Cisco Secure Application for OpenTelemetry

Cisco Secure Application is available for OpenTelemetry Java. If you have an application monitored by the OpenTelemetry Java Agent, you can deploy the Cisco Secure Application extension for OpenTelemetry Java to monitor application security.

Before You Begin

To use Cisco Secure Application, ensure:

  • You have met the Cisco Secure Application Requirements.
  • You have enough Cisco Secure Application licenses to cover the supported Cisco Secure Application extension usage within the applications you plan on securing. To get a Cisco Secure Application license, contact the Splunk AppDynamics sales representative, or email salesops@appdynamics.com.

  • You have the Controller version >= 23.11.0. These versions reflect recommended minimum versions. We continually update our technology, so it's optimal to use the most recent agent version when possible.

  • For OpenTelemetry Java, you have the OpenTelemetry Java version >= 1.28.0. See OpenTelemetry Java releases.
  • You have Cisco Secure Application Extension version >= 23.11.0.

  • You have configured the traces to be sent to Splunk AppDynamics for OpenTelemetry. See Splunk AppDynamics for OpenTelemetry™. This is required to in order to have Cisco Secure Application registered and active.

    • The service.namespace resource attribute is required and maps to Application name in the Controller. See Configure Resource Attributes.
    • The service.name resource attribute is required and maps to the tier name.
    • Traces can be sampled if the only requirement allows registration of the Cisco Secure Application extension. See OpenTelemetry Tail Sampling Processor.

Configure the OpenTelemetry Java

You must configure the OpenTelemetry Java Agent in order to launch the Cisco Secure Application extension. To add the extension to the OpenTelemetry Java Agent:

  1. Download the Cisco Secure Application extension zip from Splunk AppDynamics Downloads Portal under Splunk AppDynamicsOpenTelemetry Extensions. If your application is deployed in a container environment, then you can download the Cisco Secure Application extension docker image from Docker Hub into a shared volume utilizing an init container.
  2. Extract the Cisco Secure Application extension zip file and copy it to the host that is running the application to the OpenTelemetry Java Agent.
  3. Set the otel.javaagent.extensions OTEL_JAVAAGENT_EXTENSIONS OpenTelemetry Extensions Config.
    -Dotel.javaagent.extensions=/opt/appdynamics/otel-java-extensions
The following resource attributes are determined through otel.resource.attributes system property or OTEL_RESOURCE_ATTRIBUTES environment variable in the OpenTelemetry Java Agent:
  • service.name = tier name
  • service.namespace = application name
  • Cisco Secure Application automatically sets the node.name using one of these three attributes: service.node , service.instance.id , or Container ID .

Configure the Cisco Secure Application Extension

You must configure the Controller access for the Cisco Secure Application extension. To do that, use one of the following options:

  1. Use these system properties:
    -Dappdynamics.controller.hostName=name.saas.appd-test.com
-Dappdynamics.controller.port=443
-Dappdynamics.controller.ssl.enabled=true
-Dappdynamics.agent.accountName=name
-Dappdynamics.agent.accountAccessKey=key
  2. Use these environment variables:
    Environment VariableEquivalent property

    APPDYNAMICS_CONTROLLER_HOST_NAME

    		<controller-host>

    APPDYNAMICS_CONTROLLER_PORT

    		<controller-port>

    APPDYNAMICS_CONTROLLER_SSL_ENABLED

    		<controller-ssl-enabled>

    APPDYNAMICS_AGENT_ACCOUNT_NAME

    		<account-name>

    APPDYNAMICS_AGENT_ACCOUNT_ACCESS_KEY

    		<account-access-key>