I have 5 different physical networks where an ActiveGate would need to be installed. These networks are not connected for security reasons.
How does the OneAgent connect to the corresponding ActiveGate within the network?
Does it wait for the first response from the list of ActiveGates in its configuration? If so, is there a way to configure the client to connect to a specific ActiveGate?
(Also note: We'd like to have a pair of ActiveGates in each network for redundancy.)
Solved! Go to Solution.
The agents know all security gateways (and all possible connection points like host-name, ip addresses) and uses those which it can connect to. In case multiple security gateways are reachable from an agent is uses them round robin. So in your case just install two security gateways in every physical network to get fail-over as well
In Dynatrace Managed you can install two different kinds of Security Gateways. A Private Security Gateway, which serves just one environment (tenant) or a Public Security Gateway, which serves all existing environments. The Security Gateways which are pre-installed on cluster nodes are public ones. So I guess what you are looking for is the Managed Public Security Gateway.
One stupid question. What is the difference between a public and a private Security Gateway? I learned myself, that the install script downloaded from the admin pane, pgw*.sh, is not shown in the deployment status from the normal view. The Security Gateway install script from the deployment status ist not shown in the clusteradmin view.
Which SGW is for what purpose?
Actually a public SGW can never be installed by the user (maybe I should not have mentioned it here). It is part of our Saas infrastructure and also present an all cluster nodes of dynatrace managed. For Saas you can only install private SGWs which are just for exactly one tenant/environment. For managed you can choose between a private SGW (does exactly the same as the Saas version) and a public managed one. The latter supports all the environments of the cluster.
if one has two security gateways and one security gate is deinstalled, how long do the information for the ruxit persist?
I noticed, that after uninstalling one of both security gateways the IP addresses persist in the ruxitagent.conf. In my case lead this to errors while httpd parse his configuration files. ,-(
Good Morning, @Helmut S..
We notice one wired thing:
We hat installed a Security Gateway accidentally on a wrong server, but it connected well with the Dynatrace Server. I uninstalled it afterwards I installed a Security Gateway on the right server (the right server is in a DMZ, the wrong server not).
Anyway, if the Security Gateway is offline, the OneAgent on a Server inside the DMZ may not connect to the Dynatrace server (for sure) and after starting the OneAgent, a monitoried Apache 2.2 runs well.
If the Security Gateway inside the DMZ is online AND the OneAgent is restarted, it finds the Security Gateway and get a new ruxitagent.conf with additionally wrong information for the Server directive. If this happens, the OneAgent breaks the httpd.conf of the Apache 2.2 and it will not reload/restart anymore.
We do not notice it with Apache 2.4 and we have in this case an appliance using the older version; we cannot update without breaking the support for the appliance.
Is there a way to flush the Security Gateway information inside the Dynatrace Server?
Hi @Helmut S.,
I did. The status is to wait at least 48h, because the SGW are memoried for two day (as they said in the ticket) and try it again afterwards and look for errors we noticed yesterday.
We will see and I will let you know the news.
Hi @Helmut S.,
just only to keep you informed.
We lost the old and wrong information and the ruxitagent.conf seems to be ok. As the result does the Apache 2.2 have a working configuration and everything seems to be ok.
The time is 48h until the wrong information disappear.