question

Sangeetha M. avatar image
Sangeetha M. asked ·

Active gate in DMZ using proxy

Hi

Could you please help with the clarification on the below?

We are in a process of installing Active gate in DMZ. Customer is saying, there is not internet connection to DMZ, and connection should be made through proxy.

Here, we want to understand

1. Firstly, if we are using proxy to connect to active gate, what is the need to install active gate in DMZ? We can directly connect through proxy.

2. Secondly, if we use proxy, SaaS will not be able to deploy anything as it one way communication from ActiveGate to SaaS

Please give us some detailed explanation on the above two. We are really confusing to understand the concept

Thanksℜgards

Sangeetha

dynatrace saasactivegateinstallation
10 |2000000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 50.0 MiB each and 250.0 MiB total.

Julius L. avatar image
Julius L. answered ·

In addition to @sebastian k.'s answer to the 2) - communication is always unidirectional (agent -> activegate -> dynatrace server, either via proxy or not). Also, agents and ActiveGates maintain persistent connection, thus any configuration changes are propagated fast (typically within seconds).

1 comment Share
10 |2000000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 50.0 MiB each and 250.0 MiB total.

Thank you Julius

0 Likes 0 · ·
Sebastian K. avatar image
Sebastian K. answered ·

1) Active gate is compresing data up to 70%. So you can have less overhead for network infrastructure. For Java and node.js applications active gate helps you with providing options for memory dumps. Another thing are active gate plugins that can be executed.

2) If there is no direct connection to cluster, you always have option of downloading binary from cluster locally and installing them by uploading to proper server. Your proxy settings has to have option not only for sending data to cluster on proper port. There also has to be communication with cluster on 443 to be able to download updates later.

Sebastian

4 comments Share
10 |2000000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 50.0 MiB each and 250.0 MiB total.

Thank you Sebastian.

I got clarification on second question. Still I have little bit confusion on active gate in DMZ zone

When we are using proxy we can install active gate directly in VLAN. Than what is the significance of DMZ here?

Thank you

Sangeetha

0 Likes 0 · ·

Active Gate is really helpful in DT Managed because in such case we are not exposing servers via proxy to cloud, we are calling our local server. In such case you have only one network rule to make for active gate, not for all hosts in DMZ.

For me it is always better to setup things like proxy on single independent component like ActiveGate, not for monitored hosts. In such case monitoring should be independent of hosts creation, adding nodes, deployment etc. Connection is still established.

Sebastian

0 Likes 0 · ·

Hi Sebastian

Thank you

From your above comments what I understood, in case of DT Managed, it is better to setup proxy.

Please confirm in case of SaaS which approach is better. Below is the original question from customer

Question:

2 Options we have right now for ActiveGate Server.

  1. DMZ network, but no direct internet access. Should use proxy
  2. No DMZ, but has direct internet access

Which one is best practice for keeping ActiveGate servers in DC for OneAgent SaaS.

Thanksℜgards

Sangeetha

0 Likes 0 · ·

I would put AG in DMZ and config proxy on it.

0 Likes 0 · ·

Space Topics

mobile monitoring dotnet synthetic monitoring reports iis chat kubernetes servicenow amazon web services mysql mainframe rest api errors cassandra dashboard oneagent sdk cmc application monitoring openkit smartscape request attributes monitoring developer community user tagging log monitoring services ufo syntheticadvisory activegate ip addresses auto-detection high five award oracle hyperion webserver uem usql iib test automation license web performance monitoring ios news migration management zones index ibm mq web services custom event alerts notifications sso host monitoring knowledge sharing reports browser monitors java hybris sap vmware maintenance window user action naming javascript appmon ai synthetic classic availability tipstricks automation extensions diagnostic tools session replay permissions davis assistant faq documentation problem detection http monitors server easytravel apdex aws-quickstart network docker tags and metadata cloud foundry google cloud platform synthetic monitoring process groups account usability dynatrace saas gui paas openshift key user actions administration user actions postgresql synthetic locations oneagent security Dynatrace Managed user management custom python technologies mongodb openstack user session monitoring continuous delivery citrix configuration alerting NGINX action naming linux nam installation masking error reporting database mission control jmeter recorder apache mobileapp RUM php threshold azure purepath davis scripting agent aix nodejs android