Getting started with Confluence Data Center on Azure
We've updated our Azure templates since this Confluence version was released. The new templates provide an improved architecture and work best with Confluence 6.12 and later.
Check out the latest documentation for more information.
Confluence Data Center is an excellent fit for the Microsoft Azure environment. We provide a reference template that lets you deploy Confluence Data Center in Microsoft Azure, and you can then configure it depending on your organization's Azure best practices. It's the fastest way to get everything you need to run Confluence Data Center up and running in Azure.
We strongly recommend you set up user management, central logging storage, a backup strategy, and monitoring, just as you would for a Confluence Data Center installation running on your own hardware.
How it works
Here's an architectural overview of what you'll get when deploying Confluence Data Center using the template:
The deployment consists of the following components:
- One or more Azure standard Linux VM instances as cluster nodes, running Confluence, in a scale set
- One or more Azure standard Linux VM instances as cluster nodes, running Synchrony (required for collaborative editing), in a scale set
- Azure SQL server database
- a storage account for the shared home directory which contains attachments and other files accessible to all Confluence nodes
- a NAT box (or jumpbox)
- an application gateway
Azure SQL instances can't be created in a virtual private network/subnet. To ensure security, the SQL Server firewall has been configured to only allow traffic from the private network that the cluster nodes reside in. The SQL Server firewall rules require a public IP address upfront during deployment, and as the application gateway's public IP address isn't known at this stage of the deployment, we use the public IP address of NAT box (jumpbox). This network topology means that all traffic from the cluster to the SQL Server is routed through the NAT box, and all public traffic to the cluster is also routed through the NAT box, including all SSH traffic and L4 traffic to the application gateway.
The application gateway also acts as a load balancer for your scale set of Confluence and Synchrony nodes.
We use a storage account for Confluence's shared home directory. As with the Azure SQL Server, this service exists outside the virtual network. It's mounted on each Confluence node, and it's treated as any other file would be.
Limitations
There are some limitations you should be aware of before deciding to deploy to Azure:
- Autoscaling is not yet available, due to a problem with Hazelcast, which Confluence uses to discover nodes.
- We don't provide any backup solutions beyond the default site backup (XML export)
- We don't provide any additional node monitoring. Azure provides some basic monitoring, including CPU usage and network / disk rates.
- No log aggregation. Logs are only stored in the local home directory on the VMs provisioned during set up. If a VM is lost its logs will also be lost.
- You can't use the deployment template to upgrade an existing Confluence deployment, or to provision new nodes running a different version to the rest of your cluster
- SSL is not enabled. You'll need to manually configure your application gateway. See Additional steps for SSL below for more information.
- If a node is deleted manually, it can't be redeployed without first removing the cluster. The existing database, and the existing shared home directory won't be removed when redeploying.
- Due to the network topology of the different resources required, the NAT virtual machine will have a relatively high network load. This may become a bottleneck if there is a lot of traffic. If you increase the size of your cluster, you'll need to also increase the NAT virtual machine to make sure the larger cluster handles traffic effectively. This limitation will be rectified once Virtual Network integration for Azure Storage and Azure SQL is available.
Deploying Confluence Data Center to Azure via Azure marketplace
This method uses the Azure Marketplace to deploy Confluence Data Center using our deployment templates as a reference.
To deploy Confluence Data Center to Azure using our Marketplace app:
- Log in to Azure Portal
- Choose New to start a new deployment
- Search for Atlassian then select Confluence Data Center from the list of Marketplace apps
- Choose Create to start configuring the deployment
- Follow the prompts in the wizard to configure your deployment. Refer to the parameters table below for more information.
- Confirm all the details are correct then click Create to purchase the subscription. Deployment will take about 30 minutes.
- Once deployment is complete, go to the Confluence URL listed in the deployment outputs to complete onboarding and start using Confluence.
Parameters
Parameters | Description |
---|---|
CNAME | This is the Canonical Name record (CNAME) for your organization. If you don't provide one, Azure will generate a random sub domain for your instance. |
Subscription | Your Microsoft Azure subscription type. |
Resource group | If you have an existing resource group, you can use it, or create a new one. |
Location | This is the region where Azure will house your deployment. |
Confluence admin credentials | Provide a name and password for the initial Confluence administrator on your instance. |
Number and size of nodes | Specify the initial number of nodes, and the size of each node. This can be reconfigured at a later date. |
Synchrony cluster size | Choose automatic for the number of Synchrony nodes to be determined by the number of Confluence nodes (using the ratio of one Synchrony node to every three Confluence nodes, with a minimum of 2 nodes). Alternatively, choose manual to specify the number and size of nodes. |
Database credentials | Provide a username and password for the database admin user. |
Database size | Choose automatic for the database tier to be determined by the number of Confluence nodes. Alternatively, choose manual to specify a specific database tier and edition. |
Jumpbox credentials | Provide a username and SSH public key for the jumpbox. |
Confluence and Synchrony node credentials | Provide a username and password for your nodes. These credentials are used across all Confluence and Synchrony nodes. |
Deploying Confluence Data Center to Azure using the CLI
This method uses the Azure command line interface to deploy Confluence Data Center using our deployment templates as a reference. You'll need to install the Azure CLI to do this.
To deploy Confluence Data Center to Azure using the command line interface:
Download the
azuredeploy.json
template file andazuredeploy.parameters.json
parameters file from the Confluence directory on https://bitbucket.org/atlassian/atlassian-azure-deployment.- Edit the
azuredeploy.parameters.json
parameters file, and insert values for the following required parameters:- Cluster size
- SSH key (used for the NAT box)
- SSH password (for the cluster nodes)
- Database password
- Full name, username and password for the Confluence administrator account
- Your confluence license
- Confluence version (6.4.0 and later)
The template applies sensible defaults for a number of other parameters, including the size of your VMs and database instance. You can choose to override these defaults if you want to specify particular values. - Log in to Azure via the command line interface.
Create a resource group. This will be the container for the Confluence resources you deploy.
az group create --name ConfluenceDataCenter --location "Central US"
Create a new deployment, and specify the Confluence data center template file and parameters file.
az group deployment create \ --name ConfluenceDataCenterDeployment \ --resource-group ConfluenceDataCenter \ --template-file azuredeploy.json \ --parameters azuredeploy.parameters.json
- Log in to the Azure Portal to see the deployment outputs. The Application URL is the URL for your new Confluence site.
- Go to the Application URL in your browser to complete onboarding and start using Confluence.
Required parameters
The deployment template requires a number of values to be provided in order to deploy your Confluence Data Center instance.
Parameter | Description |
---|---|
clusterSize | This is the number of Confluence nodes in your cluster. The number of Synchrony nodes will be automatically determined by the number of Confluence nodes using the ratio of one Synchrony node to every three Confluence nodes (with a minimum of 2 nodes). |
jumpboxSshKey | This is the SSH Key you'll use to access the NAT box (jumpbox). |
nodeSshPassword | This is the SSH password you'll use to access your Confluence and Synchrony nodes. |
dbPassword | This the password for your dedicated database user. The password must meet a strong password requirement (imposed by AzureSQL Server): it must be between 16 and 41 characters long, and must contain at least one uppercase letter, one lowercase letter, one number (0-9), and one non-alphanumeric character (., !, $, #, %, etc). See the Azure SQL password documentation for details. |
userName | This is the username for your Confluence administrator's account. |
userFullname | This is the full name of your Confluence administrator user. |
userEmail | This is the email address of your Confluence administrator user. |
userCredential | This is the password for your Confluence administrator's account. |
confluenceLicense | This is your Confluence Data Center license key. If you already have a license, you can retrieve it from my.atlassian.com. You can't use this deployment template to deploy Confluence Server. If you do not yet have a license you can generate one at my.atlassian.com or omit this parameter and your site will be provisioned with a time-limited evaluation license. |
Optional parameters
The following parameters are optional. If you don't provide a value in the parameter file, we'll use sensible default values.
Parameter | Default value | Description |
---|---|---|
cname | empty | Leave empty/unset to use the Fully Qualified Domain Name (FQDN) provided by Azure automatically. However, if you own a custom domain name, you can use this parameter to set the base URL of your Confluence site to the custom domain. If you do use a custom domain, you must also create an appropriate cname record to point to the FQDN of the Confluence instance (printed as part of the output of the |
confluenceVmSize | Standard_DS2_v2 | This is the size of the virtual machines that will be your Confluence and Sycnhrony cluster nodes. Specify your own value if you want to provision larger VMs. |
natVmSize | Standard_DS3_v2 | This is the size of the NAT box (jumpbox). Specifiy your own value if you want to provision a larger VM. Note that the NAT box VM type must have at least 3 network cards (NIC). The smallest VMs which only have two network cards cannot be used for the jumpbox. See the Azure VM size documentation for details. |
jumpboxSshUser | confluenceadmin | This is the SSH user you'll use to access the NAT box (jumpbox). |
nodeSshUser | confluenceadmin | This is the SSH username you'll use to access the Confluence and Synchrony nodes. |
confluenceVersion | 6.4.0 | This is the version of Confluence you want to install on your cluster nodes. Enter the Confluence version number in full, for example "6.4.0". Azure deployment is compatible only for versions 6.4.0 or later. WARNING: Once deployed, this version must continue to be used if you update the deployment (for example, to add more nodes). Changing this value in a subsequent deployment may corrupt your Confluence instance. You can't use the confluenceVersion parameter to upgrade an existing deployment to a newer version of Confluence. |
applicationTitle | Atlassian Confluence | This is the name of your Confluence site. |
applicationGatewaySize | Standard_Medium | This is the size of your application gateway. Specify your own value if you want to provision a particular application gateway size. |
VM and database sizing considerations
The deployment template uses a number of sensible defaults for the VM size, database tier and application gateway size, which are automatically calculated depending on the number of Confluence nodes you provision.
For example, if you chose to deploy a cluster with 6 Confluence nodes we would:
- provision 3 Synchrony nodes (for collaborative editing)
set the database tier to
PRS4
- set the application gateway capacity to 3
It is possible to manually control the Database tier, and the Synchrony cluster size by setting some of these parameters in the azuredeploy.parameters.json
. However, we don't recommend attempting to deploy Confluence Data Center on anything less than the automatically chosen defaults, as it may not meet required performance characteristics (such as not enough datatabase DTUs).
To override the database tier, set the parameter dbTierOption
to 'manual' in the parameters file. Then set these parameters:
dbTier
to one of the available database tiers, e.g., PRS1 (see the Azure documentation on the resource limits).dbEdition
to one of the available database editions (Standard,
Premium
, andPremiumRS
).
To override the Synchrony cluster sizes, set the parameter synchronyVmOption
to 'manual'. Then set these parameters:
synchronyVmSize
to the desired vm type (see the parameterconfluenceVmSize
)synchronyClusterSize
to the desired number of Synchrony nodes.
Additional steps required for SSL
As noted in limitations above, you'll need to manually configure your application gateway.
There's currently a bug which stops SSL from being used in the templates unless the administrator performs the following steps manually.
On every Confluence node:
- Edit the
${confluence_install_dir}/conf/server.xml
file. - In the
<connector>
element, change thescheme
attribute tohttps
. and theproxyPort
to443
. - Edit the
${confluence_install_dir}/bin/setenv.sh
file. - Change the Synchrony service URL (
synchrony.service.url
system property) scheme fromhttp
tohttps
. - Repeat these steps on each Confluence node.
On every Synchrony node:
- Edit the
${confluence_install_dir}/bin/start-synchrony.sh
file - Change the Synchrony service URL (
synchrony.service.url
system property) scheme fromhttp
tohttps
. - Repeat these steps on each Synchrony node.