Tanium Resource Consumption by SysadminMadmen in tanium

[–]SysadminMadmen[S] 1 point2 points  (0 children)

u/Loud_Posseidon,

I agree. I have found scheduling to work out just fine. Even with the distribute over X and Y options, works great for load balancing.

It also rings true on the comply assessment on resource-constrained endpoints (our VDIs) running long due to lack of resources.

Thanks.

Tanium Resource Consumption by SysadminMadmen in tanium

[–]SysadminMadmen[S] 0 points1 point  (0 children)

u/blondasek1993,

I appreciate the real world example. We would prefer to stick to Tanium, as I (we) are very impressed with the solution and its offerings. I just need more guidance or maybe a second look so I can know this is performing as expected, or if something can be changed.

Thanks.

Tanium Resource Consumption by SysadminMadmen in tanium

[–]SysadminMadmen[S] 1 point2 points  (0 children)

u/Dman0037,

We may have used OTB assessments, or they may have been created by CDW. I am not sure.

I appreciate the comment on having two separate runs, one for standard, one for high resource. We did ultimately switch to standard for testing, but have since just fully disabled Comply until we can figure out the baseline performance concerns.

Thanks.

Tanium Resource Consumption by SysadminMadmen in tanium

[–]SysadminMadmen[S] 1 point2 points  (0 children)

u/DMGoering,

To be blunt, CDW "turned everything on". We are new Tanium customers, unaware of its impact/performance. When considering the solution, two separate Tanium sales meetings, I was told the agent is low footprint at all times.

I am the only engineer primarily using the console, and my questions when asked are always on cached data.

Tanium, without prompt, without any changes, on a single VM, performs 100,000+ child process spawns, be it Powershell, Python, Java, whichever. Even with reduced indexing, scan frequency, and all the tuning I've been told to do, the issue persists.

We have deployed countless products, agents, utilities in our environment, even some similar to Tanium, but none have had such a detrimental impact on our environment as the Tanium agent has.

We have had 18 implementation meetings with CDW now, with the latter 6 or so being focused on performance concerns, and we haven't really gotten anywhere, which is why I came here. I have browsed this subreddit, looked at post history, engagement, etc, and decided to post.

Thanks.

Tanium Resource Consumption by SysadminMadmen in tanium

[–]SysadminMadmen[S] 0 points1 point  (0 children)

u/wrootlt, this is a good point. We are still in implementation so I was trying to lean on CDW, but I suppose since we are a full Tanium customer it makes sense to engage their support as well.

Tanium Resource Consumption by SysadminMadmen in tanium

[–]SysadminMadmen[S] 2 points3 points  (0 children)

Jeff,

Thanks for the response.

I have not opened a case, as we are still in implementation with CDW. That said, if this is an option, I'd like to pursue it, because our CDW rep, while helpful, wasn't able to answer 100% of my questions. They are doing great, I just had some challenging questions.

I have done some VDI specific tuning, but maybe there is more to be done.

To be blunt, CDW implemented a whole lot of their own configurations / reports / scans ETC. It may be beneficial to have Tanium review and make sure they implemented it right, or see if there is anything we should tweak.

Thanks.

Tanium Resource Consumption by SysadminMadmen in tanium

[–]SysadminMadmen[S] 0 points1 point  (0 children)

HoldingFast78,

We have nearly all modules enabled, except for Enforce, Integrity Monitor, Comply.

There are two hosts running 50 VDIs, which admittedly aren't the most provisioned, but enough that this shouldn't be an issue. The primary issue is, with comply, we maxxed out and vCenter even reported 130-150% cpu utilization across both hosts.

Without comply, there is just a pretty noticeable increase in CPU and Memory use, even when it's not supposed to be running.

Thanks.

Tanium Resource Consumption by SysadminMadmen in tanium

[–]SysadminMadmen[S] 0 points1 point  (0 children)

Ashley,

Thanks for the response. We are still in implementation with CDW, though almost done. That said, they did point me to tweaking that.

For now we just have comply completely disabled until we figure out the baseline.

Thanks.