Skip to main content

Deploy Linksight on Windows Server

warning

Note: This documentation is currently under review and may be updated. Please use it as a reference with caution.

This guide provides step-by-step instructions for deploying Linksight on Windows Server using Docker Engine and Docker Compose. This deployment method is suitable for organizations running Windows Server infrastructure and provides a self-hosted solution for the Linksight platform.

info

The installation methods in this guide have been tested on Windows Server 2025, Windows Server 2022 and Windows Server 2019 (Datacenter edition).

Prerequisites

Before installation, make sure the following is ready:

  • A server with Windows Server 2025, 2022 or 2019 Datacenter edition
    • Minimum specifications: 4 (v)CPUs, 16 GB memory, 60 GB SSD storage
      info

      Optimal configuration depends on use-case and size of datasets. In general, more is better; the data station utilizes all CPU cores available during computation.

  • Administrator access to the Windows Server
  • (Optional) A PEM encoded TLS certificate to secure the Analysis Hub.
    • Using a TLS certificate is optional, however it is recommended to secure the connection between the user and the backend.
    • It is possible to automatically issue a certificate using Let's Encrypt. Review the page TLS to setup and enable automated certificate issuance.
    • TLS connections can also be established in other ways, e.g. by using a reverse proxy which terminates TLS. In these cases, TLS does not need to be set up in the Linksight software.
caution

If there is a firewall enabled for the VM, please review the Required Connections & Firewall Rules page and apply the listed firewall rules to be able to connect to the services of Linksight.

Install Docker Engine

Docker Engine on Windows Server uses Windows Containers, which run natively on Windows without requiring a Linux virtual machine. Follow the steps below to install Docker Engine on your Windows Server.

info

For detailed information, refer to the official Microsoft documentation.

  1. Open PowerShell as Administrator and run the following command to install the Windows Containers features:

    Install-WindowsFeature -Name Containers

  2. Restart the server to enable the Windows Containers feature.

  3. After restart, open PowerShell as Administrator and run the following command to install Docker Engine:

    Invoke-WebRequest -UseBasicParsing "https://raw.githubusercontent.com/microsoft/Windows-Containers/Main/helpful_tools/Install-DockerCE/install-docker-ce.ps1" -o install-docker-ce.ps1
    .\install-docker-ce.ps1

  4. Verify the installation by running the following command:

    docker version

    This should display the version of the Docker Engine.

Install Docker Compose

Docker Compose is a tool for defining and running multi-container Docker applications. It allows you to use a YAML file to configure your application's services.

  1. Open PowerShell as Administrator and run the following command to install Docker Compose:

    New-Item -ItemType Directory -Path C:\ProgramData\docker\cli-plugins\
    Invoke-WebRequest -UseBasicParsing "https://github.com/docker/compose/releases/latest/download/docker-compose-windows-x86_64.exe" -o C:\ProgramData\docker\cli-plugins\docker-compose.exe

  2. Verify the installation by running the following command:

    docker compose --version

    This should display the version of Docker Compose.

Set up working directory

Create a working directory for your installation:

New-Item -ItemType Directory -Path <workdir>
Set-Location -Path <workdir>

Configuration and Deployment

  1. Create the data directory:

    New-Item -ItemType Directory -Path <workdir>\data

  2. Download the Docker Compose file template for the supervisor, and put the files in the working directory.

  3. Configure the following variables in the .env file:

    Required variables

    Environment variableDescription
    FULLDATAPATHThe full (absolute) path to the directory which will store the persisted data. For example C:\Users\Administrator\linksight\data.
    ANALYSISHUB_FRONTEND_FQDNFully qualified domain name (FQDN) of the Analysis Hub. This will be used in the OIDC redirect URL if using an OIDC identity provider. E.g. https://my.domain-name.com or http://my.domain-name.com:8000. Make sure to configure ANALYSISHUB_PORT accordingly.
    DATASTATION_HOSTThe external public hostname/IP of the VM where other (external) data stations can reach the data station.

    Optional variables

    Environment variableDescription
    ANALYSISHUB_FRONTEND_TLS_CERTFILE, ANALYSISHUB_FRONTEND_TLS_KEYFILESet to secure the connection to the Analysis Hub with TLS. Leaving these variables empty results in connections without TLS.

    The certificate file should be a PEM encoded .crt file. The key file should be an unencrypted PEM encoded .key file. Encrypted key files are not supported.

    The files should be put in the <workdir>\data\analysis folder, after creating it:
    New-Item -ItemType Directory -Path <workdir>\data
    New-Item -ItemType Directory -Path <workdir>\data\analysis

    The ANALYSISHUB_FRONTEND_TLS_ variables can then be set to /data/<key>.key and /data/<cert>.crt (so without analysis in the path).
    ANALYSISHUB_AUTOCERT_ENABLEDEnable automatic certificate issuance from Let's Encrypt. Review page TLS for more info.
    ANALYSISHUB_AUTOCERT_HTTP01_ENABLEDEnable server for Let's Encrypt http-01 challenge responses on port 80. Enabled by default. Review page TLS for more info.
    ANALYSISHUB_AUTH_PROVIDERIdentity provider used for authentication to the Analysis Hub. The default value is linksight. Other options are localdb, microsoft, customoidc. See User Identity Management for more information on user identities and identity providers.
    ANALYSISHUB_AUTH_XXXDepending on the chosen identity provider, additional configuration might be required. Consult the User Identity Management page to learn more.
    ANALYSISHUB_PORTPort for the Analysis Hub frontend. Defaults to 8000.
    ANALYSISHUB_GRPC_PORTPort for the Analysis Hub backend gRPC server. Defaults to 8080.
    DATASTATION_ALTHOSTSAlternative hosts for the datastation, comma-separated. These will be used by internal components to route traffic internally.
    DATASTATION_HTTP_PORTPort for the data station mTLS HTTP server. Defaults to 8443. It should be externally accessible.
    DATASTATION_GRPC_PORTPort for the data station mTLS gRPC server. Defaults to 9090. It should be externally accessible.

Start components

  1. Pull the supervisor container image:

    docker compose pull
    info

    Downloading the container image may take several minutes, as the Windows base image is quite large.

  2. Start all components:

    docker compose up -d

  3. Check whether the frontend of the Analysis Hub is reachable (URL configured as ANALYSISHUB_FRONTEND_FQDN).

  4. Follow the instructions on the page to complete the registration for the Analysis Hub and data station (accepting the registration tokens on the Linksight Governance Hub).

  5. Check the logs to see whether all components have been registered successfully:

    docker compose logs -f
info

The Linksight software is now up and running! Follow the Next steps to configure the firewall (if applicable) and to register the nodes.

Next steps

  • Configure the server firewall. Note that this is different from the network firewall, which should be configured separately. See Required Connections & Firewall Rules

    • Allow traffic to ports 8443 and 9090: 
      netsh advfirewall firewall add rule name="Allow Linksight mTLS" dir=in action=allow protocol=TCP localport=8443
      netsh advfirewall firewall add rule name="Allow Linksight gRPC" dir=in action=allow protocol=TCP localport=9090

  • Register the nodes. Follow the instructions on the page Register nodes.