User Community Service Desk Downloads
If you can't find the product or version you're looking for, visit

Infrastructure Preparation

The following article describes how to prepare the client infrastructure for hybrid deployment and outlines relevant connectivity, OS and system requirements.

Connectivity between DPE and Ataccama ONE PaaS

Client-side components can be deployed and connected with the Ataccama Platform as a Service (PaaS) offering in a number of ways depending on the location of customer data and the customer’s existing infrastructure. There are two basic deployment scenarios:

Customer data is located on the customer premises or in a data center

Data Processing Engine (DPE) and logging tools are installed on an x86 computing resource (virtual machine or hardware server). One-way communication through the Internet is established between DPE and the Ataccama ONE PaaS, with DPE initiating the connection.

To ensure that the data transferred remains secure, gRPC protocol encrypted by TLS is used.

Customer data is located in a public cloud environment

DPE and logging tools are installed on cloud computing resources (such as virtual machines or containers). DPE connects to the Ataccama ONE PaaS either through PrivateLink or VPC endpoint service, depending on the cloud provider.

To ensure that the data transferred remains secure, gRPC protocol encrypted by TLS is used.

It is also possible to apply and scale both of these approaches. For example, some data sources can be located on client premises or in data centers with others in the client’s public cloud subscriptions. In this case, there is at least one DPE instance in each environment. For more detailed information, see ataccama-one-paas:hybrid-deployment-architecture.adoc.

For more information about the performance and stability of the Ataccama ONE PaaS client-side components, see Sizing Guidelines.

Connectivity to data sources

The connection between DPE and the data sources must be set up so that the processing engine and the data are located in different subnets. For optimal performance, the connection should also meet the following criteria:

Parameter Recommended

Maximum recommended network round-trip time (RTT) between DPE and each data source

< 6ms

Minimum recommended throughput of the connection between DPE and each data source

1 Gbps

Firewall setup requirements

The Ataccama ONE PaaS client-side components do not require any incoming connections from the Ataccama ONE PaaS as all communication is initiated from the client side (that is, DPE).

Therefore, the customer’s edge firewall should only allow outgoing requests from the client side to the Ataccama ONE PaaS services. The following table contains the mapping of sources and destinations between which outgoing traffic needs to be enabled.

Source Destination

DPE server (instance)

  • DPM gRPC host: dpm-grpc.[customer].[env]

  • ONE Object Storage (MinIO): https://minio.[customer].[env]

  • Keycloak (optional): \https://[customer].[env]

Logging module (Fluent Bit)

  • ONE Object Storage (MinIO): https://minio.[customer].[env]

Computing resources requirements

Depending on the amount of data that should be processed as well as customer performance requirements, one or several DPE instances need to be running on the client side. For more information about the recommended sizing, see Sizing Guidelines.

The Ataccama ONE PaaS client-side components require standard x86 computing resources. Both virtualized and bare-metal implementations are supported. The following table shows basic system requirements that the client-side infrastructure must meet in hybrid deployment.

Resource Minimum Recommended*


2 CPU Cores

4 CPU Cores


4 GB

8 GB

Data disk

  • Capacity: 350 GB

  • I/O rate: 3000 IOPS

  • Latency: 10 ms (average)

  • Capacity: 10 times the size of the largest database table to be processed

  • I/O rate: 5000 IOPS

  • Latency: <5 ms (average)


  • Number of interfaces: 1 (production and management)

  • Throughput: 1 Gbps

  • Number of interfaces: 2 (1 for management and 1 for production)

  • Throughput: 1 Gbps (production interface)

*Optimal sizing depends heavily on the amount of data for processing and the number and type of connected data sources. As such, performance adjustments might be necessary during the initial period of production use of the Ataccama ONE PaaS. For more information about the initial setup, see Sizing Guidelines.

Operating system requirements

The following operating systems are supported for running the client-side components of the Ataccama ONE PaaS. In addition, it is possible to use a virtualized system (for example, VirtualBox) or a remote server with SSH access.

Operating System Version

Red Hat Enterprise Linux

8 and higher


20.04 LTS and higher

As Ataccama ONE PaaS client-side components are installed through Ansible, using Windows OS is not supported.

Supported operating systems must be installed either according to the customer internal policy or from the official OS repository.

Unofficial or unsupported OS versions might cause problems that are not covered by the Ataccama standard support services. Therefore, the use of such OS versions must be agreed upon in advance with Ataccama representatives.

DNS requirements

The client-side components of the Ataccama ONE PaaS use preconfigured host names (URLs) to connect to the Ataccama ONE PaaS Platform, which means that they need access to DNS services to obtain the actual IP address. For more information about how to select the appropriate scenario and configure the DNS settings accordingly, see ataccama-one-paas:hybrid-deployment-architecture.adoc, section Configure DNS.

Was this page useful?