I have two completely segregated parts of my network, one with access to the internet where I've already installed an ActiveGate (to collect my Azure traffic) and to relay Dynatrace data between my oneagents and the SaaS Dynatrace. I have another network segment that has no access to the internet or the outside world (and it needs to stay that way) where I need to monitor applications.
Can I install another ActiveGate within that isolated segment, point all of the agents to talk to it, and then have it talk to the primary ActiveGate (as a sort of proxy)? Or do I have to give the isolated ActiveGate a path through the firewall to reach the Dynatrace home?
Solved! Go to Solution.
The only scenario where something like that can work is if it's an Environment AG talking to a Cluster AG as noted here. If they are both Environment AGs that will not work.
Note that if needed you can configure a true proxy for the AG to use.
So I'll need to stand up a new Cluster ActiveGate within my internet-accessible environment, then point my existing Environment ActiveGate (which monitors Azure) to it, then stand up another Environment ActiveGate within my siloed environment, and whitelist traffic between the Cluster ActiveGate and the siloed ActiveGate? Like the diagram here https://www.dynatrace.com/support/help/setup-and-configuration/dynatrace-activegate/basic-concepts/s...
Does that sound right?
Edit: Dynatrace SaaS does not have Cluster ActiveGates. Environment ActiveGates do not function as a proxy for other Environment ActiveGates. The isolated ActiveGate needs to directly communicate to the Dynatrace Server or via an actual proxy.
Am I able to have two Environment ActiveGates? One in my connected network and one in my isolated network? Or will I have to whitelist a bunch of traffic between Azure, Dynatrace SaaS, and my isolated ActiveGate?
You can have as many Environment AGs as you want and OneAgents will make use of any that they can reach, but Environment AGs cannot send data back through another environment AG. Only through a cluster AG (if Managed) or directly to the Dynatrace server nodes.