Getting started with Confluence Data Center on Azure

We've updated our Azure templates since this Confluence version was released. The new templates provide an improved architecture and work best with Confluence 6.12 and later.

Check out the latest documentation for more information.


Confluence Data Center is an excellent fit for the Microsoft Azure environment. We provide a reference template that lets you deploy Confluence Data Center in Microsoft Azure, and you can then configure it depending on your organization's Azure best practices. It's the fastest way to get everything you need to run Confluence Data Center up and running in Azure. 

We strongly recommend you set up user management, central logging storage, a backup strategy, and monitoring, just as you would for a Confluence Data Center installation running on your own hardware.

How it works

Here's an architectural overview of what you'll get when deploying Confluence Data Center using the template:

The deployment consists of the following components:

  • One or more Azure standard Linux VM instances as cluster nodes, running Confluence, in a scale set
  • One or more Azure standard Linux VM instances as cluster nodes, running Synchrony (required for collaborative editing), in a scale set
  • Azure SQL server database
  • a storage account for the shared home directory which contains attachments and other files accessible to all Confluence nodes
  • a NAT box (or jumpbox)
  • an application gateway

Azure SQL instances can't be created in a virtual private network/subnet. To ensure security, the SQL Server firewall has been configured to only allow traffic from the private network that the cluster nodes reside in. The SQL Server firewall rules require a public IP address upfront during deployment, and as the application gateway's public IP address isn't known at this stage of the deployment, we use the public IP address of NAT box (jumpbox). This network topology means that all traffic from the cluster to the SQL Server is routed through the NAT box, and all public traffic to the cluster is also routed through the NAT box, including all SSH traffic and L4 traffic to the application gateway.

The application gateway also acts as a load balancer for your scale set of Confluence and Synchrony nodes.

We use a storage account for Confluence's shared home directory. As with the Azure SQL Server, this service exists outside the virtual network. It's mounted on each Confluence node, and it's treated as any other file would be.

Limitations

There are some limitations you should be aware of before deciding to deploy to Azure:

  • Autoscaling is not yet available, due to a problem with Hazelcast, which Confluence uses to discover nodes. 
  • We don't provide any backup solutions beyond the default site backup (XML export)
  • We don't provide any additional node monitoring. Azure provides some basic monitoring, including CPU usage and network / disk rates. 
  • No log aggregation. Logs are only stored in the local home directory on the VMs provisioned during set up. If a VM is lost its logs will also be lost.
  • You can't use the deployment template to upgrade an existing Confluence deployment, or to provision new nodes running a different version to the rest of your cluster 
  • SSL is not enabled.  You'll need to manually configure your application gateway. See Additional steps for SSL below for more information. 
  • If a node is deleted manually, it can't be redeployed without first removing the cluster. The existing database, and the existing shared home directory won't be removed when redeploying.
  • Due to the network topology of the different resources required, the NAT virtual machine will have a relatively high network load. This may become a bottleneck if there is a lot of traffic. If you increase the size of your cluster, you'll need to also increase the NAT virtual machine to make sure the larger cluster handles traffic effectively. This limitation will be rectified once Virtual Network integration for Azure Storage and Azure SQL is available. 

Deploying Confluence Data Center to Azure via Azure marketplace

This method uses the Azure Marketplace to deploy Confluence Data Center using our deployment templates as a reference. 

To deploy Confluence Data Center to Azure using our Marketplace app:

  1. Log in to Azure Portal
  2. Choose New to start a new deployment
  3. Search for Atlassian then select Confluence Data Center from the list of Marketplace apps
  4. Choose Create to start configuring the deployment
  5. Follow the prompts in the wizard to configure your deployment.  Refer to the parameters table below for more information. 
  6. Confirm all the details are correct then click Create to purchase the subscription.  Deployment will take about 30 minutes.  
  7. Once deployment is complete, go to the Confluence URL listed in the deployment outputs to complete onboarding and start using Confluence.  

Parameters

ParametersDescription
CNAME

This is the  Canonical Name record (CNAME) for your organization. If you don't provide one, Azure will generate a random sub domain for your instance.

SubscriptionYour Microsoft Azure subscription type.
Resource groupIf you have an existing resource group, you can use it, or create a new one.
LocationThis is the region where Azure will house your deployment.
Confluence admin credentials

Provide a name and password for the initial Confluence administrator on your instance.

Number and size of nodesSpecify the initial number of nodes, and the size of each node. This can be reconfigured at a later date.
Synchrony cluster size

Choose automatic for the number of Synchrony nodes to be determined by the number of Confluence nodes (using the ratio of one Synchrony node to every three Confluence nodes, with a minimum of 2 nodes).

Alternatively, choose manual to specify the number and size of nodes.

Database credentialsProvide a username and password for the database admin user.
Database sizeChoose automatic for the database tier to be determined by the number of Confluence nodes.

Alternatively, choose manual to specify a specific database tier and edition.

Jumpbox credentialsProvide a username and SSH public key for the jumpbox.
Confluence and Synchrony node credentialsProvide a username and password for your nodes. These credentials are used across all Confluence and Synchrony nodes.


Deploying Confluence Data Center to Azure using the CLI

This method uses the Azure command line interface to deploy Confluence Data Center using our deployment templates as a reference. You'll need to install the Azure CLI to do this.

To deploy Confluence Data Center to Azure using the command line interface:

  1. Download the azuredeploy.json template file and azuredeploy.parameters.json parameters file from the Confluence directory on https://bitbucket.org/atlassian/atlassian-azure-deployment.

  2. Edit the azuredeploy.parameters.json  parameters file, and insert values for the following required parameters:
    • Cluster size
    • SSH key (used for the NAT box)
    • SSH password (for the cluster nodes)
    • Database password
    • Full name, username and password for the Confluence administrator account
    • Your confluence license
    • Confluence version (6.4.0 and later)
       
    See the table below for more information on each of these required values. 

    The template applies sensible defaults for a number of other parameters, including the size of your VMs and database instance. You can choose to override these defaults if you want to specify particular values. 
  3. Log in to Azure via the command line interface. 
  4. Create a resource group. This will be the container for the Confluence resources you deploy.

    az group create --name ConfluenceDataCenter --location "Central US"
    
  5. Create a new deployment, and specify the Confluence data center template file and parameters file.

    az group deployment create \
        --name ConfluenceDataCenterDeployment \
        --resource-group ConfluenceDataCenter \
        --template-file azuredeploy.json \
        --parameters azuredeploy.parameters.json
  6. Log in to the Azure Portal to see the deployment outputs. The Application URL is the URL for your new Confluence site.
  7. Go to the Application URL in your browser to complete onboarding and start using Confluence.

Required parameters 

The deployment template requires a number of values to be provided in order to deploy your Confluence Data Center instance. 

ParameterDescription

clusterSize

This is the number of Confluence nodes in your cluster.

The number of Synchrony nodes will be automatically determined by the number of Confluence nodes using the ratio of one Synchrony node to every three Confluence nodes (with a minimum of 2 nodes).

jumpboxSshKey

This is the SSH Key you'll use to access the NAT box (jumpbox).

nodeSshPassword

This is the SSH password you'll use to access your Confluence and Synchrony nodes.

dbPassword

This the password for your dedicated database user.

The password must meet a strong password requirement (imposed by AzureSQL Server): it must be between 16 and 41 characters long, and must contain at least one uppercase letter, one lowercase letter, one number (0-9), and one non-alphanumeric character (., !, $, #, %, etc). See the Azure SQL password documentation for details.

userName

This is the username for your Confluence administrator's account.

userFullname

This is the full name of your Confluence administrator user.

userEmail

This is the email address of your Confluence administrator user.

userCredential

This is the password for your Confluence administrator's account.

confluenceLicense

This is your Confluence Data Center license key. If you already have a license, you can retrieve it from my.atlassian.com. You can't use this deployment template to deploy Confluence Server.

If you do not yet have a license you can generate one at my.atlassian.com or omit this parameter and your site will be provisioned with a time-limited evaluation license.

Optional parameters 

The following parameters are optional. If you don't provide a value in the parameter file, we'll use sensible default values. 

ParameterDefault valueDescription

cname

empty

Leave empty/unset to use the Fully Qualified Domain Name (FQDN) provided by Azure automatically. However, if you own a custom domain name, you can use this parameter to set the base URL of your Confluence site to the custom domain.

If you do use a custom domain, you must also create an appropriate cname record to point to the FQDN of the Confluence instance (printed as part of the output of the az command when deploying this reference template). Consult your domain registry's documentation on how to configure cname records.

confluenceVmSize

Standard_DS2_v2

This is the size of the virtual machines that will be your Confluence and Sycnhrony cluster nodes. Specify your own value if you want to provision larger VMs.

natVmSize

Standard_DS3_v2

This is the size of the NAT box (jumpbox). Specifiy your own value if you want to provision a larger VM.

Note that the NAT box VM type must have at least 3 network cards (NIC). The smallest VMs which only have two network cards cannot be used for the jumpbox. See the Azure VM size documentation for details.

jumpboxSshUser

confluenceadmin

This is the SSH user you'll use to access the NAT box (jumpbox).

nodeSshUser

confluenceadmin

This is the SSH username you'll use to access the Confluence and Synchrony nodes.

confluenceVersion

6.4.0

This is the version of Confluence you want to install on your cluster nodes. Enter the Confluence version number in full, for example "6.4.0". Azure deployment is compatible only for versions 6.4.0 or later.

WARNING: Once deployed, this version must continue to be used if you update the deployment (for example, to add more nodes). Changing this value in a subsequent deployment may corrupt your Confluence instance. You can't use the confluenceVersion parameter to upgrade an existing deployment to a newer version of Confluence.

applicationTitle

Atlassian Confluence

This is the name of your Confluence site.

applicationGatewaySize

Standard_Medium

This is the size of your application gateway.

Specify your own value if you want to provision a particular application gateway size.

VM and database sizing considerations

The deployment template uses a number of sensible defaults for the VM size, database tier and application gateway size, which are automatically calculated depending on the number of Confluence nodes you provision. 

For example, if you chose to deploy a cluster with 6 Confluence nodes we would:

  • provision 3 Synchrony nodes (for collaborative editing)
  • set the database tier to PRS4

  • set the application gateway capacity to 3

It is possible to manually control the Database tier, and the Synchrony cluster size by setting some of these parameters in the azuredeploy.parameters.json. However,  we don't recommend attempting to deploy Confluence Data Center on anything less than the automatically chosen defaults, as it may not meet required performance characteristics (such as not enough datatabase DTUs). 

To override the database tier, set the parameter dbTierOption to 'manual' in the parameters file. Then set these parameters:

To override the Synchrony cluster sizes, set the parameter synchronyVmOption to 'manual'. Then set these parameters:

  • synchronyVmSize to the desired vm type (see the parameter confluenceVmSize )
  • synchronyClusterSize to the desired number of Synchrony nodes.


Additional steps required for SSL

As noted in limitations above, you'll need to manually configure your application gateway. 

There's currently a bug which stops SSL from being used in the templates unless the administrator performs the following steps manually. 

On every Confluence node:

  1. Edit the ${confluence_install_dir}/conf/server.xml  file. 
  2. In the <connector> element, change the scheme attribute to https. and the proxyPort to 443
  3. Edit the  ${confluence_install_dir}/bin/setenv.sh file.
  4. Change the Synchrony service URL (synchrony.service.url system property) scheme from http to https.
  5. Repeat these steps on each Confluence node. 

On every Synchrony node:

  1. Edit the ${confluence_install_dir}/bin/start-synchrony.sh file 
  2. Change the Synchrony service URL (synchrony.service.url system property) scheme from http to https.
  3. Repeat these steps on each Synchrony node.
Last modified on Mar 7, 2019

Was this helpful?

Yes
No
Provide feedback about this article
Powered by Confluence and Scroll Viewport.