Hi, we have multiple application sites in our environment and we have private security gateway servers installed in each of the sites. I would like to know if I can restrict servers in site A to point o the private security gateway in site A only and similarly, restrict servers in site B to connect to security gateway server in site B only. If security gateway server in site A goes down, we will not want the OneAgents to connect to site B, we are willing to risk losing data (or we will create 2 security gateway servers per site for failover). We do not want multiple tenants. Please advise if this is possible and if you can point me to any articles, it would be appreciated.
Solved! Go to Solution.
Hey @Barry L.,
As of today, as soon as the OneAgent connects to the cluster it will get a list of all SGWs and it will cycle through the list until it finds a SGW to connect to. (Internal priority: Private > Public Managed > Public)
Our R&D department is working on a solution to route agent traffic to specific SGWs. I heard that this feature should arrive around Q3 of 2018.
The current workaround is to put firewall rules in place that prevent the agent from connecting to SGWs that you don't want it to connect to.
I hope that helps.
As Max mentioned, this has to currently be done using firewall rules. I just wanted to add here to confirm that we do this pretty extensively currently at my deployment and it works nicely. You can put rules on the hosts with agents to only allow sending over the SGW port (9999) to the IP address of your gateway.
Hi Hayden - Just curious on how you put rules on the hosts with agents to only allow .... without setting the network firewall rules? Were you talking about the OS firewall rules to block outbound to other SGWs ?
This feature is currently in a closed Private Preview program. There isn't a specific ETA to share right now, but please be sure that the team is working on getting this feature to GA!
There's currently a workaround:
in file /opt/dynatrace/oneagent/agent/conf/ruxitagentproc.conf locate the line starting with
and append the AG URL's in the priority you want them to be used e.g.
We use this in order to speed-up container deployments with K8s app-only monitoring as otherwise the oneagent would try several unreachable AG's (waiting for connection timeouts to occur with each attempt) which will delay the whole container startup for no good reason.