Dynatrace Security Gateway works as a proxy between Dynatrace OneAgent and Dynatrace Server. Security Gateway collects monitoring data, aggregates the data, and sends the data to Dynatrace Server using an encrypted HTTPS connection. Security Gateway is the only Dynatrace software component in your data center that requires full Internet access. The following image illustrates a network both with and without Dynatrace Security Gateway.
Install Security Gateway in a network segment that all instances of OneAgent can access. Otherwise, install one Security Gateway per segment if some instances of OneAgent won’t be able to reach Security Gateway. The rest of the setup is handled automatically.
Do I need Security Gateway?
Security Gateway is an optional Dynatrace component. Install Security Gateway if you need to:
- Monitor virtualization
Your monitoring likely won’t be complete without virtualization monitoring. Security Gateway can poll your VCenter or standalone ESXi hosts to obtain information about all important resources that ESXi servers provision to your virtual machines (for example, CPU usage, memory consumption, and data-store related activity on your VMware platform). If your ESXi hosts and virtual machines run in a VMware datacenter, install Security Gateway and complete the virtualization monitoring step.
- Keep your environment secure and reduce firewall configuration
Because Security Gateway is the only Dynatrace software component that requires Internet access, efforts related to the rewriting of routing tables and firewall settings for each monitored host can be eliminated.
- Introduce load balancing for monitoring data within large deployments
Within large deployments, you can use multiple Security Gateways to maximize throughput.
- Increase the effectiveness of your installed Dynatrace components
You can use more than one Security Gateway if your monitored hosts work in isolated zones. This saves you from the necessity of otherwise violating your network security policies.
Do I need multiple Security Gateways?
Having more than one Security Gateway allows you to better manage large Dynatrace deployments. If you plan to install more than 100 OneAgents, it’s a good idea to deploy at least one Security Gateway.
With Dynatrace, you don’t need to worry about load balancing. If you install multiple Security Gateways in the same environment, your OneAgents and Security Gateways will configure themselves automatically to achieve optimal load balancing.
A single Security Gateway can manage up to 2,000 OneAgents. However, performance problems can arise at such high volume. If this happens, add at least one more Security Gateway to your network. You don’t need to install all Security Gateways initially—you can add additional Security Gateways at any time.