Dynatrace Managed now provides a separate NGINX distribution package with OpenSSL running in FIPS mode . This allows you to set up communication with Dynatrace Managed clusters that is FIPS 140-2 compliant.
To set up FIPS 140-2 compliant communication
Run the installer with the --fips-enabled=true flag (works for both upgrade procedures and fresh installations) Instruct all installed OneAgents to use the NGINX endpoint running on port 443 . To customize the IP endpoint for OneAgent traffic, go to the Cluster Management Console Home page and click the infographic tile of the cluster node you want to configure. Scroll down to the Customize node endpoints sectionon the node details page (see example below) to customize theIP endpoint forOneAgenttraffic.
To date, OneAgent traffic has been handled by a cluster ActiveGate (previously known as a “Public Managed Security Gateway”. See below for details.). SinceDynatrace Managed version 1.150, it’s been possible to use NGINX as single communication endpoint and conveniently configure a single port.You can disable FIPS mode during cluster upgrade by running the installer with the --fips-enabled flag set to false .
Higher supportability with NodekeeperWe’ve introduced a standalone process running on each node on port 8018 referred to as “Nodekeeper”. The Nodekeeper process starts before all other cluster processes and is the last to be shut down. This allows us to remotely support situations where a cluster is down and the log files and configurations are no longer accessible. Support archives have been extended to include Nodekeeper logs and configuration files.
Also in this release We’ve solved performance issues when loading the CMC Home page. Especially on largerclusters, the UI was blocked for too long before all components were displayed and the user could proceed. Now the Home page is displayed immediately and slow components are indicated with a “loading” label. You can now specify the target directory of the self-monitoring agent by specifying the --agent-dir flag when executing the Dynatrace Managed installer. If you omit the parameter, the agent will be installed at /opt/dynatrace/agent . Otherwise, the path is used as a symlink that points to a custom location. In the course of the renaming of Security Gateway to ActiveGate weupdated the terminology in the Web UI and the Dynatrace Managed installer. Public Managed Security Gateways are now referred to as Cluster ActiveGates. This change is visible on the Home page, the former Security Gateway details page, as well as within Public endpoint settings within the CMC. Other new featuresAdditionally, all new features introduced with Dynatrace SaaSVersion 1.151andVersion 1.152are now also supported by Dynatrace Managed.