Consider the following requirements before starting Security Gateway installation.
Before you begin
Security Gateway requirements:
- A machine dedicated to Security Gateway with:
- 1 GB free disk space
- 2 GB RAM (4 GB recommended)
- 1 dual core processor
- Communications between Dynatrace SaaS installations and monitored environments are sent via HTTPS on port
443. URLs for monitored environments use the form
- Communications between Security Gateway installations and Dynatrace Server are sent via HTTPS on port
- Data sent from OneAgent is received via HTTPS on port
If you're installing OneAgent on a system that runs on VMware, install Security Gateway in a network segment that can easily reach your VMware solution.
Note: The Linux operating system has a limit on the number of open files that a process can handle. It's recommended that you set the permitted number of open files to at least
500000 for the
root user to ensure proper operation. The current limit can be checked via the
ulimit -H -n command. Note that this limit is set on a per-user basis, so if you run Security Gateway with a different user than
root, you need to update the relative configuration file accordingly.
To configure the limit on number of open files:
- Create the file
/etc/security/limits.d/80-dynatrace.confwith the following content:
root hard nofile 500000.
- Log out, log back in, and restart Security Gateway.
Make sure the system limit on the number of open files is now higher. To view the system limit, execute the following command:
If required, follow the steps below to change the system limit:
- Execute the
sysctl -p /etc/sysctl.d/80-dynatrace.confto apply the new value.
Download and run the installer
To install Security Gateway
Select Deploy Dynatrace from the navigation menu.
Click the Start installation button.
Click the Install Dynatrace Security Gateway link.
Normally it’s fine to install Security Gateway at any time following OneAgent installation. In some cases however, the OneAgent installer must know about your Security Gateway installation before OneAgent can be installed. In such instances you must first install Security Gateway and then download the Dynatrace OneAgent installer. For example, if you download the OneAgent installer and use it to install Dynatrace in a DMZ or network segment that has no Internet access and subsequently install Security Gateway, you’ll need to re-download the OneAgent installer and re-install Dynatrace to ensure that the installer provides the proper configuration between OneAgent and Security Gateway. This is because OneAgent needs to be automatically configured during installation to connect to your monitored environment and send monitoring data back to Dynatrace Server via your Security Gateway.
How you download your installer depends on your setup and needs. You can choose to download an installer directly to the server where you plan to install Security Gateway or you can download an installer to a different machine and then transfer the installer to the server.
On the Download Dynatrace Security Gateway page, click Linux. Downloading the installer for Linux is fairly easy—just copy the
wget command line from the Use this command on the target host text box (see below) and paste it into your terminal window. Make sure to copy the command directly from the first text box because it contains your environment ID.
Wait for the download to complete. Then verify the signature by copying the command from the Verify signature text box and pasting the command into your terminal window. To start installation, copy the command line from the And run the installer with root rights text box and paste the command into your terminal window.
Make sure your system is up to date, especially SSL and related certificate libraries. If you plan to download Security Gateway directly to the server, note that outdated libraries (for example, CA certificates) or missing OpenSSL will prevent the installer from downloading (we use encrypted connections, so OpenSSL is required to enable wget to access the server).
You can also download the installer by clicking the Download Security Gateway installer link at the bottom of the page and saving the installer script to any location on your system, thereby bypassing the
wget command altogether.
On the Download Dynatrace Security Gateway page, click the Windows button. Then click the Download securitygateway.exe button. Download the installer directly to the server where you want to install Security Gateway or to another suitable location.
You can install Security Gateway on a Linux or Windows machine. Security Gateway needs to send monitoring data to Dynatrace. This is why Security Gateway requires Internet access. Security Gateway listens (i.e., accepts incoming connections) on port 9999 and talks to Dynatrace Server (i.e., makes outgoing connections) on port 443. Ensure that your firewall settings allow communication through these ports.
Linux: Copy the command from the Use this command on the target host text box and paste the command into your terminal. Note that you’ll need root privileges for this. You can use
sudo to run the installation script. You need to make the script executable before you can run it. To do this, type one of the following commands (where "0" is used in place of the actual version number) in the directory where you downloaded the installation script.
chmod + x Dynatrace-Security-Gateway-Linux-1.0.0.sh sudo ./Dynatrace-Security-Gateway-Linux-1.0.0.sh
chmod + x Dynatrace-Security-Gateway-Linux-1.0.0.sh su ./Dynatrace-Security-Gateway-Linux-1.0.0.sh
chmod + x Dynatrace-Security-Gateway-Linux-1.0.0.sh ./Dynatrace-Security-Gateway-Linux-1.0.0.sh
You can add additional parameters to the installation command, to customize your installation. If you want, for example, to install a private Security Gateway as a non-root user, you can use the
USER=<user name> parameter as indicated below.
Dynatrace-Security-Gateway-Linux-<version>.sh [USER=<user name>]
The specified user name should already exist in the system (i.e., the Security Gateway installer won't create it). There are no special requirements as to the type of user or group that the user must belong to.
Windows: You need administrator rights to install Security Gateway. Run the executable file using administrator rights and follow the displayed instructions.
Security Gateway can use an HTTP proxy server address. On Windows, you can enter this address in one of the installer steps. On Linux, you need to use an additional command line parameter, i.e. the
PROXY parameter, whose value is the proxy address and port, for example
If you use a proxy that performs SSL termination, add a proxy certificate to the trusted keystore (
In a standard installation, the keystore file (
trusted.jks) is located in the following folders:
- For Linux:
- For Windows:
Execute the following command in either Linux or Windows (depending on your installation):
keytool -importcert -file /path/to/your/SSLcert.cer -keystore trusted.jks
Once Security Gateway connects to Dynatrace Server, installation is complete. That’s all there is to it! As soon as Security Gateway connects to Dynatrace Server, OneAgent is informed and re-configured to send monitoring data through Security Gateway. To check on the status of the installation, click the Show deployment status button and select the Dynatrace Security Gateways tab.
If you've installed OneAgent with an existing proxy setting that doesn't allow connection to Security Gateway, OneAgent won't be able to connect to Security Gateway directly. To enable OneAgent to connect to Security Gateway, please re-install OneAgent with no proxy or proxy-related setting.
How to start/stop Security Gateway using the command line
You can use the following commands to start/stop Security Gateway.
service dynatracegateway start|stop|forcestop, where
dynatracegateway is the
init.d script for OneAgent. The difference between
forcestop is that the
stop command instructs the process to start its shutdown routine, while
forcestop forces the process shutdown.
net start "Dynatrace Security Gateway"
How to update Security Gateway
To update Security Gateway, download the new version and reinstall it. You don´t need to uninstall your current Security Gateway version. Just install the new version over the old one.