Looking for some suggestions to address some security scan results of the dynaTrace server. The "vulnerabilities" that I am looking for help with are listed below. The dynaTrace server and Collector are both running on Windows.
I am submitting this to the forum on behalf of a new customer.
Thank you.
Answer by Dominik S. ·
Just a quick note for anybody interested, for detailed configuration options please contact support:
Port 8020 and 8023.
Port 2021 and 6699
Thanks... Dominik.
Answer by Ryan C. ·
Thanks Andreas.
Yesterday, in hindsight, I realized that it would have been more appropriate to have opened a support ticket for this topic, versus the discussion forum. So I opened a ticket yesterday afternoon and Markus is helping me.
Thanks.
Answer by Andreas G. ·
Hi Ryan
Let me forward this to our engineers and I will let you know the feedback.
As for Port 8020 - thats the WebServers Unsecure Connection which can be turned off in the Server-Settings. All ports you mentioned here are configurable through the Server-Settings Dialog - and - most of these services behind these ports can also be enabled/disabled through the Server-Settings Dialog
Keep you posted
Hi Andreas,
This in an interesting case.
Just this week I received a question from a prospect who wanted to know how secure the server, the collector and the data warehouse are.
If the customer choose the “harden” the systems where the above mentioned components run on, what is the bare minimum that needs to be running for dynaTrace to still work? Do you have a list of this?
Hi
I am not sure whether I completely understand your question - but - in order for dynaTrace to work you need
a) a dynaTrace Server that listens for incoming dynaTrace Collector Connections - default SSL Port 6699. Also listening on default port 2021 for incoming dynaTrace Clients
b) a dynaTrace Collector that connects to the dynaTrace Server on port 6699 and that is listening for incoming Agent connections - default port 9998
c) a dynaTrace Client that either connects to the dynaTrace server on port 2021 or through an HTTP Tunnel on default port 8023
For further questions on this I recommend talking to the technical support team. Open a question in the support system. They can help you figure out exactly what the requirements for your prospect are.
Andi
Hi Winston,
even i have a prospect who wants to perform OS hardening on the dynaTrace servers. one of his concerns is that the dynaTrace
servers will be in a service providers datacenter and hence he wants all data within dynaTrace systems to be fully protected.
did you get any reply to this request. if yes, pls forward it to me as well.
rgs
ashok
JANUARY 15, 3:00 PM GMT / 10:00 AM ET