Database health issues

Database Center aggregates and categorizes database health issues across the projects in your Google Cloud organization(s) into a single dashboard. Database Center uses data from your Google Cloud projects and Security Command Center to aggregate and categorize database health issues based on the resources in your Google Cloud organization. Some companies might have more than one organization.

In Database Center, resources are the clusters and virtual machines that handle your workloads. An individual resource is a named unit of compute or storage. For example, in Cloud SQL, an instance and a read replica are separate individual resources.

A database resource group refers to all cloud computing resources that serve a set of data. For example, in Cloud SQL, one database resource group includes a primary instance and all the read replica instances associated with it.

Health issue categories

To help you view the most important aspects of your database fleet health at a glance, Database Center organizes health issues into industry-standard categories including cost, performance and capacity, availability, data protection, security, and industry compliance.

A database health issue is any topic that you want to monitor to ensure that your fleet is healthy and that your applications are robust and secure.

You can customize which databases and health issues Database Center displays. When you customize health issues, your customizations only apply to your view of the organization. Health issue customizations are saved at the per-user level.

Health issue categories are described as follows:

Health issue category	Description
Availability configuration	Availability issues track resource configurations that affect durability, fault tolerance, and downtime.
Cost	Cost issues help you optimize your database fleet for cost-saving opportunities.
Data protection	Data protection issues help you ensure the following: Your data is properly backed up. You store backups for a sufficient period of time. There are no gaps in your overall data protection strategy.
Security	Security issues help you perform the following types of tasks: Identify security misconfigurations and vulnerabilities. Identify and address cyber security risks. Detect threats to your Google Cloud database resources. Monitor and manage regulatory compliance.
Industry compliance	Industry compliance issues help you ensure that the database resources in your organization are compliant with common industry standards. Database Center helps you monitor compliance for the following industry standards: CIS Google Cloud Foundation 2.0 CIS Google Cloud Foundation 1.3 CIS Google Cloud Foundation 1.2 CIS Google Cloud Foundation 1.1 CIS Google Cloud Foundation 1.0 NIST 800-53 ISO-27001 PCI-DSS v3.2.1
Performance and capacity	Performance and capacity issues help you determine if your resource usage is putting your database performance at risk. These issues highlight the following: Instances with high CPU or memory utilization. Instances that are running low on storage capacity. Databases with a large number of tables or high table utilization Temporary tables affecting database performance
Other	Other issues include miscellaneous configurations that can help you with the following: Query troubleshooting, like "query durations not logged" Errors and logging scope, like "verbose error logging" Settings related to connections and users, like "connection attempts not logged"

Supported health issues

To view the health issues for a specific database, select one or more Google Cloud database products.

All AlloyDB for PostgreSQL Cloud SQL for MySQL Cloud SQL for PostgreSQL Cloud SQL for SQL Server

Category	Issue
Availability	Resource not failover protected
Data protection	No automated backup policy
Data protection	Short backup retention
Data protection	Last backup failed
Data protection	Last backup older than 24h
Industry compliance	Violates CIS Google Cloud Foundation 2.0
Industry compliance	Violates NIST 800-53
Industry compliance	Violates ISO-27001
Security	Unencrypted connections
Security	Auditing not enabled for important instance
Security	Server certificate expiring
Performance and capacity	Underprovisioned resource

Security issues supported by Security Command Center pricing tiers

Security Command Center Standard tier supports the following health issues for Cloud SQL in Database Center:

• Public IP enabled
• Exposed to public access

Security Command Center Premium tier supports the following health issues in Database Center:

• Industry compliance violations
• Unencrypted connections
• Databases not auditable
• No password
• Weak password
• Encryption key not customer-managed
• Server authentication not required
• Exposed by ownership chaining
• Exposed to external scripts
• Exposed to local data loads
• Logs not optimized for troubleshooting
• Connection attempts not logged
• Disconnections not logged
• Query durations not logged
• Verbose error logging
• Error logging misconfigured for statements
• Error logging misconfigured for statement severity
• Error log misconfigured for message severity
• Not logging only DDL statements
• Exposed to remote access
• Database names exposed
• Sensitive trace info not masked

For more information, see Security Command Center pricing tiers.

What's next

• Get started with Database Center.