Ctrlk
Portal

On-Premise and BYOC

VM and Kubernetes deployment requirements for on-premise and BYOC installations.

We offer two main variants of on-premise/bring-your-own-cloud deployments:

Deployment Types

  • VM (services are run in Docker Containers)

    • Single VM installations work for 300-2000 users.

    • We can separate the Databases onto separate VMs/Managed Solutions for easier backups.

  • Kubernetes with Managed Databases

    • This is a scalable and highly available deployment for 1000+ users.

VM Based Deployment Requirements (300-2000 Users)

  • Linux VM with:

    • 16 Cores and 64 GB of RAM

    • 512 GB SSD (resizable)

      • If the infrastructure does not support dynamic disk expansion, please provision a larger initial volume.

      • Disk backups/replication should be enabled.

    • Ubuntu Server LTS (24.04) OS

      • Username should be ubuntu or we360user.

    • Sufficient Network Bandwidth

  • External Storage for Screenshots and Backups (Elastic)

    • External S3-compatible Object Storage (preferred)

      or

    • NFS like distributed file system

      • Durability and corruption issues may surface

      or

    • Additional attached disks

      • Please note that automated backup workflows are not compatible with locally attached disks.

  • Network Access

    • SSH Access for deployment and maintenance

    • Outbound access for:

      • Fetching configuration,

      • Licensing details and

      • Updates

  • Managed/External Databases (Optional)

    • Managed PostgreSQL Database (Optional, but recommended)

    • Clickhouse Database (Optional)

Kubernetes Requirements (1000+ Users)

  • Kubernetes Cluster (1.30+) with appropriate networking and load balancing.

  • Kubernetes Worker Nodes:

    • 3-6 nodes of size 8 cores and 32GB RAM (worker node sizing/numbers will be based on user count)

    • Ensure worker nodes have a minimum of 100GB available for image caching and ephemeral storage.

  • A storage provisioner (CSI Driver) that can provision at least 100 GB of disk space (SSD preferred)

  • We require two databases to be installed separately, either on VMs or as Managed Services.

    • PostgreSQL Database

    • Clickhouse Database

Database Requirements

  • Managed PostgreSQL 16/17/18 Database with 2 Cores, 8GB RAM and a 256 GB SSD.

    • Please ensure that all VMs/Containers on the private network can connect to the database by making appropriate changes to pg_hba.conf.

      • This is typically managed via the provider's security group, server parameters or firewall settings for Cloud Managed DBs.

    • The server must be able support 300 connections.

    • Please ensure you have backups and WAL replication/PITR enabled.

  • Clickhouse Database with 2 Cores, 8 GB RAM and a 400 GB SSD.

    • Please ensure that you have disk snapshots enabled.

Additional Notes:

  • We can share Images for Clickhouse upon request.

Network Requirements

Outbound Access

  • All Outbound Internet access must open during deployment.

  • Following outbound access must be open always:

    • To our licensing server at https://origin.in.we360.ai both from the on-prem infrastructure and from client machines. No customer data is sent to this service except for licensing and tenant configuration.

    • Container registries:

      • docker.io

      • gcr.io

      • quay.io

      • *.azurecr.io

      • docker.elastic.co

      • *.amazonaws.com

      • registry.gitlab.com

      • container-registry.we360.ai

    • Python package hosts:

      • pypi.org

      • pypi.python.org

      • pythonhosted.org

      • files.pythonhosted.org

    • Ubuntu and Debian repository servers (along with the cloud provided mirrors) on HTTP and HTTPS:

      • security.debian.org

      • deb.debian.org

      • ftp.debian.org

      • archive.ubuntu.com

    • Azure Blob Storage, AWS S3 and Google Cloud Storage (to download our configuration files and installation scripts).

    • raw.githubusercontent.com (to download configuration files).

Internal Access

  • All internal access must be open i.e. all VMs must be able to communicate with each other on all ports with TCP, UDP and ICMP. Please make appropriate changes to the Security Groups, Cloud/Data Centre Firewalls and Linux Server Firewalls (iptables, ufw, systemd etc.).

Inbound Access

  • Ports 80 and 443 must be open for Inbound Traffic for HTTP(S)/Websocket/TCP.

  • In case of a single node deployment, inbound SSH must be allowed.

IPs, DNS and Certificates

  • Domains and certificates for API and Auth servers.

    • These domain names must resolve to the correct Load Balancer/VM both in the private network of the VM/Cluster and on the client machines.

    • Suggested domains are as follows:

      • api.<your_base_subdomain> and auth.<your_base_subdomain>

      • api-we360.<your_base_subdomain> and auth-we360.<your_base_subdomain>

  • Depending on the exact architecture, two additional domains and their SSL certificates might be required.

IP Addresses

We will require 1-2 public IP addresses.

Email Server

  • To enable email functionality for your on-premises deployment, we require access to an SMTP server. Share its:

    • From Display Name and From Email Address

    • Authentication Credentials - Username and password or API key

    • Server details (Hostname/IP Address, Port Number)

    • Encryption Method - TLS/STARTTLS/SSL

  • Recommended SMTP Service Providers:

    • Zeptomail by Zoho

    • Amazon Simple Email Service (SES)

    • Mailgun

Monitoring and Alerts

  • Disk Usage Alert (80% threshold) - Configure monitoring to trigger alerts when any disk partition reaches 80% capacity.

  • External Storage Usage Alert

  • CPU Usage (Optional)

  • Memory Usage (Optional)

Storage Estimates

  • Screenshots Data captured per user per month (at 5 minute frequency, assuming 8 working hours): 1 GB

  • Screen Recording Data captured per user per month (assuming 8 working hours): 15GB

PreviousMobile DeploymentNextCloud

Last updated

Was this helpful?