You need to configure an internet connection to:
You can configure a proxy connection:
For more information on each approach, see below.
You can use command-line parameters during Dynatrace Managed installation. Use the following parameters to set up a proxy connection to Dynatrace Mission Control:
--network-proxy
If your machine uses a network proxy to connect to the Internet, put the address here in the following format: protocol://[user:password@]server-address:port. The default value is none.
--network-proxy-cert-file
If your machine uses a network HTTPS proxy with a self-signed certificate, you have to extend the trusted certificates store. The full path to a public SSL certificate file in PEM format should follow that parameter.
In the Cluster Management Console (CMC):
Go to Settings > Internet proxy and edit Proxy configuration for a particular data center.
Select Connect via proxy and enter proxy server details:
You can exclude hosts from using the proxy. This is useful, for example, when you have configured problem integrations via webhooks with software residing in the internal network. Use a wildcard (*) at the beginning or at the end of each host entry to include all URLs within a defined host domain.
You can also use the Internet Proxy REST API (Cluster Management Console REST API) in single clusters for regular and premium high-availability deployments to adjust the internet proxy configuration.
For details, see Set or update cluster proxy configuration.
Yes, Dynatrace supports transparent proxy configuration.
A transparent proxy (also known as an intercepting proxy, in-line proxy, or forced proxy), can route and intercept Dynatrace cluster communication to Mission Control. A transparent proxy is normally located between the Dynatrace Managed cluster and Mission Control (Internet). By using a transparent proxy, you can additionally audit and inspect all communication payloads (see data exchanged with Mission Control).
Dynatrace need not be aware of the existence of the proxy. Dynatrace Managed has to be configured to trust a root certificate whose private key is known to the proxy. In such situations, proxy analysis of the contents of an SSL/TLS transaction becomes possible. The proxy is effectively operating a man-in-the-middle attack, allowed by Dynatrace's trust of a root certificate the proxy owns.
You can use command-line parameters for the Dynatrace Managed reconfiguration script:
<PRODUCT_PATH>/installer/reconfigure.sh --update-cert --network-proxy-cert-file <proxy_cert_file>
Dynatrace Managed version 1.288+
Enabling the NTLMv2 authentication protocol can enhance security by:
To enable NTLMv2 support for your proxy settings, first complete the two-step process below for each cluster node.
Adjust the custom.settings file with the changes below:
<server/conf/config.properties>[settings]use-ntlm-auth-scheme = true<nodekeeper/conf/config.properties>[settings]use-ntlm-auth-scheme = true
After you have completed the procedure above for each cluster node, configure your proxy connection as described on this page. For your username, use NT credentials in the format <Primary domain>\<account> (for example, Microsoft\john.smith).