ControlUp does not save any unique data on the managed machines. Therefore, there is no need for additional preparations beyond the proper installation of the agent and allowing inbound TCP 40705 on the master image using Citrix PVS, MCS, or VMware linked clone technologies.
There are two possible methods of deployment that an administrator can use to mix-and-match for different groups of monitored machines. Regardless of the method, the agent settings for deployment from the console (as well as for ongoing communication) are found in the Agents Settings tab:
IMPORTANT: Regardless of the method used, to monitor the PVS/MCS/clone machines, each machine must be added separately.
Deploy the ControlUp Agent to the master/golden image from the console, by adding the golden/master image’s machine. Once the machine is ready it turns green, and the agents on each computer deployed from that template is ready.
- When upgrading the console and environment, the agents can be updated on-the-fly from the console until the master image is updated.
- The master/golden image domain needs to be joined and able to connect to the ControlUp production environment to be configured properly.
- The console deployment does not automatically create a Windows Firewall to enable the inbound 40705 port.
Install the agent using our MSI package here. Select the proper version to match your console version and build, and then install the agent on the master/golden image.
To do so, click here, or go to Settings > Agent and click Download MSI Package and the Agent Package Download page appears.
- Agent MSI can be installed in non-domain master/golden images or on an environment that is not connected to ControlUp.
- The MSI installation also creates an inbound allow rule enabling the TCP 40705 port.
- The MSI cannot be replaced from the console, so PVS/MCS/clones remain with an older agent and while they can be monitored, new agent functionalities might not be available until the master/golden image is updated.
- Currently, previous MSI agent must be removed before installing a new version. This can be done manually or using a remove/add script of your own.
Secure communications between ControlUp Console/Monitor and ControlUp Agent
To secure the communication between the installed agent and the ControlUp environment, we recommend you do the following.
- On any computer running the ControlUp agent, enable a Firewall inbound rule that allows access to port 40705 only to authorized computers.
- Add these computers which ideally should use static IP addresses:
- Computers running the ControlUp Monitor service
- Computers running the ControlUp Console
If you don't own a firewall for your network, we recommend using the built-in Windows firewall alongside a Group Policy to apply the firewall rule to all machines running the ControlUp Agent.
Note: This recommendation reduces the risk of a potential attacker manipulating a ControlUp Agent using malicious code in case that potential attacker has penetrated the organization network.