Prerequisites for the Nodinite Database Monitoring Agent
This page describes the prerequisites for installing and running the Nodinite Database Monitoring Agent.
Instances of this agent can be installed on-premise using TCP/IP for local network access and/or in the cloud/off-site using Service Bus Relaying (see also the external link for additional information MicrosoftServiceBusRelayingLink).
We recommend that you keep this agent close to Nodinite Core Services. This documentation covers local network setup (usually on the Nodinite application server)
Software Requirements
The Database Monitoring Agent is a Windows Service and is usually installed on the Nodinite application server.
| Product | Version/Edition |
|---|---|
| Windows Server | Windows 2022Windows 2019Windows 2016Windows 2012 R2Windows 2012 |
| .NET Framework | .NET Framework 4.8 or later New 5.4Our recommendation is .NET Framework 4.8.1 or later |
| SQL Server | 2008 R2 and later |
| SQL Database | Azure SQL Database GA |
| PostgreSQL | Version 9 and later |
Versions 6.0 and later make use of the .NET Framework 4.8 or later.
Versions 5.4 and subsequently make use of the .NET Framework 4.6.2 or later.
Versions before 5.4 make use of the .NET Framework 4.5.2 or later.
Supported Versions
Cloud technologies are evolving fast and Microsoft deprecates older versions of their API's every now and then. Nodinite will always support the API's supported by Microsoft. This means you need to update Nodinite and our Database Monitoring Agent from time to time.
This means you need to update Nodinite and our Database Monitoring Agent from time to time.
Make sure to subscribe to our Release Notes
What Windows User Rights does the Database Monitoring agent require?
The agent is installed as a Windows Service usually on the Nodinite application server. Virtual machines are supported.
- Local named account or domain account (preferred).
- Access and run-time rights
- Follow the 'How to set logon as a Windows service right' user guide for detailed instructions.
What SQL Database User rights does the Database Monitoring agent require?
Remember, if applicable, repeat the grants on all nodes part of the monitoring.
The account in use to connect with the Microsoft SQL Server comes from information retrieved from the Connection String. There can be any number of databases monitored. Type of accounts supported:
- SQL User
- Integrated Security (The account running the Windows Service)
Least privileges (basic usage)
The least privileges required to use all monitoring features are listed below:
- Public - Account must be allowed to login(!)
Note
If you are using High Availability SQL Servers, accounts and rights must be applied on all instances since this information is not synchronized
Master Database
- DataReader
- db_ddladmin (see note)
- Grant Execute on xp_sqlagent_enum_jobs
- Grant View on any Definition
Important
db_ddladmin is required for the service account to have proper rights to read statistics. Without this permission, performance may be degraded, especially true for remote servers (linked servers). Read more here. Contact our support if you have any questions about this.
Grant Execute on xp_sqlagent_enum_jobs
Replace DOMAIN\user with your user in the example below:
USE Master
GO
GRANT EXECUTE ON xp_sqlagent_enum_jobs TO [DOMAIN\user];
GO
Example Script to grant the service account the right to read the information required to monitor SQL Server jobs.
Grant View on any Definition
To evaluate the size, the account in use must be granted 'VIEW ANY DEFINITION'.
USE Master
GO
GRANT VIEW ANY DEFINITION TO [DOMAIN\user];
GO
Example script to grant the service account the right to read the information required to monitor Database Size checks.
Grant View Server State
The agent queries the instance about some run-time information using dynamic views;This operation requires the VIEW SERVER STATE permission on the instance.
USE Master
GO
GRANT VIEW SERVER STATE TO [Domain\user]
GO
Replace [Domain\user] with the Windows account being used for the agent.
MSDB Database
- DataReader
- db_ddladmin
- SQLAgentReaderRole - Right to read jobs and history
- SQLAgentOperatorRole - Right to re-run jobs
Important
db_ddladmin is required for the service account to have proper rights to read statistics. Without this permission, performance may be degraded, especially true for remote servers (linked servers). Read more here. Contact our support if you have any questions about this.
Sample queries performed by the agent
EXEC msdb.dbo.sp_get_sqlagent_properties- 'SELECT dss.[status], dss.[status_desc]FROM sys.dm_server_services dss WHERE dss.[servicename] LIKE N'SQL Server Agent (%'`
SSISDB Database
- db_datareader - To list packages
- ssis_logreader (older versions of SQL Server) or ssis_admin (newer versions of SQL Server) - To get the execution history
All other
All other databases require: (for example when using custom Stored Procedures/AdHoc SQL commands)
- Public - Account must be allowed to login(!)
- DataReader and/or Execute Rights on the Stored Procedures/tables/Views/Objects part of your AdHoc queries
- db_ddladmin - for better performance
Important
db_ddladmin is required for the service account to have proper rights to read statistics. Without this permission, performance may be degraded, especially true for remote servers (linked servers). Read more here. Contact our support if you have any questions about this.
What Azure SQL Database User rights does the Database Monitoring agent require?
The account used to connect to the SQL Database comes from information retrieved from the Connection String. There can be any number of databases monitored. Type of accounts supported:
- SQL User
What PostgreSQL User rights does the Database Monitoring agent require?
The account used to connect to the PostgreSQL Database comes from information retrieved from the Connection String. There can be any number of databases monitored. Type of accounts supported:
- PostgreSQL User
What Firewall settings are required for the Database Monitoring agent?
The Database Monitoring Agent has both inbound and outbound TCP based communication:
- Between the Monitoring Service and the Database Monitoring Agent
- Between the Database Monitoring Agent and SQL Server instances
- Between the Database Monitoring Agent and Azure SQL Databases
- Between the Database Monitoring Agent and PostgreSQL databases
The agent can be installed On-Premise using TCP/IP and/or in the Cloud using Service Bus Relaying.
1. Between the Monitoring Service and the Database Monitoring agent
The following ports must be allowed on the Windows server where the agent is installed and running :
| Port | Name | Inbound | Outbound | TCP | UDP | Comment |
|---|---|---|---|---|---|---|
| 53 | DNS | The Agent needs to know where your other servers/services are (can sometimes optionally be solved using entries in the local hosts file) |
And further with 'Option 1' or 'Option 2' as documented next:
Option 1 (Local network)
| Port | Name | Inbound | Outbound | TCP | UDP | Comment |
|---|---|---|---|---|---|---|
| 8000 | RPC | Communication is initiated by the Monitoring Service |
Option 2 (Cloud/Hybrid)
Use Service Bus Relayed connections when Nodinite and the agent are on totally different networks.
Nodinite uses the same principle technique as the On-Premise data gateway, see 'Adjust communication settings for the on-premises data gateway' user guide.
| Port | Name | Inbound | Outbound | TCP | UDP | Comment |
|---|---|---|---|---|---|---|
| 443 | HTTPS | Secure outbound traffic | ||||
| 5671, 5672 | Secure AMQP | |||||
| 9350 - 9354 | Net.TCP |
2. Between the Database Monitoring Agent and SQL Server instances
| Port | Name | Inbound | Outbound | TCP | UDP | Comment |
|---|---|---|---|---|---|---|
| 53 | DNS | The Agent needs to know where your other servers/services are (can sometimes optionally be solved with user-defined entries in the hosts file in each Windows server instance), review the following 'Microsoft' user guide |
||||
| 88 | Kerberos | Review 'Microsoft Kerberos' user guide | ||||
| 135 | [DTC][MSDTC]/RPC | This port is shared between many Windows Services | ||||
| 1433/... | SQL Server instance ports (multiple) | Depends on policies and settings on target environment. Please review the How to configure RPC dynamic port allocation to work with firewalls user guide |
3. Between the Database Monitoring Agent and Azure SQL Databases
| Port | Name | Inbound | Outbound | TCP | UDP | Comment |
|---|---|---|---|---|---|---|
| 53 | DNS | The Agent needs to know where your other servers/services are (can sometimes optionally be solved with user-defined entries in the hosts file in each Windows server instance), review the following 'Microsoft' user guide |
||||
| 443 | HTTPS | Secure outbound traffic |
4. Between the Database Monitoring Agent and PostgreSQL databases
| Port | Name | Inbound | Outbound | TCP | UDP | Comment |
|---|---|---|---|---|---|---|
| 53 | DNS | The Agent needs to know where your other servers/services are (can sometimes optionally be solved with user-defined entries in the hosts file in each Windows server instance), review the following 'Microsoft' user guide |
||||
| 31902 | Remote connection port | Actual port depends on your configuration |
Frequently asked questions
Additional solutions to common problems and the FAQ for the Nodinite Database Monitoring Agent exist in the Troubleshooting user guide.
Next Step
Install Database Monitoring Agent
Related
Add or manage a Monitoring Agent Configuration
Monitoring
Administration