Showing results for 
Show  only  | Search instead for 
Did you mean: 

Azure and Security Gateway


If we are monitoring an application in Azure, does OneAgent go through our private security gateway and then to Dynatrace, or does One Agent report back directly, via an API, to Dynatrace bypassing the security gateway? Our security team would like to know how this is done.


Dynatrace Leader
Dynatrace Leader

OneAgents will always prefer Environment ActiveGates (FKA Private Security Gateways) if they are available. If none are available they will try to use the Cluster ActiveGates (only relevant for Managed) and if there are none of those available it will attempt to send data directly back to the Cluster/Server.

You can see the details for priority here.

ActiveGate hub page here.



I don't understand. If we are using PaaS to setup application monitoring for an application in Azure, we would install OneAgent in Extensions, and add the tenant URL and token. Does OneAgent here still communicate to our on-prem security gateway, or does it communicate directly with our Dynatrace tenant? What is the security for this?

If you have an ActiveGate (Security Gateway) that is reachable by OneAgents then yes it will try to use those first. It will only try to send data to the cluster directly if that is not reachable - of course this all is dependent on whether the different components are reachable etc...

When you install the OneAgent it gets a list of all the ActiveGates currently connected to the cluster at the time the installer is downloaded. It can use and will prioritize ActiveGates starting with the initial connection if available.