Viz Now Administrator Guide
Version 1.1 | Published August 21, 2023 ©
Guide to Onboarding
This section provides an overview to the onboarding process and clarifies the terms used.
Once your new organization (linked with your AWS account) is set up and you as an admin assigned, you have to go through the onboarding process to set up the Viz Now account.
-
Vizrt Support will not have login access to the target AWS account, the user needs to perform this action.
-
During onboarding, Viz Now is granted access to your AWS account using IAM roles that it is allowed to a ssume.
This enables Viz Now to deploy infrastructure on the AWS account. -
The steps are described in detail in the UI and it should be possible for an Admin user with some basic knowledge about AWS policies to complete this.
I f issues or problems occur during onboarding, please contact Vizrt Support.
Region and Provider
-
The first step of the onboarding process is setting the domain name and CIDR range.
Use only lowercase letters a-z and avoid using any special characters. -
The domain name will be used to automatically issue domain certificates for apps within your organization.
-
The CIDR range should be specified using CIDR block notation. Viz Now will select unique IP addresses within this range when deploying.
Note: It is important that the account should not have any existing VPC peering with any other networks or be linked to on-premises networks before starting the onboarding process.
The Viz Now spaces must exist as separate entities and use tools such as NDI Bridge to bring video streams in and out. -
Select the regions where Viz Now should deploy its content.
-
Viz Now will deploy spaces on your AWS account to any of the selected regions, depending on the availability of the necessary instance types.
-
You can order the regions by preference, with the topmost region being the first choice.
-
With the Refresh button, you can automatically select the three closest regions.
-
Deploy Role and Manage Role
The AWS integration for Viz Now allows it to assume an IAM role in your AWS account and generate temporary credentials to perform tasks such as installing and configuring a new space.
The Deployment agent is used by a 3rd party tool and you should not need to refer to its documentation, as everything is handled by Viz Now. It performs tasks like:
-
Creating infrastructure using VPC and EC2.
-
Configuring domain routes using Route53.
-
Creating S3 buckets with associated IAM users.
-
Creating NACLs and Security Groups.
-
Creating Cloudwatch log groups used by VPCs
The Manage role is used by Viz Now to simplify deployments on your behalf. The AWS integration for Viz Now allows it to perform tasks like:
-
Increasing the quota.
-
Reserving EC2 instance types.
-
Managing S3 buckets and security groups.
-
Creating and accepting VPC peerings.
-
Starting and stopping EC2 instances, and destroying EC2 instances.
To set up the integration
The deployment Agent needs to assume an IAM role in your organization's AWS account.
-
Make sure you have an AWS account set up and are logged in as a user with the neccessary AWS rights.
-
You will need to create this role in the AWS Console and provide Viz Now with the necessary information.
The roles need privileges to manage iam, s3, kms, route53, sts, ec2, tag, and logs. The policy needed can be found as part of the guide on the site.Note: If this role requirement conflicts with your company policy, contact Vizrt Support for advice on how to proceed with more granular AWS policies.
-
Follow the steps in the Viz Now onboarding UI and click the link to create a new IAM roles in your AWS account.
-
Once the roles are created, copy the ARN code and paste it into the Viz Now form to enable Viz Now to deploy instances in your environment.
Licensing
The final step of the onboarding process involves deploying a License server. Once this is successful, your Viz Now account is ready for use.