On-Premises Installation Guide

Modified on Fri, 11 Nov 2022 at 11:03 AM

This guide provides an overview of the hardware, software and communication requirements for an on-premises installation of Projectal.


Projectal is a modern, web-based application that can be easily scaled to support 100 users to 100,000 users. This allows you to scale it to fit the size and needs of your company.


Architecture

The basic server architecture that is required for running Projectal on-premises within your IT infrastructure is as follows:



Load Balancer

The load balancer sits in front of the API servers and routes client requests to the API servers.


If you have an existing load balancer within your IT infrastructure, then we may be able to use it for Projectal’s load balancing requirements.


If you do not have an existing load balancer, then we recommend using HAProxy. See https://www.haproxy.org/.


API servers will listen for incoming connections on port 8443. The load balancer should direct incoming requests to Projectal to this port on the API servers.


API Server

The API servers process each incoming user request. The more users, then the more API servers are required.


The typical starting Projectal configuration we recommend is to have 3 x API servers. For small use cases, then we recommend a minimum of 2 x API servers.


Each API server should be running Ubuntu 20.04 server.


The API Server should have the following minimum specification:

  • RAM: 16GB
  • Storage: 8GB
  • CPUs: 4


Database Server

The Database server stores all information contained in Projectal. The storage database used is Cassandra and it can be clustered if required.


1 x Database server is required.


The Database server should be running Ubuntu 20.04 server.


The Database server should have the following minimum specification:

  • RAM: 32GB
  • Storage: 1TB
  • CPUs: 8


The Database server will need a static IP address.


Email

Projectal sends emails when activating new users and when resetting user passwords. 


Projectal will need access to an SMTP mail server for sending these emails. These email settings are configured in the external application properties file on the API servers.


# Mail
 smtp.enabled=true
 spring.mail.host=
 spring.mail.port=
 spring.mail.username=
 spring.mail.password=


If your company does not have access to a SMTP mail server or has a security policy to not use SMTP mail servers, then you can configure Projectal to not use email in its workflow when creating new user accounts or when resetting user passwords.


# Mail
 smtp.enabled=false
 spring.mail.host=
 spring.mail.port=
 spring.mail.username=
 spring.mail.password=


When the SMTP mail server setting is turned off, Projectal will prompt for a password immediately after creating a new account.  The user account will not be activated until a password is provided.  And, when resetting a user's password, Projectal will prompt immediately for a new password.


SSL

A secure connection is required when logging into Projectal.


An SSL certificate is required for the load balancer and the connection must use SSL.


Either SSL Termination must be used or the API servers must operate with SSL enabled.


If SSL Termination is used, then SSL can be disabled in the API servers by setting server.ssl.enabled=false in the Projectal application properties file.


If SSL Termination is not used, then an SSL certificate must be stored in a keystore file and can be created using the command line:


openssl pkcs12 -export -out projectal-keystore.p12 -inkey project_private.key -in projectal_com.crt -certfile projectal_com_interCA.crt
projectal_private.key > private key
projectal_com.crt > certificate body
projectal_com_interCA.crt > Intermediate certificate
Use password: janusks


The path to the keystore and the password for the keystore is configured in the Projectal application properties file.


You will also need to import the certificate using the Java cacert keytool command:


sudo keytool -import -noprompt -trustcacerts -alias 1 -file /data/projectal/projectal-com.pem -keystore /usr/lib/jvm/java-8-openjdk-amd64/jre/lib/security/cacerts -storepass changeit 


SSH

The Projectal technical team will require SSH access into the API servers and Database server to install and configure Projectal.  Once installation has been completed and verified, then the SSH access can be terminated to lock down and secure your company's on-premises Projectal instance.


External URL Access

If your company's firewall is configured to have a discrete set of URLs and IP addresses that are only allowed external access, then the firewall will need to allow external access to one URL for Projectal to operate in an on-premises installation.


The URL is: accounts.projectal.com


Backup Strategy

It is important for on-premise installations to have a backup strategy so that databases and files containing important information in Projectal are backed up on a regular basis.


We recommend a backup retention policy that runs a daily backup with a 30 day cycle.


We provide scripts that perform these daily backups and retain these daily backups for 30 days by deleting the oldest backup each day.  Backups are stored at your nominated storage location.  


We recommend 1TB storage space be allocated for backup purposes for typical Projectal usage.


Was this article helpful?

That’s Great!

Thank you for your feedback

Sorry! We couldn't be helpful

Thank you for your feedback

Let us know how can we improve this article!

Select atleast one of the reasons

Feedback sent

We appreciate your effort and will try to fix the article