Database Center aggregates and categorizes database health issues across the projects in your Google Cloud organization(s) into a single dashboard. Database Center uses data from your Google Cloud projects and Security Command Center to aggregate and categorize database health issues based on the resources in your Google Cloud organization. Some companies might have more than one organization.
In Database Center, resources are the clusters and virtual machines that handle your workloads. An individual resource is a named unit of compute or storage. For example, in Cloud SQL, an instance and a read replica are separate individual resources.
A database resource group refers to all cloud computing resources that serve a set of data. For example, in Cloud SQL, one database resource group includes a primary instance and all the read replica instances associated with it.
Health issue categories
To help you view the most important aspects of your database fleet health at a glance, Database Center organizes health issues into industry-standard categories including cost, performance and capacity, availability, data protection, security, and industry compliance.
A database health issue is any topic that you want to monitor to ensure that your fleet is healthy and that your applications are robust and secure.
You can customize which databases and health issues Database Center displays. When you customize health issues, your customizations only apply to your view of the organization. Health issue customizations are saved at the per-user level.
Health issue categories are described as follows:
Health issue category | Description |
---|---|
Availability configuration |
Availability issues track resource configurations that affect durability, fault tolerance, and downtime. |
Cost |
Cost issues help you optimize your database fleet for cost-saving opportunities. |
Data protection |
Data protection issues help you ensure the following:
|
Security |
Security issues help you perform the following types of tasks:
|
Industry compliance |
Industry compliance issues help you ensure that the database resources in your organization are compliant with common industry standards. Database Center helps you monitor compliance for the following industry standards:
|
Performance and capacity |
Performance and capacity issues help you determine if your resource usage is putting your database performance at risk. These issues highlight the following:
|
Other |
Other issues include miscellaneous configurations that can help you with the following:
|
Supported health issues
To view the health issues for a specific database, select one or more Google Cloud database products.
Category | Issue |
---|---|
Availability | Resource not failover protected |
Data protection | No automated backup policy |
Data protection | Short backup retention |
Data protection | Last backup failed |
Data protection | Last backup older than 24h |
Industry compliance | Violates CIS Google Cloud Foundation 2.0 |
Industry compliance | Violates NIST 800-53 |
Industry compliance | Violates ISO-27001 |
Security | Unencrypted connections |
Security | Auditing not enabled for important instance |
Security | Server certificate expiring |
Performance and capacity | Underprovisioned resource |
Security issues supported by Security Command Center pricing tiers
Security Command Center Standard tier supports the following health issues for Cloud SQL in Database Center:
- Public IP enabled
- Exposed to public access
Security Command Center Premium tier supports the following health issues in Database Center:
- Industry compliance violations
- Unencrypted connections
- Databases not auditable
- No password
- Weak password
- Encryption key not customer-managed
- Server authentication not required
- Exposed by ownership chaining
- Exposed to external scripts
- Exposed to local data loads
- Logs not optimized for troubleshooting
- Connection attempts not logged
- Disconnections not logged
- Query durations not logged
- Verbose error logging
- Error logging misconfigured for statements
- Error logging misconfigured for statement severity
- Error log misconfigured for message severity
- Not logging only DDL statements
- Exposed to remote access
- Database names exposed
- Sensitive trace info not masked
For more information, see Security Command Center pricing tiers.