29 Jan 2021 02:25 AM - last edited on 31 Aug 2022 02:57 AM by Ana_Kuzmenchuk
Network security team is pretty paranoid around these days after the Solarwinds hack, and they are checking every little detail. They are watching the processes and ports of nodes and agent hosts to see what is coming through. They asked me 2 questions, and it would be great help to ease the concerns of theirs.
1) Do we need to open port 443 bi-directionally between Agent Hosts <-> Managed Node? I always thought we have to, but in the documentation, the arrows only show one way, and the security team can't see any data that is flowing from Node to Agents.
I guess the Node has to send OneAgent update to the related hosts or configuration data at some point, so eventually it will talk back? I am a little confused.
2) They've discovered Oneagentwatchdog.exe’ is listening to 50000, 50001, 50002 ports. We wonder what this process actually does?
Solved! Go to Solution.
1) The communication is unidirectional, only the agent sends data to the managed node.
2) The Watchdog makes sure all OneAgents processes (os agent, plugin engine,...) are running and (re)starts them if needed.
Thanks Patrick for the clarification, but how does OneAgent updates are sent to the hosts then? This part is a little fuzzy to me.
The oneagent checks if updates are available, in case they are the agent gets them as the response to his request.
The Solarwinds hack was a wakeup call for a lot of people. Fortunately for us, Dynatrace users, there are a lot of protections in place, as can be seen in the blog post below. Working in the security domain myself, this has been one of the few companies coming forward with their inside security culture & practices: