cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Active gate in DMZ using proxy

sangeetha_mitta
Organizer

Hi

Could you please help with the clarification on the below?

We are in a process of installing Active gate in DMZ. Customer is saying, there is not internet connection to DMZ, and connection should be made through proxy.

Here, we want to understand

1. Firstly, if we are using proxy to connect to active gate, what is the need to install active gate in DMZ? We can directly connect through proxy.

2. Secondly, if we use proxy, SaaS will not be able to deploy anything as it one way communication from ActiveGate to SaaS

Please give us some detailed explanation on the above two. We are really confusing to understand the concept

Thanks&Regards

Sangeetha


7 REPLIES 7

1) Active gate is compresing data up to 70%. So you can have less overhead for network infrastructure. For Java and node.js applications active gate helps you with providing options for memory dumps. Another thing are active gate plugins that can be executed.

2) If there is no direct connection to cluster, you always have option of downloading binary from cluster locally and installing them by uploading to proper server. Your proxy settings has to have option not only for sending data to cluster on proper port. There also has to be communication with cluster on 443 to be able to download updates later.

Sebastian


Thank you Sebastian.

I got clarification on second question. Still I have little bit confusion on active gate in DMZ zone

When we are using proxy we can install active gate directly in VLAN. Than what is the significance of DMZ here?

Thank you

Sangeetha


Active Gate is really helpful in DT Managed because in such case we are not exposing servers via proxy to cloud, we are calling our local server. In such case you have only one network rule to make for active gate, not for all hosts in DMZ.

For me it is always better to setup things like proxy on single independent component like ActiveGate, not for monitored hosts. In such case monitoring should be independent of hosts creation, adding nodes, deployment etc. Connection is still established.

Sebastian


Hi Sebastian

Thank you

From your above comments what I understood, in case of DT Managed, it is better to setup proxy.

Please confirm in case of SaaS which approach is better. Below is the original question from customer

Question:

2 Options we have right now for ActiveGate Server.

  1. DMZ network, but no direct
    internet access. Should use proxy
  2. No DMZ, but has direct
    internet access

Which one is best practice for
keeping ActiveGate servers in DC for OneAgent SaaS.

Thanks&Regards

Sangeetha


I would put AG in DMZ and config proxy on it.


Julius_Loman
Leader

In addition to @sebastian k.'s answer to the 2) - communication is always unidirectional (agent -> activegate -> dynatrace server, either via proxy or not). Also, agents and ActiveGates maintain persistent connection, thus any configuration changes are propagated fast (typically within seconds).


TEMPEST a.s., Slovakia, Dynatrace Master Partner

Thank you Julius