Dynatrace Managed feature update, Version 136

Session stickiness reduces unnecessary re-logins

Some customers working within multi-node clusters have been unexpectedly logged out of the Dynatrace Managed Cluster Management Console (CMC) or their Dynatrace Managed environments. In response, we now synchronize user sessions between cluster nodes (and by extension varying IP addresses) using nginx. We now bundle nginx as part of the Dynatrace Managed installation package for all supported platforms.

Session stickiness avoids re-login when new IP addresses are detected by the browser when a cluster is accessed using its domain name. Nginx is configured to listen to port 443 and forward traffic to server nodes accordingly. Nginx remains intact during cluster updates and displays a maintenance page following each update. If a node must be added or removed, or in the event that an SSL certificate must be updated, the load balancer updates the configuration automatically.

Session stickiness is currently only available to customers via our Early Access Program (EAP). If you want to have this feature enabled in your Dynatrace Managed cluster, please contact Dynatrace Sales. We’ll be happy to work with you on this.

Also in this Release

  • Dynatrace Managed provides a local admin user account that can’t be disabled, even when LDAP is used for authentication. The existence of this admin account poses a security concern as this user account can’t be configured to use company-compliant password policies. For these reasons, we now allow you to remove the admin user from Dynatrace Managed.
  • The paid tier of Log Analytics isn’t dependent on retention period, but rather on quota. Existing Managed environments had a default retention period set to 0 days. The default retention period is now 30 days. Retention periods can now be set to values between 5 and 90.
  • Our PaaS installer now contains the binaries for musl-libc based 32 and 64 bit Alpine Linux containers.
  • We added an installer parameter (--els-datastore-dir) to allow for a custom path to Elasticsearch storage. See Dynatrace Help for details on this.
  • The grace period for cluster reconnection following a cluster losing its connection to Mission Control has been extended from 7 to 14 days.
  • Due to garbage collection suspension, we’ve increased the Cassandra heap size to 25% of overall heap size.
  • For new installations, we’ve cleaned up the number of ports that are automatically configured to be accessible in Managed firewalls: 8020 and 9998 are now only accessible for cluster nodes. Existing Managed installations remain unchanged to support HTTP, but they can be reconfigured. For details, please refer to our documentation on server ports and Security Gateway ports.
  • In the new version we’ve created a separate audit log file with user logins and logouts that contain, among others, tenant ID, username, and session ID. The file called audit.user.00.log is located in the Dynatrace Managed server log directory of each cluster node. For example, 2018-01-10 11:42:12 UTC WebUI Login [TENANTID]: user: USERNAME, roles: [USER ROLES], session: SESSIONID, clientIp: CLIENTIP

Other new features

Additionally, all new features introduced with Dynatrace SaaS Version 135 and Version 136 are now also supported by Dynatrace Managed.