https://www.dynatrace.com/support/help/ Fri, 18 Oct 2019 07:17:18 +0200 Wed, 08 May 2019 08:26:03 +0200 Metalsmith v2.3.0 <p>Both standalone Dynatrace Servers and Dynatrace Managed clusters require several network ports to operate, serve pages, and accept monitoring data.</p> <p>Be sure to configure your network and firewall so that these ports are accessible. Note that ports should be opened for bi-directional communication.</p> <div class="callout"> <p>Ports <code>443</code> (and <code>8443</code> for Managed versions earlier than 1.166) must remain open to allow incoming traffic from your data center.</p> </div> <table> <thead> <tr> <th>Port</th> <th>Used by</th> <th>Notes</th> </tr> </thead> <tbody> <tr> <td><code>443</code></td> <td>Dynatrace Managed UI, OneAgent and REST API</td> <td>Routed to local port <code>8022</code> using an iptables&apos; prerouting rule. This port must remain open. All Dynatrace communication to Dynatrace Server (including OneAgent traffic since version 1.166) is handled over secure socket HTTPS communication (port 443) with strong cryptography to guarantee your data privacy.</td> </tr> <tr> <td><code>8443</code> ¹</td> <td>Monitoring data from Dynatrace OneAgent</td> <td>Dynatrace OneAgent only sends data outbound to Dynatrace Server&#x2014;it doesn&apos;t open a listening port. Each monitored machine with Dynatrace OneAgent installed on it must access this port. This port must remain open.</td> </tr> <tr> <td><code>8018</code></td> <td>Nodekeeper</td> <td>This port can be closed to traffic coming from outside the Dynatrace cluster. If you&apos;re running a Dynatrace Managed cluster, only your cluster nodes need access to this port.</td> </tr> <tr> <td><code>8019</code></td> <td>Upgrade UI</td> <td>This port can be closed to traffic coming from outside the Dynatrace cluster. If you&apos;re running a Dynatrace Managed cluster, only your cluster nodes need access to this port.</td> </tr> <tr> <td><code>8020</code>, <code>8021</code></td> <td>Dynatrace Managed UI and REST API</td> <td>These ports can be closed to traffic coming from outside the Dynatrace cluster. If you&apos;re running a Dynatrace Managed cluster, only your cluster nodes need access to these ports.</td> </tr> <tr> <td><code>8022</code></td> <td>Dynatrace Managed UI and REST API (NGINX)</td> <td>Port 8022 can be closed to traffic coming from outside the Dynatrace cluster. This port can be used as an equivalent to 443 if usage of a non-privileged port is required.</td> </tr> <tr> <td><code>5701</code>-<code>5711</code></td> <td>Dynatrace cluster analytics engine</td> <td>These ports can be closed to traffic coming from outside the Dynatrace cluster. If you&apos;re running a Dynatrace Managed cluster, only your cluster nodes need access to these ports.</td> </tr> <tr> <td><code>9042</code>, <code>7000</code>, <code>7001</code>, <code>7199</code></td> <td>Cassandra-based Hypercube storage</td> <td>These ports can be closed to traffic coming from outside the Dynatrace cluster. If you&apos;re running a Dynatrace Managed cluster, only your cluster nodes need access to these ports.</td> </tr> <tr> <td><code>9200</code>, <code>9300</code></td> <td>Elasticsearch-based search engine</td> <td>These ports can be closed to traffic coming from outside the Dynatrace cluster. If you&apos;re running a Dynatrace Managed cluster, only your cluster nodes need access to these ports.</td> </tr> </tbody> </table> <h3 id="outbound-communication-to-dynatrace-mission-control">Outbound communication to Dynatrace Mission Control <span class="shortlink-copy shortlink-copy-js" data-clipboard-text="https://www.dynatrace.com/support/help/shortlink/managed-network-ports#outbound-communication-to-dynatrace-mission-control"> </span></h3> <p>Within multi-node clusters, each node must be able to communicate with Mission Control for basic health checks (for example, component states, disk, and CPU usage), in addition to the mandatory management connection (URL: <code>https://mcsvc.dynatrace.com</code>² and IP addresses: <code>52.5.224.56</code>, <code>52.200.165.10</code>, <code>52.221.165.63</code>, and <code>13.228.109.33</code>) via HTTPS (<code>port 443</code>) for license validation, health monitoring, and automatic updates. Communication between Dynatrace Managed clusters and Mission Control is based on TLS v1.2.</p> <p>Communication between Dynatrace Managed clusters and Mission Control can also be routed via a proxy, but the proxy must allow web sockets and, if the proxy is clustered, it must provide sticky sessions for web socket communication. Also, the proxy must support the SNI TLS extension.</p> <hr> <p>¹ Dynatrace environments with a cluster version earlier than 1.166 use port <code>8443</code>. New Dynatrace environments still use port <code>8443</code>, but this port doesn&apos;t need to be exposed to the outside of the cluster nodes. Upgraded Dynatrace environments preserve port settings from the previous version. As a result, it is possible to have an upgraded Dynatrace environment that still uses port <code>8443</code>.</p> <p>² Dynatrace environments older than Dynatrace cluster version 1.138 used the domain <code>https://opcsvc.ruxit.com/</code>. If <code>mcsvc.dynatrace.com</code> can&apos;t be reached (for example, if a proxy blocks it), then <code>https://opcsvc.ruxit.com/</code> is used as a fallback.</p> Wed, 08 May 2019 08:26:03 +0200 https://www.dynatrace.com/support/help/setup-and-configuration/dynatrace-managed/configuration/which-network-ports-does-dynatrace-server-use/?updated=wed-08-may-2019-08-26-03-0200 https://www.dynatrace.com/support/help/setup-and-configuration/dynatrace-managed/configuration/which-network-ports-does-dynatrace-server-use/