Dynatrace OneAgent is essentially a set of specialized processes that run on each monitored host. Dynatrace OneAgent collects metrics from the operating system it runs on and compares the metrics to baseline performance metrics. The most important metrics are then reported back to Dynatrace Server.
Additionally, Dynatrace OneAgent detects which processes run on each host and collects performance metrics for the most important processes. Dynatrace OneAgent can also monitor specific technologies (Java, Node.js, .NET, and more) in greater detail by injecting itself into those processes and monitoring their performance from within. This provides you with code-level insights into the services that your applications rely on.
Communication from Dynatrace OneAgent to Dynatrace Server is outbound only; Dynatrace Server never initiates communication with Dynatrace OneAgent. So there is no need to open ports for inbound communication when using Dynatrace. Dynatrace OneAgent can communicate directly to Dynatrace Server or it can communicate via a Dynatrace Security Gateway. Security Gateways allow you to limit the number of hosts in your data center that send outbound communications to Dynatrace Server, making firewall configuration more manageable in large environments. Security Gateways can additionally collect information from vCenter installations. Even without a Security Gateway however, all communication to Dynatrace Server is secured using strong encryption mechanisms.