Hosting Solution on Your Server

26.1 Getting started on hosting FootfallCam™ Solution

26.1.1 Introduction

Besides connecting your FootfallCam™ Devices to FootfallCam™ Cloud Servers, you can choose to host FootfallCam™ Solution into your on-premise servers. This option enables you to further securely store and complete control of data in their own premises, with the same methodology and functionality as the Cloud Servers provided by FootfallCam™. 

26.1.2 Requesting for FootfallCam™ Server Installation Service

FootfallCam™ Solution installation and setup can only be done by our FootfallCam™ Technical Specialists. Hence, you are required to order a Software Installation Service from us with one-off installation fee.

Below are the overall steps on deploying FootfallCam™ on-premise server on client site. 

STEP 1 - Identify/consult FootfallCam™ on on-premise server requirements and prepare server(s). 
STEP 2 - Order Software Installation Service and submit Server Installation Form to [email protected]. (Server Installation Form can be found at the bottom of this page)
STEP 3 - FootfallCam™ to schedule for server inspection and verify server hardware/network requirements. 
STEP 4 - FootfallCam™ to schedule and perform Software Installation session. 
STEP 5 - Setup account and bind devices in FootfallCam™Analytic Manager in their server(s).

Note

Payment must be made before FootfallCam™ performs the server inspection and software installation. You must ensure the server(s) met the mentioned requirements in the remaining article below unless consulted with FootfallCam™ Technical Specialists. 

It will take approximately 5 Working Days to complete the software installation depending on network conditions.

26.1.3 Overview of hosting FootfallCam™ Solution

To host FootfallCam™ Solution on-premise, you must prepare 2 server instances for hosting whole FootfallCam™ Solution: -

  • Microsoft Windows Server 2016+ (Window Server)

  • Ubuntu Server 20.04 (Ubuntu Server)

At the highest level, there are 4 major components that forms FootfallCam™ Solution, which is shown in the diagram and table below: 

Component Description Compatible OS
FootfallCam™ Analytic Manager V9

A core web application that allows user to view & generate analytics report, site & device management, and integration in accordance with user's needs into their own system, with addition of user access control, API ready for Import and Export.

Windows Server
Microsoft SQL Database Stores configuration data, user access data, and log data for FootfallCam™ Analytic Manager V9.  Windows Server
Real Time Data Engine

A collection of services that uses Apache Technologies to communicate, collect, process, and aggregate event-driven data from FootfallCam™ Devices via Websocket protocol, and output information to Druid Database.

Ubuntu Server
Druid Database

A storage medium for Real Time Data Engine to perform read/write operation with highest efficiency and speed possible. FootfallCam™ also uses this to create an end point that allows FootfallCam™ Analytic Manager V9 to access, manage, and present the data in the dashboard.

Ubuntu Server

26.1.4 Applications to be installed

Databases Function With
PostGresSQL

Keycloak, Thingsboard, Apache Airflow, Doris

Cassandra DB

ThingsBoard

Applications Function

Apache Pulsar

Data processing (real-time analytics)

Apache Flink

Data processing (real-time analytics)

Apache Ignite

Data processing (real-time analytics)

Apache Kafka-on-Pulsar 

Data processing (real-time analytics)

Keycloak(docker)

User Authentication

HaProxy

SSL Certification 

Cube JS

Works with Apache Doris to produce dashboard data

Apache Doris

Provides dashboard data

Thingsboard 

Orchestrate and visualize data workflows

Apache Airflow

Orchestrate and visualize data workflows

MariaDB

Database management system for storing, retrieving, and managing data

Novu

Microservice for managing multi-channel notifications

Postgres

Database management system for storing, retrieving, and managing data

Configuration Module

Microservice for configuring data and settings

Logging Module

Microservice for logging information such as engineering logs and error logs

Tag Module

Microservice for data tagging

Import Export Module

Microservice for importing and exporting data

IAM Module

Microservice for managing authentication, authorization and access control to resources

File Module

Microservice for uploading and downloading files

Message Module

Microservice for sending messages with different gateway

26.2 Preparing your servers

26.2.1 Choosing the right platform to host FootfallCam™ Solution

There are many cloud providers that can fulfill the requirement on hosting FootfallCam™ Solution, such as Amazon AWS, Microsoft Azure, Google Cloud, OVH Cloud, and many more, depending on the availability in your country or region. 

You may also choose to host FootfallCam™ Solution with your own on-premise servers with private network. Be sure to fulfill the network requirements, which you can learn more in Appendix A - Self-hosting Server Deployment Examples

26.2.2 System Requirements

A correct servers' specification is important to ensure the FootfallCam™ Solution is running reliably and consistently without compromised performance. Table below shows the system requirements for hosting FootfallCam™ Solution, corresponding to the number of FootfallCam™ Devices being supported: -

Item / Size Small Medium Large
FootfallCam™ Devices Count Up to 100 devices Up to 500 devices Up to 1000 devices
PRIMARY SERVER
CPU 8 Cores 64-bit 12 Cores 64-bit 16 Cores 64-bit
Memory 32GB or above 64GB or above 128GB or above
Storage** 500GB or above 1TB or above 2TB or above
Operating System Windows Server 2016 or above (Standard or Datacenter Edition)
SQL Server License Microsoft SQL Server 2016 or above (Standard or Enterprise Edition)
SECONDARY SERVER
CPU 16 Cores 64-bit 24 Cores 64-bit 32 Cores 64-bit
Memory 128GB or above 256GB or above 512GB or above
Storage** 1TB or above 2TB or above 3TB or above
Operating System Ubuntu Server 20.04 LTS or above

Note

We recommend you to deploy Solid State Drive (SSD) as the server storage for the best performance, which is about 20x faster than a conventional Hard Disk Drive (HDD) with better I/O throughput in a long run. 

The above shows the conventional way to host FootfallCam™ Solution with 2x standard servers / instances, disregard of which platform you have chosen. To learn more about other ways to host FootfallCam™ Solution, you are recommended to read Appendix A before deciding how you are going to deploy your servers. 

If you'd like to have more advanced on-premise infrastructure (e.g. High Availability, Scalable, etc.), or have any other inquiries on hosting custom on-premise servers, please contact [email protected] and consult our technical specialists to discuss on your requirements.

26.2.3 Networking Requirements

26.2.3.1 Domain/Sub Domain and SSL Certificate (Optional)

You may provide a Domain / Sub Domain Name and SSL Certificate from a DNS Provider such as Cloudflare, Fasthosts etc, and create the following A records shown below: -

Type Name** Target Server TTL
A record portal-ffc.mydomain.com <<Primary Server Public IP Address>> Auto
A record ws-ffc.mydomain.com <<Secondary Server Public IP Address>> Auto

Note

You can create any Name that align to your requirements, as long as there are hostnames that are reachable to both Primary and Secondary Servers.

To further secure you servers, you are also encouraged to setup Firewall within your servers or your server provider platform, whichever is available. Be sure to fulfill the Firewall Rules listed in section 26.2.3.3

FootfallCam will also require to remote access your servers during software installation, maintenance, update, and technical support, you are required to provide remote access for FootfallCam, which you will learn more later in section 26.3.2.

26.2.3.2 Servers in Private Network

If your servers are hosted in your own premises, with private network that is not accessible by public Internet connection, there are several methods to ensure the connectivity between FootfallCam Devices, both of your servers, and to FootfallCam Central Servers are able to establish: 

  • Setup NAT or Port forwarding to both Primary and Secondary Servers (For devices accessing from external network). 

  • Implement VPN Solution in every required location (E.g. Fortinet). 

Make sure to fulfill the Firewall Rules listed in section 26.2.3.3.

FootfallCam will also require to remote access your servers during software installation, maintenance, update, and technical support, you are required to provide remote access for FootfallCam, which you will learn more later in section 26.3.2.

26.2.3.3 Firewall Rules

To ensure FootfallCam™ Solution is fully functional in on-premise environment, you are required to fulfill configure the following network requirements: -

INBOUND FIREWALL RULES

Source Destination Port and Protocol Purpose
FootfallCam™ Devices,
Secondary Server,
End User
Primary Server

8873 (HTTP)

8874 (HTTPS)**

  • Allows FootfallCam™ Devices to get firmware updates when it becomes available.
  • Allows Secondary Server to get module updates when it becomes available.
  • Enable user access to Analytic Manager Portal Page. 

8881 (HTTP)

8882 (HTTPS)**

  • Allows FootfallCam™ Devices to push counting data to Analytic Manager.
  • Allows Secondary Server to perform Live-data synchronization to Analytic Manager and configuration update.
  • Certain pages are required to access this port when user accessing the portal. 
FootfallCam™ Devices

Secondary Server

8080 (WS/WSS**) Allows FootfallCam™ Device(s) to upload Space Occupancy data to the server.
Primary Server 22 (SSH) Allows SSH terminal connection for FootfallCam™ Technical Personnel to perform software installation and maintenance when required. 
8081 (HTTP/HTTPS**) Allows Primary Server to communicate with secondary server for Live-data synchronization to Analytic Manager and configuration update. 

8089

Allow Analytic Manager Portal to authenticate with Keycloak.

4000, 5432, 3030

Allow Analytic Manager to communicate with CubeJs

8030(HTTP), 9030(HTTPS)

Allow CubeJs to query Doris DB

8089

Allow Analytic Manager Portal to authenticate with Keycloak.

9888

Allow Secondary server to give access to the Druid Database dashboard that stored FootfallCam™ Devices Counting Data

8082 (Flink) 8080 (Airflow) 8443, 6650, 6651 (pulsar)

Allow Primary server to access Secondary server UI

Primary Server, FootfallCam™ Devices

9090 (Thingsboard) 9092 (Kafka) 2181 (Zookeeper)

Allow Secondary Server to get data from FootfallCam™ Devices 

Allow Primary Server to access Thingsboard UI

Note

You may choose to implement SSL connections by preparing SSL Certificate and a Domain Name prior to proceeding Software Installation Service. You are required to notify FootfallCam™ by: 

  • Mention the requirement in Server Installation Form. 

  • Emailing us at [email protected] (Post-server installation).

OUTBOUND FIREWALL RULES

Source

Destination

Port

Purpose

Primary Server, 
Secondary Server

 

198.244.207.93

80 (HTTP)

443 (HTTPS)

5000

To allow FootfallCam™ Analytic Manager in on-premise servers to communicate with FootfallCam™ Central Servers for the purpose of:

  • Remote device tuning process will require video files to be transferred back to central server.
  • Configuration and basic data backups in case of data loss due to e.g. Hardware failure, etc.

51.195.132.20

To allow FootfallCam™ Analytic Manager in on-premise servers to communicate with FootfallCam™ Central Servers for the purpose of:

  • Configuration and basic data backups in case of data loss due to e.g. Hardware failure, etc.

51.89.155.156
141.95.144.51

To allow FootfallCam™ Analytic Manager in on-premise servers to communicate with FootfallCam™ Central Servers for the purpose of:

  • Servers' Health Check (Online Status, Storage, Version)
  • Getting latest update from FootfallCam docker hub for Analytic Manager Module and Sub Module.to apply bug fixes and release new features.

51.255.103.189

51.255.82.36

To allow FootfallCam™ Analytic Manager in on-premise servers to communicate with FootfallCam™ Central Servers for the purpose of: 

  • Continuous software update for performance optimization and bug fixes.

https://download.docker.com

 

To allow Docker to be download and install in your secondary server for the purpose of:

- Allows developers to package and run FootfallCam applications in containers.

- Allows developers to manage and monitor FootfallCam applications in containers.

 

51.68.207.95

26 (SMTP)

(Optional) Our SMTP Server in case client do not apply the client-side SMTP Server in the solution.  

If you are going to host FootfallCam™ Solution in a private network, do make sure your firewall rules are able to fulfill the following checklist: 

  • FootfallCam™ Devices are able to communicate with both Primary and Secondary Servers. 

  • Communication between Primary and Secondary Servers can be established. 

Important

Failing to comply with the network requirements above will affect the automated processes offered by FootfallCam™ such as: 

  • FootfallCam™ may not able to complete the Verification process within the given SLA. 

  • FootfallCam™ may not able to provide proactive support such as monitoring the server(s) health check, services status, data health check, and devices health check. 

  • FootfallCam™ Analytic Manager hosted in on-premise server may not be able to receive latest patches and security updates. 

  • FootfallCam™ may not be able to perform daily backup on the data from client's on-premise database and configuration.

26.3 Installing FootfallCam™ Solution

26.3.1 Server Installation Service

At the moment, FootfallCam™ does not provide any installation files for users to perform installation by themselves due to technical difficulty. Hence, a Server Installation Service can be paid so that FootfallCam™ can perform full software installation, which including: 

  • Verify servers hardware resources aligned to system requirements. 

  • Verify servers connectivity aligned to network requirements. 

  • FootfallCam™ Analytic Manager V9 Installation and Configuration. 

  • Microsoft SQL Server Installation** and Configuration (License not included). 

  • Real Time Data Engine Installation and Configuration. 

  • Druid Database Server Installation and Configuration. 

  • Continuous software maintenance, update, and support. 

You can learn more on requesting Server Installation Service in section 26.1.2 above.

Note

FootfallCam™ will only perform installation with Microsoft SQL Server Express Edition if client did not provide any license. If you have prepared an Microsoft SQL Server License, you must pre-install Microsoft SQL Server Software in your Primary Server before handing out to FootfallCam™ Software Installation process. 

If data migration is required in case of server / hardware / Microsoft SQL License changes, additional charges may apply.

26.3.2 Remote Access Requirements

In the event of software installation, server maintenance or technical issues related to FootfallCam™ devices, hosted software and modules, FootfallCam™ recommends our clients to provide Desktop Remote Access with a fixed access credential (ID and Password), available for 24/7, with given network access.

The reason that we required the Remote Desktop access with fixed credential are as below:

  • The time to perform the necessary work might be different between time zone users and the FootfallCam™ technical personnel, to avoid any delay of action, the unattended access is preferable to expedite the process.

  • To shorten the communication time needed for FootfallCam™ technical personnel with the IT administrator on-site, it's advisable that the password changing is not frequent, except necessary. 

You may choose one of the following Remote Desktop Access method below:

Remote Access Method

Instruction / Download Link

Remote Desktop Connection (RDP)

Click HERE for instruction on how to setup RDP in your Primary Server

AnyDesk

Click HERE to download and install the application to your Primary Server

For servers that are hosted in a private network, unless you have chosen a Remote Access Solution such as AnyDesk, you are required to implement your preferred VPN services, and provide the appropriate access for FootfallCam™ Technical Specialists in favour of server installation and post-installation support. 

After completing the above action, please include your credentials into the Server Installation Form before requesting for server installation service. 

Note

You MUST provide the username and password of the Secondary Server with root permission to FootfallCam™. Please include the credentials into Server Installation Form.

If you are concerning on the security of your premises, you may choose to opt out from providing remote access 24/7 to FootfallCam™ TWO months after the completion of the project rollout, and only re-enable the remote access if FootfallCam™ is requesting to access the server in case of critical maintenance work is required.

 

 

Updated on December 11, 2024

Article Attachments