Remote Connectivity

dbWatch Control Center is designed with secure, certificate-based remote communication in mind. All remote connectivity between server nodes, clients, and external monitors is protected by multiple layers of authentication, encryption, and access control.

Default Communication Port

By default, dbWatch Control Center listens for incoming connections on:

Port: 7100/TCP
Purpose: Client-to-server and server-to-server (node-to-node) communication
Encrypted: Yes — using TLS encryption over AES/GCM with 256-bit keys
Protocol behavior: Certificate-authenticated TLS resembling HTTPS traffic

Node and Client Authentication

Remote communication is only permitted for authorized and registered nodes or clients. Trust is established through the Domain Certificate Infrastructure, which includes:

A unique certificate for each node, issued by the Domain CA
Enforced certificate validation before any connection is accepted
Configuration of trusted nodes through the domain controller or node connection files

Unregistered or improperly signed nodes will be rejected by the system automatically.

Read more:
Certificate Infrastructure

Controlling Remote Access

dbWatch includes built-in tools to restrict and secure remote access even further:

The internal firewall can filter traffic based on:
IP address or subnet

Remote Deployment Scenarios

The remote communication model supports several use cases:

Remote DBA monitoring from external offices or cloud VMs
Multi-site architecture with central monitoring across network zones
Hybrid environments: on-prem + cloud instances
Managed Service Provider (MSP) scenarios where client infrastructure is isolated

In these cases, configuration of node communication, encryption, firewall rules, and port access must be handled carefully for secure operation.

Best Practices