You can easily add machines you want to be monitored by ControlUp to your ControlUp organization.
We recommend that you secure the communication between the ControlUp Agents deployed onto these machines and the ControlUp Real-Time Console and ControlUp Monitors. For details on our security recommendations see ControlUp Agent Security Best Practices.
Click Add Machines in the Home ribbon, or right-click anywhere in your organization folder and select Add > Machines.
The Add Machines window prompts you to select your managed machines, using one of the following methods:
1. Select managed machines by selecting machine accounts from your Active Directory (default)
Choose a domain containing the machines to be added using the Domain selector button.
Choose a root OU for the Active Directory search using the Search Root selector. This is useful in large environments, in which the size of the directory may slow down the discovery process.
Search for and select computer accounts from Active Directory. Typing text in the Search Filter box performs inline filtering of the result table, which allows for faster location of machine accounts. The text you type in the Search Filter box can be any part of the machine name and does not require the use of wildcard characters.
By default, ControlUp attempts to contact your machines by using the DNS suffix configured in the Active Directory DNSHostName attribute of the account. In case the DNS configuration in your network specifies a DNS suffix which is different from the domain name, use the “Alternate suffix” text box to input the name suffix used in your network.
After locating the machines you would like to add to ControlUp, select them and click Add. The right pane will show all machines currently selected for addition.
2. Select managed machines by entering IP addresses or scanning your internal IP range
You may provide a list of IP addresses in the IP Addresses field. Multiple addresses should be separated by a semicolon (;). A contiguous IP address range may be scanned by using the IP Range option. Provide the start and end addresses for the IP range and click Scan to discover machines in that range.
3. Select managed machines by providing a text file listing machines to be added
ControlUp supports adding managed machines from a text file that includes a list of machines separated by line breaks, commas, semicolons, or spaces. Use the “File Path” field to select a file, choose the file encoding if needed and click Load.
When adding machines using a text file or by IP address, expand the Connection Settings optional pane to select the user account for the discovery of the selected machines and to configure connection timeouts:
The credentials you provide here will be used for the Active Directory query only. To configure the credentials used for the agent deployment, edit your Active Directory connection on the Settings Window.
When you have selected your target managed machines and clicked Next, all selected computers are contacted and the following tests are performed:
- Ping test (unless disabled).
- .NET Framework installation test (unless disabled).
- Security test – the Windows user account you are using to connect to every managed computer is tested for local administrative rights on that computer.
- Existing ControlUp Agent installation – if a ControlUp Agent is already present on the machine, this agent will be used unless its version is outdated, in which case you may perform a seamless upgrade of the agent.
- You may rerun the agent installation process for any selected machine if an issue preventing agent installation has been resolved. You can also rerun the process for all failed machines using the “Rerun Failed” button.
At the end of this process, ControlUp Agents start reporting performance data, and the ControlUp Real-Time Console will be ready to perform a variety of management tasks on your selected machines.
If you have multiple Sites in your organization, save time when you add Machines by designating the Site having the most turnover in terms of addition and removal of machines as the Default Site. The Default Site appears by default in the Select Site field of the Add Machines dialog box. See Monitor Settings for more details.
Deploying ControlUp Agents from the hypervisor
After you created the hypervisor connection and connected to it, (see Connect to the Virtualization Infrastructure), you see all of the VMs that are managed by the hypervisors. If they already have the ControlUp Agent installed, they look like all other managed machines. If they do not have the ControlUp Agent installed and the status is “Install Agent”, you can easily deploy the agent to them by either clicking on the link in the status Install Agent or right-clicking the machine in the Information Grid. To deploy to multiple VMs at the same time, shift-click or control-click to choose your targets and then right-click on one of those selected machines.
The same Add Machines window opens as described above, with a few changes specific to adding machines from a hypervisor.
The Selected Folder field enables you to choose which folder to place the machines once an agent is installed.
The credentials at the top of the window are for the same purpose as described above. If you change the credentials you choose to use, you can click Scan to rescan the chosen VMs with the new credentials. If the credentials are valid and have sufficient permissions for installing the agent, the Description column will say Done and the VMs put into the target list. If there are any problems, the Description column will give as much detail as it can to help solve the problem.
The Add Machine process then continues as described above.
Deploying the agent from the hypervisor works only in the information grid and not from the organizational tree.
Any VM with a status of “Unmanaged” does not have any IP address information offered by the hypervisor, and therefore this method is not available for those VMs. If you want to deploy the agents to VMs in the unmanaged state, you will have to use a different method, as this method relies on knowing the IP address from the hypervisor.
In this version, ControlUp does not filter the ability to install the agent by guest OS, since not all hypervisors always tell what the guest OS is.
Deploying ControlUp Agents behind firewalls
By default, ControlUp uses RPC for agent deployment. In some environments, RPC access to the managed computers may be blocked by firewalls or other security measures. To deploy ControlUp agents to these computers, on the ControlUp website , you can download a Windows Installer package. You can then use your deployment mechanism of choice to install the ControlUp agent on the managed machines. After completing the deployment, you are able to add these machines to ControlUp using the Add Computers window, provided that the agent communication TCP port (40705 by default) is not blocked by your security hardware and software.
ControlUp agents installed using this method cannot be uninstalled remotely using the ControlUp Real-Time Console. You should uninstall these packages manually or using your software deployment system of choice.
The following functionality may be limited when accessing ControlUp agents behind firewalls: Remote Event Viewer, File System Controller (Get file properties, Gather and Send Files Here). These features rely on RPC communications and may not work if firewalls or other security measures on your network prevent this type of connection.
Secure communications between ControlUp Console/Monitor and ControlUp Agent
To secure the communication between the installed agent and the ControlUp environment, we recommend you do the following.
On any computer running the ControlUp Agent, enable a Firewall inbound rule that allows access to port 40705 only to authorized computers.
Add these computers which ideally should use static IP addresses:
- Computers running the ControlUp Monitor service
- Computers running the ControlUp Real-Time Console
If you don't own a firewall for your network, we recommend using the built-in Windows firewall alongside a Group Policy to apply the firewall rule to all machines running the ControlUp Agent.
This recommendation reduces the risk of a potential attacker manipulating a ControlUp Agent using malicious code in case that potential attacker has penetrated the organization network.