Verba PowerShell Deployment Toolkit

The Verba PowerShell Deployment Toolkit simplifies the process of the Verba deployments and upgrades in large environments. The toolkit consists of two PowerShell files:

  • autoinstall.ps1 : Configurable PowerShell script for uninstalling, installing and upgrading Verba servers and components.
  • verba-*.psm1 : A PowerShell library which contains a collection of functions usable for Verba deployments. For the documentation of the functions see: Verba PowerShell Deployment Library

Preparations

Verba Prerequisites

The Verba PowerShell Deployment Toolkit does not install the prerequisites of the Verba services (Java, Visual C++, etc.) nor does the registration of the SfB/Lync Filter application in the SfB/Lync pool. These have to be done manually.

Deployment Toolkit Prerequisites

Make sure the x64 version of PowerShell (C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe) is being used!

On the machine where the Verba Powershell Deployment Toolkit will be started, the SqlServer Powershell module has to be installed. Do the following steps in order to install the module:

Step 1 - Download and install PowerShell 5.1. After the installation, restart the machine.

Step 2 - Open PowerShell as administrator.

Script execution policy

Script execution may be restricted in the domain. In order to remove the restriction, execute the following command:

Set-ExecutionPolicy -ExecutionPolicy Unrestricted -Scope LocalMachine -Force

Step 3 - Execute the following command. This will set the security protocol being used at the subsequent commands when communicating through the internet.

[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12

Step 4 - Execute the following command. When asked, type in Yes and press enter to allow the operation. This will download the NuGet package provide provider, and registers it as the default repository for PowerShell modules.

Install-PackageProvider -Name NuGet -MinimumVersion 2.8.5.201 -Force

Step 5 - Execute the following command. When asked, type in Yes and press enter to allow the operation. This will download the SqlServer module.

Install-Package -Name SqlServer -RequiredVersion 21.1.18235 -AllowClobber

Installing the SqlServer module without internet connection

The SqlServer module can be installed also without an internet connection. Do the same commands on another computer with an internet connection, then copy the C:\Program Files\WindowsPowerShell\Modules\SqlServer folder to the same folder on the computer without an internet conenction.

Group Memberships

The Windows User who runs the script (logged in to the server) must be added to the following local groups at all Verba servers.

  • Administrators
  • Remote Management Users

Database

If database mirroring is used, make sure that the primary database (based on the Verba configuration) is the principal!

Configuration

The Verba PowerShell Deployment Toolkit can be configured by editing the autoinstall.ps1 file. The configuration part can be found at the beginning of the file, between the "Configuration" and "End of configuration" lines (except the $Servers variable). Edit the values of the following variables:

VariableDescriptionExample value
[string]$InstallerPath
A network folder that contains the Verba executables (VerbaRecording.msi, VerbaAdditionalRoles.msi). The network folder has to be accessible for the windows user which is used for running the script."\\storage\Verba\8.8\"
[string]$TempPath
The folder path for temporary files. This folder will be created on each server."C:\verba_install\"
[string]$AppPathVerba installation directory."C:\Program Files\Verba\"
[bool]$Test

Tests the servers
The script test the following:

  • If the script can log into the server
  • If the Verba prerequisites are installed
  • If the server can reach the database server on port 1433
  • Is there enough disk space
$true
[bool]$UninstallSets whether the script will uninstall the specified servers. The script removes the Verba software, the registry set and the files from the server. This setting is ignored when $Upgrade=$true is used.$false
[bool]$Install

Installs the Verba application on the servers. This setting is ignored when $Upgrade=$true is used.

$false
[bool]$BackupConfigurationBackups the list of the activated services and the registry from the servers. The filenames going to be the hostnames of the servers. If the files already exist, the filename going to end with .bak. This setting is ignored when $Upgrade=$true is used.$false
[bool]$RestoreConfigurationRestores the list of the activated services and the registry from the files named with the corresponding server hostnames. This setting is ignored when $Upgrade=$true is used.$false
[bool]$Upgrade

Sets whether the script will upgrade the specified servers. The upgrade involves the following process:

  • Backups the existing configuration in the registry and the list of activated Verba services.
  • Uninstalls the current Verba software.
  • Installs the new version using the executables specified at the $path value.
  • Restores the previously saved configuration (registry).
  • Activates and starts the Verba services based on the previous configuration.

If turned on, then the $Uninstall, $Install, $Backupconfiguration and $Restoreconfiguration values will be ignored.

$false
[bool]$KeepLogsSets whether the script should remove the log folder in case of uninstalling or upgrading.$false
[bool]$ResetAPIPasswordSet to $true if you want to reset the API user's password. It is recommended when you are upgrading from 8.x.$false
[bool]$RemoveLegacyCertificateSettingsSet to $true if you want to delete old legacy certificate settings from the profiles. It is recommended when you are upgrading from 8.x.$false
[bool]$SkipNodeRegistrationCheckSet $true if you want to skip the node registration check, so the script will register the Servers with NETBIOS name by default. It is recommended if you are upgrading from 8.x.$false
[bool]$UpdateIMFormatSet to $true if you want to update the old IM schema in the database. It is recommended when you are upgrading from 8.x. Depending on the amount of recordings, this process can take a while.$false
[string]$APIUsernameVerba API username."verbaapi"
[string]$APIPasswordVerba API password."P@ssw0rd"
[string]$AdministratorUsernameVerba Administrator username."administrator"
[string]$AdministratorPasswordVerba Administrator password."P@ssw0rd"
[string]$SSLCertificateSubject

The subject of the SSL certificate generated for the Web Application. The script will generate a self-signed certificate with this subject.


"testmr1.verbatest.local"
[int]$StartupType

The startup type of the Verba services:

  • 0: Disabled
  • 1: Manual
  • 2: Automatic
  • 3: AutomaticDelayed
2
[string]$ServiceUsername
The Windows domain account used as a service account in the case of the Verba SfB/Lync Filter installation."contoso\verba-service"
[string]$ServicePassword
The password of the Windows domain account."P@ssw0rd"
[string]$DatabaseHost
The hostname of the server where the Verba database hosted."SQLSERVER"
[string]$DatabaseName
The name of the Verba database."Verba"
[bool]$SQLAuth
Sets whether SQL Authentication will be used for the SQL connection. If set to 0, then Windows authentication will be used for the SQL connection.$true
[string]$DatabaseUsername
Username for the SQL connection. If the $sqlAuth setting is set to 1, then a SQL user has to be provided. If the $sqlAuth setting is set to 0, then a Windows domain user has to be provided in "domain\user" format."verba-user"
[string]$DatabasePassword
The password of the SQL connection."P@ssw0rd"
[bool]$MultiSubnetFailoverSet to $true, if Always-On database is being used with Multi-Subnet Failover.$false
[bool]$DBPartitioningSet to $true, if you want to turn on database partitioning. This improves the performance in the case of large databases.$true

[bool]$EncryptedPasswords

#Set to $true, if you are providing the passwords ($APIPassword, $AdministratorPassword, $ServicePassword, $DatabasePassword, and -SSLCertificatePassword at the $Servers) in encrypted format$false
[bool]$EnableCloudMode
Experimental feature. Sets whether cloud mode will be used for the Node Manager$false
[string]$MRPoolName
Experimental feature. The Media Repository pool name."testmr1"
[int]$MRPortNumber
Experimental feature. The port used at the Media Repository for the incoming registration requests.4432
[string]$TokenPassword
Experimental feature. The password of the registration token."P@ssw0rd"

Server configuration

The servers can be configured not at the beginning of the script, but below, at line 133. The $Servers variable is an array of VerbaServer objects. New items can be added with the New-VerbaServer command. The command parameters are the following:

ParameterDescriptionMandatoryExample value
-FQDNThe FQDN, hostname, or IP address of the server to install.Yes"verbars.contoso.local"
-RoleThe Verba server role to install. Accepted values: Combo, MR, RS, LF, LFRC, RC, SA, SSYesCombo
-UseLegacyAPISwitch parameter. If present, the legacy, less secure connection will be used between the Verba services (Verba 8.x and older).Yes, if the -UseAdvancedAPI parameter is not present
-UseAdvancedAPISwitch parameter. If present, the new, certificate-based connection will be used between the Verba services (Verba 9.0 and later). If present, either the -ServerCertThumbprint or the -GenerateCertificates parameter is mandatory.Yes, if the -UseLegacyAPI parameter is not present
-ServerCertThumbprintThe thumbprint of the server certificate that will be used for the connection between the Verba services. The certificate must be in the Windows Certificate Store.Yes, if the -GenerateCertificates parameter is not present"a909502dd82ae41433e6f83886b00d4277a32a7b"
-GenerateCertificatesSwitch parameter. If present, the script will generate certificates. If present, either the -CA or the -CAFQDN parameter is mandatory.Yes, if the -ServerCertThumbprint parameter is not present
-CASwitch parameter. If present, the script will generate a self-signed certificate for CA certificate, and a server certificate using this CA certificate.Yes, if the -GenerateCertificates is present, and the -CAFQDN parameter is not present
-CAFQDNThe FQDN of the Verba MR or Combo server that acts as a CA. The script will request a server certificate from this server.Yes, if the -GenerateCertificates is present, and the -CA parameter is not present"verbamr.contoso.local"
-SSLCertificatePathPath to the .crt file that will be used as an SSL certificate by the Verba Web Application. The file must exist at the given location. In order to generate this file from .pfx or .p12 file, see: Installing an SSL certificate for HTTPS accessYes, if the -Role parameter is set to MR or Combo, and the -GenerateSSLCertificate parameter is not present"C:\certs\verba.crt"
-SSLCertificateKeyPathPath to the .key file that will be used as an SSL certificate by the Verba Web Application. The file must exist at the given location. In order to generate this file from .pfx or .p12 file, see: Installing an SSL certificate for HTTPS accessYes, if the -Role parameter is set to MR or Combo, and the -GenerateSSLCertificate parameter is not present"C:\certs\verba.key"
-SSLCertificatePasswordThe password of the .key file.Yes, if the -Role parameter is set to MR or Combo, and the -GenerateSSLCertificate parameter is not present"P@ssw0rd"
-GenerateSSLCertificateSwitch parameter. If present, the script will generate a self-signed SSL certificate for the Web Application. If present, the -SSLCertificateRequest parameter is mandatory.Yes, if the -Role parameter is set to MR or Combo, and none of the following parameters are present: -SSLCertificatePath, -SSLCertificateKeyPath, -SSLCertificatePassword
-SSLCertificateRequestCertificate request object for the SSL certificate that will be used for the Web Application.Yes, if the -GenerateSSLCertificate parameter is present$sslCertificate
-LocalIP

Local IP configuration for the server. If not provided, the IP address of the first NIC will be used. If provided, then the given IP address will be used.

It is also possible to provide a partial IP address as a wildcard with the asterisk symbol. In this case, the script will check the IP addresses of the NICs, and the first one will be used that is matching the provided wildcard. If none of the IP addresses are matching to the wildcard, then the first NIC IP will be used.

No

"192.168.1.1"

"192.*"

Examples:

Install server with legacy configuration (Verba 8.x) without Advanced API, and self-signed SSL certificate
$servers = @(
(New-VerbaServer -FQDN "verbamr.contoso.local" -Role MR -UseLegacyAPI -GenerateSSLCertificate -SSLCertificateRequest $sslCertificate),
(New-VerbaServer -FQDN "verbars.contoso.local" -Role RS -UseLegacyAPI)
}

Install server with legacy configuration (Verba 8.x) without Advanced API, and 3rd party SSL certificate
$servers = @(
(New-VerbaServer -FQDN "verbamr.contoso.local" -Role MR -UseLegacyAPI -SSLCertificatePath "C:\certs\verba.crt" -SSLCertificateKeyPath "C:\certs\verba.key" -SSLCertificatePassword "P@ssw0rd"),
(New-VerbaServer -FQDN "verbars.contoso.local" -Role RS -UseLegacyAPI)
}

Install Verba 9.x with Verba self-signed CA generated server certificates, and self-signed SSL certificate
$servers = @(
(New-VerbaServer -FQDN "verbamr.contoso.local" -Role MR -UseAdvancedAPI -GenerateCertificates -CA -GenerateSSLCertificate -SSLCertificateRequest $sslCertificate),
(New-VerbaServer -FQDN "verbars.contoso.local" -Role RS -UseAdvancedAPI -GenerateCertificates -CAFQDN "verbamr.contoso.local"),
)

Install Verba 9.x with existing server certificates and existing SSL certificates
$servers = @(
(New-VerbaServer -FQDN "verbamr.contoso.local" -Role MR -UseAdvancedAPI -ServerCertThumbprint "7E3C477D6A308ADAAE1AA9E2C5AE8BE0744A6BD1" -SSLCertificatePath "C:\certs\verba.crt" -SSLCertificateKeyPath "C:\certs\verba.key" -SSLCertificatePassword "P@ssw0rd"),
(New-VerbaServer -FQDN "verbars.contoso.local" -Role RS  -UseAdvancedAPI -ServerCertThumbprint "7E3C477D6A308ADAAE1AA9E2C5AE8BE0744A6BD1"),
)

When the configuration is done, the script can be started.

Running the Deployment Toolkit

In order to run the Deployment Toolkit, start the autoinstall.ps1 script with an administrator PowerShell.

Running the Deployment Toolkit using Command Line Parameters

Instead of providing the settings by modifying the autoinstall.ps1 file, the setting values can be also provided directly using command line parameters. If a parameter is not provided, the script will use the default values within the file.

The following example shows how to start the script using command line parameters:

$p = Get-Location
Import-Module -Name "$($p.Path)\Verba-Deployment-Toolkit.psm1"

$sslCertificate = New-VerbaCertificateRequest -Subject "verbamr.contoso.local"

$servers = @(
(New-VerbaServer -FQDN "verbamr.contoso.local" -Role MR -UseAdvancedAPI -GenerateCertificates -CA -GenerateSSLCertificate -SSLCertificateRequest $sslCertificate),
(New-VerbaServer -FQDN "verbars.contoso.local" -Role RS -UseAdvancedAPI -GenerateCertificates -CAFQDN "verbamr.contoso.local"),
)

.\autoinstall.ps1 -InstallerPath "\\255.255.255.255\Releases" -TempPath "C:\verba_temp" -AppPath "C:\Program Files\Verba" -Test $true -Uninstall $false -Install $false -BackupConfiguration $false -RestoreConfiguration $false -Upgrade $false -KeepLogs $false -ResetAPIPassword $false -RemoveLegacyCertificateSettings $false -APIUsername "verbaapi" -APIPassword "P@ssw0rd" -AdministratorUsername "administrator" -AdministratorPassword "P@ssw0rd" -SSLCertificateSubject "testmr1.verbatest.local" -SkipNodeRegistrationCheck $false -Servers $servers -StartupType 2 -ServiceUsername "contoso\verba-service" -ServicePassword "P@ssw0rd" -DatabaseHost "SQLSERVER" -DatabaseName "Verba" -SQLAuth $true -DatabaseUsername "verba-user" -DatabasePassword "P@ssw0rd"