A basic means for authentication in AppMon Server-Collector-communication is provided by authentication-strings.
If enabled, the Collector sends an MD5 hash of a configured authentication-string to the Server, which checks whether its own configured authentication-string matches.
Communication that is not encrypted can be easily captured using a man-in-the-middle attack, so it is advisable to use this feature in combination with encryption / SSL.
For the Server-side, the authentication-string is configured using the
collectorauthstringattribute in the corresponding
/dynatrace/serverconfig/settings/collector/@collectorauthstring. Add the plain-text password here and ensure this file cannot be read by unauthorized personnel.
For the Collector-side (
authstringattribute in the
<collectorconfig>element must contain the same plain-text password (XPath:
/dynatrace/collectorconfig/@authstring). Again, ensure that this file cannot be read by unauthorized personnel.
The following XML fragments illustrate how to configure an authentication-string between the Collector and Server.
- AppMon Server configuration file:
<dynatrace ...> ... <settings> <collector ... collectorauthstring="abc" ... /> ... </settings> ... </dynatrace>
- AppMon Collector configuration file:
<dynatrace ...> <collectorconfig .... authstring="abc"... > ... </dynatrace>