question

Babar Q. avatar image
Babar Q. asked ·

Scenario 2: Pure Dynatrace Managed setup

Dear All,

Do we need two public IP addresses in case of two Cluster ActiveGates?

Do we need two Valid SSL certificate for Mobile RUM (external) in case of two Cluster ActiveGates?

Anything I missed to ask, please include in your responses, thank you.

Regards,

Babar

configurationDynatrace Managedadministrationactivegate
10 |2000000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 50.0 MiB each and 250.0 MiB total.

1 Answer

Sebastian K. avatar image
Sebastian K. answered ·
In general you don't need two public endpoints because you are routing application during instrumentation to particular uri. If this will be uri of one cluster activegate that has public ip this will work as well.


If you cover Activegate behind domain you should provide valid SSL certificate. You can do as well what we have done. In our aproach we have:

F5 with certificate => Cluster ActiveGate (sels signed, here it doesn't metter because f5 has valid cert) => Dynatrace Managed.

Sebastian

10 comments Share
10 |2000000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 50.0 MiB each and 250.0 MiB total.

Hello @Sebastian K.

Thank you for your usual prompt response.

In case the published Cluster ActiveGate is not available due to any reason then what will be next step?

In case the Cluster ActiveGate in not behind domain then what is our next option?

Regards,

Babar

0 Likes 0 · ·

Beacons from mobile app will not reach dynatrace and I think you will loose data after some time.

If you don't have domain I think you will not be able to add certificate to AG. In such case you can open http communication on this component, and send data like this. You can try making self signec cert and setup in app parameter DTXAllowAnyCert to true.

Sebastian

0 Likes 0 · ·

Hello @Sebastian K.

We are more interested in Synthetic Monitoring along with Mobile App, consequently, don't want to lose any data. How to overcome this?

For the Mobile RUM (external) data, I will discuss with the network team to place the Cluster ActiveGate behind the F5.

F5 with certificate => Cluster ActiveGate (sels signed, here it doesn't metter because f5 has valid cert) => Dynatrace Managed.

In the above scenario, you have a single Cluster ActiveGate or more.

Regards,

Babar

0 Likes 0 · ·

We have one, but you can always use F5 as LB and have multiple ClusterActive Gates if you need. Then in situation of problems with AG you always have fallback and F5 will redirect traffic to working node automatically.

Sebastian

0 Likes 0 · ·

Hello @Sebastian K.

For certificate, I will definitely discuss with the network department to make sure we have an HA for the mobile traffic monitoring.

Do you have any recommendation for the below?

We are more interested in Synthetic Monitoring along with Mobile App, consequently, don't want to lose any data. How to overcome this?

Regards,

Babar

0 Likes 0 · ·

Actually for our environments AG never had any issues with working so mostly we are using single AG configurations. If you want using synthetic I don't know if robots are able to send data without proper SSL certificate.

Sebastian

0 Likes 0 · ·

Hello @Sebastian K.

I explained the scenario to the network team and they told me that 1 Public IP and 1 Certificate should work for you.

Regards,

Babar

0 Likes 0 · ·

Thx but I don't have any issues right know :)

0 Likes 0 · ·

Hello @Sebastian K.

The word 'YOU' was for me :)

Please correct my understanding of the Cluster ActiveGate URL.

The configured URL will be the published one e.g. https://www.abc123.com or will remain the local FQDN.

Regards,

Babar

0 Likes 0 · ·

FQDN isn't public so public endpoint should be marked as public domain or subdomain.

Sebastian

0 Likes 0 · ·