Connect Confluence Data Center On-premises

This page describes how to create a Confluence Data Center data store and search app in Agentspace Enterprise, syncing on-premises Confluence data with Agentspace Enterprise.

After you set up your data source and import data the first time, you can choose how often the data store syncs with that source.

Before you begin

Before setting up your connection, make sure that you have the following:

  1. Service attachment (required for private destination type only): Configure a service attachment for secure data transfer.
  2. Username and password: Obtain valid credentials for authentication from your Confluence administrator.
  3. Optional for private destination type: Domain URL: Specify the URL of the Confluence Data Center instance.
  4. Optional: Base domain name: Provide the base domain name for the Confluence instance.
  5. Optional: Destination port: Identify the port used for communication with the Confluence Data Center.

  6. Use the following configuration guidelines to establish connections with Private Service Connect(PSC). Adjust or add resources as needed. Make sure the PSC service attachment is properly configured to connect to the private instance and meets the requirements for a published service.

    1. Configure network settings:

      1. Place the PSC service attachment and load balancer in different subnets within the same Virtual Private Cloud network.

      2. The backend system must remain closed to the public network for security reasons. However, ensure it can accept traffic from the following sources:

        • For proxy-based/HTTP(s) load balancers (L4 proxy ILB, L7 ILB), configure the backend to accept requests from the proxy subnet in the Virtual Private Cloud network.

        • For more information, see the Proxy-only subnets for Envoy-based load balancers documentation.

    2. Adjust firewall rules:

      1. Ingress rules:

        • Allow traffic from the PSC service attachment subnet to the internal load balancer (ILB) subnet.
        • Make sure that the ILB can send traffic to the backend.
        • Permit health check probes to reach the backend.

      2. Egress rules: Enable egress traffic by default, unless specific deny rules apply.

  7. Additional considerations: Make sure to keep all the components, including the PSC service attachment and load balancer, in the same region.

Generate a service attachment

Use the following steps to generate a service attachment:

  1. Decide endpoint type: Select Public or Private endpoint.

  2. For Public endpoint: If the Confluence Data Center Destination type is Public, you are not required to create the setup for service attachment. Instead, you can use your public URL in the Domain URL field of the Google Cloud console when creating your connector.

  3. For Private endpoint:

    1. Use Private Service Connect (PSC) to enable connections from private instances to Google Cloud.
    2. Create a Virtual Private Cloud network and required subnets.
    3. Create a Virtual Machine (VM) instance and install the backend service.
    4. Optional: Set up a health check probe to monitor backend health.
    5. Add a load balancer to route traffic to the VM or backend.
    6. Define firewall rules to allow traffic between the PSC endpoint and the backend.
    7. Publish the endpoint by creating a PSC service attachment.

Create a Confluence Data Center user and set up permissions

To enable Agentspace Enterprise to obtain data from Confluence, you need to create a new user with the minimum permissions necessary. Follow these steps to create the user and set up the required permissions.

Make sure the user has the "Confluence Administrator" global permission. This is because only Confluence administrators can view and manage permissions across all spaces.

  1. Sign in as an administrator:

    1. Go to your Atlassian domain site and open the Confluence Data Center instance.
    2. Enter the administrator username and password.
    3. Click Log In.

  2. Create a new user:

    When creating a data store, you must create a user to obtain data from the third-party instance.

    1. Click the settings icon.
    2. Select User management.
    3. Enter the administrator credentials, if prompted.
    4. In the Administration page, click Create user.
    5. Enter the email address, full name, username, and password.
    6. Click Create user.

  3. Assign user to a group:

    1. In the Confluence administration page, navigate to the Users and security tab and click Groups.
    2. Click Add group. Enter a name for the group and create it.
    3. In the Find group field, enter the group name to find the group.
    4. Click the settings icon.
    5. Select the profile account and navigate to User management.
    6. In the Users page, under List users, search for the newly created user in the Find user field.
    7. Click the user to open the View users page.
    8. Click Edit groups to open the Edit user group page.
    9. Select the checkbox for the created user group.
    10. Click Save to assign the user to the newly created group.

    The added user is assigned in the Group members section.

  4. Configure user permissions:

    1. In the Confluence administration page, navigate to the Issues tab.
    2. Locate Permissions.
    3. Select View global permissions.
    4. Select Edit permissions.
    5. In the Edit global permissions page, search for the group assigned to the user, and enable the can use option.

Configure the documentation space

  1. Click the Confluence icon to navigate to the Dashboard page.
  2. Click Create space.
  3. Select Documentation space and click Next.
  4. Enter all the necessary details and click Create to create the documentation space.
  5. Under My spaces, click the newly created space.
  6. Navigate to Pages, and open the menu (three dots).
  7. Select Restrictions.
  8. From the Restrictions drop-down menu, select the Viewing and editing restricted option.
  9. Search for the group and assign the can view permission.
  10. Click Apply. The user is created with minimum access and permissions are set for spaces. You can also assign permissions to the blogs.

Create a Confluence Data Center On-premises connector

Console

  1. In the Google Cloud console, go to the Agentspace Enterprise page.

    Agentspace Enterprise

  2. In the navigation menu, click Data stores.

  3. Click Create data store.

  4. On the Select a data source page, scroll or search for Confluence data center to connect your third-party source.

  5. Enter your authentication information and click Continue.

  6. From the Destination type drop-down list, select Public or Private.

    1. For Public destination type, you are not required to create the setup for service attachment. Instead, you can use your public URL in the Domain URL field of the Google Cloud console.

    2. For Private destination type, enter all the required information:

      1. For instance with the Domain URL:
        • Service attachment: Enter your service attachment.
        • Optional: Base domain name: Enter your base domain.
        • Domain URL: Enter your domain URL.
        • Optional: Destination port: Enter your destination port.
      2. For instance without Domain URL:
        • Service attachment: Enter your service attachment.
        • Optional: Destination port: Enter your destination port.

  7. Click Continue.

  8. Optional: Advanced options: Select and enable Proxy settings and SSL settings, if required.

  9. Under the Entities to sync, select all the required entities to sync and click Continue.

  10. Select a region for your data connector and enter a name for your data connector.

  11. Select a synchronization frequency.

For Private destination type, after you submit the details for the connector, VAIS sends a connection request to your PSC. Navigate to your connector to see a message to allowlist a projectId in the PSC. The connector remains in the Error state until you allow the connection in PSC. When you accept the connection request, the connector moves to the Active state during the next sync run. If you configure your PSC to accept all connections, the connector automatically moves to the Active state after creation.

For Public destination type, the connector automatically enters the Active state after submission.

To verify the state of the data store and the ingestion activity, do the following:

  1. Navigate to the connector in the data store list and monitor its state until it changes to Active.
  2. After the connector state changes to Active, click the required entity and confirm that all selected entities are ingested. The data store state transitions from Creating to Running when synchronization begins and changes to Active once ingestion completes, indicating that the data store is set up. Depending on the size of your data, ingestion can take several hours.

Next steps