- Print
- DarkLight
- PDF
Prerequisites for ControlUp for Physical Endpoints & Apps
- Print
- DarkLight
- PDF
Read this article and make sure you meet the prerequisites before you deploy ControlUp on your physical devices.
This article covers the prerequisites for implementing ControlUp for Physical Endpoints and Apps. For additional information, visit the following articles:
- Communication requirements for Scoutbees
- Communication Ports for VDI & DaaS (US Region)
- Communication Ports for VDI & DaaS (EU Region)
Network requirements
Managed physical endpoints must have access to these URLs over port 443 (SSL):
URL | Notes |
---|---|
<tenant-name>.sip.controlup.com | You can find your tenant name by going to Configuration > Downloads |
downloads.sip.controlup.com | Used for downloading new Edge DX Agent versions. |
cdn.spm.controlup.com/waapi | Required only for ControlUp Secure DX |
cdn.spm.controlup.com/agent | Required only for ControlUp Secure DX |
securedx-cdn.controlup.com | Required only for ControlUp Secure DX |
To use the ControlUp console and manage your physical endpoints, you must have access to the these URLs:
URL | Notes |
---|---|
app.controlup.com | |
maps.google.com | |
edgedx-functions.azurewebsites.net | Required only for the first time you sign in to your environment and create your tenant. |
Synthetic Monitoring
ControlUp for Physical Endpoints & Apps includes proactive synthetic testing for your network infrastructure and SaaS/web apps.
Visit Networking Requirements for Synthetic Monitoring for details.
SSL inspection
If you have a proxy or firewall performing SSL inspection, you must have the trusted certificate installed on devices with the Edge DX Agent installed. The certificate must be accessible to the Computer account (and not only the User account).
Alternatively, you can disable SSL inspection for your Edge DX tenant URL (<tenant-name>.sip.controlup.com).
Proxy server
You can configure the Edge DX Agent to use a proxy server during Agent installation.
If your proxy is only open when a user account is signed in, and you want to monitor the device when no user account is signed in, configure your proxy to bypass the following URLs:
- <tenant-name>.sip.controlup.com
- downloads.sip.controlup.com
ZScaler VPN
If you are using a ZScaler VPN, follow the instructions in this article to ensure that you can see the real IP addresses of your devices.
Antivirus exclusions
Whitelist the following directories in your antivirus software (including next-gen security products such as Crowdstrike, Carbon Black, etc.):
C:\Program Files\Avacee\sip_agent\
C:\ProgramData\Avacee\sip_agent\scripts
C:\Program Files\ControlUp\AgentManager
Alternatively, if you are unable to whitelist directories, you can whitelist the following executables:
C:\Program Files\Avacee\sip_agent\SIPAgent.exe
C:\Program Files\Avacee\sip_agent\RCNotifications.exe
C:\Program Files\Avacee\sip_agent\UserPrompt.exe
C:\Program Files\Avacee\sip_agent\WinFocusMonitor.exe
C:\Program Files\Avacee\sip_agent\Wow64MIHelper.exe
C:\Program Files\Avacee\sip_agent\UserSurveysApp.exe
C:\Program Files\ControlUp\AgentManager\AgentManager.exe
Test your connection
If you have trouble deploying Edge DX Agents, use the following methods to test your tenant connection.
Method 1 - send a GET request to your tenant
From the machine you are installing the Agent on, open a web browser and go to the following URL:
https://<tenant-name>.sip.controlup.com/api/hello
If you don't get a valid response, then something is interrupting the connection to your Edge DX tenant.
The response should look something like this:
Method 2 - check your tenant's SSL certificate
From the machine you are installing the Agent on:
- Open Edge DX in your browser.
- Click the Lock icon next to the URL.
- View the details of the SSL certificate. This procedure is slightly different depending on your browser. For example, in Google Chrome, go to Connection is secure > Certificate is valid.
- Check the issuer of the certificate.
ControlUp always uses DigiCert for the SSL certificate. If you see any issuer other than DigiCert, then something is intercepting the network connection to your tenant.