I recently helped a customer setup monitoring for over 400 instances in about 30 minutes. Darren Mallette posted a blog on how easy this is using the Discover Multiple Instances option Setting up Monitoring for Multiple SQL Instances - Performance Monitoring - Blogs - Quest Community
A great advantage here is that you can create the agents into the corresponding template at creation, rather than after. This is made easier if you have already grouped your instances in Management Studio and you can then export them as a group:
But what are the best credentials to use for mass deployments?
When creating SQL Server agents, there are four different credentials you could consider.
Firstly, the database agent can connect to the instance using SQL Server Authentication. This can be unpopular with your security people and requires the login to be created in advance on all the instances you are going to create agents for. You will still also need a windows credential with sufficient privileges for the windows side of the monitoring (or Linux if applicable).
Secondly, you could use Active Directory credentials for both SQL Server and windows. This is what I see generally being used as these accounts can be handled by active directory, which makes it easier to deploy if the login is in a group which is already set up in SQL Server with the relevant privileges, as well as Windows.
Thirdly, if applicable, you could use Azure AD if the instance is hosted in Azure.
However, there is also a fourth option, which is useful for GMSA (Group Managed Service Accounts) and systems that control rolling passwords.
The agents are created and run on a host remote from SQL Server using the Foglight Agent Manager. This can be sized in advance (in terms of CPUS and memory) to have capacity up to 600 agents.
When you install the Foglight Agent Manager or even afterwards you can define which account will run the agent manager.
The benefit here is that your deployment team can create this without any Foglight admin ever needing to know the password. When you come to create your agents, select the correct agent manager.
And select “use the AD Account running the agent manager”. You can see the relevant account.
When you configure the credentials for the OS connection:
So, in summary when you import your instances from a file you can quickly set the credentials and template here:
No passwords are required and then you are good to go.