• Does ControlUp support a multi-tenant environment?

    The short answer is yes. Our permission delegation and multi Network/AD forest support enable multi-tenancy. ControlUp supports different types of MSP topologies:

    • In a simple scenario, MSPs have a single data center and network that is supported by a single AD forest. As a result, all of the tenants reside on the same infrastructure that is located in the same network and use the same AD forest. This scenario is simple because it acts just like any enterprise that ControlUp supports out-of-the-box.
    • In a more complex environment, MSPs can use a multi AD forest with different networks (subnets) that may or may not be connected. An MSP can have separate forests for each tenant and separate physical locations for each forest. Of course, each MSP works differently. One may have multiple tenants working on the same infrastructure and network while a few other tenants may need their own networks (due to specific security constraints, for example).
  • Does ControlUp support multiple AD forests/networks?

    Again, the short answer is yes. For multi-AD support, where a single console supports multiple (untrusted) AD forests, the following prerequisites apply:

    • The computer running the console should have LDAP access to the relevant AD forests’ Domain Controllers.
    • DNS conditional forwarding should be configured so the computer running the console is able to resolve any relevant AD DNS entry in the external forest.
    • The console should have valid AD credentials in the external forest.

    In order to support multiple external networks, the following prerequisites apply:

    • The ControlUp agent needs to be pre-installed on the relevant target computers (the agent MSI package can be used to accomplish this).
    • A single incoming TCP port (40705 by default) must be opened on the external network to support console–agent communication.
    • For Hypervisor support, incoming HTTPS port (443) has to be opened on the external network to support console-Hypervisor communication.
    • From a bandwidth point of view, each console-agent channel will consume ~1 KB/s.
  • Does ControlUp support permission delegation for each tenant?

    ControlUp’s security policy feature enables customers to create a separate role for each tenant. By using our folder structure, each tenant can be limited to solely view and manage his/her individual environment. 

    Learn more