Contents x
    How to view a Multi-Domain Environment
      • Print
      • Dark
        Light
      • PDF
      Contents

      How to view a Multi-Domain Environment

        • Print
        • Dark
          Light
        • PDF
        Article Summary

        Prerequisites: AD Forests

        Removed AD Dependency
        From version 9.0, you can deploy ControlUp Monitors on machines that are not joined to a local Active Directory (AD) domain. For details, see Removed AD Dependency for Monitors.

        You must meet the following prerequisites for a single ControlUp Real-Time Console to support multiple (untrusted) AD forests:

        • The machine running the console must have LDAP access to the relevant AD forests.
        • Enable the following ports on all domain controllers in the forest:
          • LDAP (TCP/UDP port 389)
          • Kerberos authentication (TCP/UDP port 88)
        • Configure DNS conditional forwarding so the machine running the console is able to resolve any relevant AD DNS entry in the external forest.
        • Verify that the console has valid AD credentials in the external forest.

        Prerequisites: Multiple Networks

        You must meet the following prerequisites to support multiple external networks:

        • Install the ControlUp Agent on the relevant machines. You can use the agent MSI package to perform this installation.
        • Open an incoming TCP port (40705) on the external network to support communication between the console and the agent.
        • Open an incoming HTTPS port (443) on the external network in order to support communication between the console and the Hypervisor communication.

        The bandwidth consumption of each console-agent channel is approximately 1 KB/s.

        AD Connections 

        You can use the Settings > AD Connections tab to add managed domains and to configure the credentials required to connect to the domains. If you run ControlUp as a domain user, this list may appear empty, meaning that your current domain credentials are used wherever required.

        ControlUp enables you to manage computers from multiple AD domains and forests. You can even manage computers that belong to multiple untrusted AD domains and forests within the same console. All you require is an AD connection, which consists of a domain FQDN and valid credentials.

        You can also use the AD Connections tab to enable ControlUp organizations to span multiple Active Directory forests. When you log into ControlUp, a list of available organizations is determined based on the AD forest that currently authenticated your Windows session. If you create a new ControlUp organization from forest A, and then later open ControlUp from a machine logged into forest B, the organization won't appear on the login wizard.

        View a Multi-Domain Environment

        To display your new organization in forest B, perform the following steps:

        1. Open ControlUp in a Windows session logged into forest A.
        2. Log into your ControlUp organization.
        3. Click Settings > AD Connections to create an AD connection to forest B while providing valid credentials. Click OK.
        4. Select the AD connection, click Edit, select the Trust tab, and select both Allow users from... checkboxes.

        5. Open ControlUp in a Windows session logged into forest B. Your ControlUp organization appears on the organization dropdown list.

        Important
        The license is only assigned to a specific forest. If the license is linked to forest A and you're logged into your ControlUp organization from forest B, you are able to manage your environment according to the license linked to forest A. 
        Was this article helpful?
        What's Next