...
You can use several types of servers for deployment, each performing different roles in the architecture:
| Server role | Minimum requirements | Function and purpose |
|---|
| Axxon One (one or three servers) | - OS: Linux Ubuntu LTS 22.04/20.04
- CPU: 4 cores (vCPU), ~2.5 GHz (x86-64)
- RAM: 16 GB
- SSD: 256 GB for OS and additional software
- Network: SSH, open ports 80 (HTTP), 443 (HTTPS)
| Peripheral servers for video processing and on-site analytics. The number is determined by the required fault tolerance |
| AxxonNet (one or three servers) | - OS: Linux Ubuntu LTS 22.04/20.04
- CPU: 4 cores (vCPU), ~2.5 GHz (x86-64)
- RAM: 16 GB
- SSD: 300 GB for OS and additional software
- Network: SSH, open ports 80, 443
| Control center. Provides a unified interface, user management, and integration |
| Service domain (optional) | - OS: Linux Ubuntu LTS 22.04/20.04
- CPU: 4 cores (vCPU), ~2.5 GHz (x86-64)
- RAM: 8 GB
- SSD: 256 GB for OS and additional software
- Network: SSH
| Hosting of supporting services (for example, portal, documentation) |
| Database servers | - OS: Linux Ubuntu LTS 22.04/20.04
- CPU: 4 cores (vCPU), ~2.5 GHz (x86-64)
- RAM: 32 GB
- SSD: 500 GB for OS and additional software
- Network: SSH
| For deploying PostgreSQL, ClickHouse, and other DBMSs. Disk requirements depend on the archive size |
License Server (if hosted locally, see Private License Server) | - OS: Linux Ubuntu LTS 22.04/20.04
- CPU: 4 cores (vCPU), ~2.5 GHz (x86-64)
- RAM: 8 GB
- SSD: 150 GB for OS and additional software
- USB port for hardware key
- Network: SSH
| Alternatively, you can use AxxonSoft’s corporate cloud license server (see Public License Server) |
Requirements for video archive storage systems
| Storage type | Requirements and supported solutions |
|---|
Object storage (S3-compatible) | Direct integration with cloud and local S3 solutions to create a horizontally scalable archive. Public cloud services: Private/Hybrid solutions: - MinIO for deployment in private infrastructure
|
| Network-attached storage (NAS) | Usage of classic network storage devices using standard protocols. - NAS system with a shared network partition
- Access via a network path (UNC) for all Axxon One servers
- Supported protocols: NFS (Linux/Unix OS), SMB/CIFS (Windows OS)
|
Required settings of the host system and network
These settings are critical for the correct deployment and operation of the platform:
| Parameter | Requirements |
|---|
| Security and access |
| Responsibility | Security of host systems (including hypervisors) is provided by the customer |
| Interserver traffic | All network connections must be allowed between all project servers (without firewall restrictions): All traffic between the hosts is allowed All servers are accessible to each other over the network There are no port restrictions between servers There is no firewall between the servers
|
| SSH access | Required for installation and administration on Linux servers |
| Firewall | UFW is not supported and must be disabled in the OS. If necessary, you can configure the rules via iptables |
| Network configuration |
| Open ports | The following ports are open and added to the Firewall permissions: - Incoming/Outgoing: 22 (SSH), 80 (HTTP), 443 (HTTPS)
- Outgoing: Access from monitoring proxy hosts (from hosts running Zabbix proxy) to port 10051 of the external AxxonSoft monitoring service based on Zabbix (m.itdep.net)
- Incoming: on the local network to port 10051 of the host running Zabbix Proxy
|
| Internet access | All servers must have full internet access (for installing updates, licenses, certificates, and others) |
| Time synchronization (NTP) | All servers must have an NTP server configured and functioning correctly |
| Time zone | All servers must have the required time zone set |
| Infrastructure services (delivery options) |
| License Server | - AxxonSoft provides access to a corporate license server. This server must be accessible from all Axxon One servers
- License Server is deployed on the customer's premises
|
| Domain name | - AxxonSoft provides a name like <clientname>-demo.axxoncloud.com
- The customer provides a domain name with an A/CNAME DNS record that links to the IP address of the AxxonNet server
|
| SSL certificate for a domain name | - AxxonSoft provides a Let's Encrypt certificate. Ports 443 and 80 must be open for the Let's Encrypt servers. No action on the part of the customer is required.
- The customer provides a valid SSL certificate and private key for the domain name used
|
| Mail server | - The customer provides the SMTP mail server and its data:
- IP address of the SMTP server,
- connection port,
- login and password,
- email that will send emails as AxxonNet,
- access from the AxxonNet server to the mail server (no port restriction).
- The customer provides a Mailjet account (if there is no SMTP mail server):
- the customer registers a Mailjet account with any pricing plan and provides login/password,
the customer adds SPF/DKIM records to the DNS zone for AxxonNet, the customer adds the TXT login record to the DNS zone for AxxonNet.
| Info |
|---|
| AxxonSoft can help with Mailjet setup, but it is necessary to have access to the DNS settings. |
- AxxonSoft provides a Mailjet account only for demo installations. In this case, the customer provides access to the Mailjet servers via ports 25 and 587
|
| Remote access |
| Procedure of remote access for support | For deployment and support work, AxxonSoft engineers require remote access to servers. The following methods are supported (in order of priority): - Direct SSH access to servers (preferred).
- SSH access via VPN to the customer's network.
- RDP connection to a dedicated host on the customer's network, followed by SSH access to the servers.
- VPN connection to the RDP host, then SSH to the servers
| Note |
|---|
| TeamViewer, AnyDesk and other similar remote access options aren't supported. |
|
