Help
Not a customer? Start a free trial

Not a customer? Click the 'Start a free trial' link to begin a 30-day SaaS trial of our product and to join our community.

Existing Cisco AppDynamics customers should click the 'Sign In' button to authenticate to access the community

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

SaaS Network IP Range Requirements

Gaurav.Soni
AppDynamics Team (Retired)

on ‎09-22-2017 01:53 PM - edited on ‎07-23-2021 04:53 PM by

IP Ranges to connect to AppDynamics SaaS Controller, Analytics and EUM

 

AppDynamics SaaS customers must make sure that their Agents can communicate to the AppDynamics SaaS Infrastructure (including the Controller, Analytics, and EUM) from the customer's network by allowing certain IP ranges.

 

Table of Contents

 

Permitted IP ranges for Controller

In a SaaS environment, various Agents communicate to the SaaS Controller to publish metrics.


These Agents can be:

  1. Application Agent (Java, PHP, .Net, Python etc)
  2. Machine Agent
  3. Database Agent
  4. WebServer Agent
  5. Machine Agent
  6. Analytics Agent (v4.3+)

 

Agents need to connect to an AppDynamics Controller in order to retrieve configuration data and send information about the monitored environment. The connection between the Agent and the Controller is a one-way connection initiated by the Agent; the Controller will never initiate a connection out to the Agent. The Agent only needs to use SSL on TCP port 443 for its communication to the Controller.

 

AppDynamics IP Ranges

To enable Agents to communicate with a Controller, permit the IP range below:

  • 69.27.44.0/24
  • 198.169.194.0/23
  • 69.27.41.0/24
  • 69.27.42.0/24
  • 162.210.94.0/23

 

Quick Reference: https://docs.appdynamics.com/display/PAA/SaaS+Domains+and+IP+Ranges

 

For more information about Agent communication, see the following sections App Agent Security and Machine Agent Security.

 

Permitted IP ranges for Analytics

SaaS customers' Analytics Agent or on-premises Controller needs to communicate with SaaS Analytics Processor in order to publish application/log events.

 

For the analytics capabilities of the AppDynamics SaaS Platform, analytics.api.appdynamics.com needs to be permitted. If a customer is not comfortable with permitting based on DNS names, then they should designate the full IP range for the AWS UsWest2 region.

 

See: https://ip-ranges.amazonaws.com/ip-ranges.json

 

Permitted IP ranges for EUM

EUM JavaScript Agents and Mobile Agents (iOS/Android/Xamarin) send beacons to EUM Cloud Collectors, so it's expected that the end-users network should allow communication to the EUM Cloud Collectors located at col.eum-appdynamics.com

 

Customers with an on-premises Controller will need to permit the EUM Cloud Aggregator, located at api.eum-appdynamics.com.

 

Both EUM CloudCollectors and Aggregator are hosted in AWS Region USWest2, same as Analytics.

 

If the customer can't permit IP addresses based on domain, they should permit the full IP range for AWS UsWest2 region.

 

See: https://ip-ranges.amazonaws.com/ip-ranges.json

Comments
Mattias.Påvall
Builder
‎10-01-2019 05:16 AM

What about ranges for other regions? I understand there are SaaS deployments in other other AWS locations.

Simon.Parish
Builder
‎05-22-2023 09:38 AM

I can't believe that you say if you can't use the DNS name analytics.api.appdynamics.com then basically open up to all of the US-West-2 IP addresses that AWS publish. 

I'm sure you don't use all of them - other companies are in that region.
Not a very good security policy!

Version history
Last update:
‎07-23-2021 04:53 PM
Updated by:
Join Us On December 10
Learn how Splunk and AppDynamics are redefining observability

Register Now!
Observe and Explore
Dive into our Community Blog for the Latest Insights and Updates!

Read the blog here

Thank you! Your submission has been received!

Oops! Something went wrong while submitting the form

By clicking subscribe, I have read and understood the Privacy Policy and Terms of Use.
Platform
Solutions
Learn

Company
Support