Infrastructure Preparation
The following article describes how to prepare the client infrastructure for hybrid deployment and outlines relevant connectivity, OS and system requirements.
Connectivity between DPE and Ataccama ONE in the cloud
Client-side components can be deployed and connected with the Custom Ataccama Cloud in a number of ways depending on the location of customer data and the customer’s existing infrastructure. There are two basic deployment scenarios:
- Customer data is located on the customer premises or in a data center
-
Data Processing Engine (DPE) and logging tools are installed on an x86 computing resource (virtual machine or hardware server). One-way communication through the Internet is established between DPE and Ataccama ONE in the cloud, with DPE initiating the connection.
To ensure that the data transferred remains secure, gRPC protocol encrypted by TLS is used.
- Customer data is located in a public cloud environment
-
DPE and logging tools are installed on cloud computing resources (such as virtual machines or containers). DPE connects to the Ataccama ONE in the cloud either through PrivateLink or VPC endpoint service, depending on the cloud provider.
To ensure that the data transferred remains secure, gRPC protocol encrypted by TLS is used.
It is also possible to apply and scale both of these approaches. For example, some data sources can be located on client premises or in data centers with others in the client’s public cloud subscriptions. In this case, there is at least one DPE instance in each environment.
| For more information about the performance and stability of the Ataccama ONE client-side components, see Sizing Guidelines. |
Connectivity to data sources
The connection between DPE and the data sources must be set up so that the processing engine and the data are located in different subnets. For optimal performance, the connection should also meet the following criteria:
| Parameter | Recommended |
|---|---|
Maximum recommended network round-trip time (RTT) between DPE and each data source |
< 6ms |
Minimum recommended throughput of the connection between DPE and each data source |
1 Gbps |
Firewall setup requirements
The Ataccama ONE client-side components do not require any incoming connections from the Ataccama ONE in the cloud as all communication is initiated from the client side (that is, DPE).
Therefore, the customer’s edge firewall should only allow outgoing requests from the client side to the Custom Ataccama Cloud services. The following table contains the mapping of sources and destinations between which outgoing traffic needs to be enabled.
| Source | Destination |
|---|---|
DPE server (instance) |
|
Logging module (Fluent Bit) |
|
Network policy
Ataccama ONE communicates with the web browser using WebSocket. If WebSocket communication cannot be established between your browser and the servers where the Ataccama ONE Platform is installed, the servers cannot push notifications to the client browser, causing issues such as non-functional search.
To confirm that WebSocket communication between your browser and the servers is functioning properly, you can use the WebSocket King tool.
Open websocketking.com/ in your browser and, under Connections, enter <ataccama-platform-url>/subscriptions.
Select Connect.
If the connection is successful, you can see a message saying Connected to <ataccama-platform-url>/subscriptions.
If the connection is not working, the reason is your proxy removing headers from server responses.
To solve the issue, your network administrator must allowlist the Connection header for network communication for the platform domain (for example, <customer_domain>), subdomain (for example, one.<customer_domain>), or link, with the the latter being more strict than the previous.
Computing resources requirements
Depending on the amount of data that should be processed as well as customer performance requirements, one or several DPE instances need to be running on the client side. For more information about the recommended sizing, see Sizing Guidelines.
The Custom Ataccama Cloud client-side components require standard x86 computing resources. Both virtualized and bare-metal implementations are supported. The following table shows basic system requirements that the client-side infrastructure must meet in hybrid deployment.
| Resource | Minimum | Recommended* |
|---|---|---|
CPU |
2 CPU Cores |
4 CPU Cores |
RAM |
4 GB |
8 GB |
Data disk |
|
|
Connectivity |
|
|
| *Optimal sizing depends heavily on the amount of data for processing and the number and type of connected data sources. As such, performance adjustments might be necessary during the initial period of production use of Ataccama ONE in the cloud. For more information about the initial setup, see Sizing Guidelines. |
Operating system requirements
The following operating systems are supported for running the client-side components of Ataccama ONE in the cloud. In addition, it is possible to use a virtualized system (for example, VirtualBox) or a remote server with SSH access.
| Operating System | Version |
|---|---|
Red Hat Enterprise Linux |
9 |
Ubuntu |
22.04 LTS |
| As Custom Ataccama Cloud client-side components are installed through Ansible, using Windows OS is not supported. |
|
Supported operating systems must be installed either according to the customer internal policy or from the official OS repository. Unofficial or unsupported OS versions might cause problems that are not covered by the Ataccama standard support services. Therefore, the use of such OS versions must be agreed upon in advance with Ataccama representatives. |
DNS requirements
The client-side components of Custom Ataccama Cloud use preconfigured host names (URLs) to connect to the Ataccama ONE Platform in the cloud, which means that they need access to DNS services to obtain the actual IP address.
Was this page useful?