Several Zoom services depend on shared storage provided by a NAS or SAN in order to process files across multiple machines or Zoom services. The permissions (read/write/delete) on files or folders on these shared storage devices need to be setup to ensure requirements listed below are met for various deployment configurations for Zoom:
Terminology
Term | Description |
Direct Ingested Asset |
|
External Asset |
|
High-Res Videos |
|
Low-Res Proxy |
|
Mid-Res File |
|
Protected SAN (PSAN) or External Asset Volume |
|
User SAN (USAN) |
|
User Working Copy |
|
Zoom VideoLX deployment
Service Name | Storage | Permissions required | Explanation |
Zoom Database Service | External asset volume | None | Zoom Database server doesn’t need to access external assets directly |
Database volume | Read, Write, Delete | In order to manage direct ingested assets. If interacting with an Archive Job Hub, ensure both processes have read/write/delete access to files created by them | |
Zoom Preview Service | External asset volume | Read | May need to transcode or transfer out external assets |
Zoom Transcode Service | External asset volume | Read | Generating low-res proxies that are checked-in the Zoom database |
External asset volume | Write | Iff writing mid-res proxies to the external asset volume. This is rare with a VideoLX setup. | |
Zoom Archive Job Hub | External asset volume | Read, Write, Delete | In order to move external assets to an offline archive tier will need all 3 permissions |
Database volume | Read, Write, Delete | In order to move direct ingested assets to an offline archive tier will need all 3 permissions | |
Check-in app (desktop or embedded in web clients) | External asset volume | Read, Write, Delete | To copy external media also sometimes called “high-res” files, the check-in app needs to write into the external volume. After the check-in app modifies the files, the permissions need to work with any of the above services that need to access the external media. Best practice is to arrange shared groups, such as LDAP/AD, that can over-ride individual user permissions on external files. This topic requires an experience storage admin well versed with shared storage permissions such as Windows ACL, POSIX permissions etc. |
Source folder |
Read (7.4+) | Folder from which external content is ingested into Zoom by check-in app |
Zoom VideoFX deployment
Service Name | Storage | Permissions required | Explanation |
Zoom Database Service | External asset volume | None | Zoom Database server doesn’t need to access external assets directly |
Database volume | Read, Write, Delete | In order to manage direct ingested assets. If interacting with an Archive Job Hub, ensure both processes have read/write/delete access to files created by them | |
Zoom Preview Service | External asset volume | Read | May need to transcode or transfer out external assets |
Zoom Ingest Service | External asset volume | Read, Write, Delete | Copying external assets into the external asset volume (PSAN) from USAN staging or user’s working copies on USAN |
USAN staging | Read, Write, Delete | Ingest server will handshake with Check-in app using the transient staging area in order to copy files into the external asset volume or PSAN | |
USAN | Read, Write, Delete | If using a USAN for storing user’s working copy files, then ingest service will need full access | |
3rd party Hardware Transcoder | External asset volume | Read, Write, Delete | External transcoder like Telestream Vantage need full access to write proxy files |
Zoom Archive Job Hub | External asset volume | Read, Write, Delete | In order to move external assets to an offline archive tier will need all 3 permissions |
Database volume | Read, Write, Delete | In order to move direct ingested assets to an offline archive tier will need all 3 permissions | |
Check-in app (desktop or embedded in web clients) | External asset volume | Read |
Since ingest server will write into the PSAN, the check-in app doesn’t require write access, for linking with external assets just read access is needed |
USAN staging | Read, Write, Delete |
If user’s working copy is not already on the USAN, the check-in app needs to write into a transient storage on the USAN that is also accessible by the Ingest server. | |
Source folder |
Read (7.4+) | Folder from which external content is ingested into Zoom by check-in app | |
USAN |
Read, Write, Delete | Each user needs read/write/delete access to only their USAN working copy area. Best practice to only allow owner to have access to keep others users out. Ingest server will need to have read, write, delete access to each user’s USAN. |
Data Migration app
Service Name | Storage | Permissions required | Explanation |
Data Migration desktop app | External asset volume | Read, Write, Delete | To copy external media also sometimes called “high-res” files, the app needs to write into the external volume during migration even if VideoFX is deployed. |
Source folder |
Read (7.4+) | Folder from which external content is ingested into Zoom by data migration app |