Network and communications
Default ports and protocol
dbWatch Control Center uses by default port 7100/tcp for client to node and node to node connections. This can be configured to a different port. On each node there is a node.connections file that both lists what ports the dbWatch Server node listens to, and what nodes it has a preconfigured connection to.
Example node.connections file on a dbWatch Server node:
{
"listenTo":[
"dbw://localhost:7100"
]
}
Example node.connections file on a dbWatch client node:
{
"versionCutoff":"",
"connectTo":[
"dbw://localhost:7100"
]
}
Any node can have a combination of listenTo and connectTo statements, and also a comma seperated list of hosts and ports. This can be used to form static connection from a server to another. In one scenario from an instance hub node to a cloud router node outside a firewall. This provides access without an inbound firewall opening, and only allows for the encrypted dbWatch traffic. As audit can be enabled in the system, this setup can provide better security than open port or direct jdbc connections.
Mesh communications
dbWatch Server nodes form a mesh network when connected and authenticated by a dbWatch domain CA node and accepted into the domain. The mesh network uses end to end encryption and provides routing to allow dbWatch traffic multiple paths to reach the target node.
Domain security and the CA system
The domain security model used in dbWatch is a method of creating a security bubble that encompasses the dbWatch Client and the dbWatch Server nodes that constitutes the dbWatch environment in a customer location. The dbWatch Server with the domain ca node responsibilities will create new certificates for the domain members, on average every 10 minutes. The certificates are short lived, and is only used internally in dbWatch to provide packet signing and encryption.
Post your comment on this topic.