Table of Contents
Getting Started: WebStream On-Premises
This page covers installing and configuring the WebStream server running in a virtualization environment in your data center or cloud. The WebStream server provides additional features for your Access Anywhere deployment.
General documentation at WebStream.
Prerequisites
You will need to prepare/collect the following to complete this configuration guide:
- An Access Anywhere appliance
- The Access Anywhere “ApplAdmin” password - may be provided with your trial
- Access to request/update a DNS name for the virtual machine
Architecture
A single WebStream server provides streaming services to one or more Access Anywhere appliances. The server must be accessible by each Access Anywhere appliance as well as web browsers through a unique endpoint.
Virtualization
The Access Anywhere appliance can run on public and private clouds as well as in your data center. Images are provided for VMWare, KVM, and Hyper V.
Sizing
| Resource | Minimum |
|---|---|
| Memory | 16 GB |
| vCPU | 8 |
| Disk | 100 GB |
Deploy the WebStream appliance
Launch the appliance.
If you are deploying to AWS see WebStream for AWS Cloud. .
Configure Public Endpoint
Browser applications access the WebStream server through a public endpoint, a fully qualified domain name that resolves to a public IP address. The public IP address will route to the virtual appliance, usually through a firewall or load balancer. A trusted SSL certificate is required, and ports opened if needed.
Add DNS Host Record
Choose a fully qualified domain name (FQDN) for the server. For example webstream.example.com.
Add DNS type A records for these domain names for the public IP Address such as:
| Type | Name | Value |
|---|---|---|
| A | webstream | 35.188.82.62 |
Verify that Public DNS records are set up correctly by pinging the FQDN from the Access Anywhere appliance, and from your desktop.
ping webstream.example.com
Configure Static IP Address
Out of the box, the WebStream appliance comes preconfigured for DHCP. For most environments, you will need a static IP address. You can easily do this with tools available on the appliance. If you have DHCP with dynamic DNS enabled, you should be able to simply connect to “appliance.yourcompany.tld”.
If not using DHCP remove the following line:
iface eth0 inet dhcp
To configure the Static IP / Gateway / DNS etc. Edit the file at /etc/network/interfaces.
Uncomment the lines below
iface eth0 inet static
address 192.168.0.10
netmask 255.255.255.0
dns-nameservers 192.168.0.1
gateway 192.168.0.1
Replace with appropriate values
Reboot the appliance, and reconnect via SSH.
Confirm that the static IP address is working.
Confirm there is bi-directional connectivity between Access Anywhere server and the WebStream server.
Required Ports to Open
The appliance requires the following ingress ports:
| Type | Protocol | Port | Source | Description |
|---|---|---|---|---|
| SSH | TCP | 22 | My IP | SSH for initial configuration |
| HTTPS | TCP | 443 | Anywhere | Web and API services |
| HTTP | TCP | 80 | Anywhere | For Let's Encrypt |
SSH into Appliance
Log into the appliance through SSH as webstream. The default password is QuickChangeM3.
ssh webstream@<ipaddress>
This is a good time to change the webstream password
passwd
Check that you can become root. The default password is MakeM4Secure.
su -
And again this is a good time to change the root password
passwd
SSH access will be required to complete configuration.
Setup Certificate
As the WebStream server delivers contents through your web browser a trusted SSL certificate for the public endpoint is required. To add this to the appliance, as root, go to the webstream directory:
cd /root/webstream/
If you are going to bring your own certificates:
cd config/certs
Replace privkey.key and fullchain.pem with your certificates
cd ~/webstream docker-compose restart
Confirm that when you hit the DNS record that valid certificates are there.
If you are going to use LetsEncrypt/Certbot for certificates:
./generateCertbot.sh webstream.sme.io james@example.com
(replace domain + your email address as appropriate)
Generate an API Key
An API Key allows Access Anywhere instances to authenticate with the WebStream server.
As root, go to
cd /root/webstream/
Then run:
./generateApiKey.sh
Copy the API key that is generated and save it temporarily locally.
Configure Access Anywhere
Site Functionality
Go to ApplAdmin. > Site functionality
Set WebStream Server URL to your domain with a path of “/api”. For example:
https://webstream.sme.io/api
Set WebStream Server Auth Key to the key generated from the previous step. For example:
MfxYkZruPHQdY3OBjQ0j0Rrv
User Package
As the ApplAdmin navigate from the Main Menu to User Packages and edit the package you are using.
Under “Extra options” enable “WebStream” and select “Save”.