Docker Connected On-Prem Setup

Updated 4 months ago by Michael Cretzman

This document describes the process for setting up Harness Docker Connected On-Prem. There is also a Kubernetes Connected On-Prem (recommended) option.

In the Docker Connected On-Prem architecture, the Harness Manager runs in your enterprise environment ("on-premises") and Harness manages the installation through a connection to Harness' Cloud.

For more information about Harness Connected On-Prem, see Harness Key Concepts and On-Prem Overview.

In this topic:

Harness on-prem installations do not currently support the Harness Helm Delegate.

Installation Overview

The Harness platform consists of several microservices. These microservices are containerized and spread across the three physical host machines.

Once you are signed up with Harness, you will download and install an Ambassador that acts as a proxy between your data center and the Harness cloud. The Ambassador makes one-way outbound HTTPS calls to the Harness cloud, and installs, upgrades, and manages the Harness Connected On-Prem installation process for you.

Harness Connected On-Prem installation is managed by Harness Support. The high-level steps for installing Harness Connected On-Prem are:

  1. Prepare your on-premises infrastructure for Harness.
  2. Provide Harness with your infrastructure information via email.
  3. Download and run the Ambassador (the tool Harness uses to initiate your Harness Connected On-Prem deployment), and notify Harness that the Ambassador is running.
  4. Harness triggers the installation and notifies you.
  5. Point your browser at the URL for your Connected Harness On-Prem.
  6. Download the Harness Delegate and begin setup.

System Specifications

Harness On-Prem has the following requirements:



Hosts for Harness Microservices

3 Linux Machines:

  • 18 cores, 40 GB Memory, 350 GB Disk Space
  • Packages: Docker, cURL, unzip, sed

Host for Ambassador and Monitoring

1 Linux Machine:

  • 4 cores, 8 GB Memory, 20 GB Disk Space

Load Balancer

SSL Certificates installed

Internal Connectivity

SSH Interconnectivity

Keyless SSH interconnectivity is required among all four hosts. The SSH Key must be present on all machines, so that they may connect to each other.

Firewall Rules

Internal Source: Application Subnet

  • Destination: Load Balancer
  • Port 443 (HTTPS)
  • Protocol: TCP

Internal Source: Load Balancer (harness.<your_company>.com)

  • Destination: Machines/Subnet
  • Port 7143
  • Protocol: TCP

Internal Source: Harness Machine/Subnet

  • Destination: Machines/Subnet (within subnet)
  • Port 7143–7153, and 9879 (​gRPC)
  • Protocol: TCP, gPRC

Ambassador Outbound Connectivity

  • Destination:
  • Port 443 (HTTPS)
  • Protocol: TCP

Ambassador Virtual Machine Setup

The Harness Ambassador is the only required component that needs outbound-only connectivity to The Harness Cloud uses Ambassador to manage the installation of Harness On-Prem. The Ambassador has the following connectivity and access requirements:

  • Connectivity to the Harness Cloud: Connectivity to the Harness Cloud via hostname and port 443. The following command will check connectivity to the Harness Cloud:
nc -vz 443
  • Proxy file-size limit: If you have a proxy set up in front of the Ambassador to reach, ensure that your proxy's configuration allows downloads of files as large as 2 GB. This is required to pull the artifacts that the Ambassador will download to install and upgrade Harness microservices. On Apache, set this limit using theLimitRequestBodydirective. On nginx, use the  client_max_body_sizedirective.

Prepare Your Infrastructure

Before installation, do the following setup steps:

  1. Configure four machines according to the System Specifications.
  2. Make sure network rules and internal connectivity are configured according to the same section's Firewall Rules.
  3. Make sure the machine dedicated to the Ambassador has outbound connectivity, as outlined in Ambassador Virtual Machine Setup.
  4. Make sure the Docker daemon is running on all four machines, and that the Service Account User can run Docker as a non-root user. For details, see Docker's Post-Installation Steps for Linux.
  5. Make sure the load balancer is configured to redirect URL requests to port 7143 on the three host machines.
  6. Proceed to Set Up Harness Connected On-Prem.

Set Up Harness Connected On-Prem

Once you have prepared and verified your system, using the checks in Prepare Your Infrastructure above:

  1. Send the following information to Harness Support at with the subject Harness On‑Prem Information:
  • Three Hosts on the Same Subnet:
    • Host 1 IP Address (Private IP):
    • Host 2 IP Address (Private IP):
    • Host 3 IP Address (Private IP):
  • Load Balancer URL:
  • SSH User (Service Account User):
  • SSH Key File Path:
  • Linux OS Distribution:
  • Harness Application and Data Installation Directory (Absolute Path):
    Harness Support will configure your system based on the information you sent, and then email you an Ambassador URL.
  1. After receiving the Ambassador download URL from Harness Support, perform the following steps on its dedicated machine:
    1. Download the Ambassador.
    2. Expand the archive.
    3. Start the Ambassador: $./
  2. Once the Ambassador is up and running, contact Harness Support (at, or your Harness sales representative, to notify them of your on-prem setup.
  3. Using Ambassador, Harness Support will validate all the infrastructure and pre-install checks.
  4. After validation, Harness Support triggers the installation and deployment of Harness On-Prem onto your infrastructure.
  5. Proceed to Post-Installation Steps.

Post-Installation Steps

After installing Harness On-Prem, create a Harness account and set up your Harness Delegate, as follows;

  1. Go to the onprem-signup URL: <Loadbalancer_URL>/#/onprem-signup
  2. Create a new Harness account. Use the form fields to set your Admin Account email address and password.
    You can use this form only once. Subsequent users must be added using an email invite (see Managing Users and Groups (RBAC)).
  3. Log into your Harness account at your <Loadbalancer_URL>.
  4. Start using Harness by downloading and installing a Harness Delegate, as described in Delegate Installation.

Upgrading Your Installation

Harness releases weekly upgrades for on-premise systems. You can check our weekly Release Notes here.

Harness Support will email you each time an upgrade is available. You can then schedule an upgrade window with Harness Support. Based on this window, Harness Support will use the Ambassador to upgrade your setup.

You do not need to download and install a new Delegate. Any existing Delegates will automatically upgrade.

Managing Your Installation

How did we do?