gMSA account

“Foglight has saved our bacon time and again,” you tell your boss. “I just wish it had gMSA account support. Then we wouldn’t have to administer usernames and passwords for our Foglight agents.”

Wish granted.

Now, you can let Windows take care of administering usernames and passwords in Foglight. If your Foglight repository is running on SQL Server, you can configure that repository to use a gMSA account in the OS. That also applies to your Foglight Performance Investigator (Foglight PI) repository.

Let a gMSA account administer your Foglight credentials

Foglight 6.1 introduces support for group managed service accounts (gMSAs) for credentials that connect to Foglight-monitored resources (SQL Server, Host, Foglight PI Repository and Foglight Repository).

By configuring gMSA support, you tell Windows to handle username and password management for Foglight agents. Unlike the current mechanism of assigning separate credentials to agents, gMSA support means that you don’t need to maintain separate user accounts. You’re no longer on the hook to provide, update or rotate separate usernames and passwords.

In Foglight 6.1, you apply the gMSA username to monitor SQL Server with the option “Use the Active Directory account running your agent manager,” as shown below:

 Apply the gMSA username to monitor SQL Server with the option “Use the Active Directory account running your agent manager"

From that point onward, Windows administers the credentials that the Foglight agent uses, with full Windows security. The gMSA support allows Foglight agents (SQL Server and hosts) to use gMSA accounts, which provides improved security because passwords do not need to be managed. If an admin or Windows changes the password, Foglight will know immediately, so authorized Foglight admins won’t need to re-enter it.

Because it requires ongoing password management, an ordinary Foglight agent account is not as secure as a gMSA account. Benefits of gMSAs include:

  • gMSAs use a 240-byte, randomly generated, complex password.
  • gMSAs offload password management to Windows, so passwords change every 30 days.
  • You no longer need to schedule password changes.
  • You can deploy gMSAs to multiple servers, where multiple hosts run services like Foglight.

Greater Foglight security with less effort

The result is a single identity solution for Foglight security. You’ll enjoy more-secure infrastructure with less manual effort to manage passwords.

With Foglight 6.1 you can take advantage of gMSA support for:

  • Foglight repository
  • Foglight PI repository
  • SQL Server agent
  • Host agent

gMSA support will give you the same level of security you’re accustomed to in Foglight — in fact, you’ll have better security. Plus, you can leave the business of maintaining usernames and passwords to IT.

If you’re already using Foglight, find out more about Foglight 6.1 and how you can take advantage of its new features. If you’re new to performance monitoring, start your free 30-day trial today.

Related Content