TABLE OF CONTENTS


Introduction

This document explains detailed technical requirements and deployment guidelines for the deployment of VIDZMO V7 In an AWS cloud Infrastructure.


For VIDIZMO related information, please see below.


For AWS related help, please visit https://docs.aws.amazon.com/.


Product Overview

This document covers the deployment of following VIDIZMO V7 products:

  • EVCM (Enterprise Video Content Management)
  • DEM (Digital Evidence Management)
  • VIDIZMO Virtual Academey (For education and trainings)


Prerequisites and Dependencies

In this section, we will talk about VIDIZMO production environment that will be hosted under AWS Account. Deployment of VIDIZMO application requires multiple skill set ranging from understanding technical requirements and deployment of core network infrastructure and systems such as database server, web application system and video transcoding and streaming as well as hardening of the deployed solution.


Deployment Timeline

We have estimated below timelines for the deployment:


VIDIZMO deployment using manual steps:

  • Deployment of VIDIZMO database server: 30 minutes
  • Deployment of AWS resources: 30 minutes 
  • Deployment of VIDIZMO content processing system: 30 minutes
  • Deployment of VIDIZMO web application: 30 minutes 


VIDIZMO deployment using AWS Marketplace:

  • Deployment of VIDIZMO DEM (Digital Evidence Management): 30 minutes
  • Deployment of VIDIZMO EVCM (Enterprisetube - Video and Content Management): 30 minutes


Knowledge and Skills

Here is list of skills required for the deployment:

  • Familiarity with AWS Cloud services.
  • Familiarity with AWS VPC, EC2, RDS, Cloudfront and tools such as cloud formation.
  • Management of AWS VPC infrastructure and EC2 instances.
  • Networking fundamentals (optional).
  • Security fundamentals (optional).
  • Data storage fundamentals (optional).
  • Windows server management - MCSA (optional).
  • IIS (Internet Information Service) management  - MCSA (optional).
  • Knowledge about SSO protocols i.e. SAMLP, OIDC, etc.
  • Knowledge about database management i.e. MS SQL Server (optional).


IAM (Identity and Access Management)

VIDIZMO environment will be deployed under AWS Account so it is assumed that there’s an existing AWS Cloud Account for deploying VIDIZMO with all required AWS based resources. This section documents requirement for IAM roles and provides information about IAM best practices.


IAM Roles

For VIDIZMO team to work on the AWS Infrastructure from creating resources, and configuring them following individuals must be given access to the AWS Account. The customer would have to create a policy for required resources accordingly.


ResourceEmail AddressIAM Role







IAM Best Practices

To help secure your AWS resources, follow these recommendations for the AWS Identity and Access Management (IAM) service.


Lock away your AWS account root user access keys

You use an access key (an access key ID and secret access key) to make programmatic requests to AWS. However, do not use your AWS account root user access key. The access key for your AWS account root user gives full access to all your resources for all AWS services, including your billing information. You cannot reduce the permissions associated with your AWS account root user access key.

Therefore, protect your root user access key like you would your credit card numbers or any other sensitive secret. Here are some ways to do that:

  • If you don't already have an access key for your AWS account root user, don't create one unless you absolutely need to. Instead, use your account email address and password to sign in to the AWS Management Console and create an IAM user for yourself that has administrative permissions.
  • If you do have an access key for your AWS account root user, delete it. If you must keep it, rotate (change) the access key regularly. To delete or rotate your root user access keys, go to the My Security Credentials page in the AWS Management Console and sign in with your account's email address and password. You can manage your access keys in the Access keys section. For more information about rotating access keys, see Rotating access keys.
  • Never share your AWS account root user password or access keys with anyone. The remaining sections of this document discuss various ways to avoid having to share your AWS account root user credentials with other users. They also explain how to avoid having to embed them in an application.
  • Use a strong password to help protect account-level access to the AWS Management Console. For information about managing your AWS account root user password, see Changing the AWS account root user password.
  • Enable AWS multi-factor authentication (MFA) on your AWS account root user account. For more information, see Using multi-factor authentication (MFA) in AWS.


Create individual IAM users

Don't use your AWS account root user credentials to access AWS, and don't give your credentials to anyone else. Instead, create individual users for anyone who needs access to your AWS account. Create an IAM user for yourself as well, give that user administrative permissions, and use that IAM user for all your work.


By creating individual IAM users for people who access your account, you can give each IAM user a unique set of security credentials. You can also grant different permissions to each IAM user. If necessary, you can change or revoke an IAM user's permissions anytime. (If you give out your root user credentials, it can be difficult to revoke them, and it is impossible to restrict their permissions.)


We recommend that you create new users without permissions and require them to change their password immediately. After they sign in for the first time, you can add policies to the user.


Note: Before you set permissions for individual IAM users, see the next point about user groups.



Use user groups to assign permissions to IAM users

Instead of defining permissions for individual IAM users, it's usually more convenient to create user groups that relate to job functions (administrators, developers, accounting, etc.). Next, define the relevant permissions for each user group. Finally, assign IAM users to those user groups. All the users in an IAM user group inherit the permissions assigned to the user group. That way, you can make changes for everyone in a user group in just one place. As people move around in your company, you can simply change what IAM user group their IAM user belongs to.



Grant least privilege

When you create IAM policies, follow the standard security advice of granting least privilege, or granting only the permissions required to perform a task. Determine what users (and roles) need to do and then craft policies that allow them to perform only those tasks.


Start with a minimum set of permissions and grant additional permissions as necessary. Doing so is more secure than starting with permissions that are too lenient and then trying to tighten them later. IAM provides several options to help you refine the permissions that you grant.


  • Understand access level groupings – You can use access level groupings to understand the level of access that a policy grants. Policy actions are classified as List, Read, Write, Permissions management, or Tagging. For example, you can choose actions from the List and Read access levels to grant read-only access to your users.
  • Validate your policies – You can perform policy validation using IAM Access Analyzer when you create and edit JSON policies. We recommend that you review and validate all of your existing policies. IAM Access Analyzer provides over 100 policy checks to validate your policies. It generates security warnings when a statement in your policy allows access we consider overly permissive. You can use the actionable recommendations that are provided through the security warnings as you work toward granting least privilege.
  • Generate a policy based on access activity – To help you refine the permissions that you grant, you can generate an IAM policy that is based on the access activity for an IAM entity (user or role). IAM Access Analyzer reviews your AWS CloudTrail logs and generates a policy template that contains the permissions that have been used by the entity in your specified time frame. You can use the template to create a managed policy with fine-grained permissions and then attach it to the IAM entity. That way, you grant only the permissions that the user or role needs to interact with AWS resources for your specific use case.
  • Use last accessed information – Another feature that can help with least privilege is last accessed information. View this information on the Access Advisor tab on the IAM console details page for an IAM user, group, role, or policy. Last accessed information also includes information about the actions that were last accessed for some services, such as Amazon EC2, IAM, Lambda, and Amazon S3. If you sign in using AWS Organizations management account credentials, you can view service last accessed information in the AWS Organizations section of the IAM console. You can also use the AWS CLI or AWS API to retrieve a report for last accessed information for entities or policies in IAM or Organizations. You can use this information to identify unnecessary permissions so that you can refine your IAM or Organizations policies to better adhere to the principle of least privilege.
  • Review account events in AWS CloudTrail – To further reduce permissions, you can view your account's events in AWS CloudTrail Event history. CloudTrail event logs include detailed event information that you can use to reduce the policy's permissions. The logs include only the actions and resources that your IAM entities need.



Get started using permissions with AWS managed policies

Providing your employees with only the permissions they need requires time and detailed knowledge of IAM policies. Employees need time to learn which AWS services they want or need to use. Administrators need time to learn about and test IAM.

To get started quickly, you can use AWS managed policies to give your employees the permissions they need to get started. These policies are already available in your account and are maintained and updated by AWS.



Validate your policies

It is a best practice to validate the policies that you create. You can perform policy validation when you create and edit JSON policies. IAM identifies any JSON syntax errors, while IAM Access Analyzer provides over 100 policy checks and actionable recommendations to help you author secure and functional policies. We recommend that you review and validate all of your existing policies.



Use access levels to review IAM permissions

To improve the security of your AWS account, you should regularly review and monitor each of your IAM policies. Make sure that your policies grant the least privilege that is needed to perform only the necessary actions. When you review a policy, you can view the policy summary that includes a summary of the access level for each service within that policy. AWS categorizes each service action into one of five access levels based on what each action does: List, Read, Write, Permissions management, or Tagging. You can use these access levels to determine which actions to include in your policies.



Configure a strong password policy for your users

If you allow users to change their own passwords, create a custom password policy that requires them to create strong passwords and rotate their passwords periodically. On the Account Settings page of the IAM console, you can create a custom password policy for your account. You upgrade from the AWS default password policy to define password requirements, such as minimum length, whether it requires nonalphabetic characters, and how frequently it must be rotated.



Enable MFA

For extra security, we recommend that you require multi-factor authentication (MFA) for all users in your account. With MFA, users have a device that generates a response to an authentication challenge. Both the user's credentials and the device-generated response are required to complete the sign-in process. If a user's password or access keys are compromised, your account resources are still secure because of the additional authentication requirement.


The response is generated in one of the following ways:

  • Virtual and hardware MFA devices generate a code that you view on the app or device and then enter on the sign-in screen.
  • U2F security keys generate a response when you tap the device. The user does not manually enter a code on the sign-in screen.

For privileged IAM users who are allowed to access sensitive resources or API operations, we recommend using U2F or hardware MFA devices.



Use roles for applications that run on Amazon EC2 instances

Applications that run on an Amazon EC2 instance need credentials in order to access other AWS services. To provide credentials to the application in a secure way, use IAM roles. A role is an entity that has its own set of permissions, but that isn't a user or user group. Roles also don't have their own permanent set of credentials the way IAM users do. In the case of Amazon EC2, IAM dynamically provides temporary credentials to the EC2 instance, and these credentials are automatically rotated for you.

When you launch an EC2 instance, you can specify a role for the instance as a launch parameter. Applications that run on the EC2 instance can use the role's credentials when they access AWS resources. The role's permissions determine what the application is allowed to do.



Use roles to delegate permissions

Don't share security credentials between accounts to allow users from another AWS account to access resources in your AWS account. Instead, use IAM roles. You can define a role that specifies what permissions the IAM users in the other account are allowed. You can also designate which AWS accounts have the IAM users that are allowed to assume the role. To learn whether principals in accounts outside of your zone of trust (trusted organization or account) have access to assume your roles.



Do not share access keys

Access keys provide programmatic access to AWS. Do not embed access keys within unencrypted code or share these security credentials between users in your AWS account. For applications that need access to AWS, configure the program to retrieve temporary security credentials using an IAM role. To allow your users individual programmatic access, create an IAM user with personal access keys.



Rotate credentials regularly

Change your own passwords and access keys regularly, and make sure that all IAM users in your account do as well. That way, if a password or access key is compromised without your knowledge, you limit how long the credentials can be used to access your resources. You can apply a custom password policy to your account to require all your IAM users to rotate their AWS Management Console passwords. You can also choose how often they must do so.



Remove unnecessary credentials

Remove IAM user credentials (passwords and access keys) that are not needed. For example, if you created an IAM user for an application that does not use the console, then the IAM user does not need a password. Similarly, if a user only uses the console, remove their access keys. Passwords and access keys that have not been used recently might be good candidates for removal. You can find unused passwords or access keys using the console, using the CLI or API, or by downloading the credentials report.



Use policy conditions for extra security

To the extent that it's practical, define the conditions under which your IAM policies allow access to a resource. For example, you can write conditions to specify a range of allowable IP addresses that a request must come from. You can also specify that a request is allowed only within a specified date range or time range. You can also set conditions that require the use of SSL or MFA (multi-factor authentication). For example, you can require that a user has authenticated with an MFA device in order to be allowed to terminate an Amazon EC2 instance.



Monitor activity in your AWS account

You can use logging features in AWS to determine the actions users have taken in your account and the resources that were used. The log files show the time and date of actions, the source IP for an action, which actions failed due to inadequate permissions, and more.


Logging features are available in the following AWS services:


  • Amazon CloudFront – Logs user requests that CloudFront receives.
  • AWS CloudTrail – Logs AWS API calls and related events made by or on behalf of an AWS account.
  • Amazon CloudWatch – Monitors your AWS Cloud resources and the applications you run on AWS. You can set alarms in CloudWatch based on metrics that you define.
  • AWS Config – Provides detailed historical information about the configuration of your AWS resources, including your IAM users, user groups, roles, and policies. For example, you can use AWS Config to determine the permissions that belonged to a user or user group at a specific time.
  • Amazon Simple Storage Service (Amazon S3) – Logs access requests to your Amazon S3 buckets.


Infrastructure Licensing

VIDIMZO Web Application is deployed in IaaS model using AWS and uses PaaS components of AWS RDS (or MS SQL Server Instance) while AWS Media Services is consumption-based PaaS Services. Windows Server license is included with AWS Instance or Customer can supply their own License to install.


HA Server Deployment

VIDIZMO will be deployed using a Highly Available architecture using AWS Application Gateway and EC2 Auto-Scaling. VIDIZMO will configure scaling policies to auto-scale additional instances to manage workloads during live events with large audiences. These instances will be made available as per workload and will help reduce infrastructure cost. 

VIDIZMO leverages AWS S3 redundancy and disaster recovery features and extend the same to its customers. All AWS Storage can be created with CRR (Cross-Region Replication), allowing data replication within primary data center and secondary data center.

https://aws.amazon.com/cloudendure-disaster-recovery/


Infrastructure Requirements

This section provides information about infrastructure requirements and deployment details.


Infrastructure Resources

Most of the infrastructure will be deployed in AWS cloud.

VIDIZMO Production environment will consist of the following components:

  • AWS account.
  • VPC network, subnets and security groups.
  • EC2 instances running Windows Server 2019 systems.
  • Application load balancer with WAF.
  • Amazon S3 buckets.
  • AWS Elemental.
  • AWS Rekognition.
  • AWS Cloudfront.
  • Amazon RDS (database service).
  • Software licenses.

Here’s the list of every main resource along with their specification, purpose and description that will be deployed under the AWS during deployment of VIDIZMO production environment.


Service type

Region

Description

Usage

Auto Scaling

East US

2 instances t3.xlarge (4 vCPUs, 16 GB RAM); Windows Server 2019 (OS Only), 1 managed OS disk P30

Hosts all Application components for Production environment 

S3 Storage

East US

Low latency and high throughput performance.

Designed for durability of 99.99% of objects across multiple Availability Zones.

Resilient against events that impact an entire Availability Zone.

Designed for 99.99% availability over a given year.

Backed with the Amazon S3 Service Level Agreement for availability.

Supports SSL for data in transit and encryption of data at rest.

S3 Lifecycle management for automatic migration of objects to other S3 Storage Classes.

Host all the content for production environment 

Bandwidth

East US

Up to 5 Gbps

Volume of information that can be sent over a connection in a measured amount of time.

Instance SQL Database

East US

Amazon RDS to host 2 Databases, or using Microsoft SQL Server 2019 inside a Windows Server 2019 EC2 instance.

Hosts all VIDIZMO databases for Production environment.

Content Delivery Network

 East US

Amazon Cloud Front for delivering high-bandwidth video content.

CDN solution for delivering high-bandwidth content.

Content Delivery Network

East US

We can use S3 Storage as a CDN for servicing static website content.

Static Content Delivery for VIDIZMO Web

Application Gateway

East US

An Application Gateway with Web Application Firewall that incorporate standard OWASP 3.0 security rules.

Provides protection for your web applications from common exploits and vulnerabilities

AWS

Rekognition

East US

AWS Rekignition for AI-Powered Audio and Video Analysis.

Transcription and translation for on-demand content only.

Note: Please refer to the network ports section (below) to understand port access requirements. 



Network Ports

VIDIZMO application has multiple services deployed on Application server that communicate services on other servers as well as the backend database server. These services use different ports on the network to communicate. Therefore, it is important that all the required network ports are open for communication.

VIDIZMO application has a web portal that would need to be accessible by the end users, therefore it must also be published on internet for users to access.


#

Port Description

Port Number

Source

Destination

Direction

1

Web

80

Any

Application Server

Inbound and outbound

2

Secure Web (Optional)

443

Any

Application Server

Inbound and outbound

3

Memcache

11211

Database Server and Encoder Server

Application Server

Inbound and outbound

4

SQL Port

1433

Application Server

SQL Server

Inbound and outbound

5

License Activation

80

Application Server

*.enterprisetube.com

Inbound and outbound

6

License Activation

443

Application Server

*.enterprisetube.com

Inbound and outbound

 


Operating System (OS) Requirements

This section provides information about supported operating systems and other software requirements:

Database Server (optional)

  1. Operating System: Windows Server 2019 Standard or Datacenter Editions
  2. .NET Framework: Version 4.8 or later
  3. Database Management: SQL Server 2019
    Required features:
    1. Database Engine Services
    2. Full-Text and Semantic Extractions for Search
    3. SQL Client Connectivity SDK

Content Processing Server

Below are the OS and software requirements for content processing server.

  1. Operating System: Windows Server 2019 Standard or Datacenter Editions
  2. .NET Framework: Version 4.8 or later
  3. .NET Core Hosting Bundle: Version 2.2.8
  4. Python: Recent version
  5. GPU: NVIDIA Cuda Toolkit 10.1 (driver software) – For GPU enabled systems only

Application Server

Below are the OS and software requirements for web application server.

  1. Operating System: Windows Server 2019 Standard or Datacenter Editions
  2. .NET Framework: Version 4.8 or later
  3. .NET Core Hosting Bundle: Version 2.2.8
  4. IIS (Internet Information Services): Version 11 or later
  5. IIS (Internet Information Services): URL rewrite module

Note: Support for TLS 1.2 must be enabled on the web application system. In addition, you may disable support for TLS 1.0 and TLS 1.1 to mitigate security issues and vulnerabilities.



Application Architecture

VIDIZMO application is highly modularized application broken down into multiple components. These components are developed in different technologies however, a bulk of them is developed in .NET framework. 

Each component has a specific role and purpose that it must perform for the entire system to function. Because of the componentized nature of application, it becomes easier to configure, control and modify the flow of the application based on the customer’s requirements. 

Here is a conceptual diagram of the major components involved that together make up VIDIZMO stack.



Web Application

One of the components of VIDIZMO stack includes Web Application, which is deployed on IIS web server. The web application acts as the main User Interface for the user to interact with the application. VIDIZMO web application user interface provides a platform with all the tools necessary for EVCM (Enterprise Video Content Management) system.

Workflow Service

Workflow Service is used to manage various time-consuming processes by breaking them down into activities and managing them separately for a better track of progress. Examples of such processes including Transcoding, AI processing etc. 

Scheduler Service

Scheduler Service is used to manage various clock-sensitive processes by refreshing fetched results like analytics, reports, and content purge.

Notification Service

Notification Service is used to ping databases for any changes that lead to an email alert generation. It is also used for sending out email notifications to users.

Caching Service

The caching service is used to manage application's memcache. Memcache temporarily stores all data that is frequently requested from the database to provide faster application processing and lower latency.



Deployment Overview

As described earlier, VIDIZMO Application will be hosted on AWS cloud. The AWS infrastructure resources such as VPC, EC2 (auto-scale) instances, RDS Instance, Network Security Groups, etc. must be available before you proceed with the software deployment.


VIDIZMO AWS Architecture Diagram

Below diagram illustrates a typical VIDIZMO deployment model in AWS cloud environment:



AWS Resources Requirements

Here is an itemized list of all AWS resources needed to deploy VIDIZMO and their purpose:


  • Virtual Private Cloud (VPC) and subnet: A VPC with subnet is needed for creating AWS resources which are required to deploy VIDIZMO application.
  • Amazon RDS instance (SQL Databases): The AWS RDS Instance would host VIDIZMO databases (SQLdatabases) that the web application and content processing instances connect before VIDIZMO application can be functional and operational.
  • Application Load Balancer (front-end): The load balancer would accept incoming web traffic and distribute it across web application autoscale instances.
  • Web Application Firewall: AWS Web Application Firewall (WAF) is an optional addition to AWS Application Load Balancer (Application Gateway) to provide inspection of HTTP request and prevent malicious attacks at the web layer such as SQL Injection or Cross-Site Scripting.
  • Network Security Group: The Network Security Group (NSG) contains security rules that allow or deny inbound network traffic to AWS based resources.
  • Web Application Auto-Scale Instances: The web application auto-scale instances are web servers that host the VIDIZMO web application website and service it for end-users. The web server systems scale-out and scale-in to provide optimal performance as needed by distributing workload across multiple instances and reduce the amount of instances when there is no or less workload.
  • Encoder Server Auto-Scale Instances: The encoder server auto-scale instances are content processing systems that process various workflows initiated by users. Content Processing and Encoding are hardware resource-consuming (CPU and GPU) processes. Dedicated machines for this purpose improves performance of the application more efficiently. The content processing systems scale-out and scale-in to provide optimal performance as needed by distributing workload across multiple instances and reduce the amount of instances when there is no or less workload.
  • Cloudfront: The content that users view and/or playback in VIDIZMO application is served from CDN resource. This CDN improves performance of content delivery to users in different geographic regions.
  • AWS Elemental: The VIDIZMO application uses AWS Elemental Media Convert services for video transcoding with broadcast-grade features. It also allows easily create video-on-demand (VOD) content for broadcast and multiscreen delivery.
  • AWS Rekognition (AI): VIDIZMO leverages AWS Rekognition service to process AI (Artificial Intelligence) on content such as Video, Audio and Images for Video, Audio and Image analysis. VIDIZMO uses Amazon Rekognition to detect real-world objects and faces. VIDIZMO application stores the information returned from Amazon Rekognition, users could then query their content with a specific object or face.
  • AWS S3 Storage: This is where customers content is stored. All content such as videos, audios and images uploaded by users is stored in Amazon S3 Storage. An Amazon S3 bucket is created on a per tenant basis in VIDIZMO application.


Deployment Configuration Requirements

After application resources have been deployed under AWS account, all VIDIZMO components would need to be configured. To continue configuring these components, VIDIZMO team will need following information mentioned in sections ahead.


Domain Name

One of the components of VIDIZMO stack includes Web Application which is deployed on IIS web server. The web application acts as the main User Interface (UI) for the user to interact with the application.

This DNS domain would be mapped to the Application Gateway’s front-end public IP address. Customers will provide the DNS domain name and configure appropriate DNS records with their provider to create URL mapping for VIDIZMO Application. Please read article to learn more.


TLS Certificate for Web Application

To protect Web Application and encrypt data in transit, TLS certificate for the domain name provided must be deployed and configured in IIS (Internet Information Services) i.e. Web Server. This certificate will then be configured in the application and VIDIZMO’s main portal. 


SMTP

VIDIZMO application sends out emails to its users on various events based on the user’s actions. For it to deliver those emails, SMTP server is required to send out email notifications. 

This SMTP server would be configured in customer portal. The SMTP servers may have to whitelist VIDIZMO server relaying emails to them, which would be the responsibility of customers IT team.  The customer will supply SMTP configuration for VIDIZMO Application.


Post Deployment Configuration

This section provides information about post deployment configuration tasks. The following items are considered in the post deployment configuration phase.


License Key

After VIDIZMO is deployed, it must be activated before it can be used. VIDIZMO team would provide the license activation key to activate the software using a license key that would activate VIDIZMO components.


Content Storage & Encoder

Once Application components have been deployed, customer’s portal must be configured to use AWS Media Service and its encoder. To do that VIDIZMO provides a built-in mechanism, called Setup Wizard. This process requires the user running the setup wizard, to have an IAM role as an admin rights inside the AWS environment. 


SSO (Single-Sign On)

VIDIZMO application provides built in support for two SSO protocols, SAML P and a newer OIDC protocol. Between these two protocols, VIDIZMO can use almost any Identity Provider out there. It also provides built in apps for various SSO providers such as Azure AD, ForgeRock, Okta etc. 


Encoding Profiles

Once VIDIZMO is configured and deployed Encoding profiles specific for Customers will be configured and enabled. Encoding Profiles let users control how the content would be transcoded when someone uploads a new content. The encoding profiles include details such as resolution of the target video, bit rate and audio quality among other things. 


Scheduled Tasks Intervals

One of the VIDIZMO application component’s responsibility is to run various backend tasks that must be run after some interval. The time interval of these tasks can be tweaked as needed. 


CDN for Static Resources

VIDIZMO application can use CDN end point to serve static resources such as JavaScript, CSS and other files required for application to run properly. This way lot of traffic can be transferred to the CDN thus improving latency, speed and increasing the capacity of the main server.


Security Hardening 

VIDIZMO application will be hardened for security after the deployment has been completed. This typically involves tightening security in various layers of the application. 


VIDIZMO Portal

VIDIZMO provides built in security features that let you control how users can access the portal and who will be allowed to access it. These security policies include controlling portal as well as individual content. 

To read more about them, visit https://help.vidizmo.com/en/support/home.


Web Server

One of the core components of VIDIZMO application is the Web Application that resides in the Web Server, IIS. This is especially important since it becomes the gateway for the user the sole user interface to interact with the end user. This is also the only component that will be published on internet and hence needs special attention. 


Windows Server

All the components of VIDIZMO application would be deployed on the Windows Server that must be hardened like the Web Server. Hardening Windows Server includes doing bunch of tasks, some of the most important ones are briefly defined below.


What

Why

User Configuration

Protect user credentials by adding complexity, expiration, history, lockout of accounts/passwords

Network Configuration

Establish and protect communication by configuring IP, DNS, DHCP etc.

Features and Roles Configuration

Remove roles/features that aren’t required

Update Installation

Patches and vulnerability updates by configuring automatic update/patch installation

NTP Configuration

To avoid clock drifting

Firewall Configuration

To harden network communication

Remote Access Configuration

To protect against remote administration

Service Configuration

Disable/remove unwanted services to reduce exposure

Logging and Monitoring

Configuring Logging and Monitoring in case something does go wrong


Core Network

All the VIDIZMO resources will be hosted inside AWS VPC, which is why it’s necessary to add necessary security and protection to avoid any unwanted exposure on the internet. To do this VIDIZMO team will deploy AWS Web Application Firewall (aka WAF) to protect against vulnerabilities and exploits.

You can read more about WAF on https://aws.amazon.com/waf/#:~:text=AWS%20WAF%20is%20a%20web,security%2C%20or%20consume%20excessive%20resources.&text=The%20pricing%20is%20based%20on,web%20requests%20your%20application%20receives

Furthermore, VIDIZMO Team will configure VPC on Subnet level to only allow traffic for certain ports.


Database Encryption

All data including passwords, user profiles, and sensitive content information can be encrypted using AES256 and 3DES encryption.


AWS Storage Encryption

Amazon S3 default encryption provides a way to set the default encryption behavior for an Amazon S3 bucket. You can set default encryption on a bucket so that all objects are encrypted when they are stored in the bucket. The objects are encrypted using server-side encryption with either Amazon S3 managed keys (SSE-S3) or AWS Key Management Service (AWS KMS) customer master keys (CMKs).

For more information, see the article linked below:
https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingEncryption.html


Content Encryption

VOD as well as live content will be AES 128 encrypted. Every content will be encrypted using a unique key. This will provide added security for all the content in case a key is compromised. In such scenario, Administrators will be able to regenerate encryption key, ensuring continuous security.


Deployment Guidelines

This section explains VIDIZMO deployment process. The following options are available for deploying VIDIZMO in your AWS cloud environment:

  • Deploy VIDIZMO using manual step-by-step process.
  • Deploy VIDIZMO using AWS Marketplace.


Deploy VIDIZMO (manual step-by-step process)

This section explains manual deployment steps for deploying VIDIZMO in AWS cloud.


Pre Deployment Phase

This section provides information about prerequisite software which would need to be installed on database, web application and content processing systems.


Install prerequisites

You would need to install prerequisite software on database, web application and content processing systems.


Database Server

Download and install following software on your database server instance.

Note: If you are using Amazon RDS for hosting VIDIZMO databases, a separate database server instance will not be needed.

  • .NET Framework 4.8 (Download here: https://go.microsoft.com/fwlink/?LinkId=2085155)
  • SQL Server 2019 with following features:
    • Database Engine Services
    • Full-Text and Semantic Extractions for Search
    • SQL Client Connectivity SDK
  • SQL Server Management Studio

Note: .NET Framework requires restart, please make sure to restart server before moving forward.


Web Application Server

Download and install the following software on VIDIZMO web application server system.

Note: You would need to Unblock your downloaded executable files (.exe) prior to start installation. Right click the downloaded file > click properties > and check the box that says “Unblock”. Click Apply and Ok to confirm changes and close the properties dialog box.

  1. 7zip (Download here: https://www.7-zip.org/a/7z1900-x64.exe)
  2. .NET Framework 4.8 (Download here: https://go.microsoft.com/fwlink/?LinkId=2085155)
  3. .NET Core 2.2.8 (Download here: https://dotnet.microsoft.com/download/dotnet/thank-you/runtime-aspnetcore-2.2.8-windows-hosting-bundle-installer)

Note: .NET Framework requires restart, please make sure to restart server before moving forward.


Content Processing Server

Download and install the following software on VIDIZMO content processing server system.

Note: You would need to Unblock your downloaded executable files (.exe) prior to start installation. Right click the downloaded file > click properties > and check the box that says “Unblock”. Click Apply and Ok to confirm changes and close the properties dialog box.

  1. 7zip (Download here: https://www.7-zip.org/a/7z1900-x64.exe)
  2. .NET Framework 4.8 (Download here: https://go.microsoft.com/fwlink/?LinkId=2085155)
  3. Python 3.9.5 (Download here: https://www.python.org/ftp/python/3.9.5/python-3.9.5-amd64.exe)

Note: .NET Framework requires restart, please make sure to restart server before moving forward.


Download VIDIZMO application and database files

You would need to download and extract VIDIZMO application and database files. Below listed files will be available to you from the download link provided by VIDIZMO support team:

  • VIDIZMO.zip
  • Databases.zip


Note: You should turn off IE Enhanced Security and change Time Zone in Server Manager > Local Server before downloading application and database files.


Note: Additionally, you may download and install Google Chrome web browser for better web browsing and downloading experience.


Note: Once you download VIDIZMO app and database zip files, please make sure to Unblock the downloaded zip files before you extract. Right click the downloaded zip file > click properties > and check the box that says “Unblock”. Click Apply and Ok to confirm changes and close the properties dialog box.


Download and install SSMS (SQL Server Management Studio)

You would need to install SQL Server Management Studio before you can deploy VIDIZMO databases in Azure SQL.

  1. Download and install SSMS (SQL Server Management Studio), navigate to: https://docs.microsoft.com/en-us/sql/ssms/download-sql-server-management-studio-ssms?redirectedfrom=MSDN&view=sql-server-ver15 for downloading SSMS (SQL Server Management Studio).




Note: You may need to reboot the system after installing SQL Server Management Studio.

  1. When you have SSMS installed, open SSMS and use the downloaded database backup files that you extracted in previous section to restore VIDIZMO databases.



Enable Windows Firewall exceptions

Below are the windows firewall exceptions that would need to be enabled on the database, web app and content processing instances.


#

Description

Service

Port #

Protocol

Source

Destination

Direction

Action

1

Web

HTTP

80

TCP

Any

Application Server

Inbound

Allow

2

Web (Secure)

HTTPS

443

TCP

Any

Application Server

Inbound

Allow

3

Memcache

Memcache

11211

TCP

Any

Application Server

Inbound

Allow

4

Notifications

SMTP

25

Any

Application Server

Any

Outbound

Allow

5

VLMS

license.enterprisetube.com

443

TCP

Application Server

Any

Outbound

Allow


Deployment Phase

This section explains deployment steps for deploying VIDIZMO web application and content processing systems.


Deploy VIDIZMO Web Application Server

The application server system is responsible for servicing the front-end web application to end users. Below are the steps to configure VIDIZMO Web Application Server.


Extract Application Files

VIDIZMO team will provide Application files in compressed form (VIDIZMO.zip) that you will need to download and extract in your Application Server. In this example, we are using C: drive as the base location for VIDIZMO application files (C:\VIDIZMO): 

  1. Make sure to Unblock the downloaded zip file before you extract it. Right click the downloaded zip file, click properties from drop down menu to open properties, and check the box that says “Unblock”. Click Apply and Ok to confirm changes and close the properties dialog box. 
  2. Unzip and extract the folder named VIDIZMO.zip at the base location. If you see issues with file extraction, you may use 7zip to extract the files. 
  3. Wait until the extraction is completed. 


Install VIDIZMO services

The following are the list of all services that VIDIZMO Application Server uses: 

  • Caching Service: Used to manage application's Memcache for faster streaming and lower latency. 
  • Scheduler Service: Used to manage various clock-sensitive processes by refreshing the fetched results like analytics, reports, content purge.
  • Notification Service: Used to ping database for any changes that lead to an email alert generation.

Note: Before you start, make sure you have the latest .NET Framework 4.8.


Follow below steps to install VIDIZMO services on the web application server:

  1. Open command prompt with administrator rights.
  2. Execute below command in command prompt to display installed version of .NET Framework.
reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP\v4\full" /v version


Open command prompt and type following commands to install VIDIZMO services:

sc create VIDIZMOCaching binPath=C:\VIDIZMO\Application\Win\MemcachedService\VIDIZMOCaching.exe DisplayName=”VIDIZMO Caching”

sc create VIDIZMOScheduler binPath=C:\VIDIZMO\Application\Win\SchedulerService\VIDIZMOScheduler.exe DisplayName=”VIDIZMO Scheduler”

sc create VIDIZMONotification binPath=C:\VIDIZMO\Application\Win\NotificationService\VIDIZMONotification.exe DisplayName=”VIDIZMO Notification”

Note: In case of Memcached service, make sure you install VIDIZMOCaching.exe rather than memcached.exe.


Once you have VIDIZMO services installed on the web application server, you would need to change the startup type for VIDIZMO services to “Automatic”. Type below commands to change the startup type of VIDIZMO services to “Automatic”:

sc config VIDIZMOCaching start=auto

sc config VIDIZMOScheduler start=auto

sc config VIDIZMONotification start=auto 


After installing all VIDIZMO services, you need to change additional settings on scheduler service. This would enable the Scheduler Service to restart automatically.

  1. To do so, right click on VIDIZMOScheduler service and select Properties. 
  2. Go to Recovery tab and set the following recovery settings:


Install Web Server (IIS) 

You need to install Internet Information Services (IIS) that acts as the web server to host VIDIZMO website. Below are the steps to install and configure IIS:


Click on Windows start menu and then select Server Manager. 

On the Server Manager Dashboard, select Add roles and features. 

In Add roles and features wizard click next.



Select IIS installation type, leave “Role-based or feature-based installation” selected, and then click Next.



Select a server from the server pool and then click next.


From the Select server roles tab, select the checkbox next to Web Server (IIS).



A new window will popup that says, “additional features are required,” click the Add Features button to install these as well. Please make sure the server role “Web Server (IIS)” is selected and then click Next.



Select ASP.NET 4.7 as part of the installation.

 

On the Role Services screen, install the following role services:


  • Common HTTP Features 
    • Default Document 
    • Directory Browsing 
    • HTTP Errors 
    • Static Content 
    • HTTP Redirection 
  • Health Diagnostics 
    • HTTP Logging 
  • Performance 
    • Static Content Compression 
    • Dynamic Content Compression 
  • Security 
    • Request Filtering 
  • Application Development 
    • ASP.NET 4.7 
    • .NET Extensibility 4.7 
    • ISAPI Extensions 
    • ISAPI Filters 
    • WebSocket Protocol 
  • Management Tools 
    • IIS Management Console

 

Install URL Rewrite Module for IIS 

Download and install URL Rewrite Module for IIS on the application server. You may use Web Platform Installer to install the URL Rewrite Module. If you wish to directly download URL Rewrite for IIS, click HERE to download.


Note: You would need to restart IIS service (Server Manager > Tools > Services > Restart “W3SVC”) and close/reopen IIS Management console for new changes to take effect.


Import SSL certificate in IIS

Follow these steps to install an SSL certificate in IIS (Internet Information Services):

  1. First, you need to download and extract the certificate file that you have received from the Certificate Authority. Look for the file with the .pfx extension and save it to your server’s directory.
  2. From your keyboard, press Win +r and type “inetmgr” and click OK to open to the Internet Services (IIS) Manager. You can also launch the IIS manager via Start > Administrative Tools > Internet Information Services (IIS) Manager.
  3. On the left, you will find the Connections section. Select the server and double-click the “Server Certificates” icon from the home page.
  4. On the right, locate the Actions section and select “Import”. This would open the Import dialog.

  5. Select your certificate “under certificate file (.pfx)” box. Click on the dotted button (...) and navigate to the location where you have your certificate and then select certificate file.
  6. Enter the password for your .pf file in the password box. Click OK to confirm changes.


Deploy VIDIZMO Website in IIS

Create a website on your IIS server so that you can successfully browse and use the web application. Here is how you may do it: 

  1. Go to Start Menu and type in 'IIS' to launch your Server Manager.

  2. Expand your Server to view pools and sites and expand Sites to view all sites within.

  3. We will not require a default website and to stop servicing the port 80, we shall delete it. Right-click on Default Website and select Remove.

  4. Right-click Sites and select Add Website from the context menu.

  5. In the resulting screen, enter a name for your site such as "VIDIZMO".

  6. By default, an Application Pool of the same name will be created and associated with the site. 
  7. Under Content Directory, add the local folder location of the web application as the Physical Path: C:\VIDIZMO\Application\Web 
  8. Choose Type as https as per your DNS Settings and the SSL certificate. 
  9. Choose IP Address as All Unassigned. 
  10. Enter Port number as 443.
  11. Leave Host name as blank to resolve the site on the host name of your server. 
  12. Click Ok to create website.


Enable TLS 1.2 support

Please make sure to enable support for TLS 1.2 on the web application server system. Please follow below steps to enable TLS 1.2 via powershell:

  1. Open PowerShell with administrator rights.
  2. Execute the following PowerShell commands:
$TLS12Protocol = [System.Net.SecurityProtocolType] 'Ssl3 , Tls12'

[System.Net.ServicePointManager]::SecurityProtocol = $TLS12Protocol

 

Deploy VIDIZMO Content Processing Server

Content Processing and Encoding are hardware resource-consuming processes and are ideally suited for GPU based machines. A dedicated machine having GPUs, for this purpose improves the performance of the application more efficiently.


Extract Application Files

VIDIZMO team will provide Application files in compressed form (VIDIZMO.zip) that you will need to download and extract in your content processing server. In this example, we are using C: drive as the base location for VIDIZMO application files (C:\VIDIZMO): 

  1. Make sure to Unblock the downloaded zip file before you extract it. Right click the downloaded zip file, click properties from drop down menu to open properties, and check the box that says “Unblock”. Click Apply and Ok to confirm changes and close the properties dialog box. 
  2. Unzip and extract the folder named VIDIZMO.zip at the base location. If you see issues with file extraction, you may use 7zip to extract the files. 
  3. Wait until the extraction is completed. 


Install VIDIZMO services

The following are the list of services that the VIDIZMO Content Processing System uses:

Workflow Service: Used to manage various time-consuming processes by breaking them down into activities and managing them separately for better track of progress.

Scheduler Service: Used to manage various clock-sensitive processes by refreshing the fetched results like analytics, reports, content purge. This is a prerequisite to run the system.

Note: The Workflow service requires a “Cache” named folder inside C:\VIDIZMO\. Make sure you create the folder if it is not already in there.


Execute below command in command prompt to display installed version of .NET Framework.

reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP\v4\full" /v version


You need to install below services on your content processing server. Open command prompt and type following commands to install VIDIZMO services:

sc create VIDIZMOContentProcessing binPath= C:\VIDIZMO\Application\Win\WorkflowService\VIDIZMOWorkflowEngine.exe DisplayName=”VIDIZMO Content Processing”
sc create VIDIZMOScheduler binPath=C:\VIDIZMO\Application\Win\SchedulerService\VIDIZMOScheduler.exe DisplayName=”VIDIZMO Scheduler”

Once you have installed VIDIZMO services on the content processing server, you would need to change the startup type for VIDIZMO services to “Automatic”. Type below commands to change the startup type of VIDIZMO services to “Automatic”:

sc config VIDIZMOContentProcessing start=auto

sc config VIDIZMOScheduler start=auto

For Scheduler Service, you need to change additional settings. This would enable the Scheduler Service to restart automatically.


Right-click VIDIZMOScheduler service and select Properties. Go to Recovery tab and set the following recovery settings:



Enable TLS 1.2 support

Please make sure to enable support for TLS 1.2 on the content processing server system. Please follow below steps to enable TLS 1.2 via powershell:

  1. Open PowerShell with administrator rights.
  2. Execute the following PowerShell commands:
$TLS12Protocol = [System.Net.SecurityProtocolType] 'Ssl3 , Tls12'

[System.Net.ServicePointManager]::SecurityProtocol = $TLS12Protocol



NVIDIA Cuda Toolkit

The NVIDIA® CUDA® Toolkit is needed to support high performance GPU-accelerated applications. CUDA Toolkit supports deployment of your applications on GPU-accelerated embedded systems, desktop workstations, enterprise data centers, cloud-based platforms and HPC supercomputers.

The toolkit includes GPU-accelerated libraries, debugging and optimization tools, a C/C++ compiler, and a runtime library to deploy application on major architectures including x64, x86, Arm and POWER.

Cuda Toolkit version 10.1 is required for deployment of VIDIZMO content processing server. Please use the link below to download and install NVIDIA® CUDA® Toolkit version 10.1: https://developer.download.nvidia.com/compute/cuda/10.1/Prod/local_installers/cuda_10.1.243_426.00_win10.exe

Note: Please make sure your content processing system is GPU enabled prior to install NVIDIA Cuda Toolkit.


Install and configure Python

Python is the prerequisite for setting up the Content Processing Server System. Below are the steps to setup Python. Follow below steps to setup Python.

  1. Download and install Python version 3.8.4 (https://www.python.org/ftp/python/3.8.4/python-3.8.4-amd64-webinstall.exe).
  2. Unblock the downloaded executable. Right click on the exe file > Select Properties > Check Unblock > Click Apply button and OK to close the dialog.

  3. Open Python installer file as administrator (Run As Administrator).

  4. On Python installation screen, check the box “Add Python 3.8 to PATH” and click on Customize Installation.

  5. On the Optional Features screen, click Next to continue.

  6. On the Advanced Options screen, check the box “Install for all users” and click Install.

  7. Python installation will begin. Wait for the installation process to complete.

  8. When the installation is completed, click the close button to close the installer.

  9. Reboot your system for new changes to take effect.
  10. Open command prompt with administrative privileges. Click Start button > search for CMD > right-click Command Prompt > Click Run As Administrator.

You need to execute below commands in Command Prompt (in step-by-step order).


Set path for the Workflow Service:

setx /M PATH "%PATH%;C:\VIDIZMO\Application\Win\WorkflowService\Configuration\ffmpeg\bin" 


Change current path location to GPS Extractor library to install Python there:

cd C:\VIDIZMO\Application\Win\WorkflowService\Configuration\libs\GPSExtractor


Upgrade pip to the latest version by entering the following command:

python -m pip install --upgrade pip


Install required Python package named 'dateutil' using the following command:

pip install python-dateutil


Install the telemetry-kit which is an open-source package for extracting and parsing telemetry associated with video streams and converting to common formats. It is parsed to extract information within a video related to GPS, time, camera information, speed, etc.

pip install open-telemetry-kit


Install Python requirements – In Command Prompt, navigate to following location:
C:\VIDIZMO\Application\Win\WorkflowService\Configuration\VidizmoIndexerPY

CD C:\VIDIZMO\Application\Win\WorkflowService\Configuration\VidizmoIndexerPY


Type following in command prompt and press Enter to execute.

pip install -r requirements.txt


In command prompt, navigate to following location:

C:\VIDIZMO\Application\Win\WorkflowService\Configuration\VidizmoRedactionPY

CD C:\VIDIZMO\Application\Win\WorkflowService\Configuration\VidizmoRedactionPY


Type following in command prompt and press enter in your command prompt.

pip install -r requirements.txt


Establish Database Connection

This section provides information about creating database connection used by Web Application and Content Processing servers.

Note: This step does not setup or load database in the database server, but is only meant to setup connection information of the databases


 Starting from the Web Application Server perform following steps to configure database connection.

  1. Open the database connection tool by navigating to C:\VIDIZMO\Resource\DBConnectionSetup\ DBConnectionSetup.exe. Please see below:

  2. Select ‘VIDZIMO Application Database’ under ‘Connection’. This is to configure VIDIZMO’s main database used to serviceer the application and all components.
  3. Enter Server Name FQDN or IP address of the Database server where you have database restored already and Provide Credentials.
  4. Click on the drop down to see the list of Databases Available to choose from. If databases don’t show upup, then there’s some problem with the connection.
  5. Now repeat the process for ‘VIDIZMO Notification Database’ and select the appropriate database. 


Note: Once both the databases have been setup, repeat the steps above for Content Processing Server.


Post Deployment Phase

Below tasks would need to be completed in the post deployment phase.


VIDIZMO license activation

In this section, we explain the process of license activation for both Application and Content Processing server systems:

Note: Once the web application and content processing systems are deployed, you navigate to your VIDIZMO portal website and it will display the license activation web page. Here you would need the license activation key or license file for activation of your VIDIZMO software.


Follow below steps to complete license activation on both web application and content processing systems: 

Note: You should follow below steps in sequence (chronological order).

  1. Open web browser and navigate to “localhost”. You will automatically land on the software activation webpage.

  2. VIDIZMO team shall provide the License Keys needed to activate the web application and content processing systems.
  3. Activate your web application by entering the License Key or uploading the License file provided to you by the VIDIZMO team:
    1. Enter license key or provide the license file to activate web application. You will see “License Activated Successfully” after a successful activation.
    2. Restart “VIDIZMO Scheduler” service on the content processing server (Server Manager > Tools > Services > VIDIZMO Scheduler > right-click and select restart from drop-down menu).
    3. Open “localhost” in your web browser and sign-in on your VIDIZMO DEM portal website.
    4. Click navigation menu and go to Control Panel > Dashboards and click the edit button next to on your content processing server hostname which should be in pending state.
    5. Enter your license key or provide the license file to activate the content processing server.



Update Cache Servers List

Once the license activation is completed, open your portal website, and sign-in with your admin user account. When you are logged in, please follow below steps:

  1. Click on navigation menu and then go to Control Panel > Application Configuration > Cache. 
  2. You will need to update the local IP Address of the web application server in the Server List. Below is the example the screenshot.



VIDIZMO DNS Domain Configuration

VIDIZMO web application would need DNS Domain configuration to service its web URLs. You would need to configure official domain as per your organization domain name and tenant sub-domain URLs.

Official Domain

Defines the main domain of the VIDIZMO application under which all the portals domain will be configured. For example, if the domain defined here is abc.com, then the portal can be created using portal1.abc.com and so on. 

  1. On your portal website, click navigation menu > control panel > application configuration > domains and URLs > Official Domain.
  2. Enter your organization domain name here and click Update.


Deploy VIDIZMO from AWS Marketplace

This section explains step-by-step procedure for deploying VIDIZMO using AWS Marketplace.


Below is the step-by-step process for deploying VIDIZMO from AWS Marketplace:


Login on your AWS management console. Navigate to https://aws.amazon.com/console/ to login to AWS management console.



Once you are logged in, navigate to https://aws.amazon.com/marketplace and search "VIDIZMO". You will see following VIDIZMO products for deployment in your AWS environment.



Click the VIDIZMO product that you wish to deploy in your AWS environment. In this example, we are using "VIDIZMO EnterpriseTube Standard - PAYG" for deployment.




Click "Continue to Subscribe" to subscribe for VIDIZMO EnterpriseTube Standard - PAYG. Please see below screenshot.



Click "Continue to Configuration" to proceed to the next step.



Select your "Delivery Method", "Software Version" and "Region" and click on "Continue to Launch" to proceed to the next step.



Review your configuration details and click the "Launch" button to launch the VIDIZMO deployment in your AWS cloud environment.



Step-1: Specify a Template - Here under Prepare Template, leave the option select to "Template is ready". Under Template Source, leave the option selected to "Amazon S3 URL". Click Next to proceed to the next step.



Step-2: Specify stack details - Specify a stack name and fill following sections under Parameters.

  • Network Configuration
  • Amazon EC2 Configuration
  • Customer Information

Click Next (at the bottom) once you are done filling information under Parameters section.



Configure your Stack options on the next page and click Next to proceed to the next step.



Review your Stack configuration and click "Create Stack" (at the bottom) to start your VIDIZMO deployment.



You may click "Create change set" to make changes to your existing stack configuration.



System Health Diagnostics

This section explains steps for checking health of the system. Before we start working on the health check related items, it is important to understand VIDIZMO software components that operate altogether to provide a fully functional software solution.


Application architecture and components

VIDIZMO application is highly modularized application broken down into multiple components. These components are developed in different technologies however, a bulk of them is developed in .NET framework.

 

Each component has a specific role and purpose that it must perform for the entire system to function. Because of the componentized nature of application, it becomes easier to configure, control and modify the flow of the application based on customer’s requirements.

 

Here is a conceptual diagram of major components involved that together make up VIDIZMO stack.



Web Application

One of the components of VIDIZMO stack includes Web Application, which is deployed on IIS web server. The web application acts as the main User Interface for the user to interact with the application. VIDIZMO web application user interface provides a platform with all the tools necessary for EVCM (Enterprise Video Content Management) system.


Workflow Service

Workflow Service is used to manage various time-consuming processes by breaking them down into activities and managing them separately for a better track of progress. Examples of such processes including Transcoding, AI processing etc.


Scheduler Service

Scheduler Service is used to manage various clock-sensitive processes by refreshing fetched results like analytics, reports, and content purge.


Notification Service

Notification Service is used to ping databases for any changes that lead to an email alert generation. It is also used for sending out email notifications to users.


Caching Service

The caching service is used to manage application's memcache. Memcache temporarily stores all data that is frequently requested from the database to provide faster application processing and lower latency.


Health Diagnostics Checklist

Below is the check-list of items considered for reviewing system health.


URL Accessibility

Check if you can access the web application by navigating in your web browser. You may consider adding HTTP check in your existing alerting system or a network monitoring system to keep track of website uptime and downtime as needed.


Server Utilization

Check and verify utilization of your server hardware to look for any performance based bottlenecks. You can check follokwing items on your server system to keep track of hardware resource utilization.

  • CPU usage
  • Memory usage
  • Disk (I/O) usage
  • Network usage


Process Status

All VIDIZMO components work together in form of processes which run in the background for the software solution to operate normally. You should periodically check the status of VIDIZMO services, the following VIDIZMO services should be in running state.

  • VIDIZMOWebApplication.exe
  • VIDIZMOCaching.exe
  • VIDIZMOWorkflowEngine.exe
  • VIDIZMONotification.exe
  • VIDIZMOScheduler.exe


Event Logs

VIDIZMO application registers its event source as "Vidizmo Web" to provide application related logs in events viewer. The logging level is configured to capture error messages produced by VIDIZMO application. Other than Vidizmo Web as your event source, your may find VIDIZMO service related information, warning and/or error messages that contribute to your troubleshooting and health diagnostic procedures.


Security Assessment

Perform periodic security checks on your VIDIZMO web application and make sure the security settings comply to industry standard OWASP security rules. Well known security expoits include Cross-site Scripting, SQL Injection, etc. You may use NMAP security assessment and vulneribility testing to perform periodic security checks.


SSL Certificate

Check and verify the SSL certificate for nearby expiration date. You should check the SSL cert that is tied to your website URL. Nearby expiration should immediately addressed because cert expiration can take down all HTTPS transmissions and could cause accessibility issues on the website.


Connectivity Test

Ensure availability of web and database services. Perform connectivity test on periodic basis to test external connectivity to web application and your database system, you may use below tooling to conduct connectivity test on web app and database engine.

  • TELNET (for connecting to host)
  • Wget/cURL (for connecting to HTTP/HTTPS)
  • Database connection pool
  • MQ (Message Queue) channel status


Business Continuity

As mentioned earlier, VIDIZMO consists of web application and database systems. To enable backup protection and disaster solutions, you would need to protect both application and database server systems.


Backup and Restore

To enable backup protection on VIDIZMO application and database systems, please see below information:


Web Application (Web Server)

This section provides information about backup and restore procedures for the web application server.


Backup your web server

VIDIZMO uses IIS (Internet Information Service) as the web server to host VIDIZMO website. Backup of website data and configuration running on IIS consists of several steps:

  • Backup of website files (VIDIZMO website files are typically stored in %SystemDrive% \VIDIZMO). This directory must be included to the backup plan to create its copy using backup tools or your own scripts
  • Backup (export) of current IIS certificates (you can get the list of SSL certificates on the server using this command: netsh http show sslcert)
  • Backup of IIS configuration (settings)

Reference: https://docs.microsoft.com/en-us/troubleshoot/aspnet/back-up-configuration-files


Restore your web server

To restore your recent web server backups, the following items would need to be restored:

  • Restore of website files (VIDIZMO website files are typically stored in %SystemDrive% \VIDIZMO).
  • Restore (import) of current IIS certificates.
  • Restore of IIS configuration (settings).

Database Server (SQL Server)

This section provides understanding about backup and restore procedures for SQL server system.


Backup your VIDIZMO database

VIDIZMO databases are hosted in SQL server system. You can schedule automated backups in SSMS (SQL Server Management Studio).


Reference: https://docs.microsoft.com/en-us/troubleshoot/sql/admin/schedule-automate-backup-database


Restore your VIDIZMO database

You would need to manually perform steps to restore your database backup from an earlier point-in-time backup.


Reference:


Backup Frequency (Example Backup Policy)

How often you backup your databases? It depends on how large your databases are, how important your data is and how frequently updates are commited to your databases. Here's an example backup policy (applies as a standard practice):


Backup Policy-1

Type: FULL

Frequency: 24-hours


Backup Policy-2

Type: Differential

Frequency: 3-hours


RPO (Recovery Point Objective)

RPO is about how much data you afford to lose before it impacts business operations. The RPO timeline is based on the type of backup policy that is implemented on VIDIZMO system.


RTO (Recovery Time Objective)

RTO is the timeframe within which application and systems must be restored after an outage. The RTO timeline is based on the type of backup policy that is implemented on VIDIZMO system.


DRP (Disaster Recovery Plan)

You can setup a DR site with identical systems for servicing website operations when primary site is down. You can move your web traffic towards your DR site when your primary site is temporarily down or under maintenance. VIDIZMO support on-premise dual server HA + DR deployment options.


Reference: https://help.vidizmo.com/support/solutions/folders/17000136108


VIDIZMO Software Upgrade

VIDIZMO Software Update and Upgrade mechanism is generally a simple and straightforward process. However, in case of dedicated deployments where other enterprise systems may be integrated such as Active Directory, SharePoint, LMS, etc. or where there is a considerable impact of change, it may result in unwanted or unexpected results. Thus, VIDIZMO recommends its enterprise customers to implement a separate staging environment where these changes can be tested and accepted via coordinated UAT (User Acceptance Testing) efforts before being rolled out into a production environment.


Software Update Frequency

VIDIZMO software “Patch” is normally rolled out when software bug(s) have been identified that are either “Critical’ or “Showstoppers” in nature. Such bugs might cause normal operations of software to cease. In such cases, VIDIZMO team quickly resolves the bug with either a temporary or a permanent fix and releases a software Patch to be installed on VIDIZMO instances. Patch release frequency is not predefined since patches are released depending upon the nature of the situation. However, based on past experiences, VIDIZMO may need to roll out a “Patch” once in a year.

A VIDIZMO software “Update” typically bundles together multiple “low” or “medium” severity bugs and/or minor improvements in the features or the working of the software. These updates are normally scheduled and planned ahead of their release dates. The frequency of such an update to be rolled out is every 2-3 months.

The identification and notification of bugs or software changes can either be performed by internal VIDIZMO teams including QA, development, and technical support during normal operations, or the customers and their end users during regular use of the VIDIZMO software. In such a  case end users typically reach out to VIDIZMO support teams. Each reported issue is given an extensive drill down by VIDIZMO teams to determine whether its resolution requires a patch or an update. A representation of VIDIZMO’s tiered support model is given below for reference.



Update Management

VIDIZMO software has a built-in VIDIZMO Update Service (VUS) that allows IT Administrators to schedule automatic installation of updates on specified times or download updates only without installing them if the update is to be installed manually at any time.

This component is responsible for routinely checking for any new updates and installing them automatically on VIDIZMO servers. VUS will check for new updates or patches from time to time by connecting to central VIDIZMO update servers (enterprisetube.com and vidizmo.com). Based on the version installed and customer’s license privileges, VUS automatically downloads any pending “Updates” or “Patches". IT administrators can define the action to be taken by the VUS once the software updates or patches are delivered. These actions include “Download & Install” or “Download Only.”

If the IT admin selects “Download & Install,” they can further configure the scheduled date and time for the automatic installation of the new updates. These options are available under System Configuration >> App Config >> Scheduled Tasks tab.

IT Administrators can also configure the local storage location where the updates are downloaded and stored by the VUS.


Compatibility with Windows Update & Other Update Management Systems

VIDIZMO patch and update builds are released in the widely used MSI format (Windows Installer) which makes it easier to be controlled and pushed using organization’s standard Update Management systems. This makes it convenient for the IT staff to download the installer and push it out using their choice of system (such as Microsoft System Center) which may have greater control over update and installation process.


Infrastructure Maintenance

As part of our managed services, VIDIZMO team provides end to end maintenance of underlying infrastructure including Windows operating system and SQL server maintenance. The team follows the enterprise IT policy to install any patches, updates or upgrades as required by the customer. For any hardware and network related issues in the cloud or customer data centers, VIDIZMO team coordinates with the service provider to resolve those issues.


VIDIZMO License Management

VIDIZMO Licensing is based on the deployment model. Each plan includes enough storage, bandwidth, encoding and streaming bandwidth suitable for the purchased plan. The customer has the option to add users, storage, encoding and bandwidth as desired. Artificial Intelligence features such as Machine transcription are also available as an optional feature.


Under Dedicated deployments including Customer's Cloud or On-Premises, VIDIZMO software is licensed as follows:


  • Base Server Software License - (cost varies by product type i.e. MediaTube, EnterpriseTube, Virtual Academy) and number of Portals.
  • User/Client Access Licenses also known as CAL - (Registered and Active User Models are also available. Cost also varies by the product type).
  • Setup & Configuration (One Time).
  • Standard Support is included, however, the customer has the option to purchase Premier and Premier Plus Support
    Optional Add-Ons (such as eCDN, VIDIZMO SharePoint Video App.
  • A customer interested in dedicated deployment can deploy easily all VIDIZMO Solutions from Microsoft Azure & AWS Marketplaces.
  • A customer chooses a dedicated deployment model for various reasons, including but not limited to, more control over privacy, security, compliance, software upgrade/release cycle, and control variable cloud consumption costs.
  • We license on-premise and private cloud software on annual subscription.

VIDIZMO SaaS model is licensed on a Yearly Software Subscription plan, dedicated deployments typically require a 3-year licensing plan. Perpetual license is also available under a dedicated deployment model. Standard Support is available throughout the licensed period. To learn about support options, please visit https://www.vidizmo.com/support/support-plans/


VIDIZMO Support Model

VIDIZMO offers the following support models:


VIDIZMO Fully Managed

VIDIZMO team installs, manages, and maintains VIDIZMO Software on either VIDIZMO's shared Azure Cloud, in the customer’s cloud (under Bring Your Own Cloud Model) such as Microsoft Azure or On-Premises. VIDIZMO team provides 1st, 2nd, and 3rd tier support on a fully managed yearly software as a subscription model.


VIDIZMO Managed

VIDIZMO team installs all software, provides quarterly and yearly software upgrades, as well as 2nd tier and 3rd tier support. 1st tier support is provided by Customer IT.


Customer Managed

VIDIZMO team provides software to the Customer’s IT. Customer’s IT installs, updates and supports software in 1st and 2nd tier support. VIDIZMO provides some 2nd and all 3rd tier support and all/any software updates. VIDIZMO does not have access to the installed software.

For more details on the tiered support model and multiple support SLAs offered by VIDIZMO, please visit the following links: http://www.vidizmo.com/support/tiered-support/.


Enterprise Support Policy

Normally, our support is avaiable Monday thru Friday between 9 AM EST to 6 PM EST. Emergency support staff is available outside of normal working hours for customers on contract basis.


To receive support for your VIDIZMO software deployment, please contact support@vidizmo.com.


--End of document--