Technology and architecture
NetFort Technologies SQL Server Database Monitor is software that tells you what is happening in your SQL Server environment. It shows you detailed information that you can use to monitor file share activity, troubleshoot problems, and demonstrate compliance with internal and external standards.
More details
Learn more about SQL Server Database Monitor concepts and configuration:
SQL Server Database Monitor uses advanced Deep Packet Inspection techniques to analyze the data packets flowing through the core switch on your network. It has a customizable browser-based user interface that shows you at a glance the file share activity that is most important to you, and gives you the ability to drill down to whatever level of detail you need.
SQL Server Database Monitor creates and maintains a database of traffic information that gives you access to historical as well as real-time file share activity data. Historical data is indispensable for network forensics, and for identifying network issues and trends that cannot be identified using real-time data alone.
The diagram below shows the SQL Server Database Monitor system architecture.
Click on the blocks in the diagram for details about each major component.
Management port
The management port on the SQL Server Database Monitor system enables network administrators to establish a browser connection so that they can view the traffic data captured and stored by system.
Click to close
Browser-based user interface
SQL Server Database Monitor has a browser-based user interface with a customizable dashboard and drill-down capability to whatever level of detail you need. All modern browsers are supported.
Click to close
You can configure any SQL Server Database Monitor report to send you an e-mail alert immedidately when certain conditions are met (for example, when a user accesses a specified website or file share).
Click to close
CSV and PDF reports
You can generate CSV (for importing into Microsoft Excel and other spreadsheet applications) and PDF versions of all SQL Server Database Monitor reports.
Click to close
Reporting engine
The SQL Server Database Monitor reporting engine uses the information in the traffic database to generate interactive web pages, e-mail alerts, CSV files and PDF reports.
Click to close
Directory services integration
With the optional module for directory services integration, you can generate reports that include user names and other details derived from your corporate directory. You can also configure the system to ignore specific accounts such as those that are used to download anti-virus updates and operating system patches.
Click to close
Directory server connection
SQL Server Database Monitor supports Microsoft Active Directory, Novell eDirectory, and the industry standard LDAP format.
Click to close
Traffic database
SQL Server Database Monitor stores a historical record of traffic data in a secure, hardened, and highly optimized database. The database capacity is limited only by the amount of storage space available, while the storage used per day is determined by the amount of traffic on your network. Because the database is independent of system log files, you can use it to demonstrate compliance with the segregation of duties requirements of internal and external auditors.
Click to close
Deep packet inspection
SQL Server Database Monitor uses Deep Packet Inspection techniques to inspect the contents (payload) of data packets in addition to the packet header, enabling it to identify threats that cannot be identified using standard networking components alone. SQL Server Database Monitor implements DPI at full wire speed and does not slow down the network.
Click to close
Traffic collection engine
The traffic collection engine collects file share activity data from the monitoring port on your core switch and prepares it for deep packet inspection (DPI) and subsequent storage in the SQL Server Database Monitor traffic database.
Click to close
Monitoring port
When monitoring a physical network, the monitoring (SPAN) port on the SQL Server Database Monitor system connects to the monitoring port on the core switch. When monitoring a virtual network, the monitoring port connects to a virtual switch, which must be operating in promiscuous mode. The file share traffic seen by the monitoring port is collected by the SQL Server Database Monitor traffic collection engine.
Click to close
Deployment options
SQL Server Database Monitor is a standalone software system that requires no operating system licenses. You can deploy it as a VMware virtual appliance or install it on a dedicated physical PC or server.
When installed on a dedicated physical PC or server, SQL Server Database Monitor runs on industry standard hardware. The only special requirement is that the PC or server must have two NICs (network interface cards) – one to collect the traffic data, and one to provide access to the SQL Server Database Monitor user interface.
When deployed as a virtual appliance, SQL Server Database Monitor can monitor internal virtual and physical network traffic. To monitor virtual network traffic, the virtual switch you are monitoring must be configured to operate in promiscuous mode. To monitor physical network traffic with a SQL Server Database Monitor virtual appliance, you need a dedicated virtual switch that is associated with its own NIC.
SQL Server Database Monitor in a physical network
The diagram below shows SQL Server Database Monitor in a typical network setup consisting of PCs, laptops, servers, a core switch, and a firewalled Internet connection. SQL Server Database Monitor is installed on a standalone server that is connected directly to the core switch.
Click on the diagram to see a close-up of the switch ports.
Click to close
In this network, the core switch port assignments are as follows (click the diagram to see a close-up of the switch ports):
| Port number | Description |
| 5 | File server 1 |
| 6 | File server 2 |
| 7 | File server 3 |
| 10 | Unused port |
| 12 | Monitoring (SPAN) port |
To monitor this network, the following steps are necessary:
- On your network switch:
- Configure port 12 as a monitoring port.
- Configure ports 5, 6, and 7 (the ports to which the file servers are connected) as the source ports to be monitored.
- Connect a network cable from the monitoring port on the switch (port 12) to one of the network interface cards on the SQL Server Database Monitor server.
- Connect a network cable from an unused port on the switch (port 10) to the other network interface card on the SQL Server Database Monitor server.
- In the SQL Server Database Monitor user interface:
- In the Administration menu, click Sensors.
- In the Sensors menu, click Add New Sensor.
- Choose a sensor type and follow the instructions.
SQL Server Database Monitor in a virtual network
SQL Server Database Monitor works on the same principle in virtual networks as in physical networks. A VMware ESX environment incorporates a virtual network switch, which is the virtual equivalent of the core switch in a physical network. The virtual network switch supports promiscuous mode, a setting that enables virtual adapters to see all traffic flowing through the switch and essentially providing the same functionality as a SPAN or monitoring port on a physical network. This makes it possible for the SQL Server Database Monitor virtual appliance to monitor and report on all file share traffic flowing through the virtual network.
The illustration below shows a typical virtual network setup consisting of several file servers connected to a virtual switch. When connected to the same virtual switch as the file servers, SQL Server Database Monitorvirtual appliance can monitor all file share activity on the servers.
In this network, SQL Server Database Monitor is installed on a virtual server that is connected to a virtual switch. When the switch is configured in promiscuous mode, SQL Server Database Monitor can capture all traffic flowing through the switch.
See the VMware installation instructions for detailed information about configuring SQL Server Database Monitor on VMware networks.
Monitoring physical network traffic with a virtual appliance
As well as monitoring traffic on your virtual network, a SQL Server Database Monitor virtual appliance can monitor file share traffic on your physical network. In this configuration, you must configure an additional sensor in the SQL Server Database Monitor user interface and connect this sensor to a separate virtual switch, which in turn must be connected to the physical network. The diagram below illustrates this configuration.
Find out more
If you have any questions about how SQL Server Database Monitor can help you with your network monitoring requirements, please contact us. If you would like to see SQL Server Database Monitor in action, please try our online demo system. or download a free 30-day trial to try it on your own network with your own data.