Installing and configuring an external Recording Server
Overview
External Recording Servers can be deployed in environments where the connection between the Recording Serves and the rest of the recorder infrastructure (database server, storage, application servers, etc.) is limited by strict security and firewall rules. A typical use case (shown in the diagram below) is when a hybrid architecture is deployed with components on-premise and in the cloud. In that case, customers want to restrict the communication to be initiated from the on-premise components only and the components in the cloud cannot open a communication channel at all. This requires changing the communication between the cloud and the on-premise components from a push to a pull approach. Normally, the services on the Recording Server connect directly to the database server and the storage infrastructure to insert and upload the data (pushing the data) directly from the Recording Server. The external Recording Server configuration allows uploading bot the metadata and media to temporary storage (e.g. Azure Blob Storage) and using the on-premise components to download and add the data (pulling the data) to the on-premise recorder infrastructure.
A system will work in the following way when external Recording Servers are deployed:
The recorder services (Unified Recorder Service, Passive Recorder Server, etc.) do not attempt to write the metadata to the database during recording. The services create the metadata XML files on the disk as in the normal mode.
The Storage Management Service uses the local configuration to upload the data (media + metadata files) to a preconfigured storage target (any SMB storage medium or Azure File/Blob storage accessible from the cloud)
On the on-premise Application Servers (Media Repositories), the Import Service downloads (media + metadata files) and import the data from the cloud storage target.
On the on-premise Application Servers (Media Repositories), the Storage Management Service uploads the media files to the final storage target, just like the Storage Management Service does on an on-premise Recording Server.
Using external Recording Servers have the following limitations:
- Since the database records are only inserted after the recording is finished and the data is downloaded and imported, features related to ongoing calls are not available:
- No ongoing recordings
- No on-demand recording
- No controlled recording
- No silent monitoring
- Data management policies cannot be applied to the external Recording Server, the Storage Management Service can only support uploading all data to the pre-configured storage target.
- Encryption and signing can be optionally configured.
- Upload related features, such as retention period configuration, and voice quality checks are not supported on the external Recording Server. However, these features can be enabled once the data is imported.
- Alerts cannot be directly inserted into the database (via the database API on the Application Servers/Media Repositories), instead, the alerts can be uploaded to the cloud storage target and imported by the Import Service in the same way as recordings. Alternatively, other alert targets can be used such as SMTP, SNMP.
- Shared server configurations are not supported
Installing an external Recording Server
Follow the installation instructions for a standard Recording Server, explained at Installing a Verba Recording Server, and review the differences listed below:
- When prompted for the SQL Server Connection, uncheck the Enable SQL Server connection setting which will disable the SQL Server connection on the server.
- When prompted for the Server Certificate, you cannot generate a certificate using the Application Server/Media Repository because usually there is no connection with the Web Application. Instead, the server certificate has to be generated in advance and uploaded to the server manually before the installation runs.
- When prompted for the node registration, check the Skip API user check option to skip the server registration into the database.
Configuring an external Recording Server
Firewall configuration
Follow the instructions of the firewall configuration guides applicable for the required integration(s). For instance, for Microsoft Teams recording, see Firewall configuration for Microsoft Teams recording deployments.
Review the port requirements as follows:
- External Recording Serves do not connect to the SQL Server
- External Recording Servers do not connect to the on-premise storage infrastructure, only to the temporary cloud storage (e.g. Azure Blob Storage)
- External Recording Servers do not use the database API on the Application Servers/Media Repositories
- The Management API (Node Manager) port (TCP 4433) must be open on the external Recording Servers so it can be managed through the Web Application (server and service configuration, extension/recording rule configuration)
- All integration-related ports must be allowed
Server configuration
Registering the server in the database
After completing the installation, the new external Recording Server has to be added to the database so it can be managed from the Web Application (normally this is step is automatic during the installation):
Step 1 - Open the Verba Web interface, go to Configuration / Servers, then click on the Add New Verba Server link on the top right
Step 2 - Enter the required information, make sure the hostname contains the FQDN of the external Recording Server which is accessible from the Application Servers / Media Repositories
Step 3 - Press Save to add the server.
Enabling the external server mode
After completing the server registration, the external server mode has to be enabled:
Step 1 - Open the Verba Web interface, go to Configuration / Servers, then select the new external server from the list
Step 2 - Click on the Change Configuration Settings tab and navigate to System / External Recording Server and set it to Yes
Step 3 - Save the changes by clicking on the icon.
Step 4 - A notification banner will appear on the top. Click on the click here link, so you will be redirected to the Configuration Tasks tab. Click on the Execute button in order to execute the changes.
Configuring the integration specific settings
Follow the instructions of the integration guides to enable and configure the required integrations on the server.
Configuring the Storage Management Service
Since the data management policies cannot be used on external Recording Servers, a service level upload has to be configured to allow moving the data to the temporary storage target.
Step 1 - Open the Verba Web interface, go to Configuration / Servers, then select the new external server from the list.
Step 2 - Click on the Change Configuration Settings tab and navigate to Storage Management / Upload.
Step 3 - Verify that the Policy Based Uploading Enabled setting is set to No.
Step 4 - Select the type of storage target which will be used for the upload under Non-Policy Based Upload Target. Note: not all types of storage targets are supported for non policy based upload.
Step 5 - Optionally, configure encryption and/or signing for the files under Non-Policy Based Upload File Encryption Certificate and Non-Policy Based Upload File Digital Signature Certificate. You need to configure the thumbprint of the certificates which are already configured in the system. The certificates must be uploaded to the Windows Certificate Store of the external servers. The import process will recognize the thumbprint information and store it in the database records accordingly. For more information, see Encryption and integrity protection.
Step 6 - Under Storage Targets configure the upload target you want to use for the upload. This is the storage target that will be used to import the data. Make sure you have the right storage target type selected in Step 4.
Step 7 - Save the changes by clicking on the icon.
Step 8 - A notification banner will appear on the top. Click on the click here link, so you will be redirected to the Configuration Tasks tab. Click on the Execute button in order to execute the changes.
Configuring the System Monitoring Service
When the external mode is enabled, the System Monitor service does not insert the alerts into the database. Alternatively, the alerts can be uploaded and imported the same way as recordings:
Step 1 - Open the Verba Web interface, go to Configuration / Servers, then select the new external server from the list.
Step 2 - Click on the Change Configuration Settings tab and navigate to System Monitoring / API Connection.
Step 3 - Set the Upload Alerts setting is to Yes.
Step 4 - Save the changes by clicking on the icon.
Step 5 - A notification banner will appear on the top. Click on the click here link, so you will be redirected to the Configuration Tasks tab. Click on the Execute button in order to execute the changes.
Configuring the Import Service
In order to download and insert the data into the recorder infrastructure, an import source has to be created pointing to the temporary storage target which is used in the upload configuration on the external Recording Server.
Follow the instructions for creating a Verba import source that is able to import the uploaded data. For more information, see Verba Conversation Import.