Working with MS SQL Cluster

This section guides you through setting up, configuring, and managing the MS SQL integration.

Prerequisites

On Gateway

OpsRamp Classic Gateway 15.0.0 and above.
OpsRamp NextGen Gateway 15.0.0 and above.
It is recommended to use the latest Gateway version for full coverage of recent bug fixes, enhancements, and improvements.

On Target Cluster Nodes / Standalone Nodes

The following prerequisites are required for a non-admin user

Add Windows Domain Permissions

The Windows domain user should be added to the Performance Monitor Users group to fetch performance counter metrics.

net localgroup "Performance Monitor Users" /add <user>

Grant Remote WMI Rights

Click Start and select Run.
Enter wmimgmt.msc and click OK.
Right-click WMI Control (Local) and select Properties.
Click the Security tab.
Select Root and click Security.
Add the user and select the following permissions:
- Execute methods
- Enable account
- Enable remoting
- Read security
Click Advanced, select the added non-admin domain user and click Edit.
Select This namespace and subnamespaces from the dropdown in the field Applies to.
Click OK three times.

Add user to Performance Monitor Users Group

Click Start and select Run.
Enter lusrmgr.msc and click OK.
In the Groups folder, right-click Performance Monitor Users and select Properties.
Click the Members tab and click Add.
Add the required users.

Note

For monitoring services like Windows cluster service and other MSSQL services (SQL Server, SQL Agent, SQL Browser, etc.), Windows domain users must be part of the Local Administrators group as the integration uses win32_Service class for fetching service details.

If you do not want to add the user to the local administrator group, configure Security descriptors to monitor the services. For configuration details, refer to Enable Windows Service Monitoring.

SQL authorization permissions

SQL DB instance should accept connections on the DB port. Ensure the firewall is allowing traffic over the DB instance port.
OpsRamp supports mixed authentication (both NTLM and SQL Server authentication).
To monitor DB metrics, you should have the following minimum privileges:
- Server Role: public - This server role is available by default
- Securables: Enable the following securables for connecting to SQL instances and underlying databases, along with required read-only permissions:

CONNECT ANY DATABASE

GRANT CONNECT ANY DATABASE TO <user>

CONNECT SQL

GRANT CONNECT SQL TO <user>

SELECT ALL USER SECURABLES

GRANT SELECT ALL USER SECURABLES TO <user>

VIEW ANY DATABASE

GRANT VIEW ANY DATABASE TO <user>

VIEW ANY DEFINITION

GRANT VIEW ANY DEFINITION TO <user>

VIEW SERVER STATE

GRANT VIEW SERVER STATE TO <user>

Connection Modes

Starting from MS SQL Cluster version 6.3.0, you can select the connection mode. The options available are:

PowerShell (existing)
OpenSSH (new)

Note

PowerShell-based communication is planned for removal in upcoming releases due to security vulnerabilities. Migration to OpenSSH is recommended for continued support and improved security.

Note that the OpenSSH support is currently not available for the Veritas Cluster deployment type.

If PowerShell is selected as ConnectionMode:

The windows domain user should have following permissions and configurations to establish a successful connection between the Gateway and the target machine using PowerShell remoting.

Enable PowerShell Remoting on the target machine using the following command:
```
Enable-PSRemoting -Force
```
Add the user to the **Remote Management Users** group to allow remote management of the target machine.
```
net localgroup "Remote Management Users" /add <user>
```
Add OpsRampGatewayIp to the TrustedHosts list on the target machine to allow the PowerShell connection from the Gateway to the target machine.
- To add TrustedHosts, use the following command:
  - To allow any host:
```
Set-Item WSMan:\localhost\Client\TrustedHosts -Force -Value *
```
  - To allow a specific host:
```
Set-Item WSMan:\localhost\Client\TrustedHosts -Force -Concatenate -Value <OpsRampGatewayIp>
```
- Set up and restart the WinRM service for the changes to take effect.
  - To set up:
```
Set-Service WinRM -StartMode Automatic
```
  - To restart:
```
Restart-Service -Force WinRM
```
Ports 5985 and 5986 must be opened on all nodes and clusters for PowerShell remoting.
Note
By default, WS-Man and PowerShell remoting use ports 5985 and 5986 for connections over HTTP and HTTPS.
- Verify connectivity from the Gateway to the target machine using the following command:
```
telnet <cluster or node ip> 5985/5986
```
The user should be added on all nodes and clusters.
Ensure that the provided IP address/host name and credentials are valid and accessible for successful integration. Verify connectivity from the Gateway using the following steps:
- Launch PowerShell using the following command:
```
pwsh
```
- Run the following commands to establish the connection using the details of your end device:
```
$pw = ConvertTo-SecureString -AsPlainText -Force -String "<password>"

$cred = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList "<username>", $pw

$session = New-PSSession -ComputerName "<ipAddress>" -Credential $cred -Authentication Negotiate -ErrorAction Stop
```
- Check the session state:
```
$session.State
```
  Note
  The session state should be Open.
- If the session is not established, verify that all Prerequisites are met on all servers and clusters.

If OpenSSH is selected as ConnectionMode:

OpenSSH must be installed and configured on the target Windows machine.
Password authentication must be enabled in SSH config: PasswordAuthentication yes
- Edit sshd_config (run PowerShell as Administrator)
- notepad C:\ProgramData\ssh\sshd_config (Note: If not at this location, locate the correct path for sshd_config and perform the following step)
  - Find the line #PasswordAuthentication yes (or PasswordAuthentication no), uncomment it and set it to yes, then click Save.
  - Find the line AllowUsers (or add it if missing) and set it to - AllowUsers <ssh-username>
  - Save the file.
```
Restart-Service sshd`
```

Ensure the sshd service startup type is Automatic

Set-Service -Name sshd -StartupType Automatic`

Set the OpenSSH default shell to powershell.exe using the following command on all the nodes

Set-ItemProperty -Path "HKLM:\SOFTWARE\OpenSSH" -Name DefaultShell -Value "$PSHOME\powershell.exe"; Restart-Service sshd

Open default SSH port 22 on all the nodes and clusters for OpenSSH connection.
The user should be added in all the target nodes & cluster

Configure and Install the MS SQL Cluster Integration

From All Clients, select a client.
Go to Setup > Account.
Select the Integrations and Apps tab.
The INSTALLED INTEGRATIONS page, where all the installed applications are displayed.
Note: If there are no installed applications, it will navigate to the Available Integrations and Apps page.
Click + ADD on the INSTALLED INTEGRATIONS page. The AVAILABLE INTEGRATIONS AND APPS page displays all the available applications along with the newly created application with the version.
Note: You can even search for the application using the search option available. Also you can use the All Categories option to search.
Click ADD in the MS SQL Cluster application.
In the Configurations page, click + ADD. The Add Configuration page appears.
Enter the following BASIC INFORMATION:


Field Name	Field Type	Field Dependency	Description
Name	String	NA	Enter the name for the integration.
MSSQL Type*	Dropdown	N/A	Select the type of Microsoft SQL Server instance you are integrating. The options availble are: Standalone: A single SQL Server instance that operates independently. Cluster: A clustered SQL Server instance that runs across multiple nodes for high availability. Veritas Cluster: A clustered SQL Server instance that runs across multiple nodes for high availability managed by Veritas clustering software. Note: The support to Veritas Cluster persona will be deprecated soon. For more information see, Deprecation of Veritas Cluster person in MS SQL Cluster Monitoring Integration 2.0.
IpAddress/HostName*	Text	N/A	If the MSSQL Type is set to CLUSTER, enter the IP address or hostname of the Windows cluster. If set to STANDALONE, enter the IP address or hostname of the individual node instead.
MSSQL Cluster Type	Dropdown	Appears only when Cluster is selected in the MSSQL Type field.	Select the type of SQL Server cluster configuration being integrated. The options available are: Failover Cluster Instance: A clustered SQL Server instance where only one node is active at a time, and failover occurs automatically in case of a failure. AvailabilityGroup: A high-availability solution where multiple SQL Server instances host a synchronized set of databases, allowing seamless failover and load balancing. Note: By default FailoverClusterInstance is selected.
MSSQL Cluster / Node Credentials*	Dropdown	N/A	Provide the Windows authentication credentials required to connect to the Windows cluster hosting the SQL Server cluster, or to the individual nodes in the case of a standalone SQL Server deployment. You can either select from the dropdown if the credentials are existing. Else click +ADD to create credentials. In the ADD CREDENTIAL window enter the following: Name: Enter the name of the credential. Description: Enter the brief description of the credential. User Name: Enter the User name of the credential. Password: Enter the Password of the credential. Confirm Password: Enter the password to confirm.
SQL Server Authentication Mode	Checkbox	N/A	Enable this option to provide SQL Server credentials if the specified Windows credentials do not have sufficient SQL Server access rights. If checked, OpsRamp will use SQL Server Authentication, requiring a username and password for access. If unchecked, OpsRamp will use Windows Authentication, which relies on the system’s configured Windows credentials to authenticate.
SQL Server Credentials	Dropdown	This field is displayed only when the SQL Server Authentication Mode checkbox is selected.	Select the SQL Server credentials from the dropdown. You can either select from the dropdown if the credentials are existing. Else click +ADD to create credentials. In the ADD CREDENTIAL window enter the following: Name: Enter the name of the credential. Description: Enter the brief description of the credential. User Name: Enter the User name of the credential. Password: Enter the Password of the credential. Confirm Password: Enter the password to confirm.
Connection Mode	Dropdown	N/A	Choose PowerShell or Open SSH based on the connection type with target device. Note: PowerShell-based communication is planned for removal in upcoming releases due to security vulnerabilities. Migration to OpenSSH is recommended for continued support and improved security.
App Failure Notifications	Checkbox	N/A	This checkbox is used to confirm whether a notification should be sent in the event of an app failure due to authentication or connection-related exceptions. If selected, notifications will be triggered for such failures. If not selected, no notifications will be sent in these cases.
Request Timeouts	Checkbox	N/A	Selecting this checkbox enables you to configure the timeout settings for NativeBridge connections and script execution requests made by the integration to the end device.
Connection TimeOut In Mins	Dropdown	This field appears only if the Request Timeouts checkbox is selected.	Select the maximum time, in minutes, that the integration should wait while establishing a connection with the nativeBridge. Default value: 10 minutes.
Connection Request TimeOut In Min	Dropdown	This field appears only if the Request Timeouts checkbox is selected.	Select the maximum time, in minutes, required to process a NativeBridge HTTP call, from sending the request to receiving the response. Default value: 10 minutes.
Socket Timeout In Mins	Dropdown	This field appears only if the Request Timeouts checkbox is selected.	Select the maximum allowable time of inactivity between two data packets during data exchange with the server. Default value: 10 minutes.
Script Execution TimeOut In Mins	Dropdown	This field appears only if the Request Timeouts checkbox is selected.	Select the maximum time, in minutes, that the integration should wait while establishing a connection with the nativeBridge. Default value: 10 minutes.

Select the below mentioned Custom Attribute:


Field Name	Field Type	Field Dependency	Description
Custom Attribute	Dropdown	N/A	Select the custom attribute from the dropdown.
Value	Dropdown	N/A	Select the value from the dropdown.

Note: The custom attribute that you add here will be assigned to all the resources that are created by the integration. You can add a maximum of five custom attributes (key and value pair).

In the RESOURCE TYPE section, select:
- ALL: All the existing and future resources will be discovered.
- SELECT: You can select one or multiple resources to be discovered.
In the DISCOVERY SCHEDULE section, select Recurrence Pattern to add one of the following patterns:
- Minutes
- Hourly
- Daily
- Weekly
- Monthly
Click ADD.

Note

Sample values shown in the configuration fields are for illustration purposes only. Use your actual integration details when configuring.

Now the configuration is saved and displayed on the configurations page after you save it.
Note: From the same page, you may Edit and Remove the created configuration.

Click Next.
Below are the optional steps you can perform on the Installation page.

Under the ADVANCED SETTINGS, Select the Bypass Resource Reconciliation option, if you wish to bypass resource reconciliation when encountering the same resources discovered by multiple applications.
Note: If two different applications provide identical discovery attributes, two separate resources will be generated with those respective attributes from the individual discoveries.

Click +ADD to create a new collector by providing a name or use the pre-populated name.

Select an existing registered profile.

Click FINISH.

The application is now installed and displayed on the INSTALLED INTEGRATION page. Use the search field to find the installed application.

Modify the Configuration

See Modify an Installed Integration or Application article.
Note: Select the MS SQL Cluster application.

View the MS SQL Cluster Details

Navigate to Infrastructure > Search > DATABASES > MS SQL Cluster.
Select the application on the MS SQL Cluster page.
The RESOURCE page appears from the right.
Click the ellipsis (…) on the top right and select View Details.

View resource metrics

To confirm MS SQL Cluster monitoring, review the following:

Metric graphs: A graph is plotted for each metric that is enabled in the configuration.
Alerts: Alerts are generated for metrics that are configured as defined for integration.