Atria System Prerequisites
Overview
This guide outlines the essential prerequisites for installing Atria, including system requirements, network configurations, and recommended components. Proper preparation ensures a successful deployment and smooth operation of the Atria platform. Follow these guidelines to configure your environment, set up key infrastructure components, and secure necessary permissions before installation.
Atria Servers
Active Directory Schema Prep
Core servers for the platform should be domain joined. Before you can deploy Atria the Active Directory schema must be extended to include the standard Exchange attributes. This is required to prepare the environment for multi-tenancy and is mandatory even if you do not intend to deploy Exchange.
Extending the Active Directory schema ensures that essential attributes required for multi-tenancy and service integration, such as those used by Exchange, are available within the directory. This process allows the platform to function properly by enabling key features like user provisioning, email service configuration, and attribute synchronization. Skipping this step can cause critical failures in user provisioning, incomplete attribute assignments, and service integration issues.
To extend the Active Directory Schema, follow this guide: Extend Active Directory Schema with Exchange Attributes.
The guide will have you download the Microsoft Exchange Installation Media and run the following commands from a Windows Command Prompt:
> <Virtual DVD drive letter>\Setup.exe /IAcceptExchangeServerLicenseTerms /PrepareSchema
> <Virtual DVD drive letter>\Setup.exe /IAcceptExchangeServerLicenseTerms /PrepareAD /OrganizationName:”A101”
Core Components
-
Provisioning Server: Hosts core services like Atria Config Service, Directory Web Service, Provisioning Engine, RabbitMQ, and Platform API. It acts as the main coordinator for provisioning tasks, connecting the Web Server and the Database Server.
-
Database Server: Manages the Atria SQL database and reporting functions, storing configuration data, logs, and provisioning records. It supports all service components that require persistent data storage.
-
Web Server: Provides the user interface and API endpoints for interacting with the platform. It processes incoming HTTP/HTTPS requests from users and administrators while facilitating secure communication with the Provisioning Server.
The minimum recommended specifications for the core components are as follows:
| # of Server | Server | vCPUs | RAM | Core Component Services |
|---|---|---|---|---|
| 1 | Provisioning Server | 4 | 8 GB | Atria Config Service, Directory Web Service, Provisioning Engine, RabbitMQ, Agent, Platform API |
| 1 | Database Server | 4 | 8 GB | Atria Database, Atria Reporting |
| 1 | Web Server | 4 | 8 GB | Atria Web |
Network Architecture
This diagram illustrates the communication flow between core components, including the Web Server, Provisioning Server, and Database Server. Each connection is labeled with its corresponding TCP port and protocol for clarity.
- Solid Lines: Mandatory connections required for core services.
- Arrows: Indicate data flow direction between components.
- Dashed Lines: Indicate separate environments.
Windows OS Version
While Windows Server 2022 is recommended for optimal performance and feature support, Windows Server 2019 or earlier is still supported with the following considerations:
- Feature Limitations: Certain features, such as advanced security options, Windows Admin Center integration, and enhanced virtual machine support, are limited in Windows Server 2019.
- Manual Configurations: Older Windows Server versions may require manual installation of services like .NET Framework 4.8 and updated PowerShell modules.
- Compatibility Notes: Ensure compatibility with third-party software versions, including SQL Server, Exchange, and Active Directory services.
Database - SQL Version
-
Minimum recommended version of Microsoft SQL Server is 2016.
-
Include SQL Tools such as SQL Management Studio and SQL Profiler.
-
Configure for Mixed Mode Authentication:
- Open SQL Server Management Studio (SSMS).
- Right-click the server instance and select Properties.
- Navigate to the Security page.
- Under Server Authentication, select SQL Server and Windows Authentication Mode.
- Click OK, then restart the SQL Server service.
-
Check SQL configuration for TCP/IP properties are enabled correctly:
- Open SQL Server Configuration Manager.
- Expand SQL Server Network Configuration.
- Select Protocols for [Your Server Instance].
- Right-click TCP/IP and choose Enable.
- Double-click TCP/IP, navigate to the IP Addresses tab, and ensure the appropriate IP addresses are enabled.
- Restart the SQL Server service.
Windows Domain Administrator Account
A Domain Administrator account is used to run the entire Atria deployment process.
Optional - Credential/Token Storage
Atria needs access to privileged credentials, tokens and secrets in order to integrate with and perform provisioning tasks. These are stored encrypted within the Atria system. By default data will be encrypted and stored in the SQL database.
If you wish to store secrets in Azure KeyVault. An Azure KeyVault should be available at the time of installation, and an account with full access over this KeyVault. You will also need the ability to create azure applications when installing the Atria Platform.
Creating the KeyVault and Application can be done ahead of time.
Firewall and Network Requirements
The following outlines the required network protocols, ports, and their purposes for communication between Atria components. Ensure that all of these communications are possible before proceeding.
- Web Server
- Provisioning Server
- Web Services
- Remote Private Directory
| Server | Port Direction | Protocol | Port | Purpose |
|---|---|---|---|---|
| Internet | Inbound | TCP | 443 | Secure HTTP communication (HTTPS). |
| AD Sync | Inbound | TCP | 443 | API communication for Active Directory synchronization. |
| Web Server | Outbound to Provisioning Server | TCP | 8095 | Core communication between Web and Provisioning servers. |
| Web Server | Outbound to Provisioning Server | TCP | 8098 | Extended API communication. |
| Web Server | Outbound to Provisioning Server | TCP | 8100 | Task execution services. |
| Web Server | Outbound to Provisioning Server | TCP | 8101 | Additional services related to provisioning. |
| Web Server | Outbound to SQL Server | TCP | 1433 | Default SQL Server communication (use custom port if specified). |
| Web Server | Outbound to Config Service | TCP | 8095 | Configuration service API communication. |
| Web Server | Outbound to Web Services | TCP | 8095 | Communication with services like Exchange and SharePoint. |
| Server | Port Direction | Protocol | Port | Purpose |
|---|---|---|---|---|
| Provisioning Server | Outbound to SQL Server | TCP | 1433 | Default SQL Server communication (use custom port if specified). |
| Provisioning Server | Outbound to Web Services | TCP | 8095 | Communication with services like Exchange and SharePoint. |
| Provisioning Server | Outbound to SMTP Relay | TCP | 25 | Email delivery for system-generated emails. |
| Provisioning Server | Inbound to RabbitMQ (Mgmt) | TCP | 15671 | RabbitMQ Management communication (HTTPS). |
| Provisioning Server | Inbound to RabbitMQ (Web) | TCP | 15672 | RabbitMQ Management communication (Web UI). |
| Server | Port Direction | Protocol | Port | Purpose |
|---|---|---|---|---|
| Web Services | Outbound to Provisioning Server | TCP | 8095 | Communication with the Provisioning Server for task execution. |
| Server | Port Direction | Protocol | Port | Purpose |
|---|---|---|---|---|
| Remote Private Directory | Outbound to Web Server | TCP | 443 | Secure data retrieval for installation (HTTPS). |
| Remote Private Directory | Outbound to Provisioning Server | TCP | 5671 | Secure communication with RabbitMQ using AMPQs protocol. |
If planning to setup AtriaWeb in a de-militarized network zone (DMZ), make sure that the firewall rules allow (HTTP/HTTPS). The installer will need to communicate with the AtriaConfigService to retrieve encryption keys. Make sure to also open traffic from AtriaWeb to AtriaSQL via SQL ports.
Enable WebSockets on Network Firewall/LoadBalancer
The Atria UI utilizes websockets. if firewalls or loadbalancers are not correctly configured to allow Websockets this will cause some pages within Atria to appear blank/empty.
Configuration to allow websockets will be dependent on the firewall in use.
For example: If using WebProxy to publish your Atria site the configuration looks like this:
Prerequisite software for Atria deployment
For each server that will have core components or web services installed, the below prerequisite items must be installed.
The database installation should be run from the Provisioning Server, so prerequisite items are not required on the SQL Server.
-
Powershell 5.1 (If you are running Windows Server 2022 or later, this is installed by default)
-
.NET Framework 4.8
infoPlease check if Powershell and .NET server versions are both supported by your services (i.e. Exchange, Virtual Apps & Desktops, etc.) If not, then the latest CU or software version of your services needs to be implemented.
-
Add **Host (A) **DNS Records below to be set to the Provisioning Server IP address
- AtriaConfigService
- AtriaHTTPTunnel
- AtriaPlatformAPI
-
Add CNAME DNS records
- AtriaSQL (alias for the sql server host)
- AtriaWeb (alias for the Atria web server)
-
Create a Domain Admin account that will be used for execution of the Atria installation.
Request Access Token and DeploymentID
To access the Atria Installer platform, you'll need a valid Access Token. To obtain a token please log a support ticket with the Atria Support team. You can contact support via the support portal: Atria Help Center or email support@getatria.com.
In addition to the Access Token, we will provide you with a Deployment Identifier DeploymentID that is needed during the Install/Upgrade to Register your Atria deployment.