1.dynatrace vILT - General (Day 1)

Dynatrace vILT Day 1
Confidential, Dynatrace, LLC

Accessing Your Training Environment
You should have received an invite to your tenant
yesterday. Please see email titled ‘Welcome to Dynatrace
Managed’.
As part of this class you will be instrumenting an application

server with Dynatrace and throughout the week will be
involved in hands on labs. You can access your personalized
environment on Dynatrace University.
https://university.dynatrace.com/environments
Welcome to Dynatrace
1. Complete your welcome

email instructions.
2. Please complete your

registration by creating a
unique password.
Easytravel Application Server Access
*If you have trouble accessing your environment, please inform the
instructor and email dtu.help@dynatrace.com.
Please include the class name you are attending.
Connecting to your Application Server
Option 1: Native SSH, Putty, MobaXTerm
• Please see download links in slide notes.
• ssh ubuntu@[IP_address]
• You will be prompted for a password. Password = dyn@trac3
Option 2: Remote Desktop.

• This is native to Windows PCs, and available for OSX.
• Terminal and Firefox are available as tools to use if your local PC
prevents installing software.
• Username = ubuntu, Password = dyn@trac3
Agenda Day 1
Time Topic (first half hour) Topic (second half hour)
08:00-09:00 Welcome/Overview of GoToTraining Dynatrace Architecture
09:00-10:00 Dynatrace Architecture Dynatrace Architecture
10:00-11:00 Real User Monitoring (RUM) Real User Monitoring (RUM)
11:00-12:00 Web Checks Licensing
A compelling answer to today‘s monitoring challenges
Software systems are becoming more diverse and more dynamic AUTOMATION
Tight integration of software systems requires end-to-end visibility SCALABILI TY
Compliance restrictions require tight security and privacy MANAG ED SERVICE
DevOps means more teams are involved in production monitoring SIMPLICITY
confidential
Mobile Browser Optimize customer
Application Synthetic experience
Code Server
Modernize
Database Mainframe operations
Network Log & Events Accelerate
Container API innovation
Micro-service Cloud
Full-Stack monitoring Smartscape & PurePath, Artificial intelligence,

business transaction total automation,
D.A.V.I.S.
Confidential, Dynatrace LLC

Deploying software and getting the best of both worlds
SaaS
SaaS Managed
On Premises
We provide
We provide theservice,
the service, you
youjust useuse
just it. it. You provideWe provide
the the software,
platform, you run it.
we manage the service.
• No local installation
Benefits Benefits
• Full
• No local installation control of data
• Full control of data
• No worries about hardware
• No worries about hardware • Self monitoring built-in
provisioning backups
provisioning backups and
and data data
storage
• No monitoring/operator needed • No worries about
Concerns
storage • System administrators
patching, upgrading, need to
• No monitoring/operator needed
Concerns support it: troubleshooting, patching,
• Compliance
troubleshooting,
upgrading, backup, monitoring,
Concerns
• Bandwidth consumption
• Compliance
monitoring
failover or failover
• Bandwidth consumption
Dynatrace SaaS
confidential
optional

Amazon
EC2
SaaS Cluster
HA Proxy Public Server Cassandra Elastic Search

Security Cluster Cluster Cluster
Gateways
Availability Zone
Availability Zone
Availability Zone
Storage and Retention - SaaS
• Session Storage  file based

• Default quota 30GB
• Time Series  Cassandra

• 1 minute intervals – 14 days
• 1 hour intervals – 440 days
• 1 day intervals – 5 years
• Visits  Elastic Search

• 30 days, can be extended

Dynatrace Managed
confidential
Dynatrace Mission Control
• Outbound Only
• Encrypted and Secured
optional • Specific Endpoint
• Fully automated, no human intervention

Dynatrace Managed
all the privacy you need with all the convenience you want
Scalable Elastic Grid Architecture

Mission Control
monitoring & updates
Dynatrace node 1
Dynatrace OneAgents
Dynatrace node 2
Dynatrace node n
Easy Touch UI Management Console

Updating reliably and fully automatically
Dynatrace
Mission
Control
Dynatrace Update
Dynatrace cluster
Dynatrace Mission Control Team
v+1 t be at
a r
He
Dynatrace Managed cluster updates are OneAgent updates are

mandatory optional
published typically every four weeks published typically every four weeks
started at a user specified time (daily or weekly) fully under your control
announced at least 24 hour in advance (OneAgents are compatible for at least one year)
very fast: monitoring continues seamlessly, UI downtime ca. 5 minutes
Remote Management
Dynatrace Managed Cluster
Dynatrace
Mission Control
Dynatrace node 1 Request for access
tt ps
h Dy
v ia ce UI na
tra http
k et ra
t ce s Request for access
soc Dyna VP
b r
We ly fo
Dynatrace node 2 N
on
n
o ly
Dynatrace Mission Control Team

Access cluster management
Dynatrace node n Access each environment
Access an internal maintenance UI
Auditing Security is key Mission Control Team cannot:

All configuration changes of Dynatrace All communication with Mission Control is via Access certificates
Managed are fully audit logged https with browser-like certificate checks Access user credentials
Each remote access is logged as an event with 2Factor authentication for remote write Gain root access to any servers
a reason access (coming soon)
Web UI
Target Applications
443 https
Dynatrace Agents Scale

Cluster Management Console (CMC)
8443 https Server Nodes
443 https
Mission Control
(possible via proxy)

Storage and Retention - Managed
• Session Storage  file based

• Depends on disk, quota can be defined for each environment
• Time Series  Cassandra

• 1 hour intervals – 440 days
• 1 day intervals – 5 years
• Visits  Elastic Search

• 30 days, can be extended

Managed Node Requirements
Max. hosts Max user Direct Storage Long-term Metrics

Node type monitored actions/s Node spec Disk IOPS for 10 days code visibility Store
(per node)
Trial 20 20 4 vCPUs, 16GB RAM 30 250GB 100GB
Small 250 250 8 vCPUs, 32GB RAM 150 500GB 1,2TB
Medium 600 500 18 vCPUs, 64GB RAM 300 1TB 2.5TB
Large 1500 1000 32 vCPUs, 128GB RAM 750 2TB 5TB
XLarge 3000 3,000 64 vCPUs, 256GB RAM 1500 4TB 10TB
Clusters should have equally sized nodes, recommended cluster sizes are 1, 3 or more, up to 10
Examples:
To monitor 8k hosts with a peak load of 3k user actions per second:
You need 3 XLarge nodes with a combined storage of 4TB for direct storage and 30TB for long term metrics
To monitor 200 hosts with a peak load of 500 user actions per second:
You need 1 Medium node with a combined storage of 1TB for direct storage and 2.5TB for long term metrics
or to have failover you can also use 3 Small nodes
More information on sizing can be found here

Security Gateways
confidential
Overview
SaaS Private
Security Gateways
Public
Managed
Private

SaaS – Without Security Gateway
DC Customer 1 Dynatrace Cloud
443
DC Customer 2

SaaS – With private Secure Gateway
Data Center 1 Dynatrace Cloud

9999
443
• Download installer from tenant, can only connect to tenant

where downloaded from
Data Center 2
9999 • Runs within your data center
• For Agent traffic bundling
• For remote plugin execution (VMWare)
• Already connected Agents automatically reroute through
SGW when found

Managed – With out Secure Gateway
Data Center Dynatrace Cloud

8443
Server Cluster
• Note: Remote plugin execution

(VMWare) available

Managed – Public Security Gateways
Data Center Dynatrace Cloud

8443
On Prem Agents
Server Cluster
• Download installer from CMC

(Cluster Management Console)
9999 DMZ Data Center • Runs at within data center, must be
Cloud / Remote separated from server node
Agents • For cloud Agents and Beacon
Synthetic Agents
+ Forwarder (handles RUM and
JS Agents (typically RUM only)
Dynatrace Mobile App synthetic traffic)

Managed – Private Security Gateways
DC Customer Dynatrace Cloud

9999 8443
Tenant 1
Server Cluster
9999
• Download installer from tenant, can only connect to tenant

Tenant 2
where downloaded from
• For Agent traffic bundling
• For remote plugin execution (VMWare)
• Already connected Agents automatically reroute through
Private SGW when found

Dynatrace Architecture – Multi Datacenter Best Practice
US Datacenter German Datacenter Australian Datacenter
Agents Agents Agents
9999 https 8443 https 9999 https
Security Security
Gateway Gateway
8443 https 8443 https
Server Nodes
443 https (German Datacenter)
Scale
Web UI

Security Gateway Installation Walkthrough

Summary
Private
SaaS
9999
Security Gateways Public

8443
Managed
Private
9999

OneAgent
confidential
One Agent to monitor them all
Capabilities of the Dynatrace OneAgent
• Host monitoring
• Process monitoring
• Network monitoring
• Log file monitoring*
• Application monitoring for Java, .NET, PHP on Linux and Node.js*
• Web Server monitoring for Apache, IIS and Nginx*
• Plugin execution*
*Will be covered in separate sections later on

Speaking the same language
1. A physical or virtualized operating system
2. The source of compute, memory, and storage resources
Related terms: CPU, Interface, Virtual, AWS

1. A currently executing computer program
2. A means for code to request computing resources
Related terms: Requests, Utilization, PID, Memory

Network Monitoring
confidential
Why network monitoring?
• Part of the infrastructure, can be a root cause for an application problem

• Which processes consume most of my network resources?
• Network utilization breakdown
• Which processes experience network degradation problems?

• Network quality – retransmissions, RTT, throughput
• Can everyone talk and connect to their parties?

• Process network connectivity
• Environment agnostic – any TCP/Ethernet communication can be monitored:

• physical, virtual, cloud

Network helps build the SmartScape
Horizontal view – Tier dependencies Vertical view – Stack dependencies
Agent Install, SmartScape and Agent Data

Agent “Types” – Full Stack vs. PaaS vs. Infrastructure
Full Stack PaaS Infrastructure
Java, .NET, PHP,

NodeJS
Limited host metrics
Host
Network
Processes
Plugins
Logs

Additional important details
• Agent can only connect to tenant/environment from which it is downloaded

• Don’t touch Agent configuration – will be overwritten by Agent
• Encryption on Agent – https

• Instrumentation on Agent
• Compression on SGW
• Needs root permissions

Why are root rights required on Linux?

• Installer
• Installing Process Agent library in a system library directory
• Setting up /etc/ld.so.preload for injecting Process Agent globally.
• Modify SE Linux policies to allow global injection of Process Agent.

• Agent (OS Agent) needs root rights for
• Accessing list of open sockets for every process
• Accessing list of libraries loaded for every process
• Accessing name and path of executable file for every process
• Accessing command line parameters for every process
These are necessary for horizontal topology, correlating network agent data with processes and process type recognition.

• Agent for Network needs root rights for
• Initially opening raw socket to capture network traffic. After initialization the root rights can be dropped.
Summary – Dynatrace Architecture
• SaaS vs Managed
• Secure Gateways
• What they do
• Where they go
• OneAgent
• Capabilities
• Network monitoring
• SmartScape

RUM – Real User Monitoring

1. User experience as measured at the endpoint, such
as a browser or mobile device
2. How software is presented to the end user
Related terms: Browser, User Action, Session,
JavaScript, Waterfall
Agenda
• Web vs. native mobile

• Deployment options
• Architecture
• Demo – RUM UI
• Application Settings
• Demo – Important settings

Web vs. native mobile
• Separated data in Dynatrace SaaS/Managed

From the User, not just the session..

From the User, not just the session..

See contribution of frontend, backend, and network

Drill down to RUM Details for all users

View JavaScript errors.. and dynamically filter to fit your need

Deployment options
• “Agentless”
• Customer adds JS tag on his own – no Dynatrace
agent needed
• Correlation of server side web requests is not possible
• JS tag (code) defines the application
• Three JS tag modes:
• Bootstrap (easy monitoring)
• Normal (easy monitoring turned off)
• Inline
• “Full Stack”
• HTML is delivered via a Dynatrace agent monitored
server
• JS tag is auto injected by the Dynatrace agent
(manual injection still possible)
• Correlation of server side web requests
• Application rules and injection rules can be applied

When? Agentless VS agent RUM
• Agentless RUM – manual injected

• No root access
• No Dynatrace RUM supported serverside technology
• Hosted web application
• Agent based RUM

• Whenever possible – correlation of server side, agent hours and visits

Automatic injection of the Dynatrace JavaScript tag
• turned on by default (see default application)

• works for Java containers based on the servlet specification, Apache, IIS, nginx and NodeJS
• can be turned off per technology on process group level – by user in the UI
• can be turned off per host – per editing json file in the debugUI
• can be turned off per application (see application detection)
• is controlled via injection rules in the advanced application settings. The best injection point for the JS
snippet is determined by the agent; though the injection point can be overridden by these advanced
settings.
• injection rules and application detection rules are defined on URL (except the “domain matches” which is
just looking at the http header). The URL must not be the same than seen in the browser. Host header
needs to be defined and sometimes URL’s are rewritten.

Architecture (1/4)
• Parts needed for user actions

• (modern) Browser rendering HTML (at least one – Single Page Apps)
• Dynatrace JavaScript code
• JS tag (JS snippet) + JS library („JS agent“)
• Inline Dynatrace js code
• Data channel to send back from the browser to Dynatrace – beacon or
monitor signal

User actions
Architecture (2/4)
htmlhtml
+ injected js tag
data:
getpurePath,
config
// metrics,
and inject
user
js
manual cdn.dynatrace.com/ actions
tag
added JS tag jstag/ JS library
n
atio
unic
Beacon
mm
t co
Beacon CORS
agen
Beacon CORS
web server Beacon Forwarder
*.live.dynatrace.com/bf
*.live.dynatrace.com
Agentless Agent based
Dynatrace infrastructure

Architecture (3/4)
• JS-Tag options
• CDN (if agentless)

• JS-File is loaded from the Dynatrace CDN
(Cloudfront)
• On the server (if agentless)
• OneAgent writes the JS-Script to a file on the
filesystem (full agent  only parts are injected)
• Inline (if desired)
• No JS-File loaded (to avoid negative impact on
Google PageSpeed results)

Architecture (4/4)
• Application:
• Default application:
• “catches all application” for start and for all user actions not matching to an existing application rule
• the default application can’t be deleted
• turning off RUM for the default application deactivates the injection for all html pages not belonging to other applications
• Application rules and detection

• application rules work only for auto injected (agent based) web applications. Manual injected (agentless) web applications are
controlled with the inserted tag and mobile applications with the mobile agent instrumentation. RUM-only applications do not
apply to any given detection rules.
• agent uses application rules for choosing the correct application configuration: injection on/off, js tag settings, injection rules
for this application
• assignment of a user action to an application is done based on the URL of a user action
• application rules are applied in a given order and the first match is taken

RUM UI

Setting up a new application
confidential
Starter Settings (1/4)

Starter Settings – User actions (2/4)
• URL cleanup rules

• Remove parameters (Regex)
• Naming rules
• Custom names for certain
patterns (also Regex)
• Extraction rules
• Naming by extracting parts
of URL, Page title, Action
name, Page path, Content of
meta tag

Starter Settings – Conversion goals (3/4)

Starter Settings – XHR (Ajax) detection (4/4)

RUM settings

Summary
• Web vs. native mobile

• Deployment options
• Architecture
• Application Settings
• Demo of features and settings

Webchecks – Architecture and Usage

Table of contents
• Architecture
• Live-Demo
• Settings
• Key-Differentiators
• Outlook
• Summary

Architecture
confidential
Synthetic Control System
• Test management – scripts, schedules, locations

• Rest APIs for all use cases
• Test scheduling
• Smooth test scheduling across time and locations for optimal SLA coverage
• Automated retry on fail
• Scheduled immediately
• Dynatrace owns operational monitoring of remote test locations
• Automation of basic tasks
• Custom dashboard (like cloud control)

Summary of Test Execution
SaaS Managed
Synthetic
Control
Cluster
Cluster
Push result Poll test

Public SGW Managed
HAProxy SGW
Location: Paris BF BF
Chrome
Chrome
VUC Chrome
Chrome
Chrome Send beacon signals
VUC Chrome
Prepare Chrome
Execute Script,
adjust JS-Tag if found
Webcheck– Good-to-knows
• VU Controller
• 13 production locations
• Script caching
• Node monitored by Dynatrace
• KPI - 20 or more concurrent browser executions
• VU Player
• Chrome based
• JS agent management – replace RUM tag, inject more in-depth synthetic tag
• “Login-Sense” like capability to traverse the login by locating form fields and auto-filling
• Screen Capture

Determine endpoint for Synthetic Beacon-Signal
• SaaS – no need to worry

• https://*.live.dynatrace.com/bf
• Managed
• Cluster is using the Domain/IP of the configured Public SG
• https://mypublicsecurity.gateway.org.com:9999/bf
• Both approaches end up in the Beacon-Forwarder of a SG

• Special component simply proxying beacon signals to the cluster

Synthetic Recorder - Plugin
SaaS
Cluster Synthetic
Control
Record clickpath Managed

Update clickpath locally Mission
verify by playback Control
Cluster
Script
Insert/Update script through cluster and using
Synthetic API
Demo – building a webcheck

Webcheck settings
confidential
Webcheck - Setup
• Define website URL and

webcheck name
• Device Profile
• Type
• Size
• Bandwidth
• LoginSense setup

Monitoring-Schedule
• Define Execution-Plan of webcheck

• Execution done Round-Robin
• IPs for whitelists
• Number of executions

Content Validation – Availability Check
• Check for plain text

• Check for text in CSS/DOM
• Check for CSS/DOM element
• Useful for API healthchecks

Content Validation - Clickpath
• More sophisticated than simple

Availability Validation
• Different wait types
• Page load
• Network finished
• Specific period
• Specific element
• Same content validation settings

• Different settings depending on the
action type.
• Keystrokes, Clicks, Tabs etc.

Outage Handling
• Disable/Enable alerting on outages
• By design a false execution is re-

scheduled immediately to avoid
false alerts due to infrastructure
problems.

Performance thresholds
• Availability is highest priority

• Empty browser cache – usually
longer then data gathered by RUM

Key-Differentiators
confidential
Simple Availability & Complex Clickpath Checks

Execution in real browser
• Chrome browser used

• Constantly updated to current version
• Empty browser caches on execution

Recorder-Plugin

Unique locations

Waterfall - Analysis

Screenshot on error

Run History

Summary
• Availability & Clickpath Webchecks

• Executed in real browser (Chrome)
• Emulating Mobile devices
• Recorder Plugin – Ease of use

• 13 Unique Locations (no cloud locations)
• Waterfall analysis of each execution/run
• Screenshot on error
• Run History
• Simple API availability test with content validation

Licensing

Hosts, Visits & Web checks
• Host – OS instance (virtual or physical) where the agent is installed

• License varies on size of host memory (table on next slide)
• RUM – Visit
• 1 license = 1 browser session
• Web check
• 1 license = single execution of a synthetic test from one location

Agent Unit consumption
Size Max RAM Weight

Micro 1.5GB 0.1
Regular 16GB 1
X2 32GB 2
X4 64GB 4
X8 128GB 8
x16 Unlimited 16

Where can I find the license information?
• SaaS – in the profile dropdown (see screenshot)

• Managed – in the CMC
• Need admin rights to see in either deployment

Lab – Dynatrace Installation and Configuration
Objective – Install Dynatrace

OneAgent and confirm
Purepaths are generated
in Dynatrace.
Install Dynatrace OneAgent
1. Login to your Dynatrace Tenant using the following
address:
• https://dynatrace-managed.dxs-platform.com
• Use your email address, and the password you
created earlier while setting up your environment.
2. Please raise your hand if you are having any difficulty

connecting to your environment.
Follow the deployment guide
from within your Dynatrace
tenant.
Follow any on-screen service restarts that are required for full application
monitoring visibility.
In this case, we restarted the Apache web service by issuing a
‘service apache2 restart’ command.
Easytravel Access
1. Start Easytravel Application Server
• Start the application by issuing the following command:
• ./opt/easytravel70/easytravel-2.0.0-x64/weblauncher/weblauncher.sh &
• Please wait a few minutes while the application starts
2. Access Training Scenarios:
• Using your local web browser, access the following address
• Make sure to replace IP address in the template below with the IP
address you received from Dynatrace University.
• http://[YOUR_IP_ADDRESS]:8094/main
3. Enable ‘UEM Standard’ scenario.
• Once the application loads, enable the UEM scenario
4. Open the application by browsing to http://[YOUR_IP]:8080

Easytravel – UEM Enabled
Validate Dynatrace Monitoring
1. Easytravel generates artificial transactions. With zero-config you can start
exploring some of the great features of Dynatrace. Walk through the easy to
navigate menu and see for yourself the power of Dynatrace OneAgent.
Smartscape Application Overview User Behavior

Lab - Complete
Lab – Notifications
(Download from GoToTraining Materials)

1.dynatrace vILT - General (Day 1)

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

1.dynatrace vILT - General (Day 1)

Uploaded by

Copyright:

Available Formats

Dynatrace vILT Day 1

Confidential, Dynatrace, LLC

As part of this class you will be instrumenting an application

1. Complete your welcome

2. Please complete your

Option 2: Remote Desktop.

Full-Stack monitoring Smartscape & PurePath, Artificial intelligence,

Confidential, Dynatrace LLC

Confidential, Dynatrace, LLC

HA Proxy Public Server Cassandra Elastic Search

• Session Storage  file based

• Time Series  Cassandra

• Visits  Elastic Search

Confidential, Dynatrace, LLC

Confidential, Dynatrace, LLC

Scalable Elastic Grid Architecture

Confidential, Dynatrace, LLC

Dynatrace Managed cluster updates are OneAgent updates are

Dynatrace Mission Control Team

Auditing Security is key Mission Control Team cannot:

Dynatrace Agents Scale

Confidential, Dynatrace, LLC

• Session Storage  file based

• Time Series  Cassandra

• Visits  Elastic Search

Confidential, Dynatrace, LLC

Max. hosts Max user Direct Storage Long-term Metrics

Trial 20 20 4 vCPUs, 16GB RAM 30 250GB 100GB

Small 250 250 8 vCPUs, 32GB RAM 150 500GB 1,2TB

Medium 600 500 18 vCPUs, 64GB RAM 300 1TB 2.5TB

Large 1500 1000 32 vCPUs, 128GB RAM 750 2TB 5TB

XLarge 3000 3,000 64 vCPUs, 256GB RAM 1500 4TB 10TB

More information on sizing can be found here

Confidential, Dynatrace, LLC

Confidential, Dynatrace, LLC

DC Customer 1 Dynatrace Cloud

Confidential, Dynatrace, LLC

Data Center 1 Dynatrace Cloud

• Download installer from tenant, can only connect to tenant

Confidential, Dynatrace, LLC

Data Center Dynatrace Cloud

• Note: Remote plugin execution

Confidential, Dynatrace, LLC

Data Center Dynatrace Cloud

• Download installer from CMC

Confidential, Dynatrace, LLC

DC Customer Dynatrace Cloud

• Download installer from tenant, can only connect to tenant

Confidential, Dynatrace, LLC

Agents Agents Agents

9999 https 8443 https 9999 https

8443 https 8443 https

Confidential, Dynatrace, LLC

Confidential, Dynatrace, LLC

Security Gateways Public

Confidential, Dynatrace, LLC

*Will be covered in separate sections later on

Confidential, Dynatrace, LLC

Related terms: CPU, Interface, Virtual, AWS

Related terms: Requests, Utilization, PID, Memory

• Part of the infrastructure, can be a root cause for an application problem

• Which processes experience network degradation problems?

• Can everyone talk and connect to their parties?