26.1 Getting started on hosting FootfallCam™ Solution
26.1.1 Introduction
Besides connecting your FootfallCam™ Devices to FootfallCam™ Cloud Servers, you can choose to host FootfallCam™ Solution into your on-premise servers. This option enables you to further securely store and complete control of data in their own premises, with the same methodology and functionality as the Cloud Servers provided by FootfallCam™.
26.1.2 Requesting for FootfallCam™ Server Installation Service
FootfallCam™ Solution installation and setup can only be done by our FootfallCam™ Technical Specialists. Hence, you are required to order a Software Installation Service from us with one-off installation fee.
Below are the overall steps on deploying FootfallCam™ on-premise server on client site.
STEP 1 - Identify/consult FootfallCam™ on on-premise server requirements and prepare server(s).
STEP 2 - Order Software Installation Service and submit Server Installation Form to [email protected]. (Server Installation Form can be found at the bottom of this page)
STEP 3 - FootfallCam™ to schedule for server inspection and verify server hardware/network requirements.
STEP 4 - FootfallCam™ to schedule and perform Software Installation session.
STEP 5 - Setup account and bind devices in FootfallCam™Analytic Manager in their server(s).
26.1.3 Overview of hosting FootfallCam™ Solution
To host FootfallCam™ Solution on-premise, you must prepare 2 server instances for hosting whole FootfallCam™ Solution: -
-
Microsoft Windows Server 2016+ (Window Server)
-
Ubuntu Server 20.04 (Ubuntu Server)
At the highest level, there are 4 major components that forms FootfallCam™ Solution, which is shown in the diagram and table below:
Component | Description | Compatible OS |
FootfallCam™ Analytic Manager V9 |
A core web application that allows user to view & generate analytics report, site & device management, and integration in accordance with user's needs into their own system, with addition of user access control, API ready for Import and Export. |
Windows Server |
Microsoft SQL Database | Stores configuration data, user access data, and log data for FootfallCam™ Analytic Manager V9. | Windows Server |
Real Time Data Engine |
A collection of services that uses Apache Technologies to communicate, collect, process, and aggregate event-driven data from FootfallCam™ Devices via Websocket protocol, and output information to Druid Database. |
Ubuntu Server |
Druid Database |
A storage medium for Real Time Data Engine to perform read/write operation with highest efficiency and speed possible. FootfallCam™ also uses this to create an end point that allows FootfallCam™ Analytic Manager V9 to access, manage, and present the data in the dashboard. |
Ubuntu Server |
26.1.4 Applications to be installed
Databases | Function With |
PostGresSQL |
Keycloak, Thingsboard, Apache Airflow, Doris |
Cassandra DB |
ThingsBoard |
Applications | Function |
Apache Pulsar |
Data processing (real-time analytics) |
Apache Flink |
Data processing (real-time analytics) |
Apache Ignite |
Data processing (real-time analytics) |
Apache Kafka-on-Pulsar |
Data processing (real-time analytics) |
Keycloak(docker) |
User Authentication |
HaProxy |
SSL Certification |
Cube JS |
Works with Apache Doris to produce dashboard data |
Apache Doris |
Provides dashboard data |
Thingsboard |
Orchestrate and visualize data workflows |
Apache Airflow |
Orchestrate and visualize data workflows |
MariaDB |
Database management system for storing, retrieving, and managing data |
Novu |
Microservice for managing multi-channel notifications |
Postgres |
Database management system for storing, retrieving, and managing data |
Configuration Module |
Microservice for configuring data and settings |
Logging Module |
Microservice for logging information such as engineering logs and error logs |
Tag Module |
Microservice for data tagging |
Import Export Module |
Microservice for importing and exporting data |
IAM Module |
Microservice for managing authentication, authorization and access control to resources |
File Module |
Microservice for uploading and downloading files |
Message Module |
Microservice for sending messages with different gateway |
26.2 Preparing your servers
26.2.1 Choosing the right platform to host FootfallCam™ Solution
There are many cloud providers that can fulfill the requirement on hosting FootfallCam™ Solution, such as Amazon AWS, Microsoft Azure, Google Cloud, OVH Cloud, and many more, depending on the availability in your country or region.
You may also choose to host FootfallCam™ Solution with your own on-premise servers with private network. Be sure to fulfill the network requirements, which you can learn more in Appendix A - Self-hosting Server Deployment Examples.
26.2.2 System Requirements
A correct servers' specification is important to ensure the FootfallCam™ Solution is running reliably and consistently without compromised performance. Table below shows the system requirements for hosting FootfallCam™ Solution, corresponding to the number of FootfallCam™ Devices being supported: -
Item / Size | Small | Medium | Large |
FootfallCam™ Devices Count | Up to 100 devices | Up to 500 devices | Up to 1000 devices |
PRIMARY SERVER | |||
CPU | 8 Cores 64-bit | 12 Cores 64-bit | 16 Cores 64-bit |
Memory | 32GB or above | 64GB or above | 128GB or above |
Storage** | 500GB or above | 1TB or above | 2TB or above |
Operating System | Windows Server 2016 or above (Standard or Datacenter Edition) | ||
SQL Server License | Microsoft SQL Server 2016 or above (Standard or Enterprise Edition) | ||
SECONDARY SERVER | |||
CPU | 16 Cores 64-bit | 24 Cores 64-bit | 32 Cores 64-bit |
Memory | 128GB or above | 256GB or above | 512GB or above |
Storage** | 1TB or above | 2TB or above | 3TB or above |
Operating System | Ubuntu Server 20.04 LTS or above |
26.2.3 Networking Requirements
26.2.3.1 Domain/Sub Domain and SSL Certificate (Optional)
You may provide a Domain / Sub Domain Name and SSL Certificate from a DNS Provider such as Cloudflare, Fasthosts etc, and create the following A records shown below: -
Type | Name** | Target Server | TTL |
A record | portal-ffc.mydomain.com | <<Primary Server Public IP Address>> | Auto |
A record | ws-ffc.mydomain.com | <<Secondary Server Public IP Address>> | Auto |
To further secure you servers, you are also encouraged to setup Firewall within your servers or your server provider platform, whichever is available. Be sure to fulfill the Firewall Rules listed in section 26.2.3.3.
FootfallCam will also require to remote access your servers during software installation, maintenance, update, and technical support, you are required to provide remote access for FootfallCam, which you will learn more later in section 26.3.2.
26.2.3.2 Servers in Private Network
If your servers are hosted in your own premises, with private network that is not accessible by public Internet connection, there are several methods to ensure the connectivity between FootfallCam Devices, both of your servers, and to FootfallCam Central Servers are able to establish:
-
Setup NAT or Port forwarding to both Primary and Secondary Servers (For devices accessing from external network).
-
Implement VPN Solution in every required location (E.g. Fortinet).
Make sure to fulfill the Firewall Rules listed in section 26.2.3.3.
FootfallCam will also require to remote access your servers during software installation, maintenance, update, and technical support, you are required to provide remote access for FootfallCam, which you will learn more later in section 26.3.2.
26.2.3.3 Firewall Rules
To ensure FootfallCam™ Solution is fully functional in on-premise environment, you are required to fulfill configure the following network requirements: -
INBOUND FIREWALL RULES
Source | Destination | Port and Protocol | Purpose |
FootfallCam™ Devices, Secondary Server, End User |
Primary Server |
8873 (HTTP) 8874 (HTTPS)** |
|
8881 (HTTP) 8882 (HTTPS)** |
|
||
FootfallCam™ Devices |
Secondary Server |
8080 (WS/WSS**) | Allows FootfallCam™ Device(s) to upload Space Occupancy data to the server. |
Primary Server | 22 (SSH) | Allows SSH terminal connection for FootfallCam™ Technical Personnel to perform software installation and maintenance when required. | |
8081 (HTTP/HTTPS**) | Allows Primary Server to communicate with secondary server for Live-data synchronization to Analytic Manager and configuration update. | ||
8089 |
Allow Analytic Manager Portal to authenticate with Keycloak. |
||
4000, 5432, 3030 |
Allow Analytic Manager to communicate with CubeJs |
||
8030(HTTP), 9030(HTTPS) |
Allow CubeJs to query Doris DB |
||
8089 |
Allow Analytic Manager Portal to authenticate with Keycloak. |
||
9888 |
Allow Secondary server to give access to the Druid Database dashboard that stored FootfallCam™ Devices Counting Data |
||
8082 (Flink) 8080 (Airflow) 8443, 6650, 6651 (pulsar) |
Allow Primary server to access Secondary server UI |
||
Primary Server, FootfallCam™ Devices |
9090 (Thingsboard) 9092 (Kafka) 2181 (Zookeeper) |
Allow Secondary Server to get data from FootfallCam™ Devices Allow Primary Server to access Thingsboard UI |
OUTBOUND FIREWALL RULES
Source |
Destination |
Port |
Purpose |
Primary Server,
|
198.244.207.93 |
80 (HTTP) 443 (HTTPS) 5000 |
To allow FootfallCam™ Analytic Manager in on-premise servers to communicate with FootfallCam™ Central Servers for the purpose of:
|
51.195.132.20 |
To allow FootfallCam™ Analytic Manager in on-premise servers to communicate with FootfallCam™ Central Servers for the purpose of:
|
||
51.89.155.156 |
To allow FootfallCam™ Analytic Manager in on-premise servers to communicate with FootfallCam™ Central Servers for the purpose of:
|
||
51.255.103.189 51.255.82.36 |
To allow FootfallCam™ Analytic Manager in on-premise servers to communicate with FootfallCam™ Central Servers for the purpose of:
|
||
https://download.docker.com |
|
To allow Docker to be download and install in your secondary server for the purpose of: - Allows developers to package and run FootfallCam applications in containers. - Allows developers to manage and monitor FootfallCam applications in containers. |
|
|
51.68.207.95 |
26 (SMTP) |
(Optional) Our SMTP Server in case client do not apply the client-side SMTP Server in the solution. |
If you are going to host FootfallCam™ Solution in a private network, do make sure your firewall rules are able to fulfill the following checklist:
-
FootfallCam™ Devices are able to communicate with both Primary and Secondary Servers.
-
Communication between Primary and Secondary Servers can be established.
26.3 Installing FootfallCam™ Solution
26.3.1 Server Installation Service
At the moment, FootfallCam™ does not provide any installation files for users to perform installation by themselves due to technical difficulty. Hence, a Server Installation Service can be paid so that FootfallCam™ can perform full software installation, which including:
-
Verify servers hardware resources aligned to system requirements.
-
Verify servers connectivity aligned to network requirements.
-
FootfallCam™ Analytic Manager V9 Installation and Configuration.
-
Microsoft SQL Server Installation** and Configuration (License not included).
-
Real Time Data Engine Installation and Configuration.
-
Druid Database Server Installation and Configuration.
-
Continuous software maintenance, update, and support.
You can learn more on requesting Server Installation Service in section 26.1.2 above.
26.3.2 Remote Access Requirements
In the event of software installation, server maintenance or technical issues related to FootfallCam™ devices, hosted software and modules, FootfallCam™ recommends our clients to provide Desktop Remote Access with a fixed access credential (ID and Password), available for 24/7, with given network access.
The reason that we required the Remote Desktop access with fixed credential are as below:
-
The time to perform the necessary work might be different between time zone users and the FootfallCam™ technical personnel, to avoid any delay of action, the unattended access is preferable to expedite the process.
-
To shorten the communication time needed for FootfallCam™ technical personnel with the IT administrator on-site, it's advisable that the password changing is not frequent, except necessary.
You may choose one of the following Remote Desktop Access method below:
Remote Access Method |
Instruction / Download Link |
Remote Desktop Connection (RDP) |
Click HERE for instruction on how to setup RDP in your Primary Server |
AnyDesk |
Click HERE to download and install the application to your Primary Server |
For servers that are hosted in a private network, unless you have chosen a Remote Access Solution such as AnyDesk, you are required to implement your preferred VPN services, and provide the appropriate access for FootfallCam™ Technical Specialists in favour of server installation and post-installation support.
After completing the above action, please include your credentials into the Server Installation Form before requesting for server installation service.