Virtual Endpoints (VDI & VMs) - Tanium Agent FAQs - Tanium Tech Talks #90

Virtual Endpoints (VDI & VMs) - Tanium Agent FAQs - Tanium Tech Talks #90

May 8, 2024

How do I tune Tanium for virtual infrastructure like VMs and VDI? Many folks who have worked in IT ops are familiar with the struggle of keeping virtual infrastructure properly resourced with memory, disk, CPU, and network. Sometimes it’s a balancing act of hardware, budget, and virtual machines. Now you’re deploying a real time agent on every guest on those virtual hosts, so how can we make sure it doesn’t create a resource storm? Also pick up bonus Windows performance tips from an industry veteran in this behind-the-scenes interview with a Tanium Principal Escalation Engineer.

  • Reduce agent impact without reducing data
  • Use virtual sensors and computer groups to target optimized settings
  • Out-of-the-box settings to reduce load of sensors and packages
  • Module-specific settings for Index, Comply, Threat Response

#informationsecurity #informationtechnology #taniumagentfaqs #virtualization #vm #vdi

RESOURCES
All videos in this series
Agent Impact
https://youtu.be/1YeM-bWKrCE
Exclusions
https://youtu.be/ttGNqxy1g5s
Virtualized Endpoints
https://youtu.be/VmbithnovgY

Action Distribute Over Time
https://help.tanium.com/bundle/ug_interact_cloud/page/interact/deploying_actions.html

Virtualization Client Settings
https://help.tanium.com/bundle/ug_client_cloud/page/client/cli_reference.html

Golden Image: Preparing the Tanium Client on a virtual desktop infrastructure (VDI) instance
https://help.tanium.com/bundle/ug_client_cloud/page/client/os_imaging.html

Comply - low resource mode
https://help.tanium.com/bundle/ug_comply_cloud/page/comply/working_deployments.html#general-config

Threat Response - low resource profile
https://help.tanium.com/bundle/ug_threat_response_cloud/page/threat_response/create_profiles.html
https://help.tanium.com/bundle/ug_threat_response_cloud/page/threat_response/create_configurations.html#file_indexer_configuration

CHAPTERS

00:00 Intro

01:14 Meet Jeff

01:57 Issues when not tuned

03:06 Resource storms

03:57 Recent engineering improvements

05:17 Computer groups for virtualized endpoints

06:15 Slower data response

06:43 Default capabilities to help

07:42 Actions: Distribute Over Time

10:16 Built-in client config safeguards

14:42 File Index tuning

17:27 Module-specific tuning

18:15 Comply low resource mode

19:13 Wrap up