Could you provide the complete list of domain and IP of the access from Dynatrace managed server to the internet?
We need to put the domain and IP into the hosts file of Dynatrace managed server.
Since on the environment, the public DNS lookup is restricted. The customer said that it is not possible to allow public DNS access in this environment for the dynatrace managed trial.
If I am not wrong you are asking about the Outbound communication to Dynatrace Mission Control.
Below is the documented information.
https://mcsvc.dynatrace.comand IP addresses:
184.108.40.206) via HTTPS (
port 443) for license validation, health monitoring, and automatic updates. Communication between Dynatrace Managed clusters and Mission Control is based on TLS v1.2.
220.127.116.11) via HTTPS (
Review the below link for more insight.
In our case, we need to use hosts file to resolve domain name.
And hosts file requires complete domain and IP list without "*".
We need to know about the domains included in the *.live.dynatrace.com.
In addition, we see "opcsvc.ruxit.com" in the install log of dynatrace managed server.
This domain is not documented.
So we want to know complete domain and IP list in that sense.
Could someone provide that?
Here is the install log of dynarace managed server.
2018-04-26 06:11:40 UTC Checking connection to Mission Control ..
2018-04-26 06:11:40 UTC Looking for system HTTPS proxy ...
2018-04-26 06:11:40 UTC Looking for system HTTPS proxy ... failed, no proxy found
2018-04-26 06:11:40 UTC Testing connection to Dynatrace Mission Control https://mcsvc.dynatrace.com:443 ...
2018-04-26 06:11:41 UTC Testing connection to Dynatrace Mission Control https://opcsvc.ruxit.com:443 ...
2018-04-26 06:11:41 UTC Testing connection to Dynatrace Mission Control ... failed, with error: ('Connection aborted.', gaierror(-2, 'Name or service not known'))
opcsvc.ruxit.com is pointing to mcsvc.dynatrace.com (think of it as an DNS alias). If you are setting proxy restriction rules (e.g. based on FQDN), you should include both host names. If you are setting firewall rules (e.g. based on IP addresses), you should include just the IPs @Babar Q. mentioned.
For the health monitoring (the *.live.dynatrace.com) it will probably depend on your installation as this is dynamically assigned during install. However, you can skip the health monitoring and run the cluster without it if you have to.
@Prashant S. I have no idea, you will have to ask someone from Dynatrace. Actually I think just the regular things that are monitored with oneagent are collected with this agent. But this agent on Dynatrace Managed Cluster Node is connected to environment owned and managed by Dynatrace. I believe it just collects performance data about server's OS and processes and they are probably used by Dynatrace DevOps team when investigating issues (support tickets).
Thank you all.
I tried the installation of Dynatrace Managed in the environment where DNS cannot be used. The installation was successful with only the following hosts record.
At that time, I saw OneAgent installation was skipped.
Verifying disk space ... OK
Testing connection to Dynatrace Mission Control ... OK
Verifying system connectivity ... OK
Preparing system user for Dynatrace ... OK
Initializing installation ... OK
Checking user permissions ... OK
Downloading Dynatrace OneAgent. This may take a few minutes ... skipped
Installing system access tool ... OK
Installing. This may take a few minutes ... OK
Preparing connectivity settings ... OK
Setting up cluster configuration. This may take a few minutes ... OK
Starting Dynatrace. This may take a few minutes ... OK
Configuring Dynatrace. This may take a few minutes ... OK
Installation completed successfully.
Exit code: 0