AWS resource monitoring with Dynatrace
Dynatrace is a software-intelligence monitoring platform and helps you monitor all your cloud resources and your applications at one platform. It also gives opportunity to create custom alerting for your resources to proactivity detect any failure on infrastructure or application level and helps to take appropriate action. Dynatrace makes Amazon API requests every 5 minutes. In addition to CloudWatch API calls, Dynatrace makes API calls to the monitored AWS services in order to learn about their instances, tags, etc. Dynatrace seamlessly brings infrastructure and cloud, application performance, and digital experience monitoring into an all-in-one.
Dynatrace provide two options to do your setup for your AWS account monitoring.
Dynatrace SaaS for AWS monitoring: In this approach Dynatrace servers are setup and managed by Dynatrace and we configure ActiveGate which works as a bridge between Dynatrace servers and our AWS resources. Dynatrace servers collects data from your AWS account and after processing that data it sends to the portal. These Dynatrace servers are controlled and managed by Dynatrace and data is stored securely in the Dynatrace cloud.
Dynatrace Managed for AWS monitoring: In this approach we configure our Dynatrace servers or cluster in on-premise or on cloud. We are responsible for configuring and managing these servers which contains all monitoring data and responsible for data processing. This is ideal for organizations with security or privacy policies requiring data to be maintained on-premises.
In this post we are focusing on “Dynatrace SaaS for AWS”. To enable AWS monitoring in your AWS account, first you need to create your Dynatrace account. Once you got your account next we need to setup ActiveGate. ActiveGate works as a proxy between Dynatrace OneAgent and Dynatrace Cluster and can be installed on Windows or Linux.Your VM should satisfy the minimum requirements to install ActiveGate.Once ActiveGate installation is done it need to have access to connect to your AWS resources to collect the monitoring data. To do so we need to create a role and attach proper policy to that role. Now attach the role to your EC2 server where your ActiveGate is installed. It’s enough to use only one ActiveGate dedicated for AWS monitoring. However, some deployments scenarios, for example for redundancy purposes, might require multiple ActiveGates in your deployment.
Once ActiveGate is setup we need to add our AWS account to Dynatrace so that our resources can get monitored in Dynatrace. From Dynatrace portal we need to add our AWS account. Once account is added then we will be able to see basic monitoring on Dynatrace portal.
To enable the detailed monitoring we need to setup the Dynatrace OneAgent on your AWS resources. Some of the resources like AWS S3 buckets, API Gateways etc gets automatically monitored without getting installed OneAgent. To enable detailed monitoring on EC2 servers, ECS, EKS , Elastic Beanstalk and Lambda functions we need to install OneAgent on these components. Once OneAgent is installed detailed monitoring will be available on Dynatrace portal.
Once all your setup is done and you start seeing your data in you account you can create users in your account and give them access to view the detailed monitoring of your resources. You can also configure alerts based on your logs and send notifications to intended users.
· Real User Monitoring: analyses the performance of all user interactions with your applications, whether the interactions take place in a browser or on a mobile device.
· Mobile app monitoring: Dynatrace supports Real User Monitoring for mobile apps as well.
· Server-side service monitoring: Server-side services may be of various types like web services, web containers, database requests, and custom services. Dynatrace OneAgent can provide details about which applications or services interact with which other services and which services or databases a specific service call.
· Network, process, and host monitoring: Dynatrace enables monitoring of your entire infrastructure including your hosts, processes, and network. It also gives detailed monitoring of total traffic of your network, the CPU usage of your hosts, the response time of your processes, and more.
· Cloud and virtual machine monitoring: Dynatrace OneAgent monitor your entire stack, including private, public, and hybrid cloud environments. Dynatrace OneAgent auto-detects all virtualised components and keeps up with all changes.
· Container monitoring: Dynatrace seamlessly integrates with existing Docker environments and automatically monitors your containerised applications and services. Dynatrace hooks into containers and provides code for injecting OneAgent into containerised processes.
· Root-cause analysis: A key feature of Dynatrace is Davis™, the Dynatrace AI-driven causation engine. Davis relies on artificial intelligence to continuously monitor every aspect of your applications, services, and infrastructure to automatically learn the baseline performance metrics and dependencies of all these components.
To collect monitoring data from your AWS resources, Dynatrace sends API request to your AWS resources. Dynatrace makes Amazon API requests every 5 minutes. In addition to CloudWatch API calls, Dynatrace makes API calls to the monitored AWS services in order to learn about their instances, tags, etc. The list of called services and actions is available below in the Create the monitoring policy section. Here’s a rough estimate of AWS monitoring costs.
Data Security and Protection:
When you configure Dynatrace to monitor your resources, it captures all information from your AWS account including your infrastructure, your application level logs, your mobile device logs etc which may include sensitive information as well. Dynatrace policies and products are compliant with GDPR privacy regulation and have handle all your data with security Dynatrace provides best-in-class data protection and settings that protect your data and those of your organisation’s end users.
All performance data that are collected on the customer side are securely transmitted to Dynatrace servers in the cloud and processed behind firewalls. Dynatrace runs on the Amazon Web Services (AWS) cloud-computing service and benefits from Amazon’s secure, world-class data centers, which are certified for ISO 27001, PCI-DSS Level 1, and SOC 1 / SSAE-16.
Summary: In this cloud era when all your infra is built on cloud, tools like Dynatrace are really helpful to monitor all your resources and application all-in-one.