How to install an Environment ActiveGate?

If you use Dynatrace SaaS, the only type of ActiveGate you need to install is an Environment ActiveGate. If you have a Dynatrace Managed deployment, you need both an Environment ActiveGate and a Cluster ActiveGate.

Environment ActiveGate can be installed either on a Windows or a Linux machine.


  • A machine dedicated to Environment ActiveGate that has:
    • 1 GB free disk space
    • 2 GB RAM (4 GB recommended)
    • 1 dual core processor
  • Proper network port configuration
  • If you're installing OneAgent on a system that runs on VMware, install Environment ActiveGate in a network segment that can easily reach your VMware solution.
  • Your operating system must handle at least 500000 open files for the root user
    Note: To view the system limit, execute the following command: cat /proc/sys/fs/file-max.
    Encountering problems?.

Download the installer

To install Environment ActiveGate

Select Deployment status from the navigation menu.

Click the Install ActiveGate button.

Click the Install Dynatrace ActiveGate link.

How you download your installer depends on your setup and needs. You can choose to download an installer directly to the server where you plan to install Environment ActiveGate or you can download an installer to a different machine and then transfer the installer to the server.

On the Download Dynatrace ActiveGate page, click Linux. Downloading the installer for Linux is easy—just copy the wget command line from the Use this command on the target host text box (see below) and paste it into your terminal window. Make sure to copy the command directly from the first text box because it contains your environment ID. Wait for the download to complete. Then verify the signature by copying the command from the Verify signature text box and pasting the command into your terminal window. To start installation, copy the command line from the And run the installer with root rights text box and paste the command into your terminal window.
Make sure your system is up to date, especially SSL and related certificate libraries. If you plan to download Environment ActiveGate directly to the server, note that outdated libraries (for example, CA certificates) or missing OpenSSL will prevent the installer from downloading (we use encrypted connections, so OpenSSL is required to enable wget to access the server).
You can also download the installer by clicking the ActiveGate installer link at the bottom of the page and saving the installer script to any location on your system, thereby bypassing the wget command altogether.

Run the installer

You can install Environment ActiveGate on a Linux or Windows machine. Environment ActiveGate needs to send monitoring data to Dynatrace. This is why Environment ActiveGate requires Internet access. Environment ActiveGate listens (i.e., accepts incoming connections) on port 9999 and talks to Dynatrace Server (i.e., makes outgoing connections) on port 443. Ensure that your firewall settings allow communication through these ports.

Linux: Copy the command from the Use this command on the target host text box and paste the command into your terminal. Note that you’ll need root privileges for this. You can use su or sudo to run the installation script. You need to make the script executable before you can run it. To do this, type one of the following commands (where 0 is used in place of the actual version number) in the directory where you downloaded the installation script.

You can add additional parameters to the installation command to customize your installation. For example, to install a Cluster ActiveGate as a non-root user you can use the USER=<user name> parameter as indicated below.

Dynatrace-Security-Gateway-Linux-<version>.sh [USER=<user name>]

The specified user name should already exist in the system (i.e., the Environment ActiveGate installer won't create it). There are no special requirements as to the type of user or group that the user must belong to.

Environment ActiveGate can use an HTTP proxy server address. On Windows, you can enter this address in one of the installer steps. On Linux, you need to use an additional command line parameter, i.e. the PROXY parameter, whose value is the proxy address and port, for example PROXY="".

If you use a proxy that performs SSL termination, add a proxy certificate to the trusted keystore (trusted.jks).
In a standard installation, the keystore file (trusted.jks) is located in the following folders:

  • For Linux: /var/lib/dynatrace/gateway/ssl/customkeys/
  • For Windows: JAVA_HOME\JRE\lib\security\cacert

Execute the following command on either Linux or Windows (depending on your installation):
keytool -importcert -file /path/to/your/SSLcert.cer -keystore trusted.jks

Once Environment ActiveGate connects to Dynatrace Server, installation is complete. As soon as Environment ActiveGate connects to Dynatrace Server, OneAgent is informed and re-configured to send monitoring data through Environment ActiveGate. To check on the status of the installation, click the Show deployment status button and select the Dynatrace ActiveGates tab.

Can't connect to Environment ActiveGate?