Register an Amazon RDS for SQL Server database instance
The following sections provide instructions for using a wizard to register an Amazon RDS for SQL Server database instance to be monitored by DPA.
You can also use mass registration to registrations to register multiple database instances, or you can register database instances using scripts that call the DPA API.
If you register a database instance within the 14-day trial period, DPA begins monitoring the instance immediately. After the trial period, you must activate a license to monitor the database instance.
Options for creating the monitoring user
The DPA monitoring user enables DPA to monitor a database instance. If DPA is not integrated with CyberArk, the following options in the registration wizard determine how the monitoring user and utility package are created or configured.
If DPA is integrated with CyberArk, these options are not displayed. You must create the monitoring user.
-
I will create the monitoring user manually.
With this option, you can create the monitoring user manually or by running a script. Then you use the wizard to complete the registration. You are not prompted to enter privileged user credentials into DPA.
If you create the monitoring with one of the scripts provided, the DPA monitoring user is not assigned the
sysadmin
role. Because the monitoring user is not granted thesysadmin
role, DPA has the following limitations:- DPA cannot collect near-zero or zero cost plans.
- The 'SQL Server Log has Many Virtual Logs' alert does not work.
- The 'Windows Service Not Running - SQL Server' alert does not work.
For detailed information about the privileges granted to the monitoring user, see this article.
To use this option, see Register an Amazon RDS for SQL Server database instance and create the monitoring user yourself below.
-
DPA will create/configure the monitoring user.
With this option:
-
You must provide the credentials of a user with the
sysadmin
role so that DPA can create or configure the monitoring user. -
The monitoring user is assigned the
sysadmin
role.
DPA does not store the user credentials. To use this option, see Register an Amazon RDS for SQL Server database instance and let DPA create the monitoring user below.
-
Register an Amazon RDS for SQL Server database instance and create the monitoring user yourself
Task 1: Create the monitoring user
-
Copy the following script to a file: CreateMonUserAmazonSqlServer.sql
This script is valid only if the default SQL Server permissions for system roles such as [Public] have not been altered with items revoked. If default system roles have been altered, DPA Support cannot help you find all items that are assumed to be allowed.
- Edit the script to update the user name and password values.
-
Connect to the SQL Server database instance and run the script. To ensure that the connected user has all the privileges needed to create the monitoring user, SolarWinds recommends connecting as master user name (a member of the
processadmin
,public
, andsetupadmin
role) to run the script.
Task 2: Complete the registration wizard
- In the upper-left corner of the DPA home page, click Register DB Instance for Monitoring.
- Under Amazon RDS & Aurora, select Amazon RDS for SQL Server.
- If the monitoring user prompt is displayed, select I will create the monitoring user manually. Then click Next.
-
Complete the Connection information panel:
-
Enter connection information for the SQL Server instance:
-
If the SQL Server Browser service is running, enter the server name or IP address and the instance name in this format:
Server\Instance
. -
Otherwise, enter the server name or IP address and the port number.
DPA monitors all databases within the instance. If more than one instance exists on the server, you must register each instance separately in DPA.
-
-
Under SSL mode, specify the type of secure socket layer (SSL) connections established between the instance and the DPA server.
SSL mode Description Disable SSL encryption is not used. No certificate validation SSL is enabled, but no server certificate checks are performed. This SSL configuration does not protect against man-in-the-middle attack because no certificate is required. Validate server certificate SSL is enabled. The client verifies that the server is trustworthy by checking the certificate chain up to a trusted certificate authority (CA). Validate server certificate and match hostname SSL is enabled. The client verifies the certificate chain and also verifies that the server hostname matches its certificate's Subject Alternative Name or Common Name (CN). -
Select the type of authentication you want to use. If Mixed Mode was selected during the SQL Server installation, you can choose either option.
-
Enter the user name and password of the monitoring user created previously. Or, if DPA is configured to use CyberArk, enter the CyberArk credentials query for the monitoring user.
-
Click Next.
DPA validates the connection information and the privileges of the monitoring user.
SSL is requested by default. If the server does not support SSL, a plain connection is used.
If registration fails because your DPA server cannot connect to the instance's server, see DPA database registration failure when attempting to register a database on an external network.
-
-
Specify the following Instance options.
The instance name and group membership can be changed after registration.
-
If your repository database is Oracle, choose the tablespace in the repository database to store DPA performance data for this monitored instance.
By default, the performance data is stored in the default tablespace of the repository user. However, data for monitored instances can be stored in separate tablespaces.
-
Enter the name that DPA will display to identify this database instance.
The Display name field defaults to the name retrieved from the database instance.
-
(Optional) If you have manually created instance groups, you can assign this database instance to one of the groups.
If no manual groups exist, this option is not shown.
-
(Optional) If you have existing alert groups, you can assign this database instance to one or more groups.
If no alert groups exist, or the existing groups do not match this instance's database type, this option is not shown.
-
Click Next.
-
-
Review the information on the Summary page. Click Back if you need to make changes. When the information is correct, click Register.
Register an Amazon RDS for SQL Server database instance and let DPA create the monitoring user
Task 1: Identify the privileged user
When you register a database instance using this option, you must provide the credentials of a privileged user. During registration, the privileged user either creates the monitoring user or grants the required privileges to an existing user that you designate as the monitoring user. DPA does not store the credentials of the privileged user.
The privileged user cannot be the repository database user.
Task 2: Complete the registration wizard
- In the upper-left corner of the DPA home page, click Register DB Instance for Monitoring.
- Under Amazon RDS & Aurora, select Amazon RDS for SQL Server.
- At the monitoring user prompt, select DPA will create/configure the monitoring user. Then click Next.
-
Complete the Enter Monitored Database Instance Connection Information panel:
-
Enter connection information for the SQL Server instance:
-
If the SQL Server Browser service is running, enter the server name or IP address and the instance name in this format:
Server\Instance
. -
Otherwise, enter the server name or IP address and the port number.
DPA monitors all databases within the instance. If more than one instance exists on the server, you must register each instance separately in DPA.
-
-
Select the type of authentication you want to use. If Mixed Mode was selected during the SQL Server installation, you can choose either option.
-
In the Login and Password fields, enter credentials for the privileged user that DPA can use to register the instance.
-
For Windows authentication, enter
<DOMAIN>\<username>
in the Login field. -
For SQL Server authentication, enter the credentials that you enter on the Connect to Server dialog in SQL Server Management Studio (with Database Engine as the Server type).
DPA does not use or store these credentials after you complete the wizard.
-
-
Click Next.
DPA validates the connection information and the privileges of the privileged user.
SSL is requested by default. If the server does not support SSL, a plain connection is used.
If registration fails because your DPA server cannot connect to the instance's server, see DPA database registration failure when attempting to register a database on an external network.
-
-
Create or specify the account that DPA will use to gather information (the monitoring user).
To ensure that the account has the required permissions, SolarWinds recommends creating a new account.
-
To create a new account:
- Next to Create Monitoring User, select Yes.
- Select SQL Server as the authentication method. (DPA cannot create a new Windows account.)
- Enter a user name and password for the new account, or accept the default values.
- Click Next.
-
To specify an existing account:
- Next to Create Monitoring User, select No.
-
Select either authentication method.
-
Enter the user name and password of an existing account.
For Windows authentication, enter
<DOMAIN>\<username>
in the Monitoring User field.You can also authenticate using a Windows Computer Account.
For SQL Server authentication, only the user name is required. Do not specify a domain.
-
Click Next.
If your repository database is Oracle, the Oracle Repository Tablespace panel opens. If not, continue with step 7.
DPA ignores data on the monitored database instance from the monitoring user. Make sure the monitoring user will not cause load on the monitored instance.
-
-
If your repository database is Oracle, choose the tablespace in the repository database to store DPA performance data for this monitored instance. Then click Next.
By default, the performance data is stored in the default tablespace of the repository user. However, data for monitored instances can be stored in separate tablespaces.
If your repository database is not Oracle, the wizard skips this step.
-
(Optional) Select the alert groups you want the new database instance to join. Then click Next.
-
If no alert groups exist, or the existing groups do not match the database type of this instance, the wizard skips this step.
-
Group membership can be changed after registration
-
-
Review the information, and click Register Database Instance.
-
When the registration is complete, click Finish to return to the DPA home page.
The scripts are not supported under any SolarWinds support program or service. The scripts are provided AS IS without warranty of any kind. SolarWinds further disclaims all warranties including, without limitation, any implied warranties of merchantability or of fitness for a particular purpose. The risk arising out of the use or performance of the scripts and documentation stays with you. In no event shall SolarWinds or anyone else involved in the creation, production, or delivery of the scripts be liable for any damages whatsoever (including, without limitation, damages for loss of business profits, business interruption, loss of business information, or other pecuniary loss) arising out of the use of or inability to use the scripts or documentation.