Summary

A step-by-step guide to configuring prerequisites required for the Tachyon Configuration Manager console extensions, before Installing the Tachyon toolkit.

Requirements

Supported Platforms

Supported versions of client OS and Configuration Manager that are supported by the Tachyon Configuration Manager extensions are:




Tachyon user accounts

To prepare Tachyon for using the Configuration Manager console Extensions, you will need a Tachyon user account that has at least the following administrator rights:

  • Consumer Administrators role
  • Instruction set Administrators role
  • Permission Administrators role

To use the Tachyon Configuration Manager console Extensions, you must have a Tachyon user account and Configuration Manager administrative user account. Guidance for this is given below in User roles.



User roles

The two systems, Configuration Manager and Tachyon both use RBAC to define the capabilities for their corresponding users. To enable Tachyon instructions to be run from Configuration Manager the Configuration Manager console users must also have a presence defined in Tachyon. This presence can take many forms, for example you could define a user in Tachyon from an AD group and then add all your Configuration Manager users to that group - and manage the Tachyon roles for the users as a group, or you could define individual users in Tachyon for each Configuration Manager user - and manage the Tachyon roles on a per-user basis. You will likely have determined roles for your Configuration Manager users based on their function within the organization, the following heading provides a rough guide to matching Tachyon and Configuration Manager roles.

A rough comparison of the Tachyon User Roles and Configuration Manager Roles

The Configuration Manager console may be installed and used by any user that is configured as an Administrative User. There are a number of Security Roles that may be given to the user and not all of these roles are permitted to use Configuration Manager to make changes that affect the network. When configuring the corresponding Tachyon user you should take this into account when assigning the Tachyon Roles. For example, it would be unusual for a user with just the Read-only Analyst role in Configuration Manager to be granted the global Actioner role in Tachyon and therefore be able to perform Tachyon actions on all the devices in a particular collection but not be able to use Configuration Manager to perform any other tasks. There is no one-to-one mapping of the Tachyon and Configuration Manager roles, but the following table provides some rough comparisons between the two:

Tachyon RoleConfiguration Manager Role
ViewerRead-only Analyst
QuestionerRead-only Analyst
Actioner

Examples of equivalent Configuration Manager roles could be:

  • Application Deployment Administrator
  • Remote Tools Operator
  • Software Update Manager
ApproverAny Configuration Manager Security Role that would be appropriate for the Approver to approve actions run from Configuration Manager

Setting up Tachyon for Configuration Manager integration

The following instructions show how to configure the integration between Configuration Manager and Tachyon after the Configuration Manager extensions have been installed.

The animation opposite shows an end-to-end example of configuring Tachyon to support the Configuration Manager extensions. This example generally uses the following steps. We'll highlight in the steps where optional decisions have been taken in the example.

1. Add the Configuration Manager console extensions consumers to Tachyon

To run any of the Client Actions using Tachyon menu items, other than the Instruction Runner, you will need to add (register) the CmConsoleExtensions consumer to Tachyon using the Tachyon Explorer Administration Consumers page. The steps to do this are:

  1. Logon to the Tachyon Portal using a Tachyon user account with the Consumer Administrators role.

  2. Navigate to the Settings→Instructions→ Consumers page

  3. Click the Add button to create a new consumer

  4. The new consumer should be configured with the default values, except for the following:

    ParameterValue
    NameCmConsoleExtensions
    Maximum simultaneous instructions10
    EnabledCheck this checkbox


  5. Click the Add button to save the new consumer

To run the Instruction Runner, you will need to add the RunInstructionUI consumer to Tachyon using the Tachyon Explorer Administration Consumers page. The steps to do this are:

  1. Log on to the Tachyon Explorer as an administrator with the Consumer Administrators role

  2. Navigate to the Administration Consumers page
  3. Click the Add+ button to create a new consumer

  4. The new consumer should be configured with the default values, except for the following:

    ParameterValue
    NameRunInstructionUI
    Maximum simultaneous instructions250
    EnabledCheck this checkbox


  5. Click the Add button to save the new consumer

2. Upload the Configuration Manager console extensions product pack to Tachyon and create an instruction set

First upload the instructions:

  1. Logon to the Tachyon Portal using a Tachyon user account with the Permissions Administrators and Instructions Administrators roles.
  2. Open the Settings application.
  3. Navigate to the Settings→Instructions→Instruction sets page.
  4. Click on the Upload button.
  5. In the Open dialog navigate to the location of the 1E-ConfigMgrConsoleExtensions.zip file.
  6. Select 1E-ConfigMgrConsoleExtensions.zip and click Open.

All the instructions contained in the zip file will initially be added to the default Unassigned instruction set. Instructions in the Unassigned instruction set cannot be used, so first you will need to create a new instruction set with the verification instructions.

  1. Select the 16 instructions you want to add to the new set, by clicking the checkbox at the start of each instruction row in the list.
  2. Click the Add new set button in the button panel to the right of the page.
  3. In the Add new instruction set popup subsequently displayed, and type:
    1. 1E ConfigMgrConsoleExtensions as the name.
    2. Configuration Manager console extensions as the description.
  4. Ensure that the Include 16 selected instructions checkbox is checked.
  5. Click the Add button to add the new instruction set, with the selected instructions.

3. Enable Configuration Manager console user access to Tachyon

You will need to ensure that the account you will be using to run the Configuration Manager console is also represented in Tachyon with appropriate permissions.

The roles and permissions are described in the following table.

Role/PermissionDescription
ViewerThis permission is required for any instruction set you want listed in the Instruction Runner. The Viewer permission is automatically included as part of the Questioner and Actioner permissions.
QuestionerThis permission is required for any instruction set you want the Configuration Manager/Tachyon user to ask questions on using the Instruction Runner. The Questioner permission is automatically included as part of the Actioner permission.
Actioner

This permission is required for any instruction set you want the Configuration Manager/Tachyon user to run actions on using the Instruction Runner.

If you are not using the Instruction Runner and want to run any of the other options directly accessible from the Client Actions using Tachyon sub-menu you will need to set the Actioner permission on the Microsoft Configuration Manager instruction set for the Configuration Manager/Tachyon user.

In our example we use the following steps to define the user access for a specific Configuration Manager console user, called CMUser01, to the 1E ConfigMgrConsoleExtensions instruction set created earlier. This involves creating a custom role for that Instruction set and then assigning the custom role to the user. You would normally use a domain security group for all of your Configuration Manager console users, but here we are using a single user CMUser01.

To create a custom role:

  1. Navigate to the Settings→Permissions→Roles page.
  2. Click the Add button to start the add role process.
  3. In the Add role popup subsequently displayed set the name as 1E ConfigMgrConsoleExtensions and click the Add button.
  4. The new role will be added to the Roles table. Locate its entry and click on the link in the Name column for that row.
  5. Select the Permissions tab and click the Add button.
    1. In the Add permssion popup subsequently displayed scroll down the Type list and select Instruction set.
    2. Scroll down the Name list and select the 1E ConfigMgrConsoleExtensions  instruction set.
    3. Select the Actioner and Questioner checkboxes from the list of permissions.
    4. Click the Add button.
  6. Select the Members tab and click the Add button.
    1. In the Add role member popup subsequently search for the user, in our example this is CMUser01.
    2. Click the Add button.

1E ConfigMgrConsoleExtensions product pack