Planning Your Installation

Install Methodology

The Enterprise Nucleus Server software ships as a series of Docker Compose and configuration files. The installation requires an IT Administrator to configure the underlying infrastructure, adjust the configuration as required, and deploy one or more Compose stacks.

Compose files will pick up various containers for Nucleus services from the NVIDIA hosted Docker container registry.

Detailed installation instructions are available within the Installing an Enterprise Nucleus Server guide.

Stack Details

Within your package, you will find a number of files and directories (combination of compose files and settings (.env) files.)

Each compose setup has at least two parts: .yml (the actual compose file) and .env (which contains configuration settings for the compose file).

Some advanced features require modifying the compose (.yml) files themselves. - Due to the nature of these configuration files, only configure the (.yml) if absolutely required.

Warning

Nucleus compose files are designed for Docker Compose environments only and are not compatible with Swarms.

System and Infrastructure Requirements

Hardware

Appropriate sizing for your Enterprise Nucleus Server depends on the amount of users, their concurrency, and the size of your assets and workloads. Enterprise Nucleus Server sizing recommendations are here.

Network

Aside from basic considerations of making sure network matches and balances other IO bottlenecks, for production instances, policies may dictate isolating Nucleus Servers in a separate and controlled subnet, and following other security and network architecture best practices.

Storage & Data Encryption

An Enterprise Nucleus Server (and its data) can be installed baremetal on an encrypted disk array, on an encrypted virtual machine (i.e., VMware or Hyper-V), or within a Cloud Service Provider (CSP) such as Microsoft Azure, AWS, or Google Cloud (many Cloud Service Providers enable disk encryption by default).

It’s important to understand that Nucleus does not handle any data encryption itself; rather, Nucleus would need to be installed within an encrypted environment.

Warning

Due to the transactional nature of the file storage and databases within an Enterprise Nucleus Server, remotely mounted storage using protocols such as SMB/CIFS, NFS, or iSCSI is not supported. If installing an Enterprise Nucleus Server within a virtualized environment (i.e., VMware or Hyper-V), ensure that the disks for Nucleus reside within the virtual machine’s container.

Secure Configuration Considerations

Enterprise Nucleus Servers support Single Sign-On (SSO) integration with SAML Identity Providers, such as Entra ID (Azure AD), Google Workspace, and Okta. Additionally, SSL/TLS can be configured to provide data encryption in transit between your users and the Enterprise Nucleus Server. Logging can be configured using unstructured or structured logs (JSON) as required.

NVIDIA maintains a robust vulnerability and patch management program and recommends keeping your Enterprise Nucleus Server up to date with the latest releases. It’s also recommended to keep your Enterprise Nucleus Server up to date with the latest security patches provided by your Linux distribution.

Air-gapped installation

If it’s required to install your Enterprise Nucleus Server into an air-gapped environment (i.e., no Internet Access), review this documentation for additional information.

Host Operating System Compatibility

The Enterprise Nucleus Server is compatible and validated on the following Operating Systems:

  • Ubuntu 20.04 LTS

  • Ubuntu 22.04 LTS

Warning

Running an Enterprise Nucleus Server in a Windows environment, using either Nano Server or WSL (Windows Subsystem for Linux), is not supported.

Docker and Compose

Nucleus 2023.2.0 and above

If running an Enterprise Nucleus Server version 2023.2.0 or greater, using Docker 20 is recommended and supported. This version of Docker includes Compose as a built-in command. (When executing Docker commands, use docker compose.)

Nucleus 2023.1.0 and prior

If running an Enterprise Nucleus Server or an Enterprise Nucleus Cache version 2023.1.0 or prior, using Docker 18 or 19 is recommended and supported. These versions of Docker require a separate Compose utility. (When executing Docker commands, use docker-compose.)

Important

It is strongly recommended that you install Docker using the instructions provided here.

Refer to the Installing an Enterprise Nucleus Server guide for comprehensive installation instructions.

SELinux

SELinux must be disabled on your Enterprise Nucleus Server. Please refer to your Host Operating system’s documentation on how to disable this service.

Firewalls

We recommend against running a firewall on your Enterprise Nucleus Server. Firewalls such as (i.e., ufw) may cause problems, including inaccessible services and service crash loops.