26.1 Getting started on hosting FootfallCam™ Solution
26.1.1 Introduction
Besides connecting your FootfallCam™ Devices to FootfallCam™ Cloud Servers, you can choose to host FootfallCam™ Solution into your on-premise servers. This option enables you to further securely store and complete control of data in their own premises, with the same methodology and functionality as the Cloud Servers provided by FootfallCam™.
26.1.2 Requesting for FootfallCam™ Server Installation Service
FootfallCam™ Solution installation and setup can only be done by our FootfallCam™ Technical Specialists. Hence, you are required to order a Software Installation Service from us with one-off installation fee.
Below are the overall steps on deploying FootfallCam™ on-premise server on client site.
STEP 1 - Identify/consult FootfallCam™ on on-premise server requirements and prepare server(s).
STEP 2 - Order Software Installation Service and submit Server Installation Form to [email protected]. (Server Installation Form can be found at the bottom of this page)
STEP 3 - FootfallCam™ to schedule for server inspection and verify server hardware/network requirements.
STEP 4 - FootfallCam™ to schedule and perform Software Installation session.
STEP 5 - Setup account and bind devices in FootfallCam™Analytic Manager in their server(s).
Payment must be made before FootfallCam™ performs the server inspection and software installation. You must ensure the server(s) met the mentioned requirements in the remaining article below unless consulted with FootfallCam™ Technical Specialists. It will take approximately 5 Working Days to complete the software installation depending on network conditions.
26.1.3 Overview of hosting FootfallCam™ Solution
To host FootfallCam™ Solution on-premise, you must prepare 2 server instances for hosting whole FootfallCam™ Solution: -
-
Microsoft Windows Server 2016+ (Window Server)
-
Ubuntu Server 20.04 (Ubuntu Server)
At the highest level, there are 4 major components that forms FootfallCam™ Solution, which is shown in the diagram and table below:
| Component | Description | Compatible OS |
| FootfallCam™ Analytic Manager V9 |
A core web application that allows user to view & generate analytics report, site & device management, and integration in accordance with user's needs into their own system, with addition of user access control, API ready for Import and Export. |
Windows Server |
| Microsoft SQL Database | Stores configuration data, user access data, and log data for FootfallCam™ Analytic Manager V9. | Windows Server |
| Real Time Data Engine |
A collection of services that uses Apache Technologies to communicate, collect, process, and aggregate event-driven data from FootfallCam™ Devices via Websocket protocol, and output information to Druid Database. |
Ubuntu Server |
| Druid Database |
A storage medium for Real Time Data Engine to perform read/write operation with highest efficiency and speed possible. FootfallCam™ also uses this to create an end point that allows FootfallCam™ Analytic Manager V9 to access, manage, and present the data in the dashboard. |
Ubuntu Server |
26.1.4 Applications to be installed
| Databases | Function With |
| PostGresSQL |
Keycloak, Thingsboard, Apache Airflow, Doris |
| Cassandra DB |
ThingsBoard |
| Applications | Function |
|
Apache Pulsar |
Data processing (real-time analytics) |
|
Apache Flink |
Data processing (real-time analytics) |
|
Apache Ignite |
Data processing (real-time analytics) |
|
Apache Kafka-on-Pulsar |
Data processing (real-time analytics) |
|
Keycloak(docker) |
User Authentication |
|
HaProxy |
SSL Certification |
|
Cube JS |
Works with Apache Doris to produce dashboard data |
|
Apache Doris |
Provides dashboard data |
|
Apache Druid |
Data warehousing, real-time ingestion, and interactive querying |
|
Thingsboard |
Orchestrate and visualize data workflows |
|
Apache Airflow |
Orchestrate and visualize data workflows |
|
MariaDB |
Database management system for storing, retrieving, and managing data |
|
Novu |
Microservice for managing multi-channel notifications |
|
Postgres |
Database management system for storing, retrieving, and managing data |
|
Airbytes |
Data pipeline platform for moving data from any source to any destination |
|
Configuration Module |
Microservice for configuring data and settings |
|
Logging Module |
Microservice for logging information such as engineering logs and error logs |
|
Tag Module |
Microservice for data tagging |
|
Import Export Module |
Microservice for importing and exporting data |
|
IAM Module |
Microservice for managing authentication, authorization and access control to resources |
|
File Module |
Microservice for uploading and downloading files |
|
Message Module |
Microservice for sending messages with different gateway |
26.2 Preparing your servers
26.2.1 Choosing the right platform to host FootfallCam™ Solution
There are many cloud providers that can fulfill the requirement on hosting FootfallCam™ Solution, such as Amazon AWS, Microsoft Azure, Google Cloud, OVH Cloud, and many more, depending on the availability in your country or region.
You may also choose to host FootfallCam™ Solution with your own on-premise servers with private network. Be sure to fulfill the network requirements, which you can learn more in Appendix A - Self-hosting Server Deployment Examples.
26.2.2 System Requirements
A correct servers' specification is important to ensure the FootfallCam™ Solution is running reliably and consistently without compromised performance. Table below shows the system requirements for hosting FootfallCam™ Solution, corresponding to the number of FootfallCam™ Devices being supported: -
| Item / Size | Small | Medium | Large |
| FootfallCam™ Devices Count | Up to 100 devices | Up to 500 devices | Up to 1000 devices |
| PRIMARY SERVER | |||
| CPU | 8 Cores 64-bit | 12 Cores 64-bit | 16 Cores 64-bit |
| Memory | 32GB or above | 64GB or above | 128GB or above |
| Storage** | 500GB or above | 1TB or above | 2TB or above |
| Operating System | Windows Server 2016 or above (Standard or Datacenter Edition) | ||
| SQL Server License | Microsoft SQL Server 2016 or above (Standard or Enterprise Edition) | ||
| SECONDARY SERVER | |||
| CPU | 16 Cores 64-bit | 24 Cores 64-bit | 32 Cores 64-bit |
| Memory | 128GB or above | 256GB or above | 512GB or above |
| Storage** | 1TB or above | 2TB or above | 3TB or above |
| Operating System | Ubuntu Server 20.04 LTS or above | ||
We recommend you to deploy Solid State Drive (SSD) as the server storage for the best performance, which is about 20x faster than a conventional Hard Disk Drive (HDD) with better I/O throughput in a long run. The above shows the conventional way to host FootfallCam™ Solution with 2x standard servers / instances, disregard of which platform you have chosen. To learn more about other ways to host FootfallCam™ Solution, you are recommended to read Appendix A before deciding how you are going to deploy your servers. If you'd like to have more advanced on-premise infrastructure (e.g. High Availability, Scalable, etc.), or have any other inquiries on hosting custom on-premise servers, please contact [email protected] and consult our technical specialists to discuss on your requirements.
26.2.3 Networking Requirements
26.2.3.1 Domain/Sub Domain and SSL Certificate (Optional)
You may provide a Domain / Sub Domain Name and SSL Certificate from a DNS Provider such as Cloudflare, Fasthosts etc, and create the following A records shown below: -
| Type | Name** | Target Server | TTL |
| A record | portal-ffc.mydomain.com | <<Primary Server Public IP Address>> | Auto |
| A record | ws-ffc.mydomain.com | <<Secondary Server Public IP Address>> | Auto |
You can create any Name that align to your requirements, as long as there are hostnames that are reachable to both Primary and Secondary Servers.
To further secure you servers, you are also encouraged to setup Firewall within your servers or your server provider platform, whichever is available. Be sure to fulfill the Firewall Rules listed in section 26.2.3.3.
FootfallCam will also require to remote access your servers during software installation, maintenance, update, and technical support, you are required to provide remote access for FootfallCam, which you will learn more later in section 26.3.2.
26.2.3.2 Servers in Private Network
If your servers are hosted in your own premises, with private network that is not accessible by public Internet connection, there are several methods to ensure the connectivity between FootfallCam Devices, both of your servers, and to FootfallCam Central Servers are able to establish:
-
Setup NAT or Port forwarding to both Primary and Secondary Servers (For devices accessing from external network).
-
Implement VPN Solution in every required location (E.g. Fortinet).
Make sure to fulfill the Firewall Rules listed in section 26.2.3.3.
FootfallCam will also require to remote access your servers during software installation, maintenance, update, and technical support, you are required to provide remote access for FootfallCam, which you will learn more later in section 26.3.2.
26.2.3.3 Firewall Rules
To ensure FootfallCam™ Solution is fully functional in on-premise environment, you are required to fulfill configure the following network requirements: -
INBOUND FIREWALL RULES
| Source | Destination | Port and Protocol | Purpose |
| FootfallCam™ Devices, Secondary Server, End User |
Primary Server |
8873 (HTTP) 8874 (HTTPS)** |
|
|
8881 (HTTP) 8882 (HTTPS)** |
|
||
| FootfallCam™ Devices |
Secondary Server |
8080 (WS/WSS**) | Allows FootfallCam™ Device(s) to upload Space Occupancy data to the server. |
| Primary Server | 22 (SSH) | Allows SSH terminal connection for FootfallCam™ Technical Personnel to perform software installation and maintenance when required. | |
| 8081 (HTTP/HTTPS**) | Allows Primary Server to communicate with secondary server for Live-data synchronization to Analytic Manager and configuration update. | ||
|
8089 |
Allow Analytic Manager Portal to authenticate with Keycloak. |
||
|
4000, 5432, 3030 |
Allow Analytic Manager to communicate with CubeJs |
||
|
8030(HTTP), 9030(HTTPS) |
Allow CubeJs to query Doris DB |
||
|
8089 |
Allow Analytic Manager Portal to authenticate with Keycloak. |
||
|
9888 |
Allow Secondary server to give access to the Druid Database dashboard that stored FootfallCam™ Devices Counting Data |
||
|
8082 (Flink) 8080 (Airflow) 8443, 6650, 6651 (pulsar) |
Allow Primary server to access Secondary server UI |
||
|
Primary Server, FootfallCam™ Devices |
9090 (Thingsboard) 9092 (Kafka) 2181 (Zookeeper) |
Allow Secondary Server to get data from FootfallCam™ Devices Allow Primary Server to access Thingsboard UI |
You may choose to implement SSL connections by preparing SSL Certificate and a Domain Name prior to proceeding Software Installation Service. You are required to notify FootfallCam™ by: Mention the requirement in Server Installation Form. Emailing us at [email protected] (Post-server installation).
OUTBOUND FIREWALL RULES
|
Source |
Destination |
Port |
Purpose |
|
Primary Server,
|
198.244.207.93 |
80 (HTTP) 443 (HTTPS) 5000 |
To allow FootfallCam™ Analytic Manager in on-premise servers to communicate with FootfallCam™ Central Servers for the purpose of:
|
|
51.195.132.20 |
To allow FootfallCam™ Analytic Manager in on-premise servers to communicate with FootfallCam™ Central Servers for the purpose of:
|
||
|
51.89.155.156 |
To allow FootfallCam™ Analytic Manager in on-premise servers to communicate with FootfallCam™ Central Servers for the purpose of:
|
||
|
51.255.103.189 51.255.82.36 |
To allow FootfallCam™ Analytic Manager in on-premise servers to communicate with FootfallCam™ Central Servers for the purpose of:
|
||
|
https://download.docker.com |
|
To allow Docker to be download and install in your secondary server for the purpose of: - Allows developers to package and run FootfallCam applications in containers. - Allows developers to manage and monitor FootfallCam applications in containers. |
|
|
|
51.68.207.95 |
26 (SMTP) |
(Optional) Our SMTP Server in case client do not apply the client-side SMTP Server in the solution. |
If you are going to host FootfallCam™ Solution in a private network, do make sure your firewall rules are able to fulfill the following checklist:
-
FootfallCam™ Devices are able to communicate with both Primary and Secondary Servers.
-
Communication between Primary and Secondary Servers can be established.
Failing to comply with the network requirements above will affect the automated processes offered by FootfallCam™ such as:
-
FootfallCam™ may not able to complete the Verification process within the given SLA.
-
FootfallCam™ may not able to provide proactive support such as monitoring the server(s) health check, services status, data health check, and devices health check.
-
FootfallCam™ Analytic Manager hosted in on-premise server may not be able to receive latest patches and security updates.
-
FootfallCam™ may not be able to perform daily backup on the data from client's on-premise database and configuration.
26.3 Installing FootfallCam™ Solution
26.3.1 Server Installation Service
At the moment, FootfallCam™ does not provide any installation files for users to perform installation by themselves due to technical difficulty. Hence, a Server Installation Service can be paid so that FootfallCam™ can perform full software installation, which including:
-
Verify servers hardware resources aligned to system requirements.
-
Verify servers connectivity aligned to network requirements.
-
FootfallCam™ Analytic Manager V9 Installation and Configuration.
-
Microsoft SQL Server Installation** and Configuration (License not included).
-
Real Time Data Engine Installation and Configuration.
-
Druid Database Server Installation and Configuration.
-
Continuous software maintenance, update, and support.
You can learn more on requesting Server Installation Service in section 26.1.2 above.
FootfallCam™ will only perform installation with Microsoft SQL Server Express Edition if client did not provide any license. If you have prepared an Microsoft SQL Server License, you must pre-install Microsoft SQL Server Software in your Primary Server before handing out to FootfallCam™ Software Installation process.
If data migration is required in case of server / hardware / Microsoft SQL License changes, additional charges may apply.
26.3.2 Remote Access Requirements
In the event of software installation, server maintenance or technical issues related to FootfallCam™ devices, hosted software and modules, FootfallCam™ recommends our clients to provide Desktop Remote Access with a fixed access credential (ID and Password), available for 24/7, with given network access.
The reason that we required the Remote Desktop access with fixed credential are as below:
-
The time to perform the necessary work might be different between time zone users and the FootfallCam™ technical personnel, to avoid any delay of action, the unattended access is preferable to expedite the process.
-
To shorten the communication time needed for FootfallCam™ technical personnel with the IT administrator on-site, it's advisable that the password changing is not frequent, except necessary.
You may choose one of the following Remote Desktop Access method below:
|
Remote Access Method |
Instruction / Download Link |
|
Remote Desktop Connection (RDP) |
Click HERE for instruction on how to setup RDP in your Primary Server |
|
AnyDesk |
Click HERE to download and install the application to your Primary Server |
For servers that are hosted in a private network, unless you have chosen a Remote Access Solution such as AnyDesk, you are required to implement your preferred VPN services, and provide the appropriate access for FootfallCam™ Technical Specialists in favour of server installation and post-installation support.
After completing the above action, please include your credentials into the Server Installation Form before requesting for server installation service.
You MUST provide the username and password of the Secondary Server with root permission to FootfallCam™. Please include the credentials into Server Installation Form. If you are concerning on the security of your premises, you may choose to opt out from providing remote access 24/7 to FootfallCam™ TWO months after the completion of the project rollout, and only re-enable the remote access if FootfallCam™ is requesting to access the server in case of critical maintenance work is required.