Month: August 2025

Posted on

How a Managed Service Provider for Databases Found a Secure Management Method

Managed Service Provider stopped needed VPNs

Any Managed Service Provider who has tried to scale their database services knows the hard home truth: at some point adding another client with a VPN router causes more work than the client’s paying.  

A Managed Service Provider in The Nordics solved their scaling issue by using Cloud Router, from dbWatch. Cloud Router is secure, solved their VPN headache, has put all their client’s into a single pane of glass, giving them a total overview of all customers, and kept them logged into the customer’s environment. They’re able to solve problems quickly. 

Key Advantages of dbWatch

  • Scalability for additional clients. Set all your databases into the same system without needing a multiple VPN solution. The price scales so if you join the MSP Partner program.
  • Better security. VPNs provide a pathway for hackers to enter your system and your customer’s system. Cloud Router creates secure connections and dbWatch Control Center has a historic tracking log, so you see everything that happens on database servers.
  • Secure Outbound Connectivity uses encrypted, outbound-only communication to remove VPN vulnerabilities and ensure safe, persistent access without relying on customer-side configurations.
  • Faster Setup and Maintenance simplifies onboarding with a lightweight agent, reducing setup time from hours to minutes and cutting down on support overhead across all customers.

Limitations of VPNs as a Managed Service Provider 

From the beginning of their database monitoring work the MSP installed and configured  VPN routers to monitor and interact with their customer’s environments. Each customer had a unique set up and needed a technical person on their side to manage the VPN. 

In the beginning, the VPNs worked well. The chief DBA at the MSP remembers, “It was just fire and forget.”  But it didn’t scale. At round five customers, the VPNs started to overlap, having same address space, forcing the MSP to turn on and off VPNs connections. In addition, some customers only wanted the VPNs open for a set window of time.  

Soon the setup became too complex to manage. Having certain VPNs open at the same time started to cause software conflicts, due to the incompatibilities between some of the encryption technologies.  Multiple VPNs had to be opened, monitored and closed daily.  

Then there was the cyper-security risk. Because both sides are connected to the VPN and no one can easily see if there’s an attack, the risk of using VPNs is doubled. While the MSP had their customers in a separate network to prevent an attack, not many of their customers used the same precaution, nor did the customer’s suppliers. 

When VPN keys and log-ins time out, the client contact person was needed to re-open the connection. If the contact person was out-of-office, the process was time-consuming. 

The Chief DBA acknowledges that other MSPs might connect differently with their clients. “You can get Connect website and other options. However we’re only focused on only monitoring databases and database servers and the VPN is what we needed.” 

Sometimes the hardware box would simply fail. It took too much time to maintain the box and their connections.  The VPNs needed a technical contact person on the customer side. The contact needed to set up the VPN initially and then remain on call consistently for when the connection failed. The amount of time the MSP spent managing VPNs cut into their profit margin. 

dbWatch is so much easier than VPNs, we never want to go back.

Senior DBA, Nordic MSP

A New Solution to an Old Problem 

The MSP began using the Cloud Router package in 2022, participating as beta testers before its official release. Cloud Router replaces site-to-site VPNs with an outbound-only, encrypted connection initiated by a lightweight agent. It’s a flexible installation, with the ability to be on-site at the MSP, at the customer or in the cloud. This Nordic MSP manages databases located at the customer’s site. The approach eliminates the need for exposed inbound access or static IP allowlists, reducing both complexity and risk. 

The deployment process is standardized: the MSP installs the dbWatch server locally and configure the connect to the cloud router hosted by the MSP.  The MSP connects to the Cloud Router to see all their different customers.  

The new setup enabled the MSP’s DBA team to view all customer environments from a single control center, with full visibility into each database server’s health, performance, and alerts. Instead of managing dozens of overlapping VPN tunnels, they now use an interface where they can switch instantly between monitoring and management modes, without re-authenticating or disrupting workflows. 

In addition, the transition also resolved several operational problems. Access is persistent and no longer depends on time-sensitive VPN keys. If a connection drops, it’s logged and restored automatically, without requiring action from the customer side. Because the communication is outbound and encrypted end-to-end, the security surface is minimized and monitored, making the setup both safer and easier to audit. 

An illustration of how cloud router works.

Above graphic shows the concept of dbWatch Cloud Router.

Why dbWatch Belongs in Your Tech Stack

Various database monitoring tools are on the market today, but for Morten, dbWatch stands out for its affordability, support, and ease of use. “The product’s price sets it apart,” Morten said. “Especially for companies without a DBA tool, dbWatch is an easy decision because it doesn’t come with the high cost of other solutions.”

Without a dedicated tool, DBA teams often build their own tools and have manual routines for monitoring and reporting – reinventing the wheel at every step. With dbWatch, Morten and his team avoid wasting time and have a tool that works out of the box. “It’s very easy to deploy,” Morten said. “It’s simple to add servers; you don’t need a large system to turn it. You just need to open the correct ports between what you’re monitoring and the monitoring server.”

The Benefits of Using Cloud Router 

The MSP was hooked on Cloud Router before the beta testing finished. “It was so much easier than VPNs, we never want to go back.” Here are some of the many benefits they gain: 

Scalable Access 

Now one person can easily manage 30 customers. No longer does the DBA team spend time logging in and out of VPNs each week to ensure the connections work. Nor do they have those ‘Murphy’s Law’ moments where a customer’s system is suddenly down and the VPN key has decided not to work. 

Improved Security and Reliability 

With the outbound-only connection, there’s no need to worry about each customer’s IT hygiene. In addition, there’s no problem with VPN keys.  

Time Savings 

Now that there aren’t multiple VPNs to track, one DBA can handle more clients. In addition, the team can solve issues on first detection without waiting for access or customer contacts.  

Safe, Secure Connections

Learn how your company can benefit from Cloud Router.
Request a Demo
Posted on

Custom Database Monitoring Jobs

A visualization of custom database monitoring

Undoubtedly, your organization has issues that are specific to its business set-up. Some of these problems and issues are tied to databases.  

If your database is part of the problem, it can also be part of the solution. You can use custom database monitoring jobs that detect early indicators and trigger alerts before full-scale issues develop. These monitoring jobs improve database reliability while saving time on reactive fixes.  

How Does Out-of-the-box Monitoring Work? 

Customized monitoring makes more sense once you’re familiar with the default monitoring jobs. dbWatch comes with a set of monitoring jobs; they are generic and can be applied to the laundry list of jobs that most everyone needs. That list grows yearly when customers talk to us about a monitoring job they need. If it is likely an issue for others, we create the job and push it into the main product.  

dbWatch allows for customized jobs, so you can tailor detection to be alerted about your red flags. Usually, these jobs are so individualized that it doesn’t make sense to include them in the product. Installing them would create an error because the relevant data doesn’t exist in many environments.  

How does Customized Database Monitoring Work? 

Using customized monitoring means starting with a query or pattern that reflects a real problem. Then, you build a job that alerts you when that query or pattern happens again. dbWatch has customized monitoring because each business needs to be able to develop database monitoring jobs for their business case.  

The problems the monitoring jobs fix don’t always look like database issues. Below are several industry specific use cases where customized monitoring jobs have saved companies time and money. 

Saving Thousands of Dollars by Alerting when Syncing Fails  

In our home base of Norway, many ferry companies transport people over fjords. They often sell tickets on the boats, using hand-held systems containing credit card information. 

Several of these companies use dbWatch to monitor and manage their databases. One of our technicians, Per, visited them on-site for a day to set up 50 databases and service their systems.  

Over lunch, they mentioned to Per that they had a problem with their hand-held systems. Theoretically, the hand-held system should sync each time the ferry docked, using the docking station’s WiFi. In reality, sometimes they stopped syncing but kept adding new credit card information, overwriting the older information as the memory card filled.  In the high season, this could quickly add to losses of upwards of USD 5,000 a day per machine.  

Over a second cup of coffee, Per got the details and then offered to fix the problem with a customized monitoring job. The job checks each hand-held system daily, noting if the system has connected with the WiFi once in the last 24 hours. When a system fails to connect, the person responsible for hand-held systems receives an email alert and can act to ensure the data is saved.  

Example of a ferry where a terminal is used to buy and sell tickets.

Broadcaster Ensures the Correct TV Program is Published 

A national broadcaster in Europe needed to ensure that their systems pushed out the information for schedules and programs on TV. Sometimes, the system locked up and didn’t push correctly, old data was published, or incorrect information appeared. Because the system was developed in-house, they needed a unique way of ensuring everything would update automatically. 

Using dbWatch, they implemented monitoring for it, alerting them when the database doesn’t push the TV program correctly. The monitoring job checks on both ends to ensure the data has been pushed and arrived. When either end has a problem, an alert is texted to the DBA on duty, and they can correct the problem so someone who tunes in for the news doesn’t find a documentary about underwater weaving instead.  

A Large SaaS Alerted When Key Job Fails to Fire 

A large SaaS company has over 1000 database servers to monitor and manage. dbWatch wrote a customized monitoring program for them. The SaaS company needed to monitor when a specific repeating job didn’t fire within their software program on their client’s databases.  

When the job doesn’t fire, the customized monitoring job deploys to make it fire. If the job doesn’t fire, the DBAs are alerted and can implement a manual start.  

Identifying Problems that Normal Monitoring Can’t Catch 

Many organizations have operational issues that are highly specific to their business case. Often, these issues don’t appear as traditional database issues, which means the standard out-of-the-box jobs miss them.

If you are developing your own application, you can also create monitoring jobs that fit that application, using the dbWatch framework. This makes it possible to deploy monitoring alongside your application so any problems are caught early and addressed before they affect users.

When left without monitoring, these issues can cause serious disruptions, financial loss, or damage to a company’s reputation. This is where dbWatch can make a difference. You can create custom monitoring jobs tailored to your specific business set-up. Instead of relying only on predefined checks, you can define the exact query that signals a problem. Then, you’ll be notified when certain conditions occur, and you’ll be able to stop the problem before it starts.  

Webinar: Customized Monitoring

Learn how to customize your monitoring jobs with dbWatch.
Sign-up