• Moving from On-Premises to Hybrid Cloud

    ControlUp users can choose to move from On-Premises to Hybrid Cloud, this actions needs to be coordinated with your account manager in order to achieve this process because there are licensing differences. 

    Moving to our Hybrid Cloud will require these following steps:

    1. License change from On-Premises to Hybrid Cloud. (for this step, please contact your account manager or support at support@controlup.com)
    2. Log in to your OnPremises ControlUp Console
    3. Uninstall all Agents (see screenshot below.) (If you have deployed via MSI, you will need to uninstall via the same method.)
    4. Registry change. Go to HKEY_LOCAL_MACHINE -> SOFTWARE -> SMART-X -> CONTROLUP -> AGENT -> PRIVETCLOUD and change the value of "IsUsingPrivateCloud" to 0.
    5. Download the latest Console from our website and launch it.
    6. Login to the same organization that you used on your ControlUp On-Premises environment.
    7. You will need to manually recreate your folder structure and personal settings.

    The following image explains how to do it quick and clean:


  • ControlUp Hybrid Cloud Implementation Requirements

    A ControlUp Hybrid Cloud implementation is composed of three main components; a Console for real time environment monitoring and management, Monitor to monitor your environment 24/7 and upload historical and analytics data to our Hybrid Cloud infrastructure, and Agents to communicate with the Console and Monitor. 

    ControlUp Console Requirements

    ControlUpConsole.exe is the main executable used for data display and task invocation. There is no setup routine necessary in order to start using ControlUp. Just download the executable and run it on your admin station or a management server.

    ControlUp console was tested on:

    • Windows 7
    • Windows 8 and 8.1
    • Windows 10
    • Windows Server 2008, Windows Server 2008 R2
    • Windows Server 2012, Windows Server 2012 R2
    • Windows Server 2016.

    ControlUp Console is the primary user interface for monitoring and managing your resources.

    • The Console requires no database.
    • All the data you see in it is stored in RAM, which allows for blazingly fast manipulation of data. As a result, ControlUp Console memory usage can be intensive, depending on the number of managed machines.
    • A RAM footprint of about 1GB (Working Set) is normal when managing an enterprise with up to 500 live user sessions, while thousands of sessions can bring the console’s RAM usage up to several gigabytes.

    In larger environments we recommend using a high-performance server for running the console. There are also some performance optimizations you should consider in order to reduce the amount of resources used by ControlUp Console. Please refer to the Advanced Settings documentation page for more details.

    Prerequisites for ControlUp Console

    • Domain joined desktop or laptop, Windows VM, or can be published as a XenApp application. 
    • .Net 4.5
    • No installation required. Simply download the executable from our website. 
    • AD account with privileges on the machines you wish to Monitor/Manage
    • Credentials (a service account is best) and URL for your hypervisor (XenServer, VMware, Hyper-V)
    • AD account with help-desk or higher permissions in the 7.15 environment (and the Broker IP or host name)
    • Firewall exceptions inside the company for RPC/WMI and ports 40705 and 40706 (or Windows firewalls off)
    • Internet connectivity from the monitor and Console machines (it can be via proxy)


    ControlUp Monitor Requirements

    ControlUp Monitor is a component principally equivalent to ControlUp Console, but without an interactive user interface. Once installed and started, ControlUp Monitor signs into your ControlUp organization and connects to your managed computers. The Monitor starts receiving system information and performance updates from your organization, just like an additional ControlUp Console user. The primary difference between a Monitor and a Console is the fact that the Monitor runs as a Windows service, requiring no user interaction and allowing for continuous monitoring of your resources.

    Benefits of ControlUp Monitor

    ControlUp Monitor offers a number of benefits to admins who require continuous monitoring of their resources:

    1. After a Monitor is installed in the organization, monitoring of resources is a continuous process, running 24/7 regardless of the presence of active ControlUp Consoles in the network. Multiple Monitor instances automatically provide mutual backup and high availability for monitoring.
    2. Monitors can be configured to alert ControlUp users about incidents that cannot be detected by ControlUp Console. For example, only the Monitor records “Computer Down” incidents, since detection of this incident requires continuous monitoring.
    3. ControlUp Monitor can be configured to export data tables to disk in CSV format for further analysis. The scheduled export process runs in the background and ensures continuous logging, which cannot be guaranteed using the interactive Console.
    4. The Monitor is mandatory for uploading data to ControlUp Hybrid Cloud Insights and for exporting activity files for the Insights On-Premises

    Respectively, the following limitations apply to ControlUp organizations which do not have a Monitor instance installed:

    1. Monitoring of resources and alerting about system issues can only occur if at least one instance of ControlUp Console is active and connected to the entire organization.
    2. “Computer Down” incidents cannot be detected or recorded.
    3. In order to support historical reporting and trending analysis, at least one instance of ControlUp Console has to be connected to the entire organization and configured to export data tables to disk.

    Prerequisites for ControlUp Monitor

    ControlUp Monitor can be deployed to any computer running Windows Server 2008 or later. It requires the .NET Framework 3.5 features to be enabled and RPC access to be enabled at the installation phase. In addition, in order to enable the Monitor Service to connect to all your managed computers, you will need to assign domain credentials to the Monitor Service as described below in the "Domain Identity" section of the Monitor Deployment guide.

    ControlUp Agent

    The ControlUp Agent is a lightweight service that gets installed on the managed computers in your organisation. Installing the Agent on your systems allows you to use ControlUp Real Time Console to perform in depth monitoring, advanced systems management, and in depth configuration evaluation. 

    ControlUp agents have minimal performance impact

    • CPU usage – consistently 0% to 1%
    • RAM consumption – 60 to 90 MB
    • I/O – zero disk activity
    • No software hooks, no drivers and no reboot needed

    Prerequisites for ControlUp agents

    • Windows OS (all versions supported, from Windows XP to Server 2012 R2)
    • .Net Framework 3.5 SP1 or 4.5
    • Single incoming TCP port (by default 40705) open for ongoing console/monitor communications
    • RPC and WMI access for initial deployment via the console, if access not available manual installation can be done using an MSI package
  • On-Premises Installation Prerequisites

    ControlUp On-Premises Architecture


    ControlUp On-Premises mode enables organizations to install the ControlUp back-end components on their on-premise private cloud / data-center. The following drawing is a high-level overview of ControlUp 7.x architecture when working in On-Premises mode:




    On-Premises Server Prerequisites:

    Supported Operating Systems

    • Windows Server 2016 Fully Patched
    • Windows Server 2012 R2 Fully Patched
    • Windows Server 2008 R2 Fully Patched


    • Free space of 50 GB
    • 4 GB of RAM
    • 2 vCPUs
    • Join server to Domain
    • Disable the UAC
    • Microsoft .Net Framework 4.5.1
    • Microsoft .Net Framework 3.5



    Supports Microsoft SQL Server versions –

    • SQL Server 2016 Standard, and Enterprise Editions.
    • SQL Server 2014 Standard, and Enterprise Editions.
    • SQL Server 2012 Standard, and Enterprise Editions.
    • Note –
      • It is recommended to separate the ControlUp server from the SQL server for better performance
      • SQL 2008 is NOT supported (R2 as well), in case you are upgrading from v5, you will need to upgrade from v5 > v6 > v7 etc. Not recommended to jump from 5 to 7. 
        • We strongly recommend to have a dedicated clean server from the installation
        • The ControlUp data base needs to be moved to a supported SQL
        • In the on-premises upgrade wizard define the new SQL details
      • Run the exported upgrade SQL script on the ControlUp DB (follow the installation guide)
      • SQL Data Base recommended size - 50GB

    Email Alerts Feature

    Requires a local SMTP Server.


    Required Files

    • Please coordinate with ControlUp Support to receive the installation media for ControlUp On-Premises



    • ControlUp On-premises requires a license file provided by ControlUp
      • The license is a XML file
      • In order to receive the file, please follow the steps described in step 3 of the ControlUp On-premises installation guide.


     Required AD Users & Groups

    • ControlUp Users Group
      • Members of this group will be authorized to use the ControlUp console
      • Global AD groups are supported
    • ControlUp Service Account
      • The ControlUp service account runs the ControlUp On-premises server services, IIS Pools and will have db_owner right on the SQL database
      • Note – the installation wizard supports configuring a different account for the SQL database user
    • Primary Monitor Account -
      • Account defined in the monitor settings -> Identity 
      • The Monitor primary AD account require the "Log on Locally" user right on the Monitor service VM, so please verify 2 things:
        • the account has the "Allow log on locally" user right
        • the account is not part of the "Deny log on locally" user right

    Related Ports

    • In order for the solution to work, you need few ports to be open:
      • On-premises server <-> ControlUp Console: Port 443
      • On-Premises server <-> SQL server: Port 1433 (need to verify with DBA)
      • ControlUp Console <-> ControlUp Agent: Port 40705
      • ControlUp Console <-> ControlUp Monitor: Port 40706


    • During the installation we add IIS and LDS Roles to the ControlUp On-Premises Server
      • If the IIS is already installed and contains any other sites, they will be overwritten


    ControlUp’s Insights Server Prerequisites:


    Supported Operating Systems

    • Windows Server 2016 Fully Patched
    • Windows Server 2012 Fully Patched
    • Windows Server 2012 R2 Fully Patched



    • Free space of 50 GB (as starting point)
    • CPU: 2 x 6 cores of 2+ GHz
    • RAM: 12 GB
    • RAID: 0 or 1+0


    • Make sure the server does not have splunk already installed, we do not support parallel installations.
    • RAID 0 disk configurations do not provide fault-tolerance. Confirm that a RAID 0 configuration meets your data reliability needs before deploying a Splunk Enterprise indexer on a system configured with RAID 0.

    In an enterprise production deployment, it is recommended that ControlUp Insights On-Premises is provided with dedicated hardware resources, especially I/O. Running the system on virtual machines is supported, but performance is expected to degrade when hardware resources are allocated from a shared pool.

    Daily Indexing Volume

    The daily amount of data ingested into the Insights database is a key parameter that will be used for deployment and capacity planning. This parameter can be estimated using the following calculations:


    • For end-user computing workloads using shared desktops (e.g. in a server-based computing scenario using Remote Desktop Services) - 3MB per user / day
    • For end-user computing workloads using private desktops (e.g. in a VDI scenario) - 6MB per user / day
    • For general-purpose servers (e.g. infrastructure servers / DC / database / DNS / file servers, etc.) - 8MB per server / day


    The following example demonstrates a calculation of daily indexing volume for a virtualized environment with 1000 shared desktop users (peak concurrent), 500 personal desktop users (peak concurrent) and 30 general-purpose servers:


    Resource type


    MB / day

    Expected Daily Indexing Volume

    Shared desktop users

    1000 (peak concurrent)


    3,000 MB

    Personal desktop users

    500 (peak concurrent)


    3,000 MB

    General purpose servers



    240 MB



    6.24 GB


    The end result of the calculation above (6.24 GB) is the daily indexing volume that will be used for capacity planning of Insights database storage as described below.


    Insights Database

    The sizing of storage for hosting the Insights database is based on the daily indexing volume multiplied by the number of days for which data is expected to be retained in the database, and by then multiplied by an additional constant which estimates the overhead associated with summary indexing and other auxiliary data accumulated in the database.

    For example, an environment in which the daily indexing volume is 6.24 GB and the retention requirement is 365 days, the amount of disk space required for the Insights database is expected to be 2.28 TB. This estimate should be multiplied by 1.3 to predict indexing overhead, resulting in a total storage volume of 2.96 TB.


    Data File Share

    The data file share is a temporary storage location in which activity files are queued before ingestion into the Insights database.

    The recommended amount of free space available on the data file share depends on the daily indexing volume.

    By default, activity files are not removed from the data file share after being successfully ingested into the Insights database. It is therefore recommended that the data file share has sufficient capacity to accommodate activity files for the maximal period of time during which Insights On-Premises Server might be down.

     For example, to accommodate for 7 days of downtime in the example environment described above, the data file share size should be 6.24 GB x 7 days = 43.68 GB.


    • Please give modify permissions to the Monitors primary AD account on the shared folder of the data activity files (both share and NTFS).
    • Please add the Monitors primary AD account to the local Performance Log Users Group (On the Monitor server).
    • The Monitors primary AD account requires the permission "Log on Locally" on the Monitor VM where the service is installed.
    • The Monitors primary AD account can not be assigned the group policy "Deny log on locally"
    • Until further notice we do not remove the activity files from the shared folder. Please make sure you have enough free space and the needed hardware to support the IOPS activity.
    • The IOP Server's AD machine account must have read access to the file share via both NTFS and Share permissions. 

    ControlUp Real Time Console


    Supported Operating Systems


    • Windows 7
    • Windows 8 and 8.1
    • Windows 10
    • Windows Server 2008, Windows Server 2008 R2
    • Windows Server 2012, Windows Server 2012 R2
    • Windows Server 2016


    The only software prerequisite for the console is Microsoft .NET 4.5. Please ensure this prerequisite is met before running ControlUp or when upgrading from older (pre-v6) versions of ControlUp.


    ControlUp Monitor


    Supported Operating Systems

    • Windows Server 2008 R2 or later

    Other Prerequisites

    • .Net Framework 4.5
    • RPC Access (at the installation phase)
    • Powershell 5.0 (for Windows PS API)
    • The Monitor primary AD account require the "Log on Locally" user right on the Monitor service VM (the service account defined in the monitor settings-> identity tab). So please verify 2 things:
      • the account has the "Allow log on locally" user right
      • the account is not part of the "Deny log on locally" user right 






  • Managed Computers Requirements

    ControlUp supports managing computers that run:

    • Windows 7
    • Windows 8 (or 8.1)
    • Windows 10
    • Windows Server 2008 (Full installation only\core edition is not supported), Windows Server 2008 R2
    • Windows Server 2012
    • Windows Server 2016 (Core or Full Installation).

    Managed computers should have:

    • Microsoft .NET Framework 3 installed (3.5 SP1 recommended)
    • Windows 7 or Server 2008 R2, the built-in .NET Framework feature should be enabled
    • Alternatively, .NET Framework 4.5 can be used on managed computers running Windows 8 / Server 2012 or later
    • ControlUp requires RPC access for remote agent installation and a single configurable incoming TCP port open (40705 by default) for agent communication. In case your managed computers are inaccessible using RPC, you can deploy the ControlUp agent using an MSI package. For more details, see “Add Managed Computers”.
  • Active Directory & DNS Requirements

    Active Directory is a prerequisite for managing computers using ControlUp. If your network includes computers that are not joined to a domain, you will be able to connect to these computers using ControlUp’s Remote Desktop view while other actions will not be available.

    The computer on which ControlUp Console is executed does not have to be a domain member. However, you will be required to enter valid domain credentials in order to manage computers in your environment.

    Full DNS name resolution is also mandatory for management connections using ControlUp. You should be able to access all of your managed computers using their Fully Qualified Domain Names (FQDN).

    As an exception to the above, virtual machines (including non-Windows guests) can be monitored via the hypervisor layer without the need for DNS resolution or AD domain membership. This agentless approach only enables access to VM-related data known to the hypervisor, not guest OS data.
    (Read more…)

    By default, ControlUp queries Active Directory for the DNS suffix when managed computers are added to the organization tree. For networks in which the domain name is not identical to the default DNS suffix of all computers, ControlUp supports for providing a custom DNS suffix during computer addition.
    (More details…)

  • Security Rights & Permissions

    By default, local administrative privileges on all managed computers are required in order to connect to these computers using ControlUp. Every time you attempt to run a management action using ControlUp, your Windows credentials will be evaluated according to your current ControlUp mode:

    • Enterprise Mode – in this mode ControlUp operates by evaluating both your current Windows credentials and the Security Policy configured using your organization’s central configuration. In Enterprise Mode the permissions may be restricted to limit access to ControlUp features for designated administrators, regardless of their existing Windows rights.
    • Standalone Mode – your Windows user account will always need to have full administrative rights on all target computers. If your account is not a local administrator on the managed computer, ControlUp agent will refuse the connection and you will not be able to monitor performance or execute management actions on that computer.

    For more information on configuring ControlUp permissions, see the Secure Your Organization chapter.

    For agentless monitoring of virtual machines, access permissions for the hypervisor are required. For more details, see Hypervisor Monitoring Requirements.

  • Hypervisor Monitoring Requirements

    Supported Hypervisor Platforms

    ControlUp supports VMware v4.x/5.x/6.x environments that are managed by vCenter. Standalone ESX/ESXi servers are not supported. ControlUp also supports Citrix XenServer v6.1 (with the Performance Monitoring Enhancement Pack, CTX135033), v6.2 and v7.0. For earlier versions, some performance columns not yet implemented in XenServer might be displayed as N/A. 

    Microsoft Hyper-V 2012 R2, Microsoft Hyper-V 2016 including standalone and clustered hosts. Please note that ControlUp Agent needs to be installed on the Hyper-V hosts to enable monitoring them as hypervisors (The console does not work on any version of Core, but the agent is fine as long as you have .Net 3.5.1 or .Net 4.6.2.).

    ControlUp Console supports two hypervisors platforms running on Nutanix (AOS), VMware vSphere and Nutanix Acropolis Hypervisor (AHV). You can now also manage your Nutanix AHV clusters - live, with real-time metrics in the familiar ControlUp way(https://support.controlup.com/hc/en-us/articles/360001166145-Connecting-to-your-Nutanix-AHV-hypervisor).

    Network Connectivity

    ControlUp data collection agents (ControlUp Console by default, or agents if explicitly designated) require https (tcp/443) access to the vCenter server or the XenServer pool master.

    Hypervisor Permissions


    Required vCenter permissions: the Read-Only role is sufficient for all monitoring purposes. If you want to be able to use the built-in hypervisor-based VM power management functions, then you will need to create a custom role based on the Read-Only role, adding the following permissions:

    • In the Virtual Machine/Interaction category:
      • Power Off
      • Power On
      • Reset


    If Active Directory authentication is enabled for the XenServer pool, then the Read-Only role is sufficient. If you want to be able to use the built-in hypervisor-based VM power management functions, then you will need to upgrade the user role to ‘VM Operators’.


    ControlUp requires for the user\service account to have 'Viewer' only role for view only capabilities (the user that you connect your Console to the hypervisor with). If you want to perform VM power management & host maintenance actions, you'll need to grant the user\service account with the 'Cluster Admin' role.

    In order to use a dedicated user\service account that you already have configured in your environment - you'll need to add your organizational Active Directory to Nutanix by going into Prism, Click the Gear Icon> 'Authentication'. When you're finished with adding your AD - you can 'Test' the connection in ControlUp console and verify that it works. 

    If you don't want to connect your AD to your Nutanix cluster, you can create a local user in the Nutanix local management within Nutanix Prism. Click the Gear Icons > 'Local User Management' and add the user with the proper role required.