Installing Control Hub

You can install Control Hub on the same machine as the required databases or on a remote machine. For best performance, we recommend installing on a remote machine.

During the Control Hub installation process, you can optionally install and configure a system Data Collector. Administrators can enable or disable the system Data Collector for use as the default authoring Data Collector in Pipeline Designer.

After starting Control Hub, log in to the instance and create the required organizations.

Control Hub also includes a separate Admin tool to monitor and troubleshoot Control Hub issues. For example, if Control Hub becomes inaccessible, the Admin tool remains running. You can still log into the Admin tool to troubleshoot the Control Hub issues.

Step 1. Install the System Data Collector (Optional)

Optionally, install and configure a Data Collector that functions as the system Data Collector for Control Hub Pipeline Designer. For more information about how Pipeline Designer uses the system Data Collector, see System Data Collector.

Note: You can use an existing Data Collector installation as long as the Data Collector has not been registered with Control Hub, meets all requirements, and is configured as described below.

Requirements

The system Data Collector must meet all of the following requirements:

Version
StreamSets recommends using the latest version of Data Collector.

The minimum supported Data Collector version is 3.0.0.0. To design pipeline fragments, the minimum supported Data Collector version is 3.2.0.0.

Installation type
Use any of the supported installation methods for the system Data Collector - including a tarball, RPM, Cloudera Manager, or Docker installation.
For a tarball or RPM installation, we recommend installing the core version, and then installing the additional stage libraries required by your data engineers.

For a Cloudera Manager installation that has added multiple Data Collector role instances to the StreamSets service, you must configure the system Data Collector instance separately from any Data Collector instances that you intend to register with Control Hub. As such, modify the configuration properties for the system Data Collector instance to override the StreamSets service configuration.

Installation location
In a development environment, you can install the system Data Collector on the same machine as the Control Hub instance as long as the machine has enough resources.

For best performance in a production environment, we recommend installing on a remote machine within the same internal network as the Control Hub instance. The Control Hub instance must be able to access the system Data Collector URL.

Authentication
Configure the system Data Collector to use the default file-based authentication and the form authentication type. By default, a new installation uses filed-based authentication with the form type. If you choose to use an existing Data Collector, verify that the http.authentication property is set to form in the $SDC_CONF/sdc.properties file.
Note: The system Data Collector uses encrypted REST APIs to communicate with Control Hub. As a result, you do not need to configure the system Data Collector to use the HTTPS protocol or to use SSL certificates to secure the communication.

Installing and Configuring the System Data Collector

  1. Install the required version of Data Collector.

    For installation instructions, see Installation in the Data Collector documentation.

  2. Configure a single Data Collector user account with the admin or creator role.

    The system Data Collector uses Data Collector authentication - unlike registered Data Collectors that use Control Hub authentication. Users do not directly log in to the system Data Collector. However, a single user account is required so that Control Hub can make requests to the system Data Collector.

    You can use the default admin account. However, be sure to change the default password for the account.

    For instructions on configuring users for file-based authentication, see Configure Users, Groups, and Roles in the Data Collector documentation.

  3. Start Data Collector.
    Important: Do not register the system Data Collector with Control Hub.

Step 2. Set Up Time Synchronization

When you install the databases and Control Hub on separate machines, you must set up time synchronization using Network Time Protocol (NTP).

NTP synchronizes all participating machines to within a few milliseconds of Coordinated Universal Time (UTC). To use NTP, install and set up an NTP server as described in your operating system documentation.

If you do not set up time synchronization, Control Hub might stop processing tasks due to out of order timestamps among the machines.

Step 3. Install from the Tarball or RPM Package

You can install Control Hub from the tarball and start it manually. Or, you can install Control Hub from the tarball or RPM package and run it as a service.

Install the tarball or RPM package on a machine that meets the installation requirements.

Tarball for a Manual Start

You can install the Control Hub tarball and start it manually on all supported operating systems.

When you start Control Hub manually from the command line, Control Hub runs as the system user account logged into the command prompt when you run the start command. You can alternatively impersonate another user account when you run the command.

  1. Download the tarball from the Control Hub on-premises email that you received from StreamSets.
  2. Use the following command to extract the tarball:
    tar xzvf streamsets-dpm-<version>.tar.gz
    For example, to extract version 3.16.0, use the following command:
    tar xzvf streamsets-dpm-3.16.0.tar.gz

Tarball for a Service Start for SysV Init Systems

You can install the Control Hub tarball and start it as a service for supported operating systems that use the SysV init system - including CentOS 6.x, Oracle Linux 6.x, Red Hat Enterprise Linux 6.x, or Ubuntu 14.04.

Installing Control Hub as a service requires sudo privileges on the root directory.

Note: When you run Control Hub as a service, Control Hub runs as a system user account and group. The default system user and group are named dpm. This procedure walks through setting the default Control Hub directories and the default system user and group used to start Control Hub as a service. Before you install, you can alternatively use the $DPM_HOME/libexec/dpmd-env.sh file to modify the environment variables that define the directories and the system user and group.
  1. Download the tarball from the Control Hub on-premises email that you received from StreamSets.
  2. Use the following command to extract the tarball to the desired location, typically /opt/streamsets-dpm:
    tar xzvf streamsets-dpm-<version>.tar.gz
    For example, to extract version 3.16.0, use the following command:
    tar xzvf streamsets-dpm-3.16.0.tar.gz
  3. Create a system user and group named dpm.
    For example, use the following command to create a system user and group with the next available group ID and user ID:
    groupadd -r dpm && useradd -r -d <installation dir> -g dpm -s /sbin/nologin dpm

    If you’re installing Control Hub on multiple machines for high availability, we recommend explicitly specifying a group ID and user ID to ensure that the IDs are consistent across the machines. Use the -g and -u flags respectively to specify the ID.

  4. Use the following command from the directory where you extracted the tarball to copy initd/_dpminitd_prototype to the /etc/init.d directory:
    cp initd/_dpminitd_prototype  /etc/init.d/dpm
  5. Use the following command to change ownership of the /etc/init.d/dpm file to dpm:
    chown dpm:dpm /etc/init.d/dpm
  6. Edit the /etc/init.d/dpm file and set the DPM_DIST and DPM_HOME environment variables to the location where you extracted the tarball.
  7. Use the following command to make the dpm file executable:
    chmod 755 /etc/init.d/dpm
  8. Use the following command to create the Control Hub configuration directory at /etc/dpm:
    mkdir /etc/dpm
  9. Use the following command from the directory where you extracted the tarball to copy all files from etc into the Control Hub configuration directory that you just created:
    cp -R etc/* /etc/dpm
  10. Use the following command to change the owner of the /etc/dpm directory and all files in the directory to dpm:dpm:
    chown -R dpm:dpm /etc/dpm 
  11. Use the following commands to create the Control Hub log directory at /var/log/dpm and change the owner to dpm:dpm:
    mkdir /var/log/dpm
    chown dpm:dpm /var/log/dpm

Tarball for a Service Start for Systemd Init Systems

You can install the Control Hub tarball and start it as a service for supported operating systems that use the systemd init system - including CentOS 7.x, Oracle Linux 7.x, or Red Hat Enterprise Linux 7.x.

Installing Control Hub as a service requires sudo privileges on the root directory.

Note: When you run Control Hub as a service, Control Hub runs as a system user account and group. The default system user and group are named dpm. This procedure walks through setting the default Control Hub directories and the default system user and group used to start Control Hub as a service. Before you install, you can alternatively use the $DPM_HOME/systemd/dpm.service file to modify the environment variables that define the directories and the system user and group.
  1. Download the tarball from the Control Hub on-premises email that you received from StreamSets.
  2. Use the following command to extract the tarball to the desired location, typically /opt/streamsets-dpm:
    tar xzvf streamsets-dpm-<version>.tar.gz
    For example, to extract version 3.16.0, use the following command:
    tar xzvf streamsets-dpm-3.16.0.tar.gz
  3. Use the following command from the directory where you extracted the tarball to copy systemd/dpm.service to the /etc/systemd/system directory:
    cp systemd/dpm.service /etc/systemd/system/dpm.service
  4. If you did not extract the tarball to the default directory /opt/streamsets-dpm, override the /etc/systemd/system/dpm.service file to modify the DPM_HOME and ExecStart values.

    Override the default values in the dpm.service file using the same procedure that you use to override unit configuration files on a systemd init system. For an example, see "Example 2. Overriding vendor settings" in this systemd.unit manpage.

  5. Use the following command from the directory where you extracted the tarball to copy systemd/dpm.socket to the /usr/lib/systemd/system or /etc/systemd/system directory:
    cp systemd/dpm.socket /etc/systemd/system/dpm.socket
  6. Optionally, edit the /etc/systemd/system/dpm.socket file to modify the Control Hub port number. The port must match the one defined in dpm.properties. Default is 18631.
  7. Create a system user and group named dpm.
    For example, use the following command to create a system user and group with the next available group ID and user ID:
    groupadd -r dpm && useradd -r -d <installation dir> -g dpm -s /sbin/nologin dpm

    If you’re installing Control Hub on multiple machines for high availability, we recommend explicitly specifying a group ID and user ID to ensure that the IDs are consistent across the machines. Use the -g and -u flags respectively to specify the ID.

  8. Use the following command to reload the systemd manager configuration:
    systemctl daemon-reload
  9. Use the following command to create the Control Hub configuration directory at /etc/dpm:
    mkdir /etc/dpm
  10. Use the following command from the directory where you extracted the tarball to copy all files from etc into the Control Hub configuration directory that you just created:
    cp -R etc/* /etc/dpm
  11. Use the following command to change the owner of the /etc/dpm directory and all files in the directory to dpm:dpm:
    chown -R dpm:dpm /etc/dpm 
  12. Use the following commands to create the Control Hub log directory at /var/log/dpm and change the owner to dpm:dpm:
    mkdir /var/log/dpm
    chown dpm:dpm /var/log/dpm

RPM Package for a Service Start

You can install the Control Hub RPM package on all supported versions of CentOS, Oracle Linux, or Red Hat Enterprise Linux.

When you install from the RPM package, Control Hub runs as a service using the default system user account and group named dpm.

If a dpm user and a dpm group do not exist on the machine, the installation creates the user and group for you and assigns them the next available user ID and group ID.

Tip: To use specific IDs for the dpm user and group, create the user and group before installation to specify the IDs that you want to use. For example, if you’re installing Control Hub on multiple machines for high availability, create the system user and group before installation to ensure that the user ID and group ID are consistent across the machines.

Installing Control Hub as a service requires sudo privileges on the root directory.

  1. Download the RPM package for your operating system from the Control Hub on-premises email that you received from StreamSets:
    • For CentOS 6.x, Oracle Linux 6.x, or Red Hat Enterprise Linux 6.x, download the RPM EL6 package.
    • For CentOS 7.x, Oracle Linux 7.x, or Red Hat Enterprise Linux 7.x, download the RPM EL7 package.
  2. Use the following command to install the RPM package:
    yum localinstall streamsets-dpm-3.16.0-1.x86_64.rpm

Step 4. Download the JDBC Driver

Control Hub requires a JDBC driver to connect to the relational database.

  1. Download the JDBC driver for the relational database that you are using:
  2. Copy the driver to the following directory:

    $DPM_HOME/extra-lib

    For example, copy the driver to the following directory in an RPM installation:

    /opt/streamsets-dpm/extra-lib

Step 5. Set Environment Variables

Before you run the Control Hub installation scripts, you must set the DPM_HOME and DPM_CONF environment variables on the command line.

  1. Use the following command to set the DPM_HOME environment variable:
    export DPM_HOME=<home directory>

    For example, for a tarball installation use:

    export DPM_HOME=/dpm/streamsets-dpm-3.16.0

    For an RPM installation use:

    export DPM_HOME=/opt/streamsets-dpm 
  2. Use the following command to set the DPM_CONF environment variable:
    export DPM_CONF=<configuration directory>

    For example, for a tarball installation use:

    export DPM_CONF=/dpm/streamsets-dpm-3.16.0/etc

    For an RPM installation use:

    export DPM_CONF=/etc/dpm

Step 6. Set Up Control Hub

Run the Control Hub setup script to configure Control Hub properties, database connection details, and system Data Collector properties. The setup script uses the dialog command line utility to display the configuration properties using dialog boxes.
Important: The script writes all property values to the Control Hub configuration files. Instead of entering sensitive data such as passwords in clear text in the setup script, you can protect the sensitive data by storing the data in an external location and then using functions to retrieve the data.
  1. Install the dialog command line utility.
    For CentOS, Oracle Linux, or Red Hat Enterprise Linux, use the following command:
    yum install dialog
    For Ubuntu, use the following commands:
    apt-get update
    apt-get install dialog
  2. If using PuTTY as the SSH client to install Control Hub on a remote machine, configure PuTTY to use linux as the terminal emulation mode.

    By default, PuTTY uses xterm emulation which does not correctly display the dialog command line utility.

    In the PuTTY Configuration dialog box, click Connection > Data and then set Terminal-type string to linux.

  3. Use the following command to run the Control Hub setup script from the $DPM_HOME directory:
    dev/setup.sh

When you run the script for the first time, configure all of the properties. If necessary, you can run the script again to change a few properties, navigating to the appropriate configuration group.

See the sections below for a description of each property.

Navigation Tips

The Control Hub setup script contains multiple configuration groups that you navigate through to configure the required properties. The initial dialog box displays the configuration groups:

Use the arrow keys, the numbers assigned to each section, and the OK, Cancel, and Back options to navigate through the dialog boxes. Type a number to jump to that section rather using arrow keys to cycle through each section.

In dialog boxes that offer a selection of two options, use the space bar to select another option. Let's look at the Mail Transport Protocol dialog box:

In this example, the SMTP protocol is currently set, as displayed by the asterisk (*) next to the option. To change to the SMTPS protocol, press the down arrow or the number 2 to highlight SMTPS. Then press the space bar to switch the selection - the screen displays the asterisk next to the SMTPS option. Then press Enter with the OK option highlighted to save your selection.

Control Hub Configuration

The Control Hub configuration group includes the following properties:
Control Hub Configuration Property Description
Control Hub Base URL URL to access Control Hub based on your installation type:
  • Single installation - Base URL to access Control Hub. For the HTTP protocol, use the following format for the base URL: http://<host name>:<port number>

    For example: http://sch.acme.com:18631

    StreamSets recommends using the HTTP protocol for your initial installation. Then after you log into Control Hub to verify that the installation succeeded, you can enable Control Hub to use HTTPS. StreamSets recommends using HTTPS in a production environment.

    Note: 18631 is the default port number for the HTTP protocol. If you change the default port of 18631, then you must modify the http.port property in the $DPM_CONF/dpm.properties file to use the same port number. In addition, for an installation started as a service on operating systems that use the systemd init system, you also must edit the /etc/systemd/system/dpm.socket file to use the same port number.
  • Multiple installations for high availability - Load balancer URL.

    In a production environment, StreamSets recommends using multiple Control Hub instances and a load balancer to ensure that Control Hub is highly available.

Admin Tool 'admin' Password For the Control Hub Admin tool, enter a password for the default "admin" user account. To protect the password, store the password in an external location and then use a function to retrieve the password.
Mail Transport Protocol Protocol to use for the SMTP account used for emails. Use the space bar to select SMTP or SMTPS - the asterisk (*) shows your selection - and then press Enter with the OK option highlighted.
Default is SMTP.
Note: In a development environment, you can choose not to use an SMTP server and instead configure Control Hub to use the user ID for each user’s initial password.
Mail Server Host Host name of the mail server.
Mail Server Port Port number of the mail server.
Mail 'From' Address Email address to use to send email.
Mail Server Authentication Whether the mail server host uses authentication. Use the space bar to select enabled or disabled - the asterisk (*) shows your selection - and then press Enter with the OK option highlighted.

Default is disabled.

Mail Server Username If the mail server host uses authentication, user name for the email account to send email.
Mail Server Password If the mail server host uses authentication, password for the email account. To protect the password, store the password in an external location and then use a function to retrieve the password.

Relational Database Configuration

The Relational Database configuration group includes the connection details for the databases created for each application in MariaDB, MySQL, or PostgreSQL.

Select each application, and then enter the following database connection details:

Relational Database Property Description
Driver Class Name of the JDBC driver class used by the relational database.
  • For MariaDB or MySQL, enter:
    com.mysql.jdbc.Driver
  • For PostgreSQL, enter:
    org.postgresql.Driver
JDBC Connection String Connection string to use to connect to the database.
  • For MariaDB or MySQL, use the following format:
    jdbc:mysql://<host name>:<port>/<database name>
    For example:
    jdbc:mysql://sch.acme.dbs.com:3306/security
  • For PostgreSQL, use the following format:
    jdbc:postgresql://<host name>:<port>/<database name>
    For example:
    jdbc:postgresql://sch.acme.dbs.com:5432/security
Username User name for the JDBC connection.

The user account must have all privileges on the database.

Password Password for the user account. To protect the password, store the password in an external location and then use a function to retrieve the password.

System Data Collector Configuration

The System Data Collector configuration group includes the following properties for the system Data Collector. You can skip these properties if you did not install the system Data Collector.
System Data Collector Property Description
System Data Collector URL URL of the system Data Collector.
System Data Collector Username Data Collector user account with the admin or creator role. The system Data Collector uses Data Collector authentication unlike registered Data Collectors, which use Control Hub authentication.

Default is admin.

System Data Collector Password Password for the Data Collector user account. To protect the password, store the password in an external location and then use a function to retrieve the password.

Default is admin.

Time Series Database Configuration

The Time Series Database configuration group includes the following properties for the databases created in InfluxDB:
Time Series Database Property Description
Metrics Database URL Metrics database URL using the following format:
http://<host name>:<port number>
For example:
http://sch.acme.dbs.com:8086
Metrics Database Name Name of the Metrics database.

For example, sch.

Metrics Database Username User name for the database.

The user account must have all privileges on the database.

Metrics Database Password Password for the database user account. To protect the password, store the password in an external location and then use a function to retrieve the password.
Application Metrics Database URL Application Metrics database URL using the following format:
http://<host name>:<port number>
For example:
http://sch.acme.dbs.com:8086
Application Metrics Database Name Name of the Application Metrics database.

For example, sch_app.

Application Metrics Database Username User name for the database.

The user account must have all privileges on the database.

Application Metrics Database Password Password for the database user account. To protect the password, store the password in an external location and then use a function to retrieve the password.

Step 7. Enable PostgreSQL for the Scheduler Application

If using PostgreSQL for the relational database, configure the Scheduler application to use the driver delegate class for PostgreSQL.
Note: If using MariaDB or MySQL for the relational database, skip this step.
Uncomment the following line in the $DPM_CONF/scheduler-app.properties file:
org.quartz.jobStore.driverDelegateClass = org.quartz.impl.jdbcjobstore.PostgreSQLDelegate

Step 8. Build Schemas in the Relational Database

Run the Control Hub database initialization script to create the required tables for each database in the relational database. Then, run a command to add the required indexes to the LATEST_METRICS table in the Time Series database.

  1. Use the following command to run the database initialization script from the $DPM_HOME directory:
    dev/01-initdb.sh
  2. Use the appropriate MariaDB, MySQL, or PostgreSQL command to verify that tables were created for each database.
  3. Run the following command based on the database type to add the required indexes to the LATEST_METRICS table in the Time Series database:
    • MariaDB or MySQL
      Connect to MariaDB or MySQL as a user who can modify databases. Run the following command where <database_name> is the name of the Time Series database:
      alter table <database_name>.LATEST_METRICS add index comp_idx (JOB_ID, LAST_UPDATED_TIME);
      For example, if the database is named timeseries, run the following command:
      alter table timeseries.LATEST_METRICS add index comp_idx (JOB_ID, LAST_UPDATED_TIME);
    • PostgreSQL
      Connect to PostgreSQL as a user who can modify databases. Run the following PostgreSQL command where <database_name> is the name of the Time Series database:
      create index comp_idx on <database_name>.LATEST_METRICS (JOB_ID, LAST_UPDATED_TIME);
      For example, if the database is named timeseries, run the following command:
      create index comp_idx on timeseries.LATEST_METRICS (JOB_ID, LAST_UPDATED_TIME);

Step 9. Generate Authentication Tokens for Applications

Run the security script to generate a unique authentication token for each Control Hub application.

Control Hub uses authentication tokens to authenticate each message or request sent by an application. The application includes the authentication token when it issues authenticated messages or requests to other applications.

Use the following command to run the security script from the $DPM_HOME directory:
dev/02-initsecurity.sh

Step 10. Activate the Control Hub License

Each Control Hub system requires an active license before you can start Control Hub.

Note: Each license is activated for a specific Control Hub system ID. If you install multiple Control Hub instances for a highly available system, you only need to activate the license once.
  1. Retrieve the Control Hub system ID by running the following command from the $DPM_HOME directory:
    bin/streamsets dpmcli security systemId -c

    The command returns the system ID and temporarily activates the Control Hub license for seven days. This way, you can start and log in to Control Hub while you wait for your permanent activation key from StreamSets.

  2. Open a StreamSets support ticket or contact your StreamSets sales representative to request the permanent activation key for your Control Hub system ID.
  3. After you receive the activation key, run the following command from the $DPM_HOME directory to activate the license:
    bin/streamsets dpmcli security activationKey -i activationKey.txt

Step 11. Start Control Hub

Start Control Hub from the command prompt, using the required command for your installation type.

Tarball Installation for a Manual Start

When you install Control Hub from the tarball for a manual start, you start Control Hub manually from the command line. Control Hub runs as the system user account logged into the command prompt when you run the start command. You can alternatively impersonate another user account when you run the command.

Use the following command from the $DPM_HOME directory to start Control Hub so that it runs as the system user account logged into the command prompt:
bin/streamsets dpm
Or, use the following command to start Control Hub and run it in the background:
nohup bin/streamsets dpm &
Use the following command to start Control Hub so that it runs as another system user account:
sudo -u <user> bin/streamsets dpm

Tarball or RPM Installation for a Service Start

When you run Control Hub as a service, Control Hub runs as the system user account and group defined in environment variables. The default system user and group are named dpm.

Use the required command for your operating system to start Control Hub as a service:
  • For CentOS 6.x, Oracle Linux 6.x, Red Hat Enterprise Linux 6.x, or Ubuntu 14.04, use:
    service dpm start
  • For CentOS 7.x, Oracle Linux 7.x, or Red Hat Enterprise Linux 7.x, use:
    systemctl start dpm

Step 12. Log Into Control Hub

After launching Control Hub, log in to Control Hub using the default system administrator account.

  1. Enter the Control Hub base URL in the address bar of your browser.
    You defined the base URL when you ran the Control Hub setup script. After you start Control Hub, the first URL listed in the command output is the base URL:
    http://<host name>:18631

    The second URL listed in the command output is the URL to the Control Hub Admin tool, which you can use to monitor and troubleshoot Control Hub issues. No need to log into that tool now, we'll explore it in more detail in Control Hub Admin tool.

  2. Use the following credentials to log in as the default system administrator: admin@admin / admin@admin.
    Control Hub displays the default dashboard:

    The system administrator is a user account that belongs to the system organization. The system administrator can complete tasks across all Control Hub organizations.

  3. Immediately after logging in as the system administrator, change the default password for the account to ensure the integrity of your data.
    1. In the Navigation panel, click Administration > My Account.
    2. Click Update Password.
    3. Enter the current and new password, and then click Save.

Step 13. Create a Backup System Administrator

Log into Control Hub and create a backup system administrator for the system organization - in case you lose the password for the default system administrator.

  1. Log into Control Hub as the system administrator, using the admin@admin user account and the Control Hub password for that account.
    Note: If you enabled LDAP authentication, the admin@admin system administrator is still authenticated by Control Hub using Control Hub credentials.
  2. In the Navigation panel, click Administration > Users.
  3. Click the Add New User icon: .
  4. Enter a user ID in the following format: <ID>@admin.
    Note: When you create a user, you can only the create the user for the organization that you are currently logged into - the "admin" organization in this case.
  5. Enter a display name.
  6. If you did not enable LDAP authentication, enter an email address.
    When LDAP authentication is enabled, Control Hub retrieves a user's email address from the LDAP provider.
  7. If you enabled LDAP authentication, enter the name of the LDAP user account to map to this backup system administrator in the LDAP User Name property.
  8. Clear all of the default roles, and then select the following roles:
    • Organization User
    • System Administrator
  9. Click Save.
    Control Hub sends an email to the specified email address so that you can change the password for this backup system administrator account.

Step 14. Create Organizations

An organization is a secure space provided to a set of Control Hub users. All Data Collectors, pipelines, jobs, topologies, and other objects added by any user in the organization belong to that organization. A user logs in to Control Hub as a member of an organization and can access data that belongs to that organization only.

When you create an organization, you create an organization administrator that can perform administrative tasks for that organization only.

Control Hub includes a system organization with an ID of "admin" that includes the default system administrator user account. The system administrator can complete tasks across all Control Hub organizations. We recommend creating at least one backup system administrator account, as described in the previous step.

You can add additional non-admin users to the system organization. However, as a best practice, create one or more organizations for your enterprise separate from the system organization.

For example, you might create a single organization named My Company for your enterprise where you add all user accounts. When you log in to Control Hub as the system administrator, you can see both the system and the My Company organizations:

When the organization administrator for the My Company organization logs in, the organization administrator can see the My Company organization only.

You can create multiple organizations for your enterprise. For example, you might create one organization for the Northern Office and another organization for the Southern Office. Users in the Northern Office organization cannot access any data that belongs to the Southern Office organization.

For more details about the system organization and creating multiple organizations, see Organizations.

Creating Organizations

Create organizations before creating additional user accounts or registering Data Collectors. When you create an organization, you also create an organization administrator that can perform administrative tasks for that organization only.

  1. In the Navigation panel, click Administration > Organizations.
  2. Click the Add New Organization icon: .
  3. On the Add Organization window, configure the following properties:
    Organization Property Description
    Organization ID ID that uniquely identifies the organization.
    Organization Name Display name for the organization.
    Admin User ID ID that uniquely identifies the organization administrator. Use the following format:
    <ID>@<organization ID>
    Admin User Display Name Display name for the organization administrator.
    Admin User Email Address If LDAP authentication is not enabled, email address for the organization administrator.

    When LDAP authentication is enabled, Control Hub retrieves a user's email address from the LDAP provider.

    LDAP User Name If LDAP authentication is enabled, name of the LDAP user account to map to this organization administrator.
    Default User Password Expiry Time Maximum number of days that a user password is valid.

    Users in the organization must reset their password when the maximum number of days is reached.

    Valid Domains List of trusted domains that can make authentication requests to Control Hub on behalf of the organization.
    Active Enables access to Control Hub.

    When disabled, users belonging to the organization cannot log in to Control Hub or any Data Collector registered with the organization.

  4. Click Save.