Getting started with Confluence Data Center on Azure

On this page:

If you decide to deploy Confluence Data Center in a clustered environment, consider using Microsoft Azure. This platform allows you to scale your deployment elastically by resizing and quickly launching additional nodes, and provides a number of managed services that work out of the box with Confluence Data Center. These services make it easier to configure, manage, and maintain your deployment's clustered infrastructure.

We strongly recommend you set up user management, central logging storage, a backup strategy, and monitoring, just as you would for a Confluence Data Center installation running on your own hardware.

Non-clustered VS clustered environment

A single node is adequate for most Small or Medium size deployments, unless you need specific features that require clustering (for example, high availability). 

If you have an existing Server installation, you can still use its infrastructure when you upgrade to Data Center. Many features exclusive to Data Center (like SAML single sign-onself-protection via rate limiting, and CDN support) don't require clustered infrastructure. You can start using these Data Center features by simply upgrading your Server installation’s license.
 
For more information on whether clustering is right for you, check out Atlassian Data Center architecture and infrastructure options.

How it works

Here's an architectural overview of what you'll get when deploying Confluence Data Center using the template:

The deployment contains one or more Azure standard VM instances as cluster nodes in a scale set. Each cluster node runs Confluence Data Center and Synchrony. This way, you don't need to provision extra nodes to enable collaborative editing. 

The template also provisions an Azure Files storage account for the shared home. This shared home stores attachments and other files accessible to the application cluster nodes. It's mounted as a SAN drive on each node, and treated normally like any other file.

Standardized infrastructure

The Jira Data CenterConfluence Data CenterBitbucket Data Center, and Crowd Data Center templates deploy the following infrastructure components identically:
ComponentConfiguration
Bastion hostThis is a lightweight but highly secure Azure Linux VM that controls SSH access to the application cluster nodes.
Application GatewayBy default, this gateway is composed of two instances for high availability. It acts as a HTTP/HTTPS load balancer for your scale set of application cluster nodes.
MonitoringThe ARM templates configure Azure Monitoring to perform basic health and availability monitoring to cluster nodes and database.
DatabaseYou can choose between Azure SQL Database (MS SQL Server-compatible) or Azure PostgreSQL database. Either way, the database will be configured as service endpoints to only allow traffic from the private network that the cluster nodes are in. This restricted traffic setup helps enhance security.

Limitations

There are some limitations you should be aware of before deciding to deploy to Azure:

  • Autoscaling is not yet available, due to a problem with Hazelcast, which Confluence uses to discover nodes. 
  • You can't use the deployment template to upgrade an existing Confluence deployment, or to provision new nodes running a different version to the rest of your cluster. 
  • If a node is deleted manually, it can't be redeployed without first removing the cluster. The existing database, and the existing shared home directory won't be removed when redeploying.

Preparing for your deployment

Before you begin, you should use the Confluence Data Center load profiles to determine the size of your site.  This information will help you choose the right infrastructure size during deployment.

You should also decide which Azure region is best for your site. Some services, such as such as Application Insights and Azure SQL Analytics, may not be available in all regions. You can check this at https://azure.microsoft.com/en-gb/global-infrastructure/regions/

During the deployment you'll need:

  • Your database details, if you want to use an existing Azure database service. You'll need the database URL, port, username, and password. 
  • A Base64 encoded PFX certificate from a trusted Certificate Authority.
  • Details of your existing CNAME, if you don't want Azure to generate a random domain for you. 

Migrating an existing site to Azure

To migrate, you will need to set up a new Confluence Data Center site in Azure, and then import content from your old site. This approach ensures that your new site is created with optimum settings for Azure. 

Here's a high level overview of the steps:

  1. Back up your existing site, including your database and home directories. 
  2. Make a list of any Marketplace or other user-installed apps
  3. Perform a full site export, excluding attachments if you have a large site. You can also turn on read-only mode, to prevent users from making changes in your old site. 
  4. Deploy Confluence Data Center in Azure via the Azure Portal, or CLI, and test that Confluence is working as expected. 
  5. Import your site export file.  Make sure you know the administrator password for your existing site, as you'll be logged out during the import.
  6. Copy the contents of your /attachments directory to the equivalent directory in your shared home. 
  7. Install any apps.
  8. Test your site. 

At this point you can make the site available to your users, and tear down your old site. 

Tips for a successful migration:

  • Do a trial run first - export your existing site, and import it into Azure to iron out any issues. 
  • Because you're setting up your new site in parallel, your current Confluence site can remain accessible throughout the process.  If you're already running Confluence Data Center, use read-only mode to prevent people making changes after you've exported the site. 
  • Unless your existing site is small, exporting the site without attachments will keep the export file smaller. 

Deploying Confluence Data Center to Azure via Azure marketplace

This method uses the Azure Marketplace to deploy Confluence Data Center using our deployment templates as a reference. 

To deploy Confluence Data Center to Azure using our Marketplace app:

  1. Log in to Azure Portal.
  2. Choose Create a resource to start a new deployment
  3. Search for Atlassian then select Confluence Data Center from the list of Marketplace apps
  4. Choose Create to start configuring the deployment
  5. Follow the prompts in the wizard to configure your deployment.  Refer to the parameters table below for more information. 
  6. Confirm all the details are correct then click Create to purchase the subscription.  Deployment will take about 30 minutes.  
  7. Once deployment is complete, go to the Confluence URL (APPENDPOINT) listed in the deployment outputs to complete onboarding and start using Confluence.  

Confluence-specific parameters

ParametersDescription
Confluence VersionSpecify the version of Confluence you'd like to install in full (for example, 6.14.0). Head to Confluence Release Notes for a list of all releases.
Confluence admin credentials

Provide a name and password for the initial Confluence administrator on your instance.

Confluence Cluster

Select the expected size of your site - trial, small, medium, large, extra large. This will determine the number of Confluence application nodes, and the size of VMs to be provisioned. Choose Change Size to override the defaults.

Standardized infrastructure parameters

The Jira Data CenterConfluence Data CenterBitbucket Data Center, and Crowd Data Center templates all share the same parameters:
ParameterDescription
SubscriptionYour Microsoft Azure subscription type.
Resource groupIf you have an existing resource group, you can use it, or create a new one.
LocationThis is the region where Azure will house your deployment.
SSH AccessProvide an SSH public key to be used to SSH into the instance that will act as bastion host, and a username and password for SSH access to the Bitbucket nodes.

See Create and use an SSH public-private key pair for Linux VMs in Azure in the Microsoft Azure documentation.

Database configuration

Choose between an Azure SQL Database, or Azure Database for PostgreSQL. Provide a username and password for the database admin user.

Existing databases

If you want to integrate with an existing database, you'll have to deploy to Azure using the CLI.

CNAMEThis is the  Canonical Name record (CNAME) for your organization. If you don't provide one, Azure will generate a random sub domain for your instance.
HTTP/SSLProvide the certificate and password to be used for SSL termination on the Azure Application Gateway.
MonitoringChoose the monitoring and analytics services that you would like to enable. Subject to availability in your location. See Monitoring for related information.

Deploying Confluence Data Center to Azure using the CLI

This method uses the Azure command line interface to deploy Confluence Data Center using our deployment templates as a reference. You'll need to install the Azure CLI to do this.

Using the deployment templates directly allows for greater configuration granularity. All hardware choices such as the number of cluster nodes, size, disk size, and OS type are configurable as parameters. 

Head to https://bitbucket.org/atlassian/atlassian-azure-deployment and check out the README to find out how to to deploy using the CLI. 

Required parameters 

The deployment template requires a number of values to be provided in order to deploy your Confluence Data Center instance. 

ParameterDescription

confClusterSize

To use recommended hardware options for the Confluence installation choose a size. Allowed values:

  • trial
  • small
  • medium
  • large
  • enterprise

If set, all further Gateway, VM, DB size parameters will be ignored.

clusterSshPassword

This is the SSH password you'll use to access your Confluence nodes.

dbPassword

This the password for your dedicated database user.

The password must meet a strong password requirement (imposed by AzureSQL Server): it must be between 16 and 41 characters long, and must contain at least one uppercase letter, one lowercase letter, one number (0-9), and one non-alphanumeric character (., !, $, #, %, etc). See the Azure SQL password documentation for details.

confAdminUserPassword

This is the password for your Confluence administrator's account.

Optional parameters 

The following parameters are optional. If you don't provide a value in the parameter file, we'll use the default values listed below. 

ParameterDefault valueDescription

confluenceVersion

Latest

This is the version of Confluence you want to install on your cluster nodes. Enter the Confluence version number in full, for example "6.14.0".

We don't recommend using versions prior to 6.12, as they don't support managed Synchrony.

customDownloadUrl

empty

Use this URL to override standard Atlassian download url, for example to specify beta, release candidate or EAP versions. Used in conjunction with the confluenceVersion parameter.

dbCreateNew

true

Create a new database or attempt to use an existing specified database. Note that this has to be in same resource group and location as the target deployment.

dbType

Azure SQL DBChoose between Azure SQL Server and Azure DB for PostgreSQL.
dbHostauto-generatedThe hostname of database server to be used if an external database is being used. This will be autogenerated if a new database is to be created.
dbPort1433The database port to use if an external database is being used. This will be autogenerated if a new database is to be created.
dbDatabaseconfdatabaseThe database name to use if an external database is being used. This will be autogenerated if a new database is to be created.
dbSchemaauto-generatedThe database schema to use if an external database is being used. This will be autogenerated if a new database is to be created.
dbUsernameconfluencedbuserThe username for the dedicated database user.

cname

auto-generated

This is the Canonical Name record (CNAME) for your organization. If you don't provide one, Azure will generate a random domain.

If you do use a custom domain, you must also update your Domain Registrar's settings to add the Azure DNS Name Servers. Consult your domain registry's documentation on how to configure cname records.

sslBase64EncodedPfxCertificate


The certificate to be used for SSL termination on the Azure Application Gateway.

sslPfxCertificatePassword


The certificate password to be used for SSL termination on the Azure Application Gateway.

jumpboxSshKey

The SSH public key to use to access the bastion host (jumpbox)

confAdminUserName

adminThe username for the Confluence Administrator's account. Must be lowercase.

confAdminUserFullName

Admin AdminThe full name of the Confluence Administrator's account.
confAdminUserEmailadmin@example.comThe email address of the Confluence Administrator user.
confAppTitleAtlassian ConfluenceThe name of your Confluence site.
jumpboxSshUserconfluenceadminThis is the SSH user you'll use to access the bastion host (jumpbox).
clusterSshUserconfluenceadminThe SSH username to use to access the Confluence nodes from the bastion host (jumpbox). This is the only way you can access Confluence nodes.
enableEmailAlertstrueEnable email alerts.
enableApplicationInsightstrueEnable Azure Application Insights.

enableAnalytics

trueEnable Azure Operational Insights.

Overriding the recommended hardware options

The confClusterSize parameter allows you to select the size of your deployment, and then use our recommendations for all resources to be created. 

If you choose not to set the confClusterSize parameter, you can choose to define your own values for things like dbTier, dbTierSize, clusterVmSize, LinuxOsType, and appGtwyTier

These parameters are all listed in the azuredeploy.json template file, with a description and allowed values.  You should also check out the Developing guide in the template repository to learn more about developing your own template.   

Securing your Azure deployment

We recommend deploying Confluence with SSL. Our template will prompt you for a certificate and password. 

Good to know:

  • HTTPS is terminated at the application gateway.
  • Your certificate should be from a trusted Certificate Authority. You should avoid self-signed certificates.

Monitoring

As a number of the resources we provision are managed by Azure, a number of options are available for  monitoring. For example:

  • A number of default alerts are available, such as cluster nodes going offline, CPU, or Db DTU exceeding 80%. These alerts will be emailed to the Confluence Administrator email address specified in the deployment.

  • Application Insights can be used to see the overall system health, and dig into particular areas of interest Application Insights in the Azure documentation. 

  • Azure SQL Analytics is available for more granular monitoring of your SQL Server database.   Monitor Azure SQL Database using Azure SQL Analytics in the Microsoft Azure documentation. 

Note that some of these resources are still in Preview, so may not be available in your location yet. 

Last modified on May 31, 2019

Was this helpful?

Yes
No
Provide feedback about this article
Powered by Confluence and Scroll Viewport.