# Getting Started: WebStream On-Premises

This page covers installing and configuring the WebStream server running in a virtualization environment in your data center or cloud. The WebStream server provides additional features for your Access Anywhere deployment.

General documentation at [[/webstream]].

## Prerequisites

You will need to prepare/collect the following to complete this configuration guide:

 * An Access Anywhere appliance 
 * The Access Anywhere "ApplAdmin" password - may be provided with your trial
 * Access to request/update a DNS name for the virtual machine

## Architecture

A single WebStream server provides streaming services to one or more Access Anywhere appliances. The server must be accessible by each Access Anywhere appliance as well as web browsers through a unique endpoint.

### Virtualization 

The Access Anywhere appliance can run on public and private clouds as well as in your data center. Images are provided for VMWare, KVM, and Hyper V.

### Sizing

^ Resource ^   Minimum ^  
| Memory  |     16 GB |   
| vCPU    |       8 |  
| Disk  |   100 GB |


## Deploy the WebStream appliance

Launch the appliance. 

If you are deploying to AWS see [[/webstream/gettingstarted/aws]].
.
## Configure Public Endpoint

Browser applications access the WebStream server through a public endpoint, a fully qualified domain name that resolves to a public IP address. The public IP address will route to the virtual appliance, usually through a firewall or load balancer. A trusted SSL certificate is required, and ports opened if needed.

### Add DNS Host Record

Choose a fully qualified domain name (FQDN) for the server. For example **webstream.example.com**.

Add DNS type A records for these domain names for the public IP Address such as:

^ Type ^ Name         ^ Value^
| A    | webstream        | 35.188.82.62|

Verify that Public DNS records are set up correctly by pinging the FQDN from the Access Anywhere appliance, and from your desktop.

    ping webstream.example.com 

### Configure Static IP Address

Out of the box, the WebStream appliance comes preconfigured for DHCP. For most environments, you will need a static IP address. You can easily do this with tools available on the appliance. If you have DHCP with dynamic DNS enabled, you should be able to simply connect to “appliance.yourcompany.tld”.

If not using DHCP remove the following line:

    iface eth0 inet dhcp

To configure the Static IP / Gateway / DNS etc. Edit the file at `/etc/network/interfaces`.
    
Uncomment the lines below

    iface eth0 inet static
        address 192.168.0.10
        netmask 255.255.255.0
        dns-nameservers 192.168.0.1
        gateway 192.168.0.1

Replace with appropriate values

Reboot the appliance, and reconnect via SSH.
 
Confirm that the static IP address is working.

Confirm there is bi-directional connectivity between Access Anywhere server and the WebStream server.


### Required Ports to Open

The appliance requires the following ingress ports:

^ Type ^ Protocol ^ Port ^ Source ^ Description ^
| SSH   | TCP     | 22         | My IP | SSH for initial configuration | 
| HTTPS | TCP     | 443         | Anywhere  | Web and API services | 
| HTTP | TCP     | 80           | Anywhere  | For Let's Encrypt | 


### SSH into Appliance

Log into the appliance through SSH as webstream. The default password is QuickChangeM3. 

    ssh webstream@<ipaddress>

This is a good time to change the webstream password

    passwd

Check that you can become root. The default password is MakeM4Secure. 

    su -

And again this is a good time to change the root password

    passwd

SSH access will be required to complete configuration.





## Setup Certificate

As the WebStream server delivers contents through your web browser a trusted SSL certificate for the public endpoint is required. To add this to the appliance, as root, go to the webstream directory:

    cd /root/webstream/

If you are going to bring your own certificates:

    cd config/certs
    
Replace privkey.key and fullchain.pem with your certificates 

    cd ~/webstream
    docker-compose restart
    
Confirm that when you hit the DNS record that valid certificates are there.

If you are going to use LetsEncrypt/Certbot for certificates:

    ./generateCertbot.sh webstream.sme.io james@example.com

(replace domain + your email address as appropriate)

## Generate an API Key

An API Key allows Access Anywhere instances to authenticate with the WebStream server. 

As root, go to

    cd /root/webstream/

Then run:

    ./generateApiKey.sh

Copy the API key that is generated and save it temporarily locally.

## Configure Access Anywhere

### Site Functionality

Go to ApplAdmin. > Site functionality

Set WebStream Server URL to your domain with a path of "/api". For example:

    https://webstream.sme.io/api

Set WebStream Server Auth Key to the key generated from the previous step. 
For example:

    MfxYkZruPHQdY3OBjQ0j0Rrv

### User Package

As the ApplAdmin navigate from the Main Menu to User Packages and edit the package you are using.

Under "Extra options" enable "WebStream" and select "Save".