• Forums
    • Public Forums
      • Community Connect
      • Dynatrace
        • Dynatrace Open Q&A
      • Application Monitoring & UEM
        • AppMon & UEM Open Q&A
      • Network Application Monitoring
        • NAM Open Q&A
  • Home
  • Public Forums
  • Dynatrace
  • Dynatrace Open Q&A
avatar image
Question by jose r. · Dec 26, 2019 at 10:14 AM · Dynatrace Managed synthetic monitoring security

Synthetic Monitoring Security

Hi all.

we´re working in a managed installation. The customer is interested in Synthetic Monitoring, but they have some questions about security. I read the doc in

- How is the encryption between the browser monitor and the tenant?

- Before the information is sent to the tenant...is the data stored in the Browser? If so, does this information have any security or encryption system? By example, the username, passwords , should not be visible.

- how tenant authentication is performed on the probe. That is, as the probe knows that it is our tenant who wants to execute the script

i´ve review doc in https://www.dynatrace.com/support/help/how-to-use-dynatrace/synthetic-monitoring/

and i not see the answer.


I hope you understand the doubts.

thanks in advanced.

jose A

Comment

People who like this

0 Show 0
10 |2000000 characters needed characters left characters exceeded
  • Viewable by all users
  • Viewable by moderators
  • Viewable by moderators and the original poster
  • Advanced visibility
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 10 attachments (including images) can be used with a maximum of 50.0 MiB each and 250.0 MiB total.

5 Replies

  • Sort: 
  • Most voted
  • Newest
  • Oldest
avatar image
Best Answer

Answer by Sebastian K. · Dec 26, 2019 at 10:43 AM

In general this works differently. You have 2 options. Using public synthetic locations or create local one via ActiveGate. They are working the same. You can record click path that will perform some scenario on your website. This scenario will be sent to public locations or your loca will be used (this one can be used on your private network). Everything is encrypted via SSL.

Than robots will be clicking through your page and record responses in configured frequency. This data are then send encrypted to your Dynatrace server. For public location it is done via Mission Control (DT cluster has access to it), for private locations it is send directly to Dynatrace server. No data are stored in browsers, because robots are setting up headless browser instances just for direct run, collecting data and ending process.

If you will provide credentials to script, nobody will have access to it, but this has to be sent to synthetic location to allow access for script. As I said, all is secured via SSL connection.

There are as well HTTP monitors, not simple option. It only executes request without business scenario and validate response. Good for testing API’s. but from security point of view it is working the same.

Sebastian

Comment
Maciej N.

People who like this

1 Show 2 · Share
10 |2000000 characters needed characters left characters exceeded
  • Viewable by all users
  • Viewable by moderators
  • Viewable by moderators and the original poster
  • Advanced visibility
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 10 attachments (including images) can be used with a maximum of 50.0 MiB each and 250.0 MiB total.

avatar image jose r. · Dec 27, 2019 at 08:59 AM 1
Share

Thank you very much for the answer, it is very useful.

I have a question, in the record sequence, i must input username and password (and other confidential data) that should be replayed; Are these credentials saved in the script? If this is so, is the password encrypted or ofuscated?


Regards

Jose A

avatar image Sebastian K. jose r. · Dec 27, 2019 at 09:40 AM 1
Share

Credentials are saved in dynatrace cluster and send to robots on demand. I don’t know about hashing, this is rather question to someone from Staff. But event if Dynatrace will hash password and confidential data to store them internally (which I hope it does) mechanism has to be reversible because script has to have those data in plain text to fill the form.

Sebastian

avatar image
Best Answer

Answer by Miguel B. · Jan 17, 2020 at 11:38 AM

Just to add a bit more info to the topic:

  • Synthetic scripts and credentials are stored in an encrypted database (AES-256).
  • Transfer of the scripts and credentials is encrypted using TLS 1.2.
  • Access to the scripts within Dynatrace is only available to administrators.
  • Dynatrace is recommending to use dedicated test user accounts when creating new synthetic tests.
  • Further information:
    • https://www.dynatrace.com/support/help/shortlink/synthetic-hub
    • https://www.dynatrace.com/support/help/shortlink/browser-monitors-config
Comment
Maciej N.
Chad T.

People who like this

2 Show 0 · Share
10 |2000000 characters needed characters left characters exceeded
  • Viewable by all users
  • Viewable by moderators
  • Viewable by moderators and the original poster
  • Advanced visibility
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 10 attachments (including images) can be used with a maximum of 50.0 MiB each and 250.0 MiB total.

avatar image

Answer by Chad T. · Jan 17, 2020 at 03:28 PM

Credentials will now be saved in the Credential Vault

Comment
Chad T.
jose r.

People who like this

2 Show 0 · Share
10 |2000000 characters needed characters left characters exceeded
  • Viewable by all users
  • Viewable by moderators
  • Viewable by moderators and the original poster
  • Advanced visibility
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 10 attachments (including images) can be used with a maximum of 50.0 MiB each and 250.0 MiB total.

avatar image

Answer by Sebastian K. · Jan 25, 2020 at 06:51 AM

Here is Articles about credentials vault

https://www.dynatrace.com/news/blog/additional-security-for-synthetic-monitor-credentials-with-the-new-credential-vault/

Comment

People who like this

0 Show 0 · Share
10 |2000000 characters needed characters left characters exceeded
  • Viewable by all users
  • Viewable by moderators
  • Viewable by moderators and the original poster
  • Advanced visibility
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 10 attachments (including images) can be used with a maximum of 50.0 MiB each and 250.0 MiB total.

avatar image

Answer by Nandini B. · Apr 06, 2020 at 05:17 PM

See also https://www.dynatrace.com/support/help/shortlink/credential-vault

Comment

People who like this

0 Show 0 · Share
10 |2000000 characters needed characters left characters exceeded
  • Viewable by all users
  • Viewable by moderators
  • Viewable by moderators and the original poster
  • Advanced visibility
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 10 attachments (including images) can be used with a maximum of 50.0 MiB each and 250.0 MiB total.

How to get started

First steps in the forum
Read Community User Guide
Best practices of using forum

NAM 2019 SP5 is available


Check the RHEL support added in the latest NAM service pack.

Learn more

LIVE WEBINAR

"Performance Clinic - Monitoring as a Self Service with Dynatrace"


JANUARY 15, 3:00 PM GMT / 10:00 AM ET

Register here

Follow this Question

Answers Answers and Comments

30 People are following this question.

avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image

Related Questions

How to access Standard Login page when SSO fails?

Understanding about Outage

Path update JDK on Dynatrace Managed

Can we change minimal password length for all users? (Managed)

Getting Cluster ActiveGate download URL via API call

Forum Tags

mobile monitoring dotnet iis chat kubernetes servicenow amazon web services feedback mysql mainframe application rules rest api cassandra dashboard oneagent sdk cmc application monitoring openkit smartscape request attributes monitoring developer community user tagging log monitoring services ufo activegate auto-detection high five award webserver uem usql iib test automation license ios news migration management zones ibm mq web services notifications sso host monitoring knowledge sharing reports browser monitors java hybris sap vmware maintenance window user action naming javascript appmon ai availability tipstricks automation extensions diagnostic tools session replay permissions search davis assistant auto-update faq documentation problem detection http monitors easytravel apdex network docker tags and metadata cloud foundry google cloud platform synthetic monitoring process groups account usability dynatrace saas gui paas openshift key user actions administration production user actions postgresql synthetic locations upgrade oneagent security Dynatrace Managed user management python technologies mongodb openstack user session monitoring continuous delivery citrix configuration alerting performance monitoring NGINX action naming linux nam installation error reporting database mission control apache mobileapp RUM php azure purepath davis scripting aix nodejs android
  • Forums
  • Public Forums
    • Community Connect
    • Dynatrace
      • Dynatrace Open Q&A
    • Application Monitoring & UEM
      • AppMon & UEM Open Q&A
    • Network Application Monitoring
      • NAM Open Q&A