Pexip Secure Scheduler for Web maintenance tasks

After you have installed and configured both Pexip Infinity and Scheduler for Web there are several maintenance tasks that you may need to perform.

This topic covers the following maintenance tasks:

Upgrading to the latest version

The upgrade script below migrates all Scheduler for Web portal information from the database except for system files (including SSL certificates) and licenses, which must be moved over manually, and the items listed in step 2 below.

Upgrading is only supported between consecutive major versions i.e. n.<any> to n+1.<any>. You cannot skip a major version. Host migration e.g. 5.2 to 5.2 is also supported. To upgrade to the latest version we recommend that you:

  1. Ensure that your existing Scheduler for Web virtual machine is powered on.

  2. Note that the following items will not be automatically migrated to the new version. Take steps to ensure that you have a suitable record of the existing information as you will have to re-enter it on the new/upgraded version:

    • Encrypted fields, such as SMTP and OIDC credentials.
    • Oauth2 clients and SCIM auth tokens.
    • OIDC user data and associated access group mappings: individual OIDC users will be recreated when they next log in to the new version but you will then have to reassign their access groups.
    • Hearing templates: these are currently linked to individual users and need to be recreated for that user.
  3. Deactivate/return the system license on your current system (this step applies when upgrading from v5 or later) via Global settings > Licenses, ensuring you first make a note of the License entitlement key.
  4. Perform a standard install of the new version.

  5. Run the following script on the new VM:

    pull-v<n>-data --source-base-url <FQDN> --source-auth '<username:password>' --dest-auth '<username:password>'

    Where:

    • n is the major version number you are upgrading from.
    • username and password are your Scheduler for Web web portal credentials.
    • FQDN is the FQDN of your Scheduler for Web portal.

    Example

    To migrate from v4.0 to v5.1:

    pull-v4-data --source-base-url https://portal.example.com --source-auth 'admin:Pa$$phr4s3' --dest-auth 'admin:Pa$$phr4s3'

    For the script help page, run:

    pull-<vn>-data -h

  6. Change your DNS so that your Scheduler for Web portal FQDN now points to the new VM's IP.
  7. Add the system license back onto your new system (this step applies when upgrading from v5 or later) via Global settings > Licenses, using the same License entitlement key you noted earlier.
  8. When the upgrade is complete, ensure that the new version is working as expected, and then delete the old VM.

Version information for previous Scheduler for Web releases

As mentioned in Upgrading to the latest version, upgrading is only supported between consecutive major versions i.e. n.<any> to n+1.<any>. You cannot skip a major version. Host migration e.g. 5.2 to 5.2 is also supported. For this reason, you may need to upgrade to a previous version of Scheduler for Web before moving to the latest.

Scheduler for Web release Scheduler for Web version number Pexip Infinity version prerequisite
v4.0.0 4.0.0-423.0.0 v35
v3.0.0 3.0.0-304.0.0 v35
v2.0.0 2.0.0-242.0.0 v35
v1.0.0 1.0.0-150.0.0 v35

Creating alias templates

Aliases allow different meeting participants to dial different aliases but still end up in the same meeting. To use aliases, you must first create an alias template in your Scheduler for Web portal in Alias Templates > Create new alias template.

An alias template must contain one of the following variables:

  • {{ long_alias }}

    This generates a UUID and may be more suitable for WebRTC calls where the alias does not have to be entered manually. Example: 958e52ba-4328-424b-8d77-c18a59f4c1da

    •   or

  • {{ short_alias }}

    This generates a 9-digit number which may be easier to dial from a video endpoint. Example: 958524328

Aliases can include a domain or subdomain but this is optional. Aliases can contain numbers, letters, dashes and dots, but do not support wildcards or regular expressions.

Modifying the default email template

You can modify the content of the default email template used to create meeting invites. The email template uses a subset of the jinja2 templating language.

Default email template
Copy to clipboard 
<!DOCTYPE html>
<html>
    <head>
        <style type="text/css">
            table.joinTable {
                border: none;
                width: 520px;
                text-align: left;
                border-collapse: collapse;
            }
            table.joinTable td, table.joinTable th {
                border: none;
                padding: 10px 6px 10px 0px;
            }
            table.joinTable tfoot .links {
                text-align: right;
            }
            table.joinTable tfoot .links a {
                display: inline-block;
                padding: 2px 8px;
                border-radius: 5px;
            }
            td.listItem {
                color: #777777;
            }
        </style>
    </head>
    <body>
        <div>
            <p><b>Dear {{ participant_display_name }},</b></p>
            <p>The Organization is inviting you to a scheduled meeting. The meeting will take place online. You can find the joining details below.</p>
            <div style="padding:1px 20px 15px;background-color:#f2f2f2;border-radius:5px;">
                <h2><b>{{ encounter_name }}</b></h2>
                <p>{{ encounter_start_date }} / {{encounter_start_time.strftime('%H:%M') }}-{{encounter_end_time.strftime('%H:%M') }} ({{ encounter_timezone }})</p>
            </div>
            <br>
        </div>
        <div class="container">
            <h3>Here's how to join the meeting from:</h3>
            <table class="joinTable">
                <tbody>
                    {% for alias, alias_protocols in participant_aliases.items() %}
                        {% if 'WEB' in alias_protocols %}
                        <tr>
                            <td class="listItem">Web (PC / Mac / iOS / Android):</td>
                            <td>
                                <a href="{{ default_webapp_url }}#/?conference={{ alias }}&name={{ participant_display_name }}&pin={{ participant_pin }}">
                                    Join meeting
                                </a>
                            </td>
                        </tr>
                        {% elif 'SIP' in alias_protocols %}
                        <tr>
                            <td class="listItem">From a video conferencing endpoint dial:</td>
                            <td>sips:{{ alias }}</td>
                        </tr>
                        {% elif 'H323' in alias_protocols %}
                        <tr>
                            <td class="listItem">From a video conferencing endpoint dial:</td>
                            <td>h323:{{ alias }}</td>
                        </tr>
                        {% endif %}
                    {% endfor %}
                    {% if participant_authentication_method == "PIN" %}
                    <tr>
                        <td class="listItem">PIN code:</td>
                        <td>{{ participant_pin }}</td>
                    </tr>
                    {% endif %}
                    {% if participant_authentication_method == "IDP" %}
                    <tr>
                        <td class="listItem">Login:</td>
                        <td>{{ participant_identity_provider }}</td>
                    </tr>
                    {% endif %}
                </tbody>
            </table>
            <hr>
            <p><b>Test your connection and equipment today.</b></p>
            <p>Please test your connection, microphone, camera and speakers before the day of the meeting.
            <table class="joinTable">
                <tbody>
                    <tr>
                        <td class="listItem">Web (PC / Mac / iOS / Android):</td>
                        <td><a href="https://example.com/webapp3/#/?conference=test_call@example.com&name={{ participant_display_name }}">Test your connection now</a></td>
                    </tr>
                    <tr>
                        <td class="listItem">From a video conferencing endpoint dial:</td>
                        <td>sips:test_call@example.com</td>
                    </tr>
                </tbody>
            </table>
        </div>
    </body>
</html>

Supported variables

In the following variables, any use of the term "encounter" means "meeting".

  • {{ default_webapp_url }}

    This is the default URL of the webapp (Global settings > General) and can be used to generate links to the webapp for the calendar and email notifications.

  • {{ encounter_name }}
  • {{ encounter_start_date }}
  • {{ encounter_end_date }}
  • {{ encounter_start_time }}
  • {{ encounter_end_time }}
  • {{ encounter_timezone }}
  • {{ encounter_main_language }}

  • {{ encounter_aliases }}

    Using this variable adds all aliases for the meeting, including ad hoc participant links, in the email invitations sent to existing participants.

  • {{ encounter_participants }}
  • {{ encounter_rtmp_streams }}
  • {{ participant_display_name }}
  • {{ participant_email }}
  • {{ participant_authentication_method }}
  • {{ participant_pin }}
  • {{ participant_identity_provider }}
  • {{ participant_role }}
  • {{ participant_role_host }}
  • {{ participant_role_interpreter }}
  • {{ participant_language }}

  • {{ participant_aliases }}

    This contains a list of one or more aliases. You can loop over the aliases with a control structure such as:

    {% for alias, alias_protocols in participant_aliases.items() %}
    {% if 'WEB' in alias_protocols %}
        Dial the WEB alias: {{ alias }}
    {% elif 'SIP' in alias_protocols %}
        Dial the SIP alias: {{ alias }}
    {% elif 'H323' in alias_protocols %}
        Dial the H323 alias: {{ alias }}
    {% endif %}
{% endfor %}
  • {{ participant_paired_participant }}

Email template examples

Here are some more example email templates that you can use as the basis for your own meeting invite emails.

Copy to clipboard 
<html>
    <p>Dear {{ participant_display_name }},</p>
    <p>The Organization is inviting you to a scheduled meeting. The meeting will take place online. You can find the joining details below.</p>
    <h2>{{ encounter_name }}</h2>
    <p>{{ encounter_start_date }} / {{encounter_start_time.strftime('%H:%M') }}-{{encounter_end_time.strftime('%H:%M') }} ({{ encounter_timezone }})</p>

    <h3>Here's how to join the meeting from:</h3>
    {% for alias, alias_protocols in participant_aliases.items() %}
        {% if 'WEB' in alias_protocols %}
            <p>Web (PC / Mac / iOS / Android):</p>
            <p><a href="{{ default_webapp_url }}#/?conference={{ alias }}&name={{ participant_display_name }}&pin={{ participant_pin }}">Join meeting</a></p>
        {% elif 'SIP' in alias_protocols %}
            <p>From a video conferencing endpoint dial:</p>
            <p>sips:{{ alias }}</p>
        {% elif 'H323' in alias_protocols %}
            <p>From a video conferencing endpoint dial:</p>
            <p>h323:{{ alias }}</p>
        {% endif %}
    {% endfor %}

    {% if participant_authentication_method == "PIN" %}
        <p>PIN code: {{ participant_pin }}</p>
    {% endif %}
    {% if participant_authentication_method == "IDP" %}
        <p>Login: {{ participant_identity_provider }}</p>
    {% endif %}

    <h3>Test your connection and equipment today.</h3>
    <p>Please test your connection, microphone, camera and speakers before the day of the meeting.</p>
    <p>Web (PC / Mac / iOS / Android):</p>
    <p><a href="https://example.com/webapp3/#/?conference=test_call@pexample.com&name={{ participant_display_name }}">Test your connection now</a></p>
    <p>From a video conferencing endpoint dial:</p>
    <p>sips:1234567@pexample.com</p>
</html>

This is an example of an email for a meeting with the interpretation feature enabled, containing formatting styles, and personalized joining information for interpreter and clerk participants.

Copy to clipboard 
<!DOCTYPE html>
<html>
    <head>
        <style type="text/css">
            table.joinTable {
                border: none;
                width: 520px;
                text-align: left;
                border-collapse: collapse;
            }
            table.joinTable td, table.joinTable th {
                border: none;
                padding: 10px 6px 10px 0px;
            }
            table.joinTable tfoot .links {
                text-align: right;
            }
            table.joinTable tfoot .links a {
                display: inline-block;
                padding: 2px 8px;
                border-radius: 5px;
            }
            td.listItem {
                color: #777777;
            }
        </style>
    </head>
    <body>
        <div>
            <p><b>Dear {{ participant_display_name }},</b></p>
            <p>The Organization is inviting you to a scheduled meeting. The meeting will take place online. You can find the joining details below.</p>
            <div style="padding:1px 20px 15px;background-color:#f2f2f2;border-radius:5px;">
                <h2><b>{{ encounter_name }}</b></h2>
                <p>{{ encounter_start_date }} / {{encounter_start_time.strftime('%H:%M') }}-{{encounter_end_time.strftime('%H:%M') }} ({{ encounter_timezone }})</p>
            </div>
            <br>
        </div>
        <div class="container">
            <h3>Here's how to join the meeting from:</h3>
            <table class="joinTable">
                <tbody>
                    {% for alias, alias_protocols in participant_aliases.items() %}
                        {% if 'WEB' in alias_protocols %}
                            {% if participant_role == "Clerk" %}
                                <tr>
                                    <td class="listItem">Web (PC / Mac / iOS / Android):</td>
                                    <td><a href="{{ default_webapp_url }}#/?conference={{ alias }}&name={{ participant_display_name }}&pin={{ participant_pin }}&callType=AudioRecvVideoRecvPresentationRecv">Join Meeting</a></td>
                                </tr>
                            {% elif participant_role == "Interpreter" %}
                                <tr>
                                    <td class="listItem">Web (PC / Mac / iOS / Android):</td>
                                    <td><a href="https://example.com/courts-interpreter/#/?conference={{ alias }}&name={{ participant_display_name }}&pin={{ participant_pin }}">Join Meeting</a></td>
                                </tr>
                            {% else %}
                                <tr>
                                    <td class="listItem">Web (PC / Mac / iOS / Android):</td>
                                    <td><a href="{{ default_webapp_url }}/#/?conference={{ alias }}&name={{ participant_display_name }}&pin={{ participant_pin }}">Join Meeting</a></td>
                                </tr>
                            {% endif %}
                        {% else %}
                            {% if participant_role != "Interpreter" %}
                              <tr>
                                  <td class="listItem">From a video conferencing endpoint dial:</td>
                                  <td>{{ alias }}</td>
                              </tr>
                            {% endif %}
                        {% endif %}
                    {% endfor %}
                    {% if participant_role == "Clerk" %}
                      {% for alias in encounter_aliases %}
                      <tr>
                          <td class="listItem">Ad-hoc alias:</td>
                          <td>https://example.com/courts/#/?conference={{ alias }}</td>
                      </tr>
                      {% endfor %}
                    {% endif %}
                    {% if participant_authentication_method == "PIN" %}
                    <tr>
                        <td class="listItem">PIN code:</td>
                        <td>{{ participant_pin }}</td>
                    </tr>
                    {% endif %}
                    {% if participant_authentication_method == "IDP" %}
                    <tr>
                        <td class="listItem">Login:</td>
                        <td>{{ participant_identity_provider }}</td>
                    </tr>
                    {% endif %}
                </tbody>
            </table>
            <hr>
            <p><b>Test your connection and equipment today.</b></p>
            <p>Please test your connection, microphone, camera and speakers before the day of the meeting.
            <table class="joinTable">
                <tbody>
                    <tr>
                        <td class="listItem">Web (PC / Mac / iOS / Android):</td>
                        <td><a href="https://example.com/courts/#/?conference=test_call@example.com&name={{ participant_display_name }}">Test your connection now</a></td>
                    </tr>
                    <tr>
                        <td class="listItem">From a video conferencing endpoint dial:</td>
                        <td>sip:1234567@example.com</td>
                    </tr>
                </tbody>
            </table>
        </div>
    </body>
</html>

Pinning participants to the layout during a meeting

Participant pinning allows you to place and lock specific participants, like the judge or prosecution, for example, in the most prominent positions in the video layout when a hearing is in progress. Pinning is enabled in the Pexip Infinity Administrator interface and a pinning configuration file is added to a theme.

For more information about creating pinning configurations, see Pinning participants to the layout during a conference.

Adding new languages or changing translation strings in the user interface

You can add languages and change the user interface strings using Rosetta. To access Rosetta, go to Scheduler for Web portal > About > Rosetta.

Changing existing translation strings

After changing any strings you need to restart the service (or reboot the VM) for the changes to be applied. To restart the service use the following command:

systemctl restart courts-core.service

Adding a new language

Replace <language> with the appropriate language code (e.g. nl).

  1. Optionally upload .po language files (if you have existing translations remote):

    1. locales/scheduling/<language>/LC_MESSAGES/django.po
    2. locales/scheduling/<language>/LC_MESSAGES/djangojs.po

  2. Run the following commands:

    sudo -s
cd /courts-core
/opt/courts-core/bin/python manage.py makeportalmessages -l <language>
/opt/courts-core/bin/python manage.py makeportalmessages -l <language> --add-location file --domain djangojs
/opt/courts-core/bin/python manage.py compilemessages
chown gunicorn -R locales/scheduling/<language>/LC_MESSAGES/
systemctl restart courts-core.service

Taking a diagnostic snapshot

When investigating any issues, your Pexip authorized support representative will typically want a diagnostic snapshot from both Pexip Infinity and the Scheduler for Web deployments.

Pexip Infinity

See Downloading a diagnostic snapshot.

Scheduler for Web

There is a diagnostic snapshot script available in the path in the VM which exports all the logs to a zip file in /tmp.

To take a snapshot, type snapshot in the VM. A snapshot .tar.gz file is created in /tmp with the current date and time. Example:
/tmp/snapshot_20240111151900.tar.gz

The snapshot contains all files in /var/log, the release.json file, and the database.

Diagnostic snapshots contain all the logs and the database contents and thus may contain personally identifiable information (PII), so they should be treated as confidential and only shared over secure channels.

Patching the operating system for the latest security bugs

We recommend that you keep the appliance's Operating System patched against the latest security bugs. The frequency with which you check for patches depends upon your local security policies but we recommend at least once per month, or whenever an important or critical CVE (Common Vulnerabilities and Exposures) has been resolved in Ubuntu.

Note that some updates may need some of the system services to be restarted or require a reboot of the VM, so we recommend performing these updates when a potential temporary loss of service is acceptable.

To install the latest security patches:

  1. Take a VM snapshot of the appliance.
  2. Log in to the server through SSH or VMware console as user 'pexip'.

  3. Run the following command:

    sudo apt-get update && sudo apt-get dist-upgrade

  4. Delete the snapshot after 1-2 days, when it has been confirmed that the patches have not had any detrimental effect.

Installing your own CA certificates

If you need to install your own CA certificates (e.g. to validate the LDAP server):

  1. If you have a .pem file you must first rename it to have a .crt extension.

  2. Place your CA certificates (one or more .crt files) in /usr/local/share/ca-certificates

    Note that as with replacing the default SSL certificate (described above), the pexip user does not have the necessary access rights to copy crt files directly to the /usr/local/share/ca-certificates folder so you must copy them via the /tmp folder of the Scheduler for Web appliance, then move them to the ca-certificates folder:

    1. Using the SCP file transfer protocol, upload the CA certificate .crt file (cacert.crt in this example) to the /tmp folder of the Scheduler for Web appliance using WinSCP or the ’scp’ command-line utility for Linux/macOS, using a command such as:

      scp cacert.crt pexip@10.0.0.10:/tmp

    2. After the .crt file has been transferred into the /tmp folder, connect over SSH to the VMR portal, log in as user pexip and run the following command:

      sudo mv /tmp/cacert.crt /usr/local/share/ca-certificates/cacert.crt

  3. Run the following command to apply the certificates:

    sudo update-ca-certificates

    The response should look like this:

    $ sudo update-ca-certificates
Updating certificates in /etc/ssl/certs...
1 added, 0 removed; done.
Running hooks in /etc/ca-certificates/update.d...
done.

  1. Run the following command to restart the Scheduler for Web appliance:

    sudo reboot

Backing up configuration data

You should take regular backups of the configuration data on your Scheduler for Web application and Infinity Management Node. For Scheduler for Web, you must use your hypervisor's tools to create a full backup or snapshot. For the Infinity Management Node, you can back up at the VM level also, or use the backup and restore mechanism built into the Pexip Infinity Administrator interface. Go to Creating and restoring backups for more information.

Rerunning the install wizard

If you need to rerun the installation wizard after completing a maintenance task:

  1. Log into the Scheduler for Web VM instance.
  2. At the command prompt, run the sudo installer command.
  3. At each step the default values use the answers from the previous run (if they are still valid). Press ENTER to accept the default value, or enter the value you want to use instead.
  4. When all of the installation wizard steps have been completed, the appliance automatically reboots.

Uninstalling Scheduler for Web

If you need to uninstall Scheduler for Web:

  1. Update the Pexip Infinity configuration:

    1. Remove the Scheduler for Web external policy profile from the system locations that use it, and delete the policy profile.
    2. Remove the Call Routing Rules you set up to handle Scheduler for Web calls.
    3. Disable breakout rooms if they are not required for any other purposes.
  2. Power off your Scheduler for Web VM.