SQL Monitor 12

MSPs: providing clients with visibility into SQL Monitor

Requires SQL Monitor v12.0.6 or newer.

Overview

SQL Monitor's distributed monitoring architecture allows Managed Service Providers (MSPs) to collect and store monitoring data within each client’s separate network, while allowing that data from all clients to be combined into a single integrated web interface for consumption.

Set-up when clients don't require access to SQL Monitor

A typical environment might look like the set-up below. Each client site has a Base Monitor, which connects to any SQL Server instances and machines being monitored. Each of these Base Monitors has a SQL Server database to use as its repository, ensuring that data belonging to that client is stored within the same network. In the MSP network, the Primary Base Monitor is installed, along with a repository. This Base Monitor does not itself monitor any servers, but is used for logging in to the Web Server. The Web Server, also in the MSP network, connects to the Base Monitors at each client site over a single configurable port, and consolidates data from each client into a single user interface.

This configuration is typical of a multi-Base-Monitor set-up, and is also commonly used for monitoring environments where servers are distributed geographically, or when an organisation has servers in isolated networks where communication between them is difficult. It also serves well when security requirements demand that monitoring data must not to be stored outside a particular network. More information about setting up this kind of environment.

An MSP set-up with a single Web Server connecting to client Base Monitors

Set-up when clients require access to SQL Monitor

In some situations, it can be valuable to give clients direct visibility into the information available from SQL Monitor. Although in some cases this can be achieved by providing access to the MSP's Web Server and restricting user access only to that client's machines, this does present challenges around manageability, and leaves open the risk that a misconfiguration will accidentally grant a user from Client A visibility into servers belonging to Client B. For that reason, a different approach is preferred.

SQL Monitor allows multiple Web Servers to be connected to a single Base Monitor, as in the set-up below. This retains the MSP's unified view of all their clients' estates, while allowing each client to connect to a separate Web Server which will have access only to their own data.

An MSP set-up with multiple Web Servers allowing client's to access only their data

Configuration

To use this architecture:

  1. Firstly perform a standard single-Base-Monitor SQL Monitor installation at each client site, as well as inside the MSP network.
  2. On each client SQL Monitor installation (not the MSP network installation) add SQL Server machines to be monitored. This step can also be done later.
  3. On each client SQL Monitor web server (not the MSP network installation) ensure that licensing is disabled by creating the %ProgramData%/Red Gate/SQL Monitor/appSettings.json file on the web server with the following content (or adding the "featureFlags" section to an existing file inside the top level brackets):

    {
      "featureFlags": {
          "Licensing":"off"
       }
    }
  4. On the SQL Monitor installation in the MSP network, open %ProgramData%\Red Gate\SQL Monitor\RedGate.SqlMonitor.AuthorizedClients.config. This file contains a thumbprint identifying a Web Server installation, which determines whether a particular Web Server is permitted to connect to a Base Monitor. Copy this thumbprint.
  5. Navigate to this same file on the Base Monitor machine in Client A’s network. Add the thumbprint copied in Step 3 to this file on a new line. Save this file, then restart the monitoring service (SQL Monitor Base Monitor Service). The Base Monitor for Client A will now accept connections from its own Web Server as well as the Web Server in the MSP network. Repeat this step for each client.
  6. Open the SQL Monitor web interface in the MSP network. Navigate to Configuration > Base Monitor Connections. Add the connection details for each client's Base Monitor, retaining the MSP Base Monitor as the primary (this will not monitor any servers, but is used for authentication).
  7. On The SQL Monitor web interface in the MSP network. Navigate to Configuration > Licensing. Follow the licensing docs to associate your licenses via red-gate.com. These will be dynamically distributed to all your customer base monitors.

Important considerations

Upgrades

SQL Monitor requires that a Web Server and Base Monitor be running the same version. In effect, this means it becomes necessary for upgrades to SQL Monitor at all client sites to be performed at the same time. If SQL Monitor is upgraded in Client B’s environment, it will continue to collect data and be accessible via Client B’s separate Web Server, but the MSP network’s Web Server will not function until it, and all other client installations of SQL Monitor, have also been upgraded.

Permissions and concurrent access

When multiple users use multiple Web Servers to make changes to a single Base Monitor, the results could be unpredictable. It is therefore strongly recommended that only one Web Server is routinely used to write changes back to SQL Monitor. This includes administration tasks such as adding/removing servers, as well as day-to-day tasks like clearing alerts.

To this end, we recommend that the MSP retain administrative control over the Web Server within the client network, and issue the client with Read Only users (either through Active Directory or SQL Monitor built-in accounts). This will provide the client with complete visibility into their own estate, but without them being able to make changes which could potentially conflict with competing changes being made by the MSP.

Active Directory authentication

SQL Monitor now supports allowing multiple separate Active Directory domains to be used for logging in. See: Authenticating with Active Directory for additional details.

Licensing

The steps above allow you to centrally manage licenses for all of your customers. This means the licenses will between all customers. If this is undesirable and you'd prefer to have customer's base monitors allocated a reserved number of licenses (not share), follow these steps:

  1. On each client SQL Monitor web server (not the MSP network web server) ensure that licensing is enabled by ensuring  "featureFlags:Licensing":"off" isn't present in %ProgramData%/Red Gate/SQL Monitor/appSettings.json . (this is default behavior)
  2. On the MSP web server (if you have one) ensure that licensing is disabled by creating the %ProgramData%/Red Gate/SQL Monitor/appSettings.json file on the web server with the following content (or adding the "featureFlags" section to an existing file inside the top level brackets): 

    {
      "featureFlags": {
          "Licensing":"off"
       }
    }
  3. On each client SQL Monitor web interface. Navigate to Configuration > Licensing. Follow the licensing docs to associate your licenses via red-gate.com. These will be dynamically distributed to only that customers base monitor. Your licenses will need to be split if you wish to reserve licenses per customer, please contact support.

Installing SQL Monitor with High Availability

Monitoring servers without sysadmin permissions

Creating a user in vCenter for read-only access



Didn't find what you were looking for?