Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.


Advanced Panelboxes for Confluence
namegrey
titleExercise Overview:

Table of Contents
maxLevel3
minLevel2
indent20px
excludeSummary|On this page|In this section...
separatornewline

Microsoft Configuration Manager Integration

In addition to being able to run instructions from the Tachyon explorer, Tachyon also has Configuration Manager Console extensions which allow you to run Tachyon instructions directly from the Configuration Manager console. There is great value in this functionality as it allows you to target specific collections rather than having to set coverage parameters within Tachyon. 
This ConfigMgr integration is enabled via the Tachyon Toolkit installer (which will need to be installed on any machine where the Configuration Manager console is installed).

In our environment, we already have the ConfigMgr console installed on the 1ETRNCM server.

The Configuration Manager console may be installed and used by any user that is configured as an Administrative User. There are several Security Roles that may be given to the user and not all of these roles are permitted to use Configuration Manager to make changes that affect the network. When configuring the corresponding Tachyon user, you should take this into account when assigning the Tachyon Roles. For example, it would be unusual for a user with just the Read-only Analyst role in Configuration Manager to be granted the global Actioner role in Tachyon and therefore be able to perform Tachyon actions on all the devices in a particular collection but not be able to use Configuration Manager to perform any other tasks.

When in ConfigMgr, the role based security configured in the console will dictate what the user has access to. Tachyon will dictate what permissions a user or group has based on Tachyon's role based security, thus you must configure both very carefully to ensure the right access is provided to the users you are granting the ability to use Tachyon through the ConfigMgr console.

In the following exercises, we will configure the Tachyon back end for the ConfigMgr integration. Once configured, we will install the Tachyon Toolkit on the server with the ConfigMgr console, and lastly, we will configure a ConfigMgr administrative user with permissions in Tachyon.

Configuring the Consumers

Configuring the Integration/Consumers

1evirtualmachine
1ETRNAP


1eolstart


1eli
Logged in as 1ETRN\AppInstaller, launch the Settings Application and navigate to Configuration – Consumers


1eli
Note the consumers that are installed, Explorer, Platform, Inventory, Guaranteed State, Patch Success, RunInstructionUI , CCMConsoleExtensions, TachyonRunInstruction and Experience. These are installed when Tachyon is installed and are the default consumers


1eli
Select RunInstructionUI , Click Edit and set the Maximum simultaneous instructions setting to 250


1eli
Check the Use Windows Authentication and Enabled boxes at the bottom (if not already)


1eli
Click Save


1eli
Repeat steps above for CCMConsoleExtensions


1eli
Note that there are now 9 consumers configured in Tachyon


1eli
Navigate to the Permissions - Users tab in the Settings Application


1eli
On the right side, click on the Add button to add a user


1eli
In the select user field, type in 1ETRN\SCCM ADMIN and select SCCM Admin in the suggestion list. Click the Add button


1eli
Click the 1ETRN\SCCMAdmin account to edit the role


1eli
Click the Edit button on the right side


1eli
Select Global Actioners and click Save


1eli

You will see in the User: SCCM Admin page that it has been permissioned with the Global Actioners role


Installing the Tachyon Toolkit

1evirtualmachine
1ETRNCM


1eolstart
startat15


1eli
Log into 1ETRNCM as SCCMADMIN


1eli
Ensure the ConfigMgr console is closed


1eli

Open an explorer window and navigate to \\1etrnap\temp\TachyonPlatform.

v4

v5.

2

0.0.

510

592\Installers and copy TachyonToolkit.msi to c:\temp


1eli
From a command box, switch the working folder to c:\temp and run the following command


Code Block
msiexec /i TachyonToolkit.msi /l*v TachyonToolkit.log


1eli
On the Welcome page click Next


1eli
On the License Agreement page, select I accept the terms in the license agreement and click Next


1eli
On the Custom Setup page, click Next


1eli
On the Tachyon Server page, input Tachyon.1etrn.local and click Next


1eli
Click Install


1eli
Once installed, click Finish


1eli

Browse to c:\Program Files (x86)\1E\Tachyon and note that a Toolkit folder now exists with a subfolder


Using Tachyon through the ConfigMgr console

Now that we have installed the Toolkit and with it the ConfigMgr console extensions, as well as having configured the two consumers required for the ConfigMgr integration, we are ready to use Tachyon through the ConfigMgr console.

Start the Config Man Client Service

1evirtualmachine
1ETRNW73


1eolstart
startat26


1eli
Still logged into 1ETRNW73 as 1ETRN\Tachyon_AdminG


1eli

Click Start and type in Services.msc. Click on the Services.msc applet


1eli
Click on any service and type in SMS. Stop the SMS Agent Host service


1ediscussion point
We will now use a Tachyon instruction from the Config Man console to start the Config Man Client Service



1evirtualmachine
1ETRNCM


1eolstart
startat29


1eli
Logged in as 1ETRN\SCCMADMIN, launch the ConfigMgr console from the taskbar


1eli
Click the Assets and Compliance pane on the left and select Devices


1eli
Right-click 1ETRNW73 and at the bottom of the pop-out menu, select 1E Tachyon


1eli
We will now use a Tachyon instruction from the Config Man console to start the Config Man Client Service




1ediscussion point
You should see a list of Tachyon specific actions as follows



1eolstart
startat33


1eli
Click on Start ConfigMgr Client Service. Click Yes


1eli
Launch Live Mail from the Start menu and click Send/Receive


1eli
Get the authentication code from the latest email and input it into the Authentication code box which appeared when the action was initiated


1eli
Click OK on the Tachyon pop up



1evirtualmachine
1ETRNW73


1eolstart
startat37


1eli
Logged into 1ETRNW73 as 1ETRN\Tachyon_adminG, launch the Tachyon Portal if not already open and navigate to the Explorer Application - notifications page


1eli
Note the action initiated from the ConfigMgr console has an approval request waiting


1eli
Click Start and type in Services.msc. Click on the Services.msc applet


1eli
Click on any service and type in SMS. Note the SMS Agent Host service is in a Stopped state


1eli
Return to the Explorer Application and approve the request


1eli
Browse to c:\programdata\1E\Client and open the 1E.Client.log file


1eli
Note that the action we just approved has been actioned but that our Guaranteed State Policy has run and has marked this device as non-compliant




1ediscussion point
Your log should look similar to this one



1eolstart
startat44


1eli
Return to the Services applet and refresh the view. Note that the SMS Agent Host service in now stopped and disabled



1evirtualmachine
1ETRNCM


1eolstart
startat45


1eli
Returning to the ConfigMgr console, move from the Devices workspace to the Device Collections workspace


1eli
Right click on the Lab Workstations collection, and select 1E Tachyon>Instruction Runner




1ediscussion point
Note a list of instruction Sets are visible



1eolstart
startat47


1eli
Click on the History and Content tabs. Note that they do not have any information as we have not run any instructions through the Instruction Runner yet


1eli
Return to the Instruction tab


1eli
Expand Processes, and select What processes are running?


1eli
Note the Approximate Target based on the collection we chose


1eli
This is essentially our coverage, defined by the collection membership


1eli
Click Ask this Question


1eli
Note the Tachyon Instruction Runner change to the History tab. Click on the Content tab


1eli
Note the results being returned


1eli
Click the Create Collection button. Note the ability to create a collection based on the results returned. Click Cancel


1eli
The create collection functionality can be very valuable for targeting specific deployments via Config Man. For example, you might run a Tachyon Instruction querying for something specific on all your clients, and the ones that return a value could quickly be put into a collection and have a patch or package deployed to. This collection will be using a direct membership rule so much more efficient on the processing side of Config Man



1evirtualmachine
1ETRNW71


1eolstart
startat57


1eli
Return to the Explorer Application on 1ETRNW71


1eli
Expand the Instructions node, and click on History


1eli
Note the different instructions listed here. At the top of the list is the instruction we just initiated through ConfigMgr


1eli
Click on the instruction to take you to the Content page


1eli

Note the data presented in the same manner that instructions executed directly from the Explorer Application are presented


Lab Summary

In this lab, we configured Tachyon to integrate with Config Man, allowing us to execute instructions directly from the Config Man console. First, we configured two Consumers in Tachyon, RunInstructionUI and CMConsoleExtensions. This allows Config Man consoles to connect to Tachyon as consumers. Next, we added an administrative user in Tachyon to allow that user to execute instructions from Config Man.   Once configured, we ran an instruction from Tachyon to stop the SMS services on a machine. Since this was an action and not just a question, it required the 2-factor authentication as well as approval. Lastly, we queried which files exist under a specified path, which required no approval.  We configured the ConfigMgr integration with Tachyon, and we now have the ability to execute instructions directly from the Config Man console.  This is very valuable because we can target specific collections in Config Man which would be otherwise hard to define in Tachyon. Finally, we validated the data from the instructions run from Config Man is also displayed in the Tachyon explorer, thus allowing to fall back onto the explorer for reviewing data once the instructions have been run from Config Man.


Next Page
Ex 10 - TCN Opr v5.0 - Creating Instructions and Fragments Using TIMS