Contents x
    Agent Security Options in Agent Settings
      • Print
      • Dark
        Light
      • PDF
      Contents

      Agent Security Options in Agent Settings

        • Print
        • Dark
          Light
        • PDF
        Article Summary

        ControlUp continuously improves the security protecting the communication between ControlUp Agents, the Real-Time Console, and ControlUp Monitors in your environment. 

        For more information on how to set up secure agents, see ControlUp Agent Security Best Practices.

        You can use the following enhancements for the ControlUp Agent when adding machines to the ControlUp Console:

        Encrypt Agent Communication

        You can select the option to use only encrypted communication between all agents within your ControlUp organization. By default, this option isn't selected.

        Prerequisites:

        • You must be a user with the Organization Owner role or have Roles Manager permissions set in the Security Policy panel to select this option.
        • .NET Framework 4.5 or higher must be installed on the agent and console.
        • .NET Framework 4.8 or higher must be installed on the monitor. Version 9.0 requires .NET Framework 4.8 on the agent.

        To Encrypt Communication with ControlUp Agents:

        1. In Real-Time Console > Settings > Agent Deployment Settings, select Use only encrypted communication.
        2. Restart the Real-Time Console and all monitor clusters.
        3. Update all agents to version 8.2.5 or higher.

        Troubleshooting

        If this option is selected and you receive any of the following error messages:

        • The agent does not support encrypted communication. Upgrade the agent to version 8.2.5 or higher.
        • Failed to establish an encrypted connection with the agent.
        • Operation timeout.

        Ensure that all consoles and agents are running the following:

        • .NET framework version 4.5 or higher.
        • ControlUp version 8.2.5 or higher.

        Ensure that all monitors are running the following:

        • .NET framework version 4.8 or higher.
        • ControlUp version 8.2.5 or higher.

        Agent Authentication Key

        ControlUp generates a unique authentication for every ControlUp organization. By default, all agents are configured with this public authentication key, and accept communication only from trusted consoles or monitors that have the same corresponding private authentication key.

        The authentication key is automatically configured for the agent machine during deployment.

        Access Key Value

        By default, this is the method of authenticating communication between the agents, consoles, and monitors, so you don't need to perform any action.

        If you need to access the Agent Authentication Key, you can access it in Real-Time Console > Settings > Agent Deployment Settings. The same key is used for all agents deployed from this console.

        Click Copy to access the key value. On the agent machine, this authentication key is stored in the ControlUp Agent registry in the path: HKLM\SOFTWARE\Smart-X\ControlUp\Agent\Communication\AuthKey

        You can manually set the key at any time and you aren't required to restart the agent machine.

        Add Key to Configuration Files that Install the Agents

        When you install agents using the Add Machine feature in the Real-Time Console, by default, this key is automatically added to the agent machine.

        If you don't choose to deploy the agents automatically when you add machines to your organization, you must manually add the same key as displayed in the Agent Deployment Settings page to the configuration file that you use to add the agent.

        To manually configure the key, use the following registry setting on all machines with the agent deployed:

        • Registry Key: HKLM\SOFTWARE\Smart-X\ControlUp\Agent\Communication
        • Value: AuthKey
        • Data Type: REG_SZ
        • Possible Data Values: Public key string base64 encoded (from Agent Deployment Settings)

        If you do choose to deploy the agents automatically when you add machines to your organization, you can use the Agent MSI installer to configure the Agents Authentication Key using an MSI parameter. If you use the link to Download MSI Installer from Agent Deployment Settings, the MSI is already configured with the parameter, but you must update the key value.

        To deploy agents with the key using an MSI installer command parameter, update the following key values:

        • Parameter Name: AUTHKEY
        • Parameter Value: AUTHKEY=agent authentication key
        • Usage Example: msiexec /i Agentinstaller.msi AUTHKEY=

        If you install an agent with this parameter, it configures the specified authentication key for the agent.

        Was this article helpful?
        What's Next