3. Deploy the Epic Service

This chapter includes instructions on how to deploy the Epic service in your environment.

Deploy the Vidyo Epic Services file

Use the following procedure to deploy the Vidyo Epic Services OVA file.

To deploy the Vidyo Epic Services file:

  1. In your VMWare environment, ensure that your machine provisioning meets the requirements in the Prerequisites section.
  2. Deploy the VidyoEpicServices OVA file in your VMWare environment.
  3. Power on the machine.
  4. Log in to the VMWare console with your default username (admin) and default password (password).
  5. Configure the following:
    1. IP address
    2. Subnet mask
    3. Default gateway
    4. DNS server(s)
    5. Server name and domain (Server FQDN)
  6. Reboot.

Set up a custom SSL certificate

You need the following to successfully set up a custom SSL certificate:

  • The Platform APIs
  • A PBX file with the certificate
  • An SSH private/public key pair

Note

How to generate an SSH key is outside the scope of this document.

To set up the custom SSL certificate:

  1. In the Vidyo Console, set up a VidyoPlatform API user.
  2. Use the SSL_InstallPFX API to install the PFX on the server. SSL_InstallPFX is used to install password protected .pfx files. You perform this install in two steps:
    1. Use the “VidyoUpload” Platform API to upload the .pfx file to the VidyoEvent Service server.
    2. kram@test-machine: ~$ cat name-of-file.pfx | ssh apiuser@10.10.10.10 VidyoUpload

      12+1 records in

      12+1 records out

      6261 bytes (6.3 kB, 6.1 KiB) copied, 0.000115537 s, 54.2 MB/s

      The second method is to pass a remote URL to the command:

      echo -n ********** | ssh apiuser@10.10.10.10 SSL_InstallPFX http://updates.vidyo.com/VidyoWebRTC/VidyoQA.com.pfx

      Cert: /C=US/ST=New Jersey/L=Hackensack/O=Vidyo, Inc./CN=*.vidyoqa.com

      Cert Chain: /C=US/O=DigiCert Inc/CN=DigiCert SHA2 Secure Server CA

      Cert Chain: /C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert Global Root CA

      CA Certs: 3

      WARNING: Skipping duplicate certificate self-cert.pem

    3. Run the SSL_InstallPFX Platform API to install the .pfx file.
    4. kram@test-machine: ~$ echo -n ********** | ssh apiuser@10.10.10.10 SSL_InstallPFX

      Cert: /C=US/ST=New Jersey/L=Hackensack/O=Vidyo, Inc./CN=*.vidyoqa.com

      Cert Chain: /C=US/O=DigiCert Inc/CN=DigiCert SHA2 Secure Server CA

      Cert Chain: /C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert Global Root CA

      CA Certs: 3

      WARNING: Skipping duplicate certificate self-cert.pem

    5. Reboot your server to apply the configurations.

Set up the VidyoPortal service

This section includes instructions on how to obtain the JWT authentication secret, generate a server token, and configure the VidyoPortal token-level Event service.

Obtain the JWT authentication secret

You can obtain a JWT Authentication Secret by either one of these methods:

Caution

If you have already configured the Vidyo Event Service with a JWT authentication secret, you must use the same secret here. Do not generate a new one; instead, skip this procedure and enter the secret in the Vidyo Service Console.

Generate the JWT authentication secret

The VidyoPortal can generate its own random authentication secret and return that back as part of a REST API response.

URL: /admin/api/v1/system/tenants/jwtAuthenticationSecret

Method: PUT

Authentication: Super credentials

Response body

Field Data type Mandatory Description
version String Y Defines the version of the API.
status String Y Defines the response status. For a successful response, its value will be “success”.
data Object Y This is the element which encapsulates the API response. For this API, its value is null.
Secret String Y This is the new authentication secret generated on the change of signing algorithm.

{

  "version":"1",

  "status":"success",

  "data": {

      “authenticationSecret”: [{,

         "secret": "asdfasdfasfLXZlcnktbG9uZy1zZWNyZXQta2V5LWZvci1zaWduaW5nLWp3dC10b2tlbnM=",

      }]

    }

}

HTTP status codes, error codes, and messages

HTTP response code Error code Error message Scenario
400 101017 Invalid request If signing algorithm name is valid. Any other request body validation failure.
404 101018 Singing algorithm not configured If signing algorithm is fetched while it is not configured at the tenant level.
404 101019 Authentication secret not configured If authentication secret is fetched while it is not configured at the tenant level.
403 N/A N/A Unauthorized user if anybody other than the Super Admin tries to access. Invalid tenant ID/FQDN.
500 101020 Internal server error Internal server error.

{

  "version":"1",

  "status":"failure",

  "error": {

      “code”: 101017,

      “message”: "Invalid request",

      “errors”: []

    }

}

Set a JWT authentication secret

Instead of letting the VidyoPortal generate its own random authentication secret and return that back as part of a REST API response, you can generate your own JWT authentication secret and use the same REST API to set it.

URL: /admin/api/v1/system/tenants/jwtAuthenticationSecret

Method: PUT

Authentication: Super credentials

Request body

Field Data type Mandatory Description Validations
  String N The authentication secret. For example:
2deC;p<V:3#p85?S3T#,4S] [qpJ6&7R-7KT(C"rET(:<HPr3

Validation of authentication secret. It must contain at least one:
• capital letter
• special character
• number

Length of authentication secret is dependent on JWT signing algorithm. For HS384, the size minimum is 48 characters.

Note: Should be encoded in Base64.

3gb5Zi3sDzs8oNAUiHlvd2SjBRZnnoAlQ3l1eIbEFlbsciNCglGuFw8sNNLyAEZb (BASE 64)

Response body

Field Data type Mandatory Description
version String Y Defines the version of the API.
status String Y Defines the response status. For a successful response, its value will be “success”.
data Object Y This is the element which encapsulates the API response. For this API, its value is null.
Secret String Y This is the new authentication secret generated on the change of signing algorithm.

HTTP status codes, error codes, and messages

HTTP response code Error code Error message Scenario
400 101017 Invalid request If signing algorithm name is valid. Any other request body validation failure.
404 101018 Singing algorithm not configured If signing algorithm is fetched while it is not configured at the tenant level.
404 101019 Authentication secret not configured If authentication secret is fetched while it is not configured at the tenant level.
403 N/A N/A Unauthorized user if anybody other than the Super Admin tries to access. Invalid tenant ID/FQDN.
500 101020 Internal server error Internal server error.

{

  "version":"1",

  "status":"failure",

  "error": {

      “code”: 101017,

      “message”: "Invalid request",

      “errors”: []

    }

}

Generate a server token

Use the following procedure to generate a server token.

To generate a server token:

  1. Log into the System Console.
  2. Go to Advanced > VidyoEpic > Security Management > Portal Token: [generate].



  3. Select OK. The Confirm page displays.



  4. Select Yes. The portal token is generated and appears on the Message page.



  5. Take note of the generated token (you will need it in the next procedure) and then click OK.

Configure the VidyoPortal token level Event service

This section provides the information you need to help you configure the VidyoPortal token level Event service, including the prerequisites for completing the setup and how to set the portal token on the VidyoPortal.

Setup prerequisites

To complete the setup, you will need the following:

Set the portal token on the VidyoPortal (REST API)

URL: https://{tenantFQDN}/admin/api/v1/serverTokens

Method: POST

Authentication: Super credentials

Request body

Field Data type Mandatory Description Validations
serverToken String Y Token is in GUID format

It is validated by GUID 8-3-3-3-12 characters (alphanumeric).

{

   "token": "c060aea2-5d5c-4792-b162-e7f6bfe5472d"

}

Response body

Field Data type Mandatory Description
version String Y Defines the version of the API.
status String Y Defines the response status. For a successful response, its value will be “success”.
data Object Y This is the element which encapsulates the API response. For this API, its value is null.

{

   "version": "1"

   "status": "success"

   "data": null

}

HTTP status codes, error codes, and messages

HTTP response code Error message Scenario
400 Bad request  
401 Unauthorized  
403 Forbidden
500 Internal server error Internal server error.

{

  "version":"1",

  "status":"failure",

  "error": {

      “code”: 101033,

      “message”: "Bad request",

      “errors”: []

    }

}

Configure the Vidyo Discovery service

The Vidyo Discovery Service is an optional component that can be configured on the same deployment of the Vidyo Epic Service. The Vidyo Discovery Service serves as a location to point endpoints to where they can discover where certain services are hosted; in this case, the Vidyo Epic Service. You can optionally choose to host this JSON file in another location instead of on the Vidyo Epic Service. If you choose to do so, just upload the JSON file to that location and skip to the Apply the custom parameters to your tenant section.

This section provides the information you require to configure the Vidyo Discovery Service:

Setup prerequisites

To complete the setup, you will need the following:

  • Vidyo Epic Service Public FQDN: This is the URL (public) that clients will use to interact with the Vidyo Epic Service.
  • VidyoPlatform API credentials: These are the VidyoPlatform API credentials to the Vidyo Epic Service. These will be used to invoke certain commands.

Create the Services file

You must create a file, services.json, with the following structure:

{

  "epicService": {

    "url":"https://vidyoepicservice.example.com/epic/api/v1",

    "isServiceAvailable": true

  }

}

Note

The “url": "https://vidyoepicservice.example.com/epic/api/v1" must be replaced with the Public FQDN of your deployed Vidyo Epic Service.

Upload the Services file

To upload the Services file:

  1. Log into the System Console.
  2. Set up a VidyoPlatform API user.
  3. Note

    To continue, you must have an SSH private/public key pair generated. How to do this is outside the scope of this document.

  4. Use the “VidyoUpload” Platform API to upload the services.json file to the Vidyo Epic Service server.
  5. kram@test-machine: ~$ cat services.json | ssh apiuser@10.10.10.10 VidyoUpload

    12+1 records in

    12+1 records out

    6261 bytes (1.0 kB, 1.0 KiB) copied, 0.000115537 s, 54.2 MB/s

  6. Run the “VidyoDiscovery” Platform API to update the file.
  7. kram@test-machine: ~$ ssh apiuser@10.10.10.10 VidyoDiscovery updateServices

  8. After the service file is updated, restart the service to apply the changes.
  9. kram@test-machine: ~$ ssh apiuser@10.10.10.10 VidyoDiscovery restart

  10. Verify the services.json file is available by going to the following path: https://vidyoepicservice.example.com/discovery/api/v1/services. You should see the content of the services.json file that you uploaded.

Apply the custom parameters to your tenant

To apply custom parameters to your tenant:

  1. Using the Custom Parameters menu, add the following entry (replacing vidyoepicservice.example.com with your service URL):
Auth Type Key Value
Registered vidyoCloudServicesURL https://vidyoepicservice.example.com/discovery/api/v1/services