Getting started with Confluence Data Center on Azure
The Azure ARM template as a method of deployment is nearing its end-of-support date on May 31, 2023. You can still use the template after this date but we won't maintain or update it.
We recommend deploying your Data Center products on a Kubernetes cluster using our Helm charts for a more efficient and robust infrastructure and operational setup. Learn more about deploying on Kubernetes
If you decide to deploy Confluence Data Center in a clustered environment, consider using Microsoft Azure. This platform allows you to scale your deployment elastically by resizing and quickly launching additional nodes, and provides a number of managed services that work out of the box with Confluence Data Center. These services make it easier to configure, manaAutoscaling is not yet available, due to a problem with Hazelcast, which Confluence uses to discover nodes.ge, and maintain your deployment's clustered infrastructure.
We strongly recommend you set up user management, central logging storage, a backup strategy, and monitoring, just as you would for a Confluence Data Center installation running on your own hardware.
Non-clustered VS clustered environment
A single node is adequate for most Small or Medium size deployments, unless you need specific features that require clustering (for example, high availability).
How it works
Here's an architectural overview of what you'll get when deploying Confluence Data Center using the template:
The deployment contains one or more Azure standard VM instances as cluster nodes in a scale set. Each cluster node runs Confluence Data Center and Synchrony. This way, you don't need to provision extra nodes to enable collaborative editing.
The template also provisions an Azure Files storage account for the shared home. This shared home stores attachments and other files accessible to the application cluster nodes. It's mounted as a SAN drive on each node, and treated normally like any other file.
|Bastion host||This is a lightweight but highly secure Azure Linux VM that controls SSH access to the application cluster nodes.|
|Application Gateway||By default, this gateway is composed of two instances for high availability. It acts as a HTTP/HTTPS load balancer for your scale set of application cluster nodes.|
|Monitoring||The ARM templates configure Azure Monitoring to perform basic health and availability monitoring to cluster nodes and database.|
|Database||You can choose between Azure SQL Database (MS SQL Server-compatible) or Azure PostgreSQL database. Either way, the database will be configured as service endpoints to only allow traffic from the private network that the cluster nodes are in. This restricted traffic setup helps enhance security.|
There are some limitations you should be aware of before deciding to deploy to Azure:
Changing the size of the cluster after creation is not possible, due to a limitation in Hazelcast, which Confluence uses to discover nodes.
- You can't use the deployment template to upgrade an existing Confluence deployment, or to provision new nodes running a different version to the rest of your cluster.
- If a node is deleted manually, it can't be redeployed without first removing the cluster. The existing database, and the existing shared home directory won't be removed when redeploying.
Preparing for your deployment
Before you begin, you should use the Confluence Data Center load profiles to determine the size of your site. This information will help you choose the right infrastructure size during deployment.
You should also decide which Azure region is best for your site. Some services, such as such as Application Insights and Azure SQL Analytics, may not be available in all regions. You can check this at https://azure.microsoft.com/en-gb/global-infrastructure/regions/.
During the deployment you'll need:
- Your database details, if you want to use an existing Azure database service. You'll need the database URL, port, username, and password.
- A Base64 encoded PFX certificate from a trusted Certificate Authority.
- Details of your existing CNAME, if you don't want Azure to generate a random domain for you.
Migrating an existing site to Azure
To migrate, you will need to set up a new Confluence Data Center site in Azure, and then import content from your old site. This approach ensures that your new site is created with optimum settings for Azure.
Here's a high level overview of the steps:
- Back up your existing site, including your database and home directories.
- Make a list of any Marketplace or other user-installed apps
- Perform a full site export, excluding attachments if you have a large site. You can also turn on read-only mode, to prevent users from making changes in your old site.
- Deploy Confluence Data Center in Azure via the Azure Portal, or CLI, and test that Confluence is working as expected.
- Import your site export file. Make sure you know the administrator password for your existing site, as you'll be logged out during the import.
- Copy the contents of your
/attachmentsdirectory to the equivalent directory in your shared home.
- Install any apps.
- Test your site.
At this point you can make the site available to your users, and tear down your old site.
Tips for a successful migration:
- Do a trial run first - export your existing site, and import it into Azure to iron out any issues.
- Because you're setting up your new site in parallel, your current Confluence site can remain accessible throughout the process. If you're already running Confluence Data Center, use read-only mode to prevent people making changes after you've exported the site.
- Unless your existing site is small, exporting the site without attachments will keep the export file smaller.
Deploying Confluence Data Center to Azure via Azure marketplace
This method uses the Azure Marketplace to deploy Confluence Data Center using our deployment templates as a reference.
To deploy Confluence Data Center to Azure using our Marketplace app:
- Log in to Azure Portal.
- Choose Create a resource to start a new deployment
- Search for Atlassian then select Confluence Data Center from the list of Marketplace apps
- Choose Create to start configuring the deployment
- Follow the prompts in the wizard to configure your deployment. Refer to the parameters table below for more information.
- Confirm all the details are correct then click Create to purchase the subscription. Deployment will take about 30 minutes.
- Once deployment is complete, go to the Confluence URL (
APPENDPOINT) listed in the deployment outputs to complete onboarding and start using Confluence.
|Confluence Version||Specify the version of Confluence you'd like to install in full (for example, 6.14.0). Head to Confluence Release Notes for a list of all releases.|
|Confluence admin credentials|
Provide a name and password for the initial Confluence administrator on your instance.
Select the expected size of your site - trial, small, medium, large, extra large. This will determine the number of Confluence application nodes, and the size of VMs to be provisioned. Choose Change Size to override the defaults.
Standardized infrastructure parameters
|Subscription||Your Microsoft Azure subscription type.|
|Resource group||If you have an existing resource group, you can use it, or create a new one.|
|Location||This is the region where Azure will house your deployment.|
|SSH Access||Provide an SSH public key to be used to SSH into the instance that will act as bastion host, and a username and password for SSH access to the Bitbucket nodes.|
See Create and use an SSH public-private key pair for Linux VMs in Azure in the Microsoft Azure documentation.
Choose between an Azure SQL Database, or Azure Database for PostgreSQL. Provide a username and password for the database admin user.
If you want to integrate with an existing database, you'll have to deploy to Azure using the CLI.
|CNAME||This is the Canonical Name record (CNAME) for your organization. If you don't provide one, Azure will generate a random sub domain for your instance.|
|HTTP/SSL||Provide the certificate and password to be used for SSL termination on the Azure Application Gateway.|
|Monitoring||Choose the monitoring and analytics services that you would like to enable. Subject to availability in your location. See Monitoring for related information.|
Deploying Confluence Data Center to Azure using the CLI
This method uses the Azure command line interface to deploy Confluence Data Center using our deployment templates as a reference. You'll need to install the Azure CLI to do this.
Using the deployment templates directly allows for greater configuration granularity. All hardware choices such as the number of cluster nodes, size, disk size, and OS type are configurable as parameters.
Head to https://bitbucket.org/atlassian/atlassian-azure-deployment and check out the README to find out how to to deploy using the CLI.
The deployment template requires a number of values to be provided in order to deploy your Confluence Data Center instance.
To use recommended hardware options for the Confluence installation choose a size. Allowed values:
If set, all further Gateway, VM, DB size parameters will be ignored.
This is the SSH password you'll use to access your Confluence nodes.
This the password for your dedicated database user.
The password must meet a strong password requirement (imposed by AzureSQL Server): it must be between 16 and 41 characters long, and must contain at least one uppercase letter, one lowercase letter, one number (0-9), and one non-alphanumeric character (., !, $, #, %, etc). See the Azure SQL password documentation for details.
This is the password for your Confluence administrator's account.
The following parameters are optional. If you don't provide a value in the parameter file, we'll use the default values listed below.
This is the version of Confluence you want to install on your cluster nodes. Enter the Confluence version number in full, for example "6.14.0".
We don't recommend using versions prior to 6.12, as they don't support managed Synchrony.
Use this URL to override standard Atlassian download url, for example to specify beta, release candidate or EAP versions. Used in conjunction with the confluenceVersion parameter.
Create a new database or attempt to use an existing specified database. Note that this has to be in same resource group and location as the target deployment.
|Azure SQL DB||Choose between Azure SQL Server and Azure DB for PostgreSQL.|
|dbHost||auto-generated||The hostname of database server to be used if an external database is being used. This will be autogenerated if a new database is to be created.|
|dbPort||1433||The database port to use if an external database is being used. This will be autogenerated if a new database is to be created.|
|dbDatabase||confdatabase||The database name to use if an external database is being used. This will be autogenerated if a new database is to be created.|
|dbSchema||auto-generated||The database schema to use if an external database is being used. This will be autogenerated if a new database is to be created.|
|dbUsername||confluencedbuser||The username for the dedicated database user.|
This is the Canonical Name record (CNAME) for your organization. If you don't provide one, Azure will generate a random domain.
If you do use a custom domain, you must also update your Domain Registrar's settings to add the Azure DNS Name Servers. Consult your domain registry's documentation on how to configure cname records.
The certificate to be used for SSL termination on the Azure Application Gateway.
The certificate password to be used for SSL termination on the Azure Application Gateway.
The SSH public key to use to access the bastion host (jumpbox)
|admin||The username for the Confluence Administrator's account. Must be lowercase.|
|Admin Admin||The full name of the Confluence Administrator's account.|
|confAdminUserEmailfirstname.lastname@example.org||The email address of the Confluence Administrator user.|
|confAppTitle||Atlassian Confluence||The name of your Confluence site.|
|jumpboxSshUser||confluenceadmin||This is the SSH user you'll use to access the bastion host (jumpbox).|
|clusterSshUser||confluenceadmin||The SSH username to use to access the Confluence nodes from the bastion host (jumpbox). This is the only way you can access Confluence nodes.|
|enableEmailAlerts||true||Enable email alerts.|
|enableApplicationInsights||true||Enable Azure Application Insights.|
|true||Enable Azure Operational Insights.|
Overriding the recommended hardware options
confClusterSize parameter allows you to select the size of your deployment, and then use our recommendations for all resources to be created.
If you choose not to set the
confClusterSize parameter, you can choose to define your own values for things like
These parameters are all listed in the
azuredeploy.json template file, with a description and allowed values. You should also check out the Developing guide in the template repository to learn more about developing your own template.
Securing your Azure deployment
We recommend deploying Confluence with SSL. Our template will prompt you for a certificate and password.
Good to know:
- HTTPS is terminated at the application gateway.
- Your certificate should be from a trusted Certificate Authority. You should avoid self-signed certificates.
As a number of the resources we provision are managed by Azure, a number of options are available for monitoring. For example:
A number of default alerts are available, such as cluster nodes going offline, CPU, or Db DTU exceeding 80%. These alerts will be emailed to the Confluence Administrator email address specified in the deployment.
Application Insights can be used to see the overall system health, and dig into particular areas of interest Application Insights in the Azure documentation.
Azure SQL Analytics is available for more granular monitoring of your SQL Server database. Monitor Azure SQL Database using Azure SQL Analytics in the Microsoft Azure documentation.
Note that some of these resources are still in Preview, so may not be available in your location yet.
Was this helpful?Yes Provide feedback about this article