Summary

A description of Tachyon Stacks and their Tachyon components, the Tachyon clients and how they connect to provide the Tachyon features.

Tachyon deployment architecture

At the top-most level, Tachyon architecture consists of Tachyon Server components, grouped into Stacks, and clients that are deployed onto the devices that you want to manage.

Tachyon client and its features are part of the 1E Client, which replaces the Tachyon Agent.

Tachyon Server Stacks

Every Tachyon system has a single Master Stack, which provides web services for Tachyon applications.

Tachyon Real-time features requires Response Stacks, and optional DMZ Servers. Each Response Stack has a Tachyon Core component that supports an associated set of up to five Tachyon Switches, which is the primary mechanism for rapidly requesting and retrieving responses from the Tachyon clients. As each Switch can handle up to 50,000 devices there is a limit of 250,000 devices per Response Stack.

The Tachyon Switches may be local or remote to the other components in the Response Stack. Tachyon, Catalog, SLA and BI databases are installed on SQL Server database instance(s) that may also be local or remote to their respective Master or Response Stacks. It is also possible for multiple Response Stacks to share the same Responses database. The Experience and BI cubes are installed on a local or remote SQL Server Analysis Services (SSAS) instance.

Please refer to Design Considerations: Tachyon Architecture section for guidance on which architecture to choose. Below is a detailed description of Tachyon components.

Please refer to Communication Ports reference page for connection details between components and ports necessary for firewalls.

On this page:

Tachyon Single-Server system

In the most basic setup there is a single server which hosts both a Master Stack and a Response Stack and this can be deployed by selecting the default settings in Tachyon Setup

The following table shows the Tachyon Platform components, including Tachyon Master and Response Stacks, and also shows the DMZ Server discussed below.

SubsystemComponentWeb applicationMaster StackResponse StackDMZ Server
Tachyon ServerTachyon Portal UI and Tachyon applicationsTachyon1

Consumer APIConsumer1

Coordinator service
1

Tachyon Master database
1 (optionally Remote)

ExperienceExperience database
1 (optionally Remote)

Experience cube (requires SSAS)
1 (optionally Remote)

ActiveEfficiencyActiveEfficiency ServerActiveEfficiency1 (optional)

ActiveEfficiency database
1 (optionally Remote)

1E CatalogCatalog UICatalogWeb1 (optionally Remote)

Catalog APICatalogWeb

Catalog Update Service


Catalog database
1 (optionally Remote)

SLA PlatformSLA Platform UI and SLA applicationsPlatform1

SLA Admin

Admin1

SLA Engine
1

SLA Integrate Services
1

SLA Operations Provider APICoreExternal1

SLA databases (Data, Integrate, Shared)
1 (optionally remote)

SLA Business Intelligence

(for Patch Success)

MDX API
1

SLA-BI database
1 (optionally Remote)

SLA-BI cube (requires SSAS)
1 (optionally Remote)

Tachyon ServerCoreCore and CoreInternal
1
Background ChannelBackground
11
Switch(es) (also includes a single Switch Host service)

up to 5 (optionally Remote)up to 5
Tachyon Responses database

1 (optionally Remote)

The picture opposite shows a Tachyon Single-Server System with databases optionally installed locally or on remote SQL Server instance(s). Components colored green are optional in a Tachyon system.

The Response Stack has can be installed on the same server as the Master Stack, and on remote servers.

The DMZ Server has only the Tachyon client facing components of the Response Stack: the Background Channel and Switches.

Tachyon applications and tools are consumers, and all consumers connect to the Tachyon Consumer API. 

Tachyon Applications

The following are applications that work with Tachyon 5.0 and are installed using Tachyon Setup:

  • Explorer - used to investigate, remediate issues and manage operations across all your endpoints in real-time
  • Guaranteed State - ensures endpoint compliance to enterprise IT policies
  • Inventory - used to view and export inventory, and manage associations (new in 5.0)
  • Settings - used to configure Tachyon system and application settings
  • Experience 1.0 - a separately licensed application that measures performance, stability and responsiveness for applications and devices to assess user experience across your enterprise
  • Patch Success 1.2 - reports on and ensures successful patching of your enterprise

A typical Tachyon license will include all these applications except for Experience, which must be licensed separately.

All the above require 1E Client to be deployed to all in-scope devices, with Tachyon features enabled.

Patch Success requires SLA Business Intelligence to be installed, as described in Business Intelligence above. It also needs to get meta-data for patches from whichever of the following that you use to approve patches:

  • Configuration Manager (SCCM) if it is configured to manage WSUS
  • Windows Server Update Services (WSUS)

The following applications can be installed on the Tachyon platform. These applications have their own installers and are not installed using Tachyon Setup. You will need to ask for the application to be added to your license.

  • AppClarity 7.0 - used to manage software license compliance, License Demand Calculations, license entitlements, and for reclaiming unused software
  • Application Migration 3.0 - used to intelligently automate the migration of applications during a Configuration Manager OS deployment

The AI Powered Auto-curation feature provides automatic curation of new products which avoids having to manually add products or waiting for 1E Catalog to be updated. This optional feature requires additional memory on the Tachyon Server (Master Stack). Please refer to AI Powered Auto-curation: Internal memory requirements for SLA for details.

1E Catalog is used by the following Tachyon applications, and can therefore use AI Powered Auto-curation:

Tachyon Tools

The following are tools included in Tachyon 5.0. These tools are not installed using Tachyon Setup. They have either their own installers or are included in download zips.

  • Tachyon Configuration Manager UI extensions  - installed as part of the Tachyon Toolkit, this is a right-click extension for the Microsoft System Center Configuration Manager console that provides a graphical user interface for the user to browse and run an instruction on devices in a specified Collection
  • Tachyon Run Instruction command-line tool - installed as part of the Tachyon Toolkit, it is used for sending instructions to the Tachyon server from a script or from a command prompt
  • Tachyon Product Pack Deployment Tool  - included in the Tachyon Platform zip ProductPacks folder
  • Tachyon Instruction Management Studio (TIMS)  - used for development of Tachyon instructions using the Tachyon SDK.

A typical Tachyon license allows use of all these tools.

Tachyon Multi-Stack system

The picture opposite shows a Tachyon Multi-Stack System. Here the Tachyon Master Stack communicates with one or more Tachyon Response Stacks. A local Response Stack is not mandatory. Components colored green are optional in a Tachyon system.

As with a single-server system, the databases are optionally installed locally or on remote SQL Server instances(s).

Tachyon components

Let's take a look at each of the Tachyon components in slightly more detail.

ComponentDescription

IIS Components

The following components are IIS Web Applications that reside on a single-server.

Under the Tachyon website:

  • ActiveEfficiency * (optional)
  • Admin (SLA Admin)
  • Background (Tachyon Background Channel)
  • CatalogWeb *
  • Consumer (Tachyon Consumer API)
  • Core (Tachyon Core)
  • CoreExternal (SLA Ops Provider API)
  • CoreInternal (Tachyon Core internal)
  • Experience (optional)
  • Platform (SLA Platform UI)
  • Tachyon (Tachyon Portal UI)

* These applications are installed under the Default Web Site and then relocated by Tachyon Setup to support both HTTP and HTTPS.

Core

The Core is a Tachyon Response Stack component which has two web applications, Core and Core Internal, providing internal API and data processing.

Core does the following:

Core Internal does the following:

  • Forwards responses from the Switch to the Responses database. This task requires high throughput therefore uses HTTP, but restricts access to the Switch server's local IP Address only

Background Channel

The Background Channel is a Tachyon Response Stack component which provides a means for the Tachyon clients to retrieve large data items from Tachyon without loading the Tachyon Switch:

  • Stores Tachyon content provided by the Consumer API in the Background Channel for Tachyon clients to retrieve
  • Responds to Tachyon clients retrieving Tachyon content from the Background Channel

Switch

The Switch is a Tachyon Response Stack component which provides the following:

The Switch Host service is responsible for starting local Switches.

Tachyon Portal UI

Tachyon users browse to the Tachyon Portal to access Tachyon applications.

Applications that are Tachyon built-in applications:

  • Explorer
  • Guaranteed State
  • Inventory
  • Settings

Applications that are optional:

  • AppClarity
  • Application Migration
  • Experience
  • Patch Success

Tachyon Consumer API

The Tachyon Consumer API provides the following:

  • Processes the consumer requests from the Explorer and other Consumers
  • Publishes Tachyon content to the Tachyon Background Channel
  • Forwards requests for instrumentation data from the Explorer to the Tachyon Instrumentation component
  • Forwards workflow commands from the Explorer to the Tachyon Workflow component

Tachyon Coordinator

The Coordinator service is the coordinating service used by Tachyon components. It has two modules, Workflow and Instrumentation.

The Workflow module provides the following:

  • Forwards workflow commands from the Consumer API to the Core
  • Stores workflow in SQL
  • Connects to remote SMTP to send emails used in the approval process for actions
  • The Workflow component contacts the Authentication component to manage the two-factor authentication process

The Instrumentation module processes instrumentation data from the following components:

  • Core
  • Workflow
  • Switch

And responds to requests for instrumentation data from the Consumer API.

Supports the two-factor authentication feature, with email.

ActiveEfficiency

For Tachyon 4.1 onward Tachyon Setup supports optional installation of ActiveEfficiency Server to support Nomad.

ActiveEfficiency can be installed on the Tachyon server for systems supporting up to 50,000 clients. Larger systems require separation of incoming client network traffic from Nomad and Tachyon. Therefore, either ActiveEfficiency or the Response Stack is installed on a separate server, or if both are installed on the same server there are additional networking and DNS requirements. There is no integration between ActiveEfficiency Server and Tachyon. ActiveEfficiency is installed by Tachyon Setup in order to provide support for both HTTP and HTTPS.

Nomad 7.0 uses the ActiveEfficiency Server for the following features. Please click on the links below to learn more about configuring Nomad features and their prerequisites, which can be configured after installing ActiveEfficiency Server:

ActiveEfficiency Server is also used as an inventory repository by the following 1E solutions, which also require the ActiveEfficiency Scout as a connector to capture the data from Configuration Manager. Tachyon Setup does not install or configure the Scout.

  • Shopping 5.6 - ActiveEfficiency Server is used as a raw inventory repository for device and user usage data. Shopping Central server processes this data into its own database.
  • AppClarity 5.2 - ActiveEfficiency Server is used as a raw non-normalized inventory repository for device, user and application usage data. AppClarity processes this data into its own database to support usage reports and software reclaim features. 1E recommend using AppClarity 7.0 instead, which uses Tachyon instead of ActiveEfficiency to get inventory data.

Catalog UI

The Catalog website used to view and interact with the Catalog.

Tachyon Setup supports installation of 1E Catalog on the Tachyon Master Stack server. For customers that want to continue using an existing installation of 1E Catalog 2.0 then Tachyon Setup supports using a remote Catalog server as a custom setup option. Please contact 1E for details of how to use custom setup options.

Catalog Update Service

Service used to connect to the 1E Cloud Catalog in order to download the latest catalog entries.

Catalog API

Consumer API used to manage and update the 1E Catalog.

SLA Admin

Internal API used to manage the SLA Platform.

SLA Platform UI

The Platform website used to view and interact with the Inventory. Optionally supports Application Migration 2.5.200.

SLA Engine

The Engine service is the coordinating service used by SLA Platform components. This includes processing of Management Groups.

SLA Integrate Services

The Integrate Agent performs Connector functions by connecting to data sources and importing data into repositories. The Integrate Manager manages Agent operations including repository action schedules.

SLA Inventory

The inventory repositories.

SLA Operations Provider API

Consumer API and functions used by SLA Platform clients, including Application Migration and the AppClarity Software Reclaimer. The Software Reclaimer will be a feature in a future version of Tachyon.

MDX (BI)

Internal API used by Patch Success application.

Business Intelligence is an optional component installed by Tachyon Setup on the Master Stack, and requires SQL Server Analysis Services (SSAS). Business Intelligence is a prerequisite for the Patch Success application to support efficient presentation of visualizations on a large scale.

Consumer applications

Tachyon Consumer applications are: Explorer, Guaranteed State, Patch Success and Settings

Other Tachyon Consumers are Tachyon Configuration Manager extensions, and other toolkit features.

SLA Platform also has its own Consumer applications: Application Migration, and in a future version also AppClarity.

SQL Server (Database Engine and Analysis Services)

Tachyon has two databases:

  • Tachyon Master
  • Tachyon Responses

Experience has two databases:

  • TachyonExperience database
  • TachyonExperience cube on a SQL Server Analysis Server (SSAS) instance

Catalog has one database:

  • 1ECatalog

SLA Platform has three databases:

  • SLA-Data
  • SLA-Shared
  • SLA-Integrate

SLA BI has two databases:

  • SLA-BI database
  • SLA-BI cube on a SQL Server Analysis Server (SSAS) instance

ActiveEfficiency has one database:

  • ActiveEfficiency

1E Client

Tachyon client runs on the devices you want to include in your Tachyon managed estate. Tachyon clients communicate with the Tachyon Switches and the Background Channel to provide responses to instructions (questions and actions).

Tachyon client and its features are part of the 1E Client, which replaces the Tachyon Agent. 1E Client also includes: Nomad client, Shopping/WSA client, and WakeUp client.

Tachyon architecture for Internet-facing devices

Enabling Tachyon to support devices that are external to your company network is done by slightly extending the default single-server architecture.

The Responses Stack handles communications between the Master Stack and the Tachyon clients. The Background Channel and Switches components handle the direct communication with the Tachyon clients, the Core processes the information in both directions between the Master Stack and the Switches.

To enable external Tachyon client devices to interact with Tachyon you need to put the Background Channel and at least one Switch into the DMZ.

First, you need a working Tachyon system with a Response Stack that will provide the Core for the DMZ Server. The picture opposite shows a Response Stack and Master Stack on the same server, located on the internal network. This serves clients when they are connected to the internal network.

Then configure the internal firewall to allow two-way communication between each of the following:

  • The Core on the Internal Response Stack and the Switch(es) in the DMZ
  • The Coordinator on the internal Response Stack and the Switch(es) in the DMZ
  • The Consumer API on the internal Master Stack and the Background Channel in the DMZ

Configure the external firewall to allow incoming connections for:

  • The external Tachyon clients and the Background Channel in the DMZ
  • The external Tachyon clients and the Switch(es) in the DMZ

After you have installed the DMZ Server in the DMZ, you need to make the following changes in the existing Tachyon system:

  • The Tachyon Master database would need to be modified to enable Tachyon to recognize and additionally use the DMZ Background Channel and Switch(es) and raise the security level of the Core and Switch communications to use HTTPS. 
  • The configuration files for the Switch host on the Internal Tachyon Server and on the Tachyon Server in the DMZ would need to be changed to enable the Switch(es) to communicate with the Core.
  • The configuration file for the Background Channel on the DMZ would need to be changed to enable the Background Channel to communicate with the Consumer API.

Detailed steps for the above process can be found on the Implementing a Tachyon DMZ Server page.

The DMZ picture shows a dual firewall design, but single firewall is also supported.

In the picture, components colored green are optional in a Tachyon system.