TABLE OF CONTENTS


Introduction and Product Overview

This document shall specifies all processes required to deploy VIDIZMO in AWS Cloud Infrastructure. The document also provides detailed information about available deployment options, security infrastructure and software licensing model and product activation.


VIDIZMO is a video platform software that unlocks the potential of video and digital media as per your organization requirements. VIDIZMO delivers your video and audio content with convenience in one consolidation platform. You may use AI technologies for automatic transcriptions, closed-captioning, translations, facial, speech and object recognition, and other smart features that help increase efficiency and reduce costs.


VIDIZMO Digital Evidence Management System (DEMS) simplifies and streamlines ever-increasing digital evidence by providing a robust platform to ingest, store, manage and share evidence in a centralized repository while ensuring the highest levels of security and compliance like CJIS. DEMS can be deployed on-premises, on cloud or in a hybrid infrastructure.


It is important to note that VIDIZMO software consists of VIDIZMO Application Server, VIDIZMO Content Processing Server, and Database Server.


Deployment Options

VIDIZMO application can be deployed in multiple availability zones (Multi-AZ) across different regions. The below figures illustrate an VIDIZMO deployment and deployment options in AWS. 


VIDIZMO Deployment (Infrastructure)


VIDIZMO Deployment (multi availability zones)


Prerequisites and Dependencies

This section provides detail about deployment prerequisites and dependencies:


Knowledge and Skills

Here is list of skills required for the deployment:

  • Familiarity with AWS Cloud services.
  • Familiarity with AWS VPC, EC2, RDS, Cloudfront and tools such as cloud formation.
  • Management of AWS VPC infrastructure and EC2 instances.
  • Networking fundamentals (optional).
  • Security fundamentals (optional).
  • Data storage fundamentals (optional).
  • Windows server management - MCSA (optional).
  • IIS (Internet Information Service) management  - MCSA (optional).
  • Knowledge about SSO protocols i.e. SAMLP, OIDC, etc.
  • Knowledge about database management i.e. MS SQL Server (optional).


AWS Cloud Requirements

Below resources are needed in AWS cloud for VIDIZMO deployment:

  • AWS account (with necessary IAM roles)
  • VPC and subnets
  • Network interfaces and security groups (as needed)
  • Load balancer and WAF
  • EC2 instances (Web app and content processing)
  • Amazon RDS (for SQL databases)
  • AWS Rekognition (for AI processing)
  • AWS S3 storage account
  • Cloudfront CDN


System Requirements (Environment)

Below are the system requirements needed for VIDIZMO deployment.


Application Server

  • Instance type: General Purpose (EBS optimized)
  • Instance size: t3.xlarge
  • CPU: At least 4 cores CPU, recommended 8 cores
  • RAM: Minimum 16 GB recommended 32 GB
  • Operating System: Windows Server 2019 or Windows Server 2022
  • VIDIZMO license: Yes
  • .NET Framework: Version 4.8 or later
  • .NET Core Hosting Bundle: Version 2.2.8
  • IIS (Internet Information Services): Version 11 or later
  • IIS (Internet Information Services): URL rewrite module

Note: Support for TLS 1.2 must be enabled on the web application system. In addition, you may disable support for TLS 1.0 and TLS 1.1 to mitigate security issues and vulnerabilities.


Content Processing Server

  • Instance type: General Purpose (EBS optimized)
  • Instance size: t3.xlarge
  • Operating System: Windows Server 2019 or Windows Server 2022
  • CPU: At least 8 cores CPU, recommended 16 cores
  • RAM: Minimum 32 GB recommended 64 GB
  • VIDIZMO license: Yes
  • .NET Framework: Version 4.8 or later
  • Python: Recent version
  • GPU: NVIDIA Cuda Toolkit 10.1 (driver software) – For GPU enabled systems only


Database Server (optional)

  • Operating System: Windows Server 2019 Standard or Datacenter Editions
  • .NET Framework: Version 4.8 or later
  • Database Management: SQL Server 2019
    Required features:
    • Database Engine Services
    • Full-Text and Semantic Extractions for Search
    • SQL Client Connectivity SDK

Amazon RDS

  • Instance class: db.t3.xlarge
  • Version support: SQL Server 2019


IAM (Identity and Access Management)

VIDIZMO environment will be deployed under AWS Account so it is assumed that there’s an existing AWS Cloud Account for deploying VIDIZMO with all required AWS based resources. This section documents requirement for IAM roles and provides information about IAM best practices.


IAM roles and policies

The following policies are needed for VIDIZMO deployment in AWS:

  • AmazonS3FullAccess: S3 bucket for content storage and AI processing
  • CloudFrontFullAccess: Content Delivery Network for serving content
  • AmazonEC2FullAccess: EC2 instances for hosting VIDIZMO services (web app and content processing)
  • AmazonRekognitionFullAccess: AI services (OCR, face Recognition, sentiments)


IAM Best Practices

To help secure your AWS resources, follow these recommendations for the AWS Identity and Access Management (IAM) service. To learn more, please navigate to following link: https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html


Server Licensing

VIDIMZO requires per server license activation. The app and encoder servers would need separate license activation procedures. For SaaS users, VIDIZMO offers subscription based licensing on per portal and per user basis. Web Application and content processing servers are deployed in IaaS model using AWS and uses PaaS components of AWS RDS (or MS SQL Server Instance) over consumption-based PaaS Services. Windows Server license is included with AWS Instance or Customer can supply their own License for installation.


Network Ports

VIDIZMO application has multiple services deployed on Application server that communicate services on other servers as well as the backend database server. These services use different ports on the network to communicate. Therefore, it is important that all the required network ports are open for communication.

VIDIZMO application has a web portal that would need to be accessible by the end users, therefore it must also be published on internet for users to access.


#

Port Description

Port Number

Source

Destination

Direction

1

Web

80

Any

Application Server

Inbound and outbound

2

Secure Web (Optional)

443

Any

Application Server

Inbound and outbound

3

Memcache

11211

Database Server and Encoder Server

Application Server

Inbound and outbound

4

SQL Port

1433

Application Server

SQL Server

Inbound and outbound

5

License Activation

80

Application Server

*.enterprisetube.com

Inbound and outbound

6

License Activation

443

Application Server

*.enterprisetube.com

Inbound and outbound

 

Application Requirements

After application resources have been deployed under AWS account, all VIDIZMO components would need to be configured. To continue configuring these components, VIDIZMO team will need following information mentioned in sections ahead.


DNS

One of the components of VIDIZMO stack includes Web Application which is deployed on IIS web server. The web application acts as the main User Interface (UI) for the user to interact with the application.

This DNS domain would be mapped to the Application Gateway’s front-end public IP address. Customers will provide the DNS domain name and configure appropriate DNS records with their provider to create URL mapping for VIDIZMO Application. Please read article to learn more.


TLS Certificate for Web Application

To protect Web Application and encrypt data in transit, TLS certificate for the domain name provided must be deployed and configured in IIS (Internet Information Services) i.e. Web Server. This certificate will then be configured in the application and VIDIZMO’s main portal. 


SMTP

VIDIZMO application sends out emails to its users on various events based on the user’s actions. For it to deliver those emails, SMTP server is required to send out email notifications. 

This SMTP server would be configured in customer portal. The SMTP servers may have to whitelist VIDIZMO server relaying emails to them, which would be the responsibility of customers IT team.  The customer will supply SMTP configuration for VIDIZMO Application.


Security

This section provides detail about security infrastructure:

Database Encryption

All data including passwords, user profiles, and sensitive content information can be encrypted using AES256 and 3DES encryption.

Content Encryption

VOD as well as live content will be AES 128 encrypted. All content will be encrypted using a unique key. This will provide added security for all the content in case a key is compromised. In such scenario, Administrators will be able to regenerate encryption key, ensuring continuous security.

Transport Encryption (HTTPS)

The web application primarily uses HTTPS so that all website data is encrypted with SSL and TLS in transit.


Troubleshooting

Below is the check-list of items considered for reviewing system health.


URL Accessibility

Check if you can access the web application by navigating in your web browser. You may consider adding HTTP check in your existing alerting system or a network monitoring system to keep track of website uptime and downtime as needed.


Server Utilization

Check and verify utilization of your server hardware to look for any performance based bottlenecks. You can check follokwing items on your server system to keep track of hardware resource utilization.

  • CPU usage
  • Memory usage
  • Disk (I/O) usage
  • Network usage


Process Status

All VIDIZMO components work together in form of processes which run in the background for the software solution to operate normally. You should periodically check the status of VIDIZMO services, the following VIDIZMO services should be in running state.

  • VIDIZMOWebApplication.exe
  • VIDIZMOCaching.exe
  • VIDIZMOWorkflowEngine.exe
  • VIDIZMONotification.exe
  • VIDIZMOScheduler.exe


Event Logs

VIDIZMO application registers its event source as "Vidizmo Web" to provide application related logs in events viewer. The logging level is configured to capture error messages produced by VIDIZMO application. Other than Vidizmo Web as your event source, your may find VIDIZMO service related information, warning and/or error messages that contribute to your troubleshooting and health diagnostic procedures.


Security Assessment

Perform periodic security checks on your VIDIZMO web application and make sure the security settings comply to industry standard OWASP security rules. Well known security expoits include Cross-site Scripting, SQL Injection, etc. You may use NMAP security assessment and vulneribility testing to perform periodic security checks.


SSL Certificate

Check and verify the SSL certificate for nearby expiration date. You should check the SSL cert that is tied to your website URL. Nearby expiration should immediately addressed because cert expiration can take down all HTTPS transmissions and could cause accessibility issues on the website.


Connectivity Test

Ensure availability of web and database services. Perform connectivity test on periodic basis to test external connectivity to web application and your database system, you may use below tooling to conduct connectivity test on web app and database engine.

  • TELNET (for connecting to host)
  • Wget/cURL (for connecting to HTTP/HTTPS)
  • Database connection pool
  • MQ (Message Queue) channel status


Business Continuity

As mentioned earlier, VIDIZMO consists of web application and database systems. To enable backup protection and disaster solutions, you would need to protect both application and database server systems.


Backup and Restore

To enable backup protection on VIDIZMO application and database systems, please see below information:


Web Application (Web Server)

This section provides information about backup and restore procedures for the web application server.


Backup your web server

VIDIZMO uses IIS (Internet Information Service) as the web server to host VIDIZMO website. Backup of website data and configuration running on IIS consists of several steps:

  • Backup of website files (VIDIZMO website files are typically stored in %SystemDrive% \VIDIZMO). This directory must be included to the backup plan to create its copy using backup tools or your own scripts
  • Backup (export) of current IIS certificates (you can get the list of SSL certificates on the server using this command: netsh http show sslcert)
  • Backup of IIS configuration (settings)

Reference: https://docs.microsoft.com/en-us/troubleshoot/aspnet/back-up-configuration-files


Restore your web server

To restore your recent web server backups, the following items would need to be restored:

  • Restore of website files (VIDIZMO website files are typically stored in %SystemDrive% \VIDIZMO).
  • Restore (import) of current IIS certificates.
  • Restore of IIS configuration (settings).

Database Server (SQL Server)

This section provides understanding about backup and restore procedures for SQL server system.


Backup your VIDIZMO database

VIDIZMO databases are hosted in SQL server system. You can schedule automated backups in SSMS (SQL Server Management Studio).


Reference: https://docs.microsoft.com/en-us/troubleshoot/sql/admin/schedule-automate-backup-database


Restore your VIDIZMO database

You would need to manually perform steps to restore your database backup from an earlier point-in-time backup.


Reference:


Backup Frequency (Example Backup Policy)

How often you backup your databases? It depends on how large your databases are, how important your data is and how frequently updates are commited to your databases. Here's an example backup policy (applies as a standard practice):


Backup Policy-1

Type: FULL

Frequency: 24-hours


Backup Policy-2

Type: Differential

Frequency: 3-hours


RPO (Recovery Point Objective)

RPO is about how much data you afford to lose before it impacts business operations. The RPO timeline is based on the type of backup policy that is implemented on VIDIZMO system.


RTO (Recovery Time Objective)

RTO is the timeframe within which application and systems must be restored after an outage. The RTO timeline is based on the type of backup policy that is implemented on VIDIZMO system.


DRP (Disaster Recovery Plan)

You can setup a DR site with identical systems for servicing website operations when primary site is down. You can move your web traffic towards your DR site when your primary site is temporarily down or under maintenance. VIDIZMO support on-premise dual server HA + DR deployment options.


Reference: https://help.vidizmo.com/support/solutions/folders/17000136108


VIDIZMO Software Upgrade

VIDIZMO Software Update and Upgrade mechanism is generally a simple and straightforward process. However, in case of dedicated deployments where other enterprise systems may be integrated such as Active Directory, SharePoint, LMS, etc. or where there is a considerable impact of change, it may result in unwanted or unexpected results. Thus, VIDIZMO recommends its enterprise customers to implement a separate staging environment where these changes can be tested and accepted via coordinated UAT (User Acceptance Testing) efforts before being rolled out into a production environment.


Software Update Frequency

VIDIZMO software “Patch” is normally rolled out when software bug(s) have been identified that are either “Critical’ or “Showstoppers” in nature. Such bugs might cause normal operations of software to cease. In such cases, VIDIZMO team quickly resolves the bug with either a temporary or a permanent fix and releases a software Patch to be installed on VIDIZMO instances. Patch release frequency is not predefined since patches are released depending upon the nature of the situation. However, based on past experiences, VIDIZMO may need to roll out a “Patch” once in a year.

A VIDIZMO software “Update” typically bundles together multiple “low” or “medium” severity bugs and/or minor improvements in the features or the working of the software. These updates are normally scheduled and planned ahead of their release dates. The frequency of such an update to be rolled out is every 2-3 months.

The identification and notification of bugs or software changes can either be performed by internal VIDIZMO teams including QA, development, and technical support during normal operations, or the customers and their end users during regular use of the VIDIZMO software. In such a  case end users typically reach out to VIDIZMO support teams. Each reported issue is given an extensive drill down by VIDIZMO teams to determine whether its resolution requires a patch or an update. A representation of VIDIZMO’s tiered support model is given below for reference.



Update Management

VIDIZMO software has a built-in VIDIZMO Update Service (VUS) that allows IT Administrators to schedule automatic installation of updates on specified times or download updates only without installing them if the update is to be installed manually at any time.

This component is responsible for routinely checking for any new updates and installing them automatically on VIDIZMO servers. VUS will check for new updates or patches from time to time by connecting to central VIDIZMO update servers (enterprisetube.com and vidizmo.com). Based on the version installed and customer’s license privileges, VUS automatically downloads any pending “Updates” or “Patches". IT administrators can define the action to be taken by the VUS once the software updates or patches are delivered. These actions include “Download & Install” or “Download Only.”

If the IT admin selects “Download & Install,” they can further configure the scheduled date and time for the automatic installation of the new updates. These options are available under System Configuration >> App Config >> Scheduled Tasks tab.

IT Administrators can also configure the local storage location where the updates are downloaded and stored by the VUS.


VIDIZMO License Management

VIDIZMO Licensing is based on the deployment model. Each plan includes enough storage, bandwidth, encoding and streaming bandwidth suitable for the purchased plan. The customer has the option to add users, storage, encoding and bandwidth as desired. Artificial Intelligence features such as Machine transcription are also available as an optional feature.


Under Dedicated deployments including Customer's Cloud or On-Premises, VIDIZMO software is licensed as follows:


  • Base Server Software License - (cost varies by product type i.e. MediaTube, EnterpriseTube, Virtual Academy) and number of Portals.
  • User/Client Access Licenses also known as CAL - (Registered and Active User Models are also available. Cost also varies by the product type).
  • Setup & Configuration (One Time).
  • Standard Support is included, however, the customer has the option to purchase Premier and Premier Plus Support
    Optional Add-Ons (such as eCDN, VIDIZMO SharePoint Video App.
  • A customer interested in dedicated deployment can deploy easily all VIDIZMO Solutions from Microsoft Azure & AWS Marketplaces.
  • A customer chooses a dedicated deployment model for various reasons, including but not limited to, more control over privacy, security, compliance, software upgrade/release cycle, and control variable cloud consumption costs.
  • We license on-premise and private cloud software on annual subscription.

VIDIZMO SaaS model is licensed on a Yearly Software Subscription plan, dedicated deployments typically require a 3-year licensing plan. Perpetual license is also available under a dedicated deployment model. Standard Support is available throughout the licensed period. To learn about support options, please visit https://www.vidizmo.com/support/support-plans/


VIDIZMO Cost Structure

This section provides detail about product cost structure:

Licensing Cost

  • Server license (web application):
  • Server license (content processing):

Billable Services

The customers are billed as per usage on the basis of following services:

  • Storage
  • Bandwidth
  • Transcoding
  • AI processing
  • User count


VIDIZMO Support Model

VIDIZMO offers the following support models:


VIDIZMO Fully Managed

VIDIZMO team installs, manages, and maintains VIDIZMO Software on either VIDIZMO's shared Azure Cloud, in the customer’s cloud (under Bring Your Own Cloud Model) such as Microsoft Azure or On-Premises. VIDIZMO team provides 1st, 2nd, and 3rd tier support on a fully managed yearly software as a subscription model.


VIDIZMO Managed

VIDIZMO team installs all software, provides quarterly and yearly software upgrades, as well as 2nd tier and 3rd tier support. 1st tier support is provided by Customer IT.


Customer Managed

VIDIZMO team provides software to the Customer’s IT. Customer’s IT installs, updates and supports software in 1st and 2nd tier support. VIDIZMO provides some 2nd and all 3rd tier support and all/any software updates. VIDIZMO does not have access to the installed software.

For more details on the tiered support model and multiple support SLAs offered by VIDIZMO, please visit the following links: http://www.vidizmo.com/support/tiered-support/.


Enterprise Support Policy

Normally, our support is avaiable Monday thru Friday between 9 AM EST to 6 PM EST. Emergency support staff is available outside of normal working hours for customers on contract basis.


To receive support for your VIDIZMO software deployment, please contact support@vidizmo.com.


--End of document--