18 Aug 2020 08:53 AM - last edited on 26 Apr 2021 12:56 PM by MaciejNeumann
Hello
First of all I am quite new with the Dynatrace so I apologize in advance if a question is misunderstood or strange.
We have Dynatrace managed including Cluster ActiveGate .
We monitor some external web and mobile applications that are reported to Dynatrace through public endpoint.
We received a request to monitor an internal application SAP Fiori. In the code snippet I provide to SAP team, a public endpoint name is listed and it doesn't pass Security Team verification.
I tried renaming public endpoint name to Dynatrace server name and we loaded the snippet into SAP Fiori. At the start dynatrace.js scipt sent request to the Dynatrace server as expected, but after that ruxit and all another requests addresses the public endpoint.
Is it supported? Am I doing something wrong? Is there another way to separate external and internal systems that are monitored using agentless RUM?
Thanks
Tolik.
Solved! Go to Solution.
18 Aug 2020 10:23 AM
Why SAP team rejected public endpoint? What's missing there?
Anyway... you can try with workarounding that. Check: https://www.dynatrace.com/support/help/shortlink/agentless-rum#insertion-methods
You could modify "javascript tag" URL with your cluster nodes URL. See example below:
you could try with providing the :8443 cluster endpoint e.g.:
https://<you-cluster-url>:8443
So you can test the URL with e.g.:
https://<you-cluster-url>:8443/jstag/managed/d01dcab3-ff58-4263-b92f-a399999e0287/c952fe29f7e54277_bs.js
19 Aug 2020 07:20 AM
Hi Radoslaw
Thanks for your answer.
It rejected by Security team because of public endpoint have public IP that published to the internet and connections from internal sources to external IP will compromise network security.
(Clarification - public endpoint is NLB with external virtual IP).
I did all steps as described in the blog https://blogs.sap.com/2018/07/17/monitoring-a-fiori-launchpad-on-sap-cloud-portal-using-dynatrace./
and modified the code snippet JS file with cluster activegate name instead of endpoint name.
From Developer tools i see dynatrace.js request that goes to the cluster node, but ruxitagent.js goes to the public endpoint.
Regards
Anatoly.
17 Nov 2020 09:17 AM
@Anatoly G., out of security, does that also apply to outside communication through a proxy?
And did you solve this in the end?