Deploy Step-By-Step

This section will guide you through the FindFace Security step-by-step deployment process. Follow the instructions below minding the sequence.

Warning

Before deploying FindFace Security, make sure that the system time and time zone are correct, and time synchronization via ntpd/systemd-timesyncd is enabled. When using FindFace Security, avoid any sudden changes in time, as they may result in unavailability of the FindFace Security services after reboot.

In this section:

Prerequisites

FindFace Security requires PostgreSQL and Redis. Install them from the Ubuntu repository as such:

sudo apt-get update
sudo apt install -y postgresql-server-dev-9.5 redis-server

Prepare Packages for Installation

To prepare the FindFace Security deb-packages for installation, do the following:

  1. Unpack the package with components.

    sudo dpkg -i <findface-security-repo>.deb
    
  2. Add a signature key.

    sudo apt-key add /var/findface-security-repo/public.key
    sudo apt-get update
    
  3. Unpack the packages with the neural network models.

    sudo dpkg -i findface-data*.deb
    

Licensing

You receive a license file from your NTechLab manager along with the FindFace Security distributable packages. For on-premise licensing, you will be also provided with a Guardant USB dongle.

To install and configure the local license server (NTLS), do the following:

  1. Install the NTLS component:

    sudo apt-get update
    sudo apt-get install ntls
    

    Tip

    In the NTLS configuration file, you can change the license folder and the NTLS web interface remote access settings. To open the NTLS configuration file, execute:

    sudo vi /etc/ntls.cfg
    

    If necessary, change the license folder in the license-dir parameter. By default, license files are stored at /ntech/license:

    license-dir = /ntech/license
    

    By default, you can access the NTLS web interface from any remote host (ui = 0.0.0.0:3185). To indicate that accessing the NTLS web interface must originate from a specific IP address, edit the ui parameter:

    ui = 127.0.0.1:3185
    
  2. Enable the NTLS service autostart and launch the service:

    sudo systemctl enable ntls && sudo systemctl start ntls
    
  3. Upload the license file via the NTLS web interface http://<NTLS_IP_address>:3185/#/.

  4. For the on-premise licensing, insert a Guardant USB dongle into a USB port.

Basic Configuration

The FindFace Security basic configuration includes a database, database extensions, the ffsecurity component and web interface. To install the basic configuration, do the following:

  1. Install the findface-postgres-9.5-facen extension for PostgreSQL from the <ffsecurity-repo>.deb package:

    sudo apt install -y findface-postgres-9.5-facen
    
  2. Using the PostgreSQL console, create a new user ntech and a database ffsecurity. Upload the findface-postgres-9.5-facen extension to the ffsecurity database by using the facen-compare-bytea label.

    sudo -u postgres psql
    
    postgres=# CREATE ROLE ntech WITH LOGIN;
    
    postgres=# CREATE DATABASE ffsecurity WITH OWNER ntech ENCODING 'UTF-8' LC_COLLATE='en_US.UTF-8' LC_CTYPE='en_US.UTF-8' TEMPLATE template0;
    
    postgres=# \c ffsecurity;
    
    ffsecurity=# CREATE EXTENSION "facen-compare-bytea";
    

    To quit from the PostgreSQL console, type \q и press Enter.

  3. Allow authentication in PostgreSQL by UID of a socket client. Restart PostgreSQL.

    echo 'local all ntech peer' | sudo tee -a /etc/postgresql/9.5/main/pg_hba.conf
    
    sudo systemctl restart postgresql@9.5-main.service
    
  4. Install the ffsecurity component from the <ffsecurity-repo>.deb package.

    Note

    NginX will be automatically installed from dependencies.

    sudo apt install -y ffsecurity
    
  5. Install the ffsecurity-ui web interface from the <ffsecurity-repo>.deb package.

    sudo apt install -y ffsecurity-ui
    
  6. Open the /etc/ffsecurity/config.py configuration file. In the EXTERNAL_ADDRESS parameter , specify the host external IP address or URL to be used to access the web interface. To authorize the video face detector in the ffsecurity service, come up with a token and specify it as VIDEO_DETECTOR_TOKEN (you have to specify the same token when configuring the video face detector).

    Tip

    If necessary, ensure data security by enabling SSL.

    Tip

    If necessary, set ’IGNORE_UNMATCHED’: True to disable logging events for faces which have no match in the dossiers (negative verification result). Enable this option if the system has to process a large number of faces. The face similarity threshold for verification is defined by the CONFIDENCE_THRESHOLD parameter.

    Tip

    It is recommended to change the MINIMUM_DOSSIER_QUALITY default value. This parameter determines the minimum quality of a face in a dossier photo. Photos containing faces of worse quality will be rejected when uploading to a dossier. Upright faces in frontal position are considered the best quality. They result in values around 0, mostly negative (such as -0.00067401276, for example). Inverted faces and large face angles are estimated with negative values some -5 and less. By default, ’MINIMUM_DOSSIER_QUALITY’: -7 which means that faces of any quality can be uploaded to a dossier.

    sudo vi /etc/ffsecurity/config.py
    
    MEDIA_ROOT="/var/lib/ffsecurity/uploads"
    STATIC_ROOT="/var/lib/ffsecurity/static"
    
    EXTERNAL_ADDRESS="192.168.104.204"
    
    DEBUG = False
    
    LANGUAGE_CODE = 'ru-ru'
    
    TIME_ZONE = 'UTC'
    
    DATABASES = {
       'default': {
           'ENGINE': 'django.db.backends.postgresql',
           'NAME': 'ffsecurity',
       }
    }
    
    FFSECURITY = {
       'VIDEO_DETECTOR_TOKEN': 'Ghj545dfd',
       'CONFIDENCE_THRESHOLD': 0.75,
       'MINIMUM_DOSSIER_QUALITY': -0.1,
       'IGNORE_UNMATCHED': False,
       'EXTRACTION_API': 'http://127.0.0.1:18666/',
    }
    

    Tip

    If necessary, edit the /etc/nginx/sites-available/ffsecurity-nginx.conf configuration file as well.

  7. Disable the default nginx server and add the ffsecurity server to the list of enabled servers. Restart nginx.

    sudo rm /etc/nginx/sites-enabled/default
    
    sudo ln -s /etc/nginx/sites-available/ffsecurity-nginx.conf /etc/nginx/sites-enabled/
    
    sudo nginx -s reload
    
  8. Migrate the database architecture from FindFace Security to PostgreSQL, create user groups with pre-defined rights and the first user with administrator rights (a.k.a. Super Administrator).

    Important

    Super Administrator cannot be deprived of its rights, whatever the role.

    sudo findface-security migrate
    
    sudo findface-security create_groups
    
    sudo findface-security createsuperuser --username admin --email root@localhost
    
  9. Start the services.

    Important

    The ffsecurity service includes findface-security-proto (provides HTTP and web socket) and findface-security-worker (provides interaction of the other system components). The number of the findface-security-worker instances is calculated using the formula: N=(number of CPU cores-1). It is specified after the @ character, for example, findface-security-worker@{1,2,3} for 3 instances.

    sudo systemctl enable redis-server findface-security-proto findface-security-worker@{1,2,3,4}
    
    sudo systemctl start redis-server findface-security-proto findface-security-worker@{1,2,3,4}
    

Video-Based Biometric Identification

To install fkvideo_detector and extraction-api, components for video-based biometric identification, do the following:

  1. Install the video face detector.

    sudo apt install -y fkvideo-detector
    
  2. Open the video face detector configuration file and edit the following settings:

    Note

    Note that the values of api-token and VIDEO_DETECTOR_TOKEN (/etc/ffsecurity/config.py) must be the same (see Basic Configuration).

    sudo vi /etc/fkvideo.ini
    
    api-url=127.0.0.1:8002
    
    api-token=<'VIDEO_DETECTOR_TOKEN'>
    
    detector-name=detector1
    
    request-url=/video-detector/frame/
    
    camera-url=/video-detector/cameras/
    
    realtime=0
    

    Important

    By default, the video face detector selects the best face snapshot in the real-time mode (realtime=1). In this mode, the video face detector posts a face to ffsecurity immediately after it appears in a camera field of view. For more effective snapshot selection, we recommend you to set the offline mode (realtime=0). The offline mode is less storage intensive as it allows posting only one snapshot per face, but of the highest quality.

  3. Enable the fkvideo_detector service autostart and launch the service. Make sure that the service is active.

    sudo systemctl enable fkvideo_detector@fkvideo && sudo systemctl start fkvideo_detector@fkvideo
    
    sudo systemctl status fkvideo_detector@fkvideo
    
  4. Install the extraction-api component.

    sudo apt install -y findface-extraction-api
    
  5. In the extraction-api configuration file, enable the quality_estimator to be able to estimate the face quality in a dossier.

    Note

    The minimum face quality in a dossier photo is set as MINIMUM_DOSSIER_QUALITY in /etc/ffsecurity/config.py.

    sudo vi /etc/findface-extraction-api.ini
    
    quality_estimator: true
    
  6. In the extraction-api configuration file, disable gender, age and emotions recognition models search by passing empty values to the gender, age and emotions parameters:

    Warning

    Do not remove the parameters themselves as in this case the system will be searching for default models.

    models:
      gender: ""
      age: ""
      emotions: ""
    
  7. Enable the extraction-api service autostart and launch the service. Make sure that the service is active.

    sudo systemctl enable findface-extraction-api && sudo systemctl start findface-extraction-api
    
    sudo systemctl status findface-extraction-api