Knowledge Base

cancel
Showing results for 
Search instead for 
Did you mean: 

SaaS Network Requirements: IP Ranges to connect to AppDynamics SaaS Controller, Analytics and EUM

AppDynamics SaaS customers must make sure that their Agents can communicate to the AppDynamics SaaS Infrastructure (including the Controller, Analytics, and EUM) from the customer's network by whitelisting certain IP ranges.

 

Table of Contents

Whitelisted IP ranges for Controller

Whitelisted IP ranges for Analytics

Whitelisted IP ranges for EUM

 

Whitelisted IP ranges for Controller

In a SaaS environment, various Agents communicate to the SaaS Controller to publish metrics.

 

These Agents can be:
1. Application Agent (Java, PHP, .Net, Python etc)
2. Machine Agent
3. Database Agent
4. WebServer Agent
5. Machine Agent
6. Analytics Agent (v4.3+)

 

Agents need to connect to an AppDynamics Controller in order to retrieve configuration data and send information about the monitored environment. The connection between the Agent and the Controller is a one-way connection initiated by the Agent; the Controller will never initiate a connection out to the Agent. The Agent only needs to use SSL on TCP port 443 for its communication to the Controller.

 

AppDynamics IP Ranges: 

To enable Agents to communicate with a Controller, whitelist the IP range below:

  • 69.27.44.0/24
  • 198.169.194.0/23
  • 69.27.41.0/24
  • 69.27.42.0/24
  • 162.210.94.0/23

 

Quick Reference: https://docs.appdynamics.com/display/PAA/SaaS+Domains+and+IP+Ranges

 

 

For more information about Agent communication, see the following sections App Agent Security and Machine Agent Security.

 

Whitelisted IP ranges for Analytics:

SaaS customers' Analytics Agent or on-premises Controller needs to communicate with SaaS Analytics Processor in order to publish application/log events.

 

For the analytics capabilities of the AppDynamics SaaS Platform, analytics.api.appdynamics.com needs to be whitelisted. If a customer is not comfortable with whitelisting based on DNS names, then they should be whitelisting the full IP range for the AWS UsWest2 region.

 

See: https://ip-ranges.amazonaws.com/ip-ranges.json

 

Whitelisted IP ranges for EUM:

EUM JavaScript Agents and Mobile Agents (iOS/Android/Xamarin) send beacons to EUM Cloud Collectors, so it's expected that the end-users network should allow communication to the EUM Cloud Collectors located at col.eum-appdynamics.com

 

Customers with an on-premise Controller will need to whitelist the EUM Cloud Aggregator, located at api.eum-appdynamics.com.

 

Both EUM CloudCollectors and Aggregator are hosted in AWS Region USWest2, same as Analytics.

 

If the customer can't whitelist based on domain, they should be whitelisting the full IP range for AWS UsWest2 region.

 

See: https://ip-ranges.amazonaws.com/ip-ranges.json

Version history
Revision #:
23 of 24
Last update:
‎08-07-2019 04:14 PM
Updated by:
 


Found this article helpful? Click the Thumbs Up button.
Have an additional comment? Post it below.
Comments

What about ranges for other regions? I understand there are SaaS deployments in other other AWS locations.