FAQ
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

What happens when all security gateway accidentally stopped?

nkobayashi1
Helper

‎07 Jun 2018 09:50 AM

Hi,

Could you tell us what happens when security gateway accidentally stopped?

Our customer is planning to deploy Dynatrace to the large environment that has 1000 agents and 2 security gateways.
They want to know what happens when security gateway accidentally stopped.

I suppose that followings things happen.
Could you tell me whether it is correct?

- When the all security gateway stopped, the agents connect to Dynatrace SaaS Cluster directly.
- So, no data loss occurs.

- But the traffic from the agents become not to compress, so the occupancy rate of the traffic suddenly increase.

Thanks,

Noah Kobayashi

Labels:
0 Kudos
Reply
2 REPLIES 2

hmor3
Inactive

‎07 Jun 2018 10:57 AM

Hello Noah,

Yes your options are correct but it is not best practice from security complaince point of view that you let your OneAgents talk directly to SAAS Cluster.

I suggest you should have your Security gateways with redundancy at Hardware level like you can have gateways on different ESXi hosts(if you are using VMWARE ESXi)

- When the all security gateway stopped, the agents connect to Dynatrace SaaS Cluster directly.

-->> This will happen only if your SAAS cluster is reachable on TCP 8443 from your OneAgents
- So, no data loss occurs.
- But the traffic from the agents become not to compress, so the occupancy rate of the traffic suddenly increase. ----> yes this is true as security gateway reduces traffic upto 70% via compression.

Thanks

Himanshu Mor

0 Kudos
Reply

nkobayashi1
Helper
In response to hmor3

‎13 Jun 2018 10:59 AM

Hi Himanshu,

Thank you for your response.

Let me confirm some points.

- When the all security gateway stopped, the agents connect to Dynatrace SaaS Cluster directly.

-->> This will happen only if your SAAS cluster is reachable on TCP 8443 from your OneAgents
- So, no data loss occurs.

If the 8443 port is not allowed, does all of the OneAgent keep trying to send data to the SaaS Cluster directory? Or does the OneAgents stop that if it failed to connect?

I also would like to know whether the same size of traffic is sent in this case. I guess it may be only connection check traffic. Anyway, I concern about flowing unnecessary large traffic in the network.

Thanks, Noah

0 Kudos
Reply
Ask a question

Featured Posts