What is the role of Dynatrace Security Gateway?

Dynatrace Security Gateway works as a proxy between Dynatrace OneAgent and Dynatrace Server. Security Gateway collects monitoring data, aggregates the data, and sends the data to Dynatrace Server using an encrypted HTTPS connection. Security Gateway is the only Dynatrace software component in your data center that requires full Internet access. The following image illustrates a network both with and without Dynatrace Security Gateway.

Install Security Gateway in a network segment that all instances of OneAgent can access. Otherwise, install one Security Gateway per segment if some instances of OneAgent won’t be able to reach Security Gateway. The rest of the setup is handled automatically.

Main functions of a Security Gateway

A Security Gateway offers the following basic functions:

  • Message routing: Security Gateway knows about the runtime structure of your Dynatrace environment and routes messages from OneAgents to the correct server endpoints.

  • Buffering and compression: Security Gateway collects messages from OneAgent instances and builds bulks, which are then sent in compressed form to Dynatrace Server, thereby reducing network overhead.

  • Authentication: Security Gateway authenticates OneAgent requests (SSL handshake and environment ID authentication).

  • Entry point for sealed networks: Dynatrace Server clusters often run in protected environments that aren't directly accessible by OneAgent instances running outside of a sealed network. Security Gateway can be used to serve as a single access point for such OneAgent instances. In this way, maintenance overhead is reduced, since you only need to provide access for one well-known Security Gateway (i.e., only a single exception rule in your firewall configuration settings is required).

Do I need to install a Security Gateway?

In principle, installing a Security Gateway is optional. If you decide to install Security Gateway, you will benefit from the advantages described above. However, there are cases for which the installation of a Security Gateway is a prerequisite.

Do I need to install multiple Security Gateways?

Having more than one Security Gateway allows you to better manage large Dynatrace deployments. If you plan to install more than 100 OneAgents, it’s a good idea to deploy at least one Security Gateway.

With Dynatrace, you don’t need to worry about load balancing. If you install multiple Security Gateways in the same environment, your OneAgents and Security Gateways will configure themselves automatically to achieve optimal load balancing.

A single Security Gateway can manage up to 2,000 OneAgents. However, performance problems can arise at such high volume. If this happens, add at least one more Security Gateway to your network. You don’t need to install all Security Gateways initially—you can add additional Security Gateways at any time.

However, if you've set up several monitoring environments, it would be cumbersome to install and maintain multiple Security Gateways. Therefore, Dynatrace enables you to configure a single Security Gateway in support of multiple monitoring environments.