Agent Security Options in Agent Settings
ControlUp continuously improves the security protecting the communication between ControlUp Agents, the Real-Time Console, and ControlUp Monitors in your environment.
For more information on how to set up secure agents, see ControlUp Agent Security Best Practices.
You can use the following enhancements for the ControlUp Agent when adding machines to the ControlUp Console:
- Encrypt communication between the agent, console, and monitors.
- Default agent authentication key for all deployed agents.
Encrypt Agent Communication
You can select the option to use only encrypted communication between all agents within your ControlUp organization. By default, this option isn't selected.
- You must be a user with the Organization Owner role or have Roles Manager permissions set in the Security Policy panel to select this option.
- .NET Framework 4.5 or later must be installed on the agent and console.
- .NET Framework 4.8 or later must be installed on the monitor.
To Encrypt Communication with ControlUp Agents:
- In Real-Time Console > Settings > Agent Deployment Settings, select Use only encrypted communication.
- Restart the Real-Time Console and all monitor clusters.
- Update all agents to version 8.2.5 or later.
If this option is selected and you receive any of the following error messages:
- The agent does not support encrypted communication. Upgrade the agent to version 8.2.5 or later.
- Failed to establish an encrypted connection with the agent.
- Operation timeout.
Ensure that all consoles and agents are running the following:
- .NET framework version 4.5 or later.
- ControlUp version 8.2.5 or later.
Ensure that all monitors are running the following:
- .NET framework version 4.8 or later.
- ControlUp version 8.2.5 or later.
Agent Authentication Key
ControlUp generates a unique authentication for every ControlUp organization. By default, all agents are configured with this public authentication key, and accept communication only from trusted consoles or monitors that have the same corresponding private authentication key.
The authentication key is automatically configured for the agent machine during deployment.
Access Key Value
By default, this is the method of authenticating communication between the agents, consoles, and monitors, so you don't need to perform any action.
If you need to access the Agent Authentication Key, you can access it in Real-Time Console > Settings > Agent Deployment Settings. The same key is used for all agents deployed from this console.
Click Copy to access the key value. On the agent machine, this authentication key is stored in the ControlUp Agent registry in the path: HKLM\SOFTWARE\Smart-X\ControlUp\Agent\Communication\AuthKey
You can manually set the key at any time and you aren't required to restart the agent machine.
Add Key to Configuration Files that Install the Agents
When you install agents using the Add Machine feature in the Real-Time Console, by default, this key is automatically added to the agent machine.
If you don't choose to deploy the agents automatically when you add machines to your organization, you must manually add the same key as displayed in the Agent Deployment Settings page to the configuration file that you use to add the agent.
To manually configure the key, use the following registry setting on all machines with the agent deployed:
- Registry Key:
- Data Type:
- Possible Data Values:
Public key string base64 encoded(from Agent Deployment Settings)
If you do choose to deploy the agents automatically when you add machines to your organization, you can use the Agent MSI installer to configure the Agents Authentication Key using an MSI parameter. If you use the link to Download MSI Installer from Agent Deployment Settings, the MSI is already configured with the parameter, but you must update the key value.
To deploy agents with the key using an MSI installer command parameter, update the following key values:
- Parameter Name:
- Parameter Value:
AUTHKEY=agent authentication key
- Usage Example:
msiexec /i Agentinstaller.msi AUTHKEY=
If you install an agent with this parameter, it configures the specified authentication key for the agent.