According to the documentation (Link) both a Cluster and an Enterprise AG is required for a managed deployment. I'm puzzled by this statement given that installation of AGs are optional - looks to be an error in the documentation. Can somebody clarify what the difference between an Enterprise and a Cluster AG is? We have several Cluster AGs configured but no Enterprise AG. Also, I have read elsewhere on the forum that Cluster AGs were formerly called "Public AGs"... is that correct? It seems to me that the Cluster AGs are what would be considered to be a "Private" AG (some of the older ViLT material I have shows a diagram in which a Managed deployment has a Private AG).
It really depends on the features you want/need to use.
Cluster ActiveGate is exists only for Dynatrace Managed.
Environment ActiveGate (previously called Private Gateway, applies for both SaaS and Managed) is used mostly for proxying firewall communication as it aggregates agent traffic. Typically it is for a single environment only, but it can be configured to serve multiple environments within a Dynatrace cluster. It is also required for
Sometimes it is also mentioned that it is required for VMWare monitoring, but the gateway on the Managed cluster node itself is sufficient for this purpose (valid only for Dynatrace Managed, for SaaS you need to have and ActiveGate for VMWare monitoring).
This page may help you to decide if you need Environment Active Gate https://www.dynatrace.com/support/help/deploy-dyna...
Thank you for your detailed comments. Regarding the link
provided, I had reviewed that previously; it’s unfortunate that it does not
provide any clarifications of what an Enterprise or a Cluster AG is… it simply
makes reference to ActiveGates in general. It would be nice if the
documentation was updated to make the role of these two AG types clear. I found
another page (https://www.dynatrace.com/support/help/deploy-dynatrace/managed/installation/managed-deployment-scen...)
that provides some details related to Cluster and Environment AGs.
My understanding is that the main purpose of configuring
an Environment AG would be when you want to deploy agents in an external
network and need the AG to be a proxy for the configuration of the
inter-network communications. In our deployment we have Cluster AGs configured
in the DMZ which provide a similar proxy function in facilitating a single
point of Firewall rule configuration to allow for communication of the agents
in the DMZ to the cluster on the main internal network.
Yes, that statement in your link is definitely a documentation error. If you have Managed you might need both types depending on your environment and the features you want to use. One hidden point - there is actually an ActiveGate running on the cluster node itself - that's why you don't need the environment ActiveGate to monitor VMWare on Managed.