# On-Premise and BYOC

We offer two main variants of on-premise/bring-your-own-cloud deployments:

### **Deployment Types**

* VM (services are run in Docker Containers)
  * Single VM installations work for 300-2000 users.
  * We can separate the Databases onto separate VMs/Managed Solutions for easier backups.
* Kubernetes with Managed Databases
  * This is a scalable and highly available deployment for 1000+ users.

***

### **VM Based Deployment Requirements (300-2000 Users)**

* **Linux VM with:**
  * 16 Cores and 64 GB of RAM
  * 512 GB SSD (resizable)
    * If the infrastructure does not support dynamic disk expansion, please provision a larger initial volume.
    * Disk backups/replication should be enabled.
  * Ubuntu Server LTS (24.04) OS
    * Username should be ubuntu or we360user.
  * Sufficient Network Bandwidth
* **External Storage for Screenshots and Backups (Elastic)**
  * External S3-compatible Object Storage (preferred)

    *or*
  * NFS like distributed file system

    * Durability and corruption issues may surface

    *or*
  * Additional attached disks
    * Please note that automated backup workflows are not compatible with locally attached disks.
* **Network Access**
  * SSH Access for deployment and maintenance
  * Outbound access for:
    * Fetching configuration,
    * Licensing details and
    * Updates
* **Managed/External Databases (Optional)**
  * Managed PostgreSQL Database (Optional, but recommended)
  * Clickhouse Database (Optional)

### **Kubernetes Requirements (1000+ Users)**

* Kubernetes Cluster (1.30+) with appropriate networking and load balancing.
* Kubernetes Worker Nodes:
  * 3-6 nodes of size 8 cores and 32GB RAM (worker node sizing/numbers will be based on user count)
  * Ensure worker nodes have a minimum of 100GB available for image caching and ephemeral storage.
* A storage provisioner (CSI Driver) that can provision at least 100 GB of disk space (SSD preferred)
* We require two databases to be installed separately, either on VMs or as Managed Services.
  * PostgreSQL Database
  * Clickhouse Database

***

### **Database Requirements**

* Managed PostgreSQL 16/17/18 Database with 2 Cores, 8GB RAM and a 256 GB SSD.
  * Please ensure that all VMs/Containers on the private network can connect to the database by making appropriate changes to `pg_hba.conf`.
    * This is typically managed via the provider's security group, server parameters or firewall settings for Cloud Managed DBs.
  * The server must be able support 300 connections.
  * Please ensure you have backups and WAL replication/PITR enabled.
* Clickhouse Database with 2 Cores, 8 GB RAM and a 400 GB SSD.
  * Please ensure that you have disk snapshots enabled.

#### **Additional Notes:**

* We can share Images for Clickhouse upon request.

### **Network Requirements**

#### **Outbound Access**

* All Outbound Internet access must open during deployment.
* Following outbound access must be open always:
  * To our licensing server at <code class="expression">space.vars.company\_licensing\_server\_url</code> both from the on-prem infrastructure and from client machines. No customer data is sent to this service except for licensing and tenant configuration.
  * Container registries:
    * docker.io
    * gcr.io
    * quay.io
    * \*.azurecr.io
    * docker.elastic.co
    * \*.amazonaws.com
    * registry.gitlab.com
    * container-registry.we360.ai
  * Python package hosts:
    * pypi.org
    * pypi.python.org
    * pythonhosted.org
    * files.pythonhosted.org
  * Ubuntu and Debian repository servers (along with the cloud provided mirrors) on HTTP and HTTPS:
    * security.debian.org
    * deb.debian.org
    * ftp.debian.org
    * archive.ubuntu.com
  * Azure Blob Storage, AWS S3 and Google Cloud Storage (to download our configuration files and installation scripts).
  * raw\.githubusercontent.com (to download configuration files).

#### **Internal Access**

* All internal access must be open i.e. all VMs must be able to communicate with each other on all ports with TCP, UDP and ICMP. Please make appropriate changes to the Security Groups, Cloud/Data Centre Firewalls and Linux Server Firewalls (iptables, ufw, systemd etc.).

#### **Inbound Access**

* Ports 80 and 443 must be open for Inbound Traffic for HTTP(S)/Websocket/TCP.
* In case of a single node deployment, inbound SSH must be allowed.

***

### **IPs, DNS and Certificates**

* Domains and certificates for API and Auth servers.
  * These domain names must resolve to the correct Load Balancer/VM both in the private network of the VM/Cluster and on the client machines.
  * Suggested domains are as follows:
    * `api.<your_base_subdomain>` and\
      `auth.<your_base_subdomain>`
    * `api-we360.<your_base_subdomain>` and\
      `auth-we360.<your_base_subdomain>`
* Depending on the exact architecture, two additional domains and their SSL certificates might be required.

#### **IP Addresses**

We will require 1-2 public IP addresses.

***

### **Email Server**

* To enable email functionality for your on-premises deployment, we require access to an SMTP server. Share its:
  * From Display Name and From Email Address
  * Authentication Credentials - Username and password or API key
  * Server details (Hostname/IP Address, Port Number)
  * Encryption Method - TLS/STARTTLS/SSL
* Recommended SMTP Service Providers:
  * Zeptomail by Zoho
  * Amazon Simple Email Service (SES)
  * Mailgun

### **Monitoring and Alerts**

* Disk Usage Alert (80% threshold) - Configure monitoring to trigger alerts when any disk partition reaches 80% capacity.
* External Storage Usage Alert
* CPU Usage (Optional)
* Memory Usage (Optional)

### **Storage Estimates**

* Screenshots Data captured per user per month (at 5 minute frequency, assuming 8 working hours): 1 GB
* Screen Recording Data captured per user per month (assuming 8 working hours): 15GB


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.we360.ai/deployment-and-it-ops/infrastructure-management-on-premise.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.