Cluster remote access

Dynatrace ONE can assist you remotely with Dynatrace Managed cluster upgrades and troubleshooting when you run into problems. To make this happen, a Dynatrace ONE product specialist must have permission to remotely access your Dynatrace Managed cluster. You can configure remote access permissions for your Managed cluster to authorize Dynatrace ONE to provide you with updates and pro-active support.

Admin required

You must have cluster administrator privileges to access Cluster Management Console.

To configure the level of permissions within your cluster, go to Cluster Management Console (CMC) and navigate to Home > Settings > Remote access permissions.

On this page, you can allow the Dynatrace ONE team remote access to your cluster. If this setting is enabled and events are detected, the Dynatrace ONE team can remotely adjust your cluster settings to ensure optimum performance and stability.

Security

All communication with Mission Control is secure and performed via HTTPS with browser-like certificate checks. All Dynatrace Managed configuration changes are fully audit-logged and each remote access is logged as a separate event (click the Events section on the CMC home page to view the list of recorded events). The Mission Control team can't access certificates or user credentials. They also can't gain root access to any servers.

Once Dynatrace support remote access is enabled, you can set the scope of remote access permissions for Dynatrace ONE to one of the following scopes:

  • All
    The entire Dynatrace ONE team of experts can access your cluster to provide you with the full power of pro-active support and optimize your cluster settings.

  • Read-only access to all
    The entire Dynatrace ONE team of experts can access your cluster but they can't edit any cluster settings. This option significantly limits the level of pro-active support. Dynatrace ONE will contact you to make required changes if necessary.

  • Approved
    Only approved Dynatrace ONE team members can access your cluster. Your cluster administrators will receive an email notification about pending remote access requests. The cluster administrator has to approve each request to grant permissions. You can adjust the duration and role you grant. You can also grant permissions to known Dynatrace ONE team members up front.

    This scope gives you maximum control over who can access your cluster but it significantly impacts the Dynatrace ONE team's ability to provide you with pro-active support.

    After you select the Approved scope, save changes before creating remote access permissions. Enter the username, duration, role, and reason for the remote-access permissions. You can assign one of the following roles for a remote-access user:

    • Viewer
      User can't execute any diagnostic modifications in the system.
    • User
      User can't change any configuration, download OneAgents1, view log content from monitored hosts2, capture request data3, or perform advanced diagnostic operations such as services restart.
    • Admin
      User has all permissions but can't view sensitive request data.4

1 Download OneAgents—OneAgents, ActiveGates, SDKs

2 View log content—Access to log monitoring that shows logs of customer applications. Logs may have sensitive information, therefore not all users will have access to log analytics.

3 Capture request data—This permission allows the user to configure request data capture rules. These can be used to capture things like HTTP Header or POST parameters in requests to be stored, filtered, and searched for within Dynatrace.

4 View sensitive request data—This permission enables the user to see potentially sensitive data like previously captured HTTP Headers, method arguments, or even literals in database statement parameters.

API

You can also use the Remote Access REST API to adjust settings and remote-access permissions. For details, see Dynatrace Cluster API.