Installation Checklist: What you need to install on-premises
Quill Extension is only compatible with Tableau 2018.2 or later versions, as support for third-party extensions only started with Tableau 2018.2.
Linux Server (Examples: Virtual machine, Amazon instance) with the minimum system specifications:
- Number of Cores – 2
- Memory - 2GB per core
- Disk - 20GB** free space (not used by existing processes)
Linux Server (Examples: Virtual machine, Amazon instance) with the recommended system specifications:
- Number of Cores – 4
- Memory – 3.75 GB per core
- Disk - 20GB** free space (not used by existing processes)
We recommend that the Quill API not be co-located with other applications on a single server.
**Note: The majority of the 20GB will be used by the /var directory. Prior to install, please ensure that the /var directory has at least 20GB of free space available.
The archive file you receive from Narrative Science will include all of the required software dependencies in order to run our Quill API. The only software requirement is at the operating system level, as described below:
Operating System - Linux CentOS 7 or RHEL 7 (with systemd)
If you need to use a server with a different operating system, we recommend provisioning Linux CentOS 7 or RHEL 7 as a virtual machine that you can run on that server. There are many time-tested production-grade options to choose from to handle the VM layer, including:
Internet connectivity - No client-specific data leaves your network, but internet connectivity is required for licensing.
A local user must be added to the machine to run the application. You are responsible for creating the account on the machine, and therefore responsible for credentials
This user must have ‘root’ access during installation and when the user needs to start or restart the application services
Ports and Routing
- Quill Extension server will run on port number 443 (HTTPS).
- Routing infrastructure is configured to route requests from a user’s browser to the Quill Extension hosts at the port specified above. This includes correctly-configured DNS, firewalls, proxies, and security groups. For example: requests to “https://narratives.mycompany.com” get routed to the server at port 443.
Installation requires a trusted SSL certificate matching the URL at which you plan to install Quill Extension (Tableau requires SSL/TLS for extensions). We have found that this requires and engineering resource familiar with your network topology and public key infrastructure. Please request this resource as soon as you plan to install.
To establish a trusted SSL connection, you'll need:
- A valid SSL certificate for the domain name of the server
- Any intermediate certificates
- The matching private key
What is a valid SSL certificate?
A valid certificate:
- Has a (i.e. Common Name, or Canonical Name) valid for the domain name of the server. When a browser requests a certificate from your server, it validates the certificate by matching the CN on the certificate with the domain name on the server
- Is not expired
- Can be either issued by a certificate authority or self-signed.
What is a certificate issued by a certificate authority?
- A certificate issued by a certificate authority when it is provided by a third party (i.e Digicert) who verifies that the certificate belongs to the entity that the certificate references
- A certificate authority will send a verification signature along with the certificate
- Major browsers have a fixed list of major certificate authorities that they trust by default
- If your certificate was issued and signed by one of these major certificate authorities, your browser will automatically trust this certificate
What is a self-signed certificate?
- A self-signed certificate is a certificate not issued by a central certificate authority
- your certificate has no signature that leads to a certificate authority that your browser trusts, your organization will have to add additional certificates to your browser’s trust
What is an intermediate certificate?
- It's possible that your certificate is not signed directly by a certificate authority but instead is signed by another certificate that is trusted by that certificate authority, this middle certificate is called an intermediate certificate.
- You will also need to provide any intermediate certificates at the time of installation so that the chain of trust can be established. These certificates can be concatenated with the certificate for your domain
What is a private key?
- All SSL certificate require a private key to work
- The private key is a separate file that’s used in the encryption/decryption of data sent between your server and the connecting clients.
- A private key is created whenever you create a CSR (certificate signing request)
Using the recommended four-core deployment, the Quill API can successfully handle up to 100 concurrent requests.
Taking into account an average client’s usage of the installed Quill API then, we find that clients don’t need to scale vertically (by provisioning larger servers with more CPUs/memory) or horizontally (by adding more servers and placing these servers behind a load balancer) for load reasons beyond our recommended system configuration.
If necessary however, the Quill API can be installed in a multi-node deployment, though provisioning and configuration of the load balancers is the responsibility of the client. Please see the Appendix A to reference diagrams for single and multi-node installations.
For more information on concurrency and scalability, please see the Narrative Science Benchmarking and Scalability Guide and please reach out to Narrative Science if you have further questions. If you do not have access to this guide, please request it from your Narrative Science representative.
Quill Extension uses Docker in order to perform this installation. Please notify NS prior to installation if:
- Your organization pre-installs a specialized Docker instance on your machine and you cannot remove it from your installation machine
- Your organization blocks use of IPv6 on the Quill Extension server or VM layer (very rare setup). IPv6 is only used during installation to initialize the Docker containers.