Accessing SQL Monitor through a firewall

ztunerztuner Posts: 31
edited August 1, 2011 5:53AM in SQL Monitor Previous Versions
As most of the SQL Monitor users are DBAs, we do not see much point to monitor any other services apart from SQL Server. We use other tools to monitor other services and server availability. Using only SQL logins account between domains to monitor only SQL Server through a firewall would make a DBA life much easier as most of us work in very secure environment where only connection to SQL Servers is available between domains and all other ports are closed. Do not take me wrong but this is the biggest overlook as a company with 6 domains requires 6 different machines to monitor SQL server on 6 domains if they want an easy and quick setup to monitor SQL Servers with SQL Monitor 2 without changing firewall policies.

Comments

  • Hi,

    Firstly apologies for the delay in reply.

    I appreciate you taking the time to describe the problems you’re having and I completely understand the issue with setting up SQL Monitor to monitor the SQL Server behind the firewall.

    We’re currently in the planning process for V 3.0 release. We are thinking of various possible solutions for the scenario you have described. Without going into much detail, I can assure you that this issue is our top priority and would most probably get fixed as part of V 3 release.

    Thanks and regards,
    Priya
    Priya Sinha
    Project Manager
    Red Gate Software
  • Thanks Priyasinha,

    That's great news. When can we expect V 3.0 release? We have already bought SQL monitor licences but for that reason we are also considering another SQL Monitoring product.

    Regards
  • Hi,

    Thanks for your post.

    We are planning to release V 2.3 in May. V 3.0 is planned for Q4 2011.

    SQL Monitor uses various different data collection methods which includes ping, remote registry, remote file access, WMI and SQL. The reason for these selection was to optimize performance. For each data, we evaluated all these methods and chose the best. Ofcourse in some cases, the information we needed was only accessible via certain method.

    But this does mean that even for monitoring SQL Server also, we need different data collection to work and not just SQL. So the solution we are thinking of is that a user can install an agent (we currently call it remote monitor) inside each domain. This will collect and pass the information to the base monitor service. You will then need to open just a port between the base and remote monitor. Please note this is still under discussion and might completely change.

    Thanks,
    Priya
    Priya Sinha
    Project Manager
    Red Gate Software
  • Thank you for your time and quick replay. Even in that case, new firewall policies will need to be created which we do not really want. Our current policy is that only SQL Server ports are open for communication from one central point. Everything else is disabled so we need really to monitor all SQL Servers from one central machine which has access to all SQL Server using only ports assigned to SQL Servers. Does it make any sense? Security is still the most important factor…

    Thanks again for help.
  • Hi,

    Thanks for your post. We will keep your scenario in mind when designing the solution.

    Regards,
    Priya
    Priya Sinha
    Project Manager
    Red Gate Software
  • Hi,

    I am not sure which component you are trying to access behind the firewall.

    Scenario 1: If there is no firewall between the instances you are monitoring, base monitor and web server. You are only trying to monitor web server from behind the firewall, then follow the steps in this article under the topic 'For XP, Vista and Windows Server 2003 and 2008' or 'For Windows 7'.

    Scenario 2: You are trying to monitor machine/ sql server from base monitor machine which is behind firewall. In this case, you would have to enable ports to allow TCP, WMI and SQL data collection. You can use the port number as listed under topic 'Allow access to TCP ports and WMI' in this article.

    Thanks,
    Priya
    Priya Sinha
    Project Manager
    Red Gate Software
Sign In or Register to comment.