were planning to start the work on the Dynatrace Managed, therefore, looking forward
for your expert advices in regard of design as we have a Production and Pre-production
we go with the two different architectures or can we have a single architecture
to accommodate both environments?
has been tried this scenario?
are the best practices for the multiple environments?
Solved! Go to Solution.
both scenarios are feasible and implemented in practice. Since Dynatrace supports multi-tenancy, there is no problem with accommodating multiple environments in one cluster. These will be then separate from monitoring and analysis perspective, can have separate private security gateways if there is network separation between pre-prod and prod.
A risk involved is that you cannot stage the updates of Dynatrace cluster itself - new version will be applied to both pre-prod and prod. If such risk is not acceptable, then customers make the effort to go for separate clusters for various development stages.
Thank you for sharing the overlooked area in my first question about the Dynatrace update itself.
I will take the opportunity to know something more about the security gateways. In case we have more than one network zones and each zone has a firewall so in this situation we should go with the multiple security gateways or one will be sufficient.
Can we put the security gateway in the DMZ?
You will need to have multiple SGs to guarantee that agents have at least one communication point to the cluster. Across all SGs agents will try to communicate with the first one feasible in round robin fashion.
that may also help:
Hello @Radoslaw S.
Thank you for this information and I will also look into the shared documentation link.
Please correct my understanding in case I am thinking wrongly. What I understood that we can install one Security Gateway in the DMZ to receive the traffic from OneAgent/agentless RUM/Synthetic and for the Mission Control purposes and remaining Security Groups in the each network zone.
Security Gateway is just for monitoring purposes - agent, rum, sythetic, mobile...
To Mission Control you need either direct either proxied connection. In your case probably a proxy server in DMZ.