisites
-
Ex 2 - TCN Opr v5.0 - Installing Tachyon
-
Ex 3 - TCN Opr v5.0 - Exploring the Settings Application
-
Ex 4 - TCN Opr v5.0 - Instruction Sets and Management Groups
-
Ex 5 - TCN Opr v5.0 - Working with Instructions
-
Ex 6 - TCN Opr v5.0 - Working with Patch Success
-
Ex 7 - TCN Opr v5.0 - Working with Inventory
-
Ex 8 - TCN Opr v5.0 - Using Guaranteed State
-
Ex 9 - TCN Opr v5.0 - Microsoft Configuration Manager Integration
-
Ex 10 - TCN Opr v5.0 - Creating Instructions and Fragments Using TIMS
-
Ex 11 - TCN Opr v5.0 - Working with Experience
-
Ex 1 - TCN Opr v5.0 - Installing and Configuring Tachyon Prerequisites
-
Tachyon Advanced v5.0 Lab Guide
-
Tachyon - Nomad as Content Provider Lab Guide
-
Tachyon Operator v5.0 Lab Guide
-
Reference
Working with Instructions
Now that we have added a Product Pack and analysed the inner working of the Instruction, we will add more Instructions and begin working with Tachyon. The Instructions we add will provide different functionality in terms of questions we can ask as well as actions we can take.
Work with Instructions
Adding Instructions via Product Packs
- Launch the SkyTap Shared Drive shortcut on the desktop and navigate to 1E Tachyon - Course Content\Tachyon 5.0 Course Content\
- Download and copy the Icons.zip folder to c:\temp\ right click and extract all
- Also download and copy the 1E Tachyon - Course Content\Tachyon 5.0 Course Content\AdditionalProductPacks.zip to c:\temp and extract the contents
- Launch the Settings Application from the Tachyon Portal if not already open
- Click on the Instructions node and then select Instruction Sets
- Click on the Upload button at the top right
- Navigate to C:\Temp\tachyonplatform.v5.0.0.592\ProductPacks\Classic and select 1E-Patch-Success.zip. Click Open
- There will be 3 instructions in the Unassigned Instruction Set, Select the 3 instructions
- Click Add new set
- In the Add new instruction set box type Patch Success in the Name field
- Click Choose file in the Custom Icon box. Navigate to c:\temp\icons and select Tachyon.png
- Click Open. Click Add
- Click the Upload button again
- In the Open dialog box navigate to C:\Temp\tachyonplatform.v5.0.0.592\ProductPacks\Classic and multi-select 1E-ConfigMgrConsoleExtensions.zip, 1E-Explorer-TachyonAgent.zip, and 1E-Explorer-TachyonCore.zip Click Open
- Ensure that the Instructions are successfully verified and installed. Navigate to the Recent Uploads tab to see status
- Click on Upload again navigate to c:\temp\AdditionalProductPacks
- Multi-select 1E-Explorer-1ECore.zip and 1E-Explorer-Examples.zip Click Open
- Ensure that you now have 197 instructions in your unassigned instruction set
- If you see the Errors count go above zero, ping your instructor to troubleshoot
- Navigate to c:\programdata\1E\Tachyon and open Tachyon.ConsumerAPI.log
- Search for Uploaded in the log and note all the Instruction uploaded
Managing Instructions in Sets
The Product Packs have a varying number of Instructions within them. Once imported into Tachyon, we must group them into Instruction Sets before we can use them. In this exercise we will group the Instructions into Instruction Sets to demonstrate the process. In the next exercise we will use the Product Pack Deployment Tool to perform a bulk import of product packs.
- Return to the Settings Application and navigate to Instructions – Instruction Sets. In the Instruction set pane, click the Unassigned Instruction Set and then click the plus sign + at the end of the sort by field but in front of Unassigned
- Type in Processes in the Name field. In the custom icon field click on Choose File. Navigate to c:\temp\icons. Click the Process.png Click Open. Click Add
- Select the Unassigned Instruction Set to review all the uploaded Instructions
- In the Search field under the name of the instruction set (Unassigned), type Process into the filter box
- In the lower right click on the 50 button to show additional rows
- Click Select All and click on Move in the right panel. Drop down to the Processes Instruction Set and click Move
- Create an Instruction Set named Services
- Add a custom icon from c:\temp\icons\service.png
- Select the Unassigned Instruction Set in the Instruction Sets pane
- From the Instructions pane, type Service into the filter box
- Move the services related Instructions into the Services Instruction set
- Create an Instruction Set named Registry
- Add a custom icon from c:\temp\icons\registry.png
- Select the Unassigned Instruction Set in the Instruction Sets pane
- From the Instructions pane, type Registry into the filter box
- Move the Registry related Instructions into the Registry Instruction Set
- Create an Instruction Set named 1E Client
- Add a custom icon from c:\temp\icons\Tachyon.png
- Select the Unassigned Instruction Set in the Instruction Sets pane
- From the Instructions pane, type Tachyon Agent into the filter box
- Move the Tachyon Agent related Instructions into the 1E Client Instruction Set
- From the Instructions pane, type 1E Client into the filter box
- Move the 1E Client related Instructions into the 1E Client Instruction Set
- Select the Unassigned Instruction Set and in the Search field type in Operating System
- Select all the instructions and then Click the Add new set box at the right to create a New Instruction Set
- In the Add new Instruction Set box Name field type OS
- Add a custom icon from c:\temp\icons\Win10.png
- Ensure that the box is checked to Include the X number of Selected Instructions
- Click Add
- Create an Instruction Set named ConfigMgr
- Add a custom icon from c:\temp\icons\sccm.jpg
- From the Instructions pane, type ConfigMgr into the filter box
- Move the CM related Instruction into the ConfigMgr Instruction Set
- After searching for ConfigMgr also search for SCCM and move those instructions into the ConfigMgr instruction Set
- Create an Instruction Set named Tags
- Click on the Unassigned instruction set. Type Coverage Tag in the search box
- Move these instructions to the Tags Instruction Set
- Do another search for Freeform Tag
- Move all the Tag related instructions to the Tags Instruction Set
- Create an Instruction Set named Quarantine
- Click on the Unassigned instruction set. Type in Quar and move all the Quarantine related instructions to the Quarantine Instruction Set
- Create an Instruction Set named Device Criticality
- Click on the Unassigned instruction set. Type in Critical in the search field
- Move the 2 instructions for Device Criticality to the Device Criticality Instruction Set
- Now that we've added instructions to Tachyon and organized them into Instruction Sets, we are ready to begin engaging clients. There are two types of instructions, Questions and Actions. In these exercises, we will ask questions and execute actions on our Tachyon clients
Using the Product Pack Deployment Tool for the Integrated Product Packs
Tachyon 5.0 ships with the Tachyon Product Pack Deployment Tool which gives you a way to bulk import Product Packs and Guaranteed State artifacts into Tachyon. We also have a set of Integrated Product Packs to import. We can use this during the Tachyon install or as a standalone bulk import. The product packs must be in the same folder as the tool. Your Guaranteed State Administrator must also have Instruction Set Administrators role to use the Product Pack Deployment Tool for Integrated Product Packs.
- Still logged into 1ETRW72 as 1ETRN\Manager1
- Click Start and in the Search field type \\1ETRNAP\temp Click the temp folder to Launch Windows Explorer. Right click tachyonplatform.v5.0.0.592\ProductPacks\ folder and select copy. Navigate to c:\tools and right click and select Paste
- Double click c:\tools\ProductPacks\Tachyon.ProductPackDeploymentTool.exe
- Type in https://tachyon.1etrn.local/consumer in the Server field. Click on Test Connection
- We should see connected to the Tachyon Server and the version number in the Results pane
- Ensure that all the Integrated Product Packs are selected and click Upload Selected
Changing Tachyon Agent Settings
In this exercise, we will evaluate the 1E Client settings, and make a change to one of them.
- Navigate to the Home node in the Explorer Application
- Click on All Instructions on the top right
- Expand 1E Client instruction set to review the available instructions
- Click on Set a 1E Client configuration property <agentconfig> to <agentconfigvalue> for the Tachyon Agent
- From the Please Choose dropdown, select DefaultStaggerRangeSeconds
- Set the value to 30
- Click Perform this action
- Input Passw0rd for the password
- Launch LiveMail and click Send/Receive to update the inbox
- Retrieve the authentication code from the latest email and input it into the console
- Launch LiveMail and click Send/Receive to update the inbox
- Open the latest email with subject Tachyon action X requires approval
- Click on the Go to approval page link
- Click on the approval request. Review the details of the action request. Note that all 7 clients are targeted
- Input a comment if you wish. Check the I understand the impact of this action and approve this request box. Click Approve
- Check the inbox in LiveMail. An email confirming the instruction was approved will be present with a current timestamp
- Return to the Explorer Application. It should be on the responses page for our Agent reconfiguration instruction
- Wait a few minutes as the results of our action are returned
- On the Content page, note a pie graph detailing Success/Error
- Click on Aggregated Table View at the top right to get details on the action
- Click the Row that displays Exit Code and Count to expand results
- Note the Output column, now showing DefaultStaggerRangeSeconds=30
- Click on Raw Table View at the top right to get details on the action, this lists the machines that have responded, similar to that of the Aggregated Table View
- Note the Output column, now showing DefaultStaggerRangeSeconds=30
- Once 1ETRNW71 returns a result, navigate to c:\program files\1E\Client and edit 1E.Client.conf with Notepad
- Review the settings. Note that DefaultStaggerRangeSeconds is now set to 30, per the action which we initiated
- Once all machines have responded click Stop, and navigate to the Home node in the Explorer application and in the I want to know box type in What are the 1E Client settings
- Click Ask this question button
- Note that the Default Stagger Range Seconds now shows 30 for all the clients
- Click Stop once all the agents have reported in. Click Keep on the dialog box to keep the responses
- Review the config file on other machines if you wish to manually confirm the setting change
- Open SQL Management Studio and navigate to Databases>TachyonResponses>Tables. Refresh to see all the tables
- Note there are multiple Response tables suffixed by a number. Right-click on the table with the largest number and select Select Top 1000 Rows
- Note the results from the last question asked are present here
- Right click on the Error table with the corresponding number. If there are any failures to execute the instruction, information on that failure would reside in this table
Working with Processes
Quite often, for security reasons or otherwise, there might be certain processes running on machines in your environment which you do not want to run. In this exercise, we will query for processes, and based on what is returned, kill a process.
- Navigate to the Home node in the Explorer Application
- Click on All Instructions at the top right of the page and expand Processes
- Click on What Processes are Running?
- Leave the Parameters default, click Ask this question
- On the Responses page, once results are presented, scroll down as far as you wish, reviewing the different columns returned from the question
- Click on any row to expand the results showing which machines have the process running. Click Close to return to the entire list
- Return to the Home node, and type Process into the I want to know box, and select What Processes are Running?
- Click Edit in the Parameters window
- In the Parameters section on the right, expand Coverage and expand Device
- Leave the condition to contains, and type in 1ETRNW73. Click Set
- Click on Ask the question to execute the question
- Once the results are returned, click on the Summary tab. Validate that Approximate target and Responses count both show 1, and Responses > Successes shows a count of 1
- Return to the Content tab. Note the only machine returning processes information is 1ETRNW73
- Click on the Filter results button, and type calc.exe into the Executable box. Click Search
- Note the results are now filtered onto the single process. This indicates that calc.exe process is running on 1ETRNW73
- Click on Follow-up action in the filter space
- In the question box, type in Kill
- Click on Kill Process(es) with image name matching <exename>
- In the input box for enter process name, type in calc.exe
- Note the Approximate target value in the Parameters window. Since we are doing a follow up action, only the initial coverage will be impacted by this action. Any other clients running calc.exe will not be impacted by this action
- Click Perform this action
- Input Passw0rd for the password and click Confirm and Send
- Open LiveMail. Click Send/Receive to ensure the authentication email is in the inbox
- Open the email with title Instruction X requires authentication with the appropriate time stamp and type the authentication code into the Tachyon console where requested
- Log onto 1ETRNW73 with 1ETRN\Tachyon_adminG if not already logged in
- Confirm that Calculator is running and present in the task bar
- Launch the Explorer application if not already open in Chrome, and note that a notification is available for the pending request
- Click on the Notifications
- On the Request for action approval page, review the details of the request
- Expand the 1 setting and 1 device details and validate the filters we set when asking the original question
- Check the I understand the impact of this action and approve this request box. Click Approve
- Wait a few seconds. Note that the Calculator application disappears from the Taskbar
- Navigate to c:\programdata\1E\Client and double-click 1E.Client.log
- At the bottom of the log, note that the agent is running an instruction which kills the calc.exe process
- Return to 1ETRNW71
- Note the console is on the Content page
- Note the results show a count of 1 for Killed and 0 for Failed
- Click on the Summary tab to validate the coverage of the action as well as the success
- Note Approximate target, Sent count and Responses count are all 1, and the Responses Success count is 1
- Click Stop for the Kill Process(es) calc.exe action. Click Ok
- Ask the processes question again and validate that calc.exe is no longer running
- You may repeat the process of killing a process, using the Process ID instead of the executable name if you wish
Working with Services
In an enterprise, having real time knowledge of Services on client machines is very valuable information. Often, you might want to stop or disable a service. Other times, you might want to start or enable a service. In this exercise, we will work with Services, both querying and taking actions.
- Navigate to Home in the Explorer Application
- Click on All Instructions
- Expand the Services Instruction Set, and review the questions available
- Click on What services are running?
- Leave the parameters default. Click Ask this question
- Review the results, scrolling down to see all services listed
- You must scroll quite a while to see all the services. We will filter the results to drill down onto a specific service on a single machine
- Click the Back to top button to return to the top
- Expand Filter Results. In the Name box, input RemoteRegistry. Click Search
- Note the service is stopped on all machines but 1ETRNCM
- Return to the home page, and in the search box, type in Services
- Click on Which Windows services are disabled?
- Click Ask this question
- On the Contents page, change view from graph to table view at the top right
- Click on the Filter results button, and in the caption type in Remote. Click Search
- Click on Remote Registry to expand the results. Note the machines on which the service is disabled
- Click the Follow-up Action tab, and in the search box, type Service
- Select Set service <servicename> startup type to <startuptype> and state to <state>
- In the Set service box, input RemoteRegistry. Set Startup type to Manual. Set state to Start
- Note the Approximate target number
- Return to the home page
- Type Services into the search box, and select Which Windows services are disabled?
- Click Edit in the Parameters space
- Expand Coverage
- Click on Management Group, click in the search box to display our list of Management Groups, select All Win 10 Lab Workstations. Click Set
- Click Ask this question. Review the results in the Aggregated table view
- Click the Actions tab, and in the search box, type Service
- Select Set service <servicename> startup type to <startuptype> and state to <state>
- In the Set service box, input RemoteRegistry. Set Startup type to Manual. Set state to Start. Click Perform this action
- Note the Approximate target is now limited to 2 devices, which is the coverage of the original question
- Input Passw0rd for the password
- Launch LiveMail. Click Send/Receive to get the latest email in the inbox
- Retrieve the authentication code from the email and input it into the Explorer Application. Click Submit
- Log into 1ETRNW101 as 1ETRN\User
- Double-click the Services applet on the desktop
- Scroll down to Remote Registry and validate that it is not running and set to disabled
- Still logged into the Explorer application as 1ETRN\Tachyon_adminG click on the notifications node
- If already on the Notifications page, refresh the page
- Click on the pending request. Review the details of the action, and note that it is now only going to 2 machines
- Check the I understand the impact of this action and approve this request box. Click Approve
- Click the refresh button in the Services applet to refresh the view. Note that the Remote Registry service is now running, and the startup type is changed from Disabled to Manual
- Review the 1E.Client.log. Note the reference to remoteregistry at the bottom of the log, along with a successful status for the corresponding InstructionId
- Return to the Explorer Application. It should be on the Content page
- Note that the Action column shows Manual + Start for both machines in scope
- Click on the Summary tab and note that the Target, Sent, Responses, and Success counts are all 2
Working with the Registry
- Navigate to the Home node in the Explorer Application
- Type Registry into the I want to know box and select What are all the values under the registry key <hive> <subkey>?
- In the subkey box, type in software\1E\Client\Persist
- The value must be inputted exactly as shown above. If the value doesn't match what is on the clients, no results will be returned
- Click Ask this question
- From the start menu in windows, type in regedit in the search window and launch regedit
- Navigate to HKLM\software\1E\Client\Persist
- Review the different values present under this key. Leave regedit running
- Return to the Explorer Application. Note that we are on the Responses page
- Click the Filter Results tab, and input 1ETRNW71 into the Device name box. Click Search
- Confirm the results seen here match what is shown in the registry, clear the search filter
- Click on the Actions tab, and input registry into the search box, and click on Set registry entry <hive> <subkey> <name> to <valuetype> <value>
- In the subkey box, input software\1E\Client
- In the name box, input Test
- Change the type to REG_SZ
- In the value box, input Test
- Click Perform this action
- Follow the two factor authentication process by providing the password and then inputting the authentication code provided in the resultant email, as done in previous tasks
- From the start menu in windows, type regedit in the search window and launch regedit
- Navigate to HKLM\software\1E\Client. Note that a default and the InstallationDirectory values exist
- Approve the action in the Tachyon exchange console
- Review the details of the action. Note that is it going to all 7 devices
- In the registry, return to HKLM\Software\1E\Client. Click F5 to refresh the view
- Note that a REG_SZ value named Test is created, with the data set to Test
- Return to the Explorer Application. Note that it is now on the Content page, and the status shows a count of 7
- Switch to the Aggregated table view. Click on the aggregated row with the count to see the list of machines this action was applied to
- Click on the Summary tab to validate that the action was successful on all 7 machines
- Return to regedit. Navigate to HKLM\software\1E\Client. Confirm the Test value we set has been created via the Tachyon action
- You will likely need to refresh the view to see the new value
Working with Device Tags
Device Tags allow you to add custom labels to devices for use by Tachyon. We have two types of Tags – Coverage and Freeform. Coverage Tags can be used for targeting instructions and are configured by a Tachyon Admin, devices can then be set using an instruction. Freeform Tags can be used to label the devices in your organization but are only set using instructions and cannot be used for coverage. In this exercise we will create the device tag that we will use for our Phased Deployments. We will have values for the devices that are used for Testing (TestGroup), Pilot (PilotGroup), Group1 and Group2 will show the example of Day 1 deployments and Day 2 deployments. We will set our 2 Windows 10 machines as a Pilot group in our lab using Tags. We will then ask a question using the Tag as our coverage parameter.
Creating the Pilot Group Tag
Planning the coverage tags for the entire environment should be done thoughtfully. Each device has a list of the tags that have been set on the 1E Client. The list includes Name=Value plus a delimiter. The entire list for each Agent cannot be over 512 characters.
- Logged into 1ETRNW102 as 1ETRN\Tachyon_AdminPP
- Open Google Chrome and switch to the Settings application
- Navigate to Configuration – Custom Properties
- Click Add. In the Add Custom Property box type PhasedRollout in the Name field
- In the Property Type box select CoverageTag
- In the Values box type in the following values
- You will need to click the + sign after adding the first value to add the additional fields
- Click Add
PilotGroup
Group1
Group2
Setting a Tag on Devices
We use instructions to tell the 1E Client which tags to add to each device. We have two types of Tags in Tachyon. Coverage Tags and FreeForm Tags. FreeForm tags have less stringent limitations for length but cannot be used to define coverage (you would ask a question to get a list of devices that have that freeform tag). Tag data is stored in the Tachyon Master Database for each device. The entire list of Coverage Tags on each device must not exceed 512 characters.
- Switch to the Explorer Application. Navigate to Home
- Click on All Instructions and Expand the Tags Instruction Set
- Select What are the coverage tags. Leave the parameters as they are
- Click Ask This Question
- When the results come back notice we have 0 tags on our devices. You may need to switch to Aggregated table view
- Notice the || in our results. These are the delimiters that will be used for the list of tags on each device. You must factor in these characters when planning for your coverage tags
- Stop the Instruction
- Ask the question again but this time change the coverage to All Win10 Lab Workstations Management Group. Click on Ask This Question
- Click on Actions from the Question we just asked
- Click All Actions
- Expand the Tags Instruction Set. Notice the Actions we have available in this instruction set
- Select the Set coverage tag <tagname> to <tagvalue> action
- Click in the first parameter field – notice our only choice is PhasedRollout. We have only created one tag in our Settings Application – Custom Properties but with multiple values. Select PhasedRollOut and PilotGroup
- Click Perform this Action. You will have to enter your password
- Open LiveMail and enter your Authentication Code
- In Google Chrome – Explorer Application
- Navigate to Notifications and Approve the Instruction number from above
- In the Explorer Application ask the question What are the coverage tags?
- Notice we have 2 devices set as our PhasedRollout - PilotGroup
- Open File Explorer and Navigate to c:\ProgramData\1E\Client
- Open the 1E.Client.log and look for the instruction number from the approval that you did
- You will see the action of running the instruction logged and also that the Tags have changed
Asking a Question Using our Coverage Tag
Now that we have our devices tagged, we will ask another question. We will use the Device Tag for our coverage.
- Navigate to the Home screen of the Explorer Application
- In the I want to know field type in Operating and choose What Operating System Information Does Windows SystemInfo Report?
- Next to Parameters click Edit
- Expand Coverage – Tags
- In the Select Key field choose PhasedRollout
- In the Select Value field choose PilotGroup Click Set
- Click Ask this Question
- Notice that we only have responses from our 2 Windows 10 Devices
Working with Quarantine
In the event of a security breach, Tachyon can quarantine devices. This will cut off the device from all network traffic except for the Tachyon Switch. This can contain an outbreak while the device is remediated. In this exercise, we will target a specific system and quarantine it. We with then remove it from quarantine.
Checking Quarantine State
- Logged into 1ETRNW102 as 1ETRN\Tachyon_AdminPP
- Open Google Chrome and Navigate to the Explorer Application
- From the Home screen click All Instructions
- Expand Quarantine
- Click Are my devices quarantined?
- Click Ask this question
- This is a simple query to see if the devices are actually quarantined. As you can see none of our devices are in quarantine
Quarantine a Device
In this task we are going to quarantine 1ETRNW72
- Navigate to Explorer application – Home screen
- In the I want to know field type in Quarantine
- Click on Quarantine Selected Devices. Click Edit on parameters
- Click coverage
- Expand Device. Choose = in the first field and type in 1ETRNW72.1ETRN.local in the second field
- Click Set
- Click Perform this Action
- Type in your Password
- Open LiveMail and enter your authentication code
- Open LiveMail and Launch the Notification Page or refresh Chrome and navigate to Notifications
- Approve the Request
Checking the Quarantined Device
- In the Explorer application check the results from the instruction
- Notice there is now 1 device quarantined
- Click on Quarantined in Status and see the device name
- Launch a Command Prompt and type in ping 1etrnw72. Your request will time out without a response
- Launch a command prompt and ping 1ETRNDC
- Ping 1ETRNCM
- Ping Tachyon (our alias for 1ETRNAP)
- Launch a new browser window and navigate to Google.com
- Notice that our device cannot get to other devices or the internet
Removing a Device from Quarantine
Now we will issue the instruction that will remove the device from quarantine. The device can only communicate with the Tachyon Switch at this time.
- Still logged in as 1ETRN\Tachyon_Admin1
- Open Google Chrome – the Explorer Application should still be open
- Navigate to Home and in the I want to know field type in Quaran and Select Releases Selected devices from Quarantine
- Click Edit on the Parameters
- Expand Coverage – Expand Device
- In the contains field select =
- In the next field type in 1ETRNW72.1ETRN.Local click Set
- Type in the entire FQDN or the instruction will fail
- Click Perform this action
- Type in Passw0rd and click Confirm and Send
- Open LiveMail and copy the authentication code for Instruction X
- Paste the code into the Authentication Code box. Click Submit
- Still logged in as 1ETRN\Tachyon_AdminG
- Open Chrome and refresh the page
- In the Explorer Application navigate to Notifications
- Approve Instruction X from above
- In the Explorer Application – Navigate to Instructions – History
- Select our Releases selected devices from quarantine
- Wait for this one to complete
- Move back to Instructions – History. Select Are my devices quarantined?
- Rerun this instruction
- Wait for it to complete and see that all 7 devices are now NotQuarantined
- Open a command prompt and Ping 1ETRNW72. Device should respond
- Ping any of the other devices in the lab
- Browse to the Internet
- The device should be able to get to the internet
Device Criticality
Within Tachyon we can classify our devices into degrees of importance or how critical the device is to an organization. We can then base our coverage of instructions on this for use in targeting. For example, if we set our domain controllers to Critical we could send an instruction and target all devices except for the Critical ones. We can also view our Guaranteed State results based on Criticality. We will look at that data in the Guaranteed State exercises
First Look at Criticality
In this task we are going to set our Lab Servers to Critical, our Windows 10 devices to High, and our Windows 7 Devices to Medium. We use instructions to set this on the device.
- Still logged in as 1ETRN\Tachyon_Admin1
- Navigate to the Home screen of the Explorer Application
- In the I want to know field type in Critical. Select What is the criticality of my devices?
- Click Ask this Question
- Click Stop once all 7 devices have returned results
Setting Criticality
- Navigate back to Home. Type Critical in the I want to know field
- Select Set the criticality of my devices. Click Please choose in the list select Critical
- Click Edit in the parameters row
- Expand Coverage – Expand Management Group – Choose Lab Servers. Click Set
- Type in Passw0rd and click Confirm and Send
- Open LiveMail and copy the Authentication Code
- Paste it into the Authentication Code box for Instruction XX. Click Submit
- In the Explorer Application navigate to Notifications
- You may need to refresh to see Instruction XX from above
- Type something in the comment box
- Check I understand the impact. Click Approve
- Wait for all devices to respond
- Repeat the Steps above to set the following:
Windows 7 = Medium
Viewing Criticality
- In the Explorer Application – Home – I want to know
- Type in Critical and select What is the criticality of my devices?
- Click Ask this question
- Drill into each Criticality to see the devices that are assigned to each one
- Still logged into 1ETRNAP as 1ETRN\AppInstaller
- From the Start Menu launch SQL Management Studio
- Connect to the Database Engine
- Expand Databases
- Expand TachyonMaster
- Expand Tables
- Right Click dbo.GlobalSetting and choose Select Top 1000 Rows
- In the Name column look at the CriticalityMapping values
- Right Click on dbo.Device and choose Select Top 1000 Rows
- Scroll over to the Criticality Column to view the settings
Using the Tachyon Exchange
In this exercise we will download some product packs from the Tachyon Exchange directly from the Explorer Application and import those product packs into Tachyon.
Download the Product Packs
- Still logged into 1ETRNAP as 1ETRN\AppInstaller
- Launch the Settings Application
- Navigate to Instructions – Instruction Sets
- Click on Tachyon Exchange in the upper right
- Scroll down and look at the product packs that are available to download
- Explore the Tachyon Exchange to see the offerings available. When you are finished download any Product Pack you choose
- Click on Download Product Packs
- In the Checkout page click Free Download
- On the Purchase Confirmation page click on the link below IT Management. Once the download completes Save the .zip to c:\temp
- Download 2 additional product packs that interest you. Save them to c:\temp
- Upload into Tachyon and move them into an Instruction Set
Lab Summary
In this lab, we worked with Tachyon in a variety of different ways. We added different Product Packs to Tachyon which provided us with specific functionality defined within those Product Packs. We organized the individual instructions from the Product Packs into Instruction Sets. We then asked questions and executed actions using the different instructions. We learned how to create and deploy device tags and use them for Coverage for our Instructions. We learned how to use Quarantine to help us remediate security issues and prevent further spread. We learned how to set and view Device Criticality. We then learned how to download product packs from the Tachyon Exchange and import them into Tachyon for use
Next Page
Ex 6 - TCN Opr v5.0 - Working with Patch Success