Bare Metal Imaging Walkthrough With Tanium Provision - Tanium Tech Talks #82
In this Tanium Tech Talks episode, Rob Broughall, a UK-based technical account manager, discusses Tanium Provision, a module that allows users to deploy operating systems to devices or virtual machines, as well as retire or refresh them. We then walk through the process to fully automate the build of Windows endpoints to get back hours in your IT days.
What is bare metal provisioning?
Bare metal provisioning is the process of deploying an operating system to a device or virtual machine. It can be done using Tanium Provision, a module that allows users to deploy operating systems to devices or virtual machines, as well as retire or refresh them.
Tanium Provision offers features such as network boot, USB and ISO boot, content caching, offline and online domain join, device retirement, image capture, and multipass wipe. It also provides benefits such as reduced infrastructure requirements, faster and more flexible deployments, and seamless integration with other Tanium modules.
The steps of bare metal provisioning on Windows and Linux machines are as follows:
- Set up a Provision endpoint by creating a satellite in Direct Connect, selecting the desired features, and deploying the configuration.
- Create a bundle by providing the Windows WIM or Linux ISO file, the Windows PE content, the unattended XML file, the Tanium client package, and optionally a custom script, drivers, and patches. Configure the key values such as computer name, domain name, OU, time zone, and tags.
- Assign the bundle to a Provision endpoint.
- Boot the target device from the network or a USB stick, select the bundle and the disk to install and wait for the build to complete. The build will also join the device to the domain, install the Tanium client, and apply any patches and applications.
- The Tanium client will be installed, and the machine will be ready to use.
How do you set up a Provision endpoint?
A Provision endpoint is a device that runs the Tanium agent and provides the network boot, content caching, and domain join services. To set up a Provision endpoint, users need to create a satellite in Direct Connect, select the desired features, and deploy the configuration. The Provision endpoint also needs to have enough disk space and network bandwidth to handle the bundles and the builds.
How do you create a bundle?
A bundle is a collection of files and settings that define the operating system image and the configuration to be applied to the target device. To create a bundle, users need to provide the Windows WIM or Linux ISO file, the Windows PE content, the unattended XML file, the Tanium client package, and optionally a custom script, drivers, and patches. Users also need to configure the key values such as computer name, domain name, OU, time zone, and tags.
How do you perform a build?
A build is the process of deploying a bundle to a device or a virtual machine. To perform a build, users need to assign a bundle to a Provision endpoint, boot the target device from the network or a USB stick, select the bundle and the disk to install, and wait for the build to complete. The build will also join the device to the domain, install the Tanium client, and apply any patches and applications.
Additional resources for Tanium Provision
The Tanium Resource Center at help.tanium.com is a comprehensive repository of technical information and best-practice information on Tanium solutions.