cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Load balanced cluster activegates for mobile RUM

alejandro_herna
Organizer

We will implement a Dynatrace Managed architecture as described on scenario 3 on documentacion:

https://www.dynatrace.com/support/help/shortlink/managed-deployment-scenarios#scenario-3-integration...

That is, 2 cluster ActiveGates balanced by an F5 load balancer. What is the required configuration on Dynatrace for this deployment? just communication settings that need to be done on Dynatrace Managed, we already know how to instrument the mobile app. We want a use the certificate provided by Dynatrace for the Cluster ActiveGate URL

7 REPLIES 7

Hi Alejandro, we have a customer with the same setup. 
I believe the base with pointers is already described in this topic:
How to use Cluster Active Gates with Load Balancer for Agentless Monitoring - Dynatrace Community

 

Mind you, you will want to load the SSL certificate on the loadbalancer, and configure in Managed the endpoint to be the address, logical (e.g. cag.yourcompany.com), of the loadbalancer.
Technically the loadbalancer can forward to CAG's unsecured (http port need to be enabled) or secured to the https port (9999). I don't think that the F5 LB needs a proper certificate on the CAG's.

Another thing to be aware of: the default port for CAG is port 9999. But since that is not a common port, and in lots of organizations would require opening it in firewalls for outgoing connections, it's strongly suggested to open the public side of the loadbalancer on port 443. (e.g. cag.yourcompany.com:443)

I have learned, since the customer has the F5 Loadbalancer combined with the F5 Application Security Manager (ASM), as WAF, that the strict policies applied needed additional configuration/loosening in the WAF to properly enable Agentless RUM and Synthetic data to be delivered to the Managed Cluster Activate Gates. Else CORS errors will show (F12) in wegpages with agentless rum Javascript inserted, or synthetic test results from public locations not received.

Also another question, do we need to set the DNS entry of the load balancer on the cluster activeGates?

alejandro_herna_0-1634225273014.png

 

No, you don't need to set this. Actually, the dnsEntryPoint configuration option is for publishing this value for OneAgents to connect. This will be propagated into the server address list.

TEMPEST a.s., Slovakia, Dynatrace Master Partner

Thank you @Julius_Loman! do we need to set any type of persistence/stickiness on the load balancer?

@alejandro_herna  answer from @fstekelenburg  is very accurate, especially highlighting the WAF. Actually, I recently ran into a bug on the F5 firmware when it blocked beacons from Synthetics tests. 

I would highly recommend close cooperation with the F5 administrators on your side as there can be really strange reasons for some data not reaching the Cluster ActiveGates due to some F5 settings.

TEMPEST a.s., Slovakia, Dynatrace Master Partner

alejandro_herna
Organizer

Thank you, does any type of persistence need to be set on the Load balancer?

 

No, there is no requirement for any sticky sessions. You can choose load balancing algorithm of your choice.

TEMPEST a.s., Slovakia, Dynatrace Master Partner