How do I set up virtualization monitoring?

VMware is the only virtual platform currently supported by Dynatrace. We’re working hard though to add support for all major virtualization platforms. Please keep an eye out for extended virtualization support in upcoming releases.

Once Dynatrace OneAgent is installed and process monitoring is activated, you’ll be able to see what’s happening in your operating system—specifically, how your host-based processes behave and communicate. If you depend on virtualization for your infrastructure, Dynatrace will give you insight into how your virtual machines affect the performance of your web applications. Follow the steps outlined below to obtain crucial information related to any virtualized infrastructure you’ve deployed using VMware vCenter or standalone ESXi hosts.

Before you begin

What you need:

  • Read-only vCenter or standalone ESXi account credentials.
  • Rights for changing firewall settings (only required if your internal routing policy may prevent Dynatrace software from connecting to the Internet).

Install Security Gateway

If you’re setting up Dynatrace for the first time you’ll be able to reach a link to the Security Gateway installer from your home dashboard once monitoring setup is complete. Click the VMware tile to get to the installer download link.

You can get to our Security Gateway installer anytime via the Settings menu, even if you’ve already installed your first Dynatrace OneAgent or completely changed your home dashboard layout.

If you've already downloaded Dynatrace OneAgent

In some cases Security Gateway installation is directly related to Dynatrace OneAgent installation.

When you download Dynatrace OneAgent installer before installing Security Gateway and use it for installation in a DMZ, or a network segment that has no Internet access you’ll need to download Dynatrace OneAgent installer again because the file will not contain proper configuration (Dynatrace OneAgent is configured during installation to connect to Dynatrace directly). You’ll need to first install Security Gateway and then download Dynatrace OneAgent installer. Then Dynatrace OneAgent will be able to send data to Dynatrace.

You can install Security Gateway on a Linux or Windows machine.
Security Gateway needs to send monitoring data to Dynatrace, that’s why it needs Internet access. Security Gateway listens (i.e., accepts incoming connections) on port 9999 and talks to Dynatrace Server (i.e., makes outgoing connections) on port 443. Ensure that your firewall settings allow communication through these ports.

How you download your installer depends on your setup and needs. You can choose to download an installer directly to the server where you plan to install Security Gateway or you can download an installer to a different machine and then transfer the installer to the server.

Getting the Linux installer

Downloading the installer for Linux is fairly easy—just copy the command line for wget from your web browser and paste it into your terminal window. Wait for the download to complete and you can begin installation.

The Security Gateway download page has everything you need to download Security Gateway — wget command line for downloading directly to a server and a download link for saving the installer elsewhere. Make sure to copy the command directly from the Dynatrace page because it contains your environment ID.

Make sure your system is up to date, especially SSL and related certificate libraries. If you plan to download Security Gateway directly to the server, note that outdated libraries (for example, CA certificates) or missing OpenSSL will prevent the installer from downloading (we use encrypted connections and OpenSSL is needed to enable wget to access the server).

You can also download the installer by clicking the link and saving the installer script to any location you want (bypassing the wget command altogether).

Getting the Windows installer

Downloading the Security Gateway installer for Windows can be achieved with a single click—click the button to download the installer directly to the server intended for installation, or to any other suitable location.

Security Gateway download page for Windows gives you access to the standard installer.

You’ll need administrator rights to install your Security Gateway.

  • On Windows, run the executable file using administrator rights and follow the displayed instructions.
  • On Linux, you’ll need root privileges. You can use su or sudo to run the installation script. You’ll need to make the script executable before you can run it. To do this, type one of the following commands in the directory where you downloaded the installation script.
Getting the Linux installer

If you’re on an Ubuntu Server, use the following command (remember to use the file name that you actually downloaded):

chmod + x Dynatrace-Security-Gateway-Linux-1.0.0.sh
sudo ./Dynatrace-Security-Gateway-Linux-1.0.0.sh

If you’re using Red Hat Enterprise Linux:

chmod + x Dynatrace-Security-Gateway-Linux-1.0.0.sh
su ./Dynatrace-Security-Gateway-Linux-1.0.0.sh

If you start a root session:

chmod + x Dynatrace-Security-Gateway-Linux-1.0.0.sh
./Dynatrace-Security-Gateway-Linux-1.0.0.sh

Once Security Gateway connects to Dynatrace Server, the installation is complete. You’ll see the result in the Dynatrace web interface. That’s all there is to it!
As soon as Security Gateway connects to Dynatrace Server, Dynatrace OneAgent is informed and re-configured to send monitoring data through Security Gateway.

Connect to your VMware platform

Where do I configure VMware connection settings?

To get to Virtualization settings:

  1. Click the Demo VMware tile on the home dashboard to go to the vCenter demo page, then click Start VMware monitoring.
  2. Go to Settings > Virtualization and click Connect new instance.

You can now decide which vCenter server or standalone ESXi host you want to monitor.
You do this by entering server address details (a host name or IP address, skip the http:// or https:// prefix).

Enter corresponding user credentials so that Security Gateway can log in and collect monitoring data. The required privileges for this user are view and read-only access. Administrator-level access is not required to enable monitoring (no changes to your VMware settings are necessary).

Only add standalone ESXi hosts for monitoring; if your ESXi host is managed by a vCenter server, connect the vCenter server to Dynatrace. You don’t need to add ESXi hosts if they are managed by a vCenter server that is already connected to Dynatrace.

When Security Gateway connects to your VMware platform for the first time, it collects information about all available virtual machines and matches it with the information it’s received from all machines that have Dynatrace OneAgent installed on them.

Repeat this process for all other vCenter servers or standalone ESXi hosts in your environment, covering all virtualized systems that run Dynatrace OneAgent.