MKD 10 00456 01 02 EncodingOnDemand Compact InstallationGuide - v12 - RA PDF

Video Processing
Encoding On-demand mS v12
Compact Deployment
PN: 10-00456-01-02
Encoding On-demand mS v12 ii
Compact Deployment
Contents
Chapter 1 1 Overview.................................................................................................................... 4
1.1 Deployment overview....................................................................................................................................5
Chapter 2 2 Prerequisites..............................................................................................................7
2.1 Browser Compatibility....................................................................................................................................8
2.2 Hosts prerequisites.......................................................................................................................................... 9
2.2.1 Minimal resources for MediaKind Controller server(s)........................................................9
2.2.2 Recommended resources for MediaKind applications servers........................................9
2.2.3 Minimal resources for MediaKind applications servers....................................................10
2.3 Operating System prerequisites...............................................................................................................11
2.3.1 Versions and compatibility......................................................................................................... 11
2.3.2 Linux update....................................................................................................................................11
2.3.3 Antivirus.............................................................................................................................................11
2.3.4 Security-Enhanced Linux.............................................................................................................11
2.3.5 Firewall............................................................................................................................................... 12
2.3.6 HTTP Proxy....................................................................................................................................... 12
2.3.7 Host Names...................................................................................................................................... 12
2.4 Network Configuration................................................................................................................................13
2.4.1 Improve network interfaces high availability (NIC teaming)..........................................13
2.5 MediaKind security model and zoning................................................................................................. 14
Chapter 3 3 Quick Deployment Procedures..............................................................................16

3.1 Quick Deployment Procedures.................................................................................................................17
3.1.1 Security information..................................................................................................................... 17
3.1.2 Deploying MediaKind Controller..............................................................................................18
3.1.3 Deploying Log Manager..............................................................................................................19
3.1.4 Deploying MediaKind Encoding On-Demand.....................................................................20
Chapter 4 4 Deployment Procedures.........................................................................................22

4.1 Introduction to compact deployment...................................................................................................23
4.2 Security information.....................................................................................................................................25
4.3 Deploying MediaKind Controller on both Controller servers....................................................... 26
4.3.1 Install MediaKind Controller and License manager on Controller 1............................26
4.3.2 Synchronize NTP.............................................................................................................................26
4.3.3 Configure MediaKind Controller on Controller 1............................................................... 27
4.3.4 Install MediaKind Controller and License manager on Controller 2............................29
4.3.5 Synchronize NTP.............................................................................................................................29
Encoding On-demand mS v12 iii
Compact Deployment
4.3.6 Configure MediaKind Controller on Controller 2............................................................... 30

4.3.7 Check the MediaKind Controller deployment on both controllers............................. 32
4.4 Deploying the arbiter server for Controller redundancy................................................................ 34
4.4.1 Install the arbiter components on the server......................................................................34
4.4.2 Synchronize NTP.............................................................................................................................35
4.4.3 Configure the arbiter server.......................................................................................................36
4.5 Deploying Log Manager on both Controller servers....................................................................... 37
4.5.1 Install Log Manager on Controller 1....................................................................................... 37
4.5.2 Configure Log Manager with custom certificates..............................................................38
4.5.3 Configure Log Manager with auto-generated certificates............................................. 40
4.5.4 Install and configure Log Manager on Controller 2.......................................................... 41
4.5.5 Check the Log Manager deployment on both Controllers.............................................42
4.6 Deploying MediaKind Encoding On-Demand on both Controller servers...............................43
4.6.1 Install MediaKind Encoding On-Demand elements on both Controllers.................. 43
4.6.2 Configure MediaKind Encoding On-Demand on both Controllers..............................44
4.6.3 Check the MediaKind Encoding On-Demand deployment on both
controllers...............................................................................................................................................44
4.7 Deploying MediaKind Encoding On-Demand on the pool of servers....................................... 45
4.7.1 Security information..................................................................................................................... 45
4.7.2 Install MediaKind Encoding On-Demand elements on each server............................46
4.7.3 Synchronize NTP.............................................................................................................................46
4.7.4 Configure MediaKind Encoding On-Demand on each server....................................... 47
4.7.5 Check the MediaKind Encoding On-Demand deployment on your pool of
servers......................................................................................................................................................48
Chapter 5 5 Post deployment procedures.................................................................................49

5.1 Configure mount points............................................................................................................................. 50
5.2 Allow LDAP users to access Controller user interface......................................................................53
5.3 Install Security Package...............................................................................................................................55
1 Overview
Chapter Encoding On-demand mS v12 5
1 Overview - 1.1 Deployment overview Compact Deployment
1.1 Deployment overview

Standalone Deployment
• One SINGLE server hosts Controller and Encoding On-Demand

• No redundancy
• Typical use: Lab functional tests
Compact deployment (from 3 to 15 servers)
• 2 redundant servers host Controller and Encoding On-Demand for HA.

• Up to 13 other servers dedicated for Encoding On-Demand Processing.
• Typical use: Production, medium sizing
Distributed Deployment (from 3 to 150 servers)
• 2 redundant servers host Controller for HA.

• Up to 150 Servers dedicated for Encoding On-Demand Processing
• Typical use: Production, large sizing
NOTE The distributed mode can also be deployed with 2 dedicated license management servers
(see Controller installation guide)
1 Overview - 1.1 Deployment overview Compact Deployment
Available resources
Context Description
Deployment from An installation guide is available for the following deployment
scratch contexts:
• Standalone deployment Mode
• Compact deployment Mode
• Distributed Deployment Mode
Upgrade of existing An upgrade guide is available to upgrade from the version currently
deployed solution deployed to the latest version:
• Upgrade guide - all modes
2 Prerequisites
2 Prerequisites - 2.1 Browser Compatibility Compact Deployment
2.1 Browser Compatibility

Certain browsers are recommended for optimal use.
MediaKind applications adapt to your screen. The display is optimized for a minimum 1366x768
resolution. The following browsers are recommended:
• Chrome from version 70.0.03538.102 and up
• FireFox from version 63.0.3 and up
IMPORTANT Internet Explorer version 11 is no longer supported.

2 Prerequisites - 2.2 Hosts prerequisites Compact Deployment
2.2 Hosts prerequisites

Hardware references for MediaKind solutions include MediaKind G8 appliances, Cisco, Dell and HP
BladeSystem that exclusively run on Intel CPUs.
IMPORTANT If host is a MediaKind appliance, please execute a factory restore on first entry point before
executing the deployment procedure. This will erase the factory standalone deployment.
This deployment mode installs both the controller and the licensing management system on the same
host. The Licensing control is based on locking codes generated on Controller host(s).
A locking code relies on hardware specific criteria, such as Mac address, hostname, or UUID. Any post
deployment change of one of these criteria will result in invalid licenses.
IMPORTANT Please pay attention to keep constant hosts for Controller.

Particularly, in virtualized environments, Controller VM must not be re-located.
2.2.1 Minimal resources for MediaKind Controller server(s)

Recommended hardware configurations for optimal performance:
Application CPU RAM Disk Network Features

memory Interface
Controller server Intel Xeon 32GB 160GB Ethernet - 2 x Redundant hot-
HDD 10/100/1000 swappable power
supply on physical
servers
IMPORTANT In order to guarantee server high availability, we recommend you to dedicate and team two
physical network interfaces for the management network via one logical network interface.
Refer to: Improve network interfaces high availability (NIC teaming) on page 13.
2.2.2 Recommended resources for MediaKind applications servers

Recommended hardware configurations for optimal performance:
Application CPU RAM memory Disk

MediaKind Encoding Two Intel Xeon Gold 6140 (2.3GHz) 64GB 240GB SSD
On-Demand with memory interleaving and CPU
Hyper threading options enabled
2 Prerequisites - 2.2 Hosts prerequisites Compact Deployment
2.2.3 Minimal resources for MediaKind applications servers

Minimal hardware configurations for optimal performance:
Application CPU RAM memory Disk

MediaKind Encoding Two Intel Xeon Gold 6140 (2.3GHz) 32GB 240GB SSD
On-Demand with memory interleaving and CPU
Hyper threading options enabled
2 Prerequisites - 2.3 Operating System prerequisites Compact Deployment
2.3 Operating System prerequisites
2.3.1 Versions and compatibility

Recommended operating systems for MediaKind solutions:
Application Operating System

MediaKind Controller Recommended version:
Linux CentOS-7.7 minimal 64 bit*
Other supported version:
MediaKind Encoding On-Demand Recommended version:

Other supported versions:
* The version to use depends on the MediaKind applications that need to be supported.
IMPORTANT • In standalone mode, the CentOS version deployed on the server must be compatible
with the recommended (or supported) versions of both MediaKind Controller and
MediaKind application to install.
• In compact mode, the CentOS version deployed on both controllers must be compatible
with the recommended (or supported) versions of both MediaKind Controller and
MediaKind application to install.
2.3.2 Linux update

Disable automatic Linux updates to avoid unexpected reboot.
2.3.3 Antivirus
Uninstall all antivirus services from all the servers of the solution to avoid performance failures or
unexpected software behaviors.
2.3.4 Security-Enhanced Linux

Leave SELinux enforcing settings unchanged on all the servers of the solution to be able to run scripts
remotely (example: supportPackage request).
NOTE The product setup script automatically configures the Security-Enhanced Linux settings.
2 Prerequisites - 2.3 Operating System prerequisites Compact Deployment
2.3.5 Firewall
Activate the Linux Server Firewall if disabled in order to access ports required during installation. Ports:
8080 for the UI, or 80 for light SOAP bridge and 8443 for https.
NOTE The product setup script automatically configures the firewall settings.
2.3.6 HTTP Proxy

Disable any HTTP proxy to avoid installation issues.
2.3.7 Host Names

Requirements
• All servers must have unique host names.
• If the servers are configured to get the controller host names from a DNS server: skip the /etc/hosts
configuration below.
NOTE The use of DNS is not covered in this configuration guide and would be a matter for a
local system administrator
• The host name should be configured in /etc/hostname on each server.

• For servers hosting the controller software: all controller host names must be written into the /etc/
hosts file on each controller server. The default entry for localhost must also remain in place.
IMPORTANT Host name of Controller nodes must not be changed, this would result in invalid
licenses. See host pre-requisites for details.
Example of the /etc/hosts file in compact and distributed modes:
• /etc/hosts file on both controller1 and controller2 servers
• 127.0.0.1 localhost
• 192.168.0.11 controller1
• 192.168.0.12 controller2
• /etc/hosts file on each processing server

• 127.0.0.1 localhost
• 192.168.0.13 procserver-n
2 Prerequisites - 2.4 Network Configuration Compact Deployment
2.4 Network Configuration

Prerequisites:
The host network configuration is set-up including:
• IP configuration of network interfaces
• Network interface bonding when necessary
• Specific routes when necessary. Example: multicast, ip route add 239.2.3.202 via “ip_address”
IMPORTANT In distributed or compact deployment, the management IP addresses of the controller

server(s) (controllerIP1 and controllerIP2):
• must be static,
• must be on the same subnetwork (as well as VIP and VIP Licensing addresses),
• must not be changed after deployment. (If the IP address must be changed after
deployment, a complete re-installation must be done).
ATTENTION During the deployment of the system, the last octet of the VIP is used as the Virtual Router
Redundancy Protocol (VRRP). Therefore the last octet used by the VIP MUST be unique,
and no other device in the network can use the same last octet.
For example, if VIP is 10.86.84.239, 239 must be excluded from the last digit of all the
devices in the network.
NOTE In case of distributed deployment, all the network interface names of all the servers must be
the same subnetwork.
2.4.1 Improve network interfaces high availability (NIC teaming)

Within your video headend, communication between application servers is done via the management
network.
In order to guarantee server high availability, we recommend you to dedicate and team two physical
network interfaces for the management network via one logical network interface. Doing so, if one
physical interface becomes inoperable, communication continues through the other interface, using the
same IP address (controllerIP).
2 Prerequisites - 2.5 MediaKind security model and zoning Compact Deployment
2.5 MediaKind security model and zoning

In the industry security zoning is commonly categorized in four zone types, and a brief summary of each
zone is outlined below.
• Untrusted zone is a public zone entirely open and includes public network such as the public
Internet. Restrictions and requirements are difficult or impossible to place or enforce in this zone
because it is generally outside the control of the customer. The untrusted zone is considered to be
extremely hostile.
• Semi-trusted zone is public access zone that mediates between the customer’s trusted zone and the
untrusted zone. Typically, this zone implements corporate Web/Proxy servers, Domain Name Service,
external Mail servers, remote access, and extranet gateways. It is often referred to as a demilitarized
zone (DMZ). The semi- trusted zone is considered to be hostile.
• Trusted zone is an operational zone, a standard environment for routine customer operations, and
where most corporate user systems and work group servers are installed. In general, with appropriate
security controls, this zone may be suitable for processing some sensitive data; however, this zone is
customarily unsuitable for large repositories of sensitive data or critical applications without adequate
strong trustworthy security controls.
• Restricted zone is a controlled zone suitable for business-critical services or large repositories of
sensitive data. It supports access from systems in the semi-trusted zone.
Each security zone is delimited by a trust boundary:
• Trust boundaries provides network interface across a zone to adjacent zone. Trust boundaries are the
logical construct describing the controlled interfaces connecting zones. Trust boundaries enforce zone
data communication policy through perimeter security measures. Trust boundaries control inbound
data communication; implement security policy of their respective zone; and all data communication
must be through a trust boundary. Trust boundaries can be accomplished using a single component
2 Prerequisites - 2.5 MediaKind security model and zoning Compact Deployment
or a combination of components such as load balancer, firewall, intrusion detection system (IDS),
intrusion prevention system (IPS), access control list (ACL) and routers.
3 Quick Deployment Procedures
3 Quick Deployment Procedures - 3.1 Quick Deployment Procedures Compact Deployment
3.1 Quick Deployment Procedures

Prerequisites:
• Recommended Linux CentOS is installed on servers (refer to the release note for versions supported).
• Network Interfaces are configured (IP addresses, Mask, Gateways).
• Root access is required for installation.
• Following tar.gz files are available:
• Eri-xx-xxxxxx-xx-xx-MFVP-controller-v.x.y.z.el7.x86_64.tar.gz
• Eri-xx-xxxxxx-xx-xx-ericsson-log-manager-v.x.y.z.el7.x86_64.tar.gz
• Eri-xx-xxxxxx-xx-xx-ericsson-encoding-on-demand-v.x.y.z.el7.x86_64.tar.gz
3.1.1 Security information

Controller versions 10.1 and above, embed a secured database version.
IMPORTANT The /etc/ericsson/secrets/mongo/secrets.ini file MUST be copied on each server of your

headend.
Credentials to access the database are created during Controller deployment and available in the
following directories:
• /etc/ericsson/secrets on both controllers and on the arbiter server.
The Secrets folder contains the following files:
• /mongo/secrets.ini: This file contains the MongoDB client authorization password that is requested to
connect the secure database and MUST be copied on each server
• /mongo/mongodb.key: This key is used for internal authentication between both controllers and the
arbiter server.
3.1.2 Deploying MediaKind Controller

1. Copy Eri-xx-xxxxxx-xx-xx-MFVP-controller-v.x.y.z.el7.x86_64.tar.gz to controller 1 (server A) and
controller 2 (server B)
2. Install MediaKind Controller on controller 1:
# mkdir -p /tmp/<directory_name>
# tar -xvf Eri-xx-xxxxxx-xx-xx-MFVP-controller-v.x.y.z.el7.x86_64.tar.gz -C /tmp/<directory_name>
# cd /tmp/<directory_name>
# ./install.sh
3. Synchronize NTP on Controller 1.

4. Configure MediaKind Controller on controller 1:
# /opt/ericsson/controller/setup/configure.sh --serverID xx --controllerIP1 x.x.x.x --controllerIP2 x.x.x.x --vip

x.x.x.x --vipLicensing x.x.x.x
5. Install MediaKind Controller on controller 2:
# ./install.sh
6. Synchronize NTP on Controller 2.

7. Configure MediaKind Controller on controller 2:
# /opt/ericsson/controller/setup/configure.sh --serverID xx --controllerIP1 x.x.x.x --controllerIP2 x.x.x.x --vip

x.x.x.x --vipLicensing x.x.x.x
8. Optional: Delete the temporary Controller installation folder(s):
# rm -rf /tmp/<directory_name>
9. Copy Eri-xx-xxxxxx-xx-xx-MFVP-controller-v.x.y.z.el7.x86_64.tar.gz to the arbiter server (server C).

10. Install the arbiter on server C:
# ./install.sh --mongoarbiter
11. Synchronize NTP.

12. Configure the arbiter on server C:
/opt/mfvp/arbiter/setup/configure_arbiter.sh --controllerIP x.x.x.x --arbiter x.x.x.x
3.1.3 Deploying Log Manager

1. Copy Eri-xx-xxxxxx-xx-xx-ericsson-log-manager-v.x.y.z.el7.x86_64.tar.gz to controller 1.
2. Install Log Manager on controller 1:
# tar -xvf Eri-xx-xxxxxx-xx-xx-ericsson-log-manager-v.x.y.z.el7.x86_64.tar.gz

# cd ericsson-log-manager-v.x.y.z.el7.x86_64
# ./install.sh
3. Manage certificate and configure Log Manager depending on your deployment context:
• Deployment with custom certificates
a. Copy the trusted certificate files (.crt and .key) used available in your environment and generated
according to PEM (RFC 1421 to 1424) format standards, to controller 1 under /etc/ssl/certs .
b. Repeat on controller 2.
• Deployment with auto-generated certificates
a. Generate certificate on controller 1:
# /opt/ericsson/log-manager/setup/generate_certificate.sh --caName <controller_VIP> --output /etc/ssl/certs
RESTRICTION Certificates generated with the provided script “generate_certificate.sh” are self-
signed and are created with an expiration date set to "current date + 10 years".
b. Configure Log Manager on controller 1:
# /opt/ericsson/log-manager/setup/configure.sh --sslCertificate /etc/ssl/certs/<controller_VIP>.crt --

sslPrivateKey /etc/ssl/certs/<controller_VIP>.key --elasticsearchPassword xx
c. Copy certificate to controller 2.

d. Install Log Manager on controller 2:

# ./install.sh
e. Configure Log Manager on controller 2:

3.1.4 Deploying MediaKind Encoding On-Demand

1. Copy Eri-xx-xxxxxx-xx-xx-ericsson-encoding-on-demand-v.x.y.z.el7.x86_64.tar.gz to controller 1.
2. Install MediaKind Encoding On-Demand on controller 1:
# tar -xvf Eri-xx-xxxxxx-xx-xx-ericsson-encoding-on-demand-v.x.y.z.el7.x86_64.tar.gz

# cd ericsson-encoding-on-demand-v.x.y.z.el7.x86_64
# ./install.sh --standalone
3. Repeat on controller 2.
4. Configure MediaKind Encoding On-Demand on controller 1:
# /opt/ericsson/encoding-on-demand-standalone/setup/configure.sh --logManagerCA /etc/ssl/certs/

<controller_VIP>.pem
5. Repeat on controller 2.
6. Carry out the following series of steps on server C:
a. Copy Eri-xx-xxxxxx-xx-xx-ericsson-encoding-on-demand-v.x.y.z.el7.x86_64.tar.gz to server C.

b. Install MediaKind Encoding On-Demand:

# ./install.sh --server
c. Copy certificate to /etc/ssl/certs/ on server C.

d. Copy secrets.ini file to /etc/ericsson/secrets/mongo/ on server C.
e. Synchronize NTP on server C.
f. Configure MediaKind Encoding On-Demand on server C:
# /opt/ericsson/encoding-on-demand-server/setup/configure.sh --localIP x.x.x.x --serverID xx --

controllerIP x.x.x.x --logManagerCA /etc/ssl/certs/<controller_VIP>.pem --licenseServerIP x.x.x.x
7. Repeat on servers D to N.
4 Deployment Procedures
4 Deployment Procedures - 4.1 Introduction to compact deployment Compact Deployment
4.1 Introduction to compact deployment

Compact deployments are installed on multiple servers to provide high availability.
Compact Headend overview
• 2 redundant servers host Controller and processing functionality for HA.
• Up to 13 other servers dedicated for processing services.
• Typical use: Production, medium sizing
This deployment mode installs both the controller and the licensing management system on the same
host. The Licensing control is based on locking codes generated on Controller host(s).
A locking code relies on hardware specific criteria, such as Mac address, hostname, or UUID. Any post
deployment change of one of these criteria will result in invalid licenses.
IMPORTANT Please pay attention to keep constant hosts for Controller.

Particularly, in virtualized environments, Controller VM must not be re-located.
Table 1. Compact Deployment Cheat sheet
Server Parameter Type Comment

A serverID Text Unique ID used to identify the server hosting
MediaKind application by controller.
controllerIP1 IP address IP address associated with management NIC of
Controller 1.
4 Deployment Procedures - 4.1 Introduction to compact deployment Compact Deployment
Server Parameter Type Comment

B serverID Text Unique ID used to identify the server hosting
controllerIP2 IP address IP address associated with management NIC of
Controller 2.
A&B vip IP address Virtual IP address used for High Availability,
controllerIP mapped to the management NICs of
Controller 1 and Controller 2.
vipLicensing IP address Virtual IP address used for Licensing High

licenseServerIP Availability, mapped to the management NICs
of Controller 1 and Controller 2.
C to N serverID Text Unique ID used to identify the server hosting
localIP IP address IP address associated with management NIC of
the server.
controllerIP IP address Virtual IP address defined on both controllers
1 and 2.
licenseServerIP IP address Licensing Virtual IP address defined on both
controllers 1 and 2.
4 Deployment Procedures - 4.2 Security information Compact Deployment
4.2 Security information


headend.
arbiter server.
4 Deployment Procedures - 4.3 Deploying MediaKind Controller on both Controller Compact Deployment
servers
4.3 Deploying MediaKind Controller on both Controller servers
4.3.1 Install MediaKind Controller and License manager on Controller 1

1. Open an SSH session as a root user.
2. Copy the tar.gz to the Controller1.
3. Enter the following commands on Controller1:
# ./install.sh
Result: The installation completes and the following message displays:
Completed
4.3.2 Synchronize NTP

The server where the operating system is installed determines the date and time settings for your
MediaKind solution. The servers in the headend must be synchronized on the same NTP server. If the
software is running is a Virtual Machine (VM), the VM's host server must also be synchronized on the
servers
NTP server. In a MediaKind solution, all the logs, alarms and status are written and timestamped by all
the different servers that cooperate for control.
1. Carry out the following steps only if running CentOS versions 7.3 and above.
NOTE Disable and stop chronyd to prevent unexpected behaviour (upon a reboot for example).
a. Enter to following command to disable chronyd.
# systemctl disable chronyd
b. Enter to following command to stop chronyd.
# systemctl stop chronyd
2. Update the NTP configuration file on the first server with the NTP IP address:
# vi /etc/ntp.conf
# server [ntp_ip_address]
3. Restart the NTP service on each server with the following commands:
# systemctl restart ntpd
4. Enable the NTP to automatically restart (upon a reboot for example).
# systemctl enable ntpd
5. Check the server synchronization with the NTP server with the following commands:
# ntpstat
6. Edit time zone Only if time is not currently set to the expected timezone, otherwise, skip to the
next step in this procedure.
NOTE Editing the time zone depends on your geographic location.
# cd /etc
# rm localtime
# ls /usr/share/zoneinfo/
# ln -s /usr/share/zoneinfo/[expected_time_zone] localtime
# date
Result: The servers are synchronized with NTP.
4.3.3 Configure MediaKind Controller on Controller 1

Enter one of the following commands on Controller1 depending on your configuration:
servers
• Standard UI and API configuration
# /opt/ericsson/controller/setup/configure.sh --serverID xx --controllerIP1 x.x.x.x --controllerIP2 x.x.x.x --vip x.x.x.x

--vipLicensing x.x.x.x
• Secured UI and API configuration

--vipLicensing x.x.x.x --sslPort xx --sslCertificate /etc/ssl/certs/<controller_VIP>.crt --sslPrivateKey /etc/ssl/certs/
<controller_VIP>.key --sslCertificateChainFile xx --authenticationCertificate xx --authenticationPrivateKey xx
Mandatory parameters
--serverID xx xx corresponds to your Server ID for this controller (example:

Controller_01). The server ID must be unique and is used as the
server name in the controller user interface.
--controllerIP1 x.x.x.x IP address of the Controller1. Recommendation is to use the TeamIP
for this server as suggested in the prerequisites chapter.
--controllerIP2 x.x.x.x IP address of Controller2. Recommendation is to use the TeamIP for
this server as suggested in the prerequisites chapter.
--vip x.x.x.x in a redundant Controller mode, a virtual IP address that will be
the entry point of both Controllers must be set. The vip address
will be set on the same subnetwork as Controller1 and Controller2
IP addresses. The last octet of the VIP MUST be unique within
the network and different from any other devices in the network
(Network Configuration on page 13).
--vipLicensing x.x.x.x Set to ensure license provisioning. The vipLicensing address must
be unique and must be set on the same subnetwork as the vip
address.
UI and API secure access parameters (optional)
--sslPort xx xx corresponds to the port used for

HTTPS access. Valid values: 8443 |
443 (default is 8443).
--sslCertificate /etc/ssl/certs/<controller_VIP>.crt corresponds to the file path to SSL
certificate file to import.
--sslPrivateKey /etc/ssl/certs/<controller_VIP>.key corresponds to the file path to SSL
private key file to import.
servers
--authenticationCertificate xx xx corresponds to the PEM

formatted file containing the SSL
certificate used to validate signed
authentication tokens. If using
this parameter then you must also
provide --authenticationPrivateKey.
--authenticationPrivateKey xx xx corresponds to the PEM
formatted file containing the private
key used to sign authentication
tokens. If using this parameter
then you must also provide --
authenticationCertificate.
Result: The configuration completes and the following message displays:
ntp is synchronized
4.3.4 Install MediaKind Controller and License manager on Controller 2

2. Copy the tar.gz to the Controller2.
# ./install.sh
Completed

servers
# vi /etc/ntp.conf
# ntpstat
# cd /etc
# rm localtime
# date
4.3.6 Configure MediaKind Controller on Controller 2

Enter one of the following commands on Controller2 depending on your configuration:
servers
• Standard UI and API configuration

--vipLicensing x.x.x.x
• Secured UI and API configuration

--vipLicensing x.x.x.x --sslPort xx --sslCertificate /etc/ssl/certs/<controller_VIP>.crt --sslPrivateKey /etc/ssl/certs/
<controller_VIP>.key --sslCertificateChainFile xx --authenticationCertificate xx --authenticationPrivateKey xx
--serverID xx xx corresponds to your Server ID for this controller (example:

Controller_01). The server ID must be unique and is used as the
server name in the controller user interface.
--controllerIP1 x.x.x.x IP address of the Controller1. Recommendation is to use the TeamIP
for this server as suggested in the prerequisites chapter.
--controllerIP2 x.x.x.x IP address of Controller2. Recommendation is to use the TeamIP for
this server as suggested in the prerequisites chapter.
--vip x.x.x.x in a redundant Controller mode, a virtual IP address that will be
the entry point of both Controllers must be set. The vip address
will be set on the same subnetwork as Controller1 and Controller2
IP addresses. The last octet of the VIP MUST be unique within
the network and different from any other devices in the network
(Network Configuration on page 13).
--vipLicensing x.x.x.x Set to ensure license provisioning. The vipLicensing address must
be unique and must be set on the same subnetwork as the vip
address.
UI and API secure access parameters (optional)
--sslPort xx xx corresponds to the port used for

HTTPS access. Valid values: 8443 |
443 (default is 8443).
servers
--authenticationCertificate xx xx corresponds to the PEM

formatted file containing the SSL
certificate used to validate signed
authentication tokens. If using
this parameter then you must also
provide --authenticationPrivateKey.
--authenticationPrivateKey xx xx corresponds to the PEM
formatted file containing the private
key used to sign authentication
tokens. If using this parameter
then you must also provide --
authenticationCertificate.
ntp is synchronized
4.3.7 Check the MediaKind Controller deployment on both controllers

1. Open a Web browser from a computer that has a network access to your Controller.
2. Enter the access URL, then press Enter.
NOTE The address is either HTTP or HTTPS depending on your security settings.
• http://[vip]:8080
• https://[vip]:8443/ui/home or https://[vip]/ui/home
3. When the Login page displays: Enter your username and password.
NOTE Default admin user log in information:

• Username: admin
• Password: admin
Result: The Home page displays.

4. Display servers.
Result: The following processing types display: Controller, Licensing
servers
4 Deployment Procedures - 4.4 Deploying the arbiter server for Controller redundancy Compact Deployment
4.4 Deploying the arbiter server for Controller redundancy

This step sets an arbiter function on one single server. The arbiter is needed to ensure Controller
redundancy.
IMPORTANT If Controllers are deployed on separate hosts, then the arbiter must be on a different host
than controllerIP1 and controllerIP2.
The arbiter must be deployed on a server that also runs a processing application. In this
document, the arbiter is installed on Server C, but it could be located on any other server
that runs a Processing application
4.4.1 Install the arbiter components on the server

1. Copy the tar.gz to the server:
2. Enter the following commands using the parameter --mongoarbiter:
# ./install.sh --mongoarbiter
Result: The installation is complete and displays the following message:
Complete!

# vi /etc/ntp.conf
# ntpstat
# cd /etc
# rm localtime
# date
4.4.3 Configure the arbiter server

1. Enter the following commands:
/opt/mfvp/arbiter/setup/configure_arbiter.sh --controllerIP x.x.x.x --arbiter x.x.x.x
--controllerIP x.x.x.x IP address of the vip defined on both controllers.

--arbiter x.x.x.x x.x.x.x is the IP address for this server. --arbiter x.x.x.x defines this server
as the arbiter. The arbiter is used in managing Controller redundancy.
ntp is synchronized
4 Deployment Procedures - 4.5 Deploying Log Manager on both Controller servers Compact Deployment
4.5 Deploying Log Manager on both Controller servers

Prerequisites: MediaKind Controller is installed on both controllers.
Deploying Log Manager is a 2-step procedure:

1. You deploy Log Manager on Controller 1 (server A) that is:
a. You install Log Manager on Controller 1.

b. You configure Log Manager on Controller 1 depending on your deployment environment:
• Configure Log Manager with custom certificates
• Configure Log Manager with auto-generated certificates
2. You deploy Log Manager on Controller 2 (server B) that is:
a. You install Log Manager on Controller 2.

b. You configure Log Manager on Controller 2 depending on your deployment environment:
3. You check the Log Manager deployment on both controllers.
4.5.1 Install Log Manager on Controller 1

1. Copy the Eri-xx-xxxxxx-xx-xx-ericsson-log-manager-v.x.y.z.el7.x86_64.tar.gz to Controller1.

# ./install.sh
Optional
--bridgeIP [Optional] Defines the network range used by elasticSearch

and logstash (default: 172.17.0.1/16). To avoid IP conflicts
when the network already uses the default range then it is
required to assign an alternative range using bridgeIP.
installation log-manager successful
3. Enter the following command to check that the installation is completed and the docker service is
enabled:
# systemctl is-enabled docker
Result: The following message displays:
enabled
4. Go to Log Manager configuration depending on your deployment environment:

4.5.2 Configure Log Manager with custom certificates

Copy certificates on Controller
Log Manager requires certificates to secure network traffic between your pool of processing servers
and the Log Manager. Certificates must be generated according to PEM (RFC 1421 to 1424) format
standards and can be either self-signed or signed by a trusted 3rd party Authority.
• Usage of self-signed certificates from your environment will allow the log-manager to work normally
and collect logs from the encoding workers and other components.
• Usage of certificates signed by a 3rd party Authority must be considered accordingly to the company's
own security policy.
To install a certificate, you must copy your certificate files to controller 1 (.crt and .key) under /etc/ssl/
certs/) then run the configure.sh command with your certificate file name.MediaKind is not responsible
for misuse of certificates.
IMPORTANT Expiration of the validity date of a certificate will not block the encoding processes but will
prevent jobs logs to be collected and displayed in the UI.
Configure Log Manager on Controller

1. Copy the trusted certificate files (.crt and .key) used available in your environment to controller 1
under /etc/ssl/certs .
2. Enter the following command on Controller1:
# /opt/ericsson/log-manager/setup/configure.sh --sslCertificate /etc/ssl/certs/<trustedCertificateName>.crt --

sslPrivateKey /etc/ssl/certs/<trustedCertificateName>.key --elasticsearchPassword xx
Mandatory Parameters
--sslCertificate /etc/ssl/certs/ corresponds to the file path to SSL

<trustedCertificateName>.crt certificate file to import.
--sslPrivateKey /etc/ssl/certs/ corresponds to the file path to SSL
<trustedCertificateName>.key private key file to import.
--elasticsearchPassword xx xx corresponds to the password to
use to request elasticsearch. Must
be at least 6 characters
Optional Parameters
--controllerPort xx [Optional] xx corresponds to the port where the

API of the Controller is callable (default to 8080)
--syslogPort xx [Optional] xx corresponds to the IP port number
for TCP server (default to 5140)
--elasticsearchPort xx [Optional] xx corresponds to the IP port number
for elasticsearch REST API (default to 9200)
--elasticsearchClusterPort xx [Optional] xx corresponds to the IP port number
for elasticsearch internal cluster communication
(default to 9300)
--elasticsearchDatabase xx [Optional] xx corresponds to the absolute file path
to the elasticsearch database directory (default: /
var/lib/ericsson/log-manager/elasticsearch).
--licenseServerIP x.x.x.x IP address of the server on which the licenses are

managed. (By default, the license management
is hosted on the Controller, so the IP address to
enter is the IP address of the Controller)
Log Manager configuration successful
4.5.3 Configure Log Manager with auto-generated certificates

Generate and copy certificates on Controller
Log Manager requires certificates to secure network traffic between your pool of processing servers and
the Log Manager. Certificates can be generated with the provided script generate_certificate.sh (see below).
MediaKind is not responsible for misuse of certificates.
RESTRICTION Certificates generated with the provided script “generate_certificate.sh” are self-signed and
are created with an expiration date set to "current date + 10 years".
# /opt/ericsson/log-manager/setup/generate_certificate.sh --caName <controller_VIP> --output /etc/ssl/certs
--caName <controller_VIP> corresponds to the Controller VIP address.

--output /etc/ssl/certs corresponds to the directory to store certificates. The
default directory is /etc/pki/tls/certs.
Result: The following certificates are generated in the folder defined for --output:
• <controller_VIP>.csr
• <controller_VIP>.crt
• <controller_VIP>.key
• <controller_VIP>.pem
2. Copy the above certificates to Controller2 to /etc/ssl/certs.
Configure Log Manager on Controller

Enter the following command on Controller1:
# /opt/ericsson/log-manager/setup/configure.sh --sslCertificate /etc/ssl/certs/<controller_VIP>.crt --sslPrivateKey /etc/

ssl/certs/<controller_VIP>.key --elasticsearchPassword xx

--elasticsearchPassword xx xx corresponds to the password to
use to request elasticsearch. Must be
at least 6 characters
Optional Parameters
--controllerPort xx [Optional] xx corresponds to the port where the API

of the Controller is callable (default to 8080)
--syslogPort xx [Optional] xx corresponds to the IP port number for
TCP server (default to 5140)
--elasticsearchPort xx [Optional] xx corresponds to the IP port number for
elasticsearch REST API (default to 9200)
--elasticsearchClusterPort xx [Optional] xx corresponds to the IP port number for
elasticsearch internal cluster communication (default
to 9300)
--elasticsearchDatabase xx [Optional] xx corresponds to the absolute file path to
the elasticsearch database directory (default: /var/lib/
ericsson/log-manager/elasticsearch).
Log Manager configuration successful
4.5.4 Install and configure Log Manager on Controller 2

Prerequisites:
You have installed and configured Log Manager on Controller 1.
To install and configured Log Manager on Controller 2, follow these steps:
1. Copy certificate to controller 2.
2. Install Log Manager on controller 2:

# ./install.sh
3. Configure Log Manager on controller 2:

4.5.5 Check the Log Manager deployment on both Controllers

Prerequisites:
You are connected to the MediaKind user interface.
1. Display servers.
2. Check that the following processing types display: Controller, Licensing and Log Manager.
4 Deployment Procedures - 4.6 Deploying MediaKind Encoding On-Demand on both Compact Deployment
Controller servers
4.6 Deploying MediaKind Encoding On-Demand on both

Controller servers
Prerequisites: MediaKind Controller and log manager are installed and configured on both controllers.
4.6.1 Install MediaKind Encoding On-Demand elements on both

Controllers
1. Copy Eri-xx-xxxxxx-xx-xx-ericsson-encoding-on-demand-v.x.y.z.el7.x86_64.tar.gz to Controller1.
2. Enter the following commands on Controller1 using the parameter --standalone:

# ./install.sh --standalone
Installation controller successful
3. Repeat on Controller2.
4 Deployment Procedures - 4.6 Deploying MediaKind Encoding On-Demand on both Compact Deployment
Controller servers
4.6.2 Configure MediaKind Encoding On-Demand on both Controllers

# /opt/ericsson/encoding-on-demand-standalone/setup/configure.sh --logManagerCA /etc/ssl/certs/

<controller_VIP>.pem
--logManagerCA /etc/ssl/certs/<controller_VIP>.pem corresponds to the absolute

file path to SSL CA file used to
encrypt communications with
log-management (.pem file).
Optional Parameters
--controllerPort xx [Optional] xx corresponds to the port where the API of the

Controller is callable (default to 8080)
--logManagerSyslogPort xx [Optional] xx corresponds to the Log Manager port where
push the syslog (default: 5140).
––noSoap80 Use when no SOAP interface on port 80
--licenseServerIP x.x.x.x IP address of the server on which the licenses are managed.
(By default, the license management is hosted on the
Controller, so the IP address to enter is the IP address of the
Controller)
ericsson-on-demand-encoding-standalone-successful
2. Repeat on Controller2.
4.6.3 Check the MediaKind Encoding On-Demand deployment on both

controllers
Prerequisites:
1. Display servers.
Result: The following processing types display: Controller, Licensing, On-Demand Encoding and
Log Manager.
2. Select Services > Add Service > On-Demand Encoding
Result: You are able to create an On-Demand encoding service.
4 Deployment Procedures - 4.7 Deploying MediaKind Encoding On-Demand on the Compact Deployment
pool of servers
4.7 Deploying MediaKind Encoding On-Demand on the pool of

servers
Prerequisites: MediaKind Controller and MediaKind Encoding On-Demand are installed on both
controllers.
4.7.1 Security information


headend.
arbiter server.
pool of servers
4.7.2 Install MediaKind Encoding On-Demand elements on each server

2. Copy Eri-xx-xxxxxx-xx-xx-ericsson-encoding-on-demand-v.x.y.z.el7.x86_64.tar.gz to the server.
3. Enter the following commands using the parameter --server:

# ./install.sh --server
Installation server successful
4. Repeat on each server.

# vi /etc/ntp.conf

pool of servers
# ntpstat
# cd /etc
# rm localtime
# date

7. Repeat on other Controller.
4.7.4 Configure MediaKind Encoding On-Demand on each server

1. Copy the following certificates to server1 using the correct file path (/etc/ssl/certs):
NOTE The file path was defined for output when you generated the certificates on the
Controller (Log Manager installation).
• .csr
• .crt
• .key
• .pem
2. Copy the MongoDB client authorization password from the controller to this server at the following
location:/etc/ericsson/secrets/mongo/secrets.ini (create directory if necessary).
3. Enter the following command:
# /opt/ericsson/encoding-on-demand-server/setup/configure.sh --localIP x.x.x.x --serverID xx --controllerIP x.x.x.x

--logManagerCA /etc/ssl/certs/<controller_VIP>.pem --licenseServerIP x.x.x.x
--localIP x.x.x.x corresponds to the

management IP address for
this server.
pool of servers
--serverID xx xx corresponds to your Server

ID for this server (example:
Server_01). The server ID
must be unique and is used
as the server name in the
controller user interface.
--controllerIP x.x.x.x IP address of the controller
(the controller vip address in
case of redundant Controller
mode, or the controller's
management address for non-
redundant controller mode).
--logManagerCA /etc/ssl/certs/<controller_VIP>.pem corresponds to the absolute
file path to SSL CA file used to
encrypt communications with
log-management (.pem file).
--licenseServerIP x.x.x.x License Server IP.
NOTE: Should be the
same as the
Controller VIP.
Optional Parameters
--controllerPort xx [Optional] xx corresponds to the port where the API of

the Controller is callable (default to 8080)
--logManagerSyslogPort xx [Optional] xx corresponds to the Log Manager port
where push the syslog (default: 5140).
Result: The following message displays:
ericsson encoding on-demand server configuration successful
4. Repeat on each server.
4.7.5 Check the MediaKind Encoding On-Demand deployment on your

pool of servers
Prerequisites:
1. Display servers.
2. Check that the following processing types display: On-Demand Encoding
5 Post deployment procedures
5 Post deployment procedures - 5.1 Configure mount points Compact Deployment
5.1 Configure mount points

Configure mount points to create access to remote content storage locations. Mount points must be
configured on each Encoding On-Demand processing server.
Mount points must comply to the following criteria:
• They are available at boot time
• MediaKind Encoding On-Demand access input files and output directories with user
ericsson:ericsson, this user must have at least rights for read rights for storage and read write execute
rights for output mount points.
• The default group ID is ericsson:ericsson.
For CIFS, authentication is required to access the Remote Server. Use the credentials below:
user=RemoteServerUsername
password=RemoteServerPassword
For NFS shares, the user ericsson should have rights to the share. In some cases, the user ericsson needs to
be added to a specific group to enable access rights on the share.
For example, when MediaKind Encoding On-Demand is driven by the MediaKind CMS, input files and
directories are created by the CMS with the user nobody:nobody. In this case, the user ericsson needs
to be added in the nobody group to grant access to MediaKind Encoding On-Demand. On each server,
execute the following command:
# sudo usermod -aG nobody ericsson

# systemctl restart ericsson-encoding-on-demand-job-daemon
The last command allows user change to take effect for MediaKind Encoding On-Demand.
2. Enter the following command to create the directory where the remote server location is to be
mounted.
# mkdir -p /opt/mfvp/mnt/LocalDirectory/Storage
3. Set the following user rights:
# chown -R ericsson:ericsson /opt/mfvp/mnt/LocalDirectory/Storage
4. Retrieve the [uid_value] and [gid_value] of the Ericsson user with the following commands:
# id ericsson
5. Mount the remote server on the newly created local directory by editing the file /etc/fstab
# vi /etc/fstab
6. Append the line as seen below in the fstab file.

Example context using CIFS mount points: //RemoteServer/Storage /opt/mfvp/mnt/LocalDirectory/Storage
cifs sec=ntlm,
defaults,rw,uid=[uid_value],gid=[gid_value],user=RemoteServerUsername,password=RemoteServerPassword 0 0
TIP We use CIFS in this example. If you are using a different protocol see linux mount
manuals (online resources) for fstab.
To mount a cifs directory located on //RemoteServer/Storage. RemoteServer can either be
the IP address, or the name of the server used for the remote storage.
Example context using NFS mount points: RemoteServer:/Storage /opt/mfvp/mnt/LocalDirectory/Storage

nfs defaults,user,auto,intr 0 0
Codes and commands Description

//RemoteServer/Storage Remote server to mount to a local directory
/opt/mfvp/mnt/LocalDirectory/ Local location where access to the remote server is mounted
Storage
defaults a common option including the auto mount at boot time
rw gives read write access
ro gives read only access
uid specifies that this mount point is owned by ericsson user
gid specifies that this mount point is owned by ericsson group
user specifies the user credential user needed to access the Remote
Server
password specifies the password credentials needed for the user to access
the Remote Server
7. Manually mount the Remote Server to the local directory:

# mount -a
8. Use the command lines (#) below to test the mount point by creating a mount.test file in /opt/mfvp/
mnt/LocalDirectory/Storage.
# cd /opt/mfvp/mnt/LocalDirectory/Storage
# su -c 'touch mount.test' ericsson
# ls /opt/mfvp/mnt/LocalDirectory/Storage
9. Return to the application and create a job using settings for either option 1 or option 2.
Option 1: using remote location (URL beginning with file://)
a. Input: file://RemoteServer/Storage/CustomInputFileName.ts
b. Output: file://RemoteServer/Storage
Option 2: Using local directory (URL beginning with file:///)
a. Input: file:///opt/mfvp/mnt//LocalDirectory/Storage/CustomInputFileName.ts
b. Output: file:///opt/mfvp/mnt/LocalDirectory/Storage
5 Post deployment procedures - 5.2 Allow LDAP users to access Controller user Compact Deployment
interface
5.2 Allow LDAP users to access Controller user interface

By default, accessing the Controller user interface is restricted to people that have a user account
defined through the MediaKind system center. You can also configure the user access by retrieving user
credentials from an existing LDAP server directory.
To allow LDAP users to access Controller, follow these steps:
2. Open the /opt/ericsson/unified-ui/etc/unified-ui.ini file on Controller1.
3. In the LDAP section, edit the LDAP information:
[ldap]
server_uri = ldap://fr-my.companydomain.com:389
bind_dn = CN=apache,OU=COM,OU=Sites,DC=companydomain,DC=com
bind_pwd = ********
search_dn = OU=COM,OU=Sites,DC=companydomain,DC=com
username_field = sAMAccountName
firstname_field = givenName
lastname_field = sn
start_tls = False
ca_certificate_file = /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
cipher_suite = kEECDH+aECDSA+AES:kEECDH+AES+aRSA:kEDH+aRSA+AES:-SSLv2:-SSLv3:-TLSv1:-TLSv1.1
server_uri Address of the LDAP server to communicate with

bind_dn Distinguished name to use when binding to the LDAP server; leave
empty (default) for an anonymous bind
bind_pwd Password to use for binding with protected binding; leave empty
(default) for anonymous binding
search_dn DN to use when binding to the server in order to perform searches.
leave empty for anonymous binding
username_field Name of the field to use in the LDAP search, for username matching
(against LDAP attributes)
firstname_field Name of the field (from LDAP attributes) holding the user’s first name
lastname_field Name of the field (from LDAP attributes) holding the user’s last name
NOTE: firstname_field & lastname_field shall be used together, or

they will be ignored.
firstname_field & lastname_field can be used to retrieve the
user’s full name. This will then be displayed instead of the
username once the user is logged in.
start_tls Set to True to enable encrypted communication by sending a “Start

TLS” command to the LDAP server
5 Post deployment procedures - 5.2 Allow LDAP users to access Controller user Compact Deployment
interface
ca_certificate_file Location of the CA certificate file used to verify the LDAP server’s
certificate when using TLS or LDAPS
cipher_suite Open SSL-format string defining the list of ciphers to use for TLS
communication
Specific recommendations if using secure LDAP:

• The address/hostname specified in server_uri must match the one present in the LDAP server’s
SSL certificate.
• ca_certificate_file should normally be the central OS trust store at /etc/pki/ca-trust/extracted/pem/tls-
ca-bundle.pem
• Use of the ldaps://<ip address>:636 URI format for an old-style SSL connection is supported, but
deprecated and not recommended.
• Instead, it is preferred to combine an ldap://<ip address>:389 format URI with the start_tls flag set
to True for modern TLS communication.
• start_tls must not be enabled if using a legacy ldaps://<ip address>:636 URI, or the LDAP server will
return an error when you attempt to authenticate.
4. Install a CA certificate on the controller.

NOTE This procedure is mandatory if your LDAP server’s certificate is not signed by a well-
known CA that can be trusted by the controller.
a. Copy the CA certificate to /etc/pki/ca-trust/source/anchors/

b. Run the following command:
# update-ca-trust extract
5. Repeat on Controller2 (in high availability deployment modes).

6. Restart Controller user interface:
# systemctl restart ericsson-unified-ui

5 Post deployment procedures - 5.3 Install Security Package Compact Deployment
5.3 Install Security Package

To improve the security level of your equipment, we provide a security update package. To install it, refer
to the Centos/Security update package Installation Guide.
NOTE Security update package is already installed on MediaKind appliances.

MKD 10 00456 01 02 EncodingOnDemand Compact InstallationGuide - v12 - RA PDF

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

MKD 10 00456 01 02 EncodingOnDemand Compact InstallationGuide - v12 - RA PDF

Uploaded by

Copyright:

Available Formats

Video Processing

Encoding On-demand mS v12

Chapter 3 3 Quick Deployment Procedures..............................................................................16

Chapter 4 4 Deployment Procedures.........................................................................................22

4.3.6 Configure MediaKind Controller on Controller 2............................................................... 30

Chapter 5 5 Post deployment procedures.................................................................................49

1.1 Deployment overview

• One SINGLE server hosts Controller and Encoding On-Demand

Compact deployment (from 3 to 15 servers)

• 2 redundant servers host Controller and Encoding On-Demand for HA.

Distributed Deployment (from 3 to 150 servers)

• 2 redundant servers host Controller for HA.

2.1 Browser Compatibility

IMPORTANT Internet Explorer version 11 is no longer supported.

2.2 Hosts prerequisites

IMPORTANT Please pay attention to keep constant hosts for Controller.

2.2.1 Minimal resources for MediaKind Controller server(s)

Application CPU RAM Disk Network Features

2.2.2 Recommended resources for MediaKind applications servers

Application CPU RAM memory Disk

2.2.3 Minimal resources for MediaKind applications servers

Application CPU RAM memory Disk

2.3 Operating System prerequisites

2.3.1 Versions and compatibility

Application Operating System

MediaKind Encoding On-Demand Recommended version:

2.3.2 Linux update

2.3.4 Security-Enhanced Linux

2.3.6 HTTP Proxy

2.3.7 Host Names

• The host name should be configured in /etc/hostname on each server.

• /etc/hosts file on each processing server

2.4 Network Configuration

IMPORTANT In distributed or compact deployment, the management IP addresses of the controller

2.4.1 Improve network interfaces high availability (NIC teaming)

2.5 MediaKind security model and zoning

3.1 Quick Deployment Procedures

3.1.1 Security information

IMPORTANT The /etc/ericsson/secrets/mongo/secrets.ini file MUST be copied on each server of your

3.1.2 Deploying MediaKind Controller

3. Synchronize NTP on Controller 1.

# /opt/ericsson/controller/setup/configure.sh --serverID xx --controllerIP1 x.x.x.x --controllerIP2 x.x.x.x --vip

5. Install MediaKind Controller on controller 2:

6. Synchronize NTP on Controller 2.

# /opt/ericsson/controller/setup/configure.sh --serverID xx --controllerIP1 x.x.x.x --controllerIP2 x.x.x.x --vip

8. Optional: Delete the temporary Controller installation folder(s):

9. Copy Eri-xx-xxxxxx-xx-xx-MFVP-controller-v.x.y.z.el7.x86_64.tar.gz to the arbiter server (server C).

11. Synchronize NTP.

12. Configure the arbiter on server C:

/opt/mfvp/arbiter/setup/configure_arbiter.sh --controllerIP x.x.x.x --arbiter x.x.x.x

13. Optional: Delete the temporary Controller installation folder(s):

3.1.3 Deploying Log Manager

# tar -xvf Eri-xx-xxxxxx-xx-xx-ericsson-log-manager-v.x.y.z.el7.x86_64.tar.gz

a. Generate certificate on controller 1:

# /opt/ericsson/log-manager/setup/generate_certificate.sh --caName <controller_VIP> --output /etc/ssl/certs

b. Configure Log Manager on controller 1:

# /opt/ericsson/log-manager/setup/configure.sh --sslCertificate /etc/ssl/certs/<controller_VIP>.crt --

c. Copy certificate to controller 2.

# tar -xvf Eri-xx-xxxxxx-xx-xx-ericsson-log-manager-v.x.y.z.el7.x86_64.tar.gz

e. Configure Log Manager on controller 2:

# /opt/ericsson/log-manager/setup/configure.sh --sslCertificate /etc/ssl/certs/<controller_VIP>.crt --

3.1.4 Deploying MediaKind Encoding On-Demand

# tar -xvf Eri-xx-xxxxxx-xx-xx-ericsson-encoding-on-demand-v.x.y.z.el7.x86_64.tar.gz