A user is asking for help with setting up ControlUp for multiple customers without AD trusts. They have read an article about installing the ControlUP Monitor in the customer’s domain and opening port 40706. The discussion includes clarification on DNS resolution and port 40706. The upcoming release of Real-Time DX v9 is mentioned as a solution for easier installation in the future, with the ability to deploy the Monitor in a DMZ and access it remotely. The user is advised to open a ticket for more instructions on assigning monitor templates. The discussion also mentions using extensions for vCenter, XenDesktop, Horizon, NetScalers, etc.
Read the entire ‘ControlUp for Multiple Customers Without AD Trusts’ thread below:
Hi guys,
we have implemented ControlUP and set it up in the management domain.
From this management domain, we have AD trusts to multiple customers, allowing us to install the ControlUP agent for all customer Citrix workers and Citrix core components.
Additionally, I have integrated the console for all Citrix workers.
Now, we have received another customer who does not have AD trusts to the existing management domain. According to this article https://support.controlup.com/docs/controlup-for-multi-tenancy-environments, I should only install the ControlUP Monitor in the customer’s domain and open port 40706 to the ControlUP Monitor in the management domain.
ControlUP Monitor Management Domain ControlUP Monitor Customer Domain
Is that correct?
Can I install the ControlUP Monitor on an existing server at the customer’s site, or do I need a dedicated ControlUP Monitor server?
Thank you for the feedback.
If anything is unclear, please let me know.
I am sure @member can provide some feedback here. Pls note that with the upcoming Real-Time DX v9, things like this will be MUCH easier
(because you can deploy the Monitor service on workgroup computers, you can login with CU email only, no local AD account needed, and, the CU agent can connect to the Monitor via an outbound SSL/HTTPS port)
The monitor in the management network and the monitor in the customers network need DNS resolution to each other and bi-directional port 40706. DNS can be done with host files on the monitors if needed. The monitor in the customer network does can be domain joined so it can be easily managed. The only requirement is that you deploy the monitor from the customers network and assign the service account for that monitor and set the password from that network (so it can validate the credentials and assign them to the monitor in the customer network). After that you need to update the "templates" assigned to the monitors. This is not a documented processes so please open a ticket for additional instructions on how to properly assign the monitor templates.
@member @member
Thank you for the feedback. 👍
When can we expect version DX v9 approximately?
Should we probably wait for the new version?
V9 will change things drastically. In theory you can put the monitors in your DMZ and expose them to the internet on 443. You would then assign a public DNS A record so machines on the internet can access them. You can then deploy agents via the MSI anywhere in the world with internet access and you’d be able to monitor them with the monitors at your main DC.
The catch there is extensions (vCenter, XenDesktop, Horizon, NetScalers, etc).
Data collectors cannot be used outbound on 443 in v9 so if you need this data you need to deploy MSP mode in 8.8 with monitors at the customers location to get this data.
Continue reading and comment on the thread ‘ControlUp for Multiple Customers Without AD Trusts’. Not a member? Join Here!
Categories: All Archives