Version: 2
restore

Contents

Exercise Overview:

Microsoft Configuration Manager Integration

In addition to being able to run instructions from the Tachyon explorer, Tachyon also has Configuration Manager Console extensions which allow you to run Tachyon instructions directly from the Configuration Manager console. There is great value in this functionality as it allows you to target specific collections rather than having to set coverage parameters within Tachyon. 
This ConfigMgr integration is enabled via the Tachyon Toolkit installer (which will need to be installed on any machine where the Configuration Manager console is installed).

In our environment, we already have the ConfigMgr console installed on the 1ETRNCM server.

The Configuration Manager console may be installed and used by any user that is configured as an Administrative User. There are several Security Roles that may be given to the user and not all of these roles are permitted to use Configuration Manager to make changes that affect the network. When configuring the corresponding Tachyon user, you should take this into account when assigning the Tachyon Roles. For example, it would be unusual for a user with just the Read-only Analyst role in Configuration Manager to be granted the global Actioner role in Tachyon and therefore be able to perform Tachyon actions on all the devices in a particular collection but not be able to use Configuration Manager to perform any other tasks.

When in ConfigMgr, the role based security configured in the console will dictate what the user has access to. Tachyon will dictate what permissions a user or group has based on Tachyon's role based security, thus you must configure both very carefully to ensure the right access is provided to the users you are granting the ability to use Tachyon through the ConfigMgr console.

In the following exercises, we will configure the Tachyon back end for the ConfigMgr integration. Once configured, we will install the Tachyon Toolkit on the server with the ConfigMgr console, and lastly, we will configure a ConfigMgr administrative user with permissions in Tachyon.

Configuring the Consumers

Configuring the Integration/Consumers

1ETRNAP

  1. Logged in as 1ETRN\AppInstaller, launch the Settings Application and navigate to Configuration – Consumers
  2. Note the consumers that are installed, Explorer, Platform, Inventory, Guaranteed State, Patch Success, RunInstructionUI , CCMConsoleExtensions, TachyonRunInstruction and Experience. These are installed when Tachyon is installed and are the default consumers
  3. Select RunInstructionUI , Click Edit and set the Maximum simultaneous instructions setting to 250
  4. Check the Use Windows Authentication and Enabled boxes at the bottom (if not already)
  5. Click Save
  6. Repeat steps above for CCMConsoleExtensions
  7. Note that there are now 9 consumers configured in Tachyon
  8. Navigate to the Permissions - Users tab in the Settings Application
  9. On the right side, click on the Add button to add a user
  10. In the select user field, type in 1ETRN\SCCM ADMIN and select SCCM Admin in the suggestion list. Click the Add button
  11. Click the 1ETRN\SCCMAdmin account to edit the role
  12. Click the Edit button on the right side
  13. Select Global Actioners and click Save
  14. You will see in the User: SCCM Admin page that it has been permissioned with the Global Actioners role

Installing the Tachyon Toolkit

1ETRNCM

  1. Log into 1ETRNCM as SCCMADMIN
  2. Ensure the ConfigMgr console is closed
  3. Open an explorer window and navigate to \\1etrnap\temp\TachyonPlatform.v4.2.0.510\Installers and copy TachyonToolkit.msi to c:\temp
  4. From a command box, switch the working folder to c:\temp and run the following command
  5. msiexec /i TachyonToolkit.msi /l*v TachyonToolkit.log
  6. On the Welcome page click Next
  7. On the License Agreement page, select I accept the terms in the license agreement and click Next
  8. On the Custom Setup page, click Next
  9. On the Tachyon Server page, input Tachyon.1etrn.local and click Next
  10. Click Install
  11. Once installed, click Finish
  12. Browse to c:\Program Files (x86)\1E\Tachyon and note that a Toolkit folder now exists with a subfolder

Using Tachyon through the ConfigMgr console

Now that we have installed the Toolkit and with it the ConfigMgr console extensions, as well as having configured the two consumers required for the ConfigMgr integration, we are ready to use Tachyon through the ConfigMgr console.

Start the Config Man Client Service

1ETRNW73

  1. Still logged into 1ETRNW73 as 1ETRN\Tachyon_AdminG

  2. Click Start and type in Services.msc. Click on the Services.msc applet
  3. Click on any service and type in SMS. Stop the SMS Agent Host service
  4. We will now use a Tachyon instruction from the Config Man console to start the Config Man Client Service
1ETRNCM

  1. Logged in as 1ETRN\SCCMADMIN, launch the ConfigMgr console from the taskbar
  2. Click the Assets and Compliance pane on the left and select Devices
  3. Right-click 1ETRNW73 and at the bottom of the pop-out menu, select 1E Tachyon
  4. We will now use a Tachyon instruction from the Config Man console to start the Config Man Client Service

You should see a list of Tachyon specific actions as follows


  1. Click on Start ConfigMgr Client Service. Click Yes
  2. Launch Live Mail from the Start menu and click Send/Receive
  3. Get the authentication code from the latest email and input it into the Authentication code box which appeared when the action was initiated
  4. Click OK on the Tachyon pop up
1ETRNW73

  1. Logged into 1ETRNW73 as 1ETRN\Tachyon_adminG, launch the Tachyon Portal if not already open and navigate to the Explorer Application - notifications page
  2. Note the action initiated from the ConfigMgr console has an approval request waiting
  3. Click Start and type in Services.msc. Click on the Services.msc applet
  4. Click on any service and type in SMS. Note the SMS Agent Host service is in a Stopped state
  5. Return to the Explorer Application and approve the request
  6. Browse to c:\programdata\1E\Client and open the 1E.Client.log file
  7. Note that the action we just approved has been actioned but that our Guaranteed State Policy has run and has marked this device as non-compliant

Your log should look similar to this one


  1. Return to the Services applet and refresh the view. Note that the SMS Agent Host service in now stopped and disabled

1ETRNCM

  1. Returning to the ConfigMgr console, move from the Devices workspace to the Device Collections workspace
  2. Right click on the Lab Workstations collection, and select 1E Tachyon>Instruction Runner

Note a list of instruction Sets are visible


  1. Click on the History and Content tabs. Note that they do not have any information as we have not run any instructions through the Instruction Runner yet
  2. Return to the Instruction tab
  3. Expand Processes, and select What processes are running?
  4. Note the Approximate Target based on the collection we chose
  5. This is essentially our coverage, defined by the collection membership
  6. Click Ask this Question
  7. Note the Tachyon Instruction Runner change to the History tab. Click on the Content tab
  8. Note the results being returned
  9. Click the Create Collection button. Note the ability to create a collection based on the results returned. Click Cancel
  10. The create collection functionality can be very valuable for targeting specific deployments via Config Man. For example, you might run a Tachyon Instruction querying for something specific on all your clients, and the ones that return a value could quickly be put into a collection and have a patch or package deployed to. This collection will be using a direct membership rule so much more efficient on the processing side of Config Man

1ETRNW71
  1. Return to the Explorer Application on 1ETRNW71
  2. Expand the Instructions node, and click on History
  3. Note the different instructions listed here. At the top of the list is the instruction we just initiated through ConfigMgr
  4. Click on the instruction to take you to the Content page
  5. Note the data presented in the same manner that instructions executed directly from the Explorer Application are presented

Lab Summary

In this lab, we configured Tachyon to integrate with Config Man, allowing us to execute instructions directly from the Config Man console. First, we configured two Consumers in Tachyon, RunInstructionUI and CMConsoleExtensions. This allows Config Man consoles to connect to Tachyon as consumers. Next, we added an administrative user in Tachyon to allow that user to execute instructions from Config Man.   Once configured, we ran an instruction from Tachyon to stop the SMS services on a machine. Since this was an action and not just a question, it required the 2-factor authentication as well as approval. Lastly, we queried which files exist under a specified path, which required no approval.  We configured the ConfigMgr integration with Tachyon, and we now have the ability to execute instructions directly from the Config Man console.  This is very valuable because we can target specific collections in Config Man which would be otherwise hard to define in Tachyon. Finally, we validated the data from the instructions run from Config Man is also displayed in the Tachyon explorer, thus allowing to fall back onto the explorer for reviewing data once the instructions have been run from Config Man.


Next Page
Ex 10 - TCN Opr v5.0 - Creating Instructions and Fragments Using TIMS