Adding servers on a different network from your base monitor
Published 08 March 2016
You can use SQL Monitor to monitor servers on a different network from your base monitor, for example those hosted on Azure or Amazon EC2.
Certain firewall requirements must be met before you can do this. If you want to monitor clusters, you also need to set up DNS.
Note: SQL Monitor does not currently support monitoring Windows Failover Clusters hosted on Azure.
Firewall requirements
The SQL Monitor base monitor needs to be able to connect to the following ports on each machine you want to monitor:
- ICMP ping
- TCP port 135, used by the Remote Procedure Call (RPC) service. Make sure the remote registry service is started on the server.
- TCP port 445, used by the Server Message Block (SMB) service that allows remote file access.
The TCP port for each SQL Server instance on the machine. The default TCP port for the default instance is 1433. Named SQL Server instances use dynamic ports by default, so you need to configure a specific TCP port for each named instance. For more information, see Configure a Server to Listen on a Specific TCP Port
- WMI. For more information, see How to configure RPC dynamic port allocation to work with firewalls
Further requirements for machines hosted in the cloud
If you want to monitor machines hosted in the cloud, you need to either:
- set up a VPN connection between the network that hosts the base monitor and the network that hosts the machines you want to monitor
or
set up corresponding inbound rules for the firewall ports listed above, using your cloud provider's management tool
For instructions on how to do this if you're using Azure or Amazon EC2, see the table below.Azure - classic deployment model - In the Azure classic portal, click Virtual Machines and select the machine you want to monitor.
- Click Endpoints. Then, at the bottom of the page, click Add.
- Specify the details required to open the ports listed above under Firewall requirements.
- For each endpoint you add, at the bottom of the page, click Manage ACL. In the Remote subnet box, enter the public IP address of the base monitor.
Azure - Resource Manager deployment model - In the Resource Manager portal, click Virtual machines and select the machine you want to monitor.
- On the Settings panel, click Network security group.
- On the Network security group panel, choose the security group associated with the machine you want to monitor, and click Add an inbound rule.
- On the Add inbound security rule panel, specify the details required to open the ports listed above under Firewall requirements. Under Source, select CIDR block, and under Source IP address range, enter the public IP address of the base monitor, followed by /32.
Amazon EC2 - On the EC2 dashboard, under Network & security, click Security Groups.
- Select a security group associated with one or more of the machines you want to monitor, and click the Inbound tab.
- Click Edit, and add a rule to open each of the ports listed above under Firewall requirements. Under Source, make sure you select Custom IP and enter the public IP address of the base monitor.
- If using Elastic IPs on the machines you want to monitor, you will need to add host entries on the machine which is running the Base Monitor for each SQL instance IP.
DNS (required for monitoring clusters)
If you want to monitor clusters on a different network from your base monitor, you need to set up DNS. This means that on the Add SQL Server screen, when you enter the name of a cluster or node, SQL Monitor can detect all the nodes on the cluster.
If you're only monitoring standalone machines, you don't need to set up DNS. Instead, on the Add SQL Server screen, enter the IP address of the machine you want to monitor.
Latency
If your base monitor is in a different region from your monitored servers (eg if it's in America and you're monitoring servers in Asia), you might experience latency. Depending on the impact of the latency, it might be useful to set up a base monitor in the same region as the servers you're monitoring.
Troubleshooting
Please see the testing data collection methods page to troubleshoot any connectivity problems you may be having.