Contents

Ex 1 - Tachyon v5.2 - Install and Configure - Installing and Configuring Tachyon Prerequisites


Exercise Overview:

Installing and Configuring Tachyon Prerequisites


Tachyon has a few prerequisites which need to be installed before the server components can be installed. The installer will install the server roles and features via PowerShell scripts, however there are a few other prereqs we need to account for.
In this lab, you will learn how to install and configure the server upon which we will install all the Tachyon components.


In a production environment, Tachyon can scale to 250,000 connections on a single server. It is possible to have a split installation with different Tachyon components being installed on separate servers.

Create a DNS Alias

Each server that has Tachyon Stack components installed requires its own DNS Alias (with the exception of a remote SQL Server). Just one DNS Alias is required when using a single-Switch installation. This is used by Tachyon users, approvers and administrators to connect to the Explorer and Admin portals, and by Tachyon Agents to connect to the Switch and Background Channel. Therefore, it should have a convenient name such as Tachyon.<domainname>.com.
1ETRNDC
  1. On 1ETRNDC logon as 1ETRN\administrator. Search for DNS from the Start page
  2. Open DNS manager, expand 1ETRNDC> Forward Lookup Zones and select 1ETRN.LOCAL
  3. Select the Action menu and select New Alias (CNAME)…
  4. In the Alias name field, type TACHYON


DNS aliases are not case sensitive, so you can use lower case, upper case or any combination.
  1. In the Fully qualified domain name (FQDN) for target host, type 1ETRNAP.1ETRN.local
  2. Click OK

Your windows should look like this

  1. Open a CMD prompt and run Ping tachyon. Validate that it resolves to 1etrnap.1etrn.local (10.0.0.4)

Create a web certificate for the Tachyon website

Each server that has Tachyon Server components installed requires its own Web Server certificate (except for a remote SQL Server). This certificate must be enrolled prior to installation of Tachyon on the server. In this task, we will create a web server template for use with Tachyon, and then enroll the Tachyon server with the certificate.


1ETRNCM
In our lab, a CA has been installed and configured on 1ETRNCM. PKI is a complex subject, and different enterprises will have different configurations, or even use external certificates. Thus, PKI training is out of scope for this course.
  1. Log onto 1ETRNCM as 1ETRN\administrator
    2. Make sure to type in 1ETRN\administrator. Just inputting administrator will cause you to log in as the local administrator on the server and you will not be able to create the certificate template.
  2. From the start menu, launch Certification Authority
  3. Expand 1ETRN-1ETRNCM-CA. navigate to Certificate Templates
  4. Right-click on Certificate Templates and click Manage
  5. Within the Certificate Templates Console, locate the Web Server template
  6. Right-click on the Web Server template and select Duplicate Template
  7. On the General tab, enter Tachyon Web Server as the Template display name
    8. The display name of the template is not relevant, however in an environment where many different certificates are being used for different things, it is always prudent to name the templates in an easily identifiable manner.
  8. On the Security tab, click the Add button
  9. Click the Object Types button, and check Computers
  10. Type 1ETRNAP in the Enter the object names to select box and click the Check Names button
  11. Ensure 1ETRNAP has resolved. Click Ok
  12. Ensure 1ETRNAP has Read access. Check the Allow box for Enroll
  13. Click OK to save the template. Validate that the Tachyon Web Server template now exists in the Certificate Templates Console
  14. Close the Certificate Templates console and return to the Certificate Authority console
  15. Right-click on Certificate Templates, and select New > Certificate Template to Issue
  16. Select the Tachyon Web Server template and click OK
  17. Validate that the Tachyon Web Server template is now visible in the Certificate Templates space
  18. Close the CA console
  19. Restart the server
    20. Rebooting the server is not something required specifically for certificates and would not be a required step in a production environment. However, due to the boot sequence in Skytap, there is a chance when attempting to enrol the certificate on 1ETRNAP the process will fail due to the CA server being unavailable. We are going to reboot the server to avoid that possible error.

Add the Tachyon Server Computer Account to SCCM

1ETRNCM
  1. Log onto 1ETRNCM as SCCMAdmin
    2. You will need to switch user from 1ETRN\administrator that you just used in the previous steps.
  2. From the Start menu type in Users and launch Edit Local Users and Groups
  3. Click on Groups – Find ConfigMgr_DViewAccess group and double-click it
  4. Click Add. Click Object Types and Check the box next to Computers. Click OK
  5. Type in 1ETRNAP then click Check Names
  6. Click Ok. Click Ok then close Lusrmgr

Requesting the Web Certificate on the Tachyon server

1ETRNAP
  1. Restart 1ETRNAP
  2. Log into 1ETRNAP as 1ETRN\AppInstaller
  3. From the start menu, type Cert, and click on Manage computer certificates
  4. In the Computer Certificates console, right-click on Personal and select All Tasks > Request New Certificate
  5. In the Certificate Enrollment wizard, on the Before You Begin page, click Next
  6. On the Select Certificate Enrollment Policy page, click Next
  7. On the Request Certificates page, note that two certificates are available
    8. You will see a warning under the Tachyon Web Server certificate. This certificate needs to be configured before it can be enrolled onto the personal certificate store.
  8. Under the Tachyon Web Server certificate, click on the link in blue next to the warning symbol. This will open Certificate Properties
  9. In the Alternate name field, change Type to DNS
  10. In the Value field, enter tachyon.1etrn.local. Click the Add button

Double check the values inputted in the fields here. If they are not accurate, the certificate will not work properly, and the Tachyon installation will fail.

  1. On the General tab of the Certificate Properties, input Tachyon Web Certificate in the Friendly Name space
  2. Click OK to close the Certificate Properties
    3. Note that the warning under the Tachyon Web Certificate is no more.
  3. Select the Tachyon Web Server certificate and click Enroll. Once enrolled, click Finish
  4. In the Certificates console, expand Personal > Certificates, and validate that the certificate has been added

Lab Summary

In this lab, we managed the manual prerequisites required to install Tachyon. We set up a DNS alias to be used by Tachyon internally and externally, and we created a copy of the web certificate template and enrolled it on our Tachyon server. In the next lab, we will see the installer manage the remaining prerequisites.


Next Page
Ex 2 - Tachyon v5.2 - Install and Configure - Installing Tachyon