Professional Documents
Culture Documents
Standalone Deployment
PN: 10-00430-01-03
Encoding On-demand mS v12 ii
Standalone Deployment
Contents
Chapter 1 1 Overview.................................................................................................................... 4
1.1 Deployment overview....................................................................................................................................5
Chapter 2 2 Prerequisites..............................................................................................................7
2.1 Browser Compatibility....................................................................................................................................8
2.2 Hosts prerequisites.......................................................................................................................................... 9
2.2.1 Minimal resources for MediaKind Controller server(s)........................................................9
2.2.2 Recommended resources for MediaKind applications servers........................................9
2.2.3 Minimal resources for MediaKind applications servers....................................................10
2.3 Operating System prerequisites...............................................................................................................11
2.3.1 Versions and compatibility......................................................................................................... 11
2.3.2 Linux update....................................................................................................................................11
2.3.3 Antivirus.............................................................................................................................................11
2.3.4 Security-Enhanced Linux.............................................................................................................11
2.3.5 Firewall............................................................................................................................................... 12
2.3.6 HTTP Proxy....................................................................................................................................... 12
2.3.7 Host Names...................................................................................................................................... 12
2.4 Network Configuration................................................................................................................................13
2.4.1 Improve network interfaces high availability (NIC teaming)..........................................13
2.5 MediaKind security model and zoning................................................................................................. 14
NOTE The distributed mode can also be deployed with 2 dedicated license management servers
(see Controller installation guide)
Chapter Encoding On-demand mS v12 6
1 Overview - 1.1 Deployment overview Standalone Deployment
Available resources
Context Description
Deployment from An installation guide is available for the following deployment
scratch contexts:
• Standalone deployment Mode
• Compact deployment Mode
• Distributed Deployment Mode
Upgrade of existing An upgrade guide is available to upgrade from the version currently
deployed solution deployed to the latest version:
• Upgrade guide - all modes
2 Prerequisites
Chapter Encoding On-demand mS v12 8
2 Prerequisites - 2.1 Browser Compatibility Standalone Deployment
IMPORTANT In order to guarantee server high availability, we recommend you to dedicate and team two
physical network interfaces for the management network via one logical network interface.
Refer to: Improve network interfaces high availability (NIC teaming) on page 13.
* The version to use depends on the MediaKind applications that need to be supported.
IMPORTANT • In standalone mode, the CentOS version deployed on the server must be compatible
with the recommended (or supported) versions of both MediaKind Controller and
MediaKind application to install.
• In compact mode, the CentOS version deployed on both controllers must be compatible
with the recommended (or supported) versions of both MediaKind Controller and
MediaKind application to install.
2.3.3 Antivirus
Uninstall all antivirus services from all the servers of the solution to avoid performance failures or
unexpected software behaviors.
NOTE The product setup script automatically configures the Security-Enhanced Linux settings.
Chapter Encoding On-demand mS v12 12
2 Prerequisites - 2.3 Operating System prerequisites Standalone Deployment
2.3.5 Firewall
Activate the Linux Server Firewall if disabled in order to access ports required during installation. Ports:
8080 for the UI, or 80 for light SOAP bridge and 8443 for https.
NOTE The product setup script automatically configures the firewall settings.
ATTENTION During the deployment of the system, the last octet of the VIP is used as the Virtual Router
Redundancy Protocol (VRRP). Therefore the last octet used by the VIP MUST be unique,
and no other device in the network can use the same last octet.
For example, if VIP is 10.86.84.239, 239 must be excluded from the last digit of all the
devices in the network.
NOTE In case of distributed deployment, all the network interface names of all the servers must be
the same subnetwork.
• Untrusted zone is a public zone entirely open and includes public network such as the public
Internet. Restrictions and requirements are difficult or impossible to place or enforce in this zone
because it is generally outside the control of the customer. The untrusted zone is considered to be
extremely hostile.
• Semi-trusted zone is public access zone that mediates between the customer’s trusted zone and the
untrusted zone. Typically, this zone implements corporate Web/Proxy servers, Domain Name Service,
external Mail servers, remote access, and extranet gateways. It is often referred to as a demilitarized
zone (DMZ). The semi- trusted zone is considered to be hostile.
• Trusted zone is an operational zone, a standard environment for routine customer operations, and
where most corporate user systems and work group servers are installed. In general, with appropriate
security controls, this zone may be suitable for processing some sensitive data; however, this zone is
customarily unsuitable for large repositories of sensitive data or critical applications without adequate
strong trustworthy security controls.
• Restricted zone is a controlled zone suitable for business-critical services or large repositories of
sensitive data. It supports access from systems in the semi-trusted zone.
Each security zone is delimited by a trust boundary:
• Trust boundaries provides network interface across a zone to adjacent zone. Trust boundaries are the
logical construct describing the controlled interfaces connecting zones. Trust boundaries enforce zone
data communication policy through perimeter security measures. Trust boundaries control inbound
data communication; implement security policy of their respective zone; and all data communication
must be through a trust boundary. Trust boundaries can be accomplished using a single component
Chapter Encoding On-demand mS v12 15
2 Prerequisites - 2.5 MediaKind security model and zoning Standalone Deployment
or a combination of components such as load balancer, firewall, intrusion detection system (IDS),
intrusion prevention system (IPS), access control list (ACL) and routers.
3 Quick Deployment Procedures
Chapter Encoding On-demand mS v12 17
3 Quick Deployment Procedures - 3.1 Quick Deployment Procedures Standalone Deployment
# mkdir -p /tmp/<directory_name>
# tar -xvf Eri-xx-xxxxxx-xx-xx-MFVP-controller-v.x.y.z.el7.x86_64.tar.gz -C /tmp/<directory_name>
# cd /tmp/<directory_name>
# ./install.sh
3. Synchronize NTP.
4. Configure MediaKind Controller:
# rm -rf /tmp/<directory_name>
3. Manage certficate and configure Log Manager depending on your deployment context (with custom
certificates or auto-generated certificates).
• Deployment with custom certificates
a. Copy the trusted certificate files (.crt and .key) used available in your environment and generated
according to PEM (RFC 1421 to 1424) format standards, to the standalone server under /etc/ssl/
certs .
b. Configure Log Manager:
RESTRICTION Certificates generated with the provided script “generate_certificate.sh” are self-
signed and are created with an expiration date set to "current date + 10 years".
This deployment mode installs both the controller and the licensing management system on the same
host. The Licensing control is based on locking codes generated on Controller host(s).
A locking code relies on hardware specific criteria, such as Mac address, hostname, or UUID. Any post
deployment change of one of these criteria will result in invalid licenses.
# mkdir -p /tmp/<directory_name>
# tar -xvf Eri-xx-xxxxxx-xx-xx-MFVP-controller-v.x.y.z.el7.x86_64.tar.gz -C /tmp/<directory_name>
# cd /tmp/<directory_name>
# ./install.sh
Result:
The installation completes and the following message displays:
Complete!
Chapter Encoding On-demand mS v12 21
4 Deployment Procedures - 4.1 Deploying MediaKind Controller on your standalone Standalone Deployment
server
2. Update the NTP configuration file on the first server with the NTP IP address:
# vi /etc/ntp.conf
# server [ntp_ip_address]
3. Restart the NTP service on each server with the following commands:
5. Check the server synchronization with the NTP server with the following commands:
# ntpstat
6. Edit time zone Only if time is not currently set to the expected timezone, otherwise, skip to the
next step in this procedure.
NOTE Editing the time zone depends on your geographic location.
# cd /etc
# rm localtime
# ls /usr/share/zoneinfo/
# ln -s /usr/share/zoneinfo/[expected_time_zone] localtime
# date
Mandatory parameters
Result:
The configuration completes and the following message displays:
ntp is synchronized
3. When the Login page displays: Enter your username and password.
# rm -rf /tmp/<directory_name>
Chapter Encoding On-demand mS v12 24
4 Deployment Procedures - 4.2 Deploying Log Manager on your standalone server Standalone Deployment
Optional
3. Enter the following command to check that the installation is completed and the docker service is
enabled:
enabled
IMPORTANT Expiration of the validity date of a certificate will not block the encoding processes but will
prevent jobs logs to be collected and displayed in the UI.
Mandatory Parameters
Optional Parameters
RESTRICTION Certificates generated with the provided script “generate_certificate.sh” are self-signed and
are created with an expiration date set to "current date + 10 years".
IMPORTANT Expiration of the validity date of a certificate will not block the encoding processes but will
prevent jobs logs to be collected and displayed in the UI.
1. Enter the following command to generated Log Manager self-signed certificates:
Mandatory Parameters
Mandatory
Optional
ericsson-encoding-on-demand-standalone-configuration Successful
The last command allows user change to take effect for MediaKind Encoding On-Demand.
1. Open an SSH session as a root user.
2. Enter the following command to create the directory where the remote server location is to be
mounted.
# mkdir -p /opt/mfvp/mnt/LocalDirectory/Storage
4. Retrieve the [uid_value] and [gid_value] of the Ericsson user with the following commands:
# id ericsson
5. Mount the remote server on the newly created local directory by editing the file /etc/fstab
# vi /etc/fstab
Chapter Encoding On-demand mS v12 33
5 Post deployment procedures - 5.1 Configure mount points Standalone Deployment
8. Use the command lines (#) below to test the mount point by creating a mount.test file in /opt/mfvp/
mnt/LocalDirectory/Storage.
# cd /opt/mfvp/mnt/LocalDirectory/Storage
# ls /opt/mfvp/mnt/LocalDirectory/Storage
Chapter Encoding On-demand mS v12 34
5 Post deployment procedures - 5.1 Configure mount points Standalone Deployment
9. Return to the application and create a job using settings for either option 1 or option 2.
Option 1: using remote location (URL beginning with file://)
a. Input: file://RemoteServer/Storage/CustomInputFileName.ts
b. Output: file://RemoteServer/Storage
Option 2: Using local directory (URL beginning with file:///)
a. Input: file:///opt/mfvp/mnt//LocalDirectory/Storage/CustomInputFileName.ts
b. Output: file:///opt/mfvp/mnt/LocalDirectory/Storage
Chapter Encoding On-demand mS v12 35
5 Post deployment procedures - 5.2 Allow LDAP users to access Controller user Standalone Deployment
interface
[ldap]
server_uri = ldap://fr-my.companydomain.com:389
bind_dn = CN=apache,OU=COM,OU=Sites,DC=companydomain,DC=com
bind_pwd = ********
search_dn = OU=COM,OU=Sites,DC=companydomain,DC=com
username_field = sAMAccountName
firstname_field = givenName
lastname_field = sn
start_tls = False
ca_certificate_file = /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
cipher_suite = kEECDH+aECDSA+AES:kEECDH+AES+aRSA:kEDH+aRSA+AES:-SSLv2:-SSLv3:-TLSv1:-TLSv1.1
ca_certificate_file Location of the CA certificate file used to verify the LDAP server’s
certificate when using TLS or LDAPS
cipher_suite Open SSL-format string defining the list of ciphers to use for TLS
communication
# update-ca-trust extract