Solved: Best practice for ActiveGate balancing across separate datacenters?

jose_araya · ‎13 Apr 2023

Hello, we are facing a new implementation of Dynatrace and we have plenty of infrastructure to be monitored (virtual and physical hosts, load balancers, network devices, storage appliances, mid-range servers i Series, etc...).

All of this is distributed across 3 separate datacenters (1 in cloud 2 on-premise).

What is the best recommendation when defining how many ActiveGates per location and their balancing?

Best regards,

Jose.

Mohamed_Hamdy · ‎13 Apr 2023

Hi @jose_araya,

Usually, I'm using two ActiveGates for high availability for routing and AG extensions (note that some extensions required higher resources), and based on the requirements and if you are going to monitor the non-prod environment without AG extensions you create two environments one for prod and another one for non-prod.
in this case, you can use two environmental ActiveGates (one dedicated for Prod and the other one shared between Prod and non-prod (multi-environment ActiveGate))
in some cases and based on the customer requirements if the non-prod is important and you will install extensions in a non-prod environment, you can have three Env ActiveGates (one dedicated for Prod and the second one dedicated for non-prod and the third one will be shared between the environments (multi-environment ActiveGate))

the conclusion is that you can use multi-env ActiveGate to minimize the number of used dedicated ActiveGates in case you have more than one environment but keep in mind that the function of the multi-env ActiveGates is to route OneAgent traffic

I'm not sure if you are going to use cluster ActiveGates or not, for on-prem locations (Dynatrace Managed) if there is DMZ and traffic received from an external network, you can use two cluster ActiveGates for high availability as well.

also, don't forget the synthetic private location (ActiveGate), that you might need to use in case you have synthetic monitoring included in the scope and you have internal applications that are not accessible from the public network and if there is an application with authentication via Microsoft Azure AD (for apps with AD authentication you need to use Windows ActiveGate as private location and apply some configurations to use browser clickpath ).

I hope this will help you, note that the number and type of the required ActiveGates will be based on the design and scope.

Certified Dynatrace Professional | Certified Dynatrace Services Delivery - Observability | Dynatrace Partner - yourcompass.ca

jose_araya · ‎14 Apr 2023

Excellent! Thank you very much for your recommendations! And we'll be defining also the network zones.

We do require at least one private synthetic enabled AG, and the others would be mostly focusing on balancing traffic and running extensions.

Much appreciated.

AntonioSousa · ‎14 Apr 2023

@jose_araya,

Please take a careful look at "Network Zones", as it should be particularly important in your use-case:
https://www.dynatrace.com/support/help/manage/network-zones

Antonio Sousa

Kor01 · ‎14 Apr 2023

I don't know if this is "best practice" but here's what we run:

We have 2 large onprem datacenters and a large single cloud presence. We run 7 activegates in each data center (3 for oneagent proxying, 2 for extensions, 2 for synthetics). We would probably be fine with just one for each, but we want redundancy.

And for cloud we have 26 AGs running in 2 regions. We have several network zones in the cloud that we need to cover, plus more extensions (AWS, kubernetes, Otel ingestion), private synthetic locations, and we also have redundancy there too.

Its a lot of infrastructure, but they hum along fine 99.9% of the time. Only bigger issue we've had was our own configuration issue, but we found and fixed that and they've behaved ever since.