SolarWinds offers an Amazon Marketplace Image (AMI). This article only applies if you want to install DPA in thee cloud on your own.
This article is on how to set up and install DPA on an AMI for monitoring database instances. This article assumes you have an EC2-VPC platform with an AMI of Microsoft Windows 2012 and SQL Server 2012 standard edition installed and running.
SolarWinds DPA 9.1 and later have native support for Amazon EC2. This article is only for DPA 9.0 and earlier and Ignite 8.0 and later. SolarWinds recommends all customers upgrade to the latest version of DPA.
There a few prerequisites when provisioning DPA in Amazon Web Sevices (AWS). DPA requires ports 8123 and 8127 to be open for web and administrative access. A security group will act as a virtual firewall and control the type of traffic allowed in the DPA instance. It allows us to define these rules independently of the instances we create. In this example, it would be only for this one server and we will allow ports 8123 and 8127 to access our server. Both of these ports must be allowed by the security group.
We will allow RDP (port 3389) so that we can use Remote Desktop Connection to connect to the instance from your computer. You will also want to allow port 1433 to connect to the SQL Server instance using Microsoft SQL Server Management Studio, for example.
You must decide what IP addresses will be allowed to use your instance. The most restrictive group would be to allow only your IP address. For example, if your IP address is 18.104.22.168, then the CIDR representing that IP address is 22.214.171.124/32. Or, you could allow everybody on the Internet to use your instance, using the CIDR 0.0.0.0/0. For this example, I will allow only my IP address to be able to send inbound traffic to my DPA instance.
- In AWS under VPC Dashboard > Security, click Security Groups.
- Click Create Security Group.
- Enter the required information, and select the VPC where the security group will be used.
- Click Yes, Create.
Define the inbound and outbound rules in the new security group.
- Click the Inbound Rules tab, and click Edit.
- Add the following rules:
The yellow boxes represent your IP address.
- Click Save.
- Click the Outbound Rules tab.
For simplicity, our security group will have a single outbound rule, allowing all traffic to all destinations, which is the default.
Name the security group.
- Click Actions > Add/Edit Tags.
- For the Name tag, enter a Value of
Database Performance Analyzer (DPA).
- Click Save.
Make sure the inbound and outbound rules are attached to the DPA security group.
Remotely connect to the instance
Use Remote Desktop Connection to connect to the DPA EC2 instance. Enter the IP address of the instance, and click Connect.
Configure the Windows Firewall for DPA ports
As you remember, we had to create a security group with two inbound rules in EC2-VPC for ports 8123 and 8127, to ensure access to the instance. We must now repeat that in windows firewall.
- Start the Windows Firewall application in Control Panel.
- Click Advanced settings on the left.
- Right-click Inbound Rules, and select New Rule.
- Click Port, and then Next.
8123, 8127 in the Specific local ports field, and click Next.
- Verify that Allow the connection is selected, and click Next.
- Clear the Domain and Private check boxes. Only Public should be selected. Click Next.
Database Performance Analyzer (DPA): Web in the Name field, and click Finish.
Confirm that SQL Server is running on the EC2 instance
Run Microsoft SQL Server Management Studio and sign in using Windows Authentication. Connect and run a simply query, for example:
If you have issues bringing up SQL Server, see this article (LINK TO DPA for SQL Server Installation Troubleshooting) to troubleshoot.
Download the DPA installation file on the server
Download and transfer the installation file from your computer to the EC2 instance. Extract the .zip file run the installer.
Confirm the DPA installation
Locally connect to DPA using the Windows machine name or the private IP address:
Create the DPA repository administrator user in Windows
DPA requires a repository administrator user to be configured in Windows.
- Start User Accounts application in Control Panel.
- Click Manage User Accounts, and then click Add.
- Create a user named DPAUser and assign a password.
Connect to the EC2 instance with the user in Remote Desktop Connection. Locate the public DNS or IP address in the AWS console for the instance. Load a web browser and enter the DPA URL.
Create the DPA repository
- On the Select Repository Database Instance Type page, click Microsoft SQL Server. Click Next.
- Enter the server name and port 1433. Select Windows Authentication and use the syntax
DOMAIN\username in the SYSADMIN User field. Click Next.
- Next to Create New Login, click No. Select Windows Authentication and enter the DPAUser user name and password. Click Next.
- Accept the defaults for repository storage, and click Next.
- Enter your name and email. SolarWinds DPA sends database performance reports to this address. Click Next.
- Confirm the repository information, and click Create Repository.
- Click Register Database Instance to Monitor to continue.
Confirm the DPA repository installation
On your local machine, enter the public IP address (including port 8123) of your EC2 instance in a web browser. For example:
You should see the DPA home page. You are finished installing DPA in the EC2 instance.
Access the target database from DPA
To register a database to manage in DPA, make sure you can access the database in DPA.
- Make sure the security group of the EC2 instance where the database is installed has an inbound rule for the DPA instance. DPA uses the security group named DPA-SecurityGroup. The EC2 instance of the SQL Server database you want to monitor should include that security group. In my case, I am using security group "SQL-RDP-SG" where I grant SQL access (and also temporarily RDP access).
- My target database is in a private subnet. This means that the route table of the subnet does not have a route to the Internet Gateway of the VPC. Notice the CIDR of my target database's subnet is 172.31.144.16/28. DPA does not have to live in the same subnet as the target databases. By the way, having a separate security group, subnet and route table make it easy to make temporary changes. For example, I want to have a route to the Internet Gateway in this database so I can remotely connect to it. I added it temporarily as a route, and then removed it when I no longer needed it. However, when creating databases on EC2 that should not be public, create the EC2 instance by disabling automatic assignment of public IP address at launch. Then, provision an Elastic IP address and associate it to the instance for the time when you need to connect to it from your network.
Register a database instance for monitoring
- In DPA, click Register Database(s) for Monitoring.
- Under Self-Managed, click Microsoft SQL Server. Click Next.
- Enter the private DNS address of the EC2 instance where your target SQL Server resides, and the port number (1433 by default). Enter the credentials of a SYSADMIN of that instance, but not the DPA administrator, which DPA uses temporarily to register the instance. Click Next.
- Enter the user name and password of a user you created in Windows and with a login to the SQL Server. If you are doing this with a new test database, follow the same procedure you followed before when creating the user and login for the DPAUser in the DPA instance. SolarWinds recommends that a domain account be created for monitoring. Click Next.
- Select the Alert Groups you want the new database instance to join, and click Next.
- Confirm the registration information, and click Register Database Instance.
- Click Finish to go to the SolarWinds DPA home page, or click Register Another Database Instance to continue registering.
You are now monitoring your database instance with DPA.