Control-M Installation on a Cloud Environment

The following procedures describe how to install Control-M on a Cloud environment:

Installing Control-M on an EC2 Linux Platform

This procedure describes how to install Control-M on an EC2 Linux platform.

If you are using an Oracle database, swap memory must be enabled on AWS Linux.

Begin

  1. Do the following to create a Control-M-supported Linux OS instance—for example, Red Hat 8.5 or higher:

    1. In the Cloud Services Management Console, select the instance operating system.

      For a list of supported platforms, see the BMC Product Compatibility page.

    2. Select the instance type.

      This must be an M5 instance with 4 CPU or more.

    3. Use the default configuration except for the following:

      • Select a supported Control-M OS with at least 24 GB of RAM, or as specified in the installation Guide for hardware requirements for the components you are installing.

      • Add at least 100 GB of storage, or as specified in the Installation Guide for disk space requirements.

    4. Tag the instance with a name for easy reference, such as CONTROLM.

    5. Configure the Security Group as follows:

      • TCP Port 22: Enables SSH authentication to log in to the server.

      • TCP Ports 13076–13098: Control-M/EM components (or any range of 22 ports).

      • TCP Port 18080: Control-M EM/Web Server.

      • TCP Port 7105: Enables the Agent to communicate with the Control-M/Server.

      • TCP Port 7106: Enables the Control-M/Server to communicate with the Agent.

      • TCP Port 2368: Enables Control-M/Server High Availability communication between the Primary and Secondary.

      • TCP Port 2369: Enables Control-M/Server to communicate with the Control-M/EM Configuration Server.

      • TCP Port 2370: Enables Control-M/Server to communicate with the Control-M/EM Gateway.

      • TCP Port 8443: Control-M Automation API and Control-M/EM Web Server using HTTPS.

      • TCP Port 8393: Enables Control-M/Server to communicate with Control-M/EM microservice request service.

      • Open inbound traffic for RDS Oracle/PG, or your own MSSQL ports.

    6. Review the instance configuration and launch the instance.

    7. Create and store a Public/Private security key pair for logging in with SSH.

    8. In the Cloud Instance Network, create an Elastic IP address (Public IP) and associate it with your server instance.

  2. Log in to the Cloud Services server using SSH by doing the following:

    1. Log in with the Cloud Instance username, not the root.

    2. Set the SSH login format as follows:

      ssh -i <path>/<private key file><Cloud Instance user>@<public hostname>

    3. Login as the root:

      sudo su –

      You may not be able to SSH from within the company network to the Cloud Services instance. You may need to have IT open the Cloud Services instance IP address for SSH or access the Cloud Services instance from inside the company network.

  3. Configure the cloud instance by doing the following:

    1. Create the Control-M UNIX group: groupadd controlm

      • For Linux environment, it is recommended that Control-M Enterprise Manager and Control-M/Server are installed in its own individual OS accounts.

        Create the Control/EM UNIX User: useradd –d /home/ctmem –g controlm –s /bin/csh ctmem

        Create the Control/Server UNIX User: useradd –d /home/ctmserv –g controlm –s /bin/csh ctmserv

      • After you install Control-M/EM repeat steps 4–7 below for Control-M/Server. Step 5 should be performed only once on a given machine.

      • Using Full Install:

        Create the Control-M UNIX User: useradd –d /home/ctm –g controlm –s /bin/csh ctm

    2. Change permissions in the Control-M/EM and Control-M/Server home directory to 755:

      chmod 755 /home/ctm

  4. Sftp the Control-M installation image to the Cloud Services server as follows:

    Post Cloud Services only supports sftp and not ftp, however the BMC EPD does not support sftp.

    1. Use ftp to transfer the Control-M installation image to a server.

    2. Use sftp to transfer the Control-M image to the Cloud Services server.

  5. Run check_req.sh to verify server by doing the following:

    1. Copy the file check_req_tar.Z from the installation media.

    2. Ensure Korn shell is installed on the system. If not, run the following command to install the Korn shell: 

      yum install ksh

      The Korn shell will be needed later for installing fix packs.

    3. Ensure the csh, psmisc, bc, flex, and io libraries are installed. If not, install the libraries as follows:

      • yum install csh

      • yum install psmisc

      • yum install libaio

      • yum install bc

      • yum install flex

      If the following check_req error occurs Not enough free swap space. At least 10GB free swap is required, then the following steps create a 12 GB swap space file. For production systems, you must allocate a swap device instead, as follows:

      1. Create the swap file: dd if=/dev/zero of=/swapfile bs=1024 count=12582912

      2. Change the permission of the new swap file: chmod 0600 /swapfile

      3. Setup the swap file with the command: mkswap /swapfile

      4. enable the swap file: swapon /swapfile

      5. Enable it at boot time - edit/etc/fstabto include: /swapfile swap swap defaults 0 0

      6. Verify the swap file space:cat /proc/swaps orfree

    Do the following if this check_req error occurs Change the kernel.sem (semmni) value to higher or equal to 500:

    1. To view current settings run the following command:

      cat /proc/sys/kernel/sem

    2. To change settings run the following command:

      sysctl –w kernel.sem="250 32000 256 400"

  6. Run the Control-M Setup when you are logged in to a Control-M account.

  7. Connect to Control-M components that are behind a firewall, as described in Control-M Communication Behind a Firewall

    Use the ports that you specified above to configure static ports in Control-M configuration files for all endpoints.

    For endpoints that are defined for microservices, use the 13076–13098 range of ports. If additional ports are needed, adjust this range to include the additional ports.

  8. (Optional) If you must add a storage volume, do the following:

    • Create the storage volume in Cloud Instance and associate it with the Instance.

    • Log in to the server and create the partition on it with fdisk:

      fdisk

    • Create the file system using mkfs:

      mkfs -t ext4 /dev/xvdb

    • Run the following command to mount the file system to a directory: 

      mount -t ext4 /dev/xvdb/media/controlm

    • Add it to the /etc/fstab file so it automatically mounts on reboot.

      /dev/xvdf/media/controlmext4defaults1 2

Installing Control-M on EC2 Windows Platform

This procedure describes how to install Control-M on an EC2 Windows platform.

Before You Begin

To install Control-M, do the following to assign AMI a hostname in the format of ‘ip-<hex Internal IP>’, so the AMIs can communicate with each other by private hostname:

  • Launch the EC2 Service Properties.

  • Select the General tab.

  • Select the Set Computer Name checkbox.

Begin

  1. Do the following to create a Control-M Supported Windows OS instance—for example, a Windows 2022 Server instance:

    1. In the Cloud Services Management Console, select the instance operating system.

      For a list of supported platforms, see the BMC Product Compatibility page.

    2. Select the instance type.

      This must be an M5 instance with 4 CPU or more.

    3. Use the default configuration except for the following:

      • Select a supported Control-M OS with at least 24 GB of RAM, or as specified in the installation Guide for hardware requirements for the components you are installing.

      • Add at least 100 GB of storage, or as specified in the Installation Guide for disk space requirements.

    4. Tag the instance with a name for easy reference, such as CONTROLM.

    5. Configure the Security Group as follows:

      • TCP Port 22: Enables SSH authentication to log in to the server.

      • TCP Ports 13076–13098: Control-M/EM components (or any range of 22 ports).

      • TCP Port 18080: Control-M EM/Web Server.

      • TCP Port 7105: Enables the Agent to communicate with the Control-M/Server.

      • TCP Port 7106: Enables the Control-M/Server to communicate with the Agent.

      • TCP Port 2368: Enables Control-M/Server High Availability communication between the Primary and Secondary.

      • TCP Port 2369: Enables Control-M/Server to communicate with the Control-M/EM Configuration Server.

      • TCP Port 2370: Enables Control-M/Server to communicate with the Control-M/EM Gateway.

      • TCP Port 8443: Control-M Automation API and Control-M/EM Web Server using HTTPS.

      • TCP Port 8393: Enables Control-M/Server to communicate with Control-M/EM microservice request service.

      • Open inbound traffic for RDS Oracle/PG, or your own MSSQL ports.

    6. Review the instance configuration and launch the instance.

    7. In the Cloud Instance Network, create an Elastic IP address (Public IP) and associate it with your server instance.

  2. Download a Remote Desktop File for Windows instance from your EC2 Instance dashboard.

  3. Do the following to get a password:

    1. Click Get Password.

    2. Browse the PEM file and decrypt password.

  4. Do the following to log in to the Windows Image with Remote Desktop File:

    1. Launch the downloaded RDP file.

    2. Type in the username and password.

  5. Sftp the Control-M installation image to the Cloud Services server as follows:

    1. Go to BMC's Electronic Product Distribution (EPD) portal and download a Windows Control-M installation image.

    2. Use sftp to transfer the Control-M image to the Cloud Services server.

      Post Cloud Services only supports sftp, while BMC EPD only supports ftp.

  6. Run the Control-M 9.0.21.300 Setup.

  7. Connect to Control-M components that are behind a firewall, as described in Control-M Communication Behind a Firewall

    Use the ports that you specified above to configure static ports in Control-M configuration files for all endpoints.

    For endpoints that are defined for microservices, use the 13076–13098 range of ports. If additional ports are needed, adjust this range to include the additional ports.

Installing Control-M on the AWS Marketplace

The following procedure describes how to create a Linux based Control-M 9.0.00 environment from AWS Marketplace.

Begin

  1. Do one of the following to create a virtual machine (instance):

    • Do the following to create an instance in the AWS Marketplace:

      1. Log in to the AWS Marketplace, and search by keyword BMC.

      2. Select Control-M (BYOL), and click Continue.

      3. Click 1-Click Launch or Manual Launch to launch.

      4. Navigate to Your Software Subscriptions, and click View Instances.

      5. Find your AWS instance, and click Manage in AWS Console.

        You can now manage the Control-M (BYOL) instance in the AWS Console.

    • Do the following to create an instance in the AWS Marketplace, under EC2 Console.

      This option enables you to customize instances, assign an existing security group, and create brand new pem key file.

      1. Log in to the EC2 Console and select AWS Marketplace.

      2. Find Control-M by searching for BMC.

      3. Choose the instance type, configure the instance details, add storage, and add tags.

      4. Configure Security Group. You can choose either to create a new security group or select an existing one.

      5. Click Launch and select a key pair. You can choose either to use the existing key pair or create a new one.

      6. Launch the Control-M Instance.

Activating Control-M from the AWS Marketplace

This procedure describes how to activate Control-M after the Control-M instance is created in AWS Marketplace or the EC2 console.

Begin

  1. Connect to the created Linux platform.

  2. Follow the prompt to setup the required username and password.

  3. Download and install the Control-M Client from EPD, as described in Obtaining Control-M Installation Files.

    Ensure that the connection to Control-M/EM Web Server port at 18080 can be established.

    In order to connect to Control-M instance created from AWS Marketplace, note the following:

    • The ec2-user must be used to connect to the Control-M instance.

    • The created pem key file is also used for ec2-user authentication during connection.

    • The Control-M is installed under the user of control.

    • Each AWS instance has its internal (private) name and public DNS. Control-M listens on public DNS only.

    • Switch to controlm user from ecs-user.

    • By default, the controlm user has the full administrative permission to manage the installed Control-M.

    • View installed Control-M products using the OneInstall installation type.

Updating the DNS Server after Recycling the AMI

This procedure describes how to update the local DNS Server to use the new host name and public IP Address of the Amazon EC2 after recycling the AMI, and publishing Control-M/EM on the new public DNS name.

Amazon EC2 instance host names are derived from the IP address that is dynamically assigned to the instance at startup. Unless the Amazon EC2 instance is allocated with an Elastic IP address (static IP address), the instance will be assigned to a new public IPv4 address after a server restart.

Begin

  1. Stop the Control-M/Enterprise Manager Configuration Agent.

  2. Launch the Windows Task Manager and ensure all the following processes are stopped:

    • emwa.exe

    • emcms.exe

    • emcmsg.exe

    • emgtw.exe

    • emguisr.exe

    • emmaintag.exe

    • eaming_service.exe

  3. Open the cmd.exe console and navigate to the following path:

    <Drive:>\Program Files\BMC Software\Control-M EM 9.0.20\Default\bin

  4. Run the following command to update Control-M/EM with the new IP address:

    updateEmPublicHost.bat

  5. Start Control-M/Enterprise Manager Server.

Installing a Control-M instance from GCP Marketplace

This procedure describes how to install a Control-M instance from GCP Marketplace. The available image on GCP marketplace holds a complete installation of all Control-M components within the same image and can be used for non-production environment.

BMC only sells Control-M on GCP marketplace via Private Offers and customized pricing.

Begin

  1. Open the Control-M portal page on GCP Marketplace.

  2. Follow the on-screen instructions to configure the required deployment parameters, such as, service account, instance type, region, and ports to create your new VM instance.

  3. Connect to the VM using SSH-in-Browser from the Google Cloud Console, and run the following command:

    sudo su - gcp-user

  4. After you have logged in as a gcp-user, follow the on-screen instructions to configure Control-M components.

    If you need to restart the VM and relaunch Control-M, run sudo su - gcp-user and then run the script: /home/gcp-user/.init_ctm.

Installing Control-M on a Google Compute Engine Linux VM Instance

This procedure describes how to install Control-M on a Google Compute Engine Linux VM Instance.

BMC only sells Control-M on GCP marketplace via Private Offers and customized pricing.

Before You Begin

Begin

  1. Clone an existing Google Compute Engine Linux VM image and attach a BMC specific marketplace license, as follows:

    1. Use gcloud to set the following defaults for the Google Cloud CLI:

      gcloud config set project <project_id>

      gcloud config set compute/zone <zone>

    2. List the images in your project, as follows:

      gcloud compute images list

    3. Run the following commands to clone an existing image and attach a VM license to a new VM image.

      The following example uses a public Ubuntu image, which you need to replace with your actual image:

      Copy 
      SOURCE_IMAGE=ubuntu-2204-lts
      SOURCE_IMAGE_PROJECT=ubuntu-os-cloud
      IMAGE_NAME=<YOUR_IMAGE_NAME>
      PROJECT_ID=<YOUR_PROJECT_ID>
       
      gcloud compute images create $IMAGE_NAME \
      --project=$PROJECT_ID --source-image-family=$SOURCE_IMAGE \
      --source-image-project=ubuntu-os-cloud \
      --licenses=projects/bmcmarketplace/global/licenses/cloud-marketplace-d4a2942429e65e04-df1ebeb69c0ba664

    You must add the BMC specific license file to the image, as required by Google marketplace.

  2. Create a VM from the image you created, as follows:

    1. Create a VM instance from the Google Cloud Console and add a specific BMC label with the following values:

      • key: goog-partner-solution

      • value: isol_plb32_0014m00001h35dlqai_sqm32wgis4kishfzedmvrz6wpotzd22s

    2. Select the VM zone or let Google automatically choose a zone for you based on machine type and availability.

    3. Select the right machine type per your environment requirement per the needed component and hardware requirements, as described in Control-M Installation.

    4. In the Boot disk section, select the image and then set the boot disk type to Balanced persistent disk and size per the specific installed component system requirements.

    5. In Identity and API access, choose your service account or use the default.

    6. Configure the Firewall rules, as follows:

      • TCP Port 22: Enables SSH authentication to log in to the server.

      • TCP Ports 13076–13098: Control-M/EM components (or any range of 22 ports).

      • TCP Port 18080: Control-M/EM Web Server.

      • TCP Port 7105: Enables the Agent to communicate with the Control-M/Server.

      • TCP Port 7106: Enables the Control-M/Server to communicate with the Agent.

      • TCP Port 2368: Enables Control-M/Server High Availability communication between the Primary and Secondary.

      • TCP Port 2369: Enables Control-M/Server to communicate with the Control-M/EM Configuration Server.

      • TCP Port 2370: Enables Control-M/Server to communicate with the Control-M/EM Gateway.

      • TCP Port 8443: Control-M Automation API and Control-M/EM Web Server using HTTPS.

      • TCP Port 8393: Enables Control-M/Server to communicate with Control-M/EM microservice request service.

      • Open inbound traffic for your Oracle/PostgreSQL/MSSQL ports..

    7. Review the instance configuration and launch the instance.

    8. Create a static IP address in the same region as your VM instance and assign it to your instance. For more information, see Google Compute Documentation.

  3. Connect to the VM using SSH-in-Browser from the Google Cloud Console, and run the following command to log in as root:

    sudo su –

    You might not be able to open an SSH connection within your company network to the Cloud Services instance. You might need to request IT open the Cloud Services instance IP address for SSH or access the Cloud Services instance from inside the company network.

  4. Configure the cloud instance by doing the following:

    1. Create the Control-M UNIX group: groupadd controlm

      BMC recommends that you install Control-M/EM and Control-M/Server on separate accounts.

      • Control/EM UNIX User: useradd –d /home/ctmem –g controlm –s /bin/csh ctmem

      • Control/Server UNIX User: useradd –d /home/ctmserv –g controlm –s /bin/csh ctmserv

    2. Change permissions in the Control-M/EM and Control-M/Server home directory to 755:

      chmod 755 /home/ctm

  5. Transfer the Control-M installation package per component that you want to install from BMC EPD to your VM. Follow Google documentation on the various options to transfer.

  6. Run check_req.sh to verify server requirements, as described in Verifying Operating System Levels and Patches.

    If you installed both Control-M/EM and Control-M/Server on the same host, you only need to perform this step once.

  7. Connect to the required Control-M components that are behind a firewall, as described in Control-M Communication Behind a Firewall.

  8. Configure static ports in Control-M configuration files for all endpoints with the same ports that you defined in the firewall rules.

    For endpoints that are defined for microservices, use the 13076–13098 range of ports. If additional ports are required, adjust this range to include the additional ports.