Can I use a proxy for internet access?

Dynatrace Managed Documentation

This page will soon be available only on the dedicated Dynatrace Managed Documentation site. Update your bookmarks.

You need to configure an internet connection to:

Receive updates from Mission Control
Send health checks and license utilization data to Mission Control
Receive external problem notification services through such tools as as ServiceNow, Jira, and webhooks

You can configure a proxy connection:

During Dynatrace Managed installation
Using the Cluster Management Console (CMC)
Using REST API, see Set or update cluster proxy configuration

Using Dynatrace Managed installer

You can use command-line parameters during Dynatrace Managed installation. Use the following parameters to set up a proxy connection to Dynatrace Mission Control:

--network-proxy
If your machine uses a network proxy to connect to the Internet, put the address here in the following format: protocol://[user:password@]server-address:port. The default value is none.

--network-proxy-cert-file If your machine uses a network HTTPS proxy with a self-signed certificate, you have to extend the trusted certificates store. The full path to a public SSL certificate file in PEM format should follow that parameter.

Using Cluster Management Console

In the Cluster Management Console (CMC):

In the Dynatrace menu, go to Settings > Internet proxy and edit Proxy configuration for a particular data center.
Select Connect via proxy and enter proxy server details:
- Scheme
- Proxy address and Port
- Username and Password if anonymous access isn't possible.

Excluding hosts from proxy

You can exclude hosts from using the proxy. This is useful, for example, when you have configured problem integrations via webhooks with software residing in the internal network. Use a wildcard (*) at the beginning or at the end of each host entry to include all URLs within a defined host domain.

Using REST API

You can also use the Internet Proxy REST API (Cluster Management Console REST API) in single clusters for regular and premium high availability deployments to adjust the internet proxy configuration. For details, see Set or update cluster proxy configuration

Frequently asked questions

Can I use a transparent proxy?

Yes, Dynatrace supports transparent proxy configuration.

A transparent proxy (also known as an intercepting proxy, in-line proxy, or forced proxy), can route and intercept Dynatrace cluster communication to Mission Control. A transparent proxy is normally located between the Dynatrace Managed cluster and Mission Control (Internet). By using a transparent proxy, you can additionally audit and inspect all communication payloads (see data exchanged with Mission Control).

Dynatrace need not be aware of the existence of the proxy. Dynatrace Managed has to be configured to trust a root certificate whose private key is known to the proxy. In such situations, proxy analysis of the contents of an SSL/TLS transaction becomes possible. The proxy is effectively operating a man-in-the-middle attack, allowed by Dynatrace's trust of a root certificate the proxy owns.

How to update SSL certificate?

You can use command-line parameters for the Dynatrace Managed reconfiguration script:

<PRODUCT_PATH>/installer/reconfigure.sh --update-cert --network-proxy-cert-file <proxy_cert_file>