The above image showcases different installation options for on-premise setups. Frontline Command Center (FCC), Database, and Keycloak are self-hosted and are considered the central components of the Frontline system environment.

The License Server is in the Frontline Cloud and a connection to FCC must be ensured. Some services can be either self-hosted or utilized via the Frontline Cloud. Mandatory ones include PDF Generation and Image Manipulation FaaS. The following services are optional and depend on individual use cases:  

  • Email Service: Email Notifications are used for Assist call invitations as well as the password reset functionality.  
  • Assist Stack: The Assist Stack covers TURN Server Setup, WebRTC, etc. This setup is required for any video call either directly or within workflows.  
  • Proglove Scanner FaaS: Generates PDF files needed for setting up Proglove scanners. Only required if Proglove scanners are used.  

 

The following requirements must be met for a basic installation of the Frontline Command Center (FCC):

  1. Server Operating System: The preferred server operating system is Ubuntu 20.04+ or Windows Server 19 with a MariaDB database version 10.3 +, however, other system setups may also work. Whereas other system setups might also work, the installation guide and support focus on this setup.
  2. Server Specs: At least 4GB RAM and at least 50 GB disk space are needed.
  3. Admin Rights for Server: The installation of the Frontline platform requires admin rights on the server and eventually the infrastructure. 
  4. Java Runtime Environment (JRE): Make sure that the server has JRE version 17+ installed and that the JAVA_HOME variable is properly set. For validation, run this in the terminal: java -version and $JAVA_HOME.  
  5. Connection to the License Server: To use FCC, a valid license key is needed. The server must be able to reach the Frontline License Server. For validation, run this in the terminal: curl https://licensing.svc.frontlineworker.com/app/rest/key-management/jwk 
  6. SSL and Ports: SSL is mandatory for the Frontline Platform. It is recommended to use a reverse proxy with SSL termination so that only the reverse proxy port needs to be opened. Alternatively, SSL can be set up directly for FCC (port 443 recommended). In this case, another port will have to be opened for Keycloak (e.g., port 444). Self-signed certificates are supported. 
  7. Static IP / Fully Qualified Domain Name: The URL for external devices to connect to the Frontline Command Center must be configured in the xserver.properties file. To ensure that the HMDs are able to connect to the Frontline Command Center, the server should have a fully functional domain name configured with a static IP address. This will ensure that if the IP address changes, the HMD settings will not revert to default values.

Deploying on AWS 

  • Regions: Frontline can be deployed in any AWS region.
  • IAM:
    • Create an AWS account, if you do not have one already.
    • It is not recommended to use your AWS account root user for the deployment. Instead, use another IAM principle (e.g. IAM User).
    • As a standard, you should adopt a policy of least privilege for all accesses granted as part of the deployment.
    • There is no specifically required IAM role to deploy Frontline. However, at the minimum, the role should have the permissions to deploy and configure VMs.
  • Files: Frontline installation on AWS does not require creating any public resources, or access to internet. Our Installation Guide provides you with all necessary files. 
  • Key Management: There is no need to create any specific keys to deploy Frontline. We recommend following your internal security policies for managing accesses via keys. Additionally, if you are using programmatic system credentials and cryptographic keys, we would recommend rotating them every 6 months.
  • Secrets Management: Frontline deployment does not require any secrets, therefore, there is no need for Secrets Manager.
  • VMs
    • The above requirements also apply to the VM used for deploying on AWS.
    • As all resources are deployed on a single VM, no data encryption is required. But the above requirements for connecting the licensing server and ports must be followed. 

If you want to learn more about the costs, please visit our Customer Support page or contact your Customer Success Manager.

To manage service limits, please check AWS service quotas.

For any issues during installation, about faults (ordinary or not), or about software recovery, see our Installation section. Additionally, please contact your Customer Success Manager for further assistance.