How do I install a private Security Gateway?

Consider the following requirements before starting Security Gateway installation.

Before you begin

Security Gateway requirements:

  • A machine dedicated to Security Gateway with:
    • 1 GB free disk space
    • 2 GB RAM (4 GB recommended)
    • 1 dual core processor
  • Communications between Dynatrace SaaS installations and monitored environments are sent via HTTPS on port 443. URLs for monitored environments use the form <YourEnvironmentID>
  • Communications between Dynatrace Managed installations and Dynatrace Server are sent via HTTPS on port 8443.
  • Data sent from OneAgent is received via HTTPS on port 9999.

If you're installing OneAgent on a system that runs on VMware, install Security Gateway in a network segment that can easily reach your VMware solution.

On which platforms can Security Gateway be installed?

Note: The Linux operating system has a limit on the number of open files that a process can handle. It's recommended that you set the permitted number of open files to at least 500000 for the root user to ensure proper operation. The current limit can be checked via the ulimit -H -n command. Note that this limit is set on a per-user basis, so if you run Security Gateway with a different user than root, you need to update the relative configuration file accordingly.

Download and run the installer

To install Security Gateway

Select Deploy Dynatrace from the navigation menu.

Click the Start installation button.

Click the Install Dynatrace Security Gateway link.

You can install Security Gateway on a Linux or Windows machine. Security Gateway needs to send monitoring data to Dynatrace. This is why Security Gateway requires Internet access. Security Gateway listens (i.e., accepts incoming connections) on port 9999 and talks to Dynatrace Server (i.e., makes outgoing connections) on port 443. Ensure that your firewall settings allow communication through these ports.

How you download your installer depends on your setup and needs. You can choose to download an installer directly to the server where you plan to install Security Gateway or you can download an installer to a different machine and then transfer the installer to the server.

Windows: You need administrator rights to install Security Gateway. Run the executable file using administrator rights and follow the displayed instructions.

Linux: Copy the command from the Use this command on the target host text box and paste the command into your terminal. Note that you’ll need root privileges for this. You can use su or sudo to run the installation script. You need to make the script executable before you can run it. To do this, type one of the following commands in the directory where you downloaded the installation script.

Security Gateway can use an HTTP proxy server address. On Windows, you can enter this address in one of the installer steps. On Linux, you need to pass an extra parameter (PROXY), whose value is the proxy address and port, for example PROXY="".

Once Security Gateway connects to Dynatrace Server, installation is complete. That’s all there is to it! As soon as Security Gateway connects to Dynatrace Server, OneAgent is informed and re-configured to send monitoring data through Security Gateway. To check on the status of the installation, click the Show deployment status button and select the Dynatrace Security Gateways tab.

How to start/stop Security Gateway using the command line

You can use the following commands to start/stop Security Gateway.

  • For Linux: service dynatracegateway start|stop|forcestop, where dynatracegateway is the init.d script for OneAgent. The difference between stop and forcestop is that the stop command instructs the process to start its shutdown routine, while forcestop forces the process shutdown.

  • For Windows: net start "Dynatrace Security Gateway"

How to update Security Gateway

To update Security Gateway, download the new version and reinstall it. You don´t need to uninstall your current Security Gateway version. Just install the new version over the old one.