Tanium Tale — TaaS Cloud Migration

A $13b global manufacturing powerhouse with over 180,000 employees was ready to take its Tanium investment to the next level — moving its on-premises Tanium infrastructure to the cloud. As substantial users of Tanium with broad adoption of the platform, they knew they needed a seriously skilled partner to help execute their transition to Tanium as a Service (TaaS).

That partner needed to understand the intricacies of the complete Tanium toolset, the complexities of cloud migration, and the prudent best practices for executing this critical project smoothly. The company already knew it could count on Chuco’s consulting and support services, having worked with Chuco for the previous two years under a managed service engagement model. The team was already in place and ready to get to work. And Chuco did not disappoint.

Building on an Existing Relationship and Understanding

Because of our history as a virtual team member augmenting the company’s internal Tanium specialists, Chuco understood the organization’s existing technical environment, its IT policies, and its operational practices. That meant we already had the lay of the land when the call came to elevate matters into the cloud.

Serious Adoption Makes for a Significant Project

This particular move from ground to cloud was not simple by any metric; this organization was quite the Tanium “power user” in several senses of the word. They had adopted multiple Tanium modules and were really taking advantage of the functionality each offered. To share a sense of that broad adoption, this organization uses:

  • Tanium Patch to update Windows servers and workstations on a weekly basis
  • Tanium Comply to generate a number distributed reports on the state of their server environment
  • Tanium Trends to produce multiple trend boards, reports, and graphs, showing both real-time and historical security metrics and operational health indicators
  • Tanium Connect to collect and export data to a variety of groups internally. (One such job provides specific patch activity detail every eight hours.)
  • Tanium Deploy to install and update software applications across endpoints — with significant projects typically executed on a weekly basis

This particular move from ground to cloud was not simple by any metric; this organization was quite the Tanium “power user” in several senses of the word.

This is just a partial list. In total, the organization has adopted (in alphabetical order): Tanium Asset, Comply, Connect, Deploy, Discover, Enforce, Impact, Interact, Patch, Threat Response, and Trends.

And their directive to Chuco was: Migrate and make all of this work in the cloud, without disruption.

Game on.

A Phased Approach to a Complex Challenge

Given a complex Tanium environment already in place on-premises, we collaborated closely with the client to plan a prudent, phased migration. That included working within their existing IT project design preferences.

Because of the extensive experience we already had working with their team, tools, and processes — and because we were starting from a place of strong mutual trust and understanding given our past work — we were able to set operating parameters and milestones quite rapidly.

With plans in place, we then took initial steps to prepare the cloud side of the equation. That included working with Tanium to provision appropriate cloud instances on their side, and configuring network parameters like firewall rules on ours.

Next, we worked to move over existing Tanium modules. We moved each module individually, carrying over all applicable data and existing configuration details. That process took several months and included extensive testing. When we had the majority of modules ported over, we then began migrating endpoints in batches, testing everything along the way.

All told, we successfully migrated over 55,000 endpoints to the new TaaS environment — over 50,000 Windows, Mac and Linux workstations, and about 3000 Windows and Linux servers.

And because endpoints can only be controlled by one Tanium instance, either on-premises or in the cloud, there was a material transition period where we had, in effect, two parallel environments in place to manage, coordinate, update, and eventually combine. For example, as on-premises systems changed we had to carry over those changes to the cloud instance, and vice versa.

All told, we successfully migrated over 55,000 endpoints to the new TaaS environment — over 50,000 Windows, Mac and Linux workstations, and about 3000 Windows and Linux servers.

The Pandemic Presents Problems

Adding another twist to this project was the pandemic-driven shift to remote working that unfolded in the middle of the journey. That move changed how Tanium worked and needed to be configured.

So at times we were changing the on-premises Tanium configurations and addressing architecture issues to keep improving efficiency and address new issues across a highly distributed, less-connected landscape, while also navigating the cloud transition.

Making all of this happen smoothly was technically challenging, but quite rewarding. There was a definite sense of satisfaction shared by the joint team as we checked off tasks and put all the pieces into place. And the resulting view from our new cloud perspective was indeed breathtaking.

Results, ROI and Lessons Learned

  • Tanium in the cloud is completely compelling. The ROI of TaaS is undeniable. That starts with cutting hard costs, like maintaining a six-figure investment in Tanium servers powering the product’s modules and database. But even better is the actual improvement to the software experience itself. With Tanium the company on the line to keep things up, running and performing, the burden and balance shifts in appreciable ways.

  • The cloud brings incredible scale and speed, so be careful. Powered by Amazon Web Services (AWS), Tanium in the cloud is faster and more responsive. Customers greatly benefit from the speed, scalability and security that platform delivers. However there are some interesting new details to navigate on the integration and configuration front.

    For example, we discovered early on that Amazon maintains rather large networking pipes delivering immense available bandwidth. So take note — without the right infrastructure on your end, and the right configuration and throttles in place, you could literally find you’ve engineered your own denial of service and overload your environment…

  • Updates and upgrades are at the forefront with TaaS. In addition to performance, Tanium also pushes regular updates, fixes and enhancements to the cloud systems. With TaaS customers get these automatically without having to manage local upgrades. And for those that want the latest functionality first, this is the way.

    Even better, we found that Tanium support can be even more responsive when addressing issues in the cloud — which makes sense given the greater available access and greater responsibility they have for their systems.
  • Finally, with the cloud model expanding use is much easier. Customers can activate new Tanium modules on demand, so as their business needs grow Tanium scales swiftly. A far better use of time, budget and resources than navigating on-premises hardware upgrades, new module deployments and integration challenges.

    Of course, as noted, cloud migrations are complex projects. There is more than one way to navigate the journey, which is why we’re eager to apply our experience to assist organizations looking to plot their own course.
  • Tanium in the cloud is completely compelling


  • The cloud brings incredible scale and speed, so be careful


  • Updates and upgrades are at the forefront with TaaS


  • Finally, with the cloud model expanding use is much easier
On that note, one final recommendation we’d make is to establish clear and consistent communication with your TAM throughout the process. That’s your information lifeline to the larger Tanium team, and a critical source of updates about any upcoming software changes that may impact your plans or progress, a way to effectively escalate any questions or issues, and a vendor resource every customer should take maximum advantage of.
 

We’re grateful for the strategic partnership we’ve built with Tanium and the specific working relationships we’ve cultivated across the TAM organization — all of which prove critically helpful for us and our clients when executing critical projects like these.

To Learn More

If you’d like to learn more about how we help companies get the most from their Tanium investments, including cloud migrations and implementation projects, we’re always eager to connect. Our team of veteran, certified Tanium experts has years of hands-on experience and has developed a deep understanding of the product, its capabilities, and best practices for achieving the objectives that matter most to our clients.

So whether you’re just starting to work with Tanium, looking to adopt TaaS, or ready to expand your use of Tanium, we have experience, insight, and hands ready to assist — be that offering seasoned advice, working on specific projects, or taking on a role as a virtual member of your internal Tanium team with our managed services model

Read More Tanium Tales:

Tanium Tale — A Simpler Way to Execute Tasks in Tanium

When it comes to seeing and controlling every endpoint across your network, there simply is no platform that can compare to Tanium. In order to get maximum benefit out of endpoint security management using Tanium, clients have asked us to develop a tool with a web console to enable these users to perform basic tasks without becoming a fully certified Tanium operator.

Read More »

Tanium Tale — Trading Tripwire Toll for Tanium Treasure

A healthcare provider serving over 12 million members nationally recently seized a tremendous opportunity to achieve significant cost savings, simplify its IT infrastructure, and reduce internal support costs by replacing Tripwire File Integrity Manager with the equivalent capabilities in Tanium Integrity Monitor.

Read More »

CDW + Tanium — The Best Prescription for Security Risk & Patching Pain

See how CDW connected its customer, non-profit medical provider with 250 international locations and 90,000 endpoints, with Tanium and Chuco to tackle #endpointsecurity, #patchmanagement, and #windows10 updates. With a single solution for Converged Endpoint Management (XEM), our client identify 46 million security vulnerabilities, eliminating 90% of priority issues within six months. Read more below.

Read More »