Deployment

Single Server Deployment

All SmartFace components are deployed on single machine. This is the default deployment for Windows installer or all docker samples. Works out of the box and no special deployment activity is needed. You can proceed to Scaling

(/images/guides/deployment-single-server.png)

Multi Server Deployment

SmartFace componens are deployed on multiple servers forming a single SmartFace Site. For example, SmartFace Prerequisites may be deployed on a standalone server with appropriate attached storage and SmartFace Services are deployed and scalled on the rest of the servers.

(/images/guides/deployment-multi-server-A.png)

In case of high data load to storage, even SmartFace Prerequisites can be deployed separatelly, based on disk IO needs for instance.

(/images/guides/deployment-multi-server-B.png)

Servers can have mixed operating systems (Windows, Linux x86, ARM) and all of them need to be configured to the same SmartFace Prerequisites. Define following hardware as a sample for later configuration

  • Server A (10.11.12.1) hosts prerequisites only
  • Server B (10.11.12.2) hosts first group of RTSP cameras
  • Server C (10.11.12.3) hosts second group of RTSP cameras

Deploy Prerequisites on Windows

To deploy SmartFace Prerequisites only on the Windows server, install only SmartFace Prerequisites installer. Do not forget to open required ports on Firewall according to our Networking information.

Deploy Prerequisites on Linux

To deploy SmartFace Prerequisites only on the Linux server, open our GitHub Repository and launch only SmartFace Prerequisites in sf_dependences folder using docker compose up -d

  1. touch docker-compose.yml
  2. nano docker-compose.yml
  3. paste content downloaded from docker-compose.yml on our GitHub
  4. docker compose up -d or eventually docker-compose up -d for older docker compose versions

Configure Windows server

SmartFace Services running on Windows requires special configuration in order to point them to Prerequisites running on different than default configuration. Easiest way is to run the installation process.

Follow our Install on Windows guide starting from chapter Install the SmartFace Platform and when prompted for RabbitMQ, SQL server and MinIO endpoints, please enter the IP or host name of the server where Prerequisites are installed (in this sample Server A - 10.11.12.1)

(/images/get-started/installation/windows-installer-sql-remote.png)

(/images/get-started/installation/windows-installer-rabbitmq-remote.png)

(/images/get-started/installation/windows-installer-minio-remote.png)

Alternativelly configuration can be changed manually as well. Follow our Updating appSettings.json files guide to learn how to modify configuration on Windows. In our sample the modified appSettings.json would look like this:

{
  "Serilog": {
    "MinimumLevel": "Information"
  },
  "RabbitMQ": {
    "Username": "guest",
    "Password": "guest",
    "VirtualHost": "/",
    "Hostname": "10.11.12.1",
    "Port": 5672,
    "UseSsl": false
  },
  "Database": {
    "DbEngine": "MsSql",
    "ExtendedCommandTimeoutSeconds": 300
  },
  "DbCleanUp": {
    "BatchSize": 1000
  },
  "AppSettings": {
    "Log_RollingFile_Directory": "c:\ProgramData\Innovatrics\SmartFace",
    "Log_RollingFile_MaxSizeMB": 100,
    "Log_RollingFile_MaxFiles": 10,
    "Log_RabbitMq_Enabled": false,
    "USE_JAEGER_APP_SETTINGS": false,
    "JAEGER_SAMPLER_TYPE": "const",
    "JAEGER_SAMPLER_PARAM": 1
  },
  "NoSqlDataStorageDisabled": false,
  "S3Bucket": {
    "BucketName": "inno-smartface",
    "BucketRegion": "",
    "Folder": "sface",
    "Endpoint": "http://10.11.12.1:9003",
    "AccessKey": "minioadmin",
    "SecretKey": "minioadmin",
    "AuthenticationType": "AccessKeyAndSecret",
    "UseBucketRegion": false
  },
  "Metrics": {
    "Host": "*",
    "Port": 4318
  },
  "Gpu": {
    "GpuEnabled": false,
    "GpuDeviceIndex": 0,
    "GpuNeuralRuntime": "Default"
  },
  "ConnectionStrings": {
    "CoreDbContext": "Server=10.11.12.1;Database=smartface;UID=smartface;Password=smartface;Timeout=60;TrustServerCertificate=true;Application Name=EntityFramework"
  },
  "VideoRecordSlicing": {
    "ChunkLength": "00:10:00"
  },
  "TrackletRecovery": {
    "TrackletRecoveryTriggerPeriodSeconds": 30,
    "MinimumVisualObjectAgeForTrackletRecoverySeconds": 120
  },
  "HealthCheck": {
    "Host": "*",
    "Port": 6060
  }
}

Keep in mind change needs to be applied to all appSettings.json files as ilustrated in list below, which can be tedious. Therefore, a re-run of the SmartFace Installer is recommended.

(/images/guides/maintenance-guides/windows-appsettings-list.png)

Configure Linux server

On Linux when running default docker sample the change is very straightforward. On Server B and C open the .env file and modify following variables:

# RMQ config
RabbitMQ__Hostname=10.11.12.1
RabbitMQ__Username=guest
RabbitMQ__Password=guest
RabbitMQ__VirtualHost=/
RabbitMQ__Port=5672
RabbitMQ__UseSsl=false
RabbitMQ__StreamsPort=5552

# MQTT config
MQTT__Hostname=rmq
MQTT__Username=guest
MQTT__Password=guest
MQTT__Port=1883
MQTT__UseSsl=false

# Database config
#Database__DbEngine=MsSql
#ConnectionStrings__CoreDbContext=Server=10.11.12.1;Database=SmartFace;User ID=sa;Password=Test1234;TrustServerCertificate=true;
Database__DbEngine=PgSql
ConnectionStrings__CoreDbContext=Server=10.11.12.1;Database=smartface;Username=postgres;Password=Test1234;Trust Server Certificate=true;

# S3 config
S3Bucket__Endpoint=http://10.11.12.1:9000
S3Bucket__BucketName=inno-smartface
S3Bucket__AccessKey=minioadmin
S3Bucket__SecretKey=minioadmin

Multi Site Deployment

Two or more SmartFace Sites (or Single Servers) are deployed on geographically separated locations. This is based on Leader - Follower architecture that provides centralized watchlist management and increased resilience of SmartFace instances.

Components

For the synchronization to work, there must be at least two SmartFace instances, with exactly one designated as the Leader instance and the others as Follower instances.

Leader instance

The Leader instance may be single-tenant or multi-tenant, may be deployed on-premises or in the cloud, and it must have the SFDbSynchronizationLeader service running and accessible by each Follower instance.

Follower instance

Each Follower instance must be single-tenant, deployed on-premises or in the cloud and must have the SFDbSynchronizationFollower service running and configured to communicate with the SFDbSynchronizationLeader service running on the Leader instance.

Data source

Synchronization is based on the journal of Watchlist Member updates stored in a RabbitMQ stream, referred to as WLStream throughout this documentation.

Each change in Watchlists (such as registration, re-registration, or removal of Watchlist members, as well as assignment or reassignment of Watchlist members to Watchlists) is automatically recorded in WLStream in chronological order. When Follower instances synchronize, these changes are asynchronously read and applied to Follower databases in the same order, ensuring database integrity and eventual consistency.

Install Leader

When starting from standard SmartFace instance, only configuration and enabling of SFDbSynchronizationLeader service is required.

ℹ️ It is recommended (although not required) for the Leader instance to have authentication enabled.
Leader on Linux

It is recommended for the Leader instance to be hosted on Linux OS in containerized form (Docker, Kubernetes or other compatible orchestrator).

Leader on Windows

Hosting the Leader instance on Windows OS is possible and is analogous to hosting it on Linux, but this documentation will not address the specifics of hosting it on Windows. Please contact support if you require hosting Leader instance on Windows.

Installation steps

  1. The SFDbSynchronizationLeader service should have required configuration pre-configured identically with other SmartFace services on the Leader instance. Required configuration:

    • Database connection parameters
    • RabbitMQ connection parameters
    • Object storage connection parameters

    The definition of the configuration is available at the .env file within your deployment directory.

    Note: Object storage is defined within the S3 config section.

  2. If using authentication, also configure authentication settings for the service match your external authentication authority provided:

    • Authentication__UseAuthentication is a boolean true or false. Set to true if you want to use an authentication authority.
    • Authentication__IgnoreHttpsIssuerCheck is boolean true or false. Set to true if you want to continue when using http protocol as for security reasons, the https is expected as a default.
    • Authentication__Authority should be set to the URL of the authentication authority.
    • Authentication__Audience value comes from the settings of the authentication authority. In some cases it does not need to be defined.

    You can define them by adding them directly in the docker-compose.yml as environmental variables or in the .env file.

  3. Determine an endpoint that Follower instances will use to contact the SFDbSynchronizationLeader. The communication is based on GRPC protocol. This can be done by choosing an outer port, usable by the follower instances in the Leader__Address environment variable:

    ports:
          - 8100:${Hosting__Port}
    

    Such a value for the Follower’s Leader__Address would be for example http://leader-machine-hostname:8100

    ℹ️ It is highly recommended to use TLS with valid certificate on the endpoint, especially if communication with Follower instances will be otherwise unprotected. In such case as a part of the Leader__Address we will use https instead.
  4. Start SFDbSynchronizationLeader service by configuring your orchestrator.

    ℹ️ SmartFace provides Leader SmartFace instances in cloud as a service so you can benefit from this feature without need to configure the Leader instance by yourself. Please, contact your sales representative for more information about the service.

Install Followers

⚠️ Follower instance will contain only Watchlist data that is provided by Leader instance. All pre-existing Watchlist data on the Follower instance (Watchlist members, Watchlists) will be deleted. Make sure that you are starting from a SmartFace instance with empty Watchlists, or that you are willing to delete all Watchlist and Watchlist member data from it.

Installation steps

Follower on Linux
  1. Configure settings of SFDbSynchronizationFollower

    • All configuration for Database, RabbitMQ and Object storage should point to instances used by local SmartFace instance and be identical with respective settings in other services. (If you are using supplied docker-compose.yml for orchestration, all of these settings should be preconfigured.)

    • Configure Leader__Address to endpoint of the Follower with which this instance will synchronize, such as http://example-leader-hostname:8100.

      This can be set directly in the docker-compose.yml for the SFDbSynchronizationFollower service as a new line under the environment variables (environment:) for the Docker container - Leader__Address=http://example-leader-hostname:8100

      Or it can be set in the .env file:

      Leader__Address=http://example-leader-hostname:8100
      
    • If Leader requires authentication, also configure authentication settings to match your external authetication authority for the Follower instance:

      • ClientAuthentication__UseAuthentication is a boolean true or false. Set to true if you want to use an authentication authority.
      • ClientAuthentication__TokenEndpoint is an URL to an endpoint for requesting an access token.
      • ClientAuthentication__ClientId is an id defined by the authentication authority.
      • ClientAuthentication__ClientSecret is a secret defined by the authentication authority.
      • ClientAuthentication__Audience is a value defined by the authentication authority. In some cases it might be emty.
  2. Enable Read-only Watchlists mode:
    You can set FeatureManagement__ReadOnlyWatchlists to true

    FeatureManagement__ReadOnlyWatchlists=true
    
    • For the API service you can do such a change in the .env.
    • For the SmartFace Station you can do such a change in the .env.sfstation.
  3. Disable Autolearn feature on all Follower instances Since face detection data is not synchronized back to the Leader instance, the AutoLearn functionality must be disabled on Follower instances.

  4. Start SFDbSynchronizationFollower service.

    ℹ️ It is recommended to monitor logs of *SFDbSynchronizationFollower service* to ensure synchronization is working as expected.
Follower on Windows

Enabling of synchronization follower functionality can be configured during the installation process. You can re-run the installation on existing SmartFace instance to enable this functionality.

Limitations

  • Watchlist management (registering Watchlist members, adding Watchlists) is possible only on the Leader instance; the Follower instances provide Watchlist data in read-only mode.
  • Currently only Watchlists are synchronized, therefore data about detected faces, pedestrians and objects remains on the SmartFace instances where it was processed.