Product Description
dbWatch Control Center is a database operations and monitoring platform designed to provide visibility, automation, and control over large-scale, multi-platform database environments. It supports database monitoring, job automation, reporting, and management across on-premises, cloud, and hybrid infrastructure.
This section provides a high-level product description with emphasis on architecture elements relevant to security design, identity and access control, encryption, and deployment architecture.
Core Architecture and Components
At the heart of any dbWatch deployment is the Control Center Server, which functions as the central management point. The Control Center Server can take on multiple roles, the most critical of which is:
- Domain Certificate Authority (Domain CA) — This role manages identity and authentication for all other dbWatch Control Center nodes (including Monitors, Web APIs, and Clients) in the domain.
For a visual overview of this architecture, see:
Additional key components include:
- Control Center Monitor Nodes — Deployed closer to the database instances, these perform scheduled jobs and monitoring locally, reducing latency and offloading work from the central node.
- Control Center Clients — GUI-based clients or scripting interfaces (e.g. CCC) used by administrators to access and manage the environment.
- Web Server — Optional component used for API-based data export, webhooks, and customized data publishing (e.g. JSON, CSV endpoints).
All components communicate over TLS-encrypted channels managed by the internal certificate infrastructure.
Supported Platforms
dbWatch Control Center is platform-agnostic and supports the following database systems:
- Oracle
- Microsoft SQL Server
- PostgreSQL
- MySQL / MariaDB
- Sybase ASE
- MongoDB
It runs on both Windows and Linux operating systems, and can manage databases hosted in local datacenters, private clouds, or public cloud environments.
Multi-Tiered Deployment
A secure dbWatch setup typically includes:
- One Domain CA node (primary Control Center server)
- One or more Monitor Nodes in secure zones or near target databases
- Distributed CCC (CLI) or GUI Clients with role-based access control
- Optional Web Server for REST-like data export (if enabled)
This design allows for segmentation, scalability, and distributed workload processing, while keeping the trust model centralized through the Domain CA.
Internal Trust Model and Authentication
All Control Center components authenticate using certificates issued by the Domain CA. When new nodes are registered to the domain, they receive a signed certificate from the CA, enabling mutual TLS authentication between nodes.
- Node identities are cryptographically validated
- No passwords are used for inter-node authentication
- Revoking a node’s certificate disables its access immediately
Administrative Access and User Roles
User access to the system is controlled by an internal role-based access control (RBAC) system. Each user is assigned a set of privileges that govern:
- Access to modules (Monitoring, Reporting, Maintenance, etc.)
- Visibility into specific database instances or groups
- Ability to execute jobs or alter configuration
For more information, see:
Secure Communication and Encryption
All communication between Control Center components is encrypted using TLS. Internally generated certificates ensure trusted communication without relying on external certificate authorities. For external interfaces (e.g., HTTPS), a customer-provided certificate may be used.
- Control Center supports encryption for:
- Internal node communication
Additional Security Topics
For technical security configuration, see related documentation:
Summary
dbWatch Control Center follows a security-by-design approach, with:
- Encrypted communications
- Role-based access control
- Internal certificate trust model
- Separation of roles across modular nodes
- Support for air-gapped, segmented, or cloud-hosted environments
This product architecture allows for flexibility and scalability without compromising on security fundamentals.