- 8 minutes to read

Prerequisites for the Nodinite Database Monitoring Agent

This page describes the prerequisites for installing and running the Nodinite Database Monitoring Agent.

graph LR subgraph "Nodinite" roNI(fal:fa-code-commit Database Monitoring agent) --- roMonitor[fal:fa-monitor-waveform Monitoring] end subgraph "SQL Server" roDB1(fal:fa-database SQL Instances) end subgraph "Azure" roDB2(fal:fa-database Azure Databases) end subgraph "PostgreSQL" roDB3(fal:fa-database PostgreSQL Instances) roMonitor ---roDB1 roMonitor ---roDB2 roMonitor ---roDB3 end

Instances of this agent can be installed on-premise using TCP/IP for local network access and/or in the cloud/off-site using Service Bus Relaying (see also the external link for additional information MicrosoftServiceBusRelayingLink).

We recommend that you keep this agent close to Nodinite Core Services. This documentation covers local network setup (usually on the Nodinite application server)

Verified Topic
Software Requirements
What Windows User Rights does the Database Monitoring agent require?
What SQL Database User rights does the Database Monitoring agent require?
What Azure SQL Database User rights does the Database Monitoring agent require?
What PostgreSQL Database User rights does the Database Monitoring agent require?
What Firewall settings are required for the Database Monitoring agent?

Software Requirements

The Database Monitoring Agent is a Windows Service and is usually installed on the Nodinite application server.

Product Version/Edition
Windows Server Windows 2022
Windows 2019
Windows 2016
Windows 2012 R2
Windows 2012
.NET Framework .NET Framework 4.8 or later New 5.4
Our recommendation is .NET Framework 4.8.1 or later
SQL Server 2008 R2 and later
SQL Database Azure SQL Database GA
PostgreSQL Version 9 and later

Versions 6.0 and later make use of the .NET Framework 4.8 or later.
Versions 5.4 and subsequently make use of the .NET Framework 4.6.2 or later.
Versions before 5.4 make use of the .NET Framework 4.5.2 or later.

Supported Versions

Cloud technologies are evolving fast and Microsoft deprecates older versions of their API's every now and then. Nodinite will always support the API's supported by Microsoft. This means you need to update Nodinite and our Database Monitoring Agent from time to time.

This means you need to update Nodinite and our Database Monitoring Agent from time to time.

Make sure to subscribe to our Release Notes

What Windows User Rights does the Database Monitoring agent require?

The agent is installed as a Windows Service usually on the Nodinite application server. Virtual machines are supported.

What SQL Database User rights does the Database Monitoring agent require?

Remember, if applicable, repeat the grants on all nodes part of the monitoring.

The account in use to connect with the Microsoft SQL Server comes from information retrieved from the Connection String. There can be any number of databases monitored. Type of accounts supported:

  • SQL User
  • Integrated Security (The account running the Windows Service)

Least privileges (basic usage)

The least privileges required to use all monitoring features are listed below:

  • Public - Account must be allowed to login(!)

Note

If you are using High Availability SQL Servers, accounts and rights must be applied on all instances since this information is not synchronized

Master Database

  • DataReader
  • db_ddladmin (see note)
  • Grant Execute on xp_sqlagent_enum_jobs
  • Grant View on any Definition

Important

db_ddladmin is required for the service account to have proper rights to read statistics. Without this permission, performance may be degraded, especially true for remote servers (linked servers). Read more here. Contact our support if you have any questions about this.

Grant Execute on xp_sqlagent_enum_jobs

Replace DOMAIN\user with your user in the example below:

USE Master
GO
GRANT EXECUTE ON xp_sqlagent_enum_jobs TO [DOMAIN\user];
GO

Example Script to grant the service account the right to read the information required to monitor SQL Server jobs.

Grant View on any Definition

To evaluate the size, the account in use must be granted 'VIEW ANY DEFINITION'.

USE Master
GO
GRANT VIEW ANY DEFINITION TO [DOMAIN\user];
GO

Example script to grant the service account the right to read the information required to monitor Database Size checks.

Grant View Server State

The agent queries the instance about some run-time information using dynamic views;This operation requires the VIEW SERVER STATE permission on the instance.

USE Master
GO
GRANT VIEW SERVER STATE TO [Domain\user]
GO

Replace [Domain\user] with the Windows account being used for the agent.

MSDB Database

  • DataReader
  • db_ddladmin
  • SQLAgentReaderRole - Right to read jobs and history
  • SQLAgentOperatorRole - Right to re-run jobs

Important

db_ddladmin is required for the service account to have proper rights to read statistics. Without this permission, performance may be degraded, especially true for remote servers (linked servers). Read more here. Contact our support if you have any questions about this.

Sample queries performed by the agent

  • EXEC msdb.dbo.sp_get_sqlagent_properties
  • 'SELECT dss.[status], dss.[status_desc]FROM sys.dm_server_services dss WHERE dss.[servicename] LIKE N'SQL Server Agent (%'`

SSISDB Database

  • db_datareader - To list packages
  • ssis_logreader (older versions of SQL Server) or ssis_admin (newer versions of SQL Server) - To get the execution history

All other

All other databases require: (for example when using custom Stored Procedures/AdHoc SQL commands)

  • Public - Account must be allowed to login(!)
  • DataReader and/or Execute Rights on the Stored Procedures/tables/Views/Objects part of your AdHoc queries
  • db_ddladmin - for better performance

Important

db_ddladmin is required for the service account to have proper rights to read statistics. Without this permission, performance may be degraded, especially true for remote servers (linked servers). Read more here. Contact our support if you have any questions about this.

What Azure SQL Database User rights does the Database Monitoring agent require?

The account used to connect to the SQL Database comes from information retrieved from the Connection String. There can be any number of databases monitored. Type of accounts supported:

  • SQL User

What PostgreSQL User rights does the Database Monitoring agent require?

The account used to connect to the PostgreSQL Database comes from information retrieved from the Connection String. There can be any number of databases monitored. Type of accounts supported:

  • PostgreSQL User

What Firewall settings are required for the Database Monitoring agent?

The Database Monitoring Agent has both inbound and outbound TCP based communication:

  1. Between the Monitoring Service and the Database Monitoring Agent
  2. Between the Database Monitoring Agent and SQL Server instances
  3. Between the Database Monitoring Agent and Azure SQL Databases
  4. Between the Database Monitoring Agent and PostgreSQL databases

The agent can be installed On-Premise using TCP/IP and/or in the Cloud using Service Bus Relaying.

graph LR subgraph "Nodinite Instance" roMonitoringService(fal:fa-watch-fitness Monitoring Service) roNI(fal:fa-monitor-waveform Database Monitoring agent) roMonitoringService --> |8000/443| roNI end subgraph "SQL Server instance(s)" roSQLDB(fal:fa-database SQL Server) roNI --> |1433, ...| roSQLDB end subgraph "Azure Cloud" roASQLDB(fal:fa-database Azure SQL Database) roNI --> |443| roASQLDB end subgraph "IBM Cloud / ..." roISQLDB(fal:fa-database PostgreSQL) roNI --> |31902/...| roISQLDB end

1. Between the Monitoring Service and the Database Monitoring agent

The following ports must be allowed on the Windows server where the agent is installed and running :

Port Name Inbound Outbound TCP UDP Comment
53 DNS The Agent needs to know where your other servers/services are (can sometimes optionally be solved using entries in the local hosts file)

And further with 'Option 1' or 'Option 2' as documented next:

Option 1 (Local network)

Port Name Inbound Outbound TCP UDP Comment
8000 RPC Communication is initiated by the Monitoring Service

Option 2 (Cloud/Hybrid)

Use Service Bus Relayed connections when Nodinite and the agent are on totally different networks.

Nodinite uses the same principle technique as the On-Premise data gateway, see 'Adjust communication settings for the on-premises data gateway' user guide.

Port Name Inbound Outbound TCP UDP Comment
443 HTTPS Secure outbound traffic
5671, 5672 Secure AMQP
9350 - 9354 Net.TCP

2. Between the Database Monitoring Agent and SQL Server instances

Port Name Inbound Outbound TCP UDP Comment
53 DNS The Agent needs to know where your other servers/services are (can sometimes optionally be solved with user-defined entries in the hosts file in each Windows server instance), review the following 'Microsoft' user guide
88 Kerberos Review 'Microsoft Kerberos' user guide
135 [DTC][MSDTC]/RPC This port is shared between many Windows Services
1433/... SQL Server instance ports (multiple) Depends on policies and settings on target environment. Please review the How to configure RPC dynamic port allocation to work with firewalls user guide

3. Between the Database Monitoring Agent and Azure SQL Databases

Port Name Inbound Outbound TCP UDP Comment
53 DNS The Agent needs to know where your other servers/services are (can sometimes optionally be solved with user-defined entries in the hosts file in each Windows server instance), review the following 'Microsoft' user guide
443 HTTPS Secure outbound traffic

4. Between the Database Monitoring Agent and PostgreSQL databases

Port Name Inbound Outbound TCP UDP Comment
53 DNS The Agent needs to know where your other servers/services are (can sometimes optionally be solved with user-defined entries in the hosts file in each Windows server instance), review the following 'Microsoft' user guide
31902 Remote connection port Actual port depends on your configuration

Frequently asked questions

Additional solutions to common problems and the FAQ for the Nodinite Database Monitoring Agent exist in the Troubleshooting user guide.

Next Step

Install Database Monitoring Agent

Add or manage a Monitoring Agent Configuration
Monitoring
Administration