Basic setup
The most basic setup is where a dbWatch Server service is configured with all functions in the same node, and the client is either local or installed on a separate computer.
Example drawing:
The pictured architecture is similar to the design and setup of an environment using dbWatch 12 and should be a drop-in replacement. Multiple clients can connect, suitable for configurations where databases are in a single security zone and network connections are uncomplicated.
Multiple dbWatch security domains with shared connection hub
The pictured architecture is a setup where multiple setups, like the basic setup, are, combined with a shared connection hub, called a cloud router, to give clients one common connection point to reach all environments. The initial connection direction is reversed, so the dbWatch Servers connect outbound from their network to the cloud router. No firewall opening is needed to allow communication to the dbWatch Server. This setup is intended for service providers that service many smaller customers or a company with separate data centers or security zones.
Example drawing:
Multiple monitoring servers in the same security domain
Suppose the environment consists of more than 250 database instances, or you want load balancing between dbWatch Servers monitoring database instances (Instance hubs). In that case, you might want to separate the instance hub node into multiple dbWatch Server installations. This setup requires the domain CA node role. This node controls the security and configuration of the security domain to be separate from the instance hubs, the systems that monitor database instances. You can add more instance hubs to this setup when you require additional capacity. A cloud router can facilitate a common connection point but is not needed, as any dbWatch server in a security domain configured for incoming connections can serve as a connection point.
Example drawing:
Multiple security zones without direct connection or behind firewalls
In a scenario where no direct connection is allowed between the dbWatch domain CA node and any of the Instance Hubs, a dbWatch Cloud Router can provide a secure connection point. It could be in a case where a Managed Service Provider wants to monitor several customer locations in the same setup, without a VPN and without opening ports in the customer firewall due to the increased attack vector this creates. A dbWatch Cloud Router is a specialized hardened dbWatch Server, more info on this here
Example drawing:
Custom configurations
dbWatch Control Center is designed to work in all network and security setups we have seen in our customer environments, so the configuration possibilities are extensive. dbWatch Server node roles can be separated or combined. Connections can be one or two ways, in any direction on a port of choice. Security domains can be used to separate customers and security zones.
Post your comment on this topic.