New Devices/ Software install
I'm curious how those of you who are not using Tanium Provision are handling software deployment for brand-new devices.
I'm trying to determine the fastest and most reliable way to get a core set of applications installed almost immediately after a device comes online. My concern with Deploy is that there can be some delay while modules, inventories, and software scans complete before the endpoint is evaluated and assigned the appropriate deployment.
I've also considered using Actions, but I'm concerned about larger installers, download times, and overall reliability if the action completes before the installation finishes.
The workflow I'm trying to achieve is something like:
- Tanium Client gets installed.
- Device checks into Tanium.
- Device receives a tag, group membership, or some other identifier.
- Required software begins installing immediately.
- Identifier removed
I understand that one option is to bake these applications into the image or use scripts during the imaging process. Unfortunately, due to our current imaging and device replacement processes, we can't reliably depend on updating or replacing the image whenever software requirements change. Because of that, I'm specifically interested in approaches that leverage Tanium after the endpoint has been deployed and comes online.
For those of you managing new device provisioning with Tanium:
- Are you using Deploy, Actions, Connect, or something else?
- How are you triggering software installations as soon as a device first checks in?
- What kind of time-to-install are you seeing from first check-in to software being installed?
- Have you found a reliable way to handle larger installers or software dependencies?
- Any lessons learned or pitfalls to avoid?
I'm interested in hearing what has worked well in production environments, especially for getting critical tools installed as quickly as possible after the endpoint comes online.
