This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
FAQ
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Dynatrace Saas - Active gate configuration

Go to solution
sangeetha_mitta
Organizer

‎29 Jan 2019 12:40 PM

Could you please clarify on the below question?

Currently we are configuring active gate for Dynatrace SaaS.

Customer is asking for strong clarification on "Why Active gate servers should be in DMZ"

Could you please clarify?

Thanks&Regards

Sangeetha


Labels:
0 Kudos
Reply
3 REPLIES 3

Go to solution
JamesKitson
Dynatrace Guru
Dynatrace Guru

‎29 Jan 2019 07:31 PM

ActiveGates in SaaS are going to be communicating with an external network (in this case the internet) as we're sending data from the OneAgents to Dynatrace SaaS. In this case the ActiveGate is the only component that needs to be exposed to the Internet in any way. It is simply a common best practice in these scenarios to deploy such hosts in a DMZ as an additional layer of security. The description of the purpose of a DMZ from Wikipedia should make it clear that it applies here:

"In computer security, a DMZ or demilitarized zone (sometimes referred to as a perimeter network or screened subnet) is a physical or logical subnetwork that contains and exposes an organization's external-facing services to an untrusted network, usually a larger network such as the Internet.The purpose of a DMZ is to add an additional layer of security to an organization's local area network (LAN): an external network node can access only what is exposed in the DMZ, while the rest of the organization's network is firewalled. The DMZ functions as a small, isolated network positioned between the Internet and the private network and, if its design is effective, allows the organization extra time to detect and address breaches before they would further penetrate into the internal networks."


0 Kudos
Reply

Go to solution
sangeetha_mitta
Organizer
In response to JamesKitson

‎30 Jan 2019 08:23 AM

Thank you so much for the clarification


0 Kudos
Reply

Go to solution
dave_mauney
Dynatrace Champion
Dynatrace Champion

‎30 Jan 2019 04:34 PM

I believe an Environment AGs only needs to be placed in the DMZ if it's going to be receiving agent traffic from the public internet. AGs that simply send agent traffic from on-premise to the SaaS cluster need not be deployed in the DMZ.


0 Kudos
Reply
Ask a question

Featured Posts