question

Wai C. avatar image
Wai C. asked ·

Communication between Mission Control and Dynatrace Managed is one-way or two-way?

Security Team asked me if the Dynatrace Managed talks to Mission Control, of Mission Control talks to Dynatace Managed?

Or it is a two way comm that, They talk to each other?

Dynatrace Managedsecuritymission control
10 |2000000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 50.0 MiB each and 250.0 MiB total.

Radoslaw S. avatar image
Radoslaw S. answered ·

That is not true. Communication is always uni-directional from Cluster to Mission Control. We guarantee that no incoming traffic needs to be allowed to the cluster.


Even remote access works that way. In that case cluster acts as a client and Mission Control as a Server.

[update 08.08.2018]

1) In theory websocket tunnels that are utilized in remote access are birectional. Indeed it's the Mission Control that sends a message to the cluster to get page contents and post operation requests. Keep in mind tough, that in that communication MC acts as a server and Cluster as a client.


2) To get updates, cluster periodically polls MC to get current list of updates. If new are retrieved, then they are being downloaded an distributed to all nodes. If there's no updates on the list that are downloaded, then the cluster removes them. When cluster has new updates to OneAgents/Gateways then they are downloaded by them.

3) Email notifications for health alerts are sent by the cluster not by MC. The exception is when SMTP configured in the cluster doesn't work or is not configured properly, then the email request is sent from the cluster to MC that sends the email using Amazon SES on behalf of the cluster.

5 comments Share
10 |2000000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 50.0 MiB each and 250.0 MiB total.

Hello @Radoslaw S. ,

Thanks for bringing this up as this has been confusing for me from quite some time.

If communication is always uni-directional , then i will suggest to edit below line with a more clear statement in the official documentation

"To facilitate pro-active support, your Dynatrace Server transmits status information to and from Dynatrace Mission Control."

Please confirm me on below points also :

1) how does remote access taken by MC team (in case of issues in customer's Managed Cluster) works ? is it CLUSTER to MISSION CONTROL direction and not vice versa ?

2) Updates : : updates to SGW , Cluster , ONeagent are always polled by Cluster and then downloaded?

3) Email notifications for health alerts sent by MC : are these also not initiated by MC?

Thanks

Himanshu Mor

0 Likes 0 · ·

See my updated response.

0 Likes 0 · ·

Thanks @Radoslaw S. ! this helps clarify things for me.

For point number 1 regarding remote access: so we need to allow incoming connections also in our DC firewall for such scenarios because first connection request will be sent from MC to Cluster -> Please correct if i am still wrong here.

Thanks

Himanshu Mor

0 Likes 0 · ·

Yes you will need incoming connection allowed for websocket WSS protocol

0 Likes 0 · ·

Thanks @Radoslaw S. ! This helps!

0 Likes 0 · ·
Wolfgang S. avatar image
Wolfgang S. answered ·

Just to be more precise: Communication is rather request/response style initiated by the cluster which means that licensing information, health checks, consumption data are periodically sent to/requested from Mission Control depending on the type of the message. When it comes to pro-active support the cluster sends a heartbeat once every minute which can be used for remote access if enabled. So there is no open port on the server component itself that may impose a security risk.

Share
10 |2000000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 50.0 MiB each and 250.0 MiB total.

HIMANSHU m. avatar image
HIMANSHU m. answered ·

Hello @Wai Keat C. , communication between Dynatrace Managed cluster/standalone node & Mission control is bidirectional as mentioned in the below link

"To facilitate pro-active support, your Dynatrace Server transmits status information to and from Dynatrace Mission Control."

https://www.dynatrace.com/support/help/get-started...

Further for communication ports used in the communication from Security standpoint , please refer below link:

https://www.dynatrace.com/support/help/installatio...

Thanks

Himanshu Mor

3 comments Share
10 |2000000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 50.0 MiB each and 250.0 MiB total.

Hello @Himanshu M.

Mission Control required only the outbound, therefore, communication will be unidirectional but not the bidirectional.

Regards,

Babar

0 Likes 0 · ·

Thanks @Babar Q.! Please let me know how does remote access taken by MC team (in case of issues in customer's Managed Cluster) works ? is it CLUSTER to MISSION CONTROL direction and not vice versa ?

0 Likes 0 · ·

Hello @Himanshu M.

The information has been updated by @Radoslaw S. so please have a look on it.

Regards,

Babar

0 Likes 0 · ·

Space Topics

mobile monitoring dotnet synthetic monitoring reports iis chat kubernetes servicenow amazon web services mysql mainframe rest api errors cassandra dashboard oneagent sdk cmc application monitoring openkit smartscape request attributes monitoring developer community user tagging log monitoring services ufo syntheticadvisory activegate ip addresses auto-detection high five award oracle hyperion webserver uem usql iib test automation license web performance monitoring ios news migration management zones index ibm mq web services custom event alerts notifications sso host monitoring knowledge sharing reports browser monitors java hybris sap vmware maintenance window user action naming javascript appmon ai synthetic classic availability tipstricks automation extensions session replay diagnostic tools permissions davis assistant faq documentation problem detection http monitors server easytravel apdex aws-quickstart network docker tags and metadata cloud foundry google cloud platform synthetic monitoring process groups account usability dynatrace saas gui paas openshift key user actions administration user actions postgresql synthetic locations oneagent security Dynatrace Managed user management custom python technologies mongodb openstack user session monitoring continuous delivery citrix configuration alerting NGINX action naming linux nam installation masking error reporting database mission control jmeter recorder apache mobileapp RUM php threshold azure purepath davis scripting agent aix nodejs android