By default, Dynatrace is set up to trace every single request. As this implies increased network and storage requirements, particularly within large Dynatrace Managed installations, we’ve made this a configurable setting with the latest release of Dynatrace Managed.
As part of this “Adaptive Traffic Management and Data retention” effort, we now display a configuration option in the Managed Cluster Management Console (CMC). To change the setting, select the environment you want to configure from the Environments menu. This will take you to the details view where you can modify the Adaptive capture control setting, as shown below:
The default value is 1,000 new paths per minute.
Enhanced preferences for proactive cluster support We proactively alert you of any incompatibilities or technology-specific risks related to your environment. By default, we report information from OneAgent, process technologies, hosts, ActiveGates, and related entities. This information is used for support, product improvement,and research purposes. The relevant setting has been added to Preferences in the Settings section of the CMC.
Note:If you disable this feature, we won’t be able to see the OneAgent versions you have installed and therefore can’t provide you with complete proactive support.
Introducing TLS 1.2 and improved cipher securityBy default, we now use TLS 1.2 for communication with Dynatrace Managed clusters and we’ve disabled the usage of ciphers that are considered less secure. For compatibility reasons, however, we still provide the option to switch back to existing, less secure settings. We now provide built-in security policies. Each security policy defines a set of allowed SSL protocols and ciphers that are applied to NGINXinstances on each cluster node:
legacy default fipsThese policies can be passed as arguments to the installer when installing new or upgrading existing cluster nodes. We added the following command-line parameters to the installer:
--ssl-protocols --ssl-ciphersAnother option to change the SSL policies for existing clusters is to change SSL_PROTOCOLS and SSL_CIPHERS entries in /etc/dynatrace.conf , analogous to the installer parameters. Changes go into effect with the next upgrade.
Resolved issues Due to a NIST reported vulnerability we had to disable the Apache Thrift server on our Cassandra nodes. We resolved an issue around Mission Control flooding recipients with e-mails. ActiveGates on Dynatrace Managed nodes didn’t preserve changes made to custom.properties during upgrades. In some cases, the free quota of custom metrics wasn’t correctly calculated. Also in this release We’ve updated the Help page on supported operating system requirements for Dynatrace Managed. We now explicitly state supported platforms and versions. Fresh installations disallow unsupported versions. During upgrades, warnings are raised only. Due to security vulnerabilities, we updated the JRE for the installer component to version 8, build 181 . On the Home page of theCMC, you can now see each node’s IP address next to the node ID. Other new featuresAdditionally, all new features introduced with Dynatrace SaaSVersion 1.155 andVersion 1.156 are now also supported by Dynatrace Managed.
