Security Team asked me if the Dynatrace Managed talks to Mission Control, of Mission Control talks to Dynatace Managed?
Or it is a two way comm that, They talk to each other?
Answer by Radoslaw S. ·
That is not true. Communication is always uni-directional from Cluster to Mission Control. We guarantee that no incoming traffic needs to be allowed to the cluster.
Even remote access works that way. In that case cluster acts as a client and Mission Control as a Server.
1) In theory websocket tunnels that are utilized in remote access are birectional. Indeed it's the Mission Control that sends a message to the cluster to get page contents and post operation requests. Keep in mind tough, that in that communication MC acts as a server and Cluster as a client.
2) To get updates, cluster periodically polls MC to get current list of updates. If new are retrieved, then they are being downloaded an distributed to all nodes. If there's no updates on the list that are downloaded, then the cluster removes them. When cluster has new updates to OneAgents/Gateways then they are downloaded by them.
3) Email notifications for health alerts are sent by the cluster not by MC. The exception is when SMTP configured in the cluster doesn't work or is not configured properly, then the email request is sent from the cluster to MC that sends the email using Amazon SES on behalf of the cluster.
Answer by Wolfgang S. ·
Just to be more precise: Communication is rather request/response style initiated by the cluster which means that licensing information, health checks, consumption data are periodically sent to/requested from Mission Control depending on the type of the message. When it comes to pro-active support the cluster sends a heartbeat once every minute which can be used for remote access if enabled. So there is no open port on the server component itself that may impose a security risk.
Answer by Himanshu M. ·
Hello @Wai Keat C. , communication between Dynatrace Managed cluster/standalone node & Mission control is bidirectional as mentioned in the below link
"To facilitate pro-active support, your Dynatrace Server transmits status information to and from Dynatrace Mission Control."
Further for communication ports used in the communication from Security standpoint , please refer below link:
PCI DSS Compliance 1 Answer