Verba PowerShell Deployment Toolkit
The Verba PowerShell Deployment Toolkit simplifies the process of the Verba deployments and upgrades in large environments. The toolkit consists of two PowerShell files:
- autoinstall.ps1 : Configurable PowerShell script for uninstalling, installing and upgrading Verba servers and components.
- verba-*.psm1 : A PowerShell library which contains a collection of functions usable for Verba deployments. For the documentation of the functions see: Verba PowerShell Deployment Library
Preparations
Verba Prerequisites
The Verba PowerShell Deployment Toolkit does not install the prerequisites of the Verba services (Java, Visual C++, etc.) nor does the registration of the SfB/Lync Filter application in the SfB/Lync pool. These have to be done manually.
Group Memberships
The Windows User who runs the script (logged in to the server) must be added to the following local groups at all Verba servers.
- Administrators
- Remote Management Users
Database
If database mirroring is used, make sure that the primary database (based on the Verba configuration) is the principal!
Configuration
The Verba PowerShell Deployment Toolkit can be configured by editing the autoinstall.ps1 file. The configuration part can be found at the beginning of the file, between the "Configuration" and "End of configuration" lines (except the $Servers variable). Edit the values of the following variables:
Variable | Description | Example value |
---|---|---|
[string]$InstallerPath | A network folder that contains the Verba executables (VerbaRecording.msi, VerbaAdditionalRoles.msi). The network folder has to be accessible for the windows user which is used for running the script. | "\\storage\Verba\8.8\" |
[string]$TempPath | The folder path for temporary files. This folder will be created on each server. | "C:\verba_install\" |
[string]$AppPath | Verba installation directory. | "C:\Program Files\Verba\" |
[bool]$Test | Tests the servers
| $true |
[bool]$Uninstall | Sets whether the script will uninstall the specified servers. The script removes the Verba software, the registry set and the files from the server. This setting is ignored when $Upgrade=$true is used. | $false |
[bool]$Install | Installs the Verba application on the servers. This setting is ignored when $Upgrade=$true is used. | $false |
[bool]$BackupConfiguration | Backups the list of the activated services and the registry from the servers. The filenames going to be the hostnames of the servers. If the files already exist, the filename going to end with .bak. This setting is ignored when $Upgrade=$true is used. | $false |
[bool]$RestoreConfiguration | Restores the list of the activated services and the registry from the files named with the corresponding server hostnames. This setting is ignored when $Upgrade=$true is used. | $false |
[bool]$Upgrade | Sets whether the script will upgrade the specified servers. The upgrade involves the following process:
If turned on, then the $Uninstall, $Install, $Backupconfiguration and $Restoreconfiguration values will be ignored. | $false |
[bool]$KeepLogs | Sets whether the script should remove the log folder in case of uninstalling or upgrading. | $false |
[bool]$ResetAPIPassword | Set to $true if you want to reset the API user's password. It is recommended when you are upgrading from 8.x. | $false |
[bool]$RemoveLegacyCertificateSettings | Set to $true if you want to delete old legacy certificate settings from the profiles. It is recommended when you are upgrading from 8.x. | $false |
[bool]$SkipNodeRegistrationCheck | Set $true if you want to skip the node registration check, so the script will register the Servers with NETBIOS name by default. It is recommended if you are upgrading from 8.x. | $false |
[bool]$UpdateIMFormat | Set to $true if you want to update the old IM schema in the database. It is recommended when you are upgrading from 8.x. Depending on the amount of recordings, this process can take a while. | $false |
[string]$APIUsername | Verba API username. | "verbaapi" |
[string]$APIPassword | Verba API password. | "P@ssw0rd" |
[string]$AdministratorUsername | Verba Administrator username. | "administrator" |
[string]$AdministratorPassword | Verba Administrator password. | "P@ssw0rd" |
[string]$SSLCertificateSubject | The subject of the SSL certificate generated for the Web Application. The script will generate a self-signed certificate with this subject. | "testmr1.verbatest.local" |
[int]$StartupType | The startup type of the Verba services:
| 2 |
[string]$ServiceUsername | The Windows domain account used as a service account in the case of the Verba SfB/Lync Filter installation. | "contoso\verba-service" |
[string]$ServicePassword | The password of the Windows domain account. | "P@ssw0rd" |
[string]$DatabaseHost | The hostname of the server where the Verba database hosted. | "SQLSERVER" |
[string]$DatabaseName | The name of the Verba database. | "Verba" |
[bool]$SQLAuth | Sets whether SQL Authentication will be used for the SQL connection. If set to 0, then Windows authentication will be used for the SQL connection. | $true |
[string]$DatabaseUsername | Username for the SQL connection. If the $sqlAuth setting is set to 1, then a SQL user has to be provided. If the $sqlAuth setting is set to 0, then a Windows domain user has to be provided in "domain\user" format. | "verba-user" |
[string]$DatabasePassword | The password of the SQL connection. | "P@ssw0rd" |
[bool]$MultiSubnetFailover | Set to $true, if Always-On database is being used with Multi-Subnet Failover. | $false |
[bool]$DBPartitioning | Set to $true, if you want to turn on database partitioning. This improves the performance in the case of large databases. | $true |
[bool]$EncryptedPasswords | #Set to $true, if you are providing the passwords ($APIPassword, $AdministratorPassword, $ServicePassword, $DatabasePassword, and -SSLCertificatePassword at the $Servers) in encrypted format | $false |
[bool]$EnableCloudMode | Experimental feature. Sets whether cloud mode will be used for the Node Manager | $false |
[string]$MRPoolName | Experimental feature. The Media Repository pool name. | "testmr1" |
[int]$MRPortNumber | Experimental feature. The port used at the Media Repository for the incoming registration requests. | 4432 |
[string]$TokenPassword | Experimental feature. The password of the registration token. | "P@ssw0rd" |
Server configuration
The servers can be configured not at the beginning of the script, but below, at line 133. The $Servers variable is an array of VerbaServer objects. New items can be added with the New-VerbaServer command. The command parameters are the following:
Parameter | Description | Mandatory | Example value |
---|---|---|---|
-FQDN | The FQDN, hostname, or IP address of the server to install. | Yes | "verbars.contoso.local" |
-Role | The Verba server role to install. Accepted values: Combo, MR, RS, LF, LFRC, RC, SA, SS | Yes | Combo |
-UseLegacyAPI | Switch parameter. If present, the legacy, less secure connection will be used between the Verba services (Verba 8.x and older). | Yes, if the -UseAdvancedAPI parameter is not present | |
-UseAdvancedAPI | Switch parameter. If present, the new, certificate-based connection will be used between the Verba services (Verba 9.0 and later). If present, either the -ServerCertThumbprint or the -GenerateCertificates parameter is mandatory. | Yes, if the -UseLegacyAPI parameter is not present | |
-ServerCertThumbprint | The thumbprint of the server certificate that will be used for the connection between the Verba services. The certificate must be in the Windows Certificate Store. | Yes, if the -GenerateCertificates parameter is not present | "a909502dd82ae41433e6f83886b00d4277a32a7b" |
-GenerateCertificates | Switch parameter. If present, the script will generate certificates. If present, either the -CA or the -CAFQDN parameter is mandatory. | Yes, if the -ServerCertThumbprint parameter is not present | |
-CA | Switch parameter. If present, the script will generate a self-signed certificate for CA certificate, and a server certificate using this CA certificate. | Yes, if the -GenerateCertificates is present, and the -CAFQDN parameter is not present | |
-CAFQDN | The FQDN of the Verba MR or Combo server that acts as a CA. The script will request a server certificate from this server. | Yes, if the -GenerateCertificates is present, and the -CA parameter is not present | "verbamr.contoso.local" |
-SSLCertificatePath | Path to the .crt file that will be used as an SSL certificate by the Verba Web Application. The file must exist at the given location. In order to generate this file from .pfx or .p12 file, see: Installing an SSL certificate for HTTPS access | Yes, if the -Role parameter is set to MR or Combo, and the -GenerateSSLCertificate parameter is not present | "C:\certs\verba.crt" |
-SSLCertificateKeyPath | Path to the .key file that will be used as an SSL certificate by the Verba Web Application. The file must exist at the given location. In order to generate this file from .pfx or .p12 file, see: Installing an SSL certificate for HTTPS access | Yes, if the -Role parameter is set to MR or Combo, and the -GenerateSSLCertificate parameter is not present | "C:\certs\verba.key" |
-SSLCertificatePassword | The password of the .key file. | Yes, if the -Role parameter is set to MR or Combo, and the -GenerateSSLCertificate parameter is not present | "P@ssw0rd" |
-GenerateSSLCertificate | Switch parameter. If present, the script will generate a self-signed SSL certificate for the Web Application. If present, the -SSLCertificateRequest parameter is mandatory. | Yes, if the -Role parameter is set to MR or Combo, and none of the following parameters are present: -SSLCertificatePath, -SSLCertificateKeyPath, -SSLCertificatePassword | |
-SSLCertificateRequest | Certificate request object for the SSL certificate that will be used for the Web Application. | Yes, if the -GenerateSSLCertificate parameter is present | $sslCertificate |
-LocalIP | Local IP configuration for the server. If not provided, the IP address of the first NIC will be used. If provided, then the given IP address will be used. It is also possible to provide a partial IP address as a wildcard with the asterisk symbol. In this case, the script will check the IP addresses of the NICs, and the first one will be used that is matching the provided wildcard. If none of the IP addresses are matching to the wildcard, then the first NIC IP will be used. | No | "192.168.1.1" "192.*" |
Examples:
Install server with legacy configuration (Verba 8.x) without Advanced API, and self-signed SSL certificate
$servers = @(
(New-VerbaServer -FQDN "verbamr.contoso.local" -Role MR -UseLegacyAPI -GenerateSSLCertificate -SSLCertificateRequest $sslCertificate),
(New-VerbaServer -FQDN "verbars.contoso.local" -Role RS -UseLegacyAPI)
}
Install server with legacy configuration (Verba 8.x) without Advanced API, and 3rd party SSL certificate
$servers = @(
(New-VerbaServer -FQDN "verbamr.contoso.local" -Role MR -UseLegacyAPI -SSLCertificatePath "C:\certs\verba.crt" -SSLCertificateKeyPath "C:\certs\verba.key" -SSLCertificatePassword "P@ssw0rd"),
(New-VerbaServer -FQDN "verbars.contoso.local" -Role RS -UseLegacyAPI)
}
Install Verba 9.x with Verba self-signed CA generated server certificates, and self-signed SSL certificate
$servers = @(
(New-VerbaServer -FQDN "verbamr.contoso.local" -Role MR -UseAdvancedAPI -GenerateCertificates -CA -GenerateSSLCertificate -SSLCertificateRequest $sslCertificate),
(New-VerbaServer -FQDN "verbars.contoso.local" -Role RS -UseAdvancedAPI -GenerateCertificates -CAFQDN "verbamr.contoso.local"),
)
Install Verba 9.x with existing server certificates and existing SSL certificates
$servers = @(
(New-VerbaServer -FQDN "verbamr.contoso.local" -Role MR -UseAdvancedAPI -ServerCertThumbprint "7E3C477D6A308ADAAE1AA9E2C5AE8BE0744A6BD1" -SSLCertificatePath "C:\certs\verba.crt" -SSLCertificateKeyPath "C:\certs\verba.key" -SSLCertificatePassword "P@ssw0rd"),
(New-VerbaServer -FQDN "verbars.contoso.local" -Role RS -UseAdvancedAPI -ServerCertThumbprint "7E3C477D6A308ADAAE1AA9E2C5AE8BE0744A6BD1"),
)
When the configuration is done, the script can be started.
Running the Deployment Toolkit
In order to run the Deployment Toolkit, start the autoinstall.ps1 script with an administrator PowerShell.
Running the Deployment Toolkit using Command Line Parameters
Instead of providing the settings by modifying the autoinstall.ps1 file, the setting values can be also provided directly using command line parameters. If a parameter is not provided, the script will use the default values within the file.
The following example shows how to start the script using command line parameters:
$p = Get-Location Import-Module -Name "$($p.Path)\Verba-Deployment-Toolkit.psm1" $sslCertificate = New-VerbaCertificateRequest -Subject "verbamr.contoso.local" $servers = @( (New-VerbaServer -FQDN "verbamr.contoso.local" -Role MR -UseAdvancedAPI -GenerateCertificates -CA -GenerateSSLCertificate -SSLCertificateRequest $sslCertificate), (New-VerbaServer -FQDN "verbars.contoso.local" -Role RS -UseAdvancedAPI -GenerateCertificates -CAFQDN "verbamr.contoso.local"), ) .\autoinstall.ps1 -InstallerPath "\\255.255.255.255\Releases" -TempPath "C:\verba_temp" -AppPath "C:\Program Files\Verba" -Test $true -Uninstall $false -Install $false -BackupConfiguration $false -RestoreConfiguration $false -Upgrade $false -KeepLogs $false -ResetAPIPassword $false -RemoveLegacyCertificateSettings $false -APIUsername "verbaapi" -APIPassword "P@ssw0rd" -AdministratorUsername "administrator" -AdministratorPassword "P@ssw0rd" -SSLCertificateSubject "testmr1.verbatest.local" -SkipNodeRegistrationCheck $false -Servers $servers -StartupType 2 -ServiceUsername "contoso\verba-service" -ServicePassword "P@ssw0rd" -DatabaseHost "SQLSERVER" -DatabaseName "Verba" -SQLAuth $true -DatabaseUsername "verba-user" -DatabasePassword "P@ssw0rd"