On this page:

TIMS Explained

Tachyon Instruction Management Studio (TIMS) is a graphical user interface for authoring and testing Tachyon instructions and Guaranteed State fragments, which can then be saved so they can be uploaded and used in your Tachyon platform.
The instruction definition XML files that TIMS creates can be uploaded into Tachyon using the Tachyon Explorer so that they can then be used within Tachyon. The Tachyon Product Pack Deployment Tool can also be used to upload objects into Tachyon. The objects for Guaranteed State must be in a product pack that has a specific format.
TIMS makes it easy for you to:

  • Run instructions and verify the results that they return on your endpoint device
  • Manage resources (such as files) which are associated with the instruction (question or action) you are developing
  • Save an instruction, and resources, as an XML file, which can be loaded into Tachyon and made available as a question or action
  • Sign an instruction with a different code-signing certificate

TIMS contains a sandboxed copy of the Tachyon Agent, isolated from the Tachyon Agent installed on your computer. TIMS also has its own Agent Historical Data store, which we will work with later in the labs.
Each version of TIMS is bound to the version of its 1E Client and does not have be to the same version as your local Agent, nor the same architecture. This means you can have multiple versions of TIMS installed, so that you can test your instructions against different versions of the 1E Client that you may have in your Tachyon system or are planning to have. However, you can only ever run a single copy of TIMS at any time.

TIMS is only supported on Windows systems. There is no version of TIMS which supports *nix or Android devices.

Configuring TIMS prerequisites

Tachyon requires a code signing certificate to use to sign instructions. This ensures that any instructions written for execution via Tachyon are signed, and no rogue instructions are introduced to the environment. The Code Signing certificate is also associated with the Tachyon license key to ensure that only those with the appropriate certificate can write instructions that can be used in Tachyon.

Enrolling a code signing certificate on the Tachyon server

You do not need a certificate to work within TIMS, however to take an Instruction built in TIMS into a Tachyon environment, you must have a code signing certificate implemented as detailed in this exercise. We have created a code signing certificate for the lab environment.

1ETRNAP
  1. Log into 1ETRNAP as 1ETRN\AppInstaller
  2. Open SkyTap Shared Drive on the desktop and navigate to 1E Tachyon - Course Content\Tachyon 5.1 Course Content\ download and copy Tims.v5.1.0.922.zip, SetSCCMSite.ps1  and 1ETRN_Code_Signing_Cert.pfx to c:\temp right click and extract all on the Tims.v5.1.0.922.zip 
  3. From the start menu, type cert, and click on Manage Computer Certificates
  4. In the Certificates console, right-click on Trusted Publishers. Select All Tasks > Import
  5. On the Welcome, ensure Local Machine is selected by default. Click Next
  6. On the File to Import page, click Browse
  7. Switch the file type to All Files (.)
  8. Navigate to c:\temp and double-click 1ETRN_Code_Signing_cert.pfx. Click Next

  9. On the Tachyon server, you only require the .cer file for the certificate. We will use the .pfx for sake of simplicity.
  10. On the Password page, input Passw0rd for the password and click Next
  11. On the Certificate Store, ensure Trusted Publishers is populated. Click Next
  12. On the final page, click Finish. Click OK
  13. In the Certificates console, expand Trusted Publishers>Certificates and validate that the code signing cert issued to SCCM Admin is present
  14. From a command prompt, run the following command
  15. iisreset

Validate the certificate

  1. Double-Click the Code Signing certificate issued in the Trusted Publishers store
  2. Click on the Details tab and scroll down to the Thumbprint value. Make note of the first 4 and last 4 characters of the thumbprint
  3. Navigate to c:\programdata\1E\licensing and right-click on the Tachyon.lic file and open with Notepad
  4. Use Word Wrap to get a readable view of the file.
  5. Do a search for 1ETRN. Note the signersha value associated with the Instruction. Ensure it matches the thumbprint of our code signing certificate
  6. When a license key is requested from 1E, you must specify what you want your instructions prefix to be and provide the thumbprint for the code signing certificate that will be used to create Instructions. This ensures that only those with the Code Signing certificate will be allowed to create Instructions that will be signed and allowed to be used in Tachyon. This also locks down what the Instruction can be named, in our case the prefix must be 1ETRN.
  7. Close the license file, ensuring no changes were made
  8. Close the certificates console

Enrolling the Code Signing certificate on a workstation

TIMS can be run on any computer in your environment. The instructions you develop will use the framework of the machine you are running TIMS on to validate the instruction. As such, we will run TIMS on one of the workstations. Wherever TIMS is run, the same Code Signing certificate must be enrolled in either the User or Computer store, generally in both.

1ETRNW73
  1. Log into 1ETRNW73 as 1ETRN\Tachyon_AdminG
  2. Copy Tims.v5.1.0.922 and 1ETRN_Code_Signing.pfx from \\1ETRNAP\temp to c:\tools
  3. From the start menu, type in mmc into the search box and launch mmc.exe
  4. Click File and select Add/Remove Snap-in
  5. From the snap-in wizard, select Certificates and click Add
  6. Select My user account and click Finish click OK
  7. If we are running TIMS under system context, the certificate must also reside under the Computer store. In our exercises, we will be running TIMS only in user context.
  8. Expand Certificates (Current User) and right click on Personal
  9. Click All Tasks > Import
  10. On the Welcome page, click Next
  11. On the File to Import page, click Browse
  12. Switch the file type to All Files (.)
  13. Navigate to c:\tools and double-click 1ETRN_Code_Signing_cert.pfx. Click Next
  14. On the Password page, input Passw0rd for the password and click Next
  15. On the Certificate Store click Next
  16. On the final page, click Finish. Click OK
  17. Double-click the Code Signing certificate in the personal store validate that the code signing cert issued to SCCM Admin is present

On the General page validate that you can see the following below the valid from date

  1. On the Details page check the thumbprint and validate it is the same as the one on the server and in the license file.

TIMS

Install TIMS on a workstation

In this exercise, we will install TIMS on a workstation, and use that workstation to write instructions.

1ETRNW73
  1. Navigate to c:\tools\Tims.v5.1.0.922 and double-click TIMS-x86.msi
  2. All our workstations are 32 bit in the labs so we will use the x86 version of TIMS. If you were creating instructions on a 64 bit client, you would use the x64 version.
  3. On the Welcome page, click Next
  4. On the License Agreement page, select I accept the terms of this license agreement and click Next
  5. On the Destination Folder page, click Next
  6. On the Ready to Install the Program page, click Install
  7. Once installed, click Finish

Navigating TIMS

Now that we have prereqs in place and TIMS installed, we can begin working with TIMS. In this exercise, we will learn some basics about TIMS and begin exploring the native language, SCALE (Simple Cross-platform Agent Language for Extensibility), in the form of Modules and Methods used to write instructions.

1ETRNW73
  1. Log in as 1ETRN\Tachyon_AdminG if not already logged in
  2. From the desktop, launch Tachyon Instrumentation Management Studio
  3. Instructions can be written under the user context or the System context. If we wanted to write instructions under the Local System context, we can launch TIMS using PSEXEC to run under the system context. For our labs, we will only use TIMS in the user context.
    TIMS will default to Code Signing certificates. We only have one enrolled, so it will default to that certificate.
  4. Review the different buttons in the top pane
  5. Click on Code Signing and click Select signing certificate
  6. Click on the Click here to view certificate properties link
  7. Note that the general tab of the certificate shows You have a private key that corresponds to this certificate
  8. If you do not have a private key associated with the certificate, Instructions written using the certificate will not work in Tachyon.
  9. Click OK to close the certificate properties. Click OK to select the certificate
  10. Click on Code Signing and check Always sign
  11. This setting ensures that any instruction you attempt to save will be signed using the certificate we just selected.
  12. In the top query window, type in the following text
  13. SELECT "hello"
    Note the query window begins to autofill the text you are typing. This is due to IntelliSense being integrated with TIMS. IntelliSense features are powered by a language service. A language service provides intelligent code completions based on language semantics and an analysis of your source code. If a language service knows possible completions, the IntelliSense suggestions will pop up as you type. If you continue typing characters, the list of members (variables, methods, etc.) is filtered to include only members containing your typed characters. Pressing Tab or Enter will insert the selected member.
  14. Click the Run button in the ribbon.
  15. Note that an error box pops up and a syntax error is displayed in the results pane. This is because each line of code must be ended with a semicolon.
  16. Click OK on the error box
  17. At the very bottom, switch from Results to Log tab
  18. Note the various rows of errors. Specifically, a row displaying the following: Completely unterminated SELECT at line 1,
  19. Return to the TIMS Query Add a semicolon to the end of the instruction and click Run again
  20. Note there are no errors on the Log pane
  21. Switch to Results pane
  22. Note that the results show a column named hello with single quotes, and a value of hello.
  23. Modify the syntax of the query to the following and click Run
  24. SELECT "hello" AS greeting;
  25. Note the column name is now set to greeting.
  26. Change the query to the following and rerun
  27. SELECT "hello" greeting;
  28. Note that you get the same result as before. The 'AS' is not necessary. If you are familiar with SQL language, you will get the hang of TIMS scripting very quickly.
  29. Input the following below the existing line and click Run
  30. SELECT "goodbye" greeting;
  31. Note only the second line displays an output. Unlike SQL, both rows will not display an output, only the last. Switch the rows around to see only 'hello' will show. This is very important to remember when you begin to write complex instructions.
  32. Now that you have done a simple SELECT query in which the data returned is hard-coded, let's run a query using SCALE. Clear the existing code from TIMS. Input the following query into the window. Type it out exactly as shown below, do not rely on IntelliSense to autofill it
  33. Network.getconnections();
  34. Note the error returned. Unsupported method 'getconnections'.
  35. Change the syntax to the following
  36. Network.GetConnections();
  37. Note the results that are returned. The scripting language is case sensitive, so you must input very exact syntax. IntelliSense will ensure that these syntax errors are autocorrected.
  38. Clear the query window and run the following queries, one line at a time, and review the results
  39. Software.GetInstallations(); 
    Device.GetSummary(); 
    FileSystem.GetFilesInFolder(Folder: "c:\\program files\\1E\\client\\"); 
    Notice the \\ in the file path. In strings use the sequences backslash-double-quote (\") and backslash-backslash (\\) to escape literal double-quotes (") and a literal backslash (\) respectively.
    OperatingSystem.GetServiceInfo(); 
    OperatingSystem.GetInstalledUpdates();
    These queries give you a general sense of how the Methods and corresponding Modules operate. You can review all the Methods and Modules and use them in different ways to get data back. Subsequently, you can do more than just query machines, you can also take action on machines. We will cover that later as we begin to write a complex Instruction using different Methods and Modules as well as functions.

Creating a Basic Instruction

Create Basic Instruction

  1. Clear the TIMS query window and run the following
  2. Network.GetConnections();
  3. Let's add a comment to our instruction. Above the first line Type in
  4. //All the Active Connections on this device
    /* This is a comment until the block is closed */ and // This is a comment until the end of the line. Comments are useful to annotate the instruction but serve no useful purpose on the device. Since they are ignored by the device when running an instruction omitting them could save network traffic in large environments.
  5. Click on the Schema button on the top ribbon. On the popup, click Yes.
  6. In the Schema editor, click the different boxes. Here you can define the format of the responses that come back from the devices.
  7. The GetConnections method has a predefined schema. We can define that value in the schema itself manually. The render as property allows for 3 rendering schemas currently, perforated, IPAddress, or currency. This allows for the results to be shown rendered as one of these data types.
  8. Click on ProcessName and using the  button, move it to the top. 
  9. Click OK to save the schema
  10. Click on Workflow. Note the different options available for Instruction Workflow in the dropdown. Click Cancel
  11. The workflow is defined as a global setting, but we can override that by explicitly defining a workflow per instruction. Certain Instructions might be low risk, and thus not require approval or 2FA.
  12. Click Task groups
  13. Tasks allow us to add instructions to specific task groups so they can be executed directly from the Tasks workspace in the Tachyon explorer console. This allows them to be run on a schedule.
  14. Click Cancel to exit out of Task Groups
  15. Click on the Aggregation button on the ribbon
  16. Here, we can group by a specific value that is returned, as well as aggregate based on the available operations. We will work with aggregation later in the labs.
  17. Click Cancel
  18. Click Validate in the top ribbon. Note the errors displayed. Click Close
  19. A readable payload must be defined, and a description for the Instruction provided so it can be searched against in the Tachyon explorer console. A payload is essentially what the Instruction will present to the operator via the explorer console. A task group is not required; hence it is only a warning.
  20. In the Instruction Definition panel at the top right, note the different properties
  21. In the Description field, input Active Network Connections and click Enter
  22. You can click on the ellipses in the field to open a dialog box as well.
  23. For the Name field, change the value from the default to 1ETRN-ActiveNetworkConnections
  24. For the ReadablePayload field, click on the ellipses at the right and input Active Network Connections. Click OK
  25. Review the other properties in the Instruction Definition pane. These are all configurable parameters, but if left alone they will default to the values of the installation.
  26. Click Validate in the top ribbon. Note only a task groups warning is shown. Click Close
  27. From the menu bar, click File > Save As. Click OK on the validation page
  28. Save the Instruction under c:\tools as 1ETRN-ActiveNetworkConnections.xml
  29. Note in the top pane a message is displayed stating that the instruction definition was signed by XXX. This is because we chose to Always Sign earlier. Leave TIMS open with the instruction still defined in the top pane

Validating the Instruction

  1. In windows explorer, navigate to c:\tools. Note an XML file named 1ETRN-ActiveNetworkConnections has been created here
  2. Right-click the file and open with Internet Explorer
  3. Note the format and content of the instruction file
  4. We have reviewed instruction XML files in the Tachyon course, this format should look familiar.
  5. Open the ConfigMgr Content Location shortcut from the desktop. Copy c:\tools\1ETRN-ActiveNetworkConnections.xml to the ConfigMgr Content folder
  6. We need to import our instructions with an account that has Instruction Set permissions in Tachyon.

Uploading the instruction in Tachyon

In this task, we will add the newly created Instruction to Tachyon and ask the question to our clients.


1ETRNAP
  1. Log into 1ETRNAP as 1ETRN\AppInstaller
  2. Open the ConfigMgr Content Source location shortcut on the desktop. Copy 1ETRN-ActiveNetworkConnections.xml to c:\temp
  3. Open Google Chrome navigate to  HTTPS://Tachyon.1ETRN.local/Tachyon  and launch the Settings application
  4. Navigate to Instructions – Instruction Sets
  5. Click the Upload button at the top and browse to c:\temp and select 1ETRN-ActiveNetworkConnections.xml
  6. Click Open. Click on Recent Uploads Ensure the Instruction is uploaded successfully and there are no errors
  7. Click back on Instruction Sets. Select the Unassigned Instruction Set. Find the new instruction (you may need to show 48 items and resort the list). 
  8. Select the Active Network Connections instruction and click on the Add New Set button on the right pane. 
  9. In the Add new instruction set dialog box type 1ETRN in the Name field. Ensure that Include 1 Selected Instructions is checked. Click Add.
  10. Click on the 1ETRN Instruction Set in the left pane to validate the instruction has been moved there
  11. We are now ready to execute this Instruction on our client machines. All instructions must reside within an Instruction Set before they can be executed via the Explorer Application.

Running the newly created Instruction

1ETRNW71
  1. Log into 1ETRNW71 as 1ETRN\Tachyon_Admin1
  2. Open Google Chrome Launch the Tachyon Portal from https://Tachyon.1etrn.local/Tachyon
  3. Launch the Explorer application
  4. From the top right, click the All instructions button
  5. Note a 1ETRN Instruction set is now present. Expand the Instruction Set
  6. Click on the instruction and click Ask this question
  7. The data returned should display ProcessName as the second column since we changed the schema to move it to the top. If we left the schema default, the results would show in the same order they are shown in TIMS, except for the device name column (this is returned as the first column by default from the device that gave the responses).
  8. Scroll down to see the results returned from the different machines
  9. Click the Back to Top link at the bottom right
  10. Click on the Filter Results button to expand the filter options
  11. In the Device Name box, input 1ETRNW73 for the local machine. Click Search
  12. Review the results for the local machine
  13. Return to TIMS. With the Network.GetConnections(); query still defined, click the Run button
  14. Note the connections. They should match what Tachyon returns via the Instruction although the column order will be slightly different.

Lab Summary

In this lab, we learned what TIMS is, and the native language, SCALE it uses. We installed and configured the prerequisites required to ensure Instructions created by TIMS will be accepted by Tachyon, and we then installed TIMS. We then evaluated some Methods and Modules to understand how the native language works, using some basic examples. Lastly, we created an Instruction and ran it via Tachyon to review the results returned.

Next Page
Ex 2 - Tachyon v5.1 Advanced - TIMS Functions