- Print
- DarkLight
- PDF
Prerequisites for ControlUp for Physical Endpoints & Apps
- Print
- DarkLight
- PDF
Read this article and make sure you meet the prerequisites before you deploy ControlUp on your physical devices.
This article covers the prerequisites for implementing ControlUp for Physical Endpoints and Apps. For additional information, visit the following articles:
- Communication requirements for Scoutbees
- Communication Ports for VDI & DaaS (US Region)
- Communication Ports for VDI & DaaS (EU Region)
Network requirements
Managed physical endpoints must have access to these URLs over port 443 (SSL):
URL | Notes |
---|---|
<tenant-name>.sip.controlup.com | You can find your tenant name by going to Configuration > Downloads |
downloads.sip.controlup.com | Used for downloading new Edge DX Agent versions. |
cdn.spm.controlup.com/waapi | Required only for ControlUp Secure DX |
cdn.spm.controlup.com/agent | Required only for ControlUp Secure DX |
securedx-cdn.controlup.com | Required only for ControlUp Secure DX |
To use the ControlUp console and manage your physical endpoints, you must have access to the these URLs:
URL | Notes |
---|---|
app.controlup.com | |
maps.google.com | |
edgedx-functions.azurewebsites.net | Required only for the first time you sign in to your environment and create your tenant. |
Synthetic Monitoring
ControlUp for Physical Endpoints & Apps includes proactive synthetic testing for your network infrastructure and SaaS/web apps.
Visit Networking Requirements for Synthetic Monitoring for details.
SSL inspection
If you have a proxy or firewall performing SSL inspection, you must have the trusted certificate installed on devices with the Edge DX Agent installed. The certificate must be accessible to the Computer account (and not only the User account).
Alternatively, you can disable SSL inspection for your Edge DX tenant URL (<tenant-name>.sip.controlup.com).
Proxy server
You can configure the Edge DX Agent to use a proxy server during Agent installation.
If your proxy is only open when a user account is signed in, and you want to monitor the device when no user account is signed in, configure your proxy to bypass the following URLs:
- <tenant-name>.sip.controlup.com
- downloads.sip.controlup.com
ZScaler VPN
If you are using a ZScaler VPN, follow the instructions in this article to ensure that you can see the real IP addresses of your devices.
Antivirus exclusions
Whitelist the following directories in your antivirus software (including next-gen security products such as Crowdstrike, Carbon Black, etc.):
C:\Program Files\Avacee\sip_agent\
C:\ProgramData\Avacee\sip_agent\scripts
C:\Program Files\ControlUp\AgentManager
Alternatively, if you are unable to whitelist directories, you can whitelist the following executables:
C:\Program Files\Avacee\sip_agent\SIPAgent.exe
C:\Program Files\Avacee\sip_agent\RCNotifications.exe
C:\Program Files\Avacee\sip_agent\UserPrompt.exe
C:\Program Files\Avacee\sip_agent\WinFocusMonitor.exe
C:\Program Files\Avacee\sip_agent\Wow64MIHelper.exe
C:\Program Files\Avacee\sip_agent\UserSurveysApp.exe
C:\Program Files\ControlUp\AgentManager\AgentManager.exe
Test your connection
To make sure you have all networking and proxy requirements in place, run the CUTester tool from a managed physical device and select to test Edge DX. Click here for details about the tool.