Exercise Overview:

Installing Tachyon

In this lab, we will install all Tachyon components onto the same server which we have prepared with the prerequisites, 1ETRNAP. This includes the roles and features required for the Tachyon installation. In addition, we will deploy the Tachyon clients once the server components have been installed.

Installing Tachyon components

Install Tachyon components

In this task, you will install Tachyon components on the Application server (1ETRNAP).

1ETRNAP
  1. On 1ETRNAP Launch the SkyTap Shared Drive shortcut from the desktop and download 1E Tachyon - Course Content\Tachyon 5.1 Course Content\TachyonPlatform.v5.1.0.663.zip to C:\Temp (if a password window is shown the password is Passw0rd)
  2. Also download tachyon.lic from 1E Tachyon - Course Content\Tachyon 5.1 Course Content\ to c:\temp
  3. Navigate to c:\temp and right click on TachyonPlatform.v5.1.0.663.zip and choose Extract All
  4. From C:\Temp\TachyonPlatform.v5.1.0.663 double click Tachyon.Setup.exe
  5. The user we're logged in with, 1ETRN\AppInstaller is a local admin on this server and has sysadmin rights in SQL. Both rights are required to install Tachyon.
  6. On the Welcome page click Next
  7. On the Documentation page, click Next
  8. On the License Agreement page select I accept the terms of the license agreement and click Next
  9. On the License file page, click browse and select tachyon.lic in c:\temp. Click Open. Click Next
  10. Review the properties of the license file to get a feel for what it entails. Specifically, the MaxCount value as well as the thumbprints for the different Features
  11. On the Select Configuration page, confirm the install location is C:\Program Files\1E and Click Next
  12. On the Check prerequisites page click Start checking
  13. Note all the different prereqs that are required for Tachyon. In a production environment, different components might already be installed on the server. The Tachyon installer will check for all the prereqs and allow you to install the outstanding ones directly through the installer using PowerShell scripts.
  14. Click Install missing prereqs
  15. A PowerShell window will open for each prerequisite.
  16. Once all the prerequisites are installed, click on Check Again to revalidate. Click Next
  17. On the Server certificate page Select the Tachyon Web Certificate, note that all the available Computer Certificates enrolled on this server are displayed. Click Next
  18. The following three properties, Subject, Serial number and Signature algorithm are not expected to show green checks in the Result column, there will be a warning on Subject alternate name, as we only have one DNS name, we do not have a DMZ server, if the remaining Properties do not show the tick then the certificate was not configured properly. You will need to delete the certificate and re enroll it using the correct properties, or possibly create a new template.
  19. On the Client certificates page, Click Next
  20. On the Database server page, ensure that (local) is in each field. Click Validate. On the validation passed box, click Ok. Click Next
  21. On the BI SSAS database settings page, in the BI SSAS User (domain account) section enter 1ETRN\svc_BI in Username and Passw0rd in the password fields. ensure that (local) is in the SSAS server field. Click Validate. Click Ok on the Validation passed box. Click Next
  22. On the Number of Devices page, ensure the Number of devices is set to 1500. Click Next
  23. The license is client count sensitive, so Tachyon will not work if you set it to higher than the license count from your license file.
  24. On the Switch configuration page, click validate. There are two warnings these can be looked at, but do not need remediation. Click Next
  25. On the Website Configuration page, leave the default settings. Click Next
  26. The HTTP Host Header is used internally by Tachyon components; thus, we use the FQDN of the server. The HTTPS Host Header will be used by Tachyon agents and Tachyon users; thus, we use the DNS alias. If you clicked validate, then you can ignore the error message at this time, we will rectify it later.
  27. On the Active Directory and email Configuration page, enter the following and Click Validate, close the validation check. Click Next
  28. Active Directory: LDAP://1etrn.local
    SMTP Server: 1ETRNDC.1ETRN.LOCAL
    Mail From: Tachyon@1etrn.local
    Enable two-factor authentication: Checked

    Two-factor authentication prompts users to enter a onetime authorization code in addition to their password to confirm the submission of an action instruction. The code is delivered via email or to a registered mobile device. If this setting is disabled, administrators can execute instructions without the second factor authentication.
  29. On the Telemetry page read the screen, but leave I consent checked. Click Next (enabling or disabling and setting the frequency at which the data is sent is looked at in Ex 8 - Tachyon v5.1 - Install and Configure - Post installation optional configuration
  30. On the SLA and 1E Catalog page, DO NOT Check the Enable AI-based auto-curation. Click Next
  31. We cover AI-based auto-curation in the AppClarity course. And how to enable this post install in Ex 8 - Tachyon v5.1 - Install and Configure - Post installation optional configuration 
  32. On the Nomad synchronisation page, click Next
  33. On the Ready to Install page, click Install. It will take a few minutes to finish the install. You can see the install log scrolling
  34. On the Installation results, click Next
  35. On the Post-installation Checks, Click Start Checking.
  36. This will display a check of all the components installed and ensure they are configured correctly. If there are any issues the Tachyon Installer will help you resolve them.
  37. On the first warning – Configuration of loopback-check security feature. Click on Warning in the Info column. In the Warning box click on Fix this issue for me. In the Done box click Ok
  38. If there are any other errors or warnings click on them to investigate
  39. We could at this stage decide to invoke the Tachyon Product Pack Deployment Tool to automatically import any product packs and move them into instruction sets (named the same as the .zip file). There is already a folder called ProductPacks in the same location as the Tachyon.Setup.exe (which we have just downloaded and extracted). The ProductPacks folder contains by default the files for the Tachyon Product Pack Deployment Tool and the Classic and Integrated folders with some 1E Product Packs you may want to bulk import into Tachyon. You can also add any additional product pack.zip files you have created or downloaded and wish to import.

    We will use the bulk import feature later as a stand-alone to learn how it works.

    The option to Deploy is shown at the bottom of the page, we will not do that here.

  40. Click close
  41. Following the step to fix the loopback-check a reboot was prompted to be carried out prior to continuing with the install, restart the server at this point

Review the installation

In this task, you will observe the changes made by the Tachyon server installation

1ETRNAP
  1. Log back into the server as 1ETRN\AppInstaller after the reboot
  2. Launch Google Chrome and navigate to https://tachyon.1etrn.local/tachyon (following a fresh install it can take a few minutes for the license to be checked and the screen to populate, you may see an error message, refresh the screen a few times it will clear)
  3. The Tachyon Portal should open and display the 8 Applications that are available – AppClarity, Application Migration, Experience, Explorer, Guaranteed State, Inventory, Patch Success, and Settings. Some will have a green check mark as our license allows us to have all of the Applications, others will show a red warning as we are yet to configure permissions.
  4. Browse to C:\Program Files\1E\Tachyon and note the following folders:
  5. Folder

    Description

    Background

    Binaries associated with the Background Channel, which is used to download content to clients

    ConfigurationViewer

    Binaries used for validation and troubleshooting. The Configuration tool also allows for exporting of configuration to disk.

    Consumer

    Binaries associated with the Consumer API. It provides access to the Tachyon platform via IIS

    Coordinator

    Binaries associated with the Workflow and Instrumentation services

    Core

    Binaries associated with the Core component and its APIs

    Database

    Binaries associated with the configuration of the Master and Response databases

    Experience

    Binaries associated with the configuration of the Experience component

    Portal

    Binaries for the Portal to display the Applications that are available to launch.

    Switch

    Binaries associated with the Switch service used to provide real time communication between Tachyon agents and the Platform

    TachyonExternal

    Folder defining the Tachyon website. Also, used to manage redirection

  6. Open Internet Information Services (IIS) Manager from the start menu. Navigate down to the websites and expand Tachyon
  7. Note the different web applications running under Tachyon
  8. With the Tachyon website selected, click on Bindings in the Actions pane on the right, select the https type, and click Edit
  9. Note that the web certificate we enrolled is bound to the website on https port 443. Exit out of bindings
  10. With the Tachyon website selected, double click on IP Address and Domain Restrictions in the middle pane. Note nothing is configured here
  11. Click on each individual application beneath the Tachyon website and double click each of the AuthenticationSSL Settings and IP Address and Domain Restrictions and confirm they are set as shown. Note that some have Requestors configured, while others do not
  12. Application

    Authentication

    SSL Settings

    IP Address and Domain Restrictions

    Tachyon

    Windows

    Require SSL

    Not Configured

    ActiveEfficiency

    Anonymous and WindowsNot ConfiguredNot Configured

    Admin

    Windows

    Not Configured

    Not Configured

    Background

    Anonymous and Windows

    Require SSL

    Not Configured

    CatalogWeb

    Anonymous and Windows

    Not Configured

    Not Configured

    Consumer

    Windows

    Require SSL

    Not Configured

    Core

    Anonymous

    Require SSL

    Local IP addresses

    CoreExternal

    Anonymous

    Not configured

    Not Configured

    CoreInternal

    Anonymous

    Not Configured

    Local Addresses

    Experience

    Windows

    Require SSL

    Not Configured

    Platform

    Windows

    Not Configured

    Not Configured

    Tachyon is set up on both HTTP port 80 and HTTPS port 443. HTTP on port 80 is used only internally by different Tachyon components, thus explicit permissions are given only to those applications. This ensures a higher level of security.
  13. Open the Services applet from the start menu. Validate the 2 Tachyon services running, 1E Tachyon Coordinator and 1E Tachyon Switch Host, as well as the 1E Catalog Update Service, and the 3 SLA Platform services
  14. Service

    Description

    1E Tachyon Coordinator

    This service is a central component that manages all the components other than the switch.

    1E Tachyon Switch Host

    This service is used to control all the switch processes configured to run. It automatically starts each Switch process, restarting them if they terminate, and allowing them to be stopped gracefully via the Service Control Manager.

  15. Browse to C:\ProgramData\1E\Licensing. Note the files in here
  16. These files are used to validate the licensing against a back-end licensing server in the cloud. Note the Tachyon license file(.lic) used to install Tachyon is also present here.
  17. Browse to C:\ProgramData\1E\Tachyon. There are multiple folders and logs here associated with different Tachyon components
  18. Open the Tachyon.Switch.Host.log. Search for NumberofSwitches. Note that the log shows the 1 switch we installed
  19. Up to 5 switches can be installed on a single server, and the 1E Tachyon Switch Host service would manage them all. Each switch can manage 50,000 devices for a total of 250,000 devices per server.
  20. Open Tachyon.Switch.4000.1etrnap-SW1.log. Note the configuration information and the application of the certificate
  21. Open the Tachyon.Coordinator.log. Search for AnalyzeCertificate: Note our thumbprint and the details on our certificate. Note the next lines in the log shows our license being checked and becoming active and the date that it will expire
  22. Note the 5 folders under C:\ProgramData\1E\TachyonContent, Installers, PerfCounters, PolicyDocuments and Updates, each with a web.config file
  23. The Content folder contains any content, generally in the form of scripts, which are required for instructions. These scripts are embedded into the Instruction XML file but are extracted and placed in this folder to allow agents to download them via the Background Channel using IIS. We will get into Instruction and scripts soon enough.
    The Installers folder would contain installers if we are updating the Tachyon agent via Tachyon itself.
    The Updates folder is used to update the Tachyon agent through Tachyon itself without having to redeploy an msi.
  24. From the Start screen, start SQL Server Management Studio, connect to the local Database Engine, and navigate to the Databases node. Expand the TachyonMaster database. Note that the installer has created objects (tables, stored procedures etc.)
  25. Expand the TachyonResponses database. Expand tables, and note that there are a very small number of objects created
  26. The Response database holds transient data on a per action basis temporarily, hence it is a very basic database.
  27. Expand the SLA-BI database. Look at the tables that are created
  28. Expand the BI.Event Log table. This table holds the Business Intelligence event log date
  29. Right click the BI.Event Log table and choose Select Top 1000 rows. Notice the columns
  30. You may not see any data here. If you needed to troubleshoot any BI or Cube Data issues you would look in this table for information.
  31. From the Task Bar, open Google Chrome and browse to https://tachyon.1etrn.local
  32. Note the error. This is due to the restrictions that have been set in IIS on the different spaces within the website.
  33. Go back to Google Chrome and Browse to https://tachyon.1etrn.local/tachyon
  34. If you are familiar with the prior versions of Tachyon notice the change. We no longer navigate to the Tachyon Explorer via https://tachyon.1etrn.local/Explorer - now we have the Tachyon Portal. The Tachyon Explorer is still here, don't worry!
  35. From the Tachyon Portal click on the Settings Application
  36. Explore the other nodes that are available. Instructions will be empty. We will add some instructions sets later
  37. Click on Switch app and select Explorer
  38. You will not be able to open any of the other applications as this account has limited access to the platform. Notice that our account cannot even see AppClarity, Experience, Inventory, Guaranteed State or Patch Success in the Switch App menu.
  39. In the Settings Application and navigate to Permissions - Users
  40. Note the only user displayed is the user we installed Tachyon with (aside from Network Service and the app server machine account)
  41. Click on 1ETRN\Appinstaller and review the permissions
  42. By default, the account that Tachyon is installed with has limited rights, one of them being Permissions Administrators, which can create new users and roles. This account cannot change its own permissions, so it is important to use an installer account which you do not want to have any admin rights beyond the basic rights afforded the installer account.
  43. Navigate to Monitoring - Infrastructure Log and Audit Information log to review the different actions taken within Tachyon since install
  44. Spend a few minutes looking around. We will get into the finer details of the platform in the next lab

Installing the 1E Client

Now that the back end has been installed, it is time to get some clients reporting into our environment. In this exercise, we will install the 1E Client manually on a single machine, and then deploy the client to the rest of our environment via ConfigMgr. As of this version of Tachyon the 1E Client has replaced the Tachyon Agent.

Copy the 1E Client Install to the Config Mgr Server

1ETRNAP
  1. Log into 1ETRNAP as 1ETRN\AppInstaller
  2. Launch the skytap shortcut from the desktop. Download and copy 1E Tachyon - Course Content\1E Tools\1EClientDeploymentAssistant.v1.5.0.28.zip to c:\temp then right click and extract all
  3. Navigate to Agent Installation Files and Copy the 1E Client 5.1.0.922 folder to ConfigMgrSource\software via the shortcut on the desktop

Install the 1E Client Manually

1ETRNW101
  1. Ensure all workstations are powered on
  2. Log onto 1ETRNW101 as 1ETRN\User
  3. From the start menu, type Certificate and click on Manage computer certificates to launch the certificates mmc console
  4. In the console, right click Personal, and select All Tasks>Request New Certificate
  5. Click Next
  6. On the Select Certificate Enrollment Policy click Next
  7. Note there is only one certificate available for enrollment. Select the Computer certificate and click Enroll
  8. Once enrolled, click Finish
  9. A client certificate is required to authenticate against the Tachyon switch. The certificate has been enrolled on all the other clients, including the servers, ahead of time. If a Windows client certificate already exists on your client devices, no additional certificates will be required.
  10. From the ConfigMgr Content Source folder on the desktop, navigate down to \software\1E Client 5.1.0.922
  11. Copy 1E.Client-x86.msi to c:\sources
  12. From the taskbar, run the command prompt
  13. Switch to the c:\sources directory and run the following command line to start the 1E Client installation wizard
  14. msiexec /i 1E.Client-x86.msi /l*v 1EClient.log
  15. On the Welcome to the 1E Client Installer screen click Next
  16. On the License Agreement screen select I accept the terms of the license agreement and click Next
  17. On the Installation Folder screen accept the default location and click Next
  18. On the Tachyon screen, enter TACHYON.1ETRN.local:4000 for the Switch
  19. On the Background Channel URL, enter https://tachyon.1etrn.local/Background for the Background Channel. Click Next
  20. On the Nomad screen, click Next
  21. On the PXE Everywhere screen, click Next
  22. On the Shopping screen, Click Next
  23. On the WakeUp screen, click Next
  24. On the Ready to Install the 1E Client screen, Click Install. On the User Account Control pop-up click OK. When install is completed, click Finish

Validate the 1E Client Install

1ETRNW101
  1. On the client machine, launch the Services applet from the desktop
  2. Confirm the 1E Client service has been installed and is running
  3. Navigate to c:\programdata\1E\Client
  4. Note there are DBs and Persist folders and a log file present
  5. Double- click the 1E.Client.log file and review the log
  6. Note upon service startup, the client is setting the Switch to tachyon.1etrn.local:4000 as defined in the installer
  7. Review the other settings in the log
  8. The 2 subfolders: DBs and Persist
  9. The Persist folder holds the persistent data for the client. Items such as last instruction processed, or tags reside here. We will review this folder later when we use Tachyon. The DBs folder contains an encrypted database where the Tachyon Activity Record feature stores data from various data sources.
  10. Navigate to c:\program files\1E\Client and review the content
  11. Right-click 1E.Client.conf and select Open With and open with Notepad
  12. Review the different sections of the config file, ensuring you do not make any changes. Note that the settings displayed in the log file are all defined here
  13. The 1E Client settings are defined in the config file. In a later exercise, we will use Tachyon itself to make changes to these settings.
  14. Close the config file, ensuring no changes were made. If asked to save it, click NO
  15. Click in the system tray and observe there is an icon to provide feedback to IT, this is for Surveys which will be looked at in the Using Experience training

Installing the 1E Client using the 1E Client Deployment Assistant via ConfigMgr

In most enterprises, there will be a Systems Management platform to manage devices in the environment. In our lab we will use ConfigMgr, but the concept of deploying the 1E Client as a piece of software will apply to any Systems Management platform.


1ETRNCM
  1. Log into 1ETRNCM as 1ETRN\SCCMADMIN
  2. You might already be logged into the server as Administrator, so be sure to change user and log in as SCCMADMIN, as Administrator does not have rights in SCCM.
  3. Navigate to \\1etrnap\Temp and copy the 1EClientDeploymentAssistant.v1.5.0.28 folder to c:\temp
  4. Open the copied folder and launch the 1EClientDeploymentAssistant.exe
  5. Click Run on the Open File - Security Warning
  6. On the Welcome page click Next
  7. On the License Terms page check I accept the license terms. Click Next
  8. On the Configuration Manager Connection page click connect. Once it connects click Next
  9. On the General settings page 1E License File field click browse and select the licenses.txt file in the 1EClientDeploymentAssistant folder
  10. In the 1E ActiveEfficiency Server URL change default to http://1etrnap/ActiveEfficiency
  11. On the Application and Package Content Sources fields type in \\1etrndc\ConfigMgrSource\Software
  12. Check the Distribute Content box and select All Distribution Points from the drop-down. Click Next
  13. On the Agent selection page Uncheck all the boxes except for the 1E Client 5.1.0.922. Click Next
  14. If we were installing PXE Everywhere, NightWatchman, or Web Wakeup the license keys would be populated from our licenses.txt file located in the same folder as the Client Deployment Assistant executable. We are only installing the Tachyon module of the 1E Client for this lab so we do not need a license key as Tachyon is licensed on the server components.
  15. On the 1E Client 5.1.0.922 page Change the Limiting Collection to All Desktop and Server Clients Click Next
  16. On the Tachyon and other client settings page Switch field type in Tachyon.1etrn.local:4000
  17. In the Background Channel field type in https://tachyon.1etrn.local:443/Background
  18. Leave Enable Inventory and Enable Interaction checked and click Next
  19. On the Nomad Client Settings page click Next
  20. On the PXE Everywhere  Settings page click Next
  21. Once the Summary page activates the Create button click Create
  22. Once that completes click Next
  23. Click Finish
  24. Launch the ConfigMgr console from the taskbar
  25. Our lab is configured to create our applications and packages for only workstation class devices. You can modify this by editing your AppImport.xml in your 1E Client Deployment Assistant folder. We will edit our application to include the servers.
  26. Navigate to Software Library – Application Management – Applications
  27. Select the 1E Client 5.1.0.922 and click Deployment Types tab at the bottom
  28. Right Click the 1E Client x64 deployment type and choose Properties
  29. Click the Requirements tab. Click the Operating System requirement type and click the edit button
  30. Scroll down and select all the x64 Server Operating Systems also. Click Ok. Click Apply. Click Ok
  31. Navigate to Assets and Compliance and click on Devices
  32. Multi-select all the devices in the Lab except for 1ETRNDC and add them to an existing collection – 1E Client 5.1.0.922 – Required
  33. Once the collection membership shows 7
  34. Right Click on the 1E Client 5.1.0.922 – Required collection and choose Client Notification – Download Computer Policy
  35. At this stage, the 1E Client has been targeted to all the clients in the lab environment, the actual deployment will take a few minutes.
  36. Repeat the client validation steps from step 89 on any of the workstations to ensure the client has installed correctly. Remember it may need a short while to show the install.

Lab Summary

In this lab, we installed Tachyon on a single server. We used components from the prereqs we installed/configured in the previous lab required by Tachyon. Once installed, we validated the install by evaluating the binaries, the web components, the services, and the databases. Once validated, we launched the Tachyon Portal, and reviewed the console.
We then installed a 1E Client manually on one workstation. We validated the install on the client, then configured a package for deployment of the 1E Client agent via ConfigMgr. Once the package was created, we deployed it to our 1E Client collection for install.


Next Page
Ex 3 - Tachyon v5.1 - Install and Configure - Configure Users and Roles