Minimal architecture

A development architecture (minimal architecture) provides a validated design for development and testing environments. Minimal architecture uses separate servers for each component, which lets you test realistic configurations while minimizing infrastructure needs.

For production environments, use the high‑availability architecture. The minimal architecture doesn’t provide redundancy.

Before you begin

Review the architecture overview to understand core components
Check the system requirements for hardware specifications
Review the system requirements for connectivity needs

Understand the minimal architecture

The minimal architecture separates each component onto its own server:

A minimal (development) architecture is an Itential architecture where all components are installed as singletons and cannot gracefully tolerate failures. This architecture is not recommended for production environments and testing environments that require strict uptimes and redundancies. This architecture is suitable for development environments only.

Architecture overview

The Itential Platform application performs many reads and writes against the database and is sensitive to high latencies. All components must be installed in the same data center and have authentication enabled.

The minimum architecture is comprised of four virtual machines (VMs):

One Itential Platform server
One MongoDB server
One Redis server
One IAG server

Required user accounts

The validated designs are opinionated installations of Itential and its dependencies. The following user accounts are required by the dependencies.

MongoDB

Account	Description
`admin`	Has full root access to the `mongo` database. Can read and write to any logical database. Can be used to issue admin commands like forcing an election and configuring replica sets. This is NOT used by the Itential application but is created for admin purposes.
`itential`	Has read and write access to the `"itential"` database only. This is the account used by the Itential Platform application.
`localaaa`	Has read and write access to the `"LocalAAA"` database. This is used by the Local AAA adapter for local, non-LDAP logins.

Redis

Account	Description
`admin`	Has full root access to the Redis database, all channels, all keys, all commands. This is NOT used by the Itential application but is created for admin purposes.
`itential`	Has full access to the Redis database, all channels, all keys, EXCEPT the following commands: `asking`, `cluster`, `readonly`, `readwrite`, `bgrewriteaof`, `bgsave`, `failover`, `flushall`, `flushdb`, `psync`, `replconf`, `replicaof`, `save`, `shutdown`, `sync`. This is the account used by the Itential Platform application.

Network requirements

In an environment where components are installed on more than one host, the following network traffic flows need to be allowed. All ports and networking specs are TCP protocol unless otherwise noted. Not all ports will need to be open for every supported architecture. Secure ports are only required when explicitly configured.

Source	Destination	Port	Description
Desktop Devices	Itential Platform	3000	Web browser connections to Itential Platform over HTTP
Desktop Devices	Itential Platform	3443	Web browser connections to Itential Platform over HTTPS
Desktop Devices	IAG	8083	Web browser connections to IAG over HTTP
Desktop Devices	IAG	8443	Web browser connections to IAG over HTTPS
Desktop Devices	HashiCorp Vault	8200	Web browser connections to HashiCorp Vault
Itential Platform	MongoDB	27017	Itential Platform connects to MongoDB
Itential Platform	Redis	6379	Itential Platform connects to Redis
Itential Platform	Redis	26379	Itential Platform connects to Redis Sentinel (HA installations only)
Itential Platform	IAG	8083	Itential Platform connects to IAG over HTTP
Itential Platform	IAG	8443	Itential Platform connects to IAG over HTTPS
Itential Platform	HashiCorp Vault	8200	Itential Platform connects to HashiCorp Vault
Itential Platform	LDAP	389	Itential Platform connects to LDAP (when LDAP adapter is used for authentication)
Itential Platform	LDAP	636	Itential Platform connects to LDAP with TLS (when LDAP adapter is used for authentication)
Itential Platform	RADIUS	1812	Itential Platform connects to RADIUS (when RADIUS adapter is used for authentication; uses UDP)
MongoDB	MongoDB	27017	Each MongoDB talks to other MongoDBs for replication (HA installations only)
Redis	Redis	6379	Each Redis talks to other Redis sources for replication (HA installations only)
Redis	Redis	26379	Each Redis uses Redis Sentinel to monitor the Redis processes (HA installations only)

Hardware requirements

Processor

Processor specification requirements:

Second generation or better Intel Xeon Platinum 8000 series processors
Third generation or better AMD EPYC 7000 series processors

Memory

Memory specification requirement:

DDR5 DRAM 3200 MHz or higher

Storage

Storage performance requirements in IOPS (16 kiB):

20000+ IOPS
Non-spinning media (SSD, NVMe)

Network

Network speed requirement:

10 Gbps or higher

In some instances, adding additional dedicated interfaces that are focused on routing specific traffic to specific external systems can be explored. This routing of traffic would be configured at the OS-level (custom interfaces and routes) and requires the system administrator to manage it. An example would be separating NSO traffic from Redis/MongoDB destined traffic.

Hypervisor/host OS settings

These settings are strongly recommended for high load applications of Itential Platform:

CPU affinity settings or similar functionality to prevent CPU starvation
Full memory reservation
One physical CPU per VM is preferred
Huge pages for memory support enabled (except MongoDB)
Memory compression disabled
Minimal CPU allocation settings for scheduler according to CPU clock

Example: Assuming an Itential Platform VM on a server capable of 2.5GHz nominal speed:

CPU clock reservation = 16vCPU × 2.5GHz

Follow hypervisor recommendations when performing CPU reservations. In most cases the total of all CPU reservations for all VMs on a host cannot be more than 90% of the host capacity as 10% is reserved by the host itself.

MongoDB discourages the utilization of Transparent Huge Pages.

Server specifications

For production environments, all Itential Platform components should be installed on their own individual servers to properly support High Availability (HA). Disk references to pronghorn (seen in older deployments) should be changed to itential.

Itential Platform server

Spec	Requirement	Development ENV
CPU	64-bit x86 CPU cores	16
OS	RHEL Rocky	8/9 8/9
RAM	DDR5 DRAM 3200 MHz	64 GB
Disk (Solid State Media, SSD, NVMe)	Total `/var/log/itential` `/opt/itential` `/`	250 GB 100 GB 100 GB 50 GB

MongoDB server

Spec	Requirement	Development ENV
CPU	64-bit x86 CPU cores	16
OS	RHEL Rocky	8/9 8/9
RAM	DDR5 DRAM 3200 MHz	128 GB
Disk (Solid State Media, SSD, NVMe)	Total `/var/log/mongodb` `/var/lib/mongo` `/`	500 GB 50 GB 400 GB 50 GB

Redis server

Spec	Requirement	Development ENV
CPU	64-bit x86 CPU cores	4
OS	RHEL Rocky	8/9 8/9
RAM	DDR5 DRAM 3200 MHz	16 GB
Disk (Solid State Media, SSD, NVMe)	Total `/var/log/redis` `/var/lib/redis` `/`	100 GB 10 GB 50 GB 40 GB

IAG server

Spec	Requirement	Development ENV
CPU	64-bit x86 CPU cores	8
OS	RHEL Rocky	8/9 8/9
RAM	DDR5 DRAM 3200 MHz	16 GB
Disk (Solid State Media, SSD, NVMe)	Total `/var/log/automation-gateway` `/var/lib/automation-gateway` `/opt/automation-gateway` `/`	80 GB 10 GB 50 GB 10 GB 10 GB