Release date: June 5, 2023
Here's what's new in Database Performance Analyzer 2023.2 and 2023.2.1.
If you are upgrading from DPA 2023.2 to DPA 2023.2.1 and you have applied one or more buddy drops to DPA 2023.2, be aware that upgrading will remove the fixes made by the buddy drops.
New features and improvements in DPA
Additions to systems requirements and monitored instances
|Category||Vendor and version|
|Repository database||Amazon RDS for MySQL 8.0|
|Monitored database instances||EDB Postgres 14|
Security enhancements include:
HTTPS connections are now required.
To improve security, DPA 2023.2 and later accepts only HTTPS connections.
If you are upgrading from a previous version and you do not want HTTP connection attempts by users to fail, you can redirect connection attempts that use the HTTP connector port. If DPA Central is configured to access any DPA servers using HTTP, you must update those connection definitions. See Before you upgrade for more information.
The Tomcat driver used by DPA has been upgraded to Tomcat 8.5.85.
The JDBC driver used by DPA has been upgraded to Microsoft JDBC Driver 12.2.0.
Support for SAML authentication with Azure AD as the identity provider
To configure DPA to use SAML authentication with Azure AD as the identity provider, see this topic.
DPA 2023.2.1 includes the following fixes.
|01191341, 01318760, 01335574, 01355108, 01356393||
DPA 2023.2.1 generates index advisors and table tuning advisors.
Issues preventing connections via Azure AD user authentication with Azure SQL Managed Instances (ASMIs) and Azure SQL Database instances integrated with Azure AD have been resolved.
DPA 2023.2 includes the following fixes.
|01206958, 01245439, 01265950||
When DPA is monitoring a database instance on a VM with a large number of disks, the vSphere cleaner job runs as expected and cleans VM disk metrics for each granularity (seconds, 10 minutes, hours, days). This job removes old data from the DPA repository database, which prevents the repository from growing at a high rate and consuming excessive space and memory on the repository server.
Monitoring a Sybase database instance no longer fails with the error
Monitoring an Oracle database instance no longer fails with the error
Configuring an Azure SQL DB repository database no longer fails because of missing properties. DPA automatically adds the required JDBC URL properties in the Advanced Connection Properties dialog box.
|01105926, 01183265, 01225013, 01234101, 01241730||
Health, connection status, and other data about monitored SQL Server Availability Groups (AGs) is updated as expected in the Availability Group Summary view.
When you are registering a database instance for monitoring and the
DPA sorts index advisors based on the estimated time savings, listing advisors with the largest estimated savings first.
DPA index advisors no longer display estimated savings percentages that are greater than 100%. When DPA detects that information from the database vendor is inconsistent, DPA displays 'Unknown'. For more information, see this KB article.
|01183457, 01191341, 01194479, 01217066, 01311041||
DPA index analysis no longer fails with errors such as
DPA index analysis recommendations are no longer displayed one day and then missing the next even though the recommended indexes were not created.
|01142556, 01166969, 01172735, 01273937||
When deadlock alerts occur, DPA lists the deadlocks on the Deadlocks tab.
|CVE-2023-23837||No Exception Handling Vulnerability||No exception handling vulnerability which revealed sensitive or excessive information to users.||Medium|
|CVE-2023-23838||Directory traversal and file enumeration vulnerability||Directory traversal and file enumeration vulnerability which allowed users to enumerate to different folders of the server.||Medium|
SolarWinds would like to thank our Security Researchers below for reporting on the issue in a responsible manner and working with our security, product, and engineering teams to fix the vulnerability.
|CVE-2020-26870||URL redirection vulnerability||Due to vulnerable Swagger UI version 3.27.0, URL redirection was possible, which can help attackers modify a URL and redirect a user to any other malicious site.||High|
Installation or upgrade
This release includes fixes that might require changes to your DPA deployment. Before you upgrade, determine if you need to make the following changes:
If you want users to be able to access DPA using HTTP (instead of HTTPS), redirect connection attempts that use the HTTP connector port.
If DPA Central is configured to access any DPA servers using HTTP, update the connection definitions.
If you monitor IBM Db2 database instances, DPA 2023.2.1 requires additional privileges to collect information from updated Db2 dictionaries and stored procedures. Update the permissions of the DPA monitoring user for each Db2 instance.
You can make these changes either before or after an upgrade. However, to ensure DPA availability and to avoid any gaps in monitoring Db2 instances, SolarWinds recommends making them before you upgrade.
To ensure that DPA is available to users who previously connected over HTTP, update the
server.xml file to redirect traffic to the HTTP connector port (8123 by default) to the HTTPS/SSL connector port (8124 by default).
If the redirect is not added and users attempt to connect over HTTP after the upgrade, they will receive a message that the site can't be reached.
Open the following file in a text editor:
<!--HTTPS/SSL connector>, and note the
portvalue. (By default, this is 8124.)
<!--HTTP connector>. Within the
Connectorproperty, add the following, where
portvalue noted in the previous step:
If you make these changes after the upgrade, restart DPA for the changes to take effect.
If you use DPA Central, ensure that it is configured to connect to all DPA servers over HTTPS.
Determine if DPA Central is configured to connect to any DPA servers over HTTP:
From the DPA menu in the upper-right corner, click Central.
Click Manage Central.
Verify that every server has a lock in the SSL column. If a server's SSL column does not display a lock, DPA Central is configured to connect to that server over HTTP.
If one or more servers are configured to use HTTP, update each server's connection properties:
In the Registered Servers list, click the server's display name to open the Edit Server dialog.
Change the Port value to the port used for HTTPS connections (8124 by default).
DPA 2023.2 replaces six of the deprecated
SNAP* functions that previous DPA versions used to monitor Db2 database instances. Because of this change, the DPA monitoring user requires additional privileges to monitor a Db2 instance. In addition to
SYSADM permissions, the user requires
EXECUTE privileges on certain tables. To monitor Db2 instances with DPA 2023.2 and later versions, modify the monitoring user's permission on each Db2 instance.
The required permissions can be granted in Db2 10.1 and later. DPA does not support monitoring earlier versions of Db2.
Run the following commands to grant the DPA monitoring user
EXECUTEprivileges on the required tables:
grant execute on function SYSPROC.MON_GET_DATABASE to userName; grant execute on function SYSPROC.MON_SAMPLE_WORKLOAD_METRICS to userName; grant execute on function SYSPROC.MON_GET_ACTIVITY to <USER_NAME>; grant execute on function SYSPROC.MON_GET_BUFFERPOOL to <USER_NAME>; grant execute on function SYSPROC.MON_GET_TABLESPACE to <USER_NAME>; grant execute on function SYSPROC.MON_GET_TRANSACTION_LOG to <USER_NAME>;
To verify that the permissions were applied correctly, run the following command:
select substr(authid,1,20) as authid , authidtype , privilege , grantable , substr(objectschema,1,12) as objectschema , substr(objectname,1,30) as objectname , objecttype from sysibmadm.privileges where objectschema ='SYSPROC' AND AUTHID='<USER_NAME>';
In some situations, Index advisors for Oracle database instances might provide invalid recommendations
When a query on an Oracle database performs a full table scan, index advisors sometimes recommend creating an index that already exists. In other situations, index advisors might provide index creation scripts that include table columns that do not exist.
Resolution or Workaround: Ignore these index advisors.
Intermittent connection issues when monitoring IBM Db2 instances
When DPA monitors IBM Db2 instances, DPA is sometimes unable to connect to the instances. This occurs because DPA uses
SNAP* functions to collect information from Db2 instances, and these functions have been deprecated by IBM.
Resolution or Workaround: None.
DPA 2023.2 replaces six of the deprecated
SNAP* functions used in earlier DPA versions. The remaining
SNAP* functions will be replaced in an upcoming release.
Because of this change, when you upgrade to DPA 2023.2 or later, you must update the permissions of the DPA monitoring user for each Db2 instance.
REST API does not work when you access DPA with SAML login credentials
If you access DPA with SAML login credentials and you generate a refresh token, the following message is displayed when you attempt to use that refresh token to access the REST API:
You are not authorized to perform this action. Contact your DPA administrator.
Resolution or Workaround: Access DPA with a local login when you generate the refresh token.
Importing an alert definition without the associated database assignment rule
In some situations, the log file shows the status of an imported alert definition as both Imported and Failed. This occurs when the alert definition uses a database assignment rule, but the rule was not imported and did not already exist on the server.
The two statuses indicate that the alert definition was imported but the attempt to associate the database assignment rule failed.
Resolution or Workaround: When you import an alert definition that uses a database assignment rule, either import the rule or ensure that it already exists on the server.
If you imported an alert definition and the associated rule is missing, you must edit the alert definition to specify the database instances. (You can specify instances by manually selecting them or by applying a rule.)
End of life
|Version||EoL Announcement||EoE Effective Date||EoL Effective Date|
April 18, 2023 End-of-Life (EoL) announcement - Customers on DPA version 2022.2 or earlier should begin transitioning to the latest version of DPA.
|August 18, 2023 End-of-Engineering (EoE) - Service releases, bug fixes, workarounds, and service packs for DPA version 2022.2 or earlier will no longer actively be supported by SolarWinds.||April 18, 2024 End-of-Life (EoL) - SolarWinds will no longer provide technical support for DPA version 2022.2 or earlier.|
January 18, 2023 End-of-Life (EoL) announcement - Customers on DPA version 2022.1 or earlier should begin transitioning to the latest version of DPA.
|April 18, 2023 End-of-Engineering (EoE) - Service releases, bug fixes, workarounds, and service packs for DPA version 2022.1 or earlier will no longer actively be supported by SolarWinds.||April 18, 2024 End-of-Life (EoL) - SolarWinds will no longer provide technical support for DPA version 2022.1 or earlier.|
October 18, 2022 End-of-Life (EoL) announcement - Customers on DPA version 2021.3 or earlier should begin transitioning to the latest version of DPA.
|January 18, 2023 End-of-Engineering (EoE) - Service releases, bug fixes, workarounds, and service packs for DPA version 2021.3 or earlier will no longer actively be supported by SolarWinds.||January 18, 2024 End-of-Life (EoL) - SolarWinds will no longer provide technical support for DPA version 2021.3 or earlier.|
October 18, 2022 End-of-Life (EoL) announcement - Customers on DPA version 2021.1 or earlier should begin transitioning to the latest version of DPA.
|January 18, 2023 End-of-Engineering (EoE) - Service releases, bug fixes, workarounds, and service packs for DPA version 2021.1 or earlier will no longer actively be supported by SolarWinds.||January 18, 2024 End-of-Life (EoL) - SolarWinds will no longer provide technical support for DPA version 2021.1 or earlier.|
October 18, 2022 End-of-Life (EoL) announcement - Customers on DPA version 2020.2 or earlier should begin transitioning to the latest version of DPA.
|January 18, 2023 End-of-Engineering (EoE) - Service releases, bug fixes, workarounds, and service packs for DPA version 2020.2 or earlier will no longer actively be supported by SolarWinds.||January 18, 2024 End-of-Life (EoL) - SolarWinds will no longer provide technical support for DPA version 2020.2 or earlier.|
See the End of Life Policy for information about SolarWinds product life cycle phases. For supported versions and EoL announcements for all SolarWinds products, see Currently supported software versions.
The following platforms and features are still supported in the current release. However, they will be unsupported in a future release. Plan on upgrading deprecated platforms, and avoid using deprecated features.
|DPA server OS||Installing DPA on a server with a Windows Server 2012 R2 operating system is still supported in 2023.2, but support will be removed in an upcoming release.|
© 2023 SolarWinds Worldwide, LLC. All rights reserved.
This document may not be reproduced by any means nor modified, decompiled, disassembled, published or distributed, in whole or in part, or translated to any electronic medium or other means without the prior written consent of SolarWinds. All right, title, and interest in and to the software, services, and documentation are and shall remain the exclusive property of SolarWinds, its affiliates, and/or its respective licensors.
SOLARWINDS DISCLAIMS ALL WARRANTIES, CONDITIONS, OR OTHER TERMS, EXPRESS OR IMPLIED, STATUTORY OR OTHERWISE, ON THE DOCUMENTATION, INCLUDING WITHOUT LIMITATION NONINFRINGEMENT, ACCURACY, COMPLETENESS, OR USEFULNESS OF ANY INFORMATION CONTAINED HEREIN. IN NO EVENT SHALL SOLARWINDS, ITS SUPPLIERS, NOR ITS LICENSORS BE LIABLE FOR ANY DAMAGES, WHETHER ARISING IN TORT, CONTRACT OR ANY OTHER LEGAL THEORY, EVEN IF SOLARWINDS HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
The SolarWinds, SolarWinds & Design, Orion, and THWACK trademarks are the exclusive property of SolarWinds Worldwide, LLC or its affiliates, are registered with the U.S. Patent and Trademark Office, and may be registered or pending registration in other countries. All other SolarWinds trademarks, service marks, and logos may be common law marks or are registered or pending registration. All other trademarks mentioned herein are used for identification purposes only and are trademarks of (and may be registered trademarks) of their respective companies.