22 Nov 2018 08:24 AM
Hi there,
Let me ask you a question about SaaS tenant IP.
Is there a possibility that the IP address of the Dynatrace SaaS tenant you are using will be changed?
Solved! Go to Solution.
03 Dec 2018 08:05 AM - last edited on 16 Oct 2023 03:53 PM by random_user
Hi @Hiroshi K.
I believe the IP will change at some point, since it is hosted in AWS. I'm basing this on what I've seen for my own host in AWS. It shouldn't matter though, since the URL you're using to access your tenant, will remain the same. In fact, your tenant URL resolves to one of the availability zones in AWS, which in turn resolves to a list of IP's.
Is there a reason you're asking about the IP change i.e. firewall rules on your end?
EDIT: turns out SaaS tenants are spun up with a static IP - in case anyone else reads this thread, see here: https://community.dynatrace.com/spaces/148/uem-open-q-a_2/questions/137428/dynatrace-saas-and-static...
04 Dec 2018 12:48 AM
Hi @Andre V.
Thank you very much for your reply and information.
> Is there a reason you're asking about the IP change i.e. firewall rules on your end?
Exactly! I care about the firewall configuration(443 port communication) affecting tenant IP change.
Could I ask you a little more?
If the SaaS tenant IP changes, can my customer know about that in advance?
If the answer to the question is "No", my customers will not be able to connect to Dynatrace SaaS if the tenant IP changes.( by the effect of the firewall)
Is my understanding correct?
04 Dec 2018 09:45 PM - last edited on 24 Mar 2021 01:07 PM by MaciejNeumann
Normally our clients do not worry about this, since internal users access their tenant on a standard https connection (port 443), which is the same as for many banking and other sites. These sites are accessed via the corporate proxy, which allows outgoing traffic on port 443 - nothing out of the ordinary there. The only time I see this as a potential problem, is when you have an ActiveGate which needs to connect to the tenant; if the firewall rules for the ActiveGate connection to the tenant are set up very strict, an IP change will cause communication breakdown, yes.
As far as I know, you can contact Dynatrace for a list of IP's to include. I would ask them at that time, how you'd handle any changes to IP's, should they occur.
PS: if you do a nslookup on your tenant FQDN i.e. {tenantname}.live.dynatrace.com, using 'type=a' (on a Windows host, might be different option on Linux), then it should list the IP's for your tenant...but you probably know this already? 😉
07 Dec 2018 01:47 AM - last edited on 24 Mar 2021 01:08 PM by MaciejNeumann
Hi @andre V.
Thank you very much for your reply.
> As far as I know, you can contact Dynatrace for a list of IP's to include. I would ask them at that time, how you'd handle any changes to IP's, should they occur.
OK. I understood.
I really appreciate your advice!!