Core Concepts & Architecture
dbWatch Control Center is built around a distributed and secure node-based architecture, allowing you to monitor, manage, and maintain databases across complex enterprise and cloud environments.
This page introduces the core components and roles within the platform, how they interact, and key concepts to understand before diving into advanced configuration.
Control Center Architecture Overview
The system is composed of several key node types:
| Component | Role | Description |
|---|---|---|
| Control Center Server | Domain CA | Central node for configuration, certificate authority, and authentication security |
| Control Center Server | Instance Hub | Node for monitoring instances |
| dbWatch Monitor | Client | GUI used by DBAs and admins to configure, visualize, and control environments |
| CCC Nodes | Script Node | Lightweight nodes for automated scripting and batch operations |
| Cloud Router | Secure Gateway | Optional node to route and secure cross-domain and external connections |
A Control Center server can have more than one role, and typically in smaller setup both Domain CA and Instance hub node types are assigned to the same system.
More on roles below.
What Is a Domain?
A domain is the central trust boundary in dbWatch Control Center. It defines:
- A set of nodes that share authentication via certificates
- A shared configuration and privileges namespace
- Encrypted communication rules
Each domain is managed by a node with the Domain CA role.
You can operate with multiple domains if you require isolation (e.g. for multi-tenancy or staging/production segregation).
Key Roles and Components
Domain Certificate Authority (Domain CA)
This is the root node in a domain. It issues:
- Identity certificates for users and nodes
- Configuration certificates
- Signature certificates for job templates and metadata
Read more in the “certificate infrastructure documentation.”
Instance Hub
The node responsible for:
- Connecting to database instances
- Executing jobs (maintenance, monitoring, etc.)
- Collecting metrics and reports
This is often the same node as the Domain CA but can be separated for scale or redundancy.
Monitor (GUI Client)
This is the application you install and launch to interact with the domain. It allows you to:
- View instance health and performance
- Configure jobs and alerts
- Set up domains and nodes
Monitors connect over secure encrypted channels (default: port 7100/TCP).
CCC Node (Scripting Node)
This is a non-GUI node used for running automation via CLI scripts. It connects to the domain and can be tightly scoped in terms of access and visibility.
Cloud Router
Optional node used to:
- Connect distributed domains, nodes, or CCC scripts across network boundaries
- Provide secure routing between datacenters, environments, or cloud sites
It can act as a “proxy” to centralize access while maintaining security.
Node Communication and Security
Nodes talk over a layered protocol stack:
- TCP/IP
- TLS (Encrypted) – with domain certificates
- Internal message layer – signed and optionally encrypted
- Ephemeral tunnels using Elliptic Curve Diffie-Hellman
Instance Grouping and Metadata
Instances can be grouped logically using:
- Tags (environment, team, location)
- Instance groups in the GUI
- Metadata via CCC or GUI
This enables filtered reporting, batch operations, and access control.
See how to set metadata with CCC:
Summary
dbWatch Control Center is modular and flexible, designed to fit varied infrastructure needs — from single-node local setups to cloud-hosted, multi-tenant environments.
Understanding the role of domains, nodes, certificates, and communication will help you plan and scale your deployment efficiently.