If you use Dynatrace SaaS, the only type of ActiveGate you need to install is an Environment ActiveGate. If you have a Dynatrace Managed deployment, you need both an Environment ActiveGate and a Cluster ActiveGate.
Environment ActiveGate can be installed either on a Windows or a Linux machine.
Before you begin
Please check the hardware and system requirements for ActiveGate.
Download the installer
To install Environment ActiveGate
Select Deployment status from the navigation menu.
Click the Install ActiveGate button.
Click Linux or Windows based on your operating system.
Normally it’s fine to install Environment ActiveGate at any time following OneAgent installation. In some cases however, the OneAgent installer must know about your Environment ActiveGate installation before OneAgent can be installed. In such instances, you must first install Environment ActiveGate and then download the Dynatrace OneAgent installer. For example, if you download the OneAgent installer and use it to install Dynatrace in a DMZ or network segment that has no Internet access and subsequently install Environment ActiveGate, you’ll need to re-download the OneAgent installer and re-install OneAgent to ensure that the installer provides the proper configuration between OneAgent and Environment ActiveGate. This is because OneAgent needs to be automatically configured during installation to connect to your monitored environment and send monitoring data back to Dynatrace Server via your Environment ActiveGate.
How you download your installer depends on your setup and needs. You can choose to download an installer directly to the server where you plan to install Environment ActiveGate or you can download an installer to a different machine and then transfer the installer to the server.
On the Download Dynatrace ActiveGate page, click the Linux button. Downloading the installer for Linux is easy—just copy the
wget command line from the Use this command on the target host text box (see below) and paste it into your terminal window. Make sure to copy the command directly from the first text box because it contains your environment ID.
Wait for the download to complete. Then verify the signature by copying the command from the Verify signature text box and pasting the command into your terminal window.
Make sure your system is up to date, especially SSL and related certificate libraries. If you plan to download Environment ActiveGate directly to the server, note that outdated libraries (for example, CA certificates) or missing OpenSSL will prevent the installer from downloading (we use encrypted connections, so OpenSSL is required to enable
wget to access the server).
You can also download the installer by clicking the ActiveGate installer link at the bottom of the page and saving the installer script to any location on your system, thereby bypassing the
wget command altogether.
On the Download Dynatrace ActiveGate page, click the Windows button. Then click the Download securitygateway.exe button. Download the installer directly to the server where you want to install Environment ActiveGate or to another suitable location.
Run the installer
You can install Environment ActiveGate on a Linux or Windows machine. Environment ActiveGate needs to send monitoring data to Dynatrace. This is why Environment ActiveGate requires Internet access. Environment ActiveGate listens (i.e., accepts incoming connections) on port 9999 and talks to Dynatrace Server (i.e., makes outgoing connections) on port 443. Ensure that your firewall settings allow communication through these ports.
Linux: Copy the installation script command from the last text box and paste it into your terminal.
You'll need root rights to install an ActiveGate. You can use
sudo to run the installation script.
Since version 1.155, the user running the ActiveGate service doesn't require root rights. If you don't specify your own user to run the ActiveGate service, existing or not, the installer by default creates the
dtaguser user. For more information see Customize ActiveGate installation on Linux
To install ActiveGate, type one of the following commands into the directory where you downloaded the installation script.
`chmod + x Dynatrace-Security-Gateway-Linux-1.0.0.sh sudo ./Dynatrace-Security-Gateway-Linux-1.0.0.sh`
`chmod + x Dynatrace-Security-Gateway-Linux-1.0.0.sh su ./Dynatrace-Security-Gateway-Linux-1.0.0.sh`
`chmod + x Dynatrace-Security-Gateway-Linux-1.0.0.sh ./Dynatrace-Security-Gateway-Linux-1.0.0.sh`
You can add additional parameters to the installation command to customize your installation. For example, to install a Cluster ActiveGate as a non-root user you can use the
USER=<user name> parameter as indicated below.
Dynatrace-Security-Gateway-Linux-<version>.sh [USER=<user name>]
Windows: You need administrator rights to install Environment ActiveGate. Run the executable file using administrator rights and follow the displayed instructions.
Environment ActiveGate can use an HTTP proxy server address. On Windows, you can enter this address in one of the installer steps. On Linux, you need to use an additional command line parameter, i.e. the
PROXY parameter, whose value is the proxy address and port, for example
If you use a proxy that performs SSL termination, add a proxy certificate to the trusted keystore (
In a standard installation, the keystore file (
trusted.jks) is located in the following folders:
- For Linux:
- For Windows:
Execute the following command on either Linux or Windows (depending on your installation):
keytool -importcert -file /path/to/your/SSLcert.cer -keystore trusted.jks
Once Environment ActiveGate connects to Dynatrace Server, installation is complete. As soon as Environment ActiveGate connects to Dynatrace Server, OneAgent is informed and re-configured to send monitoring data through Environment ActiveGate. To check on the status of the installation, click the Show deployment status button and select the Dynatrace ActiveGates tab.
If you've set up several monitoring environments, it may be cumbersome to install and maintain multiple ActiveGates. Therefore, Dynatrace enables you to configure a single ActiveGate in support of multiple monitoring environments. This significantly reduces maintenance and setup overhead. Thanks to this feature, you don't need to deploy multiple ActiveGates and adjust firewall settings for each Environment ActiveGate installation. Such multi-environment ActiveGates are capable of handling all traffic from the environments they are associated with.