cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Agentless Real User Monitoring for external and internal applications

gofman_anatoly
Contributor

Hello

First of all I am quite new with the Dynatrace so I apologize in advance if a question is misunderstood or strange.

We have Dynatrace managed including Cluster ActiveGate .

We monitor some external web and mobile applications that are reported to Dynatrace through public endpoint.

We received a request to monitor an internal application SAP Fiori. In the code snippet I provide to SAP team, a public endpoint name is listed and it doesn't pass Security Team verification.

I tried renaming public endpoint name to Dynatrace server name and we loaded the snippet into SAP Fiori. At the start dynatrace.js scipt sent request to the Dynatrace server as expected, but after that ruxit and all another requests addresses the public endpoint.

Is it supported? Am I doing something wrong? Is there another way to separate external and internal systems that are monitored using agentless RUM?

 

Thanks

Tolik.

3 REPLIES 3

Radoslaw_Szulgo
Dynatrace Guru
Dynatrace Guru

Why SAP team rejected public endpoint? What's missing there?


Anyway... you can try with workarounding that. Check: https://www.dynatrace.com/support/help/shortlink/agentless-rum#insertion-methods


You could modify "javascript tag" URL with your cluster nodes URL. See example below:

you could try with providing the :8443 cluster endpoint e.g.:

https://<you-cluster-url>:8443


So you can test the URL with e.g.:

https://<you-cluster-url>:8443/jstag/managed/d01dcab3-ff58-4263-b92f-a399999e0287/c952fe29f7e54277_bs.js




Senior Product Manager,
Dynatrace Managed expert

gofman_anatoly
Contributor

Hi Radoslaw

Thanks for your answer.


It rejected by Security team because of public endpoint have public IP that published to the internet and connections from internal sources to external IP will compromise network security.

(Clarification - public endpoint is NLB with external virtual IP).


I did all steps as described in the blog https://blogs.sap.com/2018/07/17/monitoring-a-fiori-launchpad-on-sap-cloud-portal-using-dynatrace./

and modified the code snippet JS file with cluster activegate name instead of endpoint name.

From Developer tools i see dynatrace.js request that goes to the cluster node, but ruxitagent.js goes to the public endpoint.


Regards

Anatoly.


@Anatoly G., out of security, does that also apply to outside communication through a proxy?

And did you solve this in the end?

Kind regards, Frans Stekelenburg                 Certified Dynatrace Associate | measure.works, Dynatrace Partner

Featured Posts