• Welcome to Solve

    Welcome to Solve by ControlUp. 

    ControlUp Solve gives you powerful and comprehensive, real-time monitoring and analysis in a hosted web application.

    Accessing via a web interface means there's less resource consumption on the endpoints that are logging in and viewing the data, giving you and your users a leaner, more performance-driven experience.

    SOLVE.jpg

     

    Solve provides a wide range of new functionality including:

    • Dashboard widgets that have been configured to provide you the latest, most relevant information on your environments, right out-of-the-box. See more details below.
    • Topology view of your environment that displays the relationships between components. Discovered components are displayed dynamically. You can drill down from each component to access detailed performance information. See more details below and in this article.
    • Drill down from any component in the topology or dashboard widgets with powerful contextual navigation built from our recommendations engine.
    • Data grids from the ControlUp console with a more modern look and feel and lots of new features. 
    • Historical Trends for metrics related to machines and hosts.
    • Access to Scoutbees and Edge DX

    Navigation

    SolveMenuborder.png

    The main navigation on the left gives you the option to select how the data is displayed and which data to display. 

    Tree

    SolveTreeOpen.png

    Your organization is represented in the same tree structure as in the ControlUp console. You can choose to open and close the tree with open triangle icon on the left side below the page navigation icons.

    The data in the Dashboard and Discovery views are displayed in the Solve web page, based on the context you selected in the organization tree. For example, if you set up a folder in the ControlUp console to represent the components that belong to a certain team in your organization, when you highlight that folder in Solve, only the performance and monitoring data for those components are displayed in the topology, widgets and columns.

    When a folder is highlighted in the tree affecting the data displayed, this message is displayed telling you what data you are seeing: Focusing on: <folder name>.

    Dashboard View

    The dashboard provides out-of-the-box widgets with easy to understand visual indicators of many of the metrics, performance indicators and details found in ControlUp. These widgets provide you more insight so you can better understand the performance and status of your whole environment. The out-of-the-box widgets include the following:

    • Single statistics. For example, number of running hosts, average logon duration in seconds, datastore free space in terabytes.
    • Gauges. Computed based on data types, for example, session and process stress levels. 
    • Bar graphs. Categorized data on specific metrics, including:
      • Top 5 processes by CPU usage
      • Top 5 processes by memory utilization
      • Top 5 processes by disk usage
      • Top user sessions by CPU consumption
      • Slowest logons
    • Line graphs. Analyzing data from different sources. For example, averages, usage percentages, and usage over time.

    If you drilldown into any of the widgets, you can see the Discovery view that includes the new Topology view and the data grid below. You see this data based on the context of which widget you clicked in the Dashboard view and its related metrics.

    User Experience and Resources Selection

    SOLVE_UX_Resources.jpg

    You can choose to view the dashboard based on these selections:

    • User Experience: Displays all the metrics relevant to the end-user computing experience. These can include logon duration, user sessions, etc. You can view the metrics that affect how your users are experiencing your IT environment.
    • Resources: Displays all the metrics relevant to the infrastructure of your IT environment. These can include CPU usage, memory, network, machines, disk space, etc.
    • All: Displays metrics for both User Experience and Resources. This is the default display.

    Discovery View with Topology 

    The Discovery View enables you to perform accurate investigations on real-time data. The data displayed provides you with accurate and targeted information on your systems so you can efficiently discover issues as they arise.

    There are dedicated pages with specific widgets and columns depending on what you choose to highlight in the topology at the top of the page. 

    Topology

    TopologyView.png

    The topology is a new feature that displays your organization visually, showing the connections between all the elements in your monitored environment. Each of the elements can be drilled down to provide you with more information and monitoring details.

    • When drilling down from the topology, the elements are displayed in the dashboard widgets and grid below.
    • When drilling down to objects in the dashboard or the grid, use the topology to navigate between the objects that are related to the element you drilled down to, both parent and child elements.

    Drill downs, breadcrumbs 

    Solve give you smarter drill-downs and navigation to troubleshoot any issues and see the status of your environment. Drill-downs and navigations are based on common configurations so the columns you see in the grid are the ones that are most relevant to the entity selected in the drill-down. These column groupings are based on the data in ControlUp to give you the best monitoring experience and remove less relevant data.

    At the top of the SOLVE screen, you can see if you have drilled down and into what entities, so you have the context for the data you are accessing. The trail of what you have accessed is visible in this 'breadcrumb' and you can back through your steps by clicking any entity appearing in the breadcrumb.

    The Topology at the top of the solve screen also changes based on what you might have accessed in the grid. 

    Grid with Grid Options

    SolveGridOptions.png

    Columns options:

    • Search
    • Enlarge / Decrease column grid
    • Grid at full screen
    • Select columns

    If you find that there are columns that you want to see that are not appearing in your view, you can search and add more columns. You can save your view and restore defaults to revert to the ControlUp suggested column view.

    Historical Trends

    While Solve's power lies in its real-time monitoring, you can also use it to view historical trends on any metrics related to machines and hosts. These metrics are available for single entities, multiple entities and for the relevant Dashboard Widgets. Read Historical Trends in SOLVE for full details on this feature.

    Access to Scoutbees and Edge DX

    In the Solve left hand menu, you can access Scoutbees and Edge DX interfaces.

    SBandEdge.jpg

    Click the Physical Endpoints icon to access the Edge DX interface. Edge DX enables you to monitor physical devices and endpoints located anywhere – without requiring VPNs or cloud gateways. Edge DX is a systems and device management SaaS for desktop, Mac, IGEL and other devices, with features for monitoring, troubleshooting, and gathering intelligence across remote devices. For details, see Welcome to Edge DX.

    Click the Synthetic Monitoring icon to access the Scoutbees interface. This SaaS application reduces downtime and proactively monitors the availability and health of your corporate applications. You can enable synthetic monitoring for published resources through the EUC used in your environment, such as Citrix Virtual Apps and Desktops or VMware Horizon, or any Network resource such as those that can be delivered as a web service, API or website. Click here to access Scoutbees documentation.

    Solve Access and Login

    You can access Solve either directly via URL or from the ControlUp console. First-time access must be done through the Console.

    When you access via a URL, you must also identify a ControlUp organization name at the end of the URL: https://solve.controlup.com/ORG_NAME where ORG_NAME is the your ControlUp organization's name.

    The login to both ControlUp and SOLVE is now more secure and includes using a one-time passcode (OTP).

    For details on how to configure login settings and access Solve, see Login Flow for The ControlUp Console v8.2 and Up & Solve 1.0 and Up.

     

     

     

     

  • Configure Solve

    Solve is ControlUp's new, hosted web application for accessing monitoring and analysis on your IT infrastructure. Read more about this new interface here.

    Getting Started with Solve

    To use and access Solve, here are the basic steps to follow. Details for each appear in the links below.

    1. Check that you have all the necessary Prerequisites.
    2. Manage ControlUp Monitors. Monitors are required for getting data into Solve.
    3. Access SOLVE from the ControlUp Real-Time Console when accessing for the first time.
    4. Set Users and Permissions to manage who can configure and access Solve. 
    5. Optionally, Access SOLVE via Direct URL and set up LDAP or SAML authentication. 
    6. Optionally, view the ControlUp Audit Log within Solve.
    7. Optionally, Troubleshoot Monitor Issues if you don't see data available in Solve.

    Prerequisites

    • Solve is available only with version ControlUp v8.2 and above.
    • Users must have an Active Directory account.
    • Users must authenticate in ControlUp using their Active Directory account to be authorized in the ControlUp Console and in Solve.
    • Port 443 must be available from the monitor to communicate to the Solve client.
    • TCP ports required for connecting to the ControlUp Monitors:
        • RPC/WMI - for monitor deployment via the console.
        • 40706 - for monitor management.
    • If you use one of the following proxy authentication methods, these are supported for Solve: Negotiate Proxy; Basic Proxy; NTLM Proxy - if you want to use NTLM authentication for the proxy server, contact our support team to assist with the required prerequisites.

    Manage ControlUp Monitors

    Monitors are integral and required for using Solve to enable continuous monitoring of your resources. Ensure you have monitors connected to your ControlUp environment before accessing data in Solve.

    The Manage Monitors feature in the Solve tab of the Real-Time Console allows you to view the status of installed monitors in your environment. This feature also enables you to add and delete sites, add monitors to existing sites, and modify monitor settings.

    For complete information regarding ControlUp Monitors, see here.

    Manage Monitors

    To access the Manage ControlUp Monitors section, click Manage Monitors from the Solve tab of the console.

    The Manage ControlUp Monitors screen contains two tabs displaying the status of your monitors and data sources. Only connected data sources are visible. 

    Monitors Tab

    The Monitors tab displays the monitors connected to the environment.

    In the examples below, all monitors are connected properly and are displayed with a green symbol next to them.

    mceclip1.png

    If there is an issue with a monitor, the green symbol next the monitor turns yellow to alert about a warning, or red to alert about an error. A brief description of the issue appears in the Details column. To learn more about the issue, click more details... in the Status column and the More Detail popup appears. For a list of possible monitor issues, see Troubleshoot Monitors.

    Data Sources Tab

    The Data Sources tab displays the components of the environment.mceclip0.png

    Click on a data source to expand and see which monitor it is connected to each component.

    mceclip3.png

    Access Solve

    There are two ways that Solve can be accessed:

    • From the Console
    • A Direct URL that can be personalized from within Solve

    First-time access to Solve must be through the Console. Once Solve has been accessed initially from the Console, it can be configured to be accessed with a Direct URL.

    Access from the Console

    You can access Solve from the ControlUp Console by clicking Solve from the Solve ribbon.

    mceclip0.png
    Once clicked, Solve opens in your web browser.
    mceclip3.png

    Access with a Direct URL

    Solve can be accessed with a direct URL that you can customize from the Solve settings page.

    By default, the URL is set as https://solve.controlup.com/<ORG_NAME>/login, where ORG_NAME is the name of the organization.

    To customize the direct URL:

    1. Click the settings button in the lower left-hand button of the Solve window and the settings page opens.mceclip8.png
    2. Enter the the name you want to add to the URL in the textbox of the Instance URL section.mceclip9.png
    3. Once a valid and unique name as been entered, click Apply and the URL is saved and ready to use.

    To access Solve with your direct URL, go to the URL and the logon page appears as follows:

    mceclip4.png
    You can also set either SAML or LDAP authentication to access Solve via direct URL. For details on login options, see Login Flow for Solve and the ControlUp Console v8.2 and Up. For details on configurating SAML authentication, see SAML SSO for Solve.

    Add Users & Permissions

    Along with the general ControlUp permissions, there are two permissions that are specific to Solve:
    Use Solve and Manage Solve, as described below.

    For general information about the ControlUp's security policy and permissions, see here.

    To access the permissions, click User Permissions in the Solve ribbon from the ControlUp Console.
    mceclip5.png

    Use Solve

    All users from your active directory that you want to have access to Solve must have this permission. This permission also allows the user to perform the following:

    • View folder
    • Use shared credentials
    • View all hypervisors
    • Connect to data source
    • Connect to Windows machine
    • Connect to Linux machine

    For more information regarding these permissions, see here.


    Manage Solve

    The Manage Solve permission is intended for admin users of Solve. This permission grants configuration privileges, including:

    • Instance URL modification
    • SAML Single Sign On settings
    • LDAP Integration settings
    • Session Timeout settings

    To go to the these settings, click the setting button on the lower left-hand corner of the Solve window.mceclip8.png

    Note: The settings button above does not appear for when Use Solve permissions are implemented.

    Audit Log

    The audit log enables you to see actions performed on your managed assets and is available from Solve.  See here for more information.

    Troubleshoot Monitors 

    Here is a list of possible issues you may encounter when monitors are reporting data to Solve. You can access this list from the Solve tab in the Real-Time Console under Manage Monitors.

     

    Details

    Severity Indication

    More Details Description 

    Failed to open Solve connection.

    Error (Red)

    Solve connection failed. Please check if the required port (443) is open and proxy settings are configured correctly.

    Solve is Connected using HTTPS.

    Warning (Yellow)

    Solve connection failed using the desired WebSocket protocol. Please check if the required CNTLM proxy settings are configured correctly.

    Solve is Disconnected.

    Normal (Green) for up to three minutes.


    After three minutes, the Monitor indication becomes an error (Red).

    Solve is disconnected. 

    This issue may occur due to network issues, or high latency. If this issue persists, please contact ControlUp support.

    Restart monitor if failed to recover

    Solve is Disabled

    Normal (Green) Solve is disabled by admin.
  • Login Flow for Solve and the ControlUp Console v8.2 and Up

    When you first log into the ControlUp Console as a new user, you are required to register into ControlUp with your contact details including an email address. A one time passcode is then sent to that email address for verification. There is no need to sign in again into the console once you are verified.

    Insights and Solve are web applications that can be accessed from the ControlUp console. If accessing from the console links, you don't sign in and can directly access both Insights and Solve.

    Direct URL Logins

    You can also access the Insights and Solve web applications though a direct URL. Details on these options below.

    Login for Insights

    Users without SSO can log into https://insights.controlup.com/auth with their email and one-time password (OTP). For complete information about logging into Insights, see here.

    Prerequisites for Direct URL Login to Solve

    The following are required to use this login approach:

    • ControlUp Monitor v8.2 or higher.
    • Users must have an Active Directory account to use SOLVE.
    • Users must authenticate using their Active Directory account to be authorized in the ControlUp Console and in SOLVE.

    Login for Solve

    The following are the options for logging into Solve:

    • Using the Solve button from the console as described above.
    • Direct URL access using either:
      • SAML Single Sign On
      • LDAP Integration

    The ControlUp monitor facilitates communication to the Solve instance in the cloud, and serves and authorizes multiple Solve users concurrently.

    When logging into Solve:

    • First time access to Solve must be from the link in the Console even if you plan on using one of the direct URL methods after that first login.
    • Login to Solve is possible only for users who are already registered users in the ControlUp Console.

    Tip: If you are using Solve and want to open a separate window, we recommend using your browser's Duplicate feature to open that second window. You will not be asked to verify your credentials to open that second window.

    Go to Solve from the Console

    Your first access to Solve must be from the Solve ribbon in the ControlUp Console, and you can always access Solve this way from the ControlUp Console. The user accessing Solve must have a verified user in the ControlUp Console.

    SAML Login

    When logging into Solve with SAML integration:

    • Browse to the Solve instance URL, which must include the organization name (e.g. solve.controlup.com/<organization name>). You are redirected to the Identity Provider (IdP) server for authentication (for example: ADFS).
    • You submit the credentials that you use for your internal organization's IdP in the IdP's authentication webpage and the IdP server passes the credential for internal authentication.

    For details on how to configure SAML integration with Solve, see SAML SSO for Solve.

    LDAP Login

    Logging into Solve with LDAP integration uses a two step verification.

    1. Browse to the Solve instance URL that you received by email the first time you opened the ControlUp Console after the upgrade to version 8.2 or higher.
    2. You are prompted to enter a valid user principle name (UPN).
      Note: If you don't know your UPN, go to cmd and enter: whoami /UPN and press enter, and your UPN should appear.
    3. Go through the one-time password (OTP) verification. The OTP is sent to your registered ControlUp email - the one you used to register to ControlUp. 
    4. After you pass OTP verification, you are prompted to enter your valid Active Directory password and Solve opens.
      When entering the OTP, you can select Don't ask again on this computer, and skip the OTP verification for 30 days on this computer.

    Troubleshooting

    • Make sure that you’re using Chrome or Edge! 
    • Try clearing your browser cache, then try again.
    • Try logging into an incognito (Chrome) or InPrivate (Edge) browser window.   
    • Make sure that the IP you’re entering to access Solve is on your organization’s whitelist. 
    • Check that if using LDAP, you are entering your UPN and not your ControlUp user email address (even though these may be the same).

    Configuration

    Once you have have accessed Solve from the console, you can configure Solve to be accessible with a SAML or LDAP login. For details, see Configure Solve.

    To make Solve accessible via SAML or LDAP: 

    1. From the lower left corner of the Solve dashboard, click the settings button and the Setting screen appears.
      mceclip0.png
    2. From the box in the upper left corner, select either SAML Single Sign On or LDAP Integration. and the page scrolls to the selected section.
      Settings.jpg
    3. Enable/disable SAML Single Sign On or LDAP Integration by toggling the Turn on/off buttons in the respective sections and the selected integration is enabled/disabled.

    Read here about the details for configuring SAML SSO authentication for Solve. The article includes a use case example for configuring ADFS.

    Note: If SAML and LDAP are both configured, only the SAML configuration works.

    For more information, contact support@controlup.com 

  • SAML SSO for Solve

    When accessing Solve via a direct URL, you can configure SAML to enable Single-Sign On (SSO) authentication. The settings in Solve enable you to set up a trust relationship between the URL hosting Solve and your company's Identity Provider (IdP) so users can access Solve securely.

    Here is an overview of what you have to do to configure SAML with detailed steps provided below.

    • Enter the required URLs from your IdP into the Solve settings page.
    • Upload a trust certificate from your IdP into the Solve settings page.
    • Download the trust certificate from the Solve page and add it into your IdP.
    • Retrieve the necessary fields from the Solve settings page and enter them into your IdP.

    Here are the specific steps you have to perform. Below this procedure, we have provided a use case using the Active Directory Federated Service (ADFS) as an example of how to configure an IdP with the Solve settings.

    To configure SAML in the Solve interface:

      1. In your chosen IdP, locate the trust certificate to use for Solve and copy it to a location accessible to the local computer from where you are accessing Solve.
      2. Open the ControlUp Real-Time Console.
      3. Access Solve from the Solve menu on the top ribbon of the console.
        The Solve interface opens in a browser window.
      4. In the Solve home page, click the settings link on bottom of the menu on the left side of the window.
      5. In the Solve Settings page, turn the toggle button on for Enable SAML (SSO) Authentication.
        Note: It is recommended not to enable both SAML and LDAP. If both are enabled, Solve uses SAML authentication.
      6. Enter the following URLs from your IdP: 
        - IdP Login URL. The URL used for logging into your IdP.
        - IdP Logout URL. This is an optional field to use for signing out of the IdP.
        For example, if ADFS is the IdP, the URLs could look like this with your company's domain:
        SignURLsDomain.jpg
      7. Click IdP Signing Certificate and locate the certificate from your IdP that you copied in step 1.
      8. Enter the Entity/Issuer ID. The virtual server as configured in the IdP connection certificate.
        For example, the URL could look like this with your company's domain:
        VirtualServerIDsURL.jpg
      9. The Solve settings page provides you with the following values: 
        - Relying Party Trust Identifier. The uniform resource name that is a unique, persistent identifier.
        - Endpoint/Assertion Login URL. The endpoint that your IdP will use to redirect during the authentication process.
        - Assertion Logout URL
        Here's an example of what these values could look like:
        SOLVEvalues.jpg
        Copy these values and enter them into the appropriate locations in your IdP.
      10. Under Solve Signing Certificate, click the certificate link to download the trust certificate for Solve and save it in a location that your IdP can access. 
        SignRequest.jpg

    Now you can return to your chosen IdP and create an endpoint for Solve using the values provided and the downloaded certificate. 

    Use Case Example - Active Directory Federated Service (ADFS)

    Read here to get the basic details of how to configure secure SAML authentication if your Identity Provider (IdP) is ADFS. 

    1. Open your ADFS interface.
    2. Under the Service folder, click Certificates. Copy one of the certificates to a location accessible to the user configuring the SAML settings for Solve. 
      ADFS_Certificates.png
      This is step 1 of the procedure above, and you upload this certificate in step 7 above.
    3. In the ADFS interface, select Relying Party Trusts. Right-click to open the Properties dialog.
      ADFS_RelyingPartyTrustsMenuBlank.png
    4. In the Properties dialog, select the Endpoints tab and click Add SAML... The Edit Endpoint dialog opens.
    5. Under the Trusted URL field, copy the Assertion URL you retrieved from the Solve Settings page in step 9 of the procedure above.
      ADFS_AddEndpoint.png
      Ensure that:
      Endpoint type is SAML Assertion Consumer
      Binding is POST
    6. Click OK and this Endpoint is added.
      ADFS_EndpointAdded.png
    7. In the same Properties dialog, select the Signature tab, click Add and upload the Solve certificate you downloaded in step 10 of the procedure above.
      ADFS_Signature.png
    8. In the same Properties dialog, select the Identifiers tab, and under the Relying party identifier: field, enter the Relying Party Trust Identifier value you retrieved from the Solve Settings page in step 9 of the above procedure. Click Add next to the field and you'll see the URN added to the list of Relying party identifiers in the dialog.
      ADFS_Idenfifiers.png

    Your Solve users should now be able to authenticate through your ADFS identity provider.

     

     

     

  • Historical Trends in Solve

    You can view historical trend data directly within the Solve interface. When you see a metric you want to investigate further, you can select to view historical data for the past several days.

    In this first phase of development, historical data is available for metrics that are related to:

    • Machines that have the ControlUp agent installed
    • Host metrics

    You can select to view historical trends for:

    Single Entity

    Let's say you have a machine that is showing over 90% percent CPU usage and you want to know for how long it has been performing at that state. You can drilldown to view the history of that metric over a period of the most previous 24, 48 or 72 hours. 

    To view the historical trend for a single entity:

    1. In the Discovery view in the entity grid, Hover over one of the entity's columns that are related to machine or host metrics. You'll see the clock icon in that column next to the metric.
      HistorySingleIcon.jpg
    2. Click the clock icon to open an overlay displaying the metrics for the past 24 hours. You can also select to view 48 or 72 hours.
      HistoryTimes.jpg

    Machine Trends

    Let's say you see a real problem with the machine you are viewing and you want to see further metrics but you don't want to have to start navigating to different dashboards or grid columns. Right in the history overlay you can see the following Machine Trends for the single machine:

    • CPU Utilization
    • Memory Utilization
    • I/O Utilization
    • Network Usage

    To see Machine Trends for the same machine you are viewing:

    Expand the overlay for a single machine by clicking the arrow icon next to the hours selection.
    HistoryExpand.jpg
    The Machine Trends window opens displaying the 4 relevant metrics. You can select to view the graphs in boxes or in a row. You can also select to view the data for the most recent 24, 48 or 72 hours.

    History4TrendsSingle.jpg

    NoteIf you click the clock icon HistoryIcon.jpg next to one of the entities selected, even if multiple entities are checked as selected, the historical trend view opens for just that entity. You must click the Machine Trends icon at the top of the grid to get the multiple machines view.

    Multiple Entities - Machine Trends

    You can view these same 4 metrics as the expanded Machine Trends view for up to 10 machines in the Discovery view grid. This is useful if you want to see a comparison between the metrics for several machines over time. 

    To view the historical trend for multiple entities:

    1. Hover over the area of the grid to the immediate left of the machine's name and click to select that machine.
      HistoryMultipleSelect.jpg
    2. Repeat for all the machines you want to select for this historical trend view.
    3. Once you have made all your selections (of only up to 10 machines), click the icon at the top of the grid.
      HistoryMultipleSelectIcon.jpg
      The Machine Trends window opens displaying the metrics for all the selected machines, represented by different colors for each machine in each graph.

      History4TrendsMultiple.jpg

    Dashboard Widgets

    The relevant Dashboard Widgets in both Solve's Dashboard view and Discovery view include the ability to view historical trends. The widget's data has to be mapped to the monitoring information for machines or hosts. The relevant dashboards widgets include Machines Average CPU Usage, Machines Total Network Throughput, Hosts Average RAM Usage and more.

    You can identify a relevant widget if you see the clock icon in the right side of the widget. 
    WidgetClock.jpg

    When you click the clock icon, the widget flips over to the historical trend view where you can select from the most previous 24, 48 or 72 hours. To return to the real-time view, click the open triangle to the right of the hour selection.
    WidgetHistory.jpg

     

     

     

  • Remote DX - Client Device Metrics

    Remote DX is now in beta release for v8.5 and will soon be available for general release. If you’d like to try it out, contact your ControlUp representative.

    ControlUp extends our monitoring capabilities by enabling you to now monitor remote client devices when they are logged into your virtual network. ControlUp's 'last mile' digital experience monitoring gives you increased visibility and control over your employee's client devices independent of where they work, whether in the office, from home or on the road, or the type of workspace they use, which could be virtual, physical, or cloud.

    You can see metrics on how well the device's connections are performing when your end users are remotely logging into your VMware Horizon or Citrix VDI. 

    These metrics are collected per device for those devices that have the Remote DX - Client Metrics .DLL installed. You deploy the files onto devices that connect into you Citrix or VMware Horizon environments.

    For details on supporting operating systems and deployment instructions, see Deploy Remote DX - Client Metrics Monitoring onto Client Devices.

    Client Metrics in the Console and Solve

    Once the monitoring agent files are deployed onto your users' client devices and metrics are collected, these metrics appear in the Real-Time Console and in the Solve interface as described below.

    Some of the metrics that ControlUp monitors include:

    • Latency:
        • LAN Latency. Latency between the client device connected to the session and the local router.
        • Total Session Latency. Total session latency from the client device calculated from the second callback.
        • Internet Latency. Latency between the client device connected to the session and the Google DNS servers.
    • WiFi signal strength plus data such as authentication, SSID, channel, etc.
    • NIC (Network Interface Controller) speed, type, name
    • Client OS version
    • Foreground app
    • Client inactive time
    • Local router IP

    There is also a metric for Client Device Score that calculates a combination of metrics to display how well the device's connections are performing overall. The score is displayed as a colored icon HouseIcon.png in its own column and is based on the worst threshold among these metrics: WiFi Signal, Lan Latency, Total Session Latency, Internet Latency.

    Real-Time Console

    There is a new column preset that you can select when viewing these metrics for your remote users’ devices. In the Presets menu in the top ribbon, select Client Metrics and you can see all the columns related to these metrics.
    ConsoleColumns.png

     

    Solve

    In the Solve web interface, there are columns you can select to add to the Discovery page grid.

    To view Remote DX - client metrics in Solve:

    1. Click the Discovery icon Discovery.pngto access the Discovery page.  
    2. In the Topology click User Sessions. 
      TopologyUserSessions.png

    3. In the right area above the grid, click the Grid column pick icon GridColumnPicker.png.
    4. Select from the following optional columns:
      - Client Device Score
      - Client NIC Name
      - Client NIC Speed
      - Client NIC Type
      - Internet Latency
      - LAN Latency
      - Latency Avg
      - Total Latency
      - WiFi Signal
      - WiFi SSID

      You now see the columns for these metrics in your SOLVE grid.
    5. Click the Client Device Score icon HouseIcon.pngto drill down to troubleshoot connection issues. 
      SolveGrid.png
      The details of the device's connection into your virtual environment are displayed showing the different sections of the device's connection path.
      ConnectionDetail.png

     

  • Deploy Remote DX - Client Device Metrics Monitoring

    Remote DX is now in beta release for v8.5 and will soon be available for general release. If you’d like to try it out, contact your ControlUp representative.

    ControlUp extends our monitoring capabilities by enabling you to now monitor remote client devices when they are logged into your virtual network. For details about the feature, see Remote DX - Client Metrics.

    To enable the feature, you must deploy the relevant files onto the client device machines you want to monitor. 

    The following operation systems are supported for these EUC environments:

    VMware Horizon client:

    • Windows 10 and above 64 bit
    • MacOS 10.13.6 and above
    • IGEL 11.3 and above

    Citrix client: 

    • Windows 10 and above 32 & 64 bit
    • MacOS 10.13.6 and above
    • IGEL 11.3 and above

    For metrics to be monitored from the remote devices, the machine to which the device connects must have the ControlUp Agent installed.

    DeviceMachineGraphic.png

     

    Windows Deployment

    Access the latest deployment files from the ControlUp Downloads Center. Select the one for your EUC and your end users' operating systems. 

    Windows installations are available from these links:

    You as the IT Admin can select to remotely perform the installation using the following parameter options:
    /SILENT
    /VERYSILENT

    If your users are installing directly, when the user opens the .exe file, the installation process begins. 

    1. Agree to the End User License Agreement.
      Install1.png
    2. Click Install to begin the installation.
      Install2.png
    3. Click Finish and the monitoring can begin once the client device is connected to your environment.
      Install3.png

     

    MacOS and IGEL - Coming soon

     

     

     

     

     

     

  • Welcome to Edge DX

    Contents

    What Is Edge DX

    Welcome to Edge DX by ControlUp. With Edge DX, you can manage physical endpoints – located anywhere – without requiring VPNs or cloud gateways.
    Edge DX is a systems and device management SaaS for desktop, Mac, IGEL and other devices, with features for monitoring, troubleshooting, and gathering intelligence across remote devices.

    Edge DX is available to ControlUp Real-time Console users through the Solve interface, and also as a standalone product if you have not yet installed ControlUp.

    Edge DX integrates with Solve, ControlUp’s hosted web application for real-time monitoring and analysis for virtual desktops.

    How to Get Edge DX

    If you are a Solve subscriber, go to the Solve dashboard, and hover over the top NEW icon in the left side navigation and click on Physical endpoints. Then click Start Trial for a free 21 day trial for 100 desktops.

    If you are not a Solve customer, ask your ControlUp representative for an Edge DX tenant and the 21 day free trial for 100 desktops.

    Edge DX Installation

    To learn how to install Edge DX, see the Edge DX Deployment and Installation article. 

    User Permissions

    Edge DX Administrators and Users can access the following features:

    Edge DX Feature Administrators Users
    Dashboard
    Device metrics
    Reports
    System events  
    Run actions  
    Change scripts  
    Control user permissions  

     

    To learn how to add a new user, see the configuration section.

    Edge DX User Interface

    The user interface guide has four main sections: Configuration, Dashboard, Devices, and Reports.

    Configuration

    Click the controls icon in the top right corner to open the Configuration dropdown menu:

    CPE_configuration_dropdown_menu.png

    You’ll find the following configuration pages:

    System Events

    Track IT admin events such as administrator logons, device registration, errors, and more.

    Alerts

    Set alerts to let you know about important events in your physical device network. For example, set an alert for high CPU load. Alerts are always cross-device. Alert notifications include all devices that triggered it. Generally, alerts are triggered every 60 seconds.

    Scripts

    Using Edge DX’s powerful and extensible scripting engine, you can distribute and run scripts on Windows, Linux, and Mac devices, to perform IT administration tasks and to collect results and data.
    Supported scripting languages include PowerShell, Python, Bash, Swift, and Shell Script. Windows-specific scripts include VBScript, JScript, and cmd.exe. Scripts can be configured per platform (Linux, MacOS, and Windows).
    Script Examples:

    • Get CPU temperature
    • Get expiring X.509 certificates expiring in the next 30 days and return them as an event.
    • Perform a forced group policy update
    • Restart Windows Print Spooler Service

    For more information about scripts, see the Edge DX Scripting Guide.

    Data

    This page displays the raw data collected from agents, processed, and displayed in the Dashboard and in the Reports.

    Downloads

    This page contains Agent downloads and installation instructions per device type. For details, Edge DX Agent Deployment and Installation.

    Agent Settings

    This page provides agent version information and a range of agent performance settings:

    • Production Agent Versions: This section currently displays the Windows agent manager version. This software is installed on client devices and manages the installed agent version by upgrading or downgrading to the production version.
    • Intervals:
      • Action Check Interval: allows an extra, more frequent check for actions and script updates. It increases load on the database and can affect system performance. Each Device Update also checks for actions and script updates so to disable this additional check, set the interval to be greater than the Device Update Interval.
      • Device Update Interval: controls how frequently the agent sends info including performance stats, current active processes, remote IP address, services and agent version to the service. It also checks for actions and script updates. Gathering this information on the device can have a performance impact so avoid reducing this interval below 60 seconds, unless actively troubleshooting.
      • Configuration Update Interval: Controls how frequently the agent checks for new settings and scripts. During setup it is common for this interval to be short, however during production this can be longer.
      • Trigger Interval: Short Trigger Interval and Long Trigger Interval control how often you run a script (Scripts > Add Script). For more information see the scripting guide.
    • Agent Feature Settings: Includes configurations for MS Windows Event Log. 
    • Custom Agent Settings: An open field that accepts JSON-formatted data input that can be used to send configurations to the agent that are not available in the user interface. Examples include settings such as new data or filter data, or to disable a feature. After entering your data input, click Save Custom Settings. All agents will pick up the new settings at the next configuration refresh.

    Tenant Users

    Manage Solve single sign-on (SSO) and control user access to Edge DX and configure Solve single sign-on.

    CPE_configuration_tenant_users.png

     

    With Solve Single Sign-On (SSO) enabled, Solve users will have Edge DX viewer permissions, and Solve managers will have Edge DX administrator permissions.
    To add an Edge DX new user:

    1. Click Add User.
    2. Enter the user name (UPN) and click Add.
    3. You’ll receive a success message: “New user was created!”. Click OK.
    4. Under Tenant Users, locate and click on the new user to grant Solve SSO and Edge DX administrator or viewer access rights.
      Note that only Edge DX Administrators can add and grant access rights to other administrators and viewers.

    Dashboard

    Dashboard widgets display aggregate device data and metrics. Click to drill down to the device view. An interactive map shows device locations. Click the pins to zoom in and see device data and performance metrics.

    CPE_dashboard_main.png

    Devices

    The Devices view features a wide range of sortable columns. One set of columns displays device identification and agent data, such as device group, and location, and agent version. These columns are either sortable or feature filtering capabilities. To filter results, simply click the desired column funnel icon to open the filter builder.

    CPE_click_filter_builder_with_filter_builder_in_corner.png

    The other columns show key performance metrics: Wi-Fi signal, network latency, CPU usage, memory available, logon times, and input delay. Data is displayed using colored threshold indicators that can be clicked to drill down and view further device data.

    CPE_devices_thresholds_drill_down.png

    Devices Drill Down
    In the Devices view, click a device to drill down and see further data.

    CPE_Devices.png

    At the top of the device drill down page are five tabs:

    CPE_device_drill_down_5_top_tabs.png

    Performance includes an interactive map and device hardware, software, and networking specifications. Chart widgets display key performance metrics including CPU usage, CPU queue length, memory usage, network usage, hourly network usage, network latency, and active sessions. For each metric, click the bell icon to create an alert, to be triggered when a certain threshold is reached.

    Active Processes displays all active processes for the chosen device.

    Installed Applications lists all the applications installed on the chosen device.

    Missing Patches indicates which Windows updates should be applied.

    Device Events shows all events related to your devices. You can sort device events in the Type column. Event types include Alerts, Action, Device, Security, System. You can also filter events using the title, description or local ID columns.

    CPE_device_device_events.png

    Reports

    CPE_reports.png

    Edge DX includes four types of reports:
    All Devices: These cross-platform reports are related to hardware and operating system information. Examples include:

    • Hardware & Operating Systems
    • Installed Applications

    Windows Apps & Processes: A list of reports focusing on processes and applications. Examples include: 

    • Top Processes by CPU Time
    • Top Users by Application

    Windows Performance & Security:

    • Examples include Local Administrators, Missing Patches, Windows Event Log.

    Custom Reports: Here you can add your own report:

    1. Click Configuration > Data and click the index you are interested in.
    2. On the left side, select the columns (metrics) that you want to include.
    3. Define the sort order by clicking the relevant column heading.
    4. Click the Create Custom Report button. Name your report, add a description, and check Public if you want this report to be viewable by other users in your organization. 

     

     

  • Edge DX Agent Deployment and Installation

    Contents

    About Edge DX

    Edge DX is a systems and device management SaaS for desktop, Mac, IGEL and other devices, with features for monitoring, troubleshooting, and gathering intelligence across remote devices.

    Edge DX is available to ControlUp Real-time Console users through the Solve interface, and also as a standalone product if you have not yet installed ControlUp. 

    For more information about the Edge DX user interface and capabilities, see Welcome to Edge DX.

    Agent Deployment

    To deploy Edge DX, administrators and users in your organization will require:

    CPE_configuration_downloads.png

    Alternatively, use one of these methods to distribute the Edge DX agent to end user devices:

    1. Distribute the Edge DX agent, tenant name, and device registration code through an internal file share solution or by email.
    2. Distribute the Edge DX agent as an application, using a management solution such as Microsoft Intune or Microsoft Endpoint Configuration Manager.
    3. Copy the Edge DX agent into a master image that is used to provision new devices for users.

    Agent Installation

    To download and install agents from the Edge DX Download page:

    Windows Agent Manager

    Supported OS Versions: Windows 7 SP1+ (x64), Windows 10 Version 1607+ (x64), Windows Server 2012 R2+ (x64).

    To download and install Windows Agent Manager:

    1. Double click the download icon download_button.pngto download and run the appropriate version of the agent.
    2. Install and start it.
    3. The Agent Manager will also update the agent when new versions are available and selected.

    Command Line Installation:

    The Agent Manager can also be installed from the command line, using your device registration code and tenant name. For example:

    msiexec /i agentmanagersetup.msi /qn DEVREGCODE=<device registration code> TENANT=<tenant name> ALLUSERS=1

    Note that the device registration code and tenant name are not checked and will be stored as-is. Agents will fail to connect if they are not correct.

    To prepare a Windows image for cloning with Citrix PVS/MCS (or similar), use the ONLYSTARTONBOOT=1 option to make the Agent Manager download and install the correct version of the Edge DX agent, but not start it.

    The Edge DX agent will be set to "Automatic '' so that the service starts and registers on the first boot of the cloned image. Here's an example of the command line you would use:

    msiexec /i agentmanagersetup.msi /qn DEVREGCODE=fccbd8540ab7ea23a9cda5795b81dfc8b3855d0a TENANT=acme.sip.controlup.com ONLYSTARTONBOOT=1 ALLUSERS=1

    Linux Agent

    Supported OS Versions: See .NET Core 3.1 supported OS list on github.

    Download and Installation

    1. You can download the agent directly, but the easiest and most recommended way to install and update the Linux agent is as a system daemon with the script below.
    2. After downloading the script, remember to chmod +x it and run it with sudo:
    sudo ./sip-install.sh <tenant name> <device registration code>

    3. Once installed, you can update the agent from a Custom Action in the Devices drill down view. If the Custom Action script is not already in your tenant, contact support@controlup.com and we'll show you how to add it.

    CPE_devices_drill_down_actions_custom_actions.png

    Command Line Installation

    To run Linux Agent directly using command line:

    1. Download the agent and give it execution rights with chmod +x.
    2. The agent needs to run with root privilege (sudo) and needs the tenant name and device registration code as parameters. For example:
    sudo ./avaceesipagent-linux tenant=acme.sip.controlup.com devregcode=fccbd8540ab7ea23a9cda5795b81dfc8b3855d0a

    MacOS BETA Agent

    Supported OS Versions: macOS 10.13+ (x64).

    A dmg Mac installer is coming soon, but for now you will need to install it from the command line in a Terminal window.

    The easiest and recommended way to install and update the Mac agent is as a launchctl service with this script.

    After downloading the script, remember to chmod +x it and run it with sudo:

    sudo ./mac-sip-install.sh <tenant name> <device registration code>

    If you want to run the agent directly from a command line, then download it and give it execution rights with chmod +x.

    The agent needs to run with sudo root privileges and requires the tenant name and device registration code as parameters. For example:

    sudo ./avaceesipagent-macos tenant=acme.sip.controlup.com devregcode=fccbd8540ab7ea23a9cda5795b81dfc8b3855d0a

    IGEL OS BETA Agent

    Supported OS Versions: 10.05.500+

    To install the IGEL agent, follow these steps:

    1. Create the custom partition: In the IGEL Universal Management Suite, go to:
      Setup > System > Firmware Customization > Custom Partition > Partition
    2. Enable the custom partition. Give it a size of at least 100MB and make note of the mount point (e.g. /custom).
    3. Once the custom partition is enabled, add the ControlUp agent as a downloaded package:
      Setup > System > Firmware Customization > Custom Partition > Download
    4. When adding the package, use the following information:
     /custom/controlup-cpe-agent/start.sh <tenant name> <device registration code>
    • Automatic Update: Enable this if you want the agent be updated as new versions are released.

    * If you changed the custom partition mount point when enabling it, adjust the Initial Action command with the appropriate mount point.

     

    Device Registration

    To connect, the following information is required:

    • Tenant name: e.g. acme.sip.controlup.com
    • Device registration code: Unique to each tenant
      • The tenant name and device registration code are stored in:
        • Windows Registry at HKLM\Software\Avacee\SIP
        • For Mac and Linux in settings.json at /usr/local/avacee/sip_agent
    • A Unique Identifier (UID) that is automatically generated by the tenant name the first time you connect. The UID is stored in the file system.
  • Edge DX Scripting Guide

    Contents

    Introduction

    The Edge DX scripting engine is a powerful and infinitely extensible way to distribute and run scripts on Windows, Linux and Mac devices to perform IT administration tasks and to collect results and data.

    To read about Edge DX features and capabilities, see Welcome to Edge DX.

    Note: The terms SIP and SIP Agent in the UI, scripts and script logs refer to Edge DX. 

    You can see the list of the existing scripts in your tenant in the Configuration > Scripts view:

    edge_config_scripts_main.png

    If you click on a script name, you see all available content fields and options for that script.

    Targeting and Distribution

    Scripts are distributed to all endpoints based on platform – all Windows scripts go to all Windows devices, Linux scripts to Linux devices, and Mac scripts to Mac devices.

    When script settings are changed, they are updated and securely cached on each device when it next does a configuration update, as determined by the Configuration Update interval in Agent Settings. At that time, any new or changed scripts are downloaded by the device and cached locally in a secured folder. Any old or unrecognized files in that folder are removed.

    Script Content Fields

    Click the Add Script button in the top right corner to add a script and configure the script options:

    edge_config_scripts_add_script.png

    Name. A friendly name for the script that is used in the Scripts view, and in the Configuration > System Events and Devices > Device Events views. When the script is cached as a file on the device (in a secured folder), this name is not used, and a random sequence of characters is used as the file name. Most events list both the friendly name and the random file name to ease understanding of which script produced the event.

    Description. Only used as a friendly reminder of what the script does and how to use it.

    Content. A raw text field. Copy and paste to and from a script editor to run, test and develop your script and then copy it here for distribution to devices. Remember that scripts often run in System context (see below) and so might behave differently from when they are run by a user in a script editor.

    Script Options

    Platform

    This determines which device platforms the script is distributed to, and which options are available under Language/Interpreter and Trigger.

    egde_config_scripts_options_platform.png

    Language/Interpreter

    This represents the supported script languages and interpreter on the selected platform. Each script is saved as a local file in a secured folder, and then passed to the selected interpreter on a command line and run in a separate process.

    edge_config_scripts_options_language_interpreter.png

    Trigger

    The list of triggers available for the platform. See the Script Triggers section for more detail.

    Timeout

    The process that runs the script is given a finite time to execute, and then killed if it has hung. If the script completes before timeout then stdout (standard output) and stderr (standard error) results are checked. If there are no errors the stdout text is scanned for data and event results (see below).

    Note: If timeout is set to 0 (zero) then the script is started in a fire-and-forget manner and is not killed if it hangs, no stdout or stderr results are collected, and no data is sent to the Edge DX service.

    Data Collection

    If the Sends Data option is selected and the script completes before the timeout with no errors (empty stderr), then the stdout is inspected for a section that looks like:

    ### SIP DATA BEGINS ###
    [{"ip_address":"192.168.137.16","hostname":"test test.jar.local"}]
    ### SIP DATA ENDS ###

    The data between the “### SIP DATA BEGINS/ENDS ###” lines is a JSON-formatted array of dictionaries that contains rows for the selected index. Examples of how to create this output with PowerShell, Python and other script languages are included in the scripts in your tenant. Any errors in the format are rejected by the Edge DX agent and the reason captured in the Events view.

    edge_config_scripts_data_collection.png

    When the Edge DX agent finds output that matches this pattern, it is sent to the Edge DX service for the specified Data Index, where it can be inspected with the Data view, or in a report if one exists.

    Note: If the Data Index does not already exist, a new one is dynamically created.

    edge_data_create_custom_report.png

    When adding data to a custom index, we strongly recommend using only integer and not floating-point values. For example: It is better to store milliseconds as 375ms, than as 0.375 seconds. This avoids issues with data that spans multiple time periods.

    The Overwrite Existing Data option determines whether the data output appends new rows or overwrites existing data for that device. Reports that show only the most recent status of the device should overwrite existing data, whereas reports that keep a historical log of device activity should not overwrite existing data.

    Whether or not the Sends Data option is selected, the stdout from the script is also inspected for a section like:

    ### SIP EVENT BEGINS ###
    Memory block size: 134217728 Total online memory: 8589934592 Total offline memory: 0
    ### SIP EVENT ENDS ###

    If this is found, then then a System Event is created with the Title containing the script name, and the Description contains the output, like this:

    edge_config_system_events.png

    Additional Options

    Run Only When Online. If the device is not able to connect to the Edge DX service, then this determines whether the script should run anyway. If the script has the Sends Data box enabled and the device is offline, data output will be cached on the client until the device comes back online.

    edge_config_scripts_additional_options.png

    The Run Only When Online option does not apply to Custom Actions, which run only when the device is online and able to receive actions. 

    Run Only When Idle. The Agent Settings page has settings which determine the CPU level and duration which is required for the device to be considered idle. If a script is triggered to run with this option selected and the device is not idle, then the script does not start. This is useful for scripts that consume a lot of system resources and could impact the user if they are actively working.

    Script Triggers

    edge_config_scripts_options_triggers.png

    There are three types of script triggers:

    Time Intervals

    Short Interval. The timing for this is configured in Agent Settings and is typically set at 180 seconds. In other words, all scripts for this trigger are fired by a timer with an interval of 3 minutes.

    Long Interval. The timing for this is also configured in Agent Settings and is typically 600 seconds (10 minutes).

    Once Per Day. Every 15 minutes (by default) the agent checks each of these scripts to see if it has run in the last 24 hours, and if it has not, then it runs it now. It will retry every 15 minutes until there are no errors and then stores the last-run time. If the script is set to Run Only When Online, it will retry every 15 mins until it is online, and then not run again for 24 hours.

    Device Events

    SIP Service Start. This is run whenever the service SIP Agent starts, or restarts. The service automatically starts when the Operating System is booted. It runs as soon as the agent starts, using scripts cached previously. It does not attempt to download or update scripts first.

    SIP Service Stop. This runs when the agent stops, which occurs when it is upgraded, the device is shutdown or rebooted, or when it is manually stopped. Devices have up to 5 seconds to send data or events to the Edge DX service before the agent exits. Any script process still running continues, but output from the script is lost after 5 seconds.

    Network Change. This trigger fires whenever the network interfaces change, which can happen due to power events, network outages, changes of WiFi Access Point, move from LAN to WLAN, etc. Often there are multiple network change events close together, and so the SIP Agent waits for a second to ensure only the last event fires the trigger.

    Process Started (Windows ONLY). When this trigger is selected a Process Name text field appears for the exe name to be matched (e.g. notepad.exe). Note that some applications relaunch themselves and so you can get two Process Started triggers close together when an application is started. This trigger can run the script in a system or user context (see below). This trigger adds the SID and LogonID of the user that started the process as parameters on the command line so they can be used by the script.

    Logon Complete (Windows ONLY). This trigger fires 15-20 seconds after userinit.exe exits, which is at the end of the Windows logon process. The script can be run as System or as User. This trigger adds the SID and LogonID of the user that started the process as parameters on the command line so they can be used by the script.

    LogonNew Session (Windows ONLY). This trigger fires first in the logon process, immediately after the session is created. It is possible some of the Windows environment will not yet be established. Only the SID is available to scripts.

    LogonExplorer Started (Windows ONLY). This trigger fires as soon as explorer.exe is started during the Windows logon process. The script can be run as System or as User. This trigger adds the SID and LogonID of the user that started the process as parameters on the command line so they can be used by the script.

    Logoff (Windows ONLY). This trigger fires right before the user logs off and has around 4 seconds to complete before the session closes. It can only be run as System because once the logoff has begun, no new processes including scripts can be started in the session. Includes both SID and LogonID.

    Session Lock – Explorer Started (Windows ONLY). Fires when the session display is locked. Includes both SID and LogonID.

    Session Unlock – Explorer Started (Windows ONLY). Fires when the session display is unlocked. Includes both SID and LogonID.

    Session Disconnect – Explorer Started (Windows ONLY). Fires when a session is disconnected (except at logoff). It includes both SID and LogonID.

    Session Reconnect – Explorer Started (Windows ONLY). Fires when an existing session is reconnected. It includes both SID and LogonID.

    Custom Actions

    You can use Custom Actions to trigger scripts. These appear as Actions in each Device page.

    To run a script based on a custom action:

    1. Click on a device name in the Edge DX console. The Dashboard for that device opens.
    2. Click the Actions menu towards the top right. These add a request to the device action queue. The agent runs these scripts immediately when it receives them.
      They can also be triggered by an Alert.

    Note: The Action Check interval can be changed in Agent Settings.

    edge_device_device_drilldown_actions.png

    Run Context

    Scripts run in the context of the System, except on Windows where some triggers have the option of running as User.
    System context means NT AUTHORITY\SYSTEM (i.e. LocalSystem) on Windows, and sudo (i.e. root) on Linux and Mac. On Windows the User SID and LogonID are provided as command line parameters on some triggers, so that scripts that run as System can still carry out operations on specific user data. The User SID is provided in SDDL format (for example: “S-1-5-21-368573210-3773030013-3569538123-1001”). Logon ID is a 64-bit hex string (for example: “0x00092c61”). See the Tips and Tricks section for how to use these.

    On Windows the User context means the user who performed the action, the user that started the process or logged onto the desktop. User scripts are copied to a temporary (secured) location, the user is given permissions to execute them, and then they are deleted when complete.

    Tips and Tricks

    Targeting a script at a specific device
    To ensure a script only runs on certain devices, you can add a line like this at the start (PowerShell example):

    if ($env:COMPUTERNAME -ne "DESKTOP-BVD8EN4") { return; }

    You can also filter by Edge DX device group with the SIPDEVICEGROUP environment variable.

    Popping a dialog to a user (Windows)
    The UserPrompt.exe executable included with the SIP Agent on Windows can be used to display a dialog to the user. Use a line like this in a cmd.exe script. Note the “start /b” at the start means that the script immediately returns after launching UserPrompt.exe, and so you will not get timeout errors if the user does not acknowledge the dialog for a long time. However, you will still get an error if the command line fails.

    start /b "C:\program files\Avacee\sip_agent\UserPrompt.exe" "Hello world!"

    Or like this in PowerShell:

    Start-Process (“C:\program files\Avacee\sip_agent\UserPrompt.exe") -ArgumentList """Hello world!"""

    Creating JSON formatted output

    If you want to send data that can be viewed in a report then you need to format it as data. On Windows this is easily done in PowerShell using a Hashtable (which is very much like a Dictionary):

    $MyData = @{} # initialize a hashtable

    $MyData["field_1"] = 20
    $MyData["field_2"] = 100

    Write-Output("### SIP DATA BEGINS ###")
    Write-Output(ConvertTo-Json $MyData -Compress)
    Write-Output("### SIP DATA ENDS ###")

    Every time this script runs it will send a row for that device with two fields and a value for each, which appear as columns in the table report.
    If you want to send multiple rows from each device in a single data upload, you can use a .NET List collection like this:

    $MyDataList = New-Object 'System.Collections.Generic.List[psobject]'

    foreach ($i in $MyDataCollection)
    {
    $MyData = @{} # initialize a hashtable

    $MyData["field_1"] = 20
    $MyData["field_2"] = $i.Property

    $MyDataList.Add($MyData)
    }

    Write-Output("### SIP DATA BEGINS ###")
    Write-Output(ConvertTo-Json $MyDataList -Compress)
    Write-Output("### SIP DATA ENDS ###")

    This will iterate through $MyDataCollection adding a Hashtable to the List for each entry, which will appear as rows for each device in the report table.

    Choosing cmd.exe or VBScript over PowerShell
    PowerShell is very powerful, but it consumes far more resources than cmd.exe and can be slow when iterating through large amounts of data, especially with complete Where-Object queries. Whenever possible, use cmd.exe or VBScript.

    Sending data to the events log using cmd.exe is very simple. For example:

    @echo off
    echo ### SIP EVENT BEGINS ###
    ping www.google.com
    echo ### SIP EVENT ENDS ###

    Using User SID and Logon ID parameter in scripts
    In this example, a PowerShell script running as System in response to a user event (e.g. a Logon) can look in the user’s HKEY_CURRENT_USER registry hive by opening a path under HKEY_USERS using the User SID, which was passed to the script as the first parameter:

    param ( $UserSID, $LogonID ) # this needs to be the first line

    $hku = [Microsoft.Win32.RegistryKey]::OpenBaseKey([Microsoft.Win32.RegistryHive]::Users, 0)
    $hkcuRunKey = $hku.OpenSubKey(($UserSID + '\SOFTWARE\Microsoft\Windows\CurrentVersion\Run'), $false)

    Avoiding Unicode problems in script data output
    Add this line to PowerShell scripts so that all text output is passed and uploaded to the database using Unicode, which allows all international characters and can be searched with all international characters:

    [Console]::OutputEncoding = [System.Text.Encoding]::UTF8

    Without this line, PowerShell will sometimes try and convert international characters to their closest ASCII equivalent, which can play havoc with data formatting.

    Script Use Case

    Here is a step by step guide to creating a script to get the CPU temperature from Microsoft Windows machines, using a PowerShell script, and then displaying the output data in a custom report:

    1. In Edge DX click Configuration > Scripts > Add Script
      Edge_dx_script_create_script_1.png
    2. Complete the script fields as follows:
      - Name: Get CPU Data
      - Description: (optional)
      - Platform: Microsoft Windows
      - Language/Interpreter: PowerShell
      - Trigger: Short Interval Timer
      - Timeout (s): 60
      - Send Data: Checked
      - Overwrite Existing Data: Checked
      - Content: Since the script is going to gather data, include “Write-Output”.
      - Data Index: cpu_temperature
      The Data Index field defines a new location or table that this data is going to be pushed into. Once created, the Data Index can be found under Configuration > Data:
      Edge_dx_scripts_configuration_data_cpu_temp_2.png
    3. When you complete the script fields, click Create Script or Save to New Script / Update Script.
      Edge_dx_script_create_script_save_to_new_script_update_script_7.png

    To create a custom report showing CPU temperature for your devices:

    1. Go to Configuration > Data.
    2. Under Index, click on cpu_temperature (that you created previously) and then click Create Custom Report.
      Edge_dx_settings_data_cpu_temp_create_custom_report_3.png
    3. Give the report a name and description and check Public if you want the report to be viewed by everyone in your organization. Click Create.
    4. Refresh the page and go to Reports. You will find the report you created under the Custom Reports heading. Click it.
      Edge_dx_reports_custom_reports_cpu_temp_4.png
    5. You can give the columns in your report more reader friendly names by clicking Rename Columns. In this example, columns are changed to Temperature and Device Name.

      Edge_dx_reports_customer_reports_temperature_report_john_rename_columns_5.png
    6. When you are done, click Save Report Layout.
      Edge_dx_reports_customer_reports_temperature_report_john_rename_columns_save_report_layout_6.png

      To learn how to get alerts about a temperature report and other alert types, see the Edge DX Alerts article.

     

     

     

  • Centralized Audit Log

    The internal auditing feature documents all actions executed by ControlUp users and any changes in the product configuration.

    For complete information about the scope of the audit log's function, limitations, and settings, see here.

    Audit Log Report

    The Audit Log report is available to users with the Manage SOLVE permission.

    To view the Audit Log, right-click the cogwheel in the lower-left corner and select Audit Log and the Audit log appears.
    mceclip3.png

    mceclip2.png

    Filtering and Sorting

    The information displayed in the Audit Log can be filtered and sorted by any column. Some columns can be filtered based on a list of values with multiple selections and other columns can be searched using the free text search as described below.

    mceclip1.png

    The magnifying glass in the upper right corner of the screen allows you to search for a specific log entry. 

    To view information regarding a specific folder path of the target object, use the dropdown menu in the upper left corner of the Audit log screen, and select a folder. By default, the entire organization is displayed.

    Use the filter buttons next to the column names to filter the report according to the column details. By clicking on a filter, a popup appears enabling you to search for items with specific values by entering the value and clicking Apply
    mceclip2.png

    You can clear the filters individually by hovering over a column name and click Clear, or universally by clicking Clear All Filters in the upper right corner of the screen.

    mceclip1.png

    Time Period

    To view information from a different time period, click the calendar icon in the upper right corner of the Audit log screen and select a different time period.
    mceclip1.png

    Free-text Search

    Using the magnifying glass in the upper right corner, you can search all columns of the audit log for any pattern, keyword, etc.

    mceclip0.png

    Here are some examples of how to enter free text for the filter:
    Multiple terms result in any combination of the terms.
    • ozone layer - retrieves ozone and layer appearing in the text.
    Multiple terms in quotations result in all occurrences of the terms appearing as you entered them.
    • "ozone layer" - retrieves the term "ozone layer" appearing together 
    Operators such as 'AND', 'OR', and 'NOT' can be used to further filter. 
    AND retrieves the same results as multiple terms with both terms appearing but not necessarily together.
    • ozone layer 
    • ozone + layer
    • ozone AND layer
    OR retrieves any occurrence of one term or the other, or both.
    • ozone OR layer
    NOT specifies a term excluded from the results retrieved. Results include only 'ozone' and not 'layer'.
    • ozone NOT layer
    • ozone ! layer
    Grouping in parentheses can further filter expressions with operators.
    • ((greenhouse OR carbon) AND emissions) - retrieves occurrences of 'greenhouse emissions' OR 'carbon emissions'.
    Wildcards search for single or multiple characters in the beginning, middle, or end of a string.
    • la?er - single character wildcard retrieves all occurrences of 'layer' and 'later' for example.
    • lay* - multiple character wildcard retrieves all occurrences of 'lay', 'lays', 'layer', 'layers' for example.