Session encryption

Use file system or drive-level encryption for your session data if you need to protect them.

Additionally, you can hide strings in PurePaths that should be kept confidential when the data is captured.

Encryption options on OSes

OSes are different in what they offer regarding file-system-level encryption of your session data. As session data are quite large with high write rates it may be worthwhile to consider native encryption at the drive level (hardware permitting).

Windows

Windows (Ultimate, Enterprise, Server 2008 and up) BitLocker is an option. It needs a TPM though.

TrueCrypt was declared insecure by the developers themselves.

Linux

The dm-crypt subsystem is an option on Linux.

It's assumed that you have a partition available which can be completely erased. This example uses /dev/sdb1 as the identifier.

Make sure you have dm-crypt available in your kernel, then install cryptsetup:

sudo apt-get install cryptsetup

Prepare your partition encryption:

sudo cryptsetup create -y dtsession /dev/sdb1

By confirming your passphrase twice you've completed setting up the partition-encryption. The next step is to create a file system. This example uses ext4, but others should do as well:

sudo mkfs.ext4 /dev/mapper/dtsession

This takes a while, depending on how much space is available on the drive. Now the mountpoint has to be created and the partition has to be mounted:

sudo mkdir /mnt/dtsession
sudo mount /dev/mapper/dtsession /mnt/dtsession
sudo chown -R USER:<UserAccountDynatraceServerIsRunningUnder> /mnt/dtsession

Finally the AppMon Server must be configured to use the newly created session storage. In the AppMon Client, select Settings > Dynatrace Server > Storage vertical tab and put the path in the Stored Sessions Directory field (in this example: /mnt/dtsession/sessions/stored). You must restart the AppMon Server to use the new storage location.

Amazon EC2

Encryption can be enabled when creating a new EBS volume. In the AppMon Client, select Settings > Dynatrace Server > Storage vertical tab and put the EBS path in the Stored Sessions Directory field.