Infrastructure Preparation
The following article describes how to prepare the client infrastructure for hybrid deployment and outlines relevant connectivity, OS and system requirements.
Connectivity between DPE and Ataccama ONE PaaS
Client-side components can be deployed and connected with the Ataccama Platform as a Service (PaaS) offering in a number of ways depending on the location of customer data and the customer’s existing infrastructure. There are two basic deployment scenarios:
- Customer data is located on the customer premises or in a data center
-
Data Processing Engine (DPE) and logging tools are installed on an x86 computing resource (virtual machine or hardware server). One-way communication through the Internet is established between DPE and the Ataccama ONE PaaS, with DPE initiating the connection.
To ensure that the data transferred remains secure, gRPC protocol encrypted by TLS is used.
- Customer data is located in a public cloud environment
-
DPE and logging tools are installed on cloud computing resources (such as virtual machines or containers). DPE connects to the Ataccama ONE PaaS either through PrivateLink or VPC endpoint service, depending on the cloud provider.
To ensure that the data transferred remains secure, gRPC protocol encrypted by TLS is used.
It is also possible to apply and scale both of these approaches. For example, some data sources can be located on client premises or in data centers with others in the client’s public cloud subscriptions. In this case, there is at least one DPE instance in each environment. For more detailed information, see hybrid-deployment-architecture.adoc.
For more information about the performance and stability of the Ataccama ONE PaaS client-side components, see Sizing Guidelines. |
Connectivity to data sources
The connection between DPE and the data sources must be set up so that the processing engine and the data are located in different subnets. For optimal performance, the connection should also meet the following criteria:
Parameter | Recommended |
---|---|
Maximum recommended network round-trip time (RTT) between DPE and each data source |
< 6ms |
Minimum recommended throughput of the connection between DPE and each data source |
1 Gbps |
Firewall setup requirements
The Ataccama ONE PaaS client-side components do not require any incoming connections from the Ataccama ONE PaaS as all communication is initiated from the client side (that is, DPE).
Therefore, the customer’s edge firewall should only allow outgoing requests from the client side to the Ataccama ONE PaaS services. The following table contains the mapping of sources and destinations between which outgoing traffic needs to be enabled.
Source | Destination |
---|---|
DPE server (instance) |
|
Logging module (Fluent Bit) |
|
Computing resources requirements
Depending on the amount of data that should be processed as well as customer performance requirements, one or several DPE instances need to be running on the client side. For more information about the recommended sizing, see Sizing Guidelines.
The Ataccama ONE PaaS client-side components require standard x86 computing resources. Both virtualized and bare-metal implementations are supported. The following table shows basic system requirements that the client-side infrastructure must meet in hybrid deployment.
Resource | Minimum | Recommended* |
---|---|---|
CPU |
2 CPU Cores |
4 CPU Cores |
RAM |
4 GB |
8 GB |
Data disk |
|
|
Connectivity |
|
|
*Optimal sizing depends heavily on the amount of data for processing and the number and type of connected data sources. As such, performance adjustments might be necessary during the initial period of production use of the Ataccama ONE PaaS. For more information about the initial setup, see Sizing Guidelines. |
Operating system requirements
The following operating systems are supported for running the client-side components of the Ataccama ONE PaaS. In addition, it is possible to use a virtualized system (for example, VirtualBox) or a remote server with SSH access.
Operating System | Version |
---|---|
Red Hat Enterprise Linux |
8 and higher |
Ubuntu |
20.04 LTS and higher |
As Ataccama ONE PaaS client-side components are installed through Ansible, using Windows OS is not supported. |
Supported operating systems must be installed either according to the customer internal policy or from the official OS repository. Unofficial or unsupported OS versions might cause problems that are not covered by the Ataccama standard support services. Therefore, the use of such OS versions must be agreed upon in advance with Ataccama representatives. |
DNS requirements
The client-side components of the Ataccama ONE PaaS use preconfigured host names (URLs) to connect to the Ataccama ONE PaaS Platform, which means that they need access to DNS services to obtain the actual IP address. For more information about how to select the appropriate scenario and configure the DNS settings accordingly, see hybrid-deployment-architecture.adoc, section Configure DNS.
Was this page useful?