- 0 minutes to read

Prerequisites for the Nodinite Monitoring Service

This page describes the prerequisites for installing and running the Nodinite Monitoring Service. The Monitoring Service is a Windows Service installed as part of the Core Services package.

Nodinite Monitoring Service Checklist

The Monitoring Service is a Windows Service and is very easy to install on a single box machine where you may have virtually no administration at all to get everything working. On the other hand, in a locked down distributed environment spanning multiple servers with network load balancing, firewalls, network zones (WLAN's), domains, DNS, group policies, anti virus/antimalware you may end up spending a lot of hours to get every piece of the puzzle in place.

Verified Topic
SMTP - Monitoring Service must be allowed to send emails
MSDTC
Windows rights
Database rights
Firewall

Use the checklist above to verify that you have performed all steps required to get Nodinite flying (most probably already managed when you performed similar tasks for the Configuration Database).


SMTP Settings

Alerts are sent using Alarm Plugins and it is very common to use any of the Nodinite e-mail plugins.

The Nodinite Monitoring Service must be allowed to send emails and this is often governed by your organizations policies.

Microsoft Distributed Transaction Coordinator (DTC)

The Monitoring Service is involved in SQL Server related operations and Nodinite uses the Windows Service Microsoft Distributed Transaction Coordinator (DTC) that is responsible for coordinating transactions that span multiple resource managers. We have written a dedicated tutorial for Nodinite with our best practices for how to install and configure the DTC Windows Service.

You must configure the DTC as documented otherwise Nodinite will not be able to function

What Windows rights does the Monitoring Service require?

The Monitoring Service is a Windows Service and requires privileges as described in the 'Windows Service Account' page.

  • The Windows identity must have SQL rights, see next paragraph
  • This service should always be running
  • This service should not be clustered, contact our support if you need technical assistance
  • DCOM Local Activation Permission

What SQL Rights does the Monitoring Service require?

The Windows domain account being used for the Monitoring Service must have the following SQL rights assigned (least privileges):

Master

The grants depend on the type of SQL Server instance:

>= SQL Server 2016 < SQL Server 2016
db_owner db_datareader

Grant VIEW SERVER STATE rights.

GRANT VIEW SERVER STATE TO [Domain\user]

Replace [Domain\user] with the Windows account being used for the Monitoring Service.

If applicable, repeat the grant on all nodes part of an AOAG environment.

Nodinite Databases

All databases on all SQL Instance(s) - Where Configuration Database and Log Databases databases are located:

  • public - Rights to logon to instances and databases
  • db_ddladmin - see note below

Important

db_ddladmin is required for the service account to have proper rights to read statistics. Without this permission, performance may be degraded, especially true for remote servers (linked servers). Read more here. Contact our support if you have any questions about this.

All Nodinite specific databases

  • Configuration Database
    • db_datareader
    • db_datawriter
    • db_ddladmin
    • Grant Execute rights on all existing and future stored procedures:
GRANT EXECUTE TO [Domain\user]

Replace [Domain\user] with the Windows account being used for the Monitoring Service

  • NodiniteLog_* (can be multiple )
    • db_datareader
    • db_datawriter
    • db_ddladmin

What Firewall settings are required for the Monitoring Service?

The Monitoring Service requires both inbound and outbound ports to be opened. Since Nodinite is highly configurable, the actual ports in use may differ from what's being exampled here.

  1. TCP Ports between Monitoring Service and Monitoring Agents The following ports must be allowed on the Windows server where the agent is installed and running:
Port Name Inbound Outbound TCP UDP Comment
53 DNS The Agent needs to know where your other servers/services are (can sometimes optionally be solved using entries in the local hosts file)

And further with 'Option 1' or 'Option 2' as documented next:

Option 1 (Local network)

Port Name Inbound Outbound TCP UDP Comment
8000 RPC Communication is initiated by the Monitoring Service

Option 2 (Cloud/Hybrid)

Use Service Bus Relayed connections when Nodinite and the agent are on totally different networks.

Nodinite uses the same principle technique as the On-Premise data gateway, see 'Adjust communication settings for the on-premises data gateway' user guide.

The following Ports must be open for outbound communication with '*.servicebus.windows.net' from both on-premise and off-site:

Port Name Inbound Outbound TCP UDP Comment
443 HTTPS Secure outbound traffic
5671, 5672 Secure AMQP
9350 - 9354 Net.TCP
  1. TCP Ports between Monitoring Service and Web API
Port Name Inbound Outbound TCP UDP Comment
8000 RPC Communication is initiated by the Monitoring Service
  1. Monitoring Service and Alarm Plugins
  • 25 - SMTP as described in RFC 5321
  • 443 - SSL
  • 587 - SMTP-MSA as described in RFC 6409
  • 465 - SMTPS as described in RFC8314 (Not common any more)
  • Any other port your custom built Alarm Plugin may require
  1. TCP Ports between Monitoring Service and SQL Server

1. TCP Ports between Monitoring Service and Monitoring Agents

graph LR subgraph Server A ro(fal:fa-watch-fitness Monitoring Service) -->|8000|ro1(fal:fa-monitor-waveform Monitoring Agent A) ro -->|8000|ro2(fal:fa-monitor-waveform Monitoring Agent B) end subgraph Server B ro -->|8000|ro4(fal:fa-monitor-waveform Monitoring Agent A) end
graph TD subgraph On-Premise ro(fal:fa-watch-fitness Monitoring Service) end subgraph Microsoft Azure ro --> ro1(fal:fa-cloud Service Bus Relaying) end subgraph Off-Site ro3(fal:fa-monitor-waveform Monitoring Agent A) -->ro1 end id1[*.servicebus.windows.net
443 Listeners on Service Bus Relay over TCP requires 443 for Access Control token acquisition
5671-5672 Advanced Message Queuing Protocol AMQP
9350-9354 Net.TCP]

2. TCP Ports between Monitoring Service and Web API

Nodinite shows the state of the Monitoring service for Users within the Web Client. The Web Client asks the Web API which in turns queries the Monitoring Service. The Monitoring Service uses the Web API to provide all its features.

graph LR subgraph Windows Server roMonitoringService(fal:fa-watch-fitness Monitoring Service) end subgraph Web Server roWebAPI(fal:fa-cloud-sun Web API) roMonitoringService-->|8000| roWebAPI roWebAPI -->|8000| roMonitoringService end

3. Monitoring Service and Alarm Plugins

Alerts are distributed by the Monitoring Service for Monitor Views when a configuration matches a changed state of Resources. The alert is pushed to each 'Alarm Plugin'. Nodinite ships with default alarm plugins and it is possible for you to add your own Alarm Plugins. These are DLL's written in any .NET language. Templates and SDK is intended for use with C#.

graph LR subgraph Issue Tracking System roIssue(fal:fa-bug Jira API) end subgraph Mail Server roSMTP(fal:fa-envelope SMTP Service) end subgraph Windows Server roMonitoringService(fal:fa-watch-fitness Monitoring Service) roMonitoringService -->|25 or 587| roSMTP roMonitoringService --> |443| roIssue end

Important

Depending on what external services your custom built Alarm Plugin uses you may need ensure open TCP ports according to the requirements of that external service provider.

Where do I add my custom built Alarm Plugin?

You simply copy the DLL to the 'Plugins' folder of the Monitoring Service. If the DLL is being replaced then you must restart the Monitoring Service.

Important

Make sure the DLL after the copy paste operation is not blocked by Windows. Right-click on the DLL and select properties. Click the Unblock button if that option exists

  1. TCP Ports between Monitoring Service and SQL Server For performance reasons the Monitoring Service accesses the databases directly using the Windows Service Account configured.
    You must ensure that TCP ports used are allowed by your firewalls, depending on location of the SQL database the actual ports used may differ. The following Windows Services are involved:
Port Name Inbound Outbound TCP UDP Comment
53 DNS The Agent needs to know where your other servers/services are (can sometimes optionally be solved with user-defined entries in the hosts file in each Windows server instance), review the following 'Microsoft' user guide
88 Kerberos Review 'Microsoft Kerberos' user guide
135 DTC/RPC This port is shared between many Windows Services
1433/... SQL Server instance ports (multiple) Depends on policies and settings on target environment. Please review the How to configure RPC dynamic port allocation to work with firewalls user guide
graph LR subgraph SQL Server roConfigDatabase(fal:fa-database Configuration database) --- |Linked Server| roLogDatabase(fal:fa-database fal:fa-database fal:fa-database Log databases) end subgraph Application Server roMonitoringService(fal:fa-watch-fitness Monitoring Service) --- |SQL, DTC, DNS, RPC, ...| roConfigDatabase end

Frequently asked questions

Additional solutions to common problems and the Nodinite Monitoring Service FAQ exist in the Troubleshooting user guide.


Next Step

Install Monitoring Service
Install Nodinite
System Parameters
Search Fields

Manage Alarm Plugins