cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Does port 8443 needed in-between Managed Nodess in a Cluster?

waikeat_chan
DynaMight Pro
DynaMight Pro

From what I read in the documentation, the ports 8443 should be meant for communication in-between:

1. AG and Managed Nodes

2. OA and Managed Nodes


but it isn't meant for communication in-between Managed Nodess in a Managed Cluster right?



Best Regards,

Wai Keat


4 REPLIES 4

Babar_Qayyum
DynaMight Leader
DynaMight Leader

Hello @Wai Keat C.

8443 for Managed versions earlier than 1.166

Dynatrace environments with a cluster version earlier than 1.166 use port 8443. New Dynatrace environments still use port 8443, but this port doesn't need to be exposed to the outside of the cluster nodes. Upgraded Dynatrace environments preserve port settings from the previous version. As a result, it is possible to have an upgraded Dynatrace environment that still uses port 8443.

Regards,

Babar


sebastian_kryst
DynaMight Leader
DynaMight Leader

If you have HA architecture, and you are asking about communication between Dynatrace colusters, than no, this port does not have to be open. In other cases, look on Babar's answer.

Sebastian


Julius_Loman
DynaMight Guru
DynaMight Guru

I'm not absolutely sure here, but I think the communication port (443 or 8443 by default depending on the version and configuration) it is used at least while deploying a new node (seed process). I think you should have the communication port open while adding the cluster node. Adding a new node configures firewall rules at the added node as well at the existing nodes.

I would not recommend to play with the firewall rules at the cluster node unless necessary and only if you really know what you are doing.

I would really recommend having the 443/8443 port opened globally.


TEMPEST a.s., Slovakia, Dynatrace Master Partner

Malaik
Helper

Hi All

I have the same question:


What is the impact of closing this port ? knowing that we install Dynatrace recently and get a message from Security team

We performed VA rescan for the Dynatrace servers, still the port was open ,still the vulnerability” Multiple Cross-Site Scripting Vulnerabilities Detected” detected.


Please advise.

cid:image002.jpg@01D6D39A.EA2BC650

Thanks & Regards,

Sharing Knowledge