Documentation forSQL Sentry

SQL Sentry Watching Targets Across Domains


It's possible to watch instances across domains with SQL Sentry even when there's no trust relationship between them. The best way to achieve this depends on the resources available and number of targets you wish to watch.

Important:  When watching a target in a different domain, you may need to use the fully-qualified domain name (FQDN) when entering the name of the target in SQL Sentry.

One Monitoring Service

If you only have the resources to install one SQL Sentry monitoring service for your environment, or only have a couple servers in non-trusted domains you wish to watch, Pass-through Authentication can be set up on each server in the other domain. This requires each watched server on the other domain to have a local Windows account that has the identical login and password as the SQL Sentry monitoring service's domain account. See the Monitoring Service Security article for all requirements necessary for the monitoring service account.

Multiple Server Services

Another option is to install a SQL Sentry monitoring service in each domain where there are servers you wish to watch. This only requires Pass-through Authentication for each monitoring service to the machine where the SQL Sentry database is installed. Create separate sites for each monitoring service ensuring that they only polled the servers in their domain. 

Note:  You can use SQL Authentication from the SQL Sentry monitoring service to the SQL Server hosting the database as an alternative to Pass-through Authentication.

Options For Watching Targets Across Domains

Additional Information: See the SQL Sentry Tips and Tricks:  Monitoring Targets Across Multiple Domains blog post for a walk through how to monitor targets across multiple domains with a single SQL Sentry database.

Pass-Through Authentication

Pass-through Authentication enables Windows targets in different domains or in non-Windows network environments to communicate with one another by using identical user accounts and passwords on each computer. 

This solution is ideal when you only need to monitor a few targets outside of your primary domain, and you don't have the resources available to install another monitoring service in the secondary domain.

Site Configuration

Each monitoring service only polls the targets in their own domain. The monitoring service located outside of your primary domain uses either Pass-through Authentication or SQL Server Authentication to communicate with the SQL Sentry database server.

This solution is ideal if you have a need to monitor a large number of targets outside of your primary domain, or have a need to monitor targets that are geographically separated from your main installation.

This solution also requires that you have the required resources available in the secondary location to install a monitoring service.