Watching Targets Across Domains

It's possible to watch instances across domains with SentryOne even when there's no trust relationship between them. The best way to achieve this depends on the resources available and number of targets you wish to watch. See the following for a short explanation of each option:

One Monitoring Service

If you only have the resources to install one SentryOne monitoring service for your environment, or only have a couple servers in non-trusted domains you wish to watch, Pass-through Authentication can be set up on each server in the other domain. This requires each watched server on the other domain to have a local Windows account that has the identical login and password as the SentryOne monitoring service's domain account. See the Monitoring Service Security article for all requirements necessary for the monitoring service account.

Multiple Server Services

Another option is to install a SentryOne monitoring service in each domain where there are servers you wish to watch. This only requires Pass-through Authentication for each monitoring service to the machine where the SentryOne database is installed. Create separate sites for each monitoring service ensuring that they only polled the servers in their domain. 

Note:  You can use SQL Authentication from the SentryOne monitoring service to the SQL Server hosting the database as an alternative to Pass-through Authentication.

Options For Watching Targets Across Domains

Pass-Through Authentication

Pass-through Authentication enables Windows targets in different domains or in non-Windows network environments to communicate with one another by using identical user accounts and passwords on each computer. 

This solution is ideal when you only need to monitor a few targets outside of your primary domain, and you don't have the resources available to install another monitoring service in the secondary domain.

Site Configuration

Each monitoring service only polls the targets in their own domain. The monitoring service located outside of your primary domain uses either Pass-through Authentication or SQL Server Authentication to communicate with the SentryOne database server.

This solution is ideal if you have a need to monitor a large number of targets outside of your primary domain, or have a need to monitor targets that are geographically separated from your main installation.

This solution also requires that you have the required resources available in the secondary location to install a monitoring service.