A user asked if it was possible to specify the user security context when upgrading agents in ControlUpConsole, as they couldn't use Domain Admins in their environment. It was suggested to add admin accounts to AD Connections and specify one per domain, and the credentials were stored in the user profile and used only for agent deployment and "agent control". This solution worked for the user.
Read the entire article here...
Security Related Training & Support Archives
Security training and support-related archives from inside the ControlUp Community on Slack.
Does Edge DX Remote Control Leave a Trace afer Ending Remote Session?
A user asked about remote control functionality in Edge DX and whether it leaves traces that the security department can pick up. @Member gave an explanation that the client used in the agent is a VNC client, but is secured and connected to other parts of the system via a web-socket. This means that the VNC client cannot be externally connected, thus not leaving traces.
Read the entire article here...
Read the entire article here...
Troubleshooting an On-Premises 8.7 Issue with SOP Not Functioning
A customer upgraded their On-Premises environment from 8.5 to 8.7 and introduced SOP 8.7, however it was not functioning. Possible fixes such as restarting ControlUp Monitor and SOP, changing the SSL cert, toggling "Ignore SSL Cert Errors", checking port 443, checking UserManagement logs, checking docker logs, creating a monitor log (Log4Net) and generating the key file again were suggested. They would also benefit from visiting https://support.controlup.com/v1/docs/cop-87-security-enhancement-for-monitor-sop-communication for further instructions.
Read the entire article here...
Read the entire article here...
How to add new users to ControlUp Real Time DX?
A user asked a question about adding users to a ControlUp setup, with the question of whether it needs to be done via the Login Setup screen in version 8.7 or if it can be done through adding people to an AD group. In order to do this, users need to be added manually. However, ControlUp is working on enhancing its Solve/SAML integration, which will enable new users to be auto created as needed. This would be done with the new DEX platform/login when configured to use SAML. ControlUp will keep @member updated on its progress with the DEX platform.
Read the entire article here...
Read the entire article here...
Changing the Certificate on the IOP Server
The user asked how to change the certificate on the IOP server - he received a .PEM file without private key and was suggested to refer to the following documents: https://support.controlup.com/docs/solve-on-premises-configuration and https://support.controlup.com/docs/insights-on-premises-replace-certificate. Finally, the certificate was implemented and the user noted that the IOP server correctly presented it but not the Splunk side.
Read the entire article here...
Read the entire article here...
List of Processes for ControlUp Edge DX Monitoring
A user asked for a list of processes run with ControlUp EdgeDX and suggested whitelisting a path for updated executables. Security teams requested more information. Further guidance and resources can be found at edgedx-functions.azurewebsites.net and support.controlup.com.
Read the entire article here...
Read the entire article here...
Missing “Client Device Score” icon in ControlUp Solve?
Members discussed the issue of not seeing Client Device Score in ControlUp Solve, and why metrics like Client Wi-Fi Signal, Lan Latency, Total Session Latency, and Internet Latency indicate the score. They concluded that Remote DX must be installed on the endpoints and the registry values need to be deployed. Members also noted that 3rd party software can be tricky with virtual channels, and that the default MSTSC rdp client should be used. Support ticket can be created at support@controlup.com.
Read the entire article here...
Read the entire article here...
Driving Use Cases for Choosing ControlUp Edge DX
Two members discussed the driving use cases for choosing ControlUp Edge DX, including Corp laptop having VPN connectivity issues, seeing network latency/connectivity/ISP, and providing admin-level support to users' machines even when not connected to a VPN. Edge DX is designed for FatClients, providing detailed information without needing to be connected to VMs. RemoteDX can also be installed but is solely for showing information while connected to Win365, XenDesktop or Horizon.
Read the entire article here...
Read the entire article here...
ControlUp Architecture Diagram for Security Team
A user wanted an architecture diagram for their security team, and requested feedback on the provided one. Comments focused on missing ports to the CU agents and Citrix servers, and that data collectors were also not included. It was suggested that a more basic, old diagram should be used to show the relationship between monitors, cloud and agents, and console to agents and cloud. Additionally, a link to ControlUp documentation was shared (https://support.controlup.com/docs/controlup-architecture-security-concepts).
Read the entire article here...
Read the entire article here...
Implementation Questions for ControlUp in Corporate and Isolated Environments
A user asked questions about implementing ControlUp in a corporate and isolated environment. The answers explained that Monitors and Data Collectors don't need to be in the same domain, credentials can be used even without trust relationship, and port 40705 needs to be added. Professional Services from ControlUp can be sought for resolving automation issues in an environment with extensive security policies.
Read the entire article here...
Read the entire article here...