Deploying Spotfire on Google Cloud

Overview

This article describes how to deploy a basic Spotfire Server environment on Google Cloud Platform (GCP) using Virtual Machines.

Note: For a production environment that fits your needs you may need to iterate some of the steps:

• deploy a Spotfire Server cluster
• add more Spotfire services

See the Spotfire Server documentation for further information.

Prerequisites

• A GCP subscription with an existing project and VPC network for Spotfire resources
• A Spotfire Server installation kit.

Procedure

To deploy a Spotfire Server on GCP, complete the following steps.

Create a Storage bucket to store the Spotfire Server installation kit

This step is recommended to simplify deployment of multiple servers .

1. From the GCP Navigation menu, select Storage.
2. Within the Storage browser, click Create Bucket.
3. Provide the bucket details:
   • Name (e.g., spotfire-bucket).
   • Location type (e.g,. Region).
   • Location (e.g., europe-north1).
   • Default storage class (e.g., Standard).
   • Access Control (e.g,. Fine-grained).
   • Encryption (e.g., Google-managed key).
4. Click Create.
5. The bucket is listed within Storage Browser.
6. You can just drop the Spotfire Server installation packages (e.g., tss-10.10.1.x86_64.rpm and nm-setup.exe) into the bucket.

Create a VPC network to host the Spotfire Server servers

1. From the GCP Navigation menu, select VPC network and click Add.
2. Click Networking > Virtual Network.
3. Add the VPC network details:
   • Name: (e.g., spotifre-vpc).
   • Subnets (custom).
     • Name: (e.g., spotfire-subnet).
     • Region: (e.g., europe-north1).
     • IP address range: (e.g., 10.0.0.0/24).
   • Click Create.
4. Your VPC is listed within VPC networks.

Configure Firewall rules

Configure Firewall to allow SSH

To configure the VMs, we need to allow access to our VM instances via SSH.

1. From the VPC Network, select Firewall tab.
2. Click Create Firewall Rule.
3. Add the firewall rule details:
   • Name: (e.g,. spotfire-vpc-allow-ssh).
   • Network: (e.g,. spotfire-vpc).
   • Targets: (e.g,. All instances).
   • Source filter: (e.g,. IP ranges).
   • Source IP ranges: (e.g,. 0.0.0.0/0).
   • Specified Protocols and ports: (e.g., tcp: 22)
4. Click Save.
5. After some seconds the rule is created.
6. The rule is listed and can be modified from the Firewall tab.

Note: This rule is for Linux server setup only. It is recommended you disable this rule as soon as you deploy the Linux servers.

Configure Firewall to allow RDP

To configure the VMs, we need to allow access to our VM instances via RDP.

1. From the VPC Network, select Firewall tab.
2. Click Create Firewall Rule.
3. Add the firewall rule details:
   • Name: (e.g,. spotfire-vpc-allow-rdp).
   • Network: (e.g,. spotfire-vpc).
   • Targets: (e.g,. Specified target tags).
   • Target tags: (e.g,. webplayer).
   • Source filter: (e.g,. IP ranges).
   • Source IP ranges: (You may want to limit this only to your own laptop's IP address, e.g,. 85.10.10.10/32).
   • Specified Protocols and ports: (e.g., tcp: 3389)
4. Click Save.
5. After some seconds the rule is created.
6. The rule is listed and can be modified from the Firewall tab.

Note: This rule is for Windows server setup only. It is recommended that you disable this rule as soon as you deploy the Windows servers.

Configure Firewall to allow Spotfire Server back-end communication

We need to allow communication between Spotfire Server and node manager services for the registration and communication ports.

1. From the VPC Network, select Firewall tab.
2. Click Create Firewall Rule.
3. Add the firewall rule details:
   • Name: (e.g,. spotfire-vpc-allow-spotfireserver).
   • Network: (e.g,. spotfire-vpc).
   • Targets: (e.g,. Specified target tags).
   • Target tags: (e.g,. spotfireserver, webplayer).
   • Source filter: (e.g,. Specified source tags).
   • Source tags: (e.g,. spotfireserver, webplayer).
   • Specified Protocols and ports: (e.g., tcp: 9080,9433,9501).
4. Click Save.
5. After some seconds the rule is created.
6. The rule is listed and can be modified from the Firewall tab.

For detailed information on required ports, see the Spotfire Server and Environment Security documentation.

Setting up the Spotfire Database

Follow the corresponding article for the setting up the Spotfire Database in Google Cloud:

• Setting up Spotfire Database in Google Cloud SQL for PostgreSQL

Deploy a Spotfire Server

Create a new Virtual Machine to host the Spotfire Server

1. From the GCP Navigation menu, select Compute Engine.
2. Within the VM instances click Create.
3. Add the VM instance details:
   • Name: (e.g., spotfireserver-vm-1).
   • Region: (e.g., europe-north1).
   • Zone: (e.g., europe-north1-a).
4. Under Machine configuration, set the VM size according to your needs. For a standard Spotfire Server deployment and for the purposes of this exercise, the recommended selection is a General-purpose machine.
   • Series: (e.g., N1).
   • Machine type: n1-standard-1 (1 vCPU, 3,75 GiB memory). For additional recommendations on sizing, review Spotfire System Requirements at https://spotfi.re/sr.
5. For Boot disk, if the Image is not Red Hat Enterprise Linux 8, click Change and select Red Hat Enterprise Linux 8.
6. For Boot disk, if the Image is not Centos click Change and select Operating System (e.g., Centos) and Version (e.g., Centos 8). For supported Operating Systems, review Spotfire System Requirements at https://spotfi.re/sr.
7. Leave the defaults for Identity and API access unmodified.
8. Select Allow HTTP traffic and Allow HTTPS traffic.
9. Expand the Management, security, disks, networking, sole tenancy options.
10. Select the Networking tab,
    • Add a Network tag for easier firewall rules setting (e.g., spotfireserver).
    • Add a Network interface within you VPC network (e.g., spotfire-vpc) and subnet (e.g., spotfire-subnet).
    • Leave the other settings as default and click Done.
11. Click Create.
12. After some seconds, the VM is listed within VM instances.

Install the Spotfire Server software

1. From the Compute Engine, select the VM instances tab.
2. In the VM instances table, click SSH > Open in browser window to connect to the created VM. A new browser window pops up with a SSH session.

3. Copy the rpm package tss-10.10.1.x86_64.rpm to the VM. For example, using the previously created bucket:

   cd /tmp
   gsutil cp gs://spotfire-bucket/tss-10.10.1.x86_64.rpm .

    

4. Install the Spotfire Server package:

    sudo yum install -y tss-10.10.1.x86_64.rpm

    

Configure the Spotfire Server software

1. Configure Spotfire Server ports:

   export TSS_VERSION=10.10.1
   export TSS_HOME=/opt/tibco/tss/$TSS_VERSION
   sudo /opt/tibco/tss/$TSS_VERSION/configure -s 80 -r 9080 -b 9433

    

2. Set node manager to not use IP addresses:

   cd $TSS_HOME/tomcat/spotfire-bin/
   sudo bash -c "echo 'nodemanager.use.ip=false' >> ${TSS_HOME}/nm/config/nodemanager.properties"

    

3. Install the PostgreSQL JDBC driver:

    sudo yum install postgresql-jdbc 

    

4. Copy the PostgreSQL JDBC driver to Spotfire's custom-ext folder:

    sudo cp /usr/share/java/postgresql.jar $TSS_HOME/tomcat/custom-ext 

    

5. Set some variables for easier execution:

   export SPOTFIRE_DB_HOST=spotfireserver-vm-1
   export SERVER_IP_LIST=$(hostname -I | awk '{print $1}')
   export SPOTFIRE_CONFIG_TOOL_PASSWORD=admin123
   export SERVERDB_USER=spotfire
   export SERVERDB_PASSWORD=admin123
   export SPOTFIRE_ADMIN_USER=spotfire
   export SPOTFIRE_ADMIN_PASSWORD=admin123

    

6. Create a bootstrap file:

   cd $TSS_HOME/tomcat/spotfire-bin/
   sudo ./config.sh bootstrap --no-prompt \
     --driver-class=org.postgresql.Driver \
     --database-url=jdbc:postgresql://${SPOTFIRE_DB_HOST}:5432/postgres \
     --username=${SERVERDB_USER} --password="${SERVERDB_PASSWORD}" \
     --tool-password="${SPOTFIRE_CONFIG_TOOL_PASSWORD}"

    

7. Create the default configuration:

    sudo ./config.sh create-default-config 

    

8. Import the configuration to the database:

    sudo ./config.sh import-config --tool-password="${SPOTFIRE_CONFIG_TOOL_PASSWORD}" --comment="First config" 

    

9. Create the '${SPOTFIRE_ADMIN_USER}' user and promote him to become administrator:

   sudo ./config.sh create-user --tool-password="${SPOTFIRE_CONFIG_TOOL_PASSWORD}" \
     --username="${SPOTFIRE_ADMIN_USER}" --password="${SPOTFIRE_ADMIN_PASSWORD}"
   sudo ./config.sh promote-admin --tool-password="${SPOTFIRE_CONFIG_TOOL_PASSWORD}" \
     --username="${SPOTFIRE_ADMIN_USER}"

    

10. Start the service:

     sudo service tss-10.10.1 start 

     

11. Verify your installation by opening a web browser to log into the Spotfire Server Admin UI using the public IP address http://<spotfireserver-public-ip>.

For a production environment, we recommend to Configure HTTPS.

Deploy a node manager

Create a new Virtual Machine to host the node manager

1. From the GCP Navigation menu, select Compute Engine.
2. Within the VM instances click Create.
3. Add the VM instance details:
   • Name: (e.g., webplayer-vm-1).
   • Region: (e.g., europe-north1).
   • Zone: (e.g., europe-north1-a).
4. Under Machine configuration, set the VM size according to your needs. For details on sizing your virtual machine, review Spotfire System Requirements at https://spotfi.re/sr. For a standard Spotfire Server deployment and for the purposes of this exercise, the recommended selection is a General-purpose machine.
   • Series: (e.g., N1).
   • Machine type: n1-standard-1 (1 vCPU, 7.5 GiB memory).
5. For Boot disk, if the Image is not Windows, click Change and select Operating System (e.g., Windows Server) and Version (e.g., Windows Server 2019 Datacenter). For supported Operating Systems, review Spotfire System Requirements at https://spotfi.re/sr.
6. Leave the defaults for Identity and API access unmodified.
7. Expand the Management, security, disks, networking, sole tenancy options.
8. Select the Networking tab,
   • Add a Network tag for easier firewall rules setting (e.g., webplayer).
   • Add a Network interface within you VPC network (e.g., spotfire-vpc) and subnet (e.g., spotfire-subnet).
   • Leave the other settings as default and click Done.
9. Click Create.
10. After some seconds, the VM is listed within VM instances.

Create a specific user and password to connect via RDP

1. Within the VM instances, expand the RDP Connect list and click Set Windows password.
2. Create a specific Username (e.g., spotfire) and click Set.
3. The New Windows password is displayed. Click the Copy icon to copy the password for RDP login and then click Close.
4. From your laptop, open your Remote Desktop Client and connect to the node manager VM using the VM's public IP address and the created specific username and password.

Configure the node manager firewall to allow back-end communication

1. Once you logged in the Windows VM instance via RDP, from the Windows Start menu, open the Windows Defender Firewall.
2. Select Inbound Rules, click on New Rule.
3. Under Rule Type, select Port and click Next.
4. Select TCP, and Specific local ports: (e.g., 9080,9443,5701-5702) and click Next.
5. Leave all selections where the rule applies by default and click Next.
6. Provide a Name for the rule (e.g., Allow back-end communication) and click Next.

Install the node manager

1. Copy the nm-setup.exe installation package to the Windows VM. If using the bucket, you can open a command prompt and execute:

    cd Downloads gsutil cp gs://spotfire-bucket/nm-setup.exe . 

    

2. Verify you can ping the Spotfire Server VM using its hostname (e.g., spotfireserver-vm-1😞

    ping spotfireserver-vm-1 

    

3. Open the File Browser, and run the node manager installer nm-setup.exe.

4. Follow the Node manager installation procedure as specified in the Spotfire Server documentation. For Spotfire Server name, enter the Spotfire Server VM hostname (e.g., spotfireserver-vm-1) since the assigned IP address may change between VM restarts.

Start the node manager service

1. Open Control Panel > System and Security > Administrative Tools > Services.
2. Find the Spotfire node manager service, and then click Start.

Add the node manager to trusted nodes

1. On your computer, open a browser and navigate to the Spotfire administration dashboard using the Spotfire server public IP address.
2. Click Nodes & Services > Untrusted nodes.
3. Under Untrusted nodes, select the check box next to the new node manager, and then click Trust nodes.
4. In the Trust node dialog box, click Trust.
5. The new node appears on the Your network page when you select the Nodes view.

Add node manager services

For information about adding node manager services, see the chapter Service installation on a node within the Spotfire Server documentation.

Next steps

There are additional steps to configure and secure your Spotfire Server environment, see the Spotfire Server documentation for further information.