Monitoring Different Windows Domains with Foglight for SQL Server

Foglight for SQL Server - SQL Server monitoring that’s continuous, web-based and scalable

One of the most frequent questions I get from customers, especially those monitoring large and complex SQL Server environments, is how they can monitor SQL Servers that may be spread across different, many times untrusted Windows domains.  Foglight provides a distributed architecture that enables customers to monitor these types of environments very easily, all from a single Foglight installation and user interface.

Before I get into the details of exactly how to do this, let’s briefly go over the Foglight Architecture (click on any image for a larger view):

The part worth mentioning here, is the Foglight Agent Manager (labeled 1), which connects to your SQL Server Instance(s) being monitored (labeled 2).  This agent manager needs to be able to connect to the SQL Servers over whatever port SQL Server is listening on (default 1433, or whatever port you have configured), and also to the monitored operating system over the ports used for WinRM or WMI.  This Foglight Agent Manager also needs to be able to leverage a Windows account to login to the SQL Server Instance (SQL Authentication can be used if required) and the Windows OS that is hosting your SQL Server instance.  In an environment with multiple domains, especially when trusts are not configured between each domain, a Foglight Agent Manager should be installed onto a Windows machine that is a part of the domain that includes the SQL Server instance(s) you wish to monitor.  This will allow the Foglight Agent Manager to authenticate, via Windows Authentication, to the SQL Servers being monitored.  If an environment is to have several of these, non-trusted, domains, expect to need at least one Foglight Agent Manager Installation, per Windows domain.  All of these distributed Foglight Agent Managers can report back into a common Foglight Management server, assuming that network connectivity and proper hardware/resource sizing can be ensured.

Installation Process:

 

This process starts after Foglight for SQL Server has been initially installed, meaning that you already have a Foglight Management Server, and Foglight Repository configured into your environment.

  1. Remote desktop onto the machine that you wish to install your Foglight Agent Manager on. This will be a machine that is a member of the domain where the SQL Server Instances you wish to monitor reside.
  2. Login to your Foglight Management Server via the web UI. The URL will typically be http://<foglightserver>:<port> where <foglightserver> refers to the machine or IP address that you have installed Foglight on, and <port> refers to the HTTP port that was configured during installation (default is 8080).  The default login and password for Foglight is a username of “foglight” and a password of “foglight”.  If you have changed the default login and password, make sure you are logging in with a Foglight user account that has administrative permissions.
    1. If you cannot connect to this URL from the browser on the machine you wish to install your Foglight Agent Manager on, first ensure that you have proper connectivity from that machine to your Foglight Management Server. Make sure that you can ping the Foglight Management Server hostname, and check whether port 8080 and/or 8443 is open in any firewall between the two machines.
    2. If network connectivity and firewall access is achieved, however some browser security restriction is prohibiting you from accessing the Foglight console from this machine, you can follow the remaining steps from a browser on a different machine, you will just have to copy the file downloaded in step (3.b) to your Foglight Agent Manager server prior to installation.
    3. If you cannot verify proper network and firewall connectivity between this Foglight Agent Manager machine, and your Foglight Management Server, please do so before going any furth
  3. In the Foglight user interface, navigate to Administration -> Cartridges -> Components for Download:
    1.  
    2. In the Components for Download interface, you will see several files. Grab the FglAM Installer file that matches the platform you wish to install on, typically Windows x86_64 (64 bit).  In the example above, the file is FglAM-5_8_5_2-windows-x86_64.exe however the filename you see may vary.
    3. If the file does not appear in the download list, contact technical support (if you are a customer) or your account manager (if you are a prospect) and we will direct you to the appropriate download location.
    4. Once the file is downloaded, you can launch it if you have downloaded it to your Foglight Agent Manager machine, or copy it to that machine prior to launching.
  4. Step through the Foglight Agent Manager installer. In most cases, the default parameters should be sufficient.  When you get to the screen where you add your Foglight Management Server URL’s, click on the add button, enter your management server host, select OK, and then test the connection to make sure it is successful:
    1. Complete the installation, accepting all defaults.
  5. If you wish, you can run your Foglight Agent Manager under a Windows Service Account. If you wish to do this, it will simplify some of the later steps.
    1. Navigate to the Windows Services interface via Administrative Tools or Start -> Run -> Services.msc 
    2. Find the service titled Foglight Agent Manager, right click on it, and select Properties
    3. On the Logon tab, change the option to “This Account” and enter in the account you wish to use to monitor your SQL Server instances and Windows Operating Systems:
    4. Start (or restart) the service so that it uses the new account.
  6. Navigate back to the Foglight user interface, and find the “Databases” Dashboard. Clicking on the Monitor -> SQL Server button will allow you to register a new instance to be monitored:
  7. At the top of the dialogue, you will see an option to select an “Agent Manager Host”. Click on the entry, and select the new Foglight Agent Manager that was just installed in the domain hosting the instances you wish to monitor.
    1.  
    2. Enter in all relevant information, as you would to register any SQL Server instance. If you chose to run your Foglight Agent Manager as a Windows Service Account, via step 5, you can select the following option to use that account to monitor your system.  This way you do not need to enter in any user account information into Foglight.

That should be it!  If you run into any issues with the above process, feel free to leave a comment, and/or contact our technical support team for assistance.  I hope you have found this information valuable.

Anonymous