What does Security Gateway do?
Security Gateway works as a proxy between OneAgents and Dynatrace Server. It collects monitoring data, keeps the data encrypted, and sends it to the cloud-based server. If you have Security Gateway in your data center, this is the only piece of Dynatrace software that requires full Internet access. You don’t need to do any extra configuration (if this is a new installation, install it first to make things easier), just install the Security Gateway in a network segment that all your agents can access (or install one Security Gateway per segment if some agents won’t be able to send monitoring data to the Security Gateway). The rest of the setup is handled automatically.
Security Gateway is also responsible for obtaining information from your virtualization platform, currently VMware. Security Gateway polls your VvCenter or standalone ESXi host to obtain information about all important resources that ESX server provisions to your virtual machines, for example CPU usage, memory consumption, and data-store related activity in your VMware platform.
When do I need a Security Gateway?
Security Gateway is an optional component of Dynatrace. Install Security Gateway if you need to:
- Monitor virtualization
Your monitoring likely won’t be complete without virtualization monitoring. If your hosts with agents run in a ESXi virtual environment, install Security Gateway and complete the virtualization monitoring step.
- Secure your environment and save firewall settings
Security Gateway works as a proxy between agents and Dynatrace Server. If you have a Security Gateway in your data center, it is the only piece of Dynatrace software that needs to have full Internet access. It saves you the effort of rewriting routing tables and changing firewall settings for each monitored host.
- Introduce load balancing for monitoring data within a large deployment.
A large number of agents will generate lots of monitoring data. You can use Security Gateway to maximize throughput and avoid overload, especially on the agent side.
- Increase the effectiveness of your installed Dynatrace components.
You can use more than one Security Gateway if your monitored hosts work in isolated zones—this can save you from otherwise being forced to violate your security or networking policies.
You don’t need to install all your Security Gateways initially. You can always add Security Gateways later.
When do I need more Security Gateways?
Having more than one Security Gateway will allow you to better manage large Dynatrace installations. If you’ll be installing more than 100 agents, it’s a good idea to deploy at least one additional Security Gateway. With Dynatrace you don’t need to worry about load balancing. If you install multiple Security Gateway in the same environment, the agents and Security Gateway will reconfigure themselves automatically to achieve optimum load balancing for monitoring data.
A single Security Gateway can manage up to 2000 agents, but performance problems can arise at such high volume. Dynatrace Server will inform you automatically if it detects performance issues. If that happens, you should add at least one more Security Gateway to your network.