Configuration and deployment
The XProtect BYOL CloudFormation stack includes a Virtual Private Cloud (VPC) and the required AWS services to create a cloud-based VMS deployment. The XProtect BYOL CloudFormation template uses a custom Amazon Machine Image (AMI) to configure and deploy the XProtect VMS on an Elastic Compute Cloud (EC2) instance.
The XProtect BYOL CloudFormation template deploys two Elastic Block Storage (EBS) volumes. The first volume contains the Windows Server 2019 operating system, the XProtect VMS software, and Microsoft SQL Server Express database that contains VMS logs and configuration entries. The second volume contains a live media database for your video recordings. Both volumes use the gp2 EBS volume type to meet the storage performance and redundancy level that your XProtect system requires.
For more information on how to:
- Protect your XProtect system configuration, see System configuration password (explained)
- Encrypt recordings stored in the in XProtect Media database, see the information about encryption in Storage and Recording Settings properties
- Encrypt the communication between the XProtect system components, see Secure communication (explained)
| Operating System volume (Disk 0) | Media Database volume (Disk 1) |
|---|---|
| Windows operating system | XProtect Media database |
| XProtect software |
Database optimized for recording and storing audio and video data from your connected cameras and devices (recordings) The default video recording retention time (1 week) can be increased in Management Client after deployment For optimal performance, Milestone recommends that you set video retention to one day and use FSx for archive storage. For more information, see system scaling. |
|
Microsoft SQL Server Express database Holds the XProtect configuration, logs and events |
Elastic Block Store (EBS) considerations:
- The XProtect BYOL CloudFormation deploys the EBS gp2 storages with the volume sizes configured before deployment
- Volume sizes can be increased but not reduced
- Milestone recommends that the media volume size be configured to hold a minimum of 24 hours of video recordings
- The size of disk 0 holding the Microsoft SQL Server Express should be increased above the default size if you have a large number of connected cameras or users
- Volume performance tuning is possible
- Redundancy is available at disk level within your availability zone (AZ)
You can change volume types, tune performance, or increase volume size as needed by your XProtect system. For more information about EBS, see Amazon Elastic Block Store (EBS).
If you meet the prerequisites then you are ready to configure and deploy the XProtect BYOL CloudFormation template.
Subscribe
To deploy the XProtect BYOL CloudFormation, you must first subscribe to XProtect BYOL in AWS Marketplace:
- Go to the MilestoneXProtect Bring Your Own License (BYOL) marketplace listing.
- In the upper right-hand corner, select Continue to Subscribe.
- Read the Terms and Conditions and in the upper right-hand corner, select Continue to Configuration.
- In the Region dropdown list, select your region. In the upper right-hand corner, select Continue to Launch.
- In the lower right-hand corner, select Launch to open the AWS CloudFormation console.
Configure and deploy
After you have subscribed to XProtect BYOL in AWS Marketplace, configure and deploy the XProtect BYOL CloudFormation template using the CloudFormation service role that you created with the necessary permissions for creating and deploying your XProtect stack.
In the AWS Management Console, you find roles on the Identity and Access Management (IAM) page -> Roles tab.
During the configuration, you are asked for the values of the below parameters. For detailed feature descriptions and procedures for configuration and maintenance, see the administrator manual for XProtect VMS.
|
Parameter |
Description |
||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| XProtect configuration | |||||||||||||||||
| XProtect language |
The display language of the installed XProtect products. For more information about XProtect supported languages, see Milestone products supported languages. |
||||||||||||||||
| Retention time |
The number of days video recordings are saved for in the media database. If you increase the Retention time from the default value of 7 days, then you should also increase the EBS Media volume size accordingly. |
||||||||||||||||
| Elastic Compute Cloud (EC2) configuration | |||||||||||||||||
| Instance type |
The size and type of the EC2 instance. Milestone recommends the following instance types depending on the number of cameras in your installation:
If the template fails to deploy due to the selected Instance type, restart deployment and select a different Availability zone below. It is important to choose the proper EC2 instance type. For more information, see the XProtect on AWS White Paper. |
||||||||||||||||
| Operating system volume size |
The size in GB of the Elastic Block Storage (EBS) volume that contains all VMS components except for the media database used to store video recordings. After deployment, you can expand the EBS volume size as needed. You cannot reduce the size of EBS volumes from the initially set value. |
||||||||||||||||
| Delete operating system volume |
Whether the operating system volume should be deleted if you terminate the EC2 instance. Terminating the EC2 instance or deleting the EBS operating system volume does not unsubscribe you from XProtect BYOL. For more information, see Unsubscribe. |
||||||||||||||||
|
Media volume size |
The size in GB of the EBS volume that contains the media database used to store video recordings. After deployment, you can expand the EBS volume size as needed. You cannot reduce the size of EBS volumes from the initially set value. Milestone recommends that the media volume size is configured to hold a minimum of 24 hours of video recordings using archive storage after deployment. |
||||||||||||||||
| Delete media volume |
Whether the media database volume should be deleted if you terminate the EC2 instance. Terminating the EC2 instance or deleting the EBS media volume does not unsubscribe you from XProtect BYOL. For more information, see Unsubscribe. |
||||||||||||||||
| Key pair name | The key pair used to decrypt the Remote Desktop Protocol (RDP) Windows login password and access your Virtual Private Cloud (VPC). For more information about key pairs, see Create a key pair using Amazon EC2. | ||||||||||||||||
| Instance hostname |
An optional custom name that you specify for the EC2 instance to find it in your network environment. The hostname cannot be longer than 15 characters and cannot contain symbols or spaces. Leave this field blank for a randomly assigned instance name. You cannot change the Instance hostname after deployment. |
||||||||||||||||
| Network configuration | |||||||||||||||||
| Availability zone |
The AWS availability zone within your selected region that the EC2 instance deploys in. If the script fails to deploy due to the selected Instance type, restart deployment and select a different Availability zone. |
||||||||||||||||
| RDP ingress CIDR block | The range of inbound IP addresses that will access the VPC using RDP. | ||||||||||||||||
| VPC CIDR block | The range of IP addresses that create the virtual network of the VPC. | ||||||||||||||||
|
Subnet CIDR block |
The range of IP addresses that create the subnet of the VPC. |
||||||||||||||||
Deploying the XProtect BYOL CloudFormation stack takes about 30 minutes.