Firewall constraints for UEM

UEM uses some HTTP technologies to send performance data from the browser to the AppMon Server. To do this, JavaScript Agent code injects into your HTML pages. This code communicates with the web server or Java Agents, which forward collected data to the AppMon Server. To fully enable UEM, however, you must verify that your firewalls, proxies, and web servers are configured properly.

HTTP requests

To function fully, the web server or Java Agents must recognize the following requests of a browser and deliver them to the browser.

  • dtagent_xxx.js is the JavaScript Agent. Typically, this is from the absolute root directory (the code inserted is <script href="/dtagent_xxx.js" />). You can configure it in the User Experience section of the System Profile dialog box. Use an absolute URL, if possible, because browser or any proxy servers should cache this file.
  • dynaTraceMonitor is the monitor signal the JavaScript Agent sends back to the server. This is sent relative to the current page. You can configure it in the User Experience section of the System Profile dialog box. This setting also dictates where the image requests (dtbwimg_x.jpg) used for bandwidth detection should go. The monitor uses the following query parameters: app, flavor, format, referer, session, srvid, type, visitID, size, zip, va

HTTP headers

The User Experience sensor uses the following HTTP headers:

  • rproxy_remote_addressTrue-Client-IP, X-Client-Ipx-forwarded-forx-http-client-ip (in this order): Determine the IP of the client (also for geo-locating). If none of these headers is set, AppMon uses the remote peer's IP address.
  • X-Forwarded-Host, X-Host, and Host: Determine the page host domain (also for application autodetection).
  • x-dtreferer: In some cases the JavaScript Agent has to set this header, which is used on the Web Server or Java Agents instead of the referrer header.
  • x-dtPC: In case of parallel XHR requests the JavaScript Agent has to set this header, which is used by the correlation to link web requests correctly to user actions.
  • x-dtinit: Coordinates UEM session id generation between Agents.
  • X-dynaTrace-Application: A proxyable Agent (i.e. Apache, NGINX) adds this header. Contains the ID of the RUM application.
  • X-dynaTrace-RequestState: Tracks subpath tree depth.
  • X-dynatrace-Origin-URL: Preserves the "original" request URL in case of URL rewrites.
  • X-OneAgent-JS-Injection: Whenever the injection of the JavaScript Agent tag was successful, this header is added to the HTTP response.
  • x-dtHealthCheck: Contains the result of the UEM Health Check, if the health check is enabled via User-Agent.
    A page has to be requested with the dtHealthCheck User-Agent. The Agent adds this header, which contains potential reasons why there is, or might be, a problem with injecting the JavaScript Agent tag.
  • x-dtAgentId: If the UEM Health Check is enabled, any involved Agent adds its ID to this response header.
  • x-dtInjectedServlet: UEM Health check adds this header. It contains the fully qualified name of the injected servlet or filter (if specific injection is set).

The Mobile Agent uses the following HTTP headers:

  • x-dynatrace: The Mobile Agent sets this header which is used by the correlation to link web requests correctly to user actions.

Cookies

The JavaScript Agent and the Web Server and Java Agents use the following cookies:

  • dtCookie: Session cookie used to identify user sessions. This cookie is valid as long as the browser process is running. Do not confuse this with HTTP-sessions of web applications or visits. Both usually have timeouts.
  • dtPC: Page context cookie used to link web requests to user actions.
  • dtLatC: Latency of monitor signals.
  • dtSA: Source action cookie. On browsers that do not support sessionStorage.

The Mobile Agent uses the following cookies:

  • dtAdk: Identifies hybrid app user sessions and merges the hybrid and native part into the same session.
  • dtAdkTag: Used by the correlation to link web requests from a hybrid application's web view to user actions.

Troubleshooting

Use UEM Health Check to detect firewall issues and communication between the injected JavaScript Agent and the AppMon Server. See UEM Health Check for more information.