Introduction
With a Proof of Concept, Embrace wants its customers to be able to experience Pulse-IT/Automate-IT with the best conditions. In order to focus on the delivered value, Embrace team asks to keep everything simple.
Architecture
This high level architecture diagram represents a typical simple deployment. It is valid for Automate-IT and Pulse-IT.
This illustration gives an idea of the components involved in the system.
Prerequisites
Server
| On Prem / Self hosted | AWS |
| Amazon Linux c5.2xlarge or c6a.2xlarge |
Required software:
- vim, nano
- smbclient
- nfs-utils
- chrony
- openssh-server
- firewalld
Embrace team or its certified integrators will perform the install of additional components.
The customer should communicate the root user login and password to Embrace team or its certified integrators.
Linux Partitioning: There is no specific recommendation regarding the partitioning of Linux volumes.
Windows worker node
| On Prem / Self hosted | AWS |
| Windows 11 / Windows Server 2022 Pulse-IT: c5.2xlarge or c6a.2xlarge Automate-IT: c5.4xlarge or c6a.4xlarge |
Additional required software in case of an Automate-IT deployment:
- Adobe After Effects & Media Encoder version 23.5
- Visual studio code
Embrace team or its certified integrators will perform the install of additional extensions.
The customer should communicate the Windows Administrator login and password to Embrace team or its certified integrators.
Windows Updates Policy: there are no restrictions identified by Embrace regarding Windows patches or Knowledge Base (KB) updates. Windows Updates should be applied in accordance with the company's internal policy.
Linux worker node
| On Prem / Self hosted | AWS |
| Amazon Linux c5.2xlarge or c6a.2xlarge |
Required software:
- vim, nano
- smbclient
- nfs-utils
- chrony
- openssh-server
- firewalld
Embrace team or its certified integrators will perform the install of additional components.
The customer should communicate the root user login and password to Embrace team or its certified integrators.
Linux Partitioning: There is no specific recommendation regarding the partitioning of Linux volumes.
Storage
An IN/OUT 250GB storage space, accessible via SMB from the Worker and Server, should be dedicated to media exchanges.
This storage can be a volume with access to native media already present in the customer's architecture, to avoid unnecessary copies and enable fluid management. It should be noted, however, that this is a Proof of Concept, so there should be no disruption to production when these sharing volumes are used.
The storage on a Windows machine should be mounted by the customer IT team as Windows drive.
On a Linux machine, the storage should be mounted in /mnt/shared.
For an AWS setup, Embrace recommends FSX.
For Automate-IT:
A dedicated storage space to host AE Templates - 50 GB maximum, accessible via SMB from the Worker.
Networking
IP configuration
IP addresses should be static. DNS is optional.
Ports
Automate-IT/Pulse-IT resources are preconfigured with the default TCP/UDP ports listed below. This list represents a generic matrix for opening ports for proper use of Automate-IT/Pulse-IT.
The list is incomplete due to the many server products available with which the orchestrator could connect (Louise, Telestream Vantage, What's On, Interra Systems Baton, etc.).
Contact product suppliers for details on port usage.
| Service/Application | Source | Destination | Incoming Port | Protocol |
| Web access | ||||
| User access via http / https | Web Client | Server (nginx) | 80 / 443 | TCP |
| Server internal | ||||
| nginx to Server | Server (nginx) | Server | 8000 | TCP |
| Database | Server | PostgreSQL Database | 5432 | TCP |
| Cache | Server | Redis Cache | 6379 | TCP |
| Message queue | Server | RabbitMQ | 5671 / 5672 | TCP |
| Server external | ||||
| Access storage | Server | SMB Storage | 445 | TCP |
| Access storage | Server | S3 Storage | 80 / 443 | TCP |
| Access storage | Server | SFTP Storage | 21 / 22 | TCP |
| Authentication ldap/ldaps | Server | Active Directory | 389 / 636 | TCP/UDP |
| Workers | ||||
| Monitor workflows tasks | Workers | RabbitMQ | 5671 / 5672 | TCP |
| Report tasks progress | Workers | Server | 80 / 443 | TCP |
| Access storage | Workers | SMB Storage | 445 | TCP |
| Access storage | Workers | S3 Storage | 80 / 443 | TCP |
| Access storage | Workers | SFTP Storage | 21 / 22 | TCP |
| Mail no or basic auth | Workers | Mail Server (SMTP) | 25 | TCP |
| Mail with STARTTLS | Workers | Mail Server (SMTP) | 587 / 2587 | TCP |
| Mail with SMTPS | Workers | Mail Server (SMTPS) | 465 / 2465 | TCP |
Exchanges between Server and Workers are limited to RabbitMQ and HTTPS.
Initial setup
The web should be fully open for the initial setup of the products on all the machines.
Software, source codes and certificates will be downloaded from the following but not limited to:
- https://hub.docker.com
- https://github.com
- https://pypi.org
- Certificate authorities
Antivirus
The use of antivirus software is authorized on the PoC system. It is recommended to disable the antivirus during installation.
Exclusion Directories
To ensure optimal performance of critical applications and to prevent interference from antivirus scans, the following directories must be excluded from antivirus searches:
- C:\Automate-it
- C:\Program Files\Automate-it
- C:\Python_virtual_Env
- C:\Users\<user>\Embrace (or any other variant of this folder specific to the machine)
Notes
Replace <user> with the actual username of the user on the machine.
Ensure these exclusions are configured on all machines running critical applications dependent on these directories.
Database
Although possible for a production systems, Embrace doesn't recommend to externalize the database for a PoC.
The database deployed will be hosted on the server, in a docker container. It will be a PostgreSQL version 16.0+.
Should a future production deployment be initiated, proper preparation during the project phase will be essential. Collaboration with IT teams will be required to ensure seamless integration of the database, with particular attention to failover mechanisms and high availability configurations.
Sync
To ensure that all servers are synchronized, it is recommended to use an NTP server.
Communication
Remote access
Embrace and its certified integrators will need access to the server and workers in order to deploy and configure the solution.
The customer should provide proper VPN, credentials and other necessary security information to Embrace and its certified integrators.
SSH connection to the Linux machines should be possible.
RDP/Remote desktop to the Windows machine should be possible.
Embrace doesn't recommend any VPN or remote access solution in particular.
Project life
Important communication and decision should be sent by email.
Project configuration and deployment discussion should open over instant messaging such as Teams or Slack. Embrace and its certified integrators can provide such platform to the customer if necessary.
Scope of work
A scope of work will be written by Embrace team and its certified integrator in partnership with the customer to outline the goals and the ideas to be tested during the PoC.
Documentation
Knowledge base: https://embrace-support.freshdesk.com
Documentation and tutorials: http://doc-core-40.embrace.fr
Support: https://embrace-support.freshdesk.com/support/tickets/new
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article