Agentless Hosts

Agentless Hosts are OS-vendor-supported hosts that can run A Control-M process that adds your job to the Run Queue of the day, according to automatic or manual scheduling, and which enables the job to execute after it fulfills its prerequisites. and execute jobs even though Control-M/Agent is not installed. This eliminates the need to install, update, and manage Control-M/Agent software on Agentless Hosts.

A Control-M/Server communicates with an Agentless Host via one or more associated Agents over a WMI remote protocol or an SSH Secure Shell (SSH) is a networking protocol that enables you to securely connect and transfer information between hosts over secure and insecure networks File Transfer protocol (SFTP). For more information, see Creating an SSH Key and Agentless Hosts.

Agentless Hosts can concurrently execute up to 400 jobs per associated Agent, but you can associate more Agents to increase this number.

Agent_A is associated with Agentless_Host_1, which executes up to 400 concurrent jobs at any time.
Agent_B and Agent_C are associated with Agentless_Host_2, which executes up to 800 concurrent jobs at any time. Associated Agents Agent_B and Agent_C each run 100 jobs.
Agent_D is associated with the following Agentless Hosts:
- Agentless_Host_3: Executes 100 concurrent jobs while Agentless_Host_4 executes 300 jobs.
- Agentless_Host_4: Executes 300 concurrent jobs while Agentless_Host_3 executes 100 jobs.

You can create an Agentless Host as follows:

Creating an Agentless Host: Describes how to manually create an Agentless Host.
ctmhostmap: Describes how to create an Agentless Host from the command line.
Converting an Agent to an Agentless Host: Describes how to convert an Agent to an Agentless Host.

You can also automatically discover and add an Agentless Host, as described in Automatic Agent and Agentless Host Discovery.

Creating an Agentless Host

This procedure describes how to create an Agentless Host and connect it to one or more Agents via an SSH File Transfer protocol (SFTP). This enables you to run and execute jobs on a host where an Agent is not installed.

Begin

From the icon, select Configuration.

The Configuration domain opens.
From the drop-down list, select Agents.

The Agents pane appears.
From the Add Agent drop-down list, select Agentless Host.

The Add Agentless Host pane appears.
Define the Agentless Host, as described in Agentless Host Attributes.
(Optional) Click Test.
In the confirmation dialog, click Add Run as User.
Define a Run as User for the Agentless Host, as described in Adding a Run as User.

Converting an Agent to an Agentless Host

This procedure describes how to convert an Agent to an Agentless Host, which enables you to run and execute jobs on a host where an Agent is not installed.

You cannot convert the local Agent that is installed with Control-M/Server to an Agentless Host.

Before You Begin

Verify that no jobs are executing on the Agent that you want to convert.

Begin

From the icon, select Configuration.

The Configuration domain opens.
From the drop-down list, select Agents.

The Agents pane appears.
Right-click on the Agent that you want to convert, and from the drop-down list select Convert to Agentless Host.

The Convert Agentless Host <Agent_Name> panel appears.
Define the new Agentless Host, as described in Creating an Agentless Host.

Defining Default Agentless Host Settings

This procedure describes how to define the default Agentless Host settings. This enables you to automatically create an Agentless Host that is defined with default Agentless Host settings, as described in Automatic Agent and Agentless Host Discovery.

Begin

From the icon, select Configuration.

The Configuration domain opens.
From the drop-down list, select Agents.

The Agents pane appears.
Click the Manage drop-down list on the Agents toolbar and select Default Agentless Host Settings.

The Default Agentless Host Settings pane appears.
From the Default Agentless Host Settings define the default Agentless Host settings, as described in Agentless Host Attributes.

Agentless Host Attributes

The following table describes the Agentless Host attributes for Creating an Agentless Host and Defining Default Agentless Host Settings.

Attribute	Description
Control-M/Server	Determines the Control-M/Server where the Agentless Host is connected.
Agentless Host	Defines the hostname of the Agentless Host.
Tag	(Optional) Determines the tag A logical name that is used to label specific Agents in a group that has a specific authorization level. that is applied to the Agentless Host.
Associated Agents	Determines the Agents that share Agent utilities with the Agentless Host and connect the Agentless Host to the Control-M/Server.
Set Connection Parameters	Determines one of the following ways that the Agentless Host communicates with its associated Agents: SSH: Secure Shell (SSH) is a networking protocol that enables you to securely connect and transfer information between hosts over secure and insecure networks. WMI (Windows only): Windows Management Instrumentation (WMI) is a Windows networking protocol that enables associated Agents to communicate with Agentless Hosts, as described in WMI Requirements.
SSH Server Port	Determines the SSH server port where the Agentless Host connects.
Compression	Determines whether to compress the encrypted communication, which increases data transfer rates over slower networks.
Sysout Directory	Defines the directory pathname where the job output A tab in the job properties pane of the Monitoring domain where the job output appears that indicates whether a job ended OK, and is used, for example, with jobs that check file location. is saved.

Creating an SSH Key

This procedure describes how to create an SSH key for one or more Agentless Hosts, which enables secure communication with an Agent.

Secure Shell (SSH) keys are authentication credentials, such as usernames and passwords, that enable Agentless Hosts and their associated Agents to communicate over a secure network communication protocol. You can determine which SSH key the Agentless Host uses in the last stage of Creating an Agentless Host when you create a Run as User, as described in Adding a Run as User. SSH supports UNIX and Windows.

Before You Begin

Ensure that the number of simultaneous connections between your Agentless Host and associated Agent is supported by your SSH server settings.
Verify that SFTP is enabled on the SSH server.
(Linux RedHat 9 only) Perform the security changes described in KA 000421127.

Begin

From the icon, select Configuration.

The Configuration domain opens.
From the drop-down list, select Agents.

The Agents pane appears.
From the Manage drop-down list, select SSH Keys.

The SSH Keys Management pane appears.
Click .

The Add SSH Key pane appears.
Do the following:
1. From the Control-M/Server Name drop-down list, select a Control-M/Server.
2. In the Key Name field, type a logical key name.
3. In the Passphrase field, type a password.
4. In the Confirm Passphrase field, re-type the password to confirm.
5. In the Format of Key to Generate area, select one of the following format options:
  - OpenSSH: An open-source version of the SSH protocol.
  - SSH2: The standard, supported version of the SSH protocol.
6. In the Type of Key to Generate area, select one of the following SSH key types:
  - RSA
  - DSA
7. From the Number of Bits in Generated Key drop-down list, select one of the following key-lengths (in bits):
Click Save.

A message appears asking you to download a file that contains the SSH key, and then copy it to the Agentless Host.
Click Download.

The file downloads to your default download folder and a copy of the key is stored in the Control-M/Server public key folder.
Do one of the following:
- OpenSSH Server on UNIX: Copy the content of the SSH key file from the default download folder or Control-M/Server public key folder to the following SSH public key folder on the Agentless Host:
  
  <Job_Owner_Home_Directory>/.ssh/authorized_keys
- SSH2 Tectia Server: Do the following:
  - UNIX
    1. Copy the SSH key file from the default download folder or Control-M/Server public key folder to the following SSH public key folder on the Agentless Host:
      
      <Job_Owner_Home_Directory>/.ssh2/
    2. Open the authorization file and type the following:
      
      Key <SSH_Key_Filename>
  - Windows
    1. Copy the SSH key file from the default download folder or Control-M/Server public key folder to the following SSH public key folder on the Agentless Host:
      
      <Job_Owner_Home_Directory>\.ssh2\
    2. Open the authorization file and type the following:
      
      Key <SSH_Key_Filename>
The SSH key is created and copied to your SSH server.

WMI Requirements

Windows Management Instrumentation (WMI) is a Windows communication protocol that enables you to connect an Agent to an Agentless Host.

The following table describes the WMI requirements.

Requirement	Description
Log On As	On the Agent, ensure the following requirements are met: The Agent service Log On As option is set to This Account. The user account that runs the Agent service is set to Administrator and defined as a Domain user. This Account must have read and write permissions on the Sharing tab of the directory that is used as the output share.
Run as User	The Run as User must have the following permissions on the Agentless Host: Administrator group membership on the Agentless Host, or access to the home directory and any other location that the job command accesses. Full permissions on the Security tab (for the Agent Run as User) of the directory used as the output share. Execute permissions for the <Windows>\system32\cmd.exe file. Output directory is a network Share with the share name SYSOUT.
Trusted for Delegation	The following must be trusted for delegation on the Agent and Agentless Host: The Agent. The Run as User. The command that runs on the Agentless Host, which must have access to another (third) host if you want to connect to a third host.

Requirement

Description

Log On As

On the Agent, ensure the following requirements are met:

The Agent service Log On As option is set to This Account.
The user account that runs the Agent service is set to Administrator and defined as a Domain user.
This Account must have read and write permissions on the Sharing tab of the directory that is used as the output share.

Run as User

The Run as User must have the following permissions on the Agentless Host:

Administrator group membership on the Agentless Host, or access to the home directory and any other location that the job command accesses.
Full permissions on the Security tab (for the Agent Run as User) of the directory used as the output share.
Execute permissions for the <Windows>\system32\cmd.exe file.
Output directory is a network Share with the share name SYSOUT.

Trusted for Delegation

The following must be trusted for delegation on the Agent and Agentless Host:

The Agent.
The Run as User.
The command that runs on the Agentless Host, which must have access to another (third) host if you want to connect to a third host.

Authorizing an SSH Known Host

This procedure describes how to reauthorize an SSH known host, which is an Agentless Host that Control-M has automatically authorized and connected to via SSH in the past. Authorization fails when the name of the Agentless Host changes or an additional Agentless Host with the same name is added.

Begin

From the icon, select Configuration.

The Configuration domain opens.
From the drop-down list, select Agents.

The Agents pane appears.
From the main details pane, select the Agentless Host to reauthorize.
From the drop-down list, select Authorize SSH Known Host.

The Authorize SSH Known Host dialog box appears.
Do one of the following:
- Host: Select the Host checkbox if the name listed matches the Agentless Host name, and click Authorize.
- Logical Host: Select the Logical Host checkbox, type the name of the Agentless Host to reauthorize, and click Authorize.
Follow the prompt.

Control-M reauthorizes the SSH known host.