On-Prem Installation

Deploy the AtlasAI Tenant Plane on your own infrastructure. All operational data — incidents, logs, metrics, runbooks — remains within your network. The Control Plane is either in Atlas Cloud (handling licensing and AI routing) or not connected at all for fully air-gapped deployments.

Which deployment mode is right for you?

Before installing, decide how you want to connect to AtlasAI:

If you are not sure, start with on-prem + cloud CP. You can switch to offline mode later.

Prerequisites

Network requirements:

Step 1: Obtain your tenant token

Log in to the AtlasAI Control Plane at cp.atlastechlab.com  and navigate to Admin → Tenants → Provision New Tenant. Select “On-Prem” as the deployment type. Copy the generated Tenant Provisioning Token — you will need it in the next step.

Air-gapped customers: Contact support@atlasai.com instead. We will provide your tenant token, license JWT, and RSA public key separately.

Step 2: Install

Quick install (with internet access)

Run the one-line installer:

curl -fsSL https://install.atlastechlab.com/tp | bash

The installer prompts you for:

• Tenant ID
• Control Plane URL (default: https://cp.atlastechlab.com)
• Tenant Provisioning Token

It then:

1. Verifies system requirements
2. Generates docker-compose.yml and .env in /opt/atlasai/
3. Generates secure random values for JWT_SECRET and ENCRYPTION_KEY
4. Pulls and starts the Tenant Plane container

Manual install (full control)

Create a directory and configure your environment:

mkdir -p /opt/atlasai && cd /opt/atlasai

Create a .env file:

# Identity
TENANT_ID=acme-corp                          # Your tenant ID from CP
CONTROL_PLANE_BASE_URL=https://cp.atlastechlab.com   # Leave empty for air-gapped
 
# Authentication secrets — generate with: openssl rand -hex 32
JWT_SECRET=replace-with-random-32-char-string
ENCRYPTION_KEY=replace-with-random-32-char-string
INTERNAL_SERVICE_SECRET=replace-with-random-32-char-string
 
# Database — omit for SQLite (single instance only)
# TENANT_PLANE_DATABASE_URL=postgresql://user:pass@localhost:5432/atlas
 
# License — required for on-prem/BYOC
# ATLASAI_LICENSE_KEY=eyJhbGciOiJSUzI1NiJ9...
# CP_LICENSE_PUBLIC_KEY=-----BEGIN PUBLIC KEY-----\n...\n-----END PUBLIC KEY-----
 
# AI provider — required for air-gapped (optional for cloud CP)
# BYOC_PROVIDER=openai
# BYOC_API_KEY=sk-...
# BYOC_MODEL=gpt-4o-mini

Create a docker-compose.yml:

services:
  tenant-plane:
    image: atlasai/tenant-plane:latest
    restart: unless-stopped
    env_file: .env
    ports:
      - "3000:3000"
    volumes:
      - ./data:/app/data
    healthcheck:
      test: ["CMD", "wget", "-q", "--spider", "http://localhost:3000/api/health"]
      interval: 30s
      timeout: 5s
      retries: 3
      start_period: 15s
 
  # Optional: PostgreSQL for production
  # postgres:
  #   image: timescale/timescaledb:latest-pg16
  #   restart: unless-stopped
  #   environment:
  #     POSTGRES_USER: atlasusr
  #     POSTGRES_PASSWORD: securepassword
  #     POSTGRES_DB: atlas
  #   volumes:
  #     - postgres-data:/var/lib/postgresql/data
 
# volumes:
#   postgres-data:

Start:

docker compose up -d

Step 3: Configure your license

If you have a license JWT (on-prem or BYOC), add it to your .env:

ATLASAI_LICENSE_KEY=eyJhbGciOiJSUzI1NiJ9...
CP_LICENSE_PUBLIC_KEY=-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA...
-----END PUBLIC KEY-----

Then restart: docker compose restart tenant-plane

Or upload via the Settings UI (no restart required):

1. Log in as admin
2. Go to Settings → License
3. Paste your license JWT and click Activate License

For full details on license management, see Licensing.

Step 4: Verify health

After startup (allow 15–30 seconds), verify:

curl -s http://localhost:3000/api/health | python3 -m json.tool

Expected output:

{
  "status": "ok",
  "plane": "tenant",
  "version": "1.3.0",
  "uptime_seconds": 42,
  "db": {
    "enabled": true,
    "reachable": true
  },
  "timestamp": "2026-03-26T10:00:00.000Z"
}

If status is not ok, check the logs:

docker compose logs tenant-plane --tail 50

Step 5: Access the UI

Open your browser and navigate to:

http://<your-server-ip>:3000

On first login, use the credentials shown at the end of the installation script. You will be prompted to change the password.

For HTTPS (recommended for production), place an nginx or Caddy reverse proxy in front of the Tenant Plane. See High Availability for a complete nginx configuration.

Step 6: Install Edge Agents

With the Tenant Plane running, install Edge Agents on hosts you want to monitor.

Go to Settings → Edge Agents → Add Agent to get the installation command for your platform. Or run:

# Linux (amd64)
curl -fsSL https://dl.atlastechlab.com/agent/install.sh | bash -s -- \
  --tenant-url http://your-server-ip:3000 \
  --tenant-id acme-corp \
  --api-key <AGENT_API_KEY>

For air-gapped environments, see Edge Agent → Air-Gapped Installation.

Upgrading

For detailed upgrade instructions including online, offline, and Kubernetes upgrade paths, see the Upgrade Guide.

Quick upgrade (online):

ATLAS_VERSION=1.3.0 bash /opt/atlasai/scripts/upgrade-tp.sh

Quick upgrade (air-gapped):

# Transfer tenant-plane-1.3.0.tar.gz to server first, then:
ATLAS_VERSION=1.3.0 OFFLINE_BUNDLE=/path/to/tenant-plane-1.3.0.tar.gz \
  bash /opt/atlasai/scripts/upgrade-tp.sh

Uninstalling

cd /opt/atlasai
docker compose down
 
# Remove data (WARNING: deletes all incidents, runbooks, configuration)
docker compose down -v
rm -rf /opt/atlasai

Related guides

• Offline & Air-Gapped Mode — configure TP with no internet connection
• High Availability — run multiple TP replicas
• Licensing — manage your on-prem license
• Upgrade Guide — upgrade to new versions
• Bring Your Own AI (BYOC) — connect your own AI provider