cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Connectivity schemes for ActiveGates? Bi-directional or uni-directional?

AK
Advisor

Hi Folks,

 

As I got to know from support that, the communication between ActiveGate and DT SaaS, and OneAgent to ActiveGate should be bi-directional however, arrows in following diagram shown uni-directional (one direction).

Is it the case that, just to seek configuration of ActiveGate (first time connection), communication from DT SaaS to ActiveGate over 443 is also needed? It is the same case for ActiveGate to OneAgent for 9999 port?

And as this connection is just one time connection hence arrows are shown in one direction in documentation? 

 

AK_0-1631892892218.png

Can someone throw some light on this please.

 

Regards,

AK

3 REPLIES 3

dave_mauney
Dynatrace Champion
Dynatrace Champion

It is actually all uni-directional: from the OneAgent to the ActiveGate to the Cluster Nodes. 

 

Below are some links that might help:

https://community.dynatrace.com/t5/Dynatrace-Open-Q-A/Communication-between-OneAgent-amp-ActiveGate-... 

 

https://www.fastvue.co/tmgreporter/blog/what-exactly-are-bi-directional-firewall-rules-and-when-do-y... 

 

 

Thanks for your reply @dave_mauney,

However, I was informed by support that, bi-directional communication is required here.

 

Following were the further words from support,

Outgoing rule for port 443 is required for the ActiveGate to communicate with the cluster. The incoming rule is set on our (dynatrace) end for inbound requests on the cluster.

 

The incoming port that the ActiveGate will use for inbound communication is going to be determined automatically during the TCP handshake, and does not need to a inbound rule created on your firewall.

 

Conclusion here is,
Communication between AG and DT SaaS is technically bi-directional however, while raising a firewall request (with internal network team) for ActiveGate it is always outbound. We don't need to take care of any incoming connection or request.

 

Regards,

AK

Dynatrace uses HTTP for communication which uses of course TCP. This implies communication patterns in Dynatrace are always unidirectional - in terms of how the connection is established.

TEMPEST a.s., Slovakia, Dynatrace Master Partner