We will implement a Dynatrace Managed architecture as described on scenario 3 on documentacion:
That is, 2 cluster ActiveGates balanced by an F5 load balancer. What is the required configuration on Dynatrace for this deployment? just communication settings that need to be done on Dynatrace Managed, we already know how to instrument the mobile app. We want a use the certificate provided by Dynatrace for the Cluster ActiveGate URL
Solved! Go to Solution.
Hi Alejandro, we have a customer with the same setup.
I believe the base with pointers is already described in this topic:
How to use Cluster Active Gates with Load Balancer for Agentless Monitoring - Dynatrace Community
Mind you, you will want to load the SSL certificate on the loadbalancer, and configure in Managed the endpoint to be the address, logical (e.g. cag.yourcompany.com), of the loadbalancer.
Technically the loadbalancer can forward to CAG's unsecured (http port need to be enabled) or secured to the https port (9999). I don't think that the F5 LB needs a proper certificate on the CAG's.
Another thing to be aware of: the default port for CAG is port 9999. But since that is not a common port, and in lots of organizations would require opening it in firewalls for outgoing connections, it's strongly suggested to open the public side of the loadbalancer on port 443. (e.g. cag.yourcompany.com:443)
No, you don't need to set this. Actually, the dnsEntryPoint configuration option is for publishing this value for OneAgents to connect. This will be propagated into the server address list.
@alejandro_herna answer from @fstekelenburg is very accurate, especially highlighting the WAF. Actually, I recently ran into a bug on the F5 firmware when it blocked beacons from Synthetics tests.
I would highly recommend close cooperation with the F5 administrators on your side as there can be really strange reasons for some data not reaching the Cluster ActiveGates due to some F5 settings.