question

広志 北. avatar image
広志 北. asked ·

Question about SaaS tenant IP

Hi there,

Let me ask you a question about SaaS tenant IP. Is there a possibility that the IP address of the Dynatrace SaaS tenant you are using will be changed?

dynatrace saas
10 |2000000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 50.0 MiB each and 250.0 MiB total.

Andre V. avatar image
Andre V. answered ·

Hi @Hiroshi K.

I believe the IP will change at some point, since it is hosted in AWS. I'm basing this on what I've seen for my own host in AWS. It shouldn't matter though, since the URL you're using to access your tenant, will remain the same. In fact, your tenant URL resolves to one of the availability zones in AWS, which in turn resolves to a list of IP's.

Is there a reason you're asking about the IP change i.e. firewall rules on your end?


EDIT: turns out SaaS tenants are spun up with a static IP - in case anyone else reads this thread, see here: https://answers.dynatrace.com/spaces/148/uem-open-q-a_2/questions/137428/dynatrace-saas-and-static-ip.html

Share
10 |2000000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 50.0 MiB each and 250.0 MiB total.

広志 北. avatar image
広志 北. answered ·

Hi @Andre V.

Thank you very much for your reply and information.

> Is there a reason you're asking about the IP change i.e. firewall rules on your end?

Exactly! I care about the firewall configuration(443 port communication) affecting tenant IP change.

Could I ask you a little more?

If the SaaS tenant IP changes, can my customer know about that in advance? If the answer to the question is "No", my customers will not be able to connect to Dynatrace SaaS if the tenant IP changes.( by the effect of the firewall)

Is my understanding correct?

Share
10 |2000000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 50.0 MiB each and 250.0 MiB total.

Andre V. avatar image
Andre V. answered ·

Normally our clients do not worry about this, since internal users access their tenant on a standard https connection (port 443), which is the same as for many banking and other sites. These sites are accessed via the corporate proxy, which allows outgoing traffic on port 443 - nothing out of the ordinary there. The only time I see this as a potential problem, is when you have an ActiveGate which needs to connect to the tenant; if the firewall rules for the ActiveGate connection to the tenant are set up very strict, an IP change will cause communication breakdown, yes.

As far as I know, you can contact Dynatrace for a list of IP's to whitelist. I would ask them at that time, how you'd handle any changes to IP's, should they occur.

PS: if you do a nslookup on your tenant FQDN i.e. {tenantname}.live.dynatrace.com, using 'type=a' (on a Windows host, might be different option on Linux), then it should list the IP's for your tenant...but you probably know this already? ;-)

1 comment Share
10 |2000000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 50.0 MiB each and 250.0 MiB total.

Hi @Andre V.

Thank you very much for your reply.

> As far as I know, you can contact Dynatrace for a list of IP's to whitelist. I would ask them at that time, how you'd handle any changes to IP's, should they occur.

OK. I understood.

I really appreciate your advice!!

1 Like 1 · ·

Space Topics

mobile monitoring dotnet synthetic monitoring reports iis chat kubernetes servicenow amazon web services mysql mainframe rest api errors cassandra dashboard oneagent sdk cmc application monitoring openkit smartscape request attributes monitoring developer community user tagging log monitoring services ufo syntheticadvisory activegate ip addresses auto-detection high five award oracle hyperion webserver uem usql iib test automation license web performance monitoring ios news migration management zones index ibm mq web services custom event alerts notifications sso host monitoring knowledge sharing reports browser monitors java hybris sap vmware maintenance window user action naming javascript appmon ai synthetic classic availability tipstricks automation extensions session replay diagnostic tools permissions davis assistant faq documentation problem detection http monitors server easytravel apdex aws-quickstart network docker tags and metadata cloud foundry google cloud platform synthetic monitoring process groups account usability dynatrace saas gui paas openshift key user actions administration user actions postgresql synthetic locations oneagent security Dynatrace Managed user management custom python technologies mongodb openstack user session monitoring continuous delivery citrix configuration alerting NGINX action naming linux nam installation masking error reporting database mission control jmeter recorder apache mobileapp RUM php threshold azure purepath davis scripting agent aix nodejs android