Changing Configuration of Zoom Server

Configuring Database Location

By default, the Zoom database is installed in the following locations:

OSPath
Linux[ZoomDir]/db
WindowsC:\Program Files (x86)\Evolphin\DAM\db directory

There are a number of sub-folders that are contained within the db folder. The db has a few components:

FolderDescription
filedataStores the file data information for any of the assets stored in Zoom.
redoThe transaction logs for the server.
dbStores the system database information.
db-redo.bakBackup for redo transaction log.

It is configurable to change the locations of each of these components, however, the default install keeps these in the same location.

A common practice is for the db to be stored on a remote file share such as a SAN. The following instructions are a guide to how to move the database files to the new location.

If you current database volume is filling up and you are looking at moving to a network storage, please keep the following in mind:

Moving DB Location

New DB Storage OptionsCaveatsComments
NFSBest to avoid using NFS as NFS client drivers running on the database server make heavy use of file caching and can play havoc with write-consistency of a database volumeIf you are an expert with NFS tuning and the underlying NFS enterprise storage supports write-consistency by disabling NFS client caching completely, you can tread with caution. If you have never attempted this before then stay away from NFS
SMBCareful tuning of SMB allows write-through model for strong write-consistency. With such a setup it’s viable to use an SMB share for database storage. See this article from Microsoft for explanation.Core concept is data records must commit to disk, and not get stuck in caches for durability & data integrity. Please check if you have experience running database workloads off a write-consistent SMB share. Also shares will need to be mounted to a mount path with fail-fast behavior. If you don’t know what that means stick to the options below
DASDirect attached Storage such as a giant RAID box with direct connection to the file system device on the database server is typical for a database workloadThis is the easiest option for most teams as all you need to do is plug the DAS into the server to get a resilient storage connection with RAID modes setup for disk failover and avoid using any network protocol for database writes
SANUsing HBA card a SAN can be connected with FC to the database server for fast database workloadsFor scaling the database to TBs of storage this is often the best option that offers strong durability & write-consistency guarantees via a file system drive that doesn’t cache on the client side.
  1. Prior to moving your Zoom Database to a new location, ensure that the checkpointing is completed by referring to the server_log.0 under [ZoomDir]/logs directory.
    Refer to the following link for more details on Zoom server checkpointing on restart
    • For versions below 5.2, checkpointing is performed every time on the Zoom Server startup.
    • For versions after 5.2. restart can be configured to be done with or without checkpoint through server.xml
  2. Ensure that you have backed up the [ZoomDir]/conf directory and [ZoomDir]/db directory on your Zoom server:
    Refer to the following link for more details on backing up your zoom server
OSPath
Linux[ZoomDir]/db
Linux[ZoomDir]/conf
WindowsC:\Program Files (x86)\Evolphin\DAM\db directory
WindowsC:\Program Files (x86)\Evolphin\DAM\conf directory
  1. Stop the Zoom Server and Zoom Preview Server.
  2. Move your current Zoom DB directory to the desired location If placing the DB on a network share, it is necessary for the server to be mapped beforehand.
  3. Navigate to [ZoomPath]/conf/.
  4. Open the server.xml file.
  5. Search for a section called <dbspec>.
  6. Under the tag <defaultRoot>, change the path to the network path. If placing the DB on a network share, it is necessary for the server to be mapped beforehand.
  7. Under the tag <redoLogDir>, change the path to the network path.
  8. Under the tag <fileDataDir>, change the path to the network path.
  9. Save and close the file.
  10. Start the Zoom Server and Zoom Preview Server services.
  11. Open your web browser and navigate to the Web Management Console (http://localhost:8443) and confirm that the server is running. If the server is not running, troubleshoot using your server_log located in [ZoomPath]/logs/

Configuring Preview Server

The Preview Server enables preview generation for the Zoom setup. It acts as a cache between various Zoom Clients and the Zoom Server.
Preview Server needs a running Zoom server to work with, without any Zoom server Preview Server won’t work and can’t serve the request.

Prerequisites/Checklist

  1. Up and Running Zoom server. It may be on the same machine or different machine.
    1. Make sure the Zoom server has valid license installed.
    2. Make sure the Zoom server has super admin account created.
  2. Information about Zoom server URL with protocol, host and port.
    1. Zoom Server URL will look like: https://zoom-server:8880.
    2. Make sure you know the correct port and host name of the Zoom server.
  3. Make sure the Zoom server version is compatible with the Preview Server.
  4. Make sure you can ping the Zoom server host from the Preview Server.
  5. Important: Make sure the Zoom server port is reachable from the Preview Server. Many times Admins forget to whitelist or open the Zoom server port. Please make sure to add proper firewall/iptables rules which allows access to Zoom server port from the Preview Server.
  6. Important: Further configuration assumes, you have access to the Preview Server machine, like SSH or RDP access to the main server machine.

Locate Preview Server Configuration XML File

On Windows
  • C:\Program Files (x86)\Evolphin\DAM\conf\preview-server.xml

Note: If you don’t find the server at this location, you might have installed the server in a different Drive or directory.

On Linux
  • /home/evolphin/zoom/conf/preview-server.xml

Note: If you don’t find the server at this location, you might have installed the server in a different Drive or directory.

Connect Preview Server with Zoom Server

  • Open and edit preview-server.xml file.
  • Locate XML tag <zoomServerHostPort>.
  • Enter the Zoom server URL in the <zoomServerHostPort> tag.
    Like: <zoomServerHostPort>https://zoom-server:8880</zoomServerHostPort>.
  • Save the file and restart the Preview Server.
  • Open Webclient and see if you are able to connect and work.

Set Preview Server Cache Location

The default Preview Server cache location is [SERVER_INSTALL_DIR]/webcontext/servers/PreviewServer/cache
The “[SERVER_INSTALL_DIR]” is the installation location of the Preview Server.

  • Open and edit preview-server.xml file.
  • Locate the XML tag <previewCacheLocation>.
  • Change the cache location according to you need.
    Like: <previewCacheLocation>/home/evolphin/zoom-deploy/preview-cache</previewCacheLocation>.
  • Save the file and restart the Preview Server.

Note: If you are relocating the Preview Server cache, it would be best to copy the contents of existing cache directory to the new location. Otherwise Preview Server has to generate the cache files again.

Configure Preview Server Cache Cleanup

By default Preview Server doesn’t do any cache cleanup. Over the time that will result in the increased disk usage.
It is recommended to enable the cache clean up and keep cache size in check. Please follow the below given details carefully to setup the cache cleaning rules.

Note: If this is a fresh install of Windows Server, it is recommended to use an alternative text editor such as Notepad++ for editing the text files. It makes reading the configuration files more legible.

Setting Cache Cleaning Rules

  • To setup the cache cleaning rules, you need to access to the preview-server.xml file. A section above explains where to find the preview-server.xml on the Preview Server.
  • Once you have located the preview-server.xml file, open it in your favorite editor.
  • Locate the section: <cacheCleaningRules> in the preview-server.xml file

Here is an example of how this section looks in the XML file:

<previewserverspec>
...
...
<!-- EXAMPLE OF CACHE CLEANING RULES -->
<!-- These rules keeps the cache size under 200GB and performs the clean up in every 7 days -->
 <cacheCleaningRules>
    <cleanFrequencyInDays>7</cleanFrequencyInDays>
    <cleanFrequencyHours>0</cleanFrequencyHours>
    <cleanFrequencyMinutes>0</cleanFrequencyMinutes>
    <cacheCleanThresholdPercentage>90</cacheCleanThresholdPercentage>
    <maxAllowedCacheSizeInGB>200.0</maxAllowedCacheSizeInGB>
    <cleanDownloadsOlderThan>5</cleanDownloadsOlderThan>
    <additionalCleanupOption>DEFAULT</additionalCleanupOption>
  </cacheCleaningRules>
...
...
</previewserverspec>

Understanding the cache cleaning tags:

  • cleanFrequencyInDays – Controls the clean up schedule in terms of days.
  • cleanFrequencyHours – Controls the clean up schedule in terms of hours.
  • cleanFrequencyMinutes – Controls the clean up schedule in terms of minutes.
  • cacheCleanThresholdPercentage – This values controls the minimum threshold to trigger the cleanup is cache is filled up-to this threshold. For example: if maxAllowedCacheSizeInGB is set to 100GB, and cacheCleanThresholdPercentage is 80, then the Preview server will try to maintain the cache size between 80GB to 100GB.
  • maxAllowedCacheSizeInGB – Max allowed cache size in GB. Beyond this point, Preview Server will clean the files in the reverse chronological of their last access time. Server will give the preference to the files which have not been accessed recently.
  • cleanDownloadsOlderThan – Max cleanup time in days for the custom downloads like zips, collection downloads etc…
  • additionalCleanupOption – This is for now has to be set to DEFAULT.

Note: In the preview-server.xml you might see more options inside the cache cleaning rules tag. You can ignore other options which are not listed here. Those options are planned to be removed in the future releases.

Note: Make sure to save the changes and restart the Preview Server afterwards. Preview server logs can be inspected for the cleaning working. Preview server will print the various logs messages related to the cache size and found files during the cleanup.

Setting Preview Server Location

From Zoom 7.3 onwards, location can be set for the Preview Server which in turn will be the location of all the web-based Zoom apps connecting to this Preview Server.

Note: Locations are configured on the Zoom Server using Server Zoom Properties page in the Web Management Console. After these locations are set up, these may be chosen by any desktop Zoom Clients or set for the Preview Server.

Follow these steps to set the location for the Preview Server:

  1. You could set the location for Preview Server using one of two files. Update any one of these files on the Preview Server:
    1. Option 1: Using preview-server.xml.
      1. Set the tag <currentLocation> to the desired location. If the tag exists then update its value and if it does not exist then add it. For example:
        <previewserverspec>
        ….
        <currentLocation>Bristol</currentLocation>

        </previewserverspec>
      2. Note: This location must already be present and configured on the Zoom Server.
      3. Save the changes and restart the Preview Server.
    1. Option 2: Using zoom.properties:
      1. Open zoom.properties for editing from the .zm folder for the Preview Server (Windows – [OSInstallDir]\Windows\System32\config\systemprofile\.zm\ and Linux – $Home/.zm/)
      2. Set the property CURRENT_LOCATION property to the desired location. If the property exists then update its value and if it does not exist then add it. For example:
        CURRENT_LOCATION=Bristol
      3. Note: This location must already be present and configured on the Zoom Server.
      4. Save the changes and restart the Preview Server.

The desired location has now been set for the Preview Server. This location will now be used for web-based Zoom clients like the Web Client and Web Asset Browser.

Preview Server on a different machine

Zoom Database & Preview Service on same Machine

By default when you install the Zoom package on a server machine, the Zoom Database/DAM server and the Zoom Preview Server are co-located on the same machine. Based on how your default NIC (Network Interface Card) on the server is configured, the default network settings may work out of the box. Often the network administrators wants to use a custom host name in DNS or an IP address for the services. Follow this section to configure the network settings correctly.

  1. Choose the DNS hostname or an IP address that you want the end-user to see when accessing the Zoom Database or Preview service. For the rest of this section, the desired hostname will be zoom.mytestdomain.com
  2. Either login into the Zoom Server machine and go to Web Management Console port on the Zoom Server: http://localhost:8443 or from a remote web browser go to http://<ip-address-zoom-server-if-accessible>:8443 if the specified IP address can be used to connect to the Zoom Server administration service.
  3. Click on the Server Control Panel -> Network Settings:

  4. Change the Server Host/IP to the desired name such as zoom.mytestdomain.com.
    Do not change the Internal Host/IP unless you want to bind the port to a specific NIC.
  5. Save and restart the service.
  6. Go back to the Web Management Console port on the Zoom Server, this time click on Server Control Panel -> Admin Server Config

  7. Change the Admin Server Host/IP to the desired name such as zoom.mytestdomain.com.
    Do not change the Internal Host/IP unless you want to bind the port to a specific NIC.
  8. Make sure that your Zoom Server and Zoom Preview Server services are stopped.
  9. Navigate to [ZoomInstallPath]/conf/.
  10. Open the server.xml file for editing.
  11. Search for a section called <reviewserverspec>.
  12. Under the tag <ServerConnection> change the host and/or port (std or SSL) to the hostname/IP of the Zoom server machine

  13. Save and close file.
  14. Finally, open the preview-server.xml file for editing.
  15. Change the hostname in the zoomServerHostPort and webminHostPort tag, to the Zoom server machine host/IP name:
  16. Save and close the file
  17. Restart both Zoom & Preview service.

Verifying the Zoom Server Settings

  1. Open a command terminal on any Zoom Client desktop machine that has the Zoom Client installed
  2. Run the command: zm -s http://<mydam-server>:8880  getcredentials in the terminal
  3. Confirm that the Preview Server parameter: rv_server is pointing to the Zoom Server host/IP address
  4. Confirm that the wbm_server host name is pointing to the Zoom Server host/IP address

Zoom Database & Preview Service on different Machines

By default when you install the Zoom package on a server machine, the Zoom Database/DAM server and the Zoom Preview Server are co-located on the same machine.

For performance reasons, Enterprises that wish to dedicate separate server machine for each server can do so by following the steps below. Any number of Preview Servers can be setup to connect with a single Zoom Database/DAM servers.

Pointing Database Server to a Preview Server

  1. Make sure that your Zoom Server and Zoom Preview Server services are stopped.
  2. Navigate to [ZoomInstallPath]/conf/.
  3. Open the server.xml file for editing.
  4. Search for a section called <reviewserverspec>.
  5. Under the tag <ServerConnection> change the host and/or port (std or SSL) to the Preview Server machine:

  6. Save and close the file.
  7. Start the Zoom Server
  8. Stop and disable the Zoom Preview Service on the Database server machine as it is going to be setup on a different Preview Server machine now.

Pointing Preview Server to the Database Server

  1. Login to the Preview Server machine
  2. Make sure that your Zoom Preview service is stopped.
  3. Navigate to [ZoomInstallPath]/conf/.
  4. Open the preview-server.xml file for editing.
  5. Search for a section called <previewserverspec>.
  6. Edit the value for tags <zoomServerHostPort> and <webminHostPort> to point to the Zoom DAM server host:port:

  7. Save and close file.
  8. Start the Zoom Preview Server
  9. Stop and disable the Zoom Database Service on the Preview server machine as it is going to be setup on a different Database Server machine now.

Verifying the Preview Server Settings

  1. Open a command terminal on any Zoom Client desktop machine that has the Zoom Client installed
  2. Run the command: zm -s http://<mydam-server>:8880  getcredentials in the terminal
    get-credentials

  3. Confirm that the Preview Server parameter: rv_server is pointing to the Zoom Preview Server machine

Configuring SMTP Server

Zoom can integrate with your mail server so that a notification will be sent for events like:

  • The server restarts (to admin)
  • An asset is modified in a collection inside Web Client
  • A user is sent a Lightbox (Zoom 6.0 and below)
  • A user is sent a Workflow task
Some notifications need to be configured further after configuring SMTP settings.
Follow these steps to configure SMTP for your Zoom setup:
    1. Log in to the Web Management Console.
      Ex. http://MyZoomServer:8443
    2. Under System, click on System Control Panel.
    3. Click SMTP Settings.
    4. Enter the following fields:
      Field Description
      SMTP server hostname/ip     The IP Address or DNS address to the SMTP server
      SMTP Port SMTP server’s port
      SMTP Security SMTP server’s security protocol
      SMTP user  The login username for the SMTP server
      SMTP password  The login password for the SMTP server
      Reply To The email address(es) that will receive a reply if sent by the receivers of the mails from the SMTP server
      Bcc list The email address(es) that will receive a Bcc reply if sent by the receivers of the mails from the SMTP server
      From   Which address will appear as the sender to users when they receive an email from the SMTP server. Eg. Zoom-server@example.com
    5. Click Save.
    6. When prompted to restart the server, click Yes.

If successful, you should see an email notification to your admin that the server has restarted. If you do not receive a notification, look at the server log to troubleshoot why your SMTP server is not connecting.

If you are using Gmail in your SMTP configuration, you will also need to explicitly allow access to less secure apps for this configuration to work. To do this, login to your Gmail account and go to the security section inside settings. Ensure that Less secure app access is enabled.

Configuring Active Directory / LDAP

For many organizations, LDAP Server is a key way to allow their users to log into multiple systems. Evolphin Zoom has native support to integrate with your LDAP Server, including popular Directory Services, like Microsoft Active Directory and Novell Directory Service. The following instructions provide you with information on how to fetch the desired subset of existing users, groups, and other associations from your LDAP Server into Zoom.

Make sure that Directory Service is installed and configured on your LDAP Server. If using, then SSL is also enabled and configured on your LDAP Server. Admin access to your LDAP Server should be available.

Prepping your LDAP Server

Before moving user information to Zoom, you need to identify what should be copied to Zoom. Identify:

  • Users that should be copied to Zoom.
  • If any roles should be created in Zoom. Also, which of these roles should be mapped to some, all, or none of these users.
  • If any projects (existing in Zoom) should be assigned to some or all of these users.

Firstly, locate the users for pulling into Zoom. All of these users should belong to one common group that will be called the Zoom Filter group. Any user with an email, that also belongs to this Zoom Filter group, will be copied to Zoom.

Additionally, you can also identify other groups that will map as roles in Zoom. These other groups should also be a member of the Zoom Filter group. Each user that should automatically get one or more of these roles in Zoom should be mapped correspondingly to one or more of these other groups on the LDAP Server as well. Roles may also have no users mapped to them.

Lastly, you can also check which Projects in Zoom you would want to automatically assign to one or more of these users. Each user that should automatically be assigned one or more projects in Zoom should have the same project names set in their Project attribute on the LDAP Server as well.

On your LDAP Server, make sure to:

  • Configure one group as the Zoom Filter Group containing all users that you wish to copy to Zoom.
    • These users’ mail attributes should be filled in.
  • Optionally, configure additional groups that are also members of the Zoom Filter Group.
    • Additionally, each of these users may also be assigned to zero or more of these groups.
  • Optionally, these users also have their Project attribute filled in. The project name is case-sensitive and the project should also already exist in Zoom.

Zoom Filter Group

In order to pull users & groups from the LDAP Server into Zoom, a filter group must be created in the LDAP Server’s database first. For example, CN=ZOOM_DAM_USERS, OU=Enterprise Apps, DC=corp,DC=acme,DC=com in the diagram below:

Sample LDAP/AD container hierarchy

In addition, it is recommended to create Security Groups in the LDAP Server for the permissions that Zoom support, these permissions must be applied to the groups after these have been pulled into Zoom:

PermissionEffect
NoneHas no access to any resource
DistributeCan read only published project items
ReviewInherits Distribute permission and can read those project items that have been marked for review
ReadInherits Review permission and can read/view any resource
ContributeInherits Read permission and can add new items
EditInherits Contribute Permission and can delete their own items
Edit_AllInherits Edit Permission and can delete all items
AdministerInherits Edit_All Permission and can change project configuration

Any user or group in the LDAP Server must be a member of the Zoom filter group in order to be pulled into Zoom. That implies that you need to add users to both the Zoom filter group as well as the groups you will be pulling. If you failed to add users to the groups you wish to pull, the groups will be empty in Zoom after import.

Also, the “mail” attribute needs to be set for each user you wish to pull into Zoom. If the “mail” attribute is missing the user will not be pulled into Zoom.

What will be read from the LDAP Server?

At the minimum, all users that have emails configured and are assigned to the Zoom Filter group will be read and pulled into Zoom. Additionally:

  • If these users also belong to other groups that are members of the Zoom Filter group, then these groups will be created as Roles and automatically mapped to these users in Zoom. The roles will be created under the masterldap role that already exists in Zoom.
  • From Zoom 7.5 onwards, if these users also have a Project attribute assigned on the LDAP Server and these projects already exist in Zoom (case-sensitive), then these Projects are also automatically assigned to these users in Zoom. If the Project attribute has a Project name that does not exist in Zoom, then it is skipped.
On the LDAP ServerFirst-time pull in ZoomSubsequent pull in Zoom
Users belong to the Zoom Filter group.Users are created and mapped to masterldap role.

 

Zoom admins will need to update roles and assign projects for these users.

Users are added or removed from Zoom as per their membership in the Zoom Filter group on the LDAP Server.
Users belong to the Zoom Filter group.

 

Other groups are also members of the Zoom Filter group.

Some users belonging to the Zoom Filter group also belong to some of these other groups.

Users are created. Roles are created under the masterldap role from the groups on the LDAP Server. (Only groups that are members of the Zoom Filter group)

 

Users assigned to their corresponding role as per the group they belonged to. If a user only belonged to the Zoom Filter group, she will be assigned the masterldap role. If the other group has no users, then the corresponding role in Zoom will have no user assigned to it.

These newly-created roles will have permission set to None and will be assigned all projects.

Zoom admins will still need to assign projects for these users.

Users are added or removed from Zoom as per their membership in the Zoom Filter group on the LDAP Server.

 

Roles are added or removed from Zoom as per the membership of groups in the Zoom Filter group on the LDAP Server.

Users belong to the Zoom Filter group.

 

Some users have Projects assigned to them (with names that also exist in Zoom)

Users are created, mapped to masterldap role, and projects assigned as read from the LDAP Server. (Project names are case-sensitive and should exist on Zoom)

 

Zoom admins will need to update roles for these users and assign projects for users that didn’t have Project attribute set on the LDAP Server.

Users are added or removed from Zoom as per their membership in the Zoom Filter group on the LDAP Server.

 

New projects are associated with users when added on the LDAP Server. But, projects are never unassigned from the Zoom user when removed from the user on the LDAP Server.

Users belong to the Zoom Filter group.

 

Some users have Projects assigned to them (with names that also exist in Zoom)

Other groups are also members of the Zoom Filter group.

Some users belonging to the Zoom Filter group also belong to some of these other groups.

Users are created and projects assigned as read from LDAP Server. (Project names are case-sensitive). Roles are created under the masterldap role from the groups on the LDAP Server. (Only groups that are members of the Zoom Filter group)

 

Users assigned to their corresponding role as per the group they belonged to. If a user only belonged to the Zoom Filter group, it will be assigned the masterldap role. If the other group has no users, then the corresponding role in Zoom will have no user assigned to it.

These newly-created roles will have permission set to None and will be assigned all projects.

Zoom admins will still need to assign projects for users that didn’t have Project attribute set on the LDAP Server.

Users are added or removed from Zoom as per their membership in the Zoom Filter group on the LDAP Server.

 

Roles are added or removed from Zoom as per the membership of groups in the Zoom Filter group on the LDAP Server.

New projects are associated with users when added on the LDAP Server. But, projects are never unassigned from the Zoom user when removed from the user on the LDAP Server.

Setting up LDAP without SSL

To configure LDAP in Zoom, you need to:

  • Save LDAP settings
  • Update to LDAP Realm
  • Pull users from LDAP Server

Follow the sections below to see the steps:

Saving LDAP Settings

  1. In your preferred web browser, open the Web Management Console.
  2. Log in using your Zoom admin credentials.
  3. In the left sidebar, click Server Control Panel under the Server section.
  4. Click LDAP Server Settings.

  5. Fill in the following values to meet your organization’s needs:
    Field Description
    Host The machine IP/Hostname where LDAP Server is running
    Port Port number where the LDAP Server is listening. Default 389
    Use SSL See section “Setting Up LDAP (with SSL)
    Base DN The distinguished name of the base context in the LDAP repository within which the users and groups defined; this will act as the base container from which any lookup/search will execute. If you have thousands of users in LDAP, please create an appropriate container to limit the search scope. Note: If you have multiple OU organizational units that you are referring to for your users, your base DN needs to encapsulate both OUs.Ex. CN=Users,DC=ZOOM,DC=local
    Username Attribute The attribute that would mark the username.Ex. sAMAccountName
    Groupname Attribute The name of the attribute that would mark the name of the group: typically, cn for any group entry. Ex. CN
    LDAP Searching Username The DN of the user name entity that will be used to bind to the LDAP Server. This username must be a member of a group with enough privileges to be able to search the LDAP db.Ex. ZOOM\Administrator or CN=Administrator,CN=Users,DC=ZOOM,DC=local
    LDAP Searching Password The password associated with the searching username.
    Exclude Users A comma-separated list of user DNs to ignore
    Exclude Groups A comma-separated list of group DNs to ignore
    Filter Group The DN of a group that will contain all users who would operate with Zoom, and also all the groups that the users are organized into.Ex. CN=ZOOM_DAM_USERS, OU=Enterprise Apps, DC=corp,DC=acme,DC=com in the diagram above.
     Follow Referrals* Enable this when using multiple LDAP Servers.
    Encode URLs* Enable this if spaces or special characters are used in the user names, organizational units, or groups.
    Auto Pull Frequency Specify the number (in days) for the frequency at which information will be pulled again from the LDAP Server. This will get information about any change in users/projects/roles.
    * Available from Zoom 7.5 onwards.
    Available from Zoom 7.3 onwards.
  6. Click Save. Settings should look similar to sample settings below:

  7. You will be prompted to restart the server. Click Yes.

LDAP Settings are saved in Zoom.

Updating to LDAP Realm

  1. In your preferred web browser, open the Web Management Console.
  2. Log in using your Zoom admin credentials.
  3. In the left sidebar, click Server Control Panel, then click Security Settings and verify the security realm is switched to ExtLdapRealm, if not change it to :
    ExtLdapRealm. This will switch the authentication provider to LDAP from the local Zoom user database.
    This is an irreversible switch, please make sure you really want to do this before switching.

The Realm is now updated.

Pulling users from your LDAP Server

  1. In your preferred web browser, open the Web Management Console.
  2. Log in using your Zoom admin credentials.
  3. In the left sidebar, click Manage accounts under User Accounts.

  4. Click Pull Users and Roles From LDAP Server.If successful, you should see a list of the names in your Security Group listed in the manage accounts and the following dialog:

Setting Up LDAP with SSL

The following sections describe how to configure the specific items to allow LDAP to authenticate over SSL using Microsoft Active Directory. These instructions assume that the base configurations were applied in section, Setting Up LDAP without SSL.

Exporting Certificate from Active Directory

Windows 2012

  1. Log into your Active Directory server using Administrator credentials.
  2. Search for certsrv.msc
    certsrv_msc
  3. Click Enter on your keyboard.
  4. Select Certification Authority in the left sidebar, right-click and select Properties.
  5. SSL_selectProperties
  6. Select the Details tab.
    SSL_clickDetails
  7. Click the Copy to file… button.
    SSL_copyToFile
  8. Click Next.
    SSL_copyToFile_Dlg01
  9. Select Base-64 encoded X.509 (.CER) and click Next.
    SSL_copyToFile_Dlg02
  10. Click Browse… and select your desired location to export the certificate file to. Then click Next.
    SSL_copyToFile_Dlg03
  11. Click Finish.
    SSL_copyToFile_Dlg04

Importing Certificate from Active Directory

In order for Zoom to properly connect to Active Directory using SSL, it will need to import the certificate into its Keystore. The following instructions describe how to import the Active Directory certificate into the Java JRE.

NOTE: You need the Java keytool.exe installed on the machine. If it is not installed with your Evolphin JRE, install a different JRE on your computer. You may need to set your absolute path in order to run the keytool.exe command.

  1. Click Start menu.
  2. Search for cmd.
  3. Right-click on Command Prompt.
  4. Select Run as Administrator.
    SSL_runAsAdministrator
  5. Type into Command Prompt:
    cd "C:\Program Files (x86)\Evolphin\DAM\jre\lib\security"
  1. Hit Enter.
  2. Type into the Command Prompt:
    keytool -import -alias adcert -file <INSERT PATH TO CERTIFICATE> -keystore cacerts
    Make sure that your path is in quotation marks to escape the spaces in the path.

    The cacerts is relative to where you are in the command line, so if you are not in the security folder, you can put an absolute path here.

    The keytool application is not packaged along with the Zoom server. You can find it in any regular JRE installation.
  3. You will be prompted to enter the keystore password.
    By default, the password is changeit.
  4. Hit Enter.
  5. You will be prompted whether you want to trust this certificate. Hit Yes.
  6. Hit Enter.

Your certificate should now have been installed correctly.

Move to the next section to enable SSL for LDAP connections in Zoom.

Configuring SSL for LDAP in Zoom

These instructions have been truncated for SSL specific settings. For other settings, please refer to Setting Up LDAP without SSL

  1. In your preferred web browser, open the Web Management Console.
    ex. http://localhost:8443 or http://<zoomserver>:8443
  2. Log in using your admin credentials.
  3. In the left sidebar, click Server Control Panel under the Server section.
  4. Click LDAP Server Settings.
  5. Under LDAP Port, type 636.
    636 is the default SSL port for LDAP
  6. Check the box Use SSL.
  7. Click Save.
  8. You will be prompted to restart the server. Click Yes.
  9. Refresh your web browser.
  10. Log in using your admin credentials.
  11. In the left sidebar, click Manage accounts under User Accounts.
  12. Click Pull Users and Roles From LDAP Server.If successful, you should see a list of the names in your Security Group listed in the manage accounts and the following dialog:
    LDAP_Confirmation

Configuring Archive Location

Available Archive Modules

An archive module allows the Zoom archive manager to delegate the actual archive/restore operation to a specific archive handler. The following are currently supported:

Archive ModuleTypeImplementedDescription
BasicInternalBuilt-inSupports archiving to a single file system path on the network
Path-specific ArchiveInternal

Built-in

Similar to basic, plus the ability to map Zoom project vaults to different file system directories. This allows each brand/business unit to have its own archive storage
File System ArchiveExternal

Zoom 7.3 onwards – using Hub (as Hierarchical Archive)

Supports archiving to external file systems and media using Evolphin’s Hub Server
S3/BlobStoreExternal

Until Zoom 7.2 – using scripts

Zoom 7.3 onwards – using Hub (as Hierarchical Archive)

Supports Object Blob Storage or Cloud-based Storage such as Google Cloud Storage, AWS S3, Cloudian S3, or Microsoft Azure Blob
FrontPorchExternalUsing scriptsSupports Oracle FrontPorch DIVA
SGLExternalUsing scriptsSupports SGL FlashNet

Enable Archive Management License

Archiving is an optional feature that is available only to deployments that hold an appropriate license. You can check your license information in Zoom’s web-based administration console.

To check the license information, log on to your administration console in a browser at a URL like this: http://zoomserver:8443/

From the navigation menu on the left, click open the “License Management” option under the “System” menu. If you hold a license that allows archive operations you will see a separate “Archive Management” menu in your navigation panel as shown below.

Archive License

Configuring Basic Archive Module

For users who have archive as part of the Zoom license they have purchased, Zoom can archive assets to a single designated archive location using the Basic Module. This folder location must pre-exist at the Zoom DAM server in order for the configuration to work. You can configure location of the Archive by doing the following:

  1. In your preferred web browser, go to the Web Management Console.
    ex. http://localhost:8443 or http://<zoomserver>:8443
  2. Log in using your admin credentials.
  3. In the left sidebar, click on Server Control Panel under the Server section.
  4. Click on Archive Management.
  5. Under Archive Location, set the path to the archive folder as it exists on the Zoom DAM server.
    Ex. e:\zoom\archive\ or /mnt/Archive on the Zoom MAM server.

  6. Restore Threshold: This is the file size in bytes which is a threshold for restore petition. Please check the section on “Restore Petition” for more details. The default threshold is -1.
  7. Click Save.
  8. You will be prompted to restart the server. Click Yes.
  9. Refresh your web browser.

Configuring External Archive Module

This post explains the steps involved in setting up archiving to external systems like S3 / SGL / DIVA or dedicated File-System partitions. The external systems act as a secondary archive storage for the Zoom internal, and Zoom referenced (or indexed) assets.

Understanding the External Archive Flow

Archive Pre Hook Flow

  1. The user initiates an archive from Asset Browser, the control passes to the archive pre-hook installed on Zoom server. Metadata is updated on the asset as shown in the diagram below. The hook is responsible for marking assets in a  “Pending ..” state for them to be archived by the Archive Cron timer task

Checkpointing

If the asset is a Zoom direct asset (stored in the Zoom database), it needs to be checkpointed before it can be archived. Checkpointing will ensure all the versions are stored in an “Asset ID” file that will be copied to the external archive. Assets that have native or mid-res proxy on an external storage such as a SAN, can be copied without checkpointing but even for these assets the low-res proxy is often checked-in into Zoom database as a direct asset. if so the low-res proxy will also need to be check-pointed in order to archive.

Archive Cron Flow

The archive cron timer task will run periodically and submit assets that are ready for archiving to the external archive system such as S3 or SGL. The assets need to meet the following requirements:

  1. Metadata needs to indicate a “Pending..” status
  2. Direct asset/low-res proxy in Zoom database representing the asset needs to be check-pointed

Monitor Flow (for SGL and other Job Queue bases external archive systems)

Understanding the External Restore Flow

Restore Pre Hook Flow

  1. User initiates  a restore from Asset Browser, the control passes to the restore pre-hook installed on Zoom server. Metadata is updated on the asset as shown in the diagram below. The hook is responsible for marking assets in a  “Pending Restore..” state for them to be restored by the Archive Cron timer task

Archive Cron Flow

The archive cron timer task will run periodically and copy assets that are ready for restore from the external archive system such as S3 or SGL. The assets need to meet the following requirements:

  1. Metadata needs to indicate a “Pending restore..” status

SGL Monitor Cron Flow

For SGL external archive system the following flow is used:

Steps to install and configure the Archive components

  1. Install Perl library components.
  2. Install the Archive-specific modules.
  3. Configure the archive and restore pre-hooks 
  4. Update the various configuration files for your deployment.
  5. Configure the recurring archive timer – Cron for Linux and for Windows a timer. 

Installing the Perl libraries and modules

Review and follow the instructions for installing the Perl SDK. You only need Perl and the modules so just follow the instructions for “Perl Installation”. 

If the zip contains an “extras” folder, there is a perlmodules.bat file that you can just run from the command line to install all the modules which include some extras for Archive. If you do not use the script make sure you install Data::UUID 
Note: for Windows use Strawberry Perl 5.24.1.1 

Installing the Archive Modules

Download the archive.zip file from the support site or your mail. 

Usually our config files are defaulted to be organized under a root folder called “zoom-deploy”. 

After unzipping you should have the following folder structure. 

<your_root_folder>/

                                ArchiveCron/

                                                     conf/

                                                             config.ini

                                                             log4perl.conf

                                                     archiveCron.bat      Note: only for Windows deployment

                                                     archiveCron.pl

                                ArchivePreHook/

                                                           conf/

                                                                   config.ini

                                                                   log4perl.conf

                                                           archive-hook.bat  Note: only for Windows deployment

                                                           archive-hook.pl

                                lib/  Note: not exploded contains all the modules used by the system

                                logs/

                                        Archive-Cron.log

                                        Archive-Prehook.log

                                        archiveCronBat.log       Note: only for Windows deployment

                                        archiveHiresBat.log       Note: only for Windows deployment with VFX

                                        RestorePre-Hook.log

                                        RestorePreHookBat.log    Note: only for Windows deployment                               

                                RestorePreHook/

                                                            restorePreHook.bat    Note: only for Windows deployment

                                                            restorePreHook.pl

 

 

 

Configuring the Archive / Restore Pre-hooks

  • Login to web-based admin console
  • Open the “Server Control Panel” menu
  • Launch the Archive Settings menu option
  • Check “Enable Archive”
  • Create a folder on your server file system and copy/paste that path into “Archive Location”. 
  • Put the path for the “Pre-script for Archive” in the box. In our example we are using C:/zoom-deploy/ArchivePreHook/archive-hook.bat
  • Put the path for he “Pre-script for Restore” in the box. in our example we are using C:/zoom-deploy/RestorePreHook/RestorePreHook.bat
  • Leave both “Post-script” fields blank
  • Set your email list if you are using one, you can add it at a later date.
  • Set “Limit on Arguments on Command line” to 0. 
  • Click on the fields for archive and restore pre-processing, and point them to the Archive and Restore pre-hook batch files (if Windows) or perl scripts (if Linux). See screenshot below.
  • Save and restart server for the changes to take effect. 
Archive Panel view

Configuration Files

It is recommended that before you edit any config.ini file you make a copy and name it something unique first. 

System-wide Common Parameters

For every config.ini, ArchiveCron, ArchivePreHook and RestorePreHook we have common sections; these are detailed below:

[ZOOMSERVER]

serverURL= http://<your host IP address>:8880 

IP and port for your server

webminURL=http://<your host IP address>:8443

IP and port for your server

serverUsername=<your admin account>

Zoom admin user account to use

serverPassword=<your admin password>Password for the above account

 

 [METADATA]

proxy=<your metadata group>_ProxyIndicates whether or not, an asset is a proxy for a high-res external asset. [VideoFX]
hiResPath=<your metadata group>_NativeFilePathIndicates the path where the high-res external asset is placed. [VideoFX]
hiResArchiveStatus<your metadata group>_HiResArchStatusIndicates the current status of the external archive operation on the high-res asset. [VideoFX]
directArchiveStatus=<your metadata group>_DirectArchivetatusIndicates the current status of the external archive operation on the Zoom assets. [In VideoFX setup, specifically for non-proxy files]
lowresArchiveStatus=<your metadata group_DirectArchiveStatusIndicates the current status of the external archive operation on the low-resolution proxy asset. [VideoFX]
midresArchiveStatus=<your metadata group_MidResArhchiveStatusIndicates the current status of the external archive operation on the mid-res asset. [VideoFX]

Archive Pre-Hook config.ini

see notes on common section above

[TO ARCHIVE] – this section tells the system which categories of files are to be archived. Set 0 = disable and 1 = enable. 

hires=0 or 1Enable to archive high-res assets
midres=0 or 1Enable to archive mid-res assets
lowres=0 or 1Enable to archive proxy of external high-res assets
direct=0 or 1Enable to archive assets directly ingested into the Zoom repository

ArchiveCron config.ini

see notes on common section above

[DEFAULT UNC path]

root_UNC_PATH

Specify the location that the assets must be copied to, if no dedicated path is defined for the project to which an asset belongs

[Project UNC map]

<Zoom Project Root Path> Location where assets belonging to this project must be archived to
  
Please use project Root Directory instead of Project Name. The Project Root Dir can be determined from the Zoom Project Settings in Web Management Console or using Z -> Zoom Repository app from the desktop and mouse over the Project name in the left navigation.

[ARCHIVE]

archiveModule Can be set to “AwsS3”, “FileSystemArchive”, “SGL”
  

Zoom Server Metadata.xml

If you choose to follow our metadata recommendation, add the following to your metadata.xml and restart the server. 

ARCH metadata example
It is recommended that you make these parameters as mandatory in your settings. 
If you have the extras folder, it is in ARCH_metadata_example.xml

The Cron or Timer Task

A key component of the external archive module is a script that needs to be periodically run continuously, without user intervention. To achieve this, we configure the target script using a Cron tab in Linux, or using the Windows Task Scheduler in Windows. See details below. 

For Linux

When set, this will cycle and call the archiveCron.pl causing archive and/or restore events to run. 

For Linux you set up cron for the user account and the following line can be copied and pasted into your crontab. 

*/1 * * * * <your root directory>/zoom-deploy/ArchiveCron/archiveCron.pl 

Note: the above will run every minute

For Windows 

To setup a task scheduler,  run the following steps as administrator:

  • Open the control panel
  • Choose “System and Security”
  • Under “Administrative Tools”, select “Schedule tasks” 
  • In the “Task Scheduler”, select “Create Task”
windows_task_create
  • in the “General” tab seen above, do the following:
  • Provide a Name, example “zoom archive” and description
  • Enter a Location \ do not change
  • Using the “Change User or Group…” Do not change
  • Select elect the “Run whether user is logged on or not”, we want it to run all the time 
  • Configure for <your version of the OS>
  • Now select the “Triggers” tab: and use the “New…” button to create a new task
windows_task_trigger
  • Select “Begin the task” and select “At startup”
  • Select the “Repeat task every” checkbox
  • Choose your duration, change “5 minutes” to “1 minute”
  • Change “for a duration of” to “Indefinitely”
  • Select “Ok”
  • Now using the Actions tab, we need to select the program to run:
windows_task_actions
  • Select “Start a program”
  • Browse to <Your root directory> and select the appropriate batch file. 
  • Leave the next two, optional fields blank
  • Select “OK”
  • Restart the system and your task should be active

A couple items to note: When ingesting new assets you will not be able to archive them until you checkpoint. Additionally, archived assets will not be removed from primary storage until you checkpoint. 

Logs

Zoom provides a number of different logs to track and diagnose issues with the Zoom Server. Below is a reference of how to access the different logs Zoom provides on the Zoom Server and how to configure the granularity of logs.

The following log files are available for troubleshooting on the Zoom Server or Preview Server:

Note due to log rotation the latest log file is <log-file-name>.0

 

  • audit_log: Log of every action done by users in the system – [ZoomServerDir]/logs/audit_log.*
  • previewdog_log: Log file for watchdog that starts up the preview-server. This log is useful for troubleshooting when the preview server is not starting – [ZoomServerDir]/logs/previewdog_log 
  • preview_log: Log for preview-server service – [ZoomServerDir]/logs/preview_log.*
  • server_log: Log for Zoom Server service – [ZoomServerDir]/logs/server_log.*
  • watchdog_log: Log for Zoom Server watchdog that starts the Zoom Server. This log is useful for troubleshooting when the Zoom Server is not starting. – [ZoomServerDir]/logs/watchdog_log

Increasing Log Sensitivity

  • In your preferred web browser, go to Web Management Console ex. http://zoom-server:8443 or https://zoom-server:9443
  • Log in using your admin credentials.
  • In the left sidebar, click on Current Configuration in Logs Management under the Server section.
  • Under Select Log level, set the level of your log settings. Default: INFO
  • For more information please see this article. 

1 thought on “Changing Configuration of Zoom Server”

  1. Pingback: NAT Setup for External Access to Zoom Services | Evolphin Documentation

Leave a Comment