• Home
  • Extend
  • Extensions 2.0
  • Data sources
  • SQL data source
  • Microsoft SQL Server monitoring configuration

Microsoft SQL Server monitoring configuration

After you define the scope of your configuration, you need to identify the following:

  • Databases from which to collect data
  • ActiveGates to execute the extension and connect to your devices

Example payload

Example payload to activate a Microsoft SQL extension:

json
{
  "value": {
    "enabled": true,
    "description": "My Microsoft SQL extension",
    "version": "1.0.1",
    "sqlServerRemote": {
      "endpoints": [
        {
          "host": "localhost",
          "port": 1521,
          "instanceName": "some-instanceName",
          "databaseName": "some-databaseName",
          "authentication": {
            "scheme": "basic",
            "username": "username",
            "password": "password"
          },
          "ssl": false
        }
      ]
    }
  },
  "scope": "ag_group-default"
}

Parameters

Enabled

If set to true, the configuration is active and Dynatrace starts monitoring immediately.

Description

A human-readable description of the specifics of this monitoring configuration.

Version

The version of this monitoring configuration. Note that a single extension can run multiple monitoring configurations.

Endpoints

You can define up to 100 endpoints in a single monitoring configuration in the sqlServerRemote section.

json
"sqlServerRemote": {
        "endpoints": [
            {
                "host": "sqlserver.org",
                "port": 1433,
                "instanceName": "instance",
                "databaseName": "database",
                "authentication": {
                    "scheme": "basic",
                    "username": "admin",
                    "password": "password"
                }
            }
        ]
    }

To define a Microsoft SQL Server, add the following details in the endpoints section:

  • Host
  • Port
  • Instance name
  • Database name
  • Authentication credentials

Authentication

Authentication details passed to the Dynatrace API when activating a monitoring configuration are obfuscated and it's impossible to retrieve them.

Basic

Basic authentication requires only a username and password.

json
"authentication": {
   "scheme": "basic",
   "username": "username",
   "password": "password",
}

Kerberos

Requires Active Directory domain set up. Allows you to connect to a database by providing a domain username, password, Key Distribution Center (KDC), and realm.

json
"authentication": {
   "scheme": "kerberos",
   "username": "username",
   "password": "password",
   "realm": "realm",
   "kdc": "kdc"
}

NTLM

Windows only

Requires Active Directory domain set up. Allows you to connect to a database by providing a domain username, a domain password, and, optionally, the domain.

json
"authentication": {
   "scheme": "ntlm",
   "username": "username",
   "password": "password",
   "domain": "some-domain-name"
}

Credential vault

The credential vault authentication type provides a more secure approach to using extensions by securely storing and managing user credentials. To use this, you must be the owner of the credentials and have a credential vault that meets the following criteria:

  • Credential type—User and password
  • Credential scope—Synthetic (in case of external vault usage) and Extension authentication scopes enabled
  • Owner access only is enabled only for credential owners
json
"authentication": {
   "scheme": "basic",
   "useCredentialVault": true,
   "credentialVaultId": "some-credential-vault-id"
}

SSL

ActiveGate version 1.251+

Enable SSL to make the data source verify the server certificate and use SSL encryption instead of native encryption.

json
"ssl": true

To enable SSL

  1. In the userdata directory on the ActiveGates running the SQL data source, manually create a PKCS12 truststore with the name sqlds_truststore and password sqlds_truststore.

    Command to create a truststore with keytool:

    bash
    keytool -genkey -keystore sqlds_truststore -storepass sqlds_truststore

    Location of userdata directory:

    • Windows: %PROGRAMDATA%\dynatrace\remotepluginmodule\agent\conf\userdata
    • Unix: /var/lib/dynatrace/remotepluginmodule/agent/conf/userdata

  2. Add the server's certificate to it. In the following example, we're using Oracle.

    Command to import a certificate with keytool:

    bash
    keytool -import -keystore sqlds_truststore -file .\ora.crt -alias oracle

ActiveGate version 1.269+ The certificate is additionally validated with hostname, which means that the domain from the certificate must match the one from the endpoint passed in the monitoring configuration.

Scope

Note that each ActiveGate host running your extension needs the root certificate to verify the authenticity of your extension. For more information, see Sign extension.

The scope is an ActiveGate group that will execute the extension. Only one ActiveGate from the group will run this monitoring configuration. If you plan to use a single ActiveGate, assign it to a dedicated group. You can assign an ActiveGate to a group during or after installation. For more information, see ActiveGate group.

Use the following format when defining the ActiveGate group:

json
"scope": "ag_group-<ActiveGate-group-name>",

Replace <ActiveGate-group-name> with the actual name.