Atria System Prerequisites
Overview
This guide outlines the essential prerequisites for installing Atria, including system requirements, network configurations, and recommended components. Proper preparation ensures a successful deployment and smooth operation of the Atria platform. Follow these guidelines to configure your environment, set up key infrastructure components, and secure necessary permissions before installation.
Atria Servers
Active Directory Schema Prep
Core servers for the platform should be domain joined. Before you can deploy Atria the Active Directory schema must be extended to include the standard Exchange attributes. This is required to prepare the environment for multi-tenancy and is mandatory even if you do not intend to deploy Exchange.
Extending the Active Directory schema ensures that essential attributes required for multi-tenancy and service integration, such as those used by Exchange, are available within the directory. This process allows the platform to function properly by enabling key features like user provisioning, email service configuration, and attribute synchronization. Skipping this step can cause critical failures in user provisioning, incomplete attribute assignments, and service integration issues.
To extend the Active Directory Schema, follow this guide: Extend Active Directory Schema with Exchange Attributes.
The guide will have you download the Microsoft Exchange Installation Media and run the following commands from a Windows Command Prompt:
> <Virtual DVD drive letter>:\Setup.exe /IAcceptExchangeServerLicenseTerms_DiagnosticDataOFF /PrepareSchema
> <Virtual DVD drive letter>:\Setup.exe /IAcceptExchangeServerLicenseTerms_DiagnosticDataOFF /PrepareAD /OrganizationName:”Your Organization”
Core Components
-
Provisioning Server: Hosts core services like Atria Config Service, Directory Web Service, Provisioning Engine, RabbitMQ, and Platform API. It acts as the main coordinator for provisioning tasks, connecting the Web Server and the Database Server.
-
Database Server: Manages the Atria SQL database and reporting functions, storing configuration data, logs, and provisioning records. It supports all service components that require persistent data storage.
-
Web Server: Provides the user interface and API endpoints for interacting with the platform. It processes incoming HTTP/HTTPS requests from users and administrators while facilitating secure communication with the Provisioning Server.
The minimum recommended specifications for the core components are as follows:
# of Server | Server | vCPUs | RAM | Core Component Services |
---|---|---|---|---|
1 | Provisioning Server | 4 | 8 GB | Atria Config Service, Directory Web Service, Provisioning Engine, RabbitMQ, Agent, Platform API |
1 | Database Server | 4 | 8 GB | Atria Database, Atria Reporting |
1 | Web Server | 4 | 8 GB | Atria Web |
Network Architecture
This diagram illustrates the communication flow between core components, including the Web Server, Provisioning Server, and Database Server. Each connection is labeled with its corresponding TCP port and protocol for clarity.
- Solid Lines: Mandatory connections required for core services.
- Arrows: Indicate data flow direction between components.
- Dashed Lines: Indicate separate environments.
Windows OS Version
While Windows Server 2022 is recommended for optimal performance and feature support, Windows Server 2019 or earlier is still supported with the following considerations:
- Feature Limitations: Certain features, such as advanced security options, Windows Admin Center integration, and enhanced virtual machine support, are limited in Windows Server 2019.
- Manual Configurations: Older Windows Server versions may require manual installation of services like .NET Framework 4.8 and updated PowerShell modules.
- Compatibility Notes: Ensure compatibility with third-party software versions, including SQL Server, Exchange, and Active Directory services.
Database - SQL
-
Minimum recommended version of Microsoft SQL Server is 2016.
-
Include SQL Tools such as SQL Management Studio and SQL Profiler.
-
Configure for Mixed Mode Authentication:
- Open SQL Server Management Studio (SSMS).
- Right-click the server instance and select Properties.
- Navigate to the Security page.
- Under Server Authentication, select SQL Server and Windows Authentication Mode.
- Click OK, then restart the SQL Server service.
-
Check SQL configuration for TCP/IP properties are enabled correctly:
- Open SQL Server Configuration Manager.
- Expand SQL Server Network Configuration.
- Select Protocols for [Your Server Instance].
- Right-click TCP/IP and choose Enable.
- Double-click TCP/IP, navigate to the IP Addresses tab, and ensure the appropriate IP addresses are enabled.
- Restart the SQL Server service.
-
Grant a Windows-authenticated user access to SQL Server Instance:
Step 1: Open SQL Server Management Studio (SSMS)
- Launch SQL Server Management Studio (SSMS).
- Connect to the SQL Server instance using a domain administrator.
Step 2: Add the User as a Login
- In Object Explorer, expand the Security node.
- Right-click Logins and select New Login.
- In the Login - New window:
- Select Windows authentication.
- Click Search and enter the user’s Windows account (e.g., DOMAIN\Username).
- Click Check Names to verify the account.
- Click OK.
Step 3: Grant Database Access
- Expand Databases and locate the target database.
- Expand Security > Users.
- Right-click Users and select New User.
- In the Database User - New window:
- Enter the same Windows username.
- Choose db_owner, db_datareader, db_datawriter, or other roles as needed.
- Click OK.
Windows Domain Administrator Account
A Domain Administrator account is used to run the entire Atria deployment process.
Optional - Credential/Token Storage
Atria needs access to privileged credentials, tokens and secrets in order to integrate with and perform provisioning tasks. These are stored encrypted within the Atria system. By default data will be encrypted and stored in the SQL database.
If you wish to store secrets in Azure KeyVault. An Azure KeyVault should be available at the time of installation, and an account with full access over this KeyVault. You will also need the ability to create azure applications when installing the Atria Platform.
Creating the KeyVault and Application can be done ahead of time.
Firewall and Network Requirements
The following outlines the required network protocols, ports, and their purposes for communication between Atria components. Ensure that all of these communications are possible before proceeding.
- Provisioning Server
- Web Server
Source | Destination | Port Direction | Protocol | Port | Purpose |
---|---|---|---|---|---|
Provisioning Server | SQL Server | Outbound | TCP | 1433 | Default SQL Server communication (use custom port if specified). |
Provisioning Server | Web Services | Outbound | TCP | 8095 | Communication with services like Exchange and SharePoint. |
Provisioning Server | SMTP Relay | Outbound | TCP | 25 | Email delivery for system-generated emails. |
Provisioning Server | RabbitMQ | Inbound | TCP | 5671, 5672 | RabbitMQ communication (HTTPS and HTTPS). |
Provisioning Server | RabbitMQ Management | Inbound | TCP | 15671, 15672 | RabbitMQ management communication (HTTP and HTTPS). |
Source | Destination | Port Direction | Protocol | Port | Purpose |
---|---|---|---|---|---|
Internet | Web Server | Inbound | TCP | 443 | Secure HTTP communication (HTTPS). |
AD Sync | Web Server | Inbound | TCP | 443 | API communication for Active Directory synchronization. |
Web Server | Provisioning Server | Outbound | TCP | 8095 | Core communication between Web and Provisioning servers. |
Web Server | Provisioning Server | Outbound | TCP | 8098 | Extended API communication. |
Web Server | Provisioning Server | Outbound | TCP | 8100 | Task execution services. |
Web Server | Provisioning Server | Outbound | TCP | 8101 | Additional services related to provisioning. |
Web Server | SQL Server | Outbound | TCP | 1433 | Default SQL Server communication (use custom port if specified). |
Web Server | Config Service | Outbound | TCP | 8095 | Configuration service API communication. |
Web Server | Web Services | Outbound | TCP | 8095 | Communication with services like Exchange and SharePoint. |
If planning to setup AtriaWeb in a de-militarized network zone (DMZ), make sure that the firewall rules allow (HTTP/HTTPS). The installer will need to communicate with the AtriaConfigService to retrieve encryption keys. Make sure to also open traffic from AtriaWeb to AtriaSQL via SQL ports.
Enable WebSockets on Network Firewall/LoadBalancer
The Atria UI utilizes websockets. if firewalls or loadbalancers are not correctly configured to allow Websockets this will cause some pages within Atria to appear blank/empty.
Configuration to allow websockets will be dependent on the firewall in use.
For example: If using WebProxy to publish your Atria site the configuration looks like this:
Prerequisite software for Atria deployment
For each server that will have core components or web services installed, the below prerequisite items must be installed.
The database installation should be run from the Provisioning Server, so prerequisite items are not required on the SQL Server.
-
Powershell 5.1 (If you are running Windows Server 2022 or later, this is installed by default)
-
.NET Framework 4.8
infoPlease check if Powershell and .NET server versions are both supported by your services (i.e. Exchange, Virtual Apps & Desktops, etc.) If not, then the latest CU or software version of your services needs to be implemented.
-
Add **Host (A) **DNS Records below to be set to the Provisioning Server IP address
- AtriaConfigService
- AtriaHTTPTunnel
- AtriaPlatformAPI
-
Add CNAME DNS records
- AtriaSQL (Alias for the SQL Server)
- AtriaWeb (Alias for the Web Server)
-
Create a Domain Admin account that will be used for execution of the Atria installation.
Request Access Token and DeploymentID
To access the Atria Installer platform, you'll need a valid Access Token. To obtain a token please log a support ticket with the Atria Support team. You can contact support via the support portal: Atria Help Center or email support@getatria.com.
In addition to the Access Token, we will provide you with a Deployment Identifier DeploymentID
that is needed during the Install/Upgrade to Register your Atria deployment.