We have a VIP sitting in front of a cluster of 2 cluster activegates. This VIP has a public ip address and will be used to collect Mobile, Browser RUM metrics. We have a certificate for the two cluster activegates. Do we install the certificate on the VIP as well?
If VIP can pass through SSL traffic to active gate, it should be enough. But more often is case when LB has own wildcat certificate and after it traffic is passed even with self signed one. Some of our client has F5 on front, after it traffic is passed with http without ssl.
You know that mobile application can report beacons to mobile app API endpoints and in such case you don't need cluster active gate? This is setting that can be turned on on applications settings. The same story is by default for web applications. Only agentless rum monitoring needs cluster active gate because there is no agent placed on We server.