Skip to main content

SDR orchestrator FAQ Private Preview

Find answers to common questions about troubleshooting and monitoring the SDR Orchestrator.

Did you know?

Some capabilities shown here may require additional enablement or licensing. Contact your Atlan representative for details.

General

What are minimum VM requirements?

The SDR Orchestrator itself needs 0.5 vCPU, 256 MB RAM, and ~500 MB disk. Each connector app adds 0.5–1 vCPU, 512 MB–1 GB RAM, and ~1–2 GB disk on top of that. For example, a VM running the SDR Orchestrator plus 3 apps needs at least 2 vCPUs, 4 GB RAM, and 20 GB disk.

Size your VM based on the total number of apps you plan to run. See System requirements for the full breakdown.

What state does SDR store on my VM?

The SDR stores minimal state on your VM:

PathContentsBackup needed?
/mnt/config/config.yamlYour infrastructure config (read-only mount)Yes—this is your only config file
/mnt/deployments/Generated per-app deployment directories (docker-compose, .env, Dapr components)No—the SDR regenerates these on deploy

There's no database or persistent state beyond these two paths. If the VM is lost, re-run the SDR with the same config.yaml and Atlan re-deploys the apps automatically.

Can I run multiple SDR instances on one VM?

Each SDR instance manages apps on one VM. You can't run two SDR instances with the same deployment_name.

For multiple VMs, use a unique deployment_name per VM (for example, mycompany-ec2-prod, mycompany-ec2-staging). Each appears as a separate SDR in the Atlan UI under Settings > Self-Deployed Runtimes.

Troubleshooting

Permission denied on socket

If you see permission denied when the SDR tries to manage containers:

  • Docker: Make sure you included --group-add $(getent group docker | cut -d: -f3) in the docker run command. This gives the SDR permission to use the Docker socket.
  • Podman: Verify the socket exists at /run/user/$(id -u)/podman/podman.sock and that you started the socket with systemctl --user enable --now podman.socket.

SDR shows as Disconnected in Atlan UI

  • Check that outbound HTTPS and gRPC (port 443) aren't blocked by your firewall or security group.
  • Verify the TEMPORAL_HOST environment variable points to your Atlan Temporal endpoint.
  • Check SDR logs: docker logs atlan-sdr-{deployment_name} (or podman logs atlan-sdr-{deployment_name})—look for connection errors.

Image pull fails

  • Verify you ran docker login -u atlanhq with the correct PAT before starting the SDR.
  • If using a private registry, check that container_registry.base, username, and password are correct in config.yaml.

Monitoring

How do I monitor SDR?

Monitor the SDR container with standard Docker/Podman tooling:

  • Container status: docker ps | grep atlan-sdr or podman ps | grep atlan-sdr

  • Resource usage:

    # Docker:
    docker stats atlan-sdr-{deployment_name}

    # Podman:
    podman stats atlan-sdr-{deployment_name}

  • Logs:

    # Docker:
    docker logs --tail=100 -f atlan-sdr-{deployment_name}

    # Podman:
    podman logs --tail=100 -f atlan-sdr-{deployment_name}

What log lines do I watch for?

Log messageMeaning
Connected to TemporalSDR successfully connected to Atlan—healthy
Worker startedSDR is polling for tasks—healthy
connection refusedCan't reach Temporal endpoint—check firewall/DNS
permission deniedSocket access issue—check --group-add or Podman socket
pull access deniedRegistry auth failed—check docker login or container_registry in config

The SDR doesn't expose a metrics endpoint. Monitor it externally via container health status and log aggregation (for example, docker logs piped to your logging infrastructure).

See also