Using Guaranteed State
Using Patch Success
Tachyon v5.1 - Install and Configure - Lab Guide
Tachyon v5.1 - AppClarity Training
Tachyon v5.1 - Application Migration Training
Tachyon v5.1 - Using - Using Experience - Lab Guide
Tachyon v5.1 - Using - Using Guaranteed State - Lab Guide
Tachyon v5.1 - Using - Using Inventory - Lab Guide
Tachyon v5.1 - Using - Using Patch Success - Lab Guide
Tachyon v5.1 - Using - Using TIMS - Lab Guide
- Tachyon v5.1 - Using - Application Programming Interface Lab Guide
Tachyon Advanced v5.1 Lab Guide
Tachyon - Nomad as Content Provider Lab Guide
- Tachyon v5.1 - Install and Configure - Lab Guide
This exercise will show you how to configure Tachyon for use by different consumers. We will also go over the Tachyon Application Programming Interface (API) and the documentation of the API endpoints using Swagger. This will give you a visual representation of the APIs that you will need to use when creating your own consumer. These are the same API endpoints that are used by the Explorer application. If you can do something in Explorer you will be able to do it in any consumer. We will be using Postman as a consumer and writing our own consumer in later exercises.
Tachyon License File for Consumers
- Log into 1ETRNW102 as 1ETRN\Tachyon_AdminPP and remain logged in.
- Right click on Start and choose Run. In the Run field type in \\1etrnap\c$ When the Authentication window opens use 1ETRN\Administrator
- Navigate to ProgramData\1E\Licensing and copy Tachyon.lic to c:\sources Open c:\sources\Tachyon.lic with Notepad to view the contents
- Search the file for Postman. This is the first consumer that we will be using. Notice that it is enabled.
- Search the file for QWidget - this is the powershell consumer we will be writing in later exercises
Consumer API Log
All Consumers interact with the Tachyon platform in the same way (including Explorer, Patch Success and Guaranteed State). We will look at the log to see the other Consumers as they work.
- Log into 1ETRNAP as 1ETRN\AppInstaller and remain logged in
- Navigate to c:\ProgramData\1E\Tachyon and open Tachyon.ConsumerAPI.log
- Browse through the log and notice the different API calls that are being made. You will see the API listed as well as the method (i.e. Get, POST, etc). You may have to scroll up to the top of the log.
- Leave the Log file open as we will look at it again in just a few minutes. You can scroll all the way down to the bottom now.
Adding Postman as a Consumer
We have our license file that allows us to use other consumers, but we also have to install the consumer in Tachyon. The consumers that ship with Tachyon (i.e. Explorer, Settings, etc) are already installed in Tachyon. If you remember from the Tachyon Install and Configure course we added Config Mgr as a Tachyon Consumer. Consumers are a piece of software - Principals in Tachyon are the users of that software. Tachyon checks each Consumer and also checks to see if the Principal has enough permissions to make that call. The Consumer is checked first - the Principal is only checked if the Consumer passes. We can register a new consumer either with the Settings application or with the consumer API (for example, during the installation of the consumer) since the API endpoints relating to Consumers do not check if the software calling them is a consumer.
- Still logged in as 1ETRN\AppInstaller
- Open Google Chrome and launch the Tachyon Portal using the bookmark in the Bookmarks bar (if it is not already open).
- Open the Settings Application and navigate to Configuration - Consumers
- Click the Add button in the far right
- In the Name field type in Postman
- In the Maximum simultaneous connections type in 5
- Check the two bottom boxes for Use Windows Authentication and Enabled
- Click the Add button
Adding the Principal
We are going to create a Role for Postman and add our Postman Service account to it.
- Open Active Directory Users and Computers
- Create a Service account called Postman. Set the password to Passw0rd
- Uncheck the box to force a password change at next login. Check the Password never expires box
- In the Settings Application navigate to Permissions - Roles add a new Role called Postman
- Open the Postman Role and add Read and Write permissions for the type Consumer
Click Add again and select Instruction Set in the type field and in the Name field select All. Check the boxes for Actioner, Approver, Questioner, and Viewer. Click Add.
- Click Add again and select Instruction Set Management and check the Add, Delete and Read boxes. Click Add.
- Select the Management Groups tab and click Add and choose All Devices
- Add the Postman Service Account as a User in Tachyon and assign the Postman role to that user
Before we actually start using external consumers we will look at the documentation for all the API endpoints. We can view this internal documentation using Swagger. This will give you the details for each of the endpoints to help you when you start making calls to them using your Consumer.
- Open Chrome from the Desktop shortcut and type in https://Tachyon.1etrn.local/Consumer/swagger/ui/index#
- Scroll down to the Consumers category and notice Get/Consumers Click on Get
- Notice how the box will open to view the details on that API call
- Navigate around Swagger noticing all the categories and the calls that can be made pertaining to those categories. Open some other calls to see their options also.
Testing API Access
- Open Chrome (or another tab) and navigate to https://Tachyon.1etrn.local/Consumer/SystemInformation
- Notice our error message (in the <ErrorCode> section. Our request did not have the proper header
- In a new tab navigate to https://Tachyon.1ETRN.local/Consumer/Consumers
Using the API from an External Source
The next steps will walk you through allowing HTTP calls within Tachyon. By default, Tachyon assumes that API callers will be authenticated using Windows authentication (i.e. NTLM challenge/response). However, a caller from outside the domain will have to provide credentials which correspond to a valid, authorized, domain account using an alternative protocol. The simplest mechanism for external source authentication is to use HTTP basic authentication over HTTPs. This is simple but reasonably secure.
- First we must add Basic authentication Role to the Tachyon server. Open Server Manager and Select Manage - Add Roles and Features. Click Next until you get to the Server Roles page
- Expand Web Server (IIS) - Web Server - Security and check Basic Authentication click Next until you are able to click install. Wait until it is finished and click Close
- Now we will enable basic authentication for the Tachyon Consumer web service. Open IIS Manager and Navigate to the Tachyon site - Consumer node
- Double click Authentication and select Basic authentication and choose Enable
Double click SSL Settings for the Consumer website and you should see this. SSL is required for this application within the site.
- Restart the Tachyon website
- Close IIS Manager and Server Manager
In this lab you learned about configuring Tachyon for use by an external application and how to look at the internal Tachyon API documentation (Swagger).