Core Concepts & Architecture


dbWatch Control Center is built around a distributed and secure node-based architecture, allowing you to monitor, manage, and maintain databases across complex enterprise and cloud environments.

This page introduces the core components and roles within the platform, how they interact, and key concepts to understand before diving into advanced configuration.


Control Center Architecture Overview

The system is composed of several key node types:

Component Role Description
Control Center Server Domain CA Central node for configuration, certificate authority, and authentication security
Control Center Server Instance Hub Node for monitoring instances
dbWatch Monitor Client GUI used by DBAs and admins to configure, visualize, and control environments
CCC Nodes Script Node Lightweight nodes for automated scripting and batch operations
Cloud Router Secure Gateway Optional node to route and secure cross-domain and external connections

A Control Center server can have more than one role, and typically in smaller setup both Domain CA and Instance hub node types are assigned to the same system.

More on roles below.


What Is a Domain?

A domain is the central trust boundary in dbWatch Control Center. It defines:

Each domain is managed by a node with the Domain CA role.

You can operate with multiple domains if you require isolation (e.g. for multi-tenancy or staging/production segregation).


Key Roles and Components

Domain Certificate Authority (Domain CA)

This is the root node in a domain. It issues:

Read more in the “certificate infrastructure documentation.”


Instance Hub

The node responsible for:

This is often the same node as the Domain CA but can be separated for scale or redundancy.

See node mirroring guide:


Monitor (GUI Client)

This is the application you install and launch to interact with the domain. It allows you to:

Monitors connect over secure encrypted channels (default: port 7100/TCP).


CCC Node (Scripting Node)

This is a non-GUI node used for running automation via CLI scripts. It connects to the domain and can be tightly scoped in terms of access and visibility.

Read more in


Cloud Router

Optional node used to:

It can act as a “proxy” to centralize access while maintaining security.

Explore setup scenarios:


Node Communication and Security

Nodes talk over a layered protocol stack:

  1. TCP/IP
  2. TLS (Encrypted) – with domain certificates
  3. Internal message layer – signed and optionally encrypted
  4. Ephemeral tunnels using Elliptic Curve Diffie-Hellman

More details:


Instance Grouping and Metadata

Instances can be grouped logically using:

This enables filtered reporting, batch operations, and access control.

See how to set metadata with CCC:


Summary

dbWatch Control Center is modular and flexible, designed to fit varied infrastructure needs — from single-node local setups to cloud-hosted, multi-tenant environments.

Understanding the role of domains, nodes, certificates, and communication will help you plan and scale your deployment efficiently.


Related Topics