Introducing the ControlUp Monitor
The ControlUp Monitor is a component principally equivalent to the ControlUp Real-Time Console but without an interactive user interface. Once installed and started, the ControlUp Monitor signs into your ControlUp organization and connects to your managed computers (also known as Data Sources).
The monitor starts receiving system information and performance updates from your organization, just like an additional ControlUp Console user. The primary difference between a monitor and a console is the fact that the monitor runs as a Windows Service 24/7 in the background without user interaction and allowing for continuous monitoring and auto-remediation of your environment.
For more information on how to upgrade your ControlUp environment including ControlUp Monitors refer to the latest upgrade guide for Hybrid Cloud environments.
For upgrading your on-premises environment, refer to the upgrade guide for on-premises article.
Benefits of ControlUp Monitor
The ControlUp Monitor offers a number of benefits to admins who require continuous monitoring and auto-remediation of their environment (only after a Monitor is installed in the organization):
Monitoring resources is a continuous process, running 24/7 regardless of the presence of active ControlUp Consoles in the network. Multiple monitor instances automatically provide mutual cluster, backup, and high availability for monitoring.
Monitors can be configured to alert ControlUp users about incidents that can not be detected by the ControlUp Console. For example, only the Monitor records Computer Down incidents, since the detection of this incident requires continuous monitoring.
The ControlUp Monitor can be configured to export data tables to a disk in CSV format for further analysis. The Export Schedule process runs in the background and ensures continuous logging, which otherwise could be executed using the ControlUp Console.
The monitor is mandatory for uploading data to our cloud-hosted Insights platform and for exporting activity files to Insights on-premises.
The ControlUp Monitor allows you to set a Shared Credential for logging in to configured Hypervisor, EUC, Cloud, or Netscaler connections.
Automated Actions are executed by the ControlUp Monitor. Automated Actions are Script-based Actions (SBAs) that are configured to run automatically as follow-up actions of Incident Triggers.
The following limitations apply to ControlUp organizations which do not have a Monitor instance installed:
Monitoring of resources and alerting about system issues can only occur if at least one instance of the ControlUp Console is active and connected to the entire organization.
Computer Down incidents cannot be detected or recorded.
To support historical reporting and trending analysis, at least one instance of ControlUp Console has to be connected to the entire organization and configured to export data tables to a disk.
How many Monitors should be Deployed in an Organization?
Organizations with less than the maximum supported capacity per a single monitor node, (e.g. less than 400K processes organization-wide) of managed computers and other resources to monitor will normally only require one ControlUp Monitor, especially if all of their managed resources are at the same location. In such organizations, a second monitor can be deployed to serve as a backup for the main monitor and ensure high availability.
Larger organizations, or those with multiple data centers in different regions, should deploy additional monitors – about one monitor node up to the max-supported volume which is 400K processes. With an additional one per site for backup and high availability. For additional information, see Introduction to ControlUp v8.1.
Prerequisites for ControlUp Monitor
The ControlUp Monitor can be deployed on any computer that meets the following prerequisties:
- Windows Server 2012/R2 or later
- .NET Framework installed
- ControlUp version 8.6.5: NET Framework 4.8
- ControlUp version 8.6 or lower: .NET Framework 4.5 or higher
- Allowed RPC inbound traffic
- Powershell 5.x
To allow the ControlUp Monitor to connect to managed computers, you will need to assign domain credentials to the monitor service as described below in the Domain Identity section.
For any Sizing Recommendations refer to this KB article: ControlUp Sizing Guidelines
Installing and Configuring the ControlUp Monitor
When you first run the ControlUp Console, no ControlUp Monitors exist in your ControlUp organization. To install new instances of the ControlUp Monitor, click the Add Monitor button in the Home ribbon.
Alternatively, you can install a new monitor by clicking the "Monitor Status" label in the ControlUp Monitors area and the Deploy Monitor button to install and configure a monitor.
Click Add Monitor. The ControlUp Monitor Installation Wizard will guide you through the process of installing and configuring the monitor instance. The first stage of the wizard is a computer object picker. Use this page to select a computer from one of your managed domains that will serve as your monitor machine.
Note that by default, the monitor service listens on TCP port 40706, which you can customize in this screen. After checking prerequisites, all the files required for the installation are copied to the selected computer and a “ControlUp Monitor” Windows service appears. Immediately after installing the service, ControlUp will open the Monitor Configuration Wizard, which will gather all the required information to configure and start the monitor service. The wizard will go through the following stages:
In the first stage, the wizard offers to import your currently saved credentials for use by the monitor service. If you agree, then your current list of AD Connections and Credentials Store is imported. Note that you need to click “Edit” for each entry to confirm that the correct credentials are being used for each AD Connection. If you connect to more than one AD domain, choose one of the connections to be the primary one. If you decline to import your personal credentials, you will be prompted to create at least one set of valid AD credentials for the monitor instance to use when connecting to your resources.
The monitor service needs valid credentials to establish connections with all of your managed computers. It is also responsible for deploying ControlUp Agents to the managed computers, in case they have no agent installed. By default, the ControlUp Monitor service is configured to start using the Network Service account, which is not sufficient for administrative connections to your managed computers. In addition, if your organization includes several Active Directory domains, the Monitor will need valid administrative credentials to access all these domains.
It is recommended that you create a dedicated account for the ControlUp Monitor in each of your Active Directory domains. This account needs to possess:
- Local administrative privileges on all your managed computers (this is optional and only required if your Monitor will be expected to deploy Agents to systems)
- Modify permissions on the directory used for scheduled data export (see below)
Shared Credentials Store – ControlUp allows managing credentials centrally so all authorized users can use shared credentials sets. This enables for more streamlined management of credentials and a quicker onboarding process for new ControlUp users which does not require them to know the service usernames and passwords.
Note that the Shared Credentials permission are set by the roles in the Security Policy Panel
Local Admins and Organization Members Roles are not allowed to use the Shared Credentials Store, you MUST create a new role.
The bottom of the Domain Identity page hosts the credentials saved with the Monitor instance in order to enable it to connect to your virtualization infrastructure. In order to monitor virtualization hosts, ControlUp requires for consoles and monitors to use the same credentials. In order to enable continuous monitoring of the virtualization hosts using the monitor, use this page to save the same service account credentials used by other ControlUp users in your organization to connect to your hosts. Saving those credentials is optional. However, if no credentials are provided for hypervisor connections, the monitor will not be able to connect to the hypervisor infrastructure. For more information on monitoring virtualization hosts with ControlUp, refer to the Connect to the Virtualization Infrastructure page.
At this stage, select the type of ControlUp login for your Monitor instance. If your organization works with online ControlUp login, leave the default online option selected. In this case, ControlUp will automatically create a new ControlUp user account for your monitor instance.
If your organization uses ControlUp in Offline Mode, your ControlUp Monitor will need an offline license file, just like a regular ControlUp user.
If applicable, configure the proxy settings needed for the monitor to connect to the Internet for login. Keep in mind that if the Monitor is installed in a network subnet that differs from your administrative workstation, the required proxy settings may be different from the ones used on your machine.
NTLM-based authentication to proxy servers is not supported.
In case of an issue connecting to ControlUp servers or uploading data to S3, refer to this article - Missing Data In Insights
The Export Schedule feature allows ControlUp to record any activity displayed in the My Organization pane. This feature exports comma-delimited logfiles which you can use to create reports. If your ControlUp Console is already configured to export data on a scheduled basis, the Monitor Configuration Wizard will offer you to move your export rules from your personal settings to the ControlUp Monitor. If you choose to agree, the monitor service will start exporting the data instead of your ControlUp console, which eliminates the need to keep a ControlUp console open in order to produce data reports. You can configure additional export rules for the Monitor.
For the scheduled export feature to work, you are required to configure the export path for the CSV files, as well as a credentials set which is sufficient for the monitor to write files to that directory. The export path can be either a local or a UNC path. In case the Delete files older than… option is configured, the configured account will also need permission to delete files.
Solve uses the ControlUp Monitor to retrieve data from your data sources. This dialog links to the Solve web interface in which you can configure SAML SSO. If you use Solve On-Premises, you can check the Ignore SSL Certificate Errors checkbox.
To learn more about the configuration in Solve, refer to the Solve On-Premises configuration guide.
On-Prem Monitor Backup
In an on-premises environment, the ControlUp Monitor creates Activity Files for the Insights On-Premises appliance. This screen allows you to define intervals for backing up IOP activity files on the monitor machine's local hard drive, simplifying the update process of Insights On-Premises..
ControlUp supports sending email alerts using a user-provided SMTP server, which is useful for customers who can not or prefer not to utilize the built-in cloud alerting service. To route alert messages to a custom SMTP server, the monitor service needs to be configured with the server name or IP, sender details, and credentials.
If no information is provided in this wizard, incident triggers using the Send an email alert using a local SMTP server follow-up action will fail to generate email alerts.
The ControlUp Monitor can be configured to regulate information updates from the ControlUp Agents. Configurations on this tab of the Monitor Configuration window may help optimizing resource consumption by the monitor service.
For more information regarding the regulation of information updates and its impact on the performance of ControlUp, refer to the Advanced Settings section in the Settings Window documentation.
After the initial installation and configuration, this tab is available in the Monitor Configuration window. This allows you to configure a TCP listening port for the ControlUp Monitor service. The default port is 40706.
The ControlUp Monitor is similar to the ControlUp Real-Time Console, acting like a client that connects to a listening TCP port (40705 by default) on the managed computers. The monitor listens on port 40706 only to allow other installed Consoles in your organization to receive status updates and display the status of the monitor in the Real-Time Console. This port is not used for communicating with managed computers.
For more information on communication ports used by ControlUp, refer to the Hybrid Cloud - Port Documentation for hybrid environment, or the On-premises - Port Documentation for on-premises installations.