XProtect archiving

In deployments where video recordings are retained for longer than a few days, Milestone recommends using the XProtect archiving feature that moves recordings that are older than a specified threshold to a more cost-effective storage option. Archiving reduces the required size of the media database volume (disk 1) that hold your recordings, and it facilitates a cost reduction due to the reduced capacity requirement of the EBS gp2 storage.

You can reduce the retention time or lower the resolution and frame rate of your recordings to avoid filling the media database storage.

Retention times and media storage dimensioning

In these recommendations the retention time definition of a week can vary due to your specific system requirements. For more information about media storage dimensioning, see the XProtect on AWS White Paper.

For retention times shorter than 1 week

  • Make sure that the capacity of the EBS gp2 storage (disk 1) can hold your recordings for a minimum of 1 day
  • Consider defining a third EBS st1 type volume for archiving

For retention times longer than 1 week

  • Make sure that the capacity of the EBS gp2 storage (disk 1) can hold your recordings for a minimum of 1 day

  • Use FSx for Windows File Server storage for archiving

Besides the recommended EBS storage option, there are alternatives to XProtect archiving in an AWS deployment that is not connected to a domain. The alternative storage options are not described in this guide.

Archiving to FSx for Windows File Server storage

Milestone recommends archiving to FSx for Windows File Server storage. This type of share will deliver the archiving storage performance and redundancy level that your XProtect system requires.

If you have retention times shorter than 1 week, you may need to allocate more FSx storage capacity than needed to secure a sufficient IOPS baseline. For more information about IOPS and media storage dimensioning, see the XProtect on AWS White Paper.

FSx for Windows File Server considerations:

  • Share size is defined in steps of 1 GiB with a minimum size of 2 TiB and maximum size of 64 TiB
  • Redundancy by replication to multiple availability zones (AZ)
  • Integrates with Microsoft Active Directory
  • Requires AD user service account running the recording server to be used
  • Requires ports used in AWS for SMBv3 in your VPC Security Groups

You can create multiple FSx shares and use them on your EC2 Windows server instance running the recording server to increase archiving storage capacity.

When scheduling XProtect archiving times, make sure the archiving job does not overlap with the AWS FSx half-hour weekly service window or configure the size of disk 1 to accommodate possible postponed archiving when configured in a single availability zone.

For more information on FSx for Windows file server, see Amazon FSx for Windows File Server.

How to create FSx shares

Log in and start creation

  1. Log in to the AWS Management Console and locate the Amazon FSx file system. Select Create file system.

  2. Select Amazon FSx for Windows File Server and select Next.

Specify file system details

  1. File system name: Specify a name for use in the AWS Management console.

  2. Deployment type: Select Availability Zone (AZ). Single-AZ or Multi-AZ for redundancy.

    Single-AZ has a 30-minute weekly maintenance window that you can schedule as you prefer.

  3. Storage type: Milestone recommends selecting HDD storage type for archiving.
  4. Storage capacity: Specify the size of your FSx share.

  5. Throughput capacity: Select Specify to meet your throughput requirements.

    When selecting a higher throughput capacity you increase the cost of running your FSx share.

Specify Network and Security

  1. Virtual Private Cloud (VPC): Select the VPC where your EC2 instance running your XProtect system is deployed.

  2. VPC Security Groups: Specify VPC Security Groups to associate with your file system's network interface.

    Make sure to add the relevant ports used in AWS for SMBv3 to your VPC Security Groups.

  3. Preferred subnet: Select the same subnet as your EC2 instance running your XProtect system.
  4. Standby subnet: Select a relevant standby subnet.

Windows authentication

Active Directory: Choose an AWS Managed or Self-managed Microsoft Active Directory to provide user authentication and access control for your file system.

  1. For an AWS Managed Microsoft AD select a directory to use.

  2. For a Self-managed Microsoft AD provide the details below:

    1. Fully qualified domain name.
    2. DNS server IP Addresses.
    3. Service account username and password.

Encryption

Encryption key: Select your AWS Key Management Service (KMS) encryption key.

Maintenance preferences

  1. Daily automatic backup window: Select No preference.

  2. Automatic backup retention period: Set it to 0 days.

  3. Single-AZ weekly maintenance window: Choose Select start time for 30-minute weekly maintenance window and specify the start time of the maintenance window.

    Specify the start time so that the maintenance window does not overlap with your XProtect system archiving schedule.

Tags

  1. Add tags that follows your tagging strategy.

  2. Select Next.

Summary

  1. Verify your settings.

  2. Select Create file system to start the creation of your FSx share.

File systems

  1. Your FSx share is created and you can follow the status. The expected creation time is 20-30 minutes.

  2. When the status is Available, select the file system name to view the details.

  3. On the Network and Security tab locate the DNS name.

    You can now connect your FSx share using the DNS name and the share name as a path in the following format:

    \\amznfsx(xxxxxxxx).domain name\share

    Example: \\amznfsxscrmjyvn.acme.com\share

How to connect your FSx shares

In your Active Directory

  1. Make sure that the AD user that runs the recording server service and XProtect system have the required permissions to access the share.

  2. Attach the share to the EC2 instance that runs your XProtect system by adding the share path in the XProtect Management Client when adding your archive.

    For more information about how to configure recording storage archiving and scheduling in XProtect Management Client, see Storage tab (recording server).