07 Oct 2024 04:10 AM
Hello everyone,
I am planning to implement Dynatrace Managed (On-Prem). The architecture diagram is attached.
Here’s the current situation:
My questions are:
I would appreciate your suggestions and assistance. Thank you.
Solved! Go to Solution.
07 Oct 2024 06:19 AM - edited 07 Oct 2024 06:27 AM
Hi @agylpradipta,
You should use network zones to separate the traaffic.
Network zones - Dynatrace Docs
You should use Environement AG. I recommend containerized Env AG in the Kubernetes clusters (containerized AG numbers depends on the size of the Kubernetes cluster), at least one not containerized ENV AG / newtork zone for run extensions.
Regarding the conatinerized ENV AG, at ClassicFullStack and CloudNativeFullStack you can configure it in the Custom resource yaml. At AppOnly instrumentation you can create manually an ENV AG:
Manually deploy ActiveGate as a StatefulSet - Dynatrace Docs
I hope it helps.
Best regards,
Mizső
07 Oct 2024 07:01 AM
Hello @agylpradipta
Thanks @Mizső for your valuable inputs as usual.
First of all, you should put careful consideration for the below point as per Dynatrace best practices:
Hoping this quick info adds value.
KR,
Peter.
07 Oct 2024 08:30 AM
Thank you, @Mizső and @Peter_Youssef, for your feedback.
There are a few things I'd like to confirm regarding the suggestions you've provided:
Thank you.
07 Oct 2024 09:59 AM - edited 07 Oct 2024 10:37 AM
Hello @agylpradipta
As simple as that:
As per the attached example you will get the idea
Regarding the last point (3):
KR,
Peter.
07 Oct 2024 07:35 AM
Hi @Peter_Youssef ,
Above 2 pretty much nail it on the head.  Your network design approach will work. 
The only real architectural consideration is splitting the AG out based on functionality.  This is critical for redundancy and capacity.   
Depending on requirements, you should really consider having a min of 2 'routing' AG for agent traffic capacity and redundancy and at least 1 for running extensions (as mentioned above).  Extensions can be resource intensive.
In addition to this, you might also want to consider an 'API' Active Gate if required for pushing metrics / otel,  pulling agents / images or querying data as this can be resource intensive as well.   
Obviously, size of what your monitoring and budget comes into this, but keep in mind, you will eventually hit a practical limit on the size of node / host and performance issues will kick in if you try and go it all on a single deployment.  Not to mention Life Cycle Managment; you don't want to take out all your monitoring by having to bounce a single routing active gate. 
The rest (including AG functionality) is configuration. 
One thing that will be critical on a deployment like this is using AG Groups and Network zones, this to prevent both the agents and extensions from trying to reach out to the wrong network segments.
'Default' extension groups will run on all Active Gates, until they find one that works.
All Agents by default have DNS and IP entries for all available Active Gates and Dynatrace endpoints.  Same principle above occurs where agents will try and communicate to wherever until successful.   
Making sure that you use Active Gate Groups, configuring agent deployments with network zones and setting 'drop traffic' configurations on your Network Zones will reduce incorrect network traffic and unwanted failed log entries.
23 Jun 2025 05:04 PM
Hello,
in addition to previous response you will need to setup ActiveGate communication with this configuration:
(see https://docs.dynatrace.com/docs/shortlink/ag-container-configuration#load-balancer-between-activegat... and https://docs.dynatrace.com/docs/shortlink/activegate-reverse-proxy#configure-activegate-to-use-rever...)
