Introducing ControlUp Monitor
ControlUp Monitor is a component principally equivalent to ControlUp Console but without an interactive user interface. Once installed and started, ControlUp Monitor signs into your ControlUp organization and connects to your managed computers.
The Monitor starts receiving system information and performance updates from your organization, just like an additional ControlUp Console user. The primary difference between a Monitor and a Console is the fact that the Monitor runs as a Windows Service 24/7 requiring no user interaction, and allowing for continuous monitoring and auto-remediation of your environment.
Note: If you upgrading the ControlUp Monitor from 7.x to 8.x please refer to this article - Link
Table of Content
- Benefits of ControlUp Monitor
- How Many Monitors Should Be Deployed in an Organization?
- Prerequisites for ControlUp Monitor
- Installing and Configuring ControlUp Monitor
- Domain Identity
- Login Mode
- Proxy Settings
- Scheduled Export
- SMTP Settings
- Advanced Settings
- Service Port
Benefits of ControlUp Monitor
ControlUp Monitor offers a number of benefits to admins who require continuous monitoring and auto-remediation of their enviroment (only after a Monitor is installed in the organization):
- Monitoring of resources is a continuous process, running 24/7 regardless of the presence of active ControlUp Consoles in the network. Multiple Monitor instances automatically provide mutual cluster, backup and high availability for monitoring.
- Monitors can be configured to alert ControlUp users about incidents that cannot be detected by ControlUp Console. For example, only the Monitor records “Computer Down” incidents, since the detection of this incident requires continuous monitoring.
- ControlUp Monitor can be configured to export data tables to disk in CSV format for further analysis. The Export Schedule process runs in the background and ensures continuous logging, which cannot be guaranteed using the interactive Console.
- The Monitor is mandatory for uploading data to ControlUp Hybrid Cloud Insights and for exporting activity files for the Insights On-Premises
- The ControlUp Monitor allows you to set a Shared Credential for use with your configured Hypervisor, EUC, and Netscaler connections.
- Automated Actions are executed by the ControlUp Monitor. Automated Actions are Script Actions (SAs or SBAs) that are configured to run automatically as follow-up actions of Incident Triggers.
Respectively, the following limitations apply to ControlUp organizations which do not have a Monitor instance installed:
- Monitoring of resources and alerting about system issues can only occur if at least one instance of ControlUp Console is active and connected to the entire organization.
- “Computer Down” incidents cannot be detected or recorded.
- In order to support historical reporting and trending analysis, at least one instance of ControlUp Console has to be connected to the entire organization and configured to export data tables to disk.
How Many Monitors Should Be Deployed in an Organization?
Organizations with less than the max-supported capacity per a single monitor node, (e.g. less than 400K processes organization-wide) of managed computers and other resources to monitor will normally only require one ControlUp Monitor, especially if all of their managed resources are at the same location. In such organizations, a second Monitor can be deployed to serve as a backup for the main Monitor and ensure high availability.
Larger organizations, or those with multiple data centers in different regions, should deploy additional Monitors – about one monitor node up to the max-supported volume which is 400K processes. With an additional one per site for backup and high availability. For additional information, see Introduction to ControlUp v8.1 .
Prerequisites for ControlUp Monitor
ControlUp Monitor can be deployed on any computer running Windows Server 2008 R2 or later. It requires the .NET Framework 4.5 features to be enabled, RPC access to be enabled at the installation phase and Powershell 5.0 (for Windows PS API).
In addition, in order to enable the Monitor Service to connect to all your managed computers, you will need to assign domain credentials to the Monitor Service as described below in the "Domain Identity" section.
Note: For any Sizing Recommendations please refer to this KB article: ControlUp Sizing Guidelines
Installing and Configuring ControlUp Monitor
By default, no instances of ControlUp Monitor exist in a ControlUp organization. In order to install a new instance of ControlUp Monitor, go to the Home Ribbon and click on Add Monitor.
Alternatively, click on the "Monitor Status" label in the ControlUp Monitors area below the organization tree and then click on the "Deploy Monitor" button to install and configure a monitor.
Click on “Add Monitor”. ControlUp Monitor Installation Wizard will guide you through the process of installing and configuring the monitor instance. The first stage of the Wizard is a computer object picker. Use this page to select a computer from one of your managed domains that will host the Monitor Service.
Note that by default, the Monitor Service listens on TCP port 40706, which is also customizable on this screen. After checking for prerequisites, all the files required for the installation of the Monitor Service are copied to the selected computer and a “ControlUp Monitor” Windows service is created. Immediately after installing the service, ControlUp will open the Monitor Configuration Wizard, which will gather all the required information to configure and start the Monitor service. The Wizard will go through the following stages:
In the first stage, the wizard offers to import your currently saved credentials for use by the Monitor service. If you agree, then your current list of AD Connections and Credentials Store are imported. Note that you need to click “Edit” for each entry to confirm that the correct credentials are being used for each AD Connection. If you connect to more than one AD domain, choose one of the connections to be the primary one. If you decline to import your personal credentials, you will be prompted to create at least one set of valid AD credentials for the Monitor instance to use when connecting to your resources.
The Monitor Service needs valid credentials to establish connections with all of your managed computers. It is also responsible for deploying ControlUp Agents to the managed computers, in case they have no agent installed. By default, ControlUp Monitor service is configured to start using the Network Service account, which is not sufficient for administrative connections to your managed computers. In addition, if your organization includes several Active Directory domains, the Monitor will need valid administrative credentials to access all these domains.
It is recommended that you create a dedicated account for the ControlUp Monitor in each of your Active Directory domains. This account needs to possess:
- Local administrative privileges on all your managed computers (this is optional and only required if your Monitor will be expected to deploy Agents to systems)
- Modify permissions on the directory used for scheduled data export (see below)
Shared Credentials Store – ControlUp allows managing credentials centrally so all authorized users can use shared credentials sets. This enables for more streamlined management of credentials and a quicker onboarding process for new ControlUp users which does not require them to know the service usernames and passwords.
Please note that the Shared Credentials permission are set by the roles in the Security Policy Panel
Note: “Local Admins” and “Organization Members” Roles are not allowed to use the Shared Credentials Store, you MUST create a new role.
The bottom of the Domain Identity page hosts the credentials saved with the Monitor instance in order to enable it to connect to your virtualization infrastructure. In order to monitor virtualization hosts, ControlUp requires for consoles and monitors to use the same credentials. In order to enable continuous monitoring of the virtualization hosts using the monitor, use this page to save the same service account credentials used by other ControlUp users in your organization to connect to your hosts. Saving those credentials is optional. However, if no credentials are provided for hypervisor connections, the monitor will not be able to connect to the hypervisor infrastructure. For more information on monitoring virtualization hosts with ControlUp, please refer to the Connect to the Virtualization Infrastructure page.
At this stage, select the type of ControlUp login for your Monitor instance. If your organization works with online ControlUp login, leave the default online option selected. In this case, ControlUp will automatically create a new ControlUp user account for your monitor instance.
If your organization uses ControlUp in Offline Mode, your ControlUp Monitor will need an offline license file, just like a regular ControlUp user.
If applicable, configure the proxy settings needed for the Monitor to connect to the Internet for login. Please keep in mind that if the Monitor is installed in a network subnet that differs from your administrative workstation, the required proxy settings may be different from the ones used on your machine.
In case of an issue connecting to ControlUp servers or uploading data to S3, please refer to this article - Missing Data In Insights
The Scheduled Export feature allows ControlUp to record any activity displayed in My Organization pane. The output CSV files can later be used to produce reports. If your ControlUp console is already configured to export data on a scheduled basis, the Monitor configuration wizard will offer you to move your export rules from your personal settings to the monitor. If you choose to agree, the monitor service will start exporting the data instead of your ControlUp console, which eliminates the need to keep a ControlUp console open in order to produce data reports. You can configure additional export rules for the Monitor.
For the scheduled export feature to work, you are required to configure the export path for the CSV files, as well as a credentials set which is sufficient for the monitor to write files to that directory. The export path can be either a local or a UNC path. In case the “Delete files older than…” option is configured, the configured account will also need permission to delete files.
ControlUp supports delivery of email alerts using a user-provided SMTP server, which is useful for customers who cannot or prefer not to utilize the built-in cloud alerting service. In order to submit alert messages to a custom SMTP server, the Monitor service needs to be configured with the server name or IP, sender details, and credentials.
This tab of the Monitor Configuration window allows for customizing those details. If no information is provided on this page, incident triggers using the “Send an email alert using a local SMTP server” follow-up action will fail to generate email alerts.
ControlUp Monitor can be configured to regulate information updates from the Agents. Configurations on this tab of the Monitor Configuration window may help with optimizing resource consumption by the Monitor Service.
For more information regarding the regulation of information updates and its impact on the performance of ControlUp, please refer to the Advanced Settings section in the Settings Window documentation.
After the initial installation and configuration, this tab is available in the Monitor Configuration window. This allows you to configure a TCP listening port number for the ControlUp Monitor Service. The default port is 40706.
Note: ControlUp Monitor is similar to a ControlUp console, acting like a client that connects to a listening TCP port (40705 by default) on the managed computers. The Monitor listens on port 40706 only to allow ControlUp console instances in your organization to receive status updates and display the status of the monitor in the console. This port is not used for communications with managed computers.