Help Center

Recommendations for Infrastructure Products

Prognosis for Distributed Systems is installed minimally in a two-server configuration, consisting of the Prognosis server installation on the monitored server, as well as a separate machine hosting the primary Prognosis Management Server plus the Web Application.

Mostly, Prognosis is installed on the server to be monitored, but the following modules can monitor servers remotely, and so can have additional security considerations:

  • SQL Server monitoring

  • VMware monitoring

Access Layer

To retrieve and accept data from various monitoring interfaces, Prognosis for Distributed Systems uses the following credentials which are stored in the PASSWORDS configuration:

Required for:

Entry Name:

Purpose:

SQL Server monitoring

MSSQL

Sets the user Id and password that is used to connect to the SQL server in order to retrieve required performance metrics.

The following permissions need to be granted on any remote systems to be monitored:

Required for:

Permissions:

Purpose:

SQL Server monitoring

db_datareader on the master database for each monitored SQL Server.

The specified SQL Server monitoring user must have sufficient rights to issue queries against system and DMV views, to retrieve the required performance metrics.

SQL Server monitoring

‘View Server State’ and ‘View any definitions’ privileges on each monitored SQL Server.

The specified SQL Server monitoring user must have sufficient rights to issue queries against system and DMV views, to retrieve the required performance metrics

Network Layer

In addition to the standard Prognosis port considerations when securing the network path, the Prognosis for Distributed Systems solution requires the following:

Ports open for incoming connections:

No additional considerations.

Ports open for outgoing connections:

Port

Purpose

1433

Default port for SQL Server. Prognosis SQL Server monitoring connects to the SQL Server port to retrieve performance metrics. In addition, it needs to be granted access to certain SQL Server tables, as mentioned in the Access Layer section.

Ports open for local connections only:

No additional considerations.

System Layer

When securing the network path, aside from the standard Prognosis port considerations, the Prognosis for Distributed Systems solution requires no additional considerations at this time.

Recommendations

In all environments, the following approach is recommended:

  • Lock down remote access to ports that are not required for remote communications.

In high security environments, the following approach is recommended:

  • For SQL Server monitoring, use TLS 1.2 on connections to SQL Server.

Provide feedback on this article