Note: SQL Sentry Portal requires SQL Sentry software version 20.0 or above. The installation and configuration options are a standard part of the setup and EPI commands in versions 2020.8.7 or later. We strongly recommend upgrading to the latest release to install SQL Sentry Portal and get the complete set of features. See the Release Notes for more information.
What is SQL Sentry Portal?
SQL Sentry Portal is a browser-based option for accessing your SQL Sentry environment data that uses your existing SQL Sentry database. It replaces the previous mobile applications and Cloud Sync options.
Important: The default URL to access the SQL Sentry Portal is http://localhost:9991.
Additional Information: See the SQL Sentry Portal article.
Prerequisites
Before installing SQL Sentry Portal on-premises, ensure your credentials and machine(s) meet the System Requirements as well as the security and additional requirements listed below.
Security
See the SQL Sentry Portal Security article.
Additional Requirements
- Chrome and Microsoft Edge (the Edge version based on Chromium) are the recommended browsers for using SQL Sentry Portal.
- Only Windows devices are officially supported.
- SQL Sentry database that's accessible by the web server hosting SQL Sentry Portal.
- The preferred IP address and port that SQL Sentry Portal should use to listen for HTTP traffic.
- If you plan to change the binding address or port, ensure that there isn't already something listening to that address and port on the machine.
- The default IP address is 0.0.0.0. SQL Sentry Portal listens to all IP addresses on the machine that are not listening to the selected port.
- If you are running SQL Sentry Portal on a virtual machine, it's recommended to keep the default IP address of 0.0.0.0. Setting it to 127.0.0.1 may make it so that it can be accessed from the local host, but not other locations in the domain.
- The default port is 9991.
- It's recommended to set the IP address to 127.0.0.1 if you're planning to route requests through IIS or other reverse proxy on the same machine as the service. This will prevent external requests from directly reaching the service.
Installing SQL Sentry Portal
SQL Sentry Portal may be installed via the classic SQL Sentry Setup Wizard, through the EPI commands, or through the SolarWinds Platform Installer for SQL Sentry as long as the method you choose matches your existing SQL Sentry installation.
Where can SQL Sentry Portal be Installed?
SQL Sentry Portal can be installed on-premises with a self-hosted configuration as a service. It can be installed on a machine along with the SQL Sentry monitoring service and SQL Sentry client, or it can be installed on a machine by itself without any other SQL Sentry components.
Note: When using the EPI version, the SQL Sentry controller must exist on the machine where you install SQL Sentry Portal.
If you have more than one SQL Sentry database, you can view them with a single SQL Sentry Portal service. See the distributed databases article for more information.
Note: SQL Sentry Portal cannot run as an Internet Information Services (IIS) site. IIS may only be used as a reverse proxy to the SQL Sentry Portal service for HTTPS and request filtering. See the IIS Reverse Proxy Configuration section below for details.
Installation Example
Example of SQL Sentry (SentryOne) components installed across multiple machines (with EPI components when applicable)
Install SQL Sentry Portal using Setup Wizard
Follow the instructions in the SQL Sentry Installation article.
Install SQL Sentry Portal using EPI
Follow the Installation, Upgrade, and Uninstall instructions in the SQL Sentry Enhanced Platform Installer article.
Install SQL Sentry Portal Using SolarWinds Platform Installer for SQL Sentry
Follow the installation instructions in the SolarWinds Platform Installer for SQL Sentry article.
SQL Sentry Portal Configuration Utility
Changes to your SQL Sentry Portal configuration must be made through the Portal Configuration Utility (PCU).
Note: For the EPI version of SQL Sentry, the Portal Configuration Utility is only available in versions 2020.8.31 or later. Earlier EPI releases must uninstall/reinstall via command line to make changes.
Accessing the PCU
SQL Sentry
Locate the PCU through the file directory or use the Windows Start menu as Portal (Web Client) Configuration. Use the Run as administrator option to open it.
SQL Sentry Portal Web Client Configuration Utility
File path:
- Navigate to the MonitorPortal directory in your SQL Sentry installation. The default path is C:\Program Files\SolarWinds SQL Sentry\<Version>\MonitorPortal\PCU. In this example, it is C:\Program Files\SentryOne\2020.0\MonitorPortal.
SQL Sentry EPI Version
- Use the so configmp command to launch the Portal Configuration Utility from Command Prompt.
Note: You must run this command on the machine where SQL Sentry Portal is installed.
- You must use the EPI commands so stopmp and so startmp after making changes to the configuration. The PCU does not restart the portal service in an EPI environment.
Using the PCU
The PCU allows you to change database, network, security, and web server binding-related properties for SQL Sentry Portal. Select the Verify Connection button to verify your connection settings and then select Save to apply any changes.
The PCU also provides an option to stop/start the SQL Sentry Portal service (SentryOneMonitorPortal in Windows Services).
Note: SQL Sentry Portal supports distributed SQL Sentry databases. The drop-down menu at the top allows you to switch between the settings for each SQL Sentry database.
Additional Information: If you have multiple SQL Sentry databases and would like to view all of them in the same SQL Sentry Portal, see the distributed databases article for setup and security details.
 SQL Sentry Portal Configuration Utility Windows Integrated
|  SQL Sentry Portal Configuration Utility Azure AD |
Important: The default URL to access the SQL Sentry Portal is http://localhost:9991.
Additional Information: For more information about the settings in the Advanced Properties:
- Port: See the Setting the Connection Properties topic from Microsoft Docs for more information on the portNumber property.
- Packet Size: See the Configure the network packet size Server Configuration Option topic from Microsoft Docs for additional information on SQL Server network pack sizes.
- Encrypt Network Traffic: See the Enable Encrypted Connections to the Database Engine topic from Microsoft Docs.
- Trust Server Certificate: See the Setting the Connection Properties topic from Microsoft Docs for more information on the trustServerCertificate property.
- Multi Subnet: See the Setting the Connection Properties topic from Microsoft Docs for more information on the multiSubnetFailover property.
Use TLS
To use TLS for SQL Sentry Portal:
- Select the box next to Use HTTPS. Once selected, you'll see the TLS Certificate section.
- Enter the name of the certificate in Subject.
- Select Save.
- The Messages section displays the progress. Note that the SQL Sentry Portal service will be restarted during this process.
 Use HTTPS example
|  Messages example
|
Success: You have enabled TLS for SQL Sentry Portal. Use HTTPS:// at the beginning of the URL to open it in your browser.
Note:
- For a signed certificate from a trusted authority, you must register it on the machine so it goes into the LocalMachine/My store.
- Additional Information: See the System Store Locations and Local Machine and Current User Certificate Stores articles on Microsoft Docs for details.
- When updating a certificate, you need to add it to the machine. SQL Sentry Portal will use the latest valid certificate (by expiration date) without requiring a restart of the machine or service. Older, invalid, and expired certificates will be ignored.
- If you do not have IIS installed and are not using port 443 on this machine as part of any other web server, you can update the Port in the Binding section to 443. When SQL Sentry Portal uses port 443, you do not need to specify the port in the URL. For example, you can use https://localhost instead of https://localhost:443.
Adding New SQL Sentry Portal Connections
- Select New to open the Add New Connection window.
- Enter a name for the new portal connection, and then select Confirm.
- Enter the Server and Database Name for your connection.
- Select your authentication method and enter your connection credentials. Select Verify Connection to test your connection.
- Configure any applicable Advanced Properties, Bindings, and the User Identity Provider.
- Select Save to save your Portal Connection.
Deleting SQL Sentry Portal Connections
- Select the Portal Connection you want to remove from the SQL Sentry Database Connections drop-down list.
- Select Delete to open the Remove Connection window.
- Select Yes to remove the connection.
Using Azure Active Directory as the Identity Provider
Note: Azure Active Directory (AD) is available as an Identity Provider (IDP) for SQL Sentry Portal Version 2023.1 and later. Azure AD authentication is not fully supported with multiple database installations in Version 2023.1.
Additional Information: For information about registering an app with Azure AD, see the Quickstart: Register an application with the Microsoft identity platform MSDN article.
Warning: For users that installed new installations of SQL Sentry Portal with Version 2023.1:
You must execute the following script against the SQL Sentry database to use Azure AD as an IDP for SQL Sentry Portal.
Substitute the email address used in the Onboarding wizard in the '{email address}' field and execute the script on the SQL Sentry database.
--NOTE: A record in [dbo].[Contact] must exist with the supplied email addressDECLARE @ContactID UNIQUEIDENTIFIER;SELECT @ContactID = [ObjectID] FROM [dbo].[Contact] WHERE [EmailAddress] = '{email address}'DECLARE @RoleID UNIQUEIDENTIFIER = '7E54B2ED-0BEC-4E83-A279-44E6F9BEF1C1'INSERT INTO [Security].[FeatureRoleAssignment] (ObjectID, RoleID, PrincipalID)SELECT s.[ObjectID], @RoleID, @ContactIDFROM [dbo].[Site] as sWHERE ParentSiteObjectID IS NULL
Important: You must configure the TLS certificate to use the Azure Active Directory (AD) Identity Provider. See Use TLS above for information about configuring the TLS certificate in the PCU.
Create a New or configure an existing SQL Sentry Portal Connection to use your Azure AD IDP credentials:
- Open the SQL Sentry Portal Configuration Utility.
- Select New to create a new repository connection or select the desired connection from the drop-down menu.
- Select Azure AD from the Provider drop-down menu.
- Enter the Tenant id, Client id, Redirect URL, and Client Secret associated with you Azure AD application.
- Select Save to save your credentials.
IIS Reverse Proxy Configuration (Optional)
Unsupported: The following steps cover the process required to set up IIS as a reverse proxy to the SQL Sentry Portal service for HTTPS and request filtering. For information about IIS administration, see IIS.net.
This information is provided as an example to get you started with IIS Reverse Proxy Configuration. Please refer to the official IIS administration documentation for support with this process and up-to-date documentation.
See the Use TLS option in the Portal Configuration Utility section for the preferred method of enabling HTTPS/TLS in SQL Sentry Portal.
IIS Reverse Proxy Prerequisites
The following modules must be installed before configuring your reverse proxy:
Note: These required modules are not installed by default.
IIS Reverse Proxy Instructions
Configure a reverse proxy in IIS to host SQL Sentry Portal by completing the following steps:
1. Create a website with your desired outward bindings. If you want to use HTTPS, this is where you will register your certificate. Point the site to the default IIS directory.
Note: The default IIS directory is often C:\inetpub\wwwroot. The Application Pool settings wont have an effect on the behavior of this site because it will not be executing code. You can set the .NET CLR version to No Managed Code, but this is not required.
2. Open the Home window for the new site, and select the URL Rewrite feature.
3. Select the Add Rule action from the right window pane, and then select Reverse Proxy rule from the Inbound and Outbound Rules category.
 |  |
4. Enter the IP address and port of the service in the Inbound Rules server name input. Ensure that Enable SSL Offloading is selected. Select OK to save the rule. 
Note:
- Localhost:9991 is the default IP address. When you are setting this up, you may need to use your server's DNS name (e.g. ServerDNS:9991).
- If your server has no IIS conflicts with port 443, you can bind SQL Sentry Portal to port 443, and use https://ServerDNS as the URL (no port required).
Success: IIS now routes all requests to the website to the SQL Sentry Portal service.
DEPRECATED: Installing SQL Sentry Portal On Premises Manually
Important:
- SQL Sentry Portal must be installed outside of the user's directory.
- These steps are included only for users who do not have the current release of SQL Sentry with the installation built in. It was added to the installer in version 2020.8. If you have version 2020.8 or later, you must use the EPI or Setup Wizard instructions to install it.
- You need the original SentryOne.Monitor.WebClient.Web artifact or version of the Enterprise Platform Installer that was used for your SQL Sentry installation to follow these deprecated instructions.
After you have ensured that your machine meets the prerequisite requirements, you can begin installing SQL Sentry Portal. Install SQL Sentry Portal on your machine manually by completing the following steps:
1. Unzip the SentryOne.Monitor.WebClient.Web artifact at the desired location on the machine hosting SQL Sentry Portal.
 Extract Folder
|  Select Destination and Extract Files
|
2. Update the appSettings.json file in the root of the project with the correct connection string for the client’s database.
 Open appSettings.json
|  Update the Connection String
|
3. Run the service install script OnPremServiceInstall.ps1 as administrator. Enter the IP address and port that you want to bind the service to in the appropriate prompt.
 Run Powershell as administrator
|  Execute the PowerShell Command, enter the IP, and enter the Port
|
Note: To use integrated authentication for the database connection, you need to change the account that the SQL Sentry portal service is running under in the Windows Services Control panel after installation. The default account is LocalSystem.
