This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
FAQ
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Looking to upgrade from Dynatrace Managed to SaaS? See how

Load balanced cluster ActiveGates for mobile RUM

Go to solution
alejandro_herna
Helper

‎13 Oct 2021 04:56 PM - last edited on ‎15 Jun 2023 01:36 PM by Community Team

We will implement a Dynatrace Managed architecture as described on scenario 3 on documentacion:

https://www.dynatrace.com/support/help/shortlink/managed-deployment-scenarios#scenario-3-integration...

That is, 2 cluster ActiveGates balanced by an F5 load balancer. What is the required configuration on Dynatrace for this deployment? just communication settings that need to be done on Dynatrace Managed, we already know how to instrument the mobile app. We want a use the certificate provided by Dynatrace for the Cluster ActiveGate URL

0 Kudos
Reply
7 REPLIES 7

Go to solution
fstekelenburg
DynaMight Pro
DynaMight Pro

‎14 Oct 2021 12:01 PM

Hi Alejandro, we have a customer with the same setup. 
I believe the base with pointers is already described in this topic:
How to use Cluster Active Gates with Load Balancer for Agentless Monitoring - Dynatrace Community

 

Mind you, you will want to load the SSL certificate on the loadbalancer, and configure in Managed the endpoint to be the address, logical (e.g. cag.yourcompany.com), of the loadbalancer.
Technically the loadbalancer can forward to CAG's unsecured (http port need to be enabled) or secured to the https port (9999). I don't think that the F5 LB needs a proper certificate on the CAG's.

Another thing to be aware of: the default port for CAG is port 9999. But since that is not a common port, and in lots of organizations would require opening it in firewalls for outgoing connections, it's strongly suggested to open the public side of the loadbalancer on port 443. (e.g. cag.yourcompany.com:443)

I have learned, since the customer has the F5 Loadbalancer combined with the F5 Application Security Manager (ASM), as WAF, that the strict policies applied needed additional configuration/loosening in the WAF to properly enable Agentless RUM and Synthetic data to be delivered to the Managed Cluster Activate Gates. Else CORS errors will show (F12) in wegpages with agentless rum Javascript inserted, or synthetic test results from public locations not received.

Kind regards, Frans Stekelenburg                 Certified Dynatrace Associate | measure.works, Dynatrace Partner
Reply

Go to solution
alejandro_herna
Helper
In response to fstekelenburg

‎14 Oct 2021 04:27 PM

Also another question, do we need to set the DNS entry of the load balancer on the cluster activeGates?

alejandro_herna_0-1634225273014.png

 

0 Kudos
Reply

Go to solution
Julius_Loman
DynaMight Legend
DynaMight Legend
In response to alejandro_herna

‎14 Oct 2021 05:23 PM

No, you don't need to set this. Actually, the dnsEntryPoint configuration option is for publishing this value for OneAgents to connect. This will be propagated into the server address list.

Certified Dynatrace Master | Alanata a.s., Slovakia, Dynatrace Master Partner
Reply

Go to solution
alejandro_herna
Helper
In response to Julius_Loman

‎14 Oct 2021 05:26 PM

Thank you @Julius_Loman! do we need to set any type of persistence/stickiness on the load balancer?

0 Kudos
Reply

Go to solution
Julius_Loman
DynaMight Legend
DynaMight Legend
In response to fstekelenburg

‎14 Oct 2021 05:27 PM

@alejandro_herna  answer from @fstekelenburg  is very accurate, especially highlighting the WAF. Actually, I recently ran into a bug on the F5 firmware when it blocked beacons from Synthetics tests. 

I would highly recommend close cooperation with the F5 administrators on your side as there can be really strange reasons for some data not reaching the Cluster ActiveGates due to some F5 settings.

Certified Dynatrace Master | Alanata a.s., Slovakia, Dynatrace Master Partner
Reply

Go to solution
alejandro_herna
Helper

‎14 Oct 2021 04:09 PM

Thank you, does any type of persistence need to be set on the Load balancer?

 

0 Kudos
Reply

Go to solution
Julius_Loman
DynaMight Legend
DynaMight Legend
In response to alejandro_herna

‎14 Oct 2021 05:24 PM

No, there is no requirement for any sticky sessions. You can choose load balancing algorithm of your choice.

Certified Dynatrace Master | Alanata a.s., Slovakia, Dynatrace Master Partner
Reply
Ask a question

Featured Posts