Solarwinds DPA talk

  • Hi,

    I am a Sr. Database Administrator, and just moved to the new Company.

    I am in the middle of requesting of the additional Tools that I would need for my new role.

    I used to work with Solarwinds DPA for many years in the past, and believe that this Tool is one of the most powerful, proactive and user-friendly SQL Server Performance Monitoring Tools on the market.

    I know that Solarwinds was compromised with several of their Tools.

    But I never heard that Solarwinds DPA was ever compromised.

    My new Security Department is very picky about this application because of these latest events with Solarwinds.

    So, in order for me to prove my point of buying this software to my Management Team, I need to be very conclusive.

    Does anybody still using this Tool today?

    Any advise or recommendations on this topic will be really appreciated.

    Thank you

    Alex

     

    • This topic was modified 2 years, 11 months ago by  AER.
  • To be honest, I've never used such monitoring tools even before the compromise.  I've always been fearful of such tools because of they all insist that they need such high deity privs as "sysadmin" and have written my own tools or use such tools where I can review the code before use (Brent Ozar has some dandy tools in this area).

    I'm suggesting this type of alternative because, if I were on the security team for your company, I'd be really hard pressed to allowing any such commercially offered "monitoring" tools.  You should probably expect a whole lot of pushback from your security team even if you have sworn testimony from user of other products.

    Others will likely strongly disagree with me but I've seen where millions of people have all been totally incorrect and one person be right before.

    In other words, be wicked careful because the whole bloody world has become a whole lot more dangerous.  Like your mama probably told you when you were a kid, "Be careful of what you put in your mouth or feed your goldfish". 😉

    --Jeff Moden


    RBAR is pronounced "ree-bar" and is a "Modenism" for Row-By-Agonizing-Row.
    First step towards the paradigm shift of writing Set Based code:
    ________Stop thinking about what you want to do to a ROW... think, instead, of what you want to do to a COLUMN.

    Change is inevitable... Change for the better is not.


    Helpful Links:
    How to post code problems
    How to Post Performance Problems
    Create a Tally Function (fnTally)

  • This may be a bit off topic, but what information do these tools provide to you that makes them worth the cost?  I've owned (inherited mostly) various monitoring tools over the past 25 years.

    Currently we own SentryOne, which was bought out by Solar Winds.  There is very little information that this provides to me that helps in my day to day duties.  If a problem arises, it does give me a "quick view" of various metrics.  But, the number of database related issues we have are rare, so there's little need for it.  The reports and screens are nice because I can provide various folks with pretty pictures.  It really only confirms what I already know.

    And, to echo what Jeff said about the tools requiring admin access to the everything, when I started at my current company, the service account's password was $ql$entry.  It was not uncommon for the folks who knew that password to use that login to do whatever they wanted on the production systems.

     

    Michael L John
    If you assassinate a DBA, would you pull a trigger?
    To properly post on a forum:
    http://www.sqlservercentral.com/articles/61537/

  • Hey guys, thank you for your quick responses,

    Jeff, unfortunately, I do not have time to create all the functionalities that I found very efficient and DPA is giving me in no time.

    John, my Company does not own SentryOne or Orion. Your Password information is very helpful; was your Company's password ever changed after that?

    My question still remains the same.

    Is anybody  using Solarwinds DPA today? And if yes, then was there anything done from your side to secure your environment from any malicious activities when using this Tool?

    Thank you

     

     

     

Viewing 4 posts - 1 through 3 (of 3 total)

You must be logged in to reply to this topic. Login to reply