Solved: Vip Cluster Activegate shared

dcinciripini · ‎11 Apr 2023

Hello everyone,

we have a customer who would like that as Cluster Activegate's vip is used an existing one used to receive Matomo traffic in order to minimize access points in the event of a cyber attack.

Everything would be managed by a load balancer that should be properly configured but I fear that, even in that case, sharing the vip could lead to traffic distribution problems between Matomo and Dynatrace.

What do you think? Have you ever had experience with a similar structure?

Yosi_Neuman · ‎12 Apr 2023

Hi @dcinciripini

This should work with no problems as design and experienced at few customer sties.

HTH

Yos

dynatrace certificated professional - dynatrace master partner - Matrix Soft Ware Division - Israel

dcinciripini · ‎08 May 2023

Hi Yosi,

Thanks for your answer. I have another question about this setup:
If the ssl terminates on the balancer, is it still necessary to insert the ssl certificates in the Cluster Activegates?

In this community post: (https://community.dynatrace.com/t5/Real-User-Monitoring/Not-seeing-agentless-RUM-traffic-in-Dynatrac...)

and in this part of the documentation it seems like it is needed (https://www.dynatrace.com/support/help/managed-cluster/basic-concepts/managed-deployment-scenarios#s...)

but I don't understand why

dcinciripini · ‎08 May 2023

I explain myself in a better way:
Would it be possible, since the load balancer will terminate the ssl, to transfer the traffic from the load balancer to the CAG in http instead of https (thus avoiding putting the ssl certificate on the activegate clusters) or https traffic is mandatory also between load balancers and CAG?

Thanks in advance,
Davide

Yosi_Neuman · ‎08 May 2023

Hi @dcinciripini

From Required configuration for each traffic case its look like that for some use cases you need to have certificate from end to end

Yos

dynatrace certificated professional - dynatrace master partner - Matrix Soft Ware Division - Israel