Control-M Installation on a Cloud Environment

The following procedures describe how to install Control-M on a Cloud environment:

Ensure that you meet all of the requirements for the installation type that you perform. See the system requirements for the relevant installation type. See Control-M Installation.

Configuring an EC2 Linux Platform for Control-M Installation

This procedure describes how to configure an EC2 Linux platform to install Control-M.

If you are using an Oracle database, swap memory must be enabled on AWS Linux.

Before You Begin

  • For a list of supported platforms, see Product Availability & Compatibility.

    If you create a Red Hat Linux instance, you must have Red Hat 9.0 or above.

  • Verify that you have access to BMC EPD.

  • Verify

Begin

  1. Create a Control-M-supported Linux OS instance and do the following:

    1. Verify that these ports are open for the security group rules:

      • TCP Port 22: Enables SSH authentication to log in to the server.

      • TCP Ports 13076–13098: Control-M/EM components (or any range of 22 ports).

      • TCP Port 18080: Control-M/EM Web Server.

      • TCP Port 7105: Enables the Agent to communicate with the Control-M/Server.

      • TCP Port 7106: Enables the Control-M/Server to communicate with the Agent.

      • TCP Port 2368: Enables Control-M/Server High Availability communication between the Primary and Secondary.

      • TCP Port 2369: Enables Control-M/Server to communicate with the Control-M/EM Configuration Server.

      • TCP Port 2370: Enables Control-M/Server to communicate with the Control-M/EM Gateway.

      • TCP Port 8443: Control-M Automation API and Control-M/EM Web Server using HTTPS.

      • TCP Port 8393: Enables Control-M/Server to communicate with Control-M/EM microservice request service.

      • RDS Oracle/PG or your own MSSQL ports.

    2. Review the instance configuration and launch the instance.

    3. Create and store a Public/Private security key pair to log in with SSH.

    4. Create an Elastic IP address (Public IP) and associate it with your server instance.

  2. Connect to the Cloud Services server with SSH, as follows:

    1. Log in with the Cloud Instance username, such as ec2-user, and not the root.

    2. Run the following command to set the SSH login format:

      ssh -i <path>/<private key file><Cloud Instance user>@<public hostname>

    3. Run the following command to log in as root:

      sudo su –

    You might not be able to open an SSH connection within your company network to the Cloud Services instance. You might need to request IT open the Cloud Services instance IP address for SSH or access the Cloud Services instance from inside the company network.

  3. Configure the cloud instance, as follows:

    1. Create the Control-M UNIX group: groupadd controlm

      BMC recommends that you install Control-M/EM and Control-M/Server on separate accounts.

      • Control/EM UNIX User: useradd –d /home/ctmem –g controlm –s /bin/csh ctmem

      • Control/Server UNIX User: useradd –d /home/ctmserv –g controlm –s/bin/csh ctmserv

    2. Change permissions in the Control-M/EM and Control-M/Server home directory to 755:

      chmod 755 /home/ctm

  4. Transfer the Control-M installation package per component that you want to install from BMC EPD to your VM. Follow AWS documentation on the various options to transfer.

  5. Run check_req.sh to verify server requirements, as described in Verifying Operating System Levels and Patches.

    If you installed both Control-M/EM and Control-M/Server on the same host, you only need to perform this step once.

  6. Connect to the required Control-M components that are behind a firewall, as described in Control-M Communication Behind a Firewall.

  7. Configure static ports in Control-M configuration files for all endpoints with the same ports that you defined in the security group rules.

    For endpoints that are defined for microservices, use the 13076–13098 range of ports. If additional ports are required, adjust this range to include the additional ports.

  8. Install Control-M. See Control-M Installation.

Configuring an EC2 Windows Platform for Control-M Installation

This procedure describes how to configure an EC2 Windows platform to install Control-M.

Before You Begin

  • Assign an Amazon Machine Image (AMI) a hostname in the following format:

    ip-<hex Internal IP>

    This enables the AMIs to communicate with each other by a private hostname.

  • For a list of supported platforms, see Product Availability & Compatibility.

  • Verify that you have access to BMC EPD.

Begin

  1. Create a Control-M-supported Windows OS instance and do the following:

    1. Verify that these ports are open for the security group rules:

      • TCP Port 22: Enables SSH authentication to log in to the server.

      • TCP Ports 13076–13098: Control-M/EM components (or any range of 22 ports).

      • TCP Port 18080: Control-M/EM Web Server.

      • TCP Port 7105: Enables the Agent to communicate with the Control-M/Server.

      • TCP Port 7106: Enables the Control-M/Server to communicate with the Agent.

      • TCP Port 2368: Enables Control-M/Server High Availability communication between the Primary and Secondary.

      • TCP Port 2369: Enables Control-M/Server to communicate with the Control-M/EM Configuration Server.

      • TCP Port 2370: Enables Control-M/Server to communicate with the Control-M/EM Gateway.

      • TCP Port 8443: Control-M Automation API and Control-M/EM Web Server using HTTPS.

      • TCP Port 8393: Enables Control-M/Server to communicate with Control-M/EM microservice request service.

      • RDS Oracle/PG or your own MSSQL ports.

    2. Review the instance configuration and launch the instance.

    3. Create an Elastic IP address (Public IP) and associate it with your server instance.

  2. Download a Remote Desktop File for Windows instance from your EC2 Instance dashboard.

  3. Log in to the Windows Image with the Remote Desktop File. You need your username and the password from the PEM file in EC2.

  4. Transfer the Control-M installation package per component that you want to install from BMC EPD to your VM. Follow AWS documentation on the various options to transfer.

  5. Connect to the required Control-M components that are behind a firewall, as described in Control-M Communication Behind a Firewall.

  6. Configure static ports in Control-M configuration files for all endpoints with the same ports that you defined in the security group rules.

    For endpoints that are defined for microservices, use the 13076–13098 range of ports. If additional ports are required, adjust this range to include the additional ports.

  7. Install Control-M. See Control-M Installation.

Installing Control-M on the AWS Marketplace

This procedure describes how to create a virtual machine (instance) for a Linux-based Control-M environment from AWS Marketplace.

Before You Begin

  • Ensure that you have the VPC and subnet settings of your account available for the configuration process.

  • Generate a key pair in AWS.

Begin

  1. Open the BMC Control-M portal page on AWS Marketplace or the EC2 console.

  2. Follow the on-screen instructions to configure the required deployment parameters, such as instance type, region, network settings, key pair, and ports to create your new VM instance.

    • For the instance type in AWS Marketplace or Amazon Machine Image (AMI) in the EC2 console, select a BMC-supported instance type.

      BMC recommends that you select the default m4.2xlarge.

    • For security group settings in AWS Marketplace or firewall settings in the EC2 console, select a security group that has one of the following ports opened:

      • TCP Port 22: Enables SSH authentication to log in to the server.

      • TCP Port 7: Enables the server to send back the data it receives from the sender via the Echo Protocol.

      • TCP Port 18080: Control-M/EM Web Server.

      • TCP Port 7005: Enables Control-M/Agent to communicate with the Control-M/Server.

      • TCP Port 5432: Enables Control-M/Server to communicate with the database.

      • TCP Port 8446: Control-M Automation API and Control-M/EM Web Server using HTTPS.

Activating Control-M from the AWS Marketplace

This procedure describes how to activate Control-M after the Control-M instance is created in AWS Marketplace or the EC2 console.

Begin

  1. In the instance that you created in the EC2 console, copy the SSH command example in the connection options of the EC2 console.

    The command is in the following format:

    ssh -i "<filename>.pem" ec2-user@<server-name>

  2. Connect to the Linux platform.

  3. Paste the SSH command that you copied to connect to the EC2 user.

  4. Type the required parameters, such as the username and password for each user, to complete the installation.

    After the script runs, a URL appears in the following format: http://<name-of-server>:<port>

  5. Click the link to log in to Control-M with the username and password that you entered when you added the parameters.

Updating the DNS Server after Recycling the AMI

This procedure describes how to update the local DNS Server to use the new host name and public IP Address of the Amazon EC2 after recycling the AMI, and publishing Control-M/EM on the new public DNS name.

Amazon EC2 instance host names are derived from the IP address that is dynamically assigned to the instance at startup. Unless the Amazon EC2 instance is allocated with an Elastic IP address (static IP address), the instance will be assigned to a new public IPv4 address after a server restart.

Begin

  1. Stop the Control-M/Enterprise Manager Configuration Agent.

  2. Launch the Windows Task Manager and ensure all the following processes are stopped:

    • emwa.exe

    • emcms.exe

    • emcmsg.exe

    • emgtw.exe

    • emguisr.exe

    • emmaintag.exe

    • eaming_service.exe

  3. Open the cmd.exe console and navigate to the following path:

    <Drive:>\Program Files\BMC Software\Control-M EM 9.0.20\Default\bin

  4. Run the following command to update Control-M/EM with the new IP address:

    updateEmPublicHost.bat

  5. Start Control-M/Enterprise Manager Server.

Installing a Control-M instance from GCP Marketplace

This procedure describes how to install a Control-M instance from GCP Marketplace. The available image on GCP marketplace holds a complete installation of all Control-M components within the same image and can be used for non-production environment.

BMC only sells Control-M on GCP marketplace via Private Offers and customized pricing.

Begin

  1. Open the Control-M portal page on GCP Marketplace.

  2. Follow the on-screen instructions to configure the required deployment parameters, such as, service account, instance type, region, and ports to create your new VM instance.

  3. Connect to the VM using SSH-in-Browser from the Google Cloud Console, and run the following command:

    sudo su - gcp-user

  4. After you have logged in as a gcp-user, follow the on-screen instructions to configure Control-M components.

    If you need to restart the VM and relaunch Control-M, run sudo su - gcp-user and then run the script: /home/gcp-user/.init_ctm.

Configuring on a Google Compute Engine Linux VM Instance for Control-M Installation

This procedure describes how to configure a Google Compute Engine Linux VM Instance to install Control-M.

BMC only sells Control-M on GCP marketplace via Private Offers and customized pricing.

Before You Begin

Begin

  1. Clone an existing Google Compute Engine Linux VM image and attach a BMC specific marketplace license, as follows:

    1. Use gcloud to set the following defaults for the Google Cloud CLI:

      gcloud config set project <project_id>

      gcloud config set compute/zone <zone>

    2. List the images in your project, as follows:

      gcloud compute images list

    3. Run the following commands to clone an existing image and attach a VM license to a new VM image.

      The following example uses a public Ubuntu image, which you need to replace with your actual image:

      Copy
      SOURCE_IMAGE=ubuntu-2204-lts
      SOURCE_IMAGE_PROJECT=ubuntu-os-cloud
      IMAGE_NAME=<YOUR_IMAGE_NAME>
      PROJECT_ID=<YOUR_PROJECT_ID>
       
      gcloud compute images create $IMAGE_NAME \
      --project=$PROJECT_ID --source-image-family=$SOURCE_IMAGE \
      --source-image-project=ubuntu-os-cloud \
      --licenses=projects/bmcmarketplace/global/licenses/cloud-marketplace-d4a2942429e65e04-df1ebeb69c0ba664

    You must add the BMC specific license file to the image, as required by Google marketplace.

  2. Create a VM from the image you created, as follows:

    1. Create a VM instance from the Google Cloud Console and add a specific BMC label with the following values:

      • key: goog-partner-solution

      • value: isol_plb32_0014m00001h35dlqai_sqm32wgis4kishfzedmvrz6wpotzd22s

    2. Select the VM zone or let Google automatically choose a zone for you based on machine type and availability.

    3. Select the right machine type per your environment requirement per the needed component and hardware requirements, as described in Control-M Installation.

    4. In the Boot disk section, select the image and then set the boot disk type to Balanced persistent disk and size per the specific installed component system requirements.

    5. In Identity and API access, choose your service account or use the default.

    6. Configure the Firewall rules, as follows:

      • TCP Port 22: Enables SSH authentication to log in to the server.

      • TCP Ports 13076–13098: Control-M/EM components (or any range of 22 ports).

      • TCP Port 18080: Control-M/EM Web Server.

      • TCP Port 7105: Enables the Agent to communicate with the Control-M/Server.

      • TCP Port 7106: Enables the Control-M/Server to communicate with the Agent.

      • TCP Port 2368: Enables Control-M/Server High Availability communication between the Primary and Secondary.

      • TCP Port 2369: Enables Control-M/Server to communicate with the Control-M/EM Configuration Server.

      • TCP Port 2370: Enables Control-M/Server to communicate with the Control-M/EM Gateway.

      • TCP Port 8443: Control-M Automation API and Control-M/EM Web Server using HTTPS.

      • TCP Port 8393: Enables Control-M/Server to communicate with Control-M/EM microservice request service.

      • Open inbound traffic for your Oracle/PostgreSQL/MSSQL ports..

    7. Review the instance configuration and launch the instance.

    8. Create a static IP address in the same region as your VM instance and assign it to your instance. For more information, see Google Compute Documentation.

  3. Connect to the VM using SSH-in-Browser from the Google Cloud Console, and run the following command to log in as root:

    sudo su –

    You might not be able to open an SSH connection within your company network to the Cloud Services instance. You might need to request IT open the Cloud Services instance IP address for SSH or access the Cloud Services instance from inside the company network.

  4. Configure the cloud instance by doing the following:

    1. Create the Control-M UNIX group: groupadd controlm

      BMC recommends that you install Control-M/EM and Control-M/Server on separate accounts.

      • Control/EM UNIX User: useradd –d /home/ctmem –g controlm –s /bin/csh ctmem

      • Control/Server UNIX User: useradd –d /home/ctmserv –g controlm –s /bin/csh ctmserv

    2. Change permissions in the Control-M/EM and Control-M/Server home directory to 755:

      chmod 755 /home/ctm

  5. Transfer the Control-M installation package per component that you want to install from BMC EPD to your VM. Follow Google documentation on the various options to transfer.

  6. Run check_req.sh to verify server requirements, as described in Verifying Operating System Levels and Patches.

    If you installed both Control-M/EM and Control-M/Server on the same host, you only need to perform this step once.

  7. Connect to the required Control-M components that are behind a firewall, as described in Control-M Communication Behind a Firewall.

  8. Configure static ports in Control-M configuration files for all endpoints with the same ports that you defined in the firewall rules.

    For endpoints that are defined for microservices, use the 13076–13098 range of ports. If additional ports are required, adjust this range to include the additional ports.

  9. Install Control-M. See Control-M Installation.

Installing Control-M/EM and Control-M/Server with GCP PostgreSQL

The GCP proxy automatically manages secure communication between the database and the application. It handles the certificates internally.

This procedure describes how to install Control-M/EM and Control-M/Server with the external GCP PostgreSQL database service via a GCP proxy.

Before You Begin

  • Create two user accounts on the UNIX host for a dedicated GCP proxy and Control-M.

Begin

  1. Log in to the GCP proxy account.

  2. Download the following installation packages to the home directory on the GCP proxy account:

    • Google Cloud CLI: Download from Google Cloud Home.

    • cloud_sql_proxy.linux.amd64: Download from GitHub.

  3. Install Google Cloud CLI.

  4. Add Google Cloud CLI binary files to the account PATH definition.

    The <account home directory>/google-cloud-sdk/bin directory must be part of the account $PATH environment variable for .cshrc or any other environment file, such as:

    echo “setenv PATH ${PATH}:/home/proxy/google-cloud-sdk/bin” > $HOME/.cshrc

  5. Log out and log back in to the GCP proxy account.

  6. Type the following and follow the instructions to activate gcloud and connect the GCP proxy to the account in Google:

    >gcloud init

  7. Type the following to connect to the GCP proxy:

    chmod +x ./cloud_sql_proxy.linux.amd64

    ./cloud_sql_proxy.linux.amd64 -instances=<GCP Database Instance Connection String>=tcp:3306

    where the <GCP Database Instance Connection String> is an instance that you select from the list of external GCP PostgreSQL Servers.

    The connection details are as follows:

    • IP address: 127.0.0.1

    • Port: 3306

    Start a proxy connection for instance sso-gcp-dba-ctm1-priv-cc30752:europe-west1:pg13 and port 3306:

    ./cloud_sql_proxy.linux.amd64 -instances=sso-gcp-dba-ctm1-priv-cc30752:europe-west1:pg13=tcp:3306

  8. Ensure that this session stays open so any connection to the GCP server connects locally to the proxy.

  9. Log in to the second account that you created for Control-M.

  10. Install Control-M directly on the GCP proxy with the following connection details:

    • IP address: 127.0.0.1

    • Port: 3306

    For the full Control-M installation procedures, see Control-M Installation.