At the moment, we’re designing the part of the SQL Response interface that allows you to choose the servers you want to monitor. This has proved to be a complicated issue, as we require – for every SQL Server you want to monitor:
- credentials to log in to the physical Windows box
- credentials to log in to the SQL Server instance
It may be that, as a DBA, you have a single account set up that allows you access to both the physical server and the SQL Server instances on it. Or, at the other extreme, maybe each SQL Server instance has its own separate account and password, which you would need to enter separately. What is the situation in your organisation?
- Do you have to provide one set of credentials for the machine and another for the SQL Server?
- Do you have several domain accounts or just one?
- Does each instance have its own account?
- Do you use integrated security or SQL Server authentication?
- Also, do your accounts/passwords ever change? If so, how regularly??
We’re trying to develop an interface that can cater for all of these situations. So it won’t annoy you if you want to add 100 servers at once using the same credentials; neither will it annoy you if you have to enter credentials for each and every server you want to monitor. But we’d like to know how broad the spectrum of use-cases actually is, so we can meet your needs accordingly.
4 Comments
We have dedicated AD accounts that is are domain admin and SQL Server admin that noone uses without authorised agreement. All necessary services run under these accounts and physical logins are logged and alerted at the network level as the accounts gives anonymity to whoever is using it. I have them set accordingly up for SQL Response and SQL Backup. When we get a new server to build or a new license to apply I simply use the relevant account credentials to get the application working.
Very similar setup to the one above – AD admin account specific for server login. Problem every time the password expires on the domain/SQL server admin account… should it be set to not expire?
I also have a 2nd domain login, which is just a power user, cannot log on at the Windows server. To run SSMS from my workstation, I have to RUNAS the server acct and enter the admin acct password…
We use a specific Domain account for SQL Server Services that only has the rights needed for SQL Server to run. DBA’s at my company do not have Domain Admin accounts, although we, well I, am granted local administrator rights on the SQL Server Servers.
Jack,
Thanks for your comment. We think we’ve made this much simpler in v2 and I’ve sent you an email detailing the exact permissions that will be required (these will be available publically very soon).
We look forward to hearing what you think.
Thanks again,
Adam