I’ve just completed a complex project using Tachyon.
What was it? What needed to be done?
Migrate two thousand and some machines from McAfee encryption to Bitlocker.
The process has several “stages”, from analysis of readiness to decryption, managed reboot, re-encryption and then key storage.
The ‘what’ is important – get the job done. But there are many ways to achieve this. ‘How’ is the key.
At first the customer thought to use SCCM or InTune, the devices are mostly “Modern Managed” – but there was a problem. With the amount of time it takes to assess one thing before triggering another using both of those technologies, there could be a 6 – 8 hour window between decryption from McAfee completing and Encryption using Bitlocker starting.
The customer is a secure account, managing critical infrastructure and faces real security threats from terrorists and other bad actors – having 8 hours of unencrypted data isn’t acceptable to them.
The next thought was to fall back manually – to take a machine from a user which was encrypted with McAfee and give them a replacement machine encrypted with Bitlocker – recycle machine A and rinse and repeat a few thousand times – job done. Zero decrypted data time.
Of course, this is a huge logistical task, is manual and error prone and will lead to all sorts of issues as users move from one machine to another – missing files, different setup, just… pain. That sort of thing may have been acceptable several years ago, but with a view to a positive “Digital Employee Experience” (DEX) – it just doesn’t cut mustard anymore.
Tachyon can run through the steps, using Guaranteed State, and even if the machines lose network connectivity at any stage – the process will complete. It executes based on “triggers”, so that as McAfee decryption completes, the reboot notification is sent to the user – and as the reboot completes, the Bitlocker encryption is started. There is minimal downtime between decryption and re-encryption (10 minutes or less) – and the process is 100% automated.
Add the machines to a given Tachyon Management Group (which can be aligned to an OU for example) and then run an instruction on them to say “Go” – and it goes. It loops through the stages and it completes. As it completes, the status is updated in real-time to say it is done.
Using other tooling was considered too slow, doing it manually was considered too painful and expensive (costs were estimated at just under $400k for the sub 3,000 device environment).
Creating the approach in Tachyon took about 1 day of effort, testing took another day. Now the project is rolling out.
The architecture of Tachyon is what allows this to happen so quickly, with so little effort, so much control and at such low cost. In next weeks vlog I’ll be exploring that architecture a little. We’ll talk about how Tachyon acts as a distributed system, rather than wheel and spoke, and how that provides advantages of speed and resilience that other tools simply can’t match.
How Tachyon works is exactly Why you should choose Tachyon instead of Nexthink, Systrack, Tanium, Microsoft or other methods of achieving the ‘what’ you need done.
Any tool that can execute a Powershell script or command line command can essentially achieve the same thing – all of the ‘what’s’ are similar – the ‘how’ is where the differentiation is.
Too many tool RFP’s ask questions about functional requirements – can your tool do x, y and z. Not enough focus on the non-function requirements – can it do those things:
- Without interrupting the user
- if the device loses network connectivity
- at high speed
- and in a way that reacts to specific stimuli in real-time
These “non-functional requirements” are crucial when selecting a DEX or Endpoint Management tool to suit modern and especially hybrid (employees in-office and working from anywhere) organizational needs.
Keen to learn more about all things Tachyon? Subscribe to our YouTube channel to keep your eye on the latest Tachyon Tuesday content and check out the archive for previous Tachyon Tuesday blogs and vlogs!