Agentless Hosts

Agentless Hosts are OS-vendor-supported computers that can run A Control-M process that adds your job to the Run Queue of the day, according to automatic or manual scheduling, and which enables the job to execute after it fulfills its prerequisites. and execute jobs even though Control-M/Agent is not installed. Since you do not have to install an Agent on an Agentless Host, they do not require version updates, which reduces the need to install, update, or manage them.

A Control-M/Server communicates with an Agentless Host via one or more associated Agents over a WMI remote protocol or an SSH File Transfer protocol (SFTP). For more information, see Creating an SSH Key and WMI Requirements. Agentless Hosts can concurrently execute up to 100 jobs per Associated Agent. You can associate more Agents to increase the number of jobs that can concurrently execute on an Agentless Host.

Agent_A is associated with Agentless_Host_1, which executes up to 100 concurrent jobs at any time.
Agent_B is associated with the following Agentless Hosts:
- Agentless_Host_2, which executes 20 concurrent jobs while Agentless_Host_3 executes 80 jobs.
- Agentless_Host_3, which executes 80 concurrent jobs while Agentless_Host_2 executes 20 jobs.
Agent_C and Agent_D are associated with Agentless_Host_4, which executes up to 200 concurrent jobs at any time. Associated Agents Agent_C and Agent_D each run 100 jobs.

You can create an Agentless Host as follows:

Creating an Agentless Host: Describes how to manually create an Agentless Host.
ctmhostmap: Describes how to create an Agentless Host from the command line.
Converting an Agent to an Agentless Host: Describes how to convert an Agent to an Agentless Host.

Creating an Agentless Host

This procedure describes how to create an Agentless Host and connect it to one or more Agents via an SSH File Transfer protocol (SFTP). This enables you to run and execute jobs on a host where Control-M/Agent is not installed.

To change the Default Agentless Host Settings, from the Manage drop-down list, select Default Agentless Host Settings.

Begin

From the icon, select Configuration.

The Configuration domain opens.
From the drop-down list, select Agents.

The Agents pane appears.
From the Add Agent drop-down list, select Agentless Host.

The Add Agentless Host pane appears.
In the Agentless Host Name field, type a logical name.
(Optional) In the Tag A logical name that is used to label specific Agents in a group that has a specific authorization level. field, select a tag.
In the Associated Agents field, select one or more Agents to connect to (associate with) the Agentless Host.
From the Set Connection Parameters area, do one of the following:
- SSH
  1. Select the SSH button, which enables an Agent to securely communicate with the Agentless Host.
  2. In the SSH Server Port field, type the port number for the Agent.
  3. (Optional) Check the Compression checkbox to compress the encrypted communication, which increases data rates over slower networks.
- WMI (Windows)
  1. Select the WMI (Windows) button, which enables an Agent to communicate with the Agentless Host over a Windows communication protocol. For more information, see WMI Requirements.
  2. In the Output Directory field, type the path where the job output is saved.
(Optional) Click Test.
In the confirmation dialog, click Add Run as User.
Define a Run as User for the Agentless Host, as described in Adding a Run as User.

Converting an Agent to an Agentless Host

This procedure describes how to convert an Agent to an Agentless Host, which enables you to run and execute jobs on a host where an Agent is not installed. You cannot convert the Agent that is installed with the Control-M/Server to an Agentless Host.

Before You Begin

Verify that no jobs are executing on the Agent that you want to convert.

Begin

From the icon, select Configuration.

The Configuration domain opens.
From the drop-down list, select Agents.

The Agents pane appears.
Right-click on the Agent that you want to convert, and from the drop-down list, select Convert to Agentless Host.

The Convert Agentless Host <Agent_Name> panel appears.
Define the new Agentless Host, as described in Creating an Agentless Host.

Creating an SSH Key

Secure Shell (SSH) keys are authentication credentials, such as usernames and passwords, that enable Agents and Agentless Hosts to communicate over a secure network communication protocol. You can determine which SSH key the Agentless Host uses in the last stage of Creating an Agentless Host when you create a Run as User, as described in Adding a Run as User. SSH supports UNIX/Linux and Windows.

This procedure describes how to create an SSH key for one or more Agentless Hosts, which enables secure communication with an Agent.

Before You Begin

Ensure that the number of simultaneous connections between your Agent and Agentless Host is supported by your SSH server settings.
Verify that SFTP is enabled on the SSH server.
(Linux RedHat 9 only) Enact the security changes described in KA 000421127.

Begin

From the icon, select Configuration.

The Configuration domain opens.
From the drop-down list, select Agents.

The Agents pane appears.
From the Manage drop-down list, select the SSH Keys.

The SSH Keys Management pane appears.
Click .

The Add SSH Key pane appears.
Do the following:
1. From the Control-M/Server Name drop-down list, select a Control-M/Server.
2. In the Key Name field, type a logical key name.
3. In the Passphrase field, type a password.
4. In the Confirm Passphrase field, re-type the password to confirm.
5. In the Format of Key to Generate area, select one of the following format options:
  - OpenSSH: An open-source version of the SSH protocol.
  - SSH2: The standard, supported version of the SSH protocol.
6. In the Type of Key to Generate area, select one of the following types of SSH keys:
  - RSA
  - DSA
7. From the Number of Bits in Generated Key drop-down list, select one of the following key-lengths, in bits:
  - 512
  - 768
  - 1,024
  - 2,048
  - 3,072
Click Save.

A message appears asking you to download a text file with the SSH key, and copy it to the Agentless Host.
Click Download.

The file downloads to your default download folder and a copy of the key is stored in the Control-M/Server public key folder.
Copy the SSH key from the download folder or Control-M/Server public key folder to the following SSH public key folder on the Agentless Host:
- OpenSSH Server on UNIX: <jobOwnerHomeDirectory>/.ssh/authorized_keys
- SSH Tectia Server on UNIX: <jobOwnerHomeDirectory>/.ssh2/authorization
- SSH Tectia Server on WINDOWS: <jobOwnerHomeDirectory>\.ssh2\authorization
The SSH key is created and copied to your SSH server.

WMI Requirements

Windows Management Instrumentation (WMI) is a Windows communication protocol, which enables you to connect an Agent to an Agentless Host.

The following table describes the requirements for WMI.

Requirement	Description
Log On As	On the Agent, ensure the following requirements are met: The Agent service Log On As option is set to This Account. The user account that runs the Agent service is set to Administrator and defined as a Domain user. This Account must have read and write permissions on the Sharing tab of the directory that is used as the output share.
Run as User	The Run as User must have the following permissions on the Agentless Host: Administrator group Membership on the Agentless Host, or access to the home directory and any other location that the job command accesses. Full permissions on the Security tab (for the Agent Run as User) of the directory used as the output share. Execute permissions on the <Windows>\system32\cmd.exe file. Output directory is a network Share with the share name SYSOUT.
Trusted for Delegation	The following must be trusted for delegation on the Agent and Agentless Host: The Agent. The Run as User. The command that runs on the Agentless Host, which must have access to another (third) host if you want to connect to a third host.

Requirement

Description

Log On As

On the Agent, ensure the following requirements are met:

The Agent service Log On As option is set to This Account.
The user account that runs the Agent service is set to Administrator and defined as a Domain user.
This Account must have read and write permissions on the Sharing tab of the directory that is used as the output share.

Run as User

The Run as User must have the following permissions on the Agentless Host:

Administrator group Membership on the Agentless Host, or access to the home directory and any other location that the job command accesses.
Full permissions on the Security tab (for the Agent Run as User) of the directory used as the output share.
Execute permissions on the <Windows>\system32\cmd.exe file.
Output directory is a network Share with the share name SYSOUT.

Trusted for Delegation

The following must be trusted for delegation on the Agent and Agentless Host:

The Agent.
The Run as User.
The command that runs on the Agentless Host, which must have access to another (third) host if you want to connect to a third host.

Authorizing an SSH Known Host

An SSH known host is Agentless Host that Control-M has automatically authorized and connected to via SSH in the past. Authorization fails when the name of the Agentless Host changes or an additional Agentless Host with the same name is added.

This procedure describes how to reauthorize an SSH known host.

Begin

From the icon, select Configuration.

The Configuration domain opens.
From the drop-down list, select Agents.

The Agents pane appears.
From the main details pane, select the Agentless Host to reauthorize.
From the drop-down list, select Authorize SSH Known Host.

The Authorize SSH Known Host window appears.
Do one of the following:
- Host: Select the Host checkbox if the name listed matches the Agentless Host name, and click Authorize.
- Logical Host: Select the Logical Host checkbox, type the name of the Agentless Host to reauthorize, and click Authorize.
Follow the prompt.

Control-M reauthorizes the SSH known host.