You need to configure an internet connection to enable Mission Control proactive support and receive updates from Mission Control. An internet connection is also required to receive external problem notification services via tools such as ServiceNow, Jira, and webhooks.
The following authentication protocols are available:
You can configure a proxy connection for your Managed cluster in three different ways.
Use the following command-line parameters to set up a proxy connection to Mission Control during the Managed installation:
--network-proxy
If your machine uses a network proxy to connect to the internet, enter the address in the following format:
protocol://[user:password@]server-address:port
The default value is none.
--network-proxy-cert-file
If your machine uses a network HTTPS proxy with a self-signed certificate, you have to extend the trusted certificates store. The full path to a public SSL certificate file in PEM format should follow that parameter.
In the Cluster Management Console:
Go to Settings > Internet proxy and edit Proxy configuration for a particular data center.
Select Connect via proxy and enter proxy server details:
You can exclude hosts from using the proxy. This is useful, for example, when you have configured problem integrations via webhooks with software residing in the internal network. Use a wildcard (*) at the beginning or at the end of each host entry to include all URLs within a defined host domain.
Use the Cluster API to set or update the internet proxy configuration of your Managed cluster.
For details, see Set or update cluster proxy configuration.
Yes, Dynatrace supports transparent proxy configuration.
A transparent proxy (also known as an intercepting proxy, in-line proxy, or forced proxy), can route and intercept Managed cluster communication to Mission Control. A transparent proxy is normally located between the Managed cluster and Mission Control (Internet). By using a transparent proxy, you can additionally audit and inspect all communication payloads.
Dynatrace need not be aware of the existence of the proxy. Dynatrace Managed has to be configured to trust a root certificate whose private key is known to the proxy. In such situations, proxy analysis of the contents of an SSL/TLS transaction becomes possible. The proxy is effectively operating a man-in-the-middle attack, allowed by Dynatrace's trust of a root certificate the proxy owns.
Use the command-line parameters of the reconfiguration script which you can find under this path:
/opt/dynatrace-managed/installer/reconfigure.sh --update-cert --network-proxy-cert-file <proxy_cert_file>