Microsoft Configuration Manager Integration

In addition to being able to run instructions from the Tachyon explorer, Tachyon also has Configuration Manager Console extensions which allow you to run Tachyon instructions directly from the Configuration Manager console. There is great value in this functionality as it allows you to target specific collections rather than having to set coverage parameters within Tachyon. 
This ConfigMgr integration is enabled via the Tachyon Toolkit installer (which will need to be installed on any machine where the Configuration Manager console is installed).

In our environment, we already have the ConfigMgr console installed on the 1ETRNCM server.

The Configuration Manager console may be installed and used by any user that is configured as an Administrative User. There are several Security Roles that may be given to the user and not all of these roles are permitted to use Configuration Manager to make changes that affect the network. When configuring the corresponding Tachyon user, you should take this into account when assigning the Tachyon Roles. For example, it would be unusual for a user with just the Read-only Analyst role in Configuration Manager to be granted the global Actioner role in Tachyon and therefore be able to perform Tachyon actions on all the devices in a particular collection but not be able to use Configuration Manager to perform any other tasks.

When in ConfigMgr, the role based security configured in the console will dictate what the user has access to. Tachyon will dictate what permissions a user or group has based on Tachyon's role based security, thus you must configure both very carefully to ensure the right access is provided to the users you are granting the ability to use Tachyon through the ConfigMgr console.

In the following exercises, we will configure the Tachyon back end for the ConfigMgr integration. Once configured, we will install the Tachyon Toolkit on the server with the ConfigMgr console, and lastly, we will configure a ConfigMgr administrative user with permissions in Tachyon.

Configuring the Consumers

Configuring the Integration/Consumers

1ETRNAP



Logged in as 1ETRN\AppInstaller, launch the Settings Application and navigate to Configuration – Consumers


Note the consumers that are installed, Explorer, Platform, Inventory, Guaranteed State, Patch Success, RunInstructionUI , CCMConsoleExtensions, TachyonRunInstruction and Experience. These are installed when Tachyon is installed and are the default consumers


Select RunInstructionUI , Click Edit and set the Maximum simultaneous instructions setting to 250


Check the Use Windows Authentication and Enabled boxes at the bottom (if not already)


Click Save


Repeat steps above for CCMConsoleExtensions


Note that there are now 9 consumers configured in Tachyon


Navigate to the Permissions - Users tab in the Settings Application


On the right side, click on the Add button to add a user


In the select user field, type in 1ETRN\SCCM ADMIN and select SCCM Admin in the suggestion list. Click the Add button


Click the 1ETRN\SCCMAdmin account to edit the role


Click the Edit button on the right side


Select Global Actioners and click Save


You will see in the User: SCCM Admin page that it has been permissioned with the Global Actioners role


Installing the Tachyon Toolkit

1ETRNCM



Log into 1ETRNCM as SCCMADMIN


Ensure the ConfigMgr console is closed


Open an explorer window and navigate to \\1etrnap\temp\TachyonPlatform.v5.0.0.592\Installers and copy TachyonToolkit.msi to c:\temp


From a command box, switch the working folder to c:\temp and run the following command


msiexec /i TachyonToolkit.msi /l*v TachyonToolkit.log


On the Welcome page click Next


On the License Agreement page, select I accept the terms in the license agreement and click Next


On the Custom Setup page, click Next


On the Tachyon Server page, input Tachyon.1etrn.local and click Next


Click Install


Once installed, click Finish


Browse to c:\Program Files (x86)\1E\Tachyon and note that a Toolkit folder now exists with a subfolder


Using Tachyon through the ConfigMgr console

Now that we have installed the Toolkit and with it the ConfigMgr console extensions, as well as having configured the two consumers required for the ConfigMgr integration, we are ready to use Tachyon through the ConfigMgr console.

Start the Config Man Client Service

1ETRNW73



Still logged into 1ETRNW73 as 1ETRN\Tachyon_AdminG


Click Start and type in Services.msc. Click on the Services.msc applet


Click on any service and type in SMS. Stop the SMS Agent Host service


We will now use a Tachyon instruction from the Config Man console to start the Config Man Client Service



1ETRNCM



Logged in as 1ETRN\SCCMADMIN, launch the ConfigMgr console from the taskbar


Click the Assets and Compliance pane on the left and select Devices


Right-click 1ETRNW73 and at the bottom of the pop-out menu, select 1E Tachyon


We will now use a Tachyon instruction from the Config Man console to start the Config Man Client Service




You should see a list of Tachyon specific actions as follows




Click on Start ConfigMgr Client Service. Click Yes


Launch Live Mail from the Start menu and click Send/Receive


Get the authentication code from the latest email and input it into the Authentication code box which appeared when the action was initiated


Click OK on the Tachyon pop up



1ETRNW73



Logged into 1ETRNW73 as 1ETRN\Tachyon_adminG, launch the Tachyon Portal if not already open and navigate to the Explorer Application - notifications page


Note the action initiated from the ConfigMgr console has an approval request waiting


Click Start and type in Services.msc. Click on the Services.msc applet


Click on any service and type in SMS. Note the SMS Agent Host service is in a Stopped state


Return to the Explorer Application and approve the request


Browse to c:\programdata\1E\Client and open the 1E.Client.log file


Note that the action we just approved has been actioned but that our Guaranteed State Policy has run and has marked this device as non-compliant




Your log should look similar to this one




Return to the Services applet and refresh the view. Note that the SMS Agent Host service in now stopped and disabled



1ETRNCM



Returning to the ConfigMgr console, move from the Devices workspace to the Device Collections workspace


Right click on the Lab Workstations collection, and select 1E Tachyon>Instruction Runner




Note a list of instruction Sets are visible




Click on the History and Content tabs. Note that they do not have any information as we have not run any instructions through the Instruction Runner yet


Return to the Instruction tab


Expand Processes, and select What processes are running?


Note the Approximate Target based on the collection we chose


This is essentially our coverage, defined by the collection membership


Click Ask this Question


Note the Tachyon Instruction Runner change to the History tab. Click on the Content tab


Note the results being returned


Click the Create Collection button. Note the ability to create a collection based on the results returned. Click Cancel


The create collection functionality can be very valuable for targeting specific deployments via Config Man. For example, you might run a Tachyon Instruction querying for something specific on all your clients, and the ones that return a value could quickly be put into a collection and have a patch or package deployed to. This collection will be using a direct membership rule so much more efficient on the processing side of Config Man



1ETRNW71



Return to the Explorer Application on 1ETRNW71


Expand the Instructions node, and click on History


Note the different instructions listed here. At the top of the list is the instruction we just initiated through ConfigMgr


Click on the instruction to take you to the Content page


Note the data presented in the same manner that instructions executed directly from the Explorer Application are presented


Lab Summary

In this lab, we configured Tachyon to integrate with Config Man, allowing us to execute instructions directly from the Config Man console. First, we configured two Consumers in Tachyon, RunInstructionUI and CMConsoleExtensions. This allows Config Man consoles to connect to Tachyon as consumers. Next, we added an administrative user in Tachyon to allow that user to execute instructions from Config Man.   Once configured, we ran an instruction from Tachyon to stop the SMS services on a machine. Since this was an action and not just a question, it required the 2-factor authentication as well as approval. Lastly, we queried which files exist under a specified path, which required no approval.  We configured the ConfigMgr integration with Tachyon, and we now have the ability to execute instructions directly from the Config Man console.  This is very valuable because we can target specific collections in Config Man which would be otherwise hard to define in Tachyon. Finally, we validated the data from the instructions run from Config Man is also displayed in the Tachyon explorer, thus allowing to fall back onto the explorer for reviewing data once the instructions have been run from Config Man.


Next Page
Ex 10 - TCN Opr v5.0 - Creating Instructions and Fragments Using TIMS