Ruxit domain discontinuation

Dynatrace will update internal communication endpoints after June 30, 2021.

The domain used for internal communication by ActiveGates and OneAgents that send data to Dynatrace SaaS will be changed from *.live.ruxit.com to *.live.dynatrace.com.

Who does this affect?

In a typical scenario, this change will be completely transparent and no manual action is required.

  • The addresses are used only internally by ActiveGates and OneAgents
  • The change will happen automatically
  • There will be no changes to underlying IP addresses

This change might affect Dynatrace SaaS customers if one of the following is true:

  • Domain allowlisting is enabled on outbound proxy
  • AWS PrivateLink is used to connect OneAgents to Dynatrace

If you use domain allowlisting on outbound proxies, or AWS PrivateLink to connect your OneAgents to Dynatrace:

  • Action may be required by June 30, 2021 at the latest
  • Share the information below with the customer.

You proxy or firewall outbound traffic

If you use domain allowlisting on your proxy, adjust your configuration.

If you limit your outbound traffic on your proxy or firewall to only allowlisted domains, most likely you have rules that would permit connections to:

  • Addresses matching *.live.ruxit.com or sg-*.live.ruxit.com
  • Specific domain names. Example: sg-us-east-X-XX-XXX-XXX-XXX-yyyyXX-virginia.live.ruxit.com
  • The address of your Dynatrace environment. Example: <environment_id>.live.dynatrace.com

Ruxit domain change diagram

If you have such rules in place, make sure to also permit domains with the suffix live.dynatrace.com.

Frequently asked questions

What happens if I don’t update my allowlisting rules to permit live.dynatrace.com?

Starting June 30, 2021, OneAgents and ActiveGates will no longer be able to connect to the Dynatrace direct public endpoints. They will switch to your environment domain (<environment_id>.live.dynatrace.com) as a fallback. They will still periodically test the connectivity to more direct endpoints, which may result in error entries in log files of OneAgent, ActiveGate, and possibly your proxy server.

In the unlikely event that your <environment_id>.live.dynatrace.com domain is blocked as well, you may be completely disconnected from Dynatrace service until your proxy configuration is corrected.

For the operation of Dynatrace, there must be connectivity to at least the environment domain. Many Dynatrace services rely on connectivity to the environment domain.

When should I update my allowlisting rules to also permit live.dynatrace.com?

You should update your allowlisting rules at the soonest. You don’t have to wait for the switch to happen. Make sure you still leave live.ruxit.com allowlisting until June 30, 2021.

What should I do if I connect with AWS PrivateLink?

Adjust your configuration. If you use AWS PrivateLink to connect your OneAgent traffic to Dynatrace, you most likely have a DNS override for *.live.ruxit.com domains.

Make sure you also have a domain override for your environment domain: <environment_id>.live.dynatrace.com

For details on how to configure the override, see AWS PrivateLink.

What happens if I don’t update my AWS PrivateLink configuration?

Starting with June 30, 2021, all OneAgents will stop using PrivateLink due to the domain change. OneAgents may be able to connect to Dynatrace via the internet, but will not use PrivateLink. Depending on your network configuration, this could also result in OneAgents not being able to communicate with Dynatrace at all.

Adding the required DNS override will allow OneAgents to report to Dynatrace via PrivateLink.

When should I update my AWS PrivateLink configuration?

You can update your PrivateLink configuration at the soonest. You don’t have to wait for the switch to happen. Make sure to leave live.ruxit.com override until June 30, 2021.

What if I am still not sure if I need to take action?

Verify the connection. If you are uncertain whether this change could affect you, you can test the connectivity from your hosts currently connecting to Dynatrace.

Verify connectivity for your environment domain:

curl –Is https://<environment_id>.live.dynatrace.com/communication`

You should get a response similar to this:

HTTP/1.1 204 No Content

If this domain is not reachable for any of your environments, please adjust your proxy configuration.

You then should also test connectivity to the more direct endpoints used internally, such as:

curl -Is https://sg-us-east-X-XX-XXX-XXX-XXX-yyyXX-virginia.live.dynatrace.com/communication

If the connection is failing, please review your configuration. It may be blocked by a proxy.

You may need to use the URL that is used by your environment instead of the URL in the example above. The list of communication endpoints can be found in the ActiveGate configuration file cluster.properties. For more information regarding ActiveGate configuration files, see ActiveGate directories.