MCCUX 2022 3 0 Install Guide

MediaCentral | Cloud UX™
Installation Guide
Version 2022.3
Legal Notices
Product specifications are subject to change without notice and do not represent a commitment on the part of Avid Technology, Inc.
This product is subject to the terms and conditions of a software license agreement provided with the software. The product may only be
used in accordance with the license agreement.
This product may be protected by one or more U.S. and non-U.S patents. Details are available at www.avid.com/patents.
This guide is protected by copyright. This guide is for your personal use and may not be reproduced or distributed, in whole or in part,
without permission of Avid. Reasonable care has been taken in preparing this guide; however, it may contain omissions, technical
inaccuracies, or typographical errors. Avid Technology, Inc. disclaims liability for all losses incurred through the use of this document.
Product specifications are subject to change without notice.
Copyright © 2023 Avid Technology, Inc. and its licensors. All rights reserved.
The following disclaimer is required by Apple Computer, Inc.:

APPLE COMPUTER, INC. MAKES NO WARRANTIES WHATSOEVER, EITHER EXPRESS OR IMPLIED, REGARDING THIS
PRODUCT, INCLUDING WARRANTIES WITH RESPECT TO ITS MERCHANTABILITY OR ITS FITNESS FOR ANY PARTICULAR
PURPOSE. THE EXCLUSION OF IMPLIED WARRANTIES IS NOT PERMITTED BY SOME STATES. THE ABOVE EXCLUSION MAY
NOT APPLY TO YOU. THIS WARRANTY PROVIDES YOU WITH SPECIFIC LEGAL RIGHTS. THERE MAY BE OTHER RIGHTS THAT
YOU MAY HAVE WHICH VARY FROM STATE TO STATE.
The following disclaimer is required by Sam Leffler and Silicon Graphics, Inc. for the use of their TIFF library:
Copyright © 1988–1997 Sam Leffler
Copyright © 1991–1997 Silicon Graphics, Inc.
Permission to use, copy, modify, distribute, and sell this software [i.e., the TIFF library] and its documentation for any purpose is hereby
granted without fee, provided that (i) the above copyright notices and this permission notice appear in all copies of the software and
related documentation, and (ii) the names of Sam Leffler and Silicon Graphics may not be used in any advertising or publicity relating to
the software without the specific, prior written permission of Sam Leffler and Silicon Graphics.
THE SOFTWARE IS PROVIDED “AS-IS” AND WITHOUT WARRANTY OF ANY KIND, EXPRESS, IMPLIED OR OTHERWISE,
INCLUDING WITHOUT LIMITATION, ANY WARRANTY OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
IN NO EVENT SHALL SAM LEFFLER OR SILICON GRAPHICS BE LIABLE FOR ANY SPECIAL, INCIDENTAL, INDIRECT OR
CONSEQUENTIAL DAMAGES OF ANY KIND, OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
PROFITS, WHETHER OR NOT ADVISED OF THE POSSIBILITY OF DAMAGE, AND ON ANY THEORY OF LIABILITY, ARISING OUT
OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
The following disclaimer is required by the Independent JPEG Group:

This software is based in part on the work of the Independent JPEG Group.
This Software may contain components licensed under the following conditions:
Copyright (c) 1989 The Regents of the University of California. All rights reserved.
Redistribution and use in source and binary forms are permitted provided that the above copyright notice and this paragraph are
duplicated in all such forms and that any documentation, advertising materials, and other materials related to such distribution and use
acknowledge that the software was developed by the University of California, Berkeley. The name of the University may not be used to
endorse or promote products derived from this software without specific prior written permission. THIS SOFTWARE IS PROVIDED ``AS
IS'' AND WITHOUT ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES
OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
Copyright (C) 1989, 1991 by Jef Poskanzer.
Permission to use, copy, modify, and distribute this software and its documentation for any purpose and without fee is hereby granted,
provided that the above copyright notice appear in all copies and that both that copyright notice and this permission notice appear in
supporting documentation. This software is provided "as is" without express or implied warranty.
Copyright 1995, Trinity College Computing Center. Written by David Chappell.
Permission to use, copy, modify, and distribute this software and its documentation for any purpose and without fee is hereby granted,
provided that the above copyright notice appear in all copies and that both that copyright notice and this permission notice appear in
supporting documentation. This software is provided "as is" without express or implied warranty.
Copyright 1996 Daniel Dardailler.
Permission to use, copy, modify, distribute, and sell this software for any purpose is hereby granted without fee, provided that the above
copyright notice appear in all copies and that both that copyright notice and this permission notice appear in supporting documentation,
and that the name of Daniel Dardailler not be used in advertising or publicity pertaining to distribution of the software without specific,
written prior permission. Daniel Dardailler makes no representations about the suitability of this software for any purpose. It is provided "as
is" without express or implied warranty.
Modifications Copyright 1999 Matt Koss, under the same license as above.
Copyright (c) 1991 by AT&T.
Permission to use, copy, modify, and distribute this software for any purpose without fee is hereby granted, provided that this entire notice
is included in all copies of any software which is or includes a copy or modification of this software and in all copies of the supporting
documentation for such software.
2
THIS SOFTWARE IS BEING PROVIDED "AS IS", WITHOUT ANY EXPRESS OR IMPLIED WARRANTY. IN PARTICULAR, NEITHER
THE AUTHOR NOR AT&T MAKES ANY REPRESENTATION OR WARRANTY OF ANY KIND CONCERNING THE MERCHANTABILITY
OF THIS SOFTWARE OR ITS FITNESS FOR ANY PARTICULAR PURPOSE.
This product includes software developed by the University of California, Berkeley and its contributors.
The following disclaimer is required by Nexidia Inc.:

© 2010 Nexidia Inc. All rights reserved, worldwide. Nexidia and the Nexidia logo are trademarks of Nexidia Inc. All other trademarks are
the property of their respective owners. All Nexidia materials regardless of form, including without limitation, software applications,
documentation and any other information relating to Nexidia Inc., and its products and services are the exclusive property of Nexidia Inc.
or its licensors. The Nexidia products and services described in these materials may be covered by Nexidia's United States patents:
7,231,351; 7,263,484; 7,313,521; 7,324,939; 7,406,415, 7,475,065; 7,487,086 and/or other patents pending and may be manufactured
under license from the Georgia Tech Research Corporation USA.
The following disclaimer is required by Paradigm Matrix:

Portions of this software licensed from Paradigm Matrix.
The following disclaimer is required by Ray Sauers Associates, Inc.:

“Install-It” is licensed from Ray Sauers Associates, Inc. End-User is prohibited from taking any action to derive a source code equivalent of
“Install-It,” including by reverse assembly or reverse compilation, Ray Sauers Associates, Inc. shall in no event be liable for any damages
resulting from reseller’s failure to perform reseller’s obligation; or any damages arising from use or operation of reseller’s products or the
software; or any other damages, including but not limited to, incidental, direct, indirect, special or consequential Damages including lost
profits, or damages resulting from loss of use or inability to use reseller’s products or the software for any reason including copyright or
patent infringement, or lost data, even if Ray Sauers Associates has been advised, knew or should have known of the possibility of such
damages.
The following disclaimer is required by Videomedia, Inc.:

“Videomedia, Inc. makes no warranties whatsoever, either express or implied, regarding this product, including warranties with respect to
its merchantability or its fitness for any particular purpose.”
“This software contains V-LAN ver. 3.0 Command Protocols which communicate with V-LAN ver. 3.0 products developed by Videomedia,
Inc. and V-LAN ver. 3.0 compatible products developed by third parties under license from Videomedia, Inc. Use of this software will allow
“frame accurate” editing control of applicable videotape recorder decks, videodisc recorders/players and the like.”
The following disclaimer is required by Altura Software, Inc. for the use of its Mac2Win software and Sample Source
Code:
©1993–1998 Altura Software, Inc.
The following disclaimer is required by 3Prong.com Inc.:

Certain waveform and vector monitoring capabilities are provided under a license from 3Prong.com Inc.
The following disclaimer is required by Interplay Entertainment Corp.:

The “Interplay” name is used with the permission of Interplay Entertainment Corp., which bears no responsibility for Avid products.
This product includes portions of the Alloy Look & Feel software from Incors GmbH.
This product includes software developed by the Apache Software Foundation (http://www.apache.org/).
© DevelopMentor
This product may include the JCifs library, for which the following notice applies:
JCifs © Copyright 2004, The JCIFS Project, is licensed under LGPL (http://jcifs.samba.org/). See the LGPL.txt file in the Third Party
Software directory on the installation CD.
Avid Interplay contains components licensed from LavanTech. These components may only be used as part of and in connection with Avid
Interplay.
Portions © Copyright 2003-2007 of MOG Solutions.
This product includes FFmpeg, which is covered by the GNU Lesser General Public License.
This product includes software that is based in part of the work of the FreeType Team.
This software is based in part on the work of the Independent JPEG Group.
This product includes libjpeg-turbo, which is covered by the wxWindows Library License, Version 3.1.
Portions copyright 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002 by Cold Spring Harbor Laboratory. Funded under Grant
P41-RR02188 by the National Institutes of Health.
Portions copyright 1996, 1997, 1998, 1999, 2000, 2001, 2002 by Boutell.Com, Inc.
Portions relating to GD2 format copyright 1999, 2000, 2001, 2002 Philip Warner.
Portions relating to PNG copyright 1999, 2000, 2001, 2002 Greg Roelofs.
Portions relating to gdttf.c copyright 1999, 2000, 2001, 2002 John Ellson (ellson@lucent.com).
Portions relating to gdft.c copyright 2001, 2002 John Ellson (ellson@lucent.com).
3
Portions relating to JPEG and to color quantization copyright 2000, 2001, 2002, Doug Becker and copyright (C) 1994, 1995, 1996, 1997,
1998, 1999, 2000, 2001, 2002, Thomas G. Lane. This software is based in part on the work of the Independent JPEG Group. See the file
README-JPEG.TXT for more information. Portions relating to WBMP copyright 2000, 2001, 2002 Maurice Szmurlo and Johan Van den
Brande.
Permission has been granted to copy, distribute and modify gd in any context without fee, including a commercial application, provided that
this notice is present in user-accessible supporting documentation.
This does not affect your ownership of the derived work itself, and the intent is to assure proper credit for the authors of gd, not to interfere
with your productive use of gd. If you have questions, ask. "Derived works" includes all programs that utilize the library. Credit must be
given in user-accessible documentation.
This software is provided "AS IS." The copyright holders disclaim all warranties, either express or implied, including but not limited to
implied warranties of merchantability and fitness for a particular purpose, with respect to this code and accompanying documentation.
Although their code does not appear in gd, the authors wish to thank David Koblas, David Rowley, and Hutchison Avenue Software
Corporation for their prior contributions.
This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://www.openssl.org/)
MediaCentral may use OpenLDAP. Copyright 1999-2003 The OpenLDAP Foundation, Redwood City, California, USA. All Rights
Reserved. OpenLDAP is a registered trademark of the OpenLDAP Foundation.
Attn. Government User(s). Restricted Rights Legend

U.S. GOVERNMENT RESTRICTED RIGHTS. This Software and its documentation are “commercial computer software” or “commercial
computer software documentation.” In the event that such Software or documentation is acquired by or on behalf of a unit or agency of the
U.S. Government, all rights with respect to this Software and documentation are subject to the terms of the License Agreement, pursuant
to FAR §12.212(a) and/or DFARS §227.7202-1(a), as applicable.
Trademarks
Avid, the Avid Logo, Avid Everywhere, Avid DNXHD, Avid DNXHR, Avid NEXIS, Avid NEXIS | Cloudspaces, AirSpeed, Eleven, EUCON,
Interplay, iNEWS, ISIS, Mbox, MediaCentral, Media Composer, NewsCutter, Pro Tools, ProSet and RealSet, Maestro, PlayMaker, Sibelius,
Symphony, and all related product names and logos, are registered or unregistered trademarks of Avid Technology, Inc. in the United
States and/or other countries. The Interplay name is used with the permission of the Interplay Entertainment Corp. which bears no
responsibility for Avid products. All other trademarks are the property of their respective owners. For a full list of Avid trademarks, see:
http://www.avid.com/US/about-avid/legal-notices/trademarks.
Adobe and Photoshop are either registered trademarks or trademarks of Adobe Systems Incorporated in the United States and/or other
countries. Apple and Macintosh are trademarks of Apple Computer, Inc., registered in the U.S. and other countries. Windows is either a
registered trademark or trademark of Microsoft Corporation in the United States and/or other countries. All other trademarks contained
herein are the property of their respective owners.
Footage
Ice Festival, London Zoo, Feng Shui - Courtesy of Reuters.
Avid MediaCentral | Cloud UX Installation Guide • Created 5/31/23 • This document is distributed by Avid in online
(electronic) form only, and is not available for purchase in printed form.
4
Contents
Using This Guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13

Important Terms and Notes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
Beta Apps . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
Symbols and Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
If You Need Help. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
Avid Training Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
Chapter 1 Installation Prerequisites . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
Before You Begin . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
Network Interface Cards and Network Connections . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
Remote Client Connections . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
Understanding Docker Containers and Kubernetes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
Operating System and Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
Obtaining the MediaCentral Installation Packages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
Accessing the Cloud UX Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
Additional Configuration for Integrated Modules. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
MediaCentral | Phonetic Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
Copying Software to the MCUX Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
Creating the MCUX Installation Media . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
Chapter 2 BIOS and RAID Configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
Changing BIOS Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
Configuring the BIOS on the HP ProLiant DL360 Gen10 . . . . . . . . . . . . . . . . . . . . . . . . 25
Configuring the BIOS on the Dell PowerEdge R640 . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28
Configuring the Onboard RAID . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
HP ProLiant DL360 Gen10 RAID Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
Dell PowerEdge R640 RAID Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
Chapter 3 Software Installation and Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
Chapter Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
Verifying Disk Partitioning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
MCUX Software Deployment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46
Initiating the Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46
Configuring the Installation Destination in the CentOS Install Wizard . . . . . . . . . . . . . . . 47
Configuring Networking in the CentOS Install Wizard . . . . . . . . . . . . . . . . . . . . . . . . . . . 50
Configuring the Date and Time in the CentOS Install Wizard . . . . . . . . . . . . . . . . . . . . . 52
Finalizing the Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53
Logging in to CentOS for the First Time . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55
Additional Network Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55
Renaming the Primary Network Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55
Verifying the Hostname and Network Connectivity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57
Configuring DNS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58
Updating the Avid NEXIS Client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59
Running the Post-Install Setup Scripts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60
Running the Cloud UX Setup Script. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62
Creating a Site Key . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67
Creating Certificate Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69
Deploying the Secure Sockets Layer Certificates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76
Configuring an Authentication Provider . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78
Connecting to MediaCentral Production Management . . . . . . . . . . . . . . . . . . . . . . . . . . 86
Connecting to MediaCentral Archive Production . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87
Connecting to Avid Shared Storage. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88
Configuring Avid NEXIS API Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 90
Configuring the Avid XFER and XFORM Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91
Configuring MediaCentral Search . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92
Configuring MediaCentral Phonetic Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95
Connecting to MediaCentral Ingest . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 96
Connecting to Avid Maestro . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97
Configuring Collaborate App User Groups. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 98
Configuring the Frame-Ancestor Security Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 98
Enabling a Multi-Site Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99
Enabling System Monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101
Configuring Audit Logging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 106
Configuring a Licensing Proxy Connection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 108
Deploying the Kubernetes Dashboard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 109
Running the Feature Pack Deployment Script . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 111
Deploying System Monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 114
Installing Software Updates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 115
Signing in to MediaCentral Cloud UX . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 115
Administrator App Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 118
Continuing the Installation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 119
Chapter 4 Installing Nexidia Search Grid . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 121
Nexidia Search Grid Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 121
Search Grid Prerequisites. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 121
Hardware Sizing Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 122
Language Packs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 122
Installing the Operating System . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 124
6
Installing the Search Grid Software . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 124
Installing Search Grid. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 125
Configuring Search Grid. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 126
Installing Additional Language Packs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 128
Configuring MediaCentral Phonetic Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 129
Configuring Asset Management Media Path . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 129
Creating the Phonetic Index Configuration File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 130
Indexing Your Audio Media . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 130
Phonetic Index and Search Grid Log Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 131
Chapter 5 Configuring Production Modules for MediaCentral Cloud UX. . . . . . . . . . . . . 132
Production Module Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 132
Configuring Interplay Administrator Settings. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 133
Signing in to the Interplay Administrator . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 133
Enabling Server Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 133
Configuring the MediaCentral Platform Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 134
Configuring the Interplay Transfer Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 135
Configuring the Application Database Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 135
Configuring Send to Playback Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 136
User Authentication Providers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 136
Multiple Authentication Providers. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 137
Configuring the Authentication Providers. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 139
Configuring the MediaCentral Search Connector . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 140
Reviewing the Manage Status Tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 140
Reviewing the Property Selection Tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 144
Reviewing the Phonetic Indexing Tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 145
Configuring the Search Properties . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 148
Starting the Search Agent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 148
Editing the Phonetic Indexing Tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 150
Removing a Search Instance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 151
Recreating the Search Instance. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 152
Reconfiguring the Search Permissions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 152
Chapter 6 Using the License App . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 153
Licensing Overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 153
Understanding the License Types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 154
License Distribution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 160
Activating a License . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 163
Activating a Subscription License . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 163
Activating a Perpetual License. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 165
Exporting a License . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 166
Resetting the System ID and Device ID . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 166
7
Reviewing the Licensing Results Panel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 167
Filtering and Sorting the Results Panel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 169
User Profile Menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 170
Chapter 7 Using the User Management App. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 171
User Management Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 171
User Management: Sidebar . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 172
Sidebar Toolbar . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 172
User Management: Results . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 173
Filtering and Sorting the Results Panel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 174
Viewing and Releasing User Sessions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 175
User Management: Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 177
Group Details and Entitlements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 177
User Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 179
Adding or Removing User Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 180
Adding Client License Types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 182
Working with Group Quotas . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 183
Working in Disconnected Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 184
Notes for Active Directory User Accounts. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 185
Chapter 8 Using the Configuration Settings App . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 186
Configuration Settings Overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 186
Configuring the General Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 187
Configuring Single Sign-On . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 188
Managing Service Accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 189
Configuring Enterprise Editing Sync Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 191
Configuring the Publisher Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 193
Configuring Database Access for Specific User Profiles . . . . . . . . . . . . . . . . . . . . . . . . 194
Configuring External Applications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 195
Configuring System Modules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 197
Reviewing the Asset Management Module . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 197
Configuring the Newsroom Management Module . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 197
Configuring the Production Management Module . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 199
Configuring the Email Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 199
Chapter 9 Using the Workflow Settings App . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 201
Workflow Settings Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 201
Configuring the Playback Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 201
Working with the Send to Playback Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 202
Creating a Send To Playback Profile . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 203
Chapter 10 Using the Search Index Monitor App . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 206
Search Index Monitor Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 206
8
Reviewing the Search Index Monitor Header . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 207
Viewing and Working with Sites . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 208
Rebuilding an Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 212
Removing a Search Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 213
Resolving Search Errors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 214
Reviewing the Search Analyzers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 215
Search Analyzers: Metadata Searching. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 216
Search Analyzers: Phonetic Searching . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 217
Chapter 11 Using the Legal List Administrator App . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 218
Legal List Administrator Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 218
Configuring Legal Lists . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 221
Setting a Default Value . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 221
Re-sorting Legal Lists . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 222
Downloading Legal Lists . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 226
Uploading Legal Lists. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 227
Downloading Legal List Labels . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 228
Uploading Legal List Labels . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 229
Creating and Configuring Legal List Entries . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 229
Creating a Legal List Entry. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 230
Assigning Labels . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 231
Configuring Icons for Hit Lists . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 232
Deleting Entries . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 233
Chapter 12 Using the Multi-Site Settings App . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 235
Multi-Site Settings Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 235
Configuring User Mapping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 236
Adding a Rule. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 237
Reordering Rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 239
Editing an Existing Rule . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 239
Deleting a Rule. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 239
Reviewing the System Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 240
Chapter 13 Using the Collaborate Settings App. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 243
Collaborate Settings Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 243
Collaborate User Permissions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 244
Filtering the User Permissions Panel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 244
Configuring User Permissions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 245
Chapter 14 Avid MediaCentral | Cloud UX Mobile App . . . . . . . . . . . . . . . . . . . . . . . . . . . . 246
Chapter Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 246
Before You Begin . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 246
Installing MediaCentral | Cloud UX for iOS. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 247
9
Upgrading the Mobile App . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 247
Appendix A Additional Topics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 249
Power Cycling and Maintenance Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 249
Putting a Node in Maintenance Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 251
Rebooting or Shutting Down a Node . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 251
Power Cycling a MediaCentral Cloud UX Cluster . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 252
MediaCentral Cloud UX System Maintenance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 254
Copying Software to the MCUX Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 255
Copying Software Using an SFTP Client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 255
Copying Software Using a USB Drive . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 256
Mounting an ISO Image . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 258
Using the vi Editor. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 259
Version Information. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 260
Customizing the User Experience. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 261
Adding Custom Graphics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 261
Adding Custom Icons . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 262
System Drive Partitioning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 265
Disk Usage Report . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 265
MediaCentral Cloud UX Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 266
MediaCentral Cloud UX Clustering . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 267
MediaCentral | Hoverscrub . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 271
Reconfiguring Hoverscrub . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 272
Altering the Hoverscrub Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 272
Cleaning the Hoverscrub Cache . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 274
Working with the Search App . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 275
Resetting the MediaCentral Search Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 275
Deleting a Topic from Kafka. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 280
Increasing the Elasticsearch Resources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 280
Working with MongoDB . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 284
Reviewing the MongoDB Replica Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 284
Reviewing the Database Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 285
Backing up the Mongo Database . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 286
Restoring the Mongo Database . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 287
Scheduling Automatic MongoDB Backups. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 289
Backing Up the PostgreSQL Database. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 290
Reconfiguring the Docker Bridge Network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 292
Importing Custom Logging Data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 293
Exporting Custom Logs from MediaCentral UX . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 294
Deploying the Asset Logger Tools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 294
10
Importing the Custom Log Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 295
Migrating the Custom Log Data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 295
Removing the Asset Logger Tools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 298
Card Placement in MCUX Servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 299
Dell® PowerEdge R630, and R640 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 299
HP® ProLiant DL360 Gen9 and Gen10 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 299
Appendix B BIOS and RAID for Legacy Systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 300
Changing BIOS Settings (Legacy) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 300
Configuring the BIOS on the HP ProLiant DL360 Gen9 . . . . . . . . . . . . . . . . . . . . . . . . 300
Configuring the BIOS on the Dell PowerEdge R630 . . . . . . . . . . . . . . . . . . . . . . . . . . . 304
Configuring the Onboard RAID (Legacy) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 307
HP ProLiant DL360 Gen9 RAID Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 308
Dell PowerEdge R630 RAID Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 311
Working with the Dell R630 RAID Controller . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 313
Creating the RAIDs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 313
Deleting the RAIDs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 314
Appendix C Importing SSL Certificates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 315
Importing Certificates on Local Workstations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 316
Configuring Windows . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 317
Configuring macOS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 321
Verifying the SSL Certificate . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 323
Importing Certificates on iOS Devices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 324
Appendix D System Administration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 326
Upgrading a Single Server to a Cluster . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 326
Adding a Node to an Existing Cluster . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 328
Removing Worker Nodes from a Cluster . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 328
Removing a Single Worker Node. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 329
Removing Multiple Worker Nodes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 329
Altering the NTP Server Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 330
Appendix E Troubleshooting. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 332
MediaCentral Cloud UX and System Logs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 332
Log locations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 332
Viewing Log Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 333
Collecting Logs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 334
Working with Kubernetes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 335
Changing the Kubernetes Token . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 338
11
Accessing the Kubernetes Dashboard. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 339
Deleting a Pod . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 341
Working with Grafana . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 342
Troubleshooting Your Network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 344
Troubleshooting the Network Connection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 345
Verifying the Hosts File Contents. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 346
Verifying the resolv.conf Configuration File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 347
Verifying the nsswitch.conf Configuration File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 347
Troubleshooting Playback. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 348
Verifying Access to Shared Storage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 348
Clearing the Player Cache . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 349
Reviewing the Default Quota for the Gluster Cache . . . . . . . . . . . . . . . . . . . . . . . . . . . 349
Using the Player Demo Page. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 351
Production Management Connection Issues . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 351
Troubleshooting the Multi-Site Configuration Process . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 352
Troubleshooting the XFER Service. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 353
12
Using This Guide
This document provides instructions for installing and configuring a new Avid MediaCentral | Cloud
UX (MCUX) system. Avid recommends that you read all the information in both this document and
the Avid MediaCentral | Cloud UX ReadMe thoroughly before installing or using the corresponding
software release.
If you are performing an upgrade of an existing installation, see the Avid MediaCentral | Cloud UX
ReadMe for upgrade instructions.
The following documents are referenced in this guide:

• Avid MediaCentral | Cloud UX ReadMe — Read prior to completing any MCUX installation.
• Avid MediaCentral | Cloud UX User’s Guide — Refer to this guide for detailed information on
the apps and features of the MediaCentral Cloud UX user interface.
• Avid MediaCentral | Cloud UX Hardware Guide — Includes information on Avid qualified
servers as well as scaling and configuration options.
• Avid MediaCentral | Cloud UX Virtual Environment with VMware® — Used to build a
MediaCentral Cloud UX server in a virtual environment using VMware.
• Avid Networking Port Usage Guide — A reference document for configuring network ports for
firewalls and other security purposes.
Important: See the following link on the Avid Knowledge Base for the latest updates to this guide
and all related documentation:
http://avid.force.com/pkb/articles/en_US/user_guide/MediaCentral-CloudUX-Documentation
n For a list products qualified for use with Avid MediaCentral Cloud UX, see the Software
Compatibility Matrix on the Avid Knowledge Base.
Revision History
Date Revised Changes Made
May 31, 2023 Example workflows added to Configuring the MediaCentral Search Connector >
Configuration that further explain how roles and permissions affect Production
Management Asset Visibility.
Also related: “Disabling Asset Visibility” on page 94
June 2, 2022 Updated recommendations and requirements when defining your DNS configuration. For
more information, see “Configuring Networking in the CentOS Install Wizard” on
page 50.
Additional minor updates.
April 14, 2022 Initial release. See the ReadMe for a list of new features and updates.
Important Terms and Notes
Important Terms and Notes

Throughout this document, “Avid MediaCentral Cloud UX” might be referred to as “MCUX” and
“Community Enterprise Operating System” is referred to as “CentOS”.
The CentOS™ deployment used in an MCUX environment is command-line based. The processes
described in this guide might require you to edit various system files. Although multiple text editors
exist, the tool used throughout this document is “vi”. If you are unfamiliar with vi, you can refer to
“Using the vi Editor” on page 259 for a short introduction to the text editor.
c If copying / pasting commands from this document into a command line interface tool such as
Putty©, be sure to verify the command after pasting. It is possible that some characters might
be replaced during the paste process which can lead to a failed or problematic installation.
When working in CentOS, this guide assumes that the user is logged in as the root user. You are
required to enter all commands and configure the server as the root user.
Beta Apps
This release of MediaCentral Cloud UX might contain features that are included as beta. Apps or
features that fall into this category are clearly identified with a Beta label in the user interface and/or
the MediaCentral Cloud UX documentation. All other features discussed in this document are fully
implemented and are not considered beta.
What is a Beta?
Avid Technology defines the term beta as a feature that is offered to customers for experimentation
with the understanding that Avid expects to fully implement the feature in a future release. Beta
features are officially unsupported and potentially incomplete or unsuitable for production systems. It
is possible that due to unforeseen circumstances, the feature will be altered or altogether removed
from the shipping product. In the future, beta features might be licensed and sold by Avid and use of
the feature does not constitute receipt of a permanent license.
Customer feedback regarding the beta is welcome. Customers may contact Avid Customer Care to
create support cases regarding beta features. However, cases specifically related to beta features will
not be escalated to critical status and might not be resolved.
Symbols and Conventions

Avid documentation uses the following symbols and conventions:
Symbol or Convention Meaning or Action
A note provides important related information, reminders, recommendations,

n and strong suggestions.
A warning describes an action that could cause you physical harm. Follow the
w guidelines in this document or on the unit itself when handling electrical
equipment.
A caution means that a specific action you take could cause harm to your
c computer or cause you to lose data.
14
If You Need Help
Symbol or Convention Meaning or Action
> This symbol indicates menu commands (and subcommands) in the order you
select them. For example, File > Import means to open the File menu and then
select the Import command.
This symbol indicates a single-step procedure. Multiple arrows in a list

indicate that you perform one of the actions listed.
(Windows), (Windows only), This text indicates that the information applies only to the specified operating
(macOS), or (macOS only) system, either Windows or macOS.
Bold font Bold font is primarily used in task instructions to identify user interface items
and keyboard sequences.
Italic font Italic font is used to emphasize certain words and to indicate variables.
Variables are often enclosed in angled brackets: < >.
Courier Bold font Courier Bold font identifies text that you type.
Ctrl+key or mouse action Press and hold the first key while you press the last key or perform the mouse
action. For example, Command+Option+C or Ctrl+drag.
If You Need Help

If you are having trouble using your Avid product:
1. Retry the action, carefully following the instructions given for that task in this guide. It is
especially important to check each step of your workflow.
2. Check the latest information that might have become available after the documentation was
published. You should always check online for the most up-to-date release notes or ReadMe
because the online version is updated whenever new information becomes available. To view
these online versions, select ReadMe from the Help menu, or visit the Knowledge Base at
http://avid.force.com/pkb/articles/en_US/user_guide/MediaCentral-CloudUX-Documentation.
3. Check the documentation that came with your Avid application or your hardware for
maintenance or hardware-related issues.
4. Visit the online Avid Knowledge Base. Online services are available 24 hours per day, 7 days per
week. Search this online Knowledge Base to find answers, to view error messages, to access
troubleshooting tips, to download updates, and to read or join online message-board discussions.
Avid Training Services

Avid makes lifelong learning, career advancement, and personal development easy and convenient.
Avid understands that the knowledge you need to differentiate yourself is always changing, and Avid
continually updates course content and offers new training delivery methods that accommodate your
pressured and competitive work environment.
For information on courses/schedules, training centers, certifications, courseware, and books, please
visit https://www.avid.com/learn-and-support and follow the Training links, or call Avid Sales at
800-949-AVID (800-949-2843).
15
1 Installation Prerequisites
The purpose of this chapter is to guide you through the preparation of all materials and resources that
you might need to complete the MediaCentral Cloud UX installation process. This chapter also
includes information on requirements for systems that you might integrate with MCUX.
The following main topics are described in this chapter:

• Before You Begin
• Network Interface Cards and Network Connections
• Understanding Docker Containers and Kubernetes
• Operating System and Security
• Obtaining the MediaCentral Installation Packages
• Accessing the Cloud UX Server
• Additional Configuration for Integrated Modules
• MediaCentral | Phonetic Index
• Copying Software to the MCUX Server
• Creating the MCUX Installation Media
Before You Begin

Every successful installation starts with careful planning. Before you begin the installation process,
you should verify that you have identified answers for each of the following data points.
Networking
• Identify the names and/or IP addresses of your Domain, DNS, NTP, etc.
• Identify the host name and IP address of any system that you plan to integrate with MediaCentral
Cloud UX. Examples include: MediaCentral Production Management, Avid NEXIS, or others.
• Define host names for each of your MediaCentral Cloud UX servers.
Hostnames must comply with “RFC 952” and “RFC-1123” standards. Avid recommends
keeping host names under 15 characters to maintain backwards compatibility with older systems.
The only “special character” allowed in a hostname is a dash “ -”. Underscores are not allowed.
Contrary to the RFC 952 standard, you must use all lower-case when entering the MediaCentral
Cloud UX server host name in both DNS and during the CentOS installation process.
Additionally, MediaCentral Cloud UX does not support server host names that begin with a
leading numerical value — such as “1mcux”.
For more information on RFC specifications, see https://ietf.org/standards/rfcs/. For additional
information on host name restrictions in Microsoft Windows domains, see https://
technet.microsoft.com/en-us/library/cc959336.aspx.
Before You Begin
• Define a static IP address for each of your MediaCentral Cloud UX servers.

MediaCentral Cloud UX does not support configuring the server with Dynamic Host
Configuration Protocol (DHCP).
• During the deployment process, the avidctl platform host-setup script requires you to
define three internal networks that can be used by Kubernetes for internal communication:
- Kubernetes Service Network: The default range of this network is 10.254.1.0/24.
- Kubernetes Pod Network: The default range of this network is 172.19.0.1/16.
- Docker Bridge Network: The default range of this network is 172.17.0.0/16.
While you can configure multiple MediaCentral Cloud UX systems within the same network to
use the same Kubernetes network ranges, you must not assign the IP addresses in these ranges to
any external systems. If any of the IP addresses included in the default ranges of 10.254.1.0/24,
172.19.0.1/16, or 172.17.0.0/16 are already in use in your network, you must assign different
ranges to Kubernetes to avoid network conflicts.
For more information, see “Running the Cloud UX Setup Script” on page 62. For additional
information on the Docker network, see “Reconfiguring the Docker Bridge Network” on
page 292.
• If your organization has purchased MediaCentral Phonetic Index, you must define a host name
for the Nexidia Search Grid™ server and a dedicated IP address.
For more information, see “MediaCentral | Phonetic Index” on page 23.
• If you plan on installing multiple servers in a clustered configuration, you also must define a host
name and a static IP address that will be assigned to the cluster.
When users connect to a cluster, they do not connect to an individual server. Instead, users
connect to the cluster name — a virtual representation of all cluster nodes. For example, a three
node cluster configuration might look like the following:
Host Name (FQDN) IP Address Description
wavd-mcux.wavd.com 192.168.10.50 Cluster host name and IP
wavd-mcux01.wavd.com 192.168.10.51 Cluster node 1
• The Avid installation of CentOS is not configured to automatically register with your site’s DNS
server. You must work with your on-site IT Department to manually enter each MCUX server in
both Forward and Reverse DNS. If you are configuring a clustered environment, you must also
enter the host name and IP address that you plan to associate with the cluster into the DNS.
When entering the host name in DNS, you must enter all text in lower-case.
If you configure CentOS with two DNS servers, you must ensure that both servers contain
entries for all connected Avid systems, and that the servers maintain proper synchronization.
• Verify that all network ports required for your installation are open between network switches
and across firewalls.
For more information, see the Avid Networking Port Usage Guide on the Avid Knowledge Base.
• This release of MediaCentral Cloud UX does not support port-bonding or teaming of the server’s
network interfaces.
17
Before You Begin
System Storage
When you deploy CentOS during the software installation process (detailed later in this guide), you
will have the opportunity to review the disk partitioning information. You might notice that /var is
generally the largest partition on the disk by default. This partition is used to house various databases,
as well as the asset indexes that are required for MediaCentral Search. If you plan to include your
system in a Multi-Site environment, your local system will store index information for each remote
site at this same location. For these reasons, you’ll want to make sure that your sda drive is large
enough to accommodate your workflow.
While the storage requirements can vary based on your workflow, you can use the following general
guidelines on the search index requirements to help you determine your storage needs:
• Asset Management (1 million assets, no multi-site)
- MongoDB: ~3.0 GB
- Elasticsearch: ~6.1 GB (no replica shard) or ~12.2 GB (1 replica shard)
• Production Management (1 million assets, no multi-site)
- MongoDB: ~0.3 GB
- Elasticsearch: ~2.1 GB (no replica shard) or ~4.2 GB (1 replica shard)
If you plan to deploy System Monitoring and you plan to use a MediaCentral Cloud UX server as a
logging node, Avid recommends that you mount the monitoring data root directory (/var/lib/mon)
to a dedicated disk or a dedicated partition of at least 150GB of an existing disk. For more
information on this feature, see “Enabling System Monitoring” on page 101.
For more information on provisioning storage space, see either the Avid MediaCentral | Cloud UX
Hardware Guide or the Avid MediaCentral | Cloud UX Virtual Environment with VMware.
Time Synchronization
If you do not have an NTP server already configured, contact your local IT department about creating
one prior to beginning the MediaCentral Cloud UX installation process. Maintaining precise time
synchronization between MediaCentral Cloud UX and connected systems (Avid NEXIS,
MediaCentral Production Management, etc) is critical to the operation of the system. If you do not
properly time-sync your back-end systems, users might be unable to play media in the Asset Editor,
find newly created assets through Search, lock or save stories in the Rundown app, or other.
When working in a multi-site environment, Avid recommends that you connect all sites to a common
time source to ensure that both local and remote systems are in sync.
Users and User Management

• MediaCentral Cloud UX requires a connection to either Windows Active Directory or Okta for
user management and authentication. Later in the installation and configuration process, you will
connect MediaCentral Cloud UX to your authentication provider and import user groups.
For additional requirements, see “Configuring an Authentication Provider” on page 78.
• Identify all users and user groups that you want to import from your authentication provider.
MediaCentral Cloud UX client licenses are assigned to user groups and not to individual users. If
you have not organized your users into logical groups, it might be beneficial to do so now. For
instance, you might combine a group of users into an “Editor” group. Alternatively, you could
group all users that share a common department such as “Promotions”.
18
Network Interface Cards and Network Connections
For more information about assigning licenses and understanding the different license types, see
“Using the License App” on page 153.
• Define a user group in your authentication provider that will act as the Administrators group for
MediaCentral Cloud UX. Any users that are included in this group have access to the
MediaCentral Cloud UX Administrator apps. This user group does not require any additional
rights on your domain. The users included in this group do not need to be domain admins —
standard domain users are acceptable.
For more information about the Administrator apps, see “Administrator App Overview” on
page 118.
• If you plan to integrate with MediaCentral Production Management, you must identify a user in
the Production Management database that can be used by MediaCentral Cloud UX. This user
must have minimum read access to the top level of the Production Management database (the
entire database).
• If you plan to integrate with Avid shared storage, you must identify an Avid NEXIS user that has
read/write access to all workspaces that include media that you plan to access through
MediaCentral Cloud UX.
Integrated systems
• After you have identified the systems that you plan to integrate with MediaCentral Cloud UX,
you must verify that each system is available and operating normally. Examples of integrated
systems are MediaCentral Production Management, Avid NEXIS, 3rd party systems, or others.
• If your installation includes an Send to Playback workflow for MediaCentral Production
Management assets, you must install the Avid MediaCentral Distribution Service.
For more information and installation instructions, see the MediaCentral Distribution Service
ReadMe on the Avid Knowledge Base at: http://avid.force.com/pkb/articles/en_US/user_guide/
MediaCentral-CloudUX-Documentation
Network Interface Cards and Network Connections

Avid supports the on-board 1 Gb network adapter in many HP and Dell servers. However, certain
workflows require the increased bandwidth of a 10 Gb network adapter. For example, a 10 Gb
connection is required for any MCUX deployment that intends to use 100+ Mbps video formats such
as AVC-I 100, DVCPro 100, and DNxHD 145. 10 Gb connections might also be desired or required
to enable increased client connections or playback streams.
For more information on 10 Gb card slot locations for qualified HP and Dell servers, see “Card
Placement in MCUX Servers” on page 299.
Prior to installing the operating system on your MediaCentral Cloud UX server, you are required to
install any add-in network adapters and cable any network interfaces that you plan to use. If you
complete this task now, you can ensure that the CentOS operating system correctly identifies and
configures the adapters during the software installation process. This is especially important for
MediaCentral Cloud UX cluster configurations — where the primary network interface (the interface
associated with your network gateway) must have the same name across all cluster nodes.
19
Understanding Docker Containers and Kubernetes
Remote Client Connections

MediaCentral Cloud UX web or mobile clients that connect through the public Internet require VPN
access into the server network. All connections pass through the VPN router/firewall through
identified ports. Once the data has passed into the “house network”, it is secured using the customer’s
existing network security infrastructure.
For more information on networking in an Avid environment, see the Network Requirements for Avid
NEXIS, and MediaCentral document located on the Avid Knowledge Base at: http://avid.force.com/
pkb/articles/en_US/compatibility/en244197
For information on port usage and network firewall information, see the Avid Networking Port Usage
Guide at: http://avid.force.com/pkb/articles/en_US/readme/Avid-Networking-Port-Usage-Guide
Understanding Docker Containers and Kubernetes

MediaCentral Cloud UX is built in a Kubernetes® managed Docker® container structure. Prior to
beginning the installation process, you should review the following information to obtain a very
basic, high-level understanding of the these systems.
What is Docker and What are Containers?
Docker is a software platform that you might compare to a virtual machine environment. In a VM
environment, you have a host server (the hardware) and a host operating system. Once you have those
pieces in place, your host server can run one or more virtual machines — each of which runs its own
operating system and applications.
In a Docker environment, you have a host server (the hardware) and a host operating system such as
Linux, Windows, or other. Docker is then installed on the host operating system. After Docker is
installed, you can begin to create one or more images or containers. In this example, you can
compare containers to virtual machines. However, a major difference between the two is that
containers do not include an operating system.
A container is generally composed of a single service or application as well as any dependent

components. Dependencies could be as simple as a single one-line configuration file, or could be as
complex as a full SQL database with all the resources to run that database. Because containers do not
include an operating system, they have the benefit of being much smaller than an entire virtual
machine and can therefore start or restart much faster then a VM.
Although not applicable to MediaCentral Cloud UX which always runs on Linux, another interesting
aspect of Docker containers is that they are operating system independent. Once you create a
container image, it can run on Linux, Windows, macOS, or other — as long as the OS has the Docker
platform installed.
For more information on Docker and container technology, see https://www.docker.com/.
What is Kubernetes?
Ancient Greek for “pilot” or “helmsman”, Kubernetes (“koo-burr-NET-eez”) is a cluster manager /

container orchestration engine. Kubernetes does not manage Docker containers directly. Instead, it
manages pods. A pod is a construct that wraps around one or more containers (although usually just
20
Operating System and Security
one). Kubernetes is installed on each MediaCentral Cloud UX server and provides the foundation for
the system’s clustering technology. Depending on how the system is engineered, Kubernetes can
create multiple redundant pods. If a pod goes down, another can be brought online quickly.
In a Kubernetes environment, each MediaCentral Cloud UX server is identified as a node. In a cluster

configuration, you can have Master nodes, Worker nodes, or a node that fills both roles. Master nodes
are responsible for coordinating activities across the cluster. Worker nodes are generally more passive
in that they run pods, but do not manage them. Nodes that are identified as both a master and a
worker have enough resources to both coordinate activities and run pods. In a MediaCentral Cloud
UX cluster, the first three servers operate as both Master and Worker nodes. All other nodes are
simply worker nodes. When creating a MediaCentral Cloud UX cluster, Avid requires a
minimum of three cluster nodes. Two node configurations are not supported.
You can interact with Kubernetes through the CentOS command line interface. However, you can
also access Kubernetes through a web portal that provides a graphical view of the managed systems.
For more information, see “Working with Kubernetes” on page 335 or https://kubernetes.io/.
Operating System and Security

MediaCentral Cloud UX is installed on a community-driven, command-line based operating system
called CentOS (Community Enterprise Operating System) — derived from the sources of Red Hat
Enterprise Linux (RHEL). The operating system is supplied by Avid as part of the MediaCentral
Cloud UX installation media. This distribution of CentOS also includes operating system security
updates that have been qualified by Avid.
c Avid does not support installing any operating system updates or patches on the MediaCentral
Cloud UX server. Do not install OS updates unless you are specifically directed to do so by
Avid.
For more information on system security, see the following link to the Avid Knowledge Base:
http://avid.force.com/pkb/articles/en_US/troubleshooting/en239659
For more information about CentOS, see https://www.centos.org/about/.
Obtaining the MediaCentral Installation Packages

Most Avid MediaCentral Cloud UX software packages are available from the Avid Download
Center. Avid might provide additional packages during the system commissioning process.
n If you have not already created an Avid.com user account, you must do so now. This Master Account
enables you to sync your Avid Video Download and Avid Video Community accounts as well as gain
access to the Avid Support Center.
After you have logged into the Download Center, download the following:
• Avid MediaCentral Cloud UX Platform
This is the primary installer package that includes the CentOS operating system and core Avid
installation components. All installations require this software.
Example file name: mediacentral_platform_<build>.iso
• Avid MediaCentral Cloud UX Feature Packs
21
Accessing the Cloud UX Server
This package includes additional software to install MediaCentral Cloud UX applications on the
Platform. All installations require this software.
Example file name: mediacentral_feature_packs_<build>.iso
• (if applicable) Avid MediaCentral Cloud UX Updates
Avid often releases updates to MCUX that provide fixes and new features. Consult the Update
ReadMe for specific installation instructions.
• (if applicable) MediaCentral Distribution Service (MCDS)
MCDS is a Windows-based application that coordinates jobs with Avid Production Management
Services for send-to-playback operations. If your installation includes an STP workflow that
includes MediaCentral Production Management assets, download this software.
• (if applicable) MediaCentral Phonetic Index Language Packs
If your organization has purchased a license for MediaCentral Phonetic Index and you need to
index audio in a language other than English, you must download an additional language pack.
Language packs require additional licensing on the MediaCentral Cloud UX server.
n If any of the packages listed above are not available through the Download Center, contact your Avid
representative to obtain the necessary software.
Additional software:
• Nexidia Search Grid™
If your organization has purchased a license for MediaCentral Phonetic Index, you must install
the Nexidia Search Grid software on a separate dedicated server. This software is provided to
you by Avid at the time of installation and is not available on the Avid Download Center.
Accessing the Cloud UX Server

If you are installing MediaCentral Cloud UX on a local server, you must complete the initial
configuration of the server using a directly connected monitor and keyboard, or through a KVM
(keyboard, video, and mouse) device.
n Some KVMs offer the ability to connect virtual devices to the client operating system. In some cases,
a name (sda, sdb) might be assigned to these devices during the installation process. If this occurs,
the MediaCentral Cloud UX installation could fail. To avoid possible failures, Avid recommends
disabling this option on your KVM if applicable.
If you are installing MediaCentral Cloud UX using VMware®, see the Avid MediaCentral | Cloud UX
Virtual Environment with VMware on the Avid Knowledge Base for initial setup instructions.
Once the initial configuration is complete, Avid recommends connecting to the MediaCentral Cloud
UX server indirectly through SSH (Secure Shell) client. SSH is preferable for the following reasons:
• Allows for an expandable view of the CentOS command line interface (adjustable window size)
• Allows for multiple sessions to the same host server or to multiple servers
• Allows for simplified copy/paste of selected text
• Allows for logging of all session output
On Windows, PuTTY© is an example of a SSH client. To download the PuTTY software, visit:
http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html
22
Additional Configuration for Integrated Modules
Additional Configuration for Integrated Modules

When integrating with MediaCentral modules such as MediaCentral Asset Management, you might
be required to configure settings on the MediaCentral Cloud UX server, the MediaCentral module, or
both. This guide includes instructions to configure settings on the MediaCentral Cloud UX server.
For additional information on configuring modules for integration with MediaCentral Cloud UX, see
the following:
• For MediaCentral Production Management, see “Configuring Production Modules for
MediaCentral Cloud UX” on page 132.
• For MediaCentral Asset Management, see “Configuring Asset Management for MediaCentral |
Cloud UX” in the Avid MediaCentral | Asset Management Installation Manual.
If you plan to use Asset Management Desktop, you must also complete the process for
“Configuring Usage of the HTML5 Player in Asset Management Desktop” in the Avid
MediaCentral | Asset Management Installation Manual.
• For MediaCentral Newsroom Management, see “CTMS Integration” and “Central Indexing” in
the Avid MediaCentral | Newsroom Management Setup and Configuration Guide.
• For Maestro News, see “Installing MediaCentral | Cloud UX Plugin” in the Avid Maestro | News
Installation and Configuration Guide.
MediaCentral | Phonetic Index

MediaCentral Phonetic Index is an optional, licensed feature that phonetically analyzes assets on
your shared storage system. Once configured, the search engine creates a phonetic-based speech-to-
text index of that audio media. After the audio media is indexed, users can type any spoken word or
phrase into the MediaCentral Cloud UX Search app and within seconds receive a list of all assets that
include the desired phrase or phrases. Users can then play the assets and use the controls in the Asset
Editor to queue the blue position indicator to the point in time where the phonetic result was found.
MediaCentral Phonetic Index requires you to install additional software on a separate, dedicated
server. For more information about the minimum hardware and software requirements for this server,
see “Installing Nexidia Search Grid” on page 121.
Copying Software to the MCUX Server

When working with MediaCentral Cloud UX, you might be required to copy software to or from the
MediaCentral Cloud UX server. For details on two possible methods, see “Copying Software to the
MCUX Server” on page 255.
Creating the MCUX Installation Media

MediaCentral Cloud UX is delivered as two ISO files that include the CentOS operating system and
the MediaCentral Cloud UX software. If you plan to install MediaCentral Cloud UX on a physical
server, you must use the Avid MediaCentral Cloud UX Platform ISO file
(mediacentral_platform_<build>.iso) to create a bootable image on a portable media device such as a
USB drive or an optical disk (DVD). This device is referenced throughout this document as your
Cloud UX ISO media.
23
Creating the MCUX Installation Media
n You must use the Avid MediaCentral Cloud UX Platform ISO file to install CentOS on the
MediaCentral Cloud UX server. Avid does not support installing CentOS using any other method.
There are many applications that offer the ability to create bootable media. An example of an
application of this type is Rufus© which can be located at: https://rufus.ie/. Although not covered in
detail in this guide, Rufus offers a very intuitive user interface. If you plan to use this application to
create the MediaCentral Cloud UX ISO media, Avid suggests disabling the option to “Create
extended label and icon files”.
If you plan to create a bootable USB drive, note that the first step in this process often involves
formatting the device. Avid recommends that you connect only the USB drive that you plan to use in
this process. If you have more than one USB drive connected to the system, make sure that you select
the correct drive when completing this procedure.
n The BIOS on some servers might not recognize USB 3.0 drives correctly. In some cases this results in
the inability to boot from a USB 3.0 drive. If you experience problems, try repeating the process with
a USB 2.0 drive.
24
2 BIOS and RAID Configuration
The purpose of this chapter is to prepare the server hardware for the installation of CentOS and

• Changing BIOS Settings
• Configuring the Onboard RAID
This chapter includes information on current generation hardware. If you are installing MediaCentral
Cloud UX on older hardware, see “BIOS and RAID for Legacy Systems” on page 300.
Changing BIOS Settings

This section provides information on the BIOS settings for the following Avid qualified servers:
• “Configuring the BIOS on the HP ProLiant DL360 Gen10” on page 25
• “Configuring the BIOS on the Dell PowerEdge R640” on page 28
Servers are frequently shipped with BIOS settings configured for a power-saving mode.
MediaCentral Cloud UX makes intensive use of the server’s CPUs and memory, especially when
under heavy load. You must configure the server’s BIOS to operate at maximum performance to
ensure operational efficiency.
To ensure the smooth installation of CentOS and MediaCentral Cloud UX, you must set the system
clock within the BIOS. When configuring a cluster, maintaining time synchronization between the
nodes is particularly important.
n The processes and illustrations in this section are provided as a guideline and are subject to change
without notice. If the menus and options are not found per the following instructions, see your
hardware vendor’s documentation for updated information.
Configuring the BIOS on the HP ProLiant DL360 Gen10

To configure the BIOS on the HP Gen10 server:
1. Power up the server.
2. When the console displays the option to enter the “Intelligent Provisioning” menu, press F10.
The BIOS responds by highlighting the F10 icon at the bottom of the screen as illustrated below.
3. The system displays a new menu. Highlight the Intelligent Provisioning option and press Enter
to confirm the selection, or wait for the timer to expire.
4. When you see the Intelligent Provisioning screen, click the Perform Maintenance button to
continue.
The following illustration shows the Perform Maintenance window.
26
5. Click the BIOS Configuration (RBSU) option to access the BIOS settings.
The BIOS Configuration window appears as illustrated below with menus referenced in this
process outlined in red.
6. Use the Workload Profile menu at the bottom of the screen to select the High Performance
Compute (HPC) configuration option.
When you select this option, the settings found in the Power and Performance Options are
configured for High Performance.
7. Click on the Date and Time option in the menu on the left.
Configure your date, time, and time zone in this window and then click the green Back arrow at
the bottom of the screen to return to the previous menu.
8. Click on Boot Options in the menu on the left.
The Boot Options window appears as in the following illustration.
27
9. Select the option for Legacy BIOS Mode in the Boot Mode menu and then click the green Back
arrow at the bottom of the screen to return to the previous menu.
10. Finally, you must click the green Update button on the BIOS Configuration screen to save your
changes.
When you click the update button, the system alerts you that a reboot is required to enable the
settings. Follow the prompts to reboot your server.
n The process of applying the BIOS changes might cause your server to reboot more than once.
Proceed to “Configuring the Onboard RAID” on page 31.
Configuring the BIOS on the Dell PowerEdge R640

This process includes steps to verify the server’s boot order. If you plan on installing MediaCentral
Cloud UX from a USB drive, verify that the drive is connected to the server prior to beginning this
process.
To configure the BIOS on the Dell PowerEdge server:

1. (if applicable) Connect your Cloud UX ISO media to one of the Dell’s USB ports.
3. Press F2 to enter the BIOS (System Setup).
4. In the System Setup menu, select the System BIOS option.
5. In the System BIOS menu, select the System Profile Settings option.
28
6. In the System Profile Settings window, select the Performance profile from the menu.
n There are three “Performance” profiles. Once of them specifically says “Performance” and not
“Performance Per Watt.”
7. Click the Back button in the bottom-right corner of the window to return to the System BIOS
menu.
8. In the System BIOS menu, select the Boot Settings option.
9. In the Boot Settings window, change the Boot Mode to BIOS.

After you change the BIOS Boot Mode, you are required to reboot the server to apply the
changes. Reboot the server and press F2 when prompted to return to the System BIOS menus.
After you have entered the BIOS, return to the Boot Settings menu.
n You might notice that the BIOS boot screen looks different after changing the BIOS Boot Mode. This
is normal.
10. In the Boot Settings window, click the BIOS Boot Settings option.
11. In the BIOS Boot Settings window, click the Hard-Disk Drive Sequence option.
29
12. In the Change Order window, use the + or – keys to move the USB boot drive to the top of the list
and click OK. This allows your server to boot from a USB drive if needed.
13. Click the OK button to accept the changes and then click the Back button until you return to the
System BIOS Settings page.
14. In the System BIOS menu, select the Miscellaneous Settings option.
You might need to use the scroll bar to the right of the menu system to access this option.
15. In the Miscellaneous Settings window, change the System Time and System Date by
highlighting the appropriate field and pressing Enter.
A new window appears with menu options to adjust the time or date.
16. Adjust the time and date and click OK when done.
17. Click Back and Finish to return to the main System Setup screen.
n When ordering a Dell server, an “Internal SD Card Port” is an optional component. This device will
appear to Linux as a media device and it will automatically be assigned a device name. This can
interfere with the CentOS / MCUX deployment. If you have an “Internal SD Card Port”, temporarily
disable it in the BIOS: System BIOS > Integrated Devices > Internal SD Card Port > Off. The device
can be re-enabled once you have completed the MediaCentral Cloud UX installation.
Proceed to “Configuring the Onboard RAID” on page 31.
30
Configuring the Onboard RAID

This section provides information on the RAID configuration for the following Avid qualified
servers:
• “HP ProLiant DL360 Gen10 RAID Configuration” on page 31
• “Dell PowerEdge R640 RAID Configuration” on page 35
The majority of MediaCentral Cloud UX deployments are configured with two volumes:
• A RAID 1 volume consisting of a mirrored set of two physical drives. This is where the
operating system and applications are installed.
• A RAID 5 volume consisting of three or more physical drives (usually 5 to 8 drives). These
drives are used as a media cache volume.
While other configuration options are possible, this guide focuses on the RAID 1 and RAID 5 sets
described above. For additional configuration options, see the Avid MediaCentral | Cloud UX
Hardware Guide.
HP ProLiant DL360 Gen10 RAID Configuration

This document provides instructions for creating a media cache volume as a RAID 5 using multiple
disks in the server enclosure. The examples used in this process show two 500GB drives that are
used to create the RAID 1 and eight 450GB drives that are used to create the RAID 5. However, other
configurations are possible.
n If the list of available disks does not appear as expected, it may be that a RAID has already been
created. You can delete the existing RAID if necessary. Note that deleting a RAID destroys all the
data located on the drives.
c The RAID configuration process immediately transitions into the CentOS / MediaCentral
Cloud UX installation. It is recommended that you add your Cloud UX ISO media to the server
at this time.
To configure the HP ProLiant Gen10 RAID 1:

1. Reboot the server and press F10 to select Intelligent Provisioning.
2. In the following window, select the option for the HP Smart Storage Administrator (SSA).
3. At the “Welcome to HP Smart Storage Administrator” screen, select the HPE Smart Array
P816i-a SR Gen10 controller by clicking on the link in the menu on the left side of the window.
31
4. Select Create Array under “Actions”.

5. Select both 500GB Drives then select Create Array.
32
6. Verify the following are selected: RAID 1, 256 KiB / 256 KiB Stripe Size, 32 Sectors, Maximum
Size, Caching Enabled.
If you are using Solid State Drives (SSD) and you see an option for SSD Over Provisioning, you
can keep the default selection enabled to Perform SSD Over Provisioning Optimization.
7. Click Create Logical Drive.
8. You will receive a message indicating the “Logical Drive was successfully created.” Click Finish
to complete the RAID 1 creation process.
n Do not press the Escape key to exit, since this reboots the server.
To configure the HP ProLiant DL360 Gen10 RAID 5:

1. This process assumes you are continuing from the RAID 1 creation process.
Select Create Array under “Actions”.
2. Select all eight 450GB Drives then select Create Array.
33
3. Verify the following are selected: RAID 5, 256 KiB / 1.7 MiB Stripe Size, 32 Sectors, Maximum

6. Click the “X” (top right) to exit. Confirm the exit by clicking “OK” when prompted.
7. Click the “Power” button (top right) to exit. Select “Reboot” when prompted.
Proceed to“Software Installation and Configuration” on page 41 to continue the installation.
34
Dell PowerEdge R640 RAID Configuration

When ordering a Dell PowerEdge R640 server, you are required to select a RAID configuration
option. Systems that are equipped with three or more drives are often configured with a single RAID
5 array that spans all drives in the server. This single RAID set does not represent the optimal
configuration for a MediaCentral Cloud UX server. You must use the processes detailed in this
section to verify, and if necessary, reconfigure the RAID set through the system BIOS. Later you will
use CentOS to ensure the RAID arrays are cleared of existing data.
c The RAID configuration process immediately transitions into the CentOS / MediaCentral
Cloud UX installation. If you have not already added the Cloud UX ISO media to your server,
do so at this time.
Verifying the R640 RAID Configuration
Complete the following process to verify the current RAID configuration.
To verify the RAID Configuration:

1. (if necessary) Reboot the server and press F2 to enter the BIOS.
2. From the main System Setup screen, select the Device Settings option.
The Device Settings menu appears as in the following illustration.
3. From the Device Settings menu, select the Integrated RAID Controller option.
4. From the RAID controller Main Menu, select the Virtual Disk Management option.
This window lists the RAID volumes configured on the server.
t If your server includes three or more disks, you might see a single RAID 5 set as shown in
the following illustration.
35
In this case, you must delete and recreate the RAID configuration. Proceed directly to
“Deleting and Reconfiguring the R640 RAID Configuration” on page 37.
t If instead you see a RAID 1 and a RAID 5 set, your server is configured correctly for
MediaCentral Cloud UX. In this case, continue with the steps outlined in this procedure.
5. Click the Back button to return to the Main Menu.

6. From the Main Menu, select the Controller Management option.
The controller properties are displayed as in the following illustration.
7. Verify that the RAID 1 volume is selected as the Boot Device.

If the RAID 1 is not selected as the Boot Device, use the menu to change the setting.
8. Click the Back or Finish buttons to exit the BIOS and save your changes.
Proceed to “Software Installation and Configuration” on page 41 to continue the installation.
36
Deleting and Reconfiguring the R640 RAID Configuration
Complete the following process to delete and recreate the RAID configuration.
To delete the RAID:

1. Navigate to the RAID controller Main Menu.
2. From the Main Menu, select the Virtual Disk Management option.
This window lists the RAID groups configured on the server. The following illustration shows a
single RAID 5 volume.
3. Click on the link for the RAID 5 Virtual Disk.

4. Select the Delete Virtual Disk option from the Operation menu, and then click the Go button.
n After you select an option from the Operation menu, the Go button appears in the user interface.
5. In the following screen, click the check box next to the Confirm option, and then click the Yes
option to delete the RAID.
37
6. Click OK to the confirmation window.

The Virtual Disk Management window should report that there are no remaining Virtual Disks.
7. Click the Back button to navigate back to the RAID controller Main Menu.
To recreate the RAID configuration:

1. From the RAID controller Main Menu, select the Configuration Management option.
2. Select the Create Virtual Disk menu option.
3. Begin to create the RAID 1 array by selecting RAID1 from the RAID Level menu.
4. Click the Select Physical Disks option to add disks to the RAID 1.
5. Click the check boxes to the left of the two drives that will be used to create the RAID 1.
The following illustration shows a system populated with eight disks of the same type, size, and
speed. The first two drives in slots 00 and 01 have been selected.
38
6. Click the Apply Changes button under the list of Physical Disks.
n There are two “Apply Changes” buttons on this page. The button in the upper area of the user
interface applies changes to the disk properties and the button in the lower area applies to the
Physical Disk selection. If for some reason you made changes to both areas, you must click both
buttons to apply all the changes.
7. Click the Back button to return to the Create Virtual Disk window.
8. Click the Create Virtual Disk option to create the RAID 1.
9. In the following screen, click the check box next to the Confirm option, and then click the Yes
option to delete the RAID.
10. Repeat the steps above to create the RAID 5 array. Note the following changes:
- In the Create Virtual Disk window, select the RAID5 option in the Select RAID Level menu
- When Selecting Physical Disks, select all remain disks or click the Check All option
11. Use the Back button to return to the Main Menu and select the Virtual Disk Management option.
Your final RAID configuration should appear similar to the following illustration.
39
12. From the Main Menu, select the Controller Management option.
The controller properties are displayed as in the following illustration.
13. Verify that the RAID 1 volume is selected as the Boot Device.
If the RAID 1 is not selected as the Boot Device, use the menu to change the setting.
14. Click the Back or Finish buttons to exit the BIOS and save your changes.
40
3 Software Installation and Configuration

• Chapter Overview
• Verifying Disk Partitioning
• MCUX Software Deployment
• Logging in to CentOS for the First Time
• Additional Network Configuration
• Updating the Avid NEXIS Client
• Running the Post-Install Setup Scripts
• Deploying System Monitoring
• Installing Software Updates
• Signing in to MediaCentral Cloud UX
• Administrator App Overview
• Continuing the Installation
Chapter Overview
The purpose of this chapter is to assist you with the installation and configuration of the CentOS
operating system and MediaCentral Cloud UX.
In this chapter you use the MediaCentral Cloud UX ISO media (referenced in “Creating the MCUX
Installation Media” on page 23) to install CentOS and core Avid software components. If your server
includes any devices that could be identified by CentOS as a volume (such as an SD card slot or
additional USB drive), you must disconnect these devices from the server or disable these devices
through the system BIOS prior to the software installation. Failure to do so could result in errors
during the deployment process.
c As a reminder, you must install and cable any required network adapters prior to installing the
operating system on your MediaCentral Cloud UX server. If you have not completed this task,
you must do so now.
Special Notes on Cluster Configurations
If you are installing multiple servers to create a MediaCentral Cloud UX cluster, you must complete
the following processes on each node:
• Verifying Disk Partitioning
• MCUX Software Deployment
• Logging in to CentOS for the First Time
Chapter Overview
• Additional Network Configuration

• Updating the Avid NEXIS Client
The above processes can be completed on all nodes simultaneously. After you have completed these
processes on all nodes, proceed to “Running the Post-Install Setup Scripts” on page 60 to continue
the installation.
Deploying a Dedicated Subscription License Server
With the introduction of subscription (Flex) licensing for MediaCentral Newsroom Management,
organizations that do not already own a MediaCentral Cloud UX system might want to deploy a
server that is dedicated to this task. In this configuration Avid expects that you do not deploy any
additional feature packs, and that you do not have any users signing into the MediaCentral Cloud UX
system (other than an administrator).
When deploying MediaCentral Cloud UX as a dedicated license server, complete the following:
• Complete the process for deploying CentOS using the Platform ISO as you would for any
installation. This includes assigning an IP address, host name, NTP source, and all standard tasks
outlined in this document.
While Avid supports deploying a dedicated license server in either a single-server or clustered
configuration, a three-node cluster might be excessive for this purpose.
• You are not required to update the Avid NEXIS Client as this dedicated server will not have the
capability to stream any media assets.
• Complete the process for “Running the Cloud UX Setup Script” on page 62.
• Complete the process for “Creating a Site Key” on page 67.
• Complete the process for “Creating Certificate Files” on page 69.
• Complete the process for “Deploying the Secure Sockets Layer Certificates” on page 76.
• (optional) Complete the process for “Configuring an Authentication Provider” on page 78.
• (optional, recommended) Complete the process for “Enabling System Monitoring” on page 101
to deploy the Monitoring feature. If you want to deploy the Logging feature, you cannot use the
MediaCentral Cloud UX server as the Logging host in this configuration.
• (optional) Complete the process for “Deploying the Kubernetes Dashboard” on page 109.
• Complete the process for “Running the Feature Pack Deployment Script” on page 111.
When running the deployment script, do not deploy any optional feature packs, such as
Production Management, Asset Management, Media Composer Enterprise, or other.
• (if enabled) Complete the process for “Deploying System Monitoring” on page 114.
• (if applicable) Complete the process for “Installing Software Updates” on page 115.
• Finally, sign in to MediaCentral Cloud UX as an administrator and install your license. For more
information, see “Using the License App” on page 159.
For information on reduced system specifications for a dedicated license server, see “Determining
Scale: Subscription License Server” in the Avid MediaCentral | Cloud UX Hardware Guide.
42
Verifying Disk Partitioning
Special Notes regarding Dell Servers
If you are using a USB drive, note that the USB ports on some Dell servers share support for standard
USB devices as well as features related to iDRAC (integrated Dell Remote Access Controller). If
your USB drive is not recognized by the Dell server, you might need to adjust iDRAC settings
through the system’s BIOS. Access the iDRAC settings on system boot, and adjust the USB
Management Port Mode from Automatic to “Standard OS Use”. If the drive is still not recognized,
you can also review the USB settings in the “System BIOS Settings - Integrated Devices” menu.
If you are still having issues accessing the USB boot device, see “Troubleshooting a USB device” in
the Dell PowerEdge Owner's Manual or recreate the USB drive using steps outlined in “Creating the
MCUX Installation Media” on page 23.

If you are re-purposing an existing server for use with MediaCentral Cloud UX, the volumes on the
server’s RAID 1 and RAID 5 arrays might include system partitions that can interfere with the
software deployment. In addition to existing servers, factory-new Dell servers often ship with
preconfigured partitions. These system partitions must be deleted prior to initiating the MediaCentral
Cloud UX installation process.
If you are certain that the volumes in your server do not include any preconfigured system partitions,
you can bypass this process and proceed directly to “MCUX Software Deployment” on page 46. If
you run into a problem, you can always revisit this procedure by rebooting from the Cloud UX ISO
media.
To delete pre-existing system partitions:

1. Boot from the MediaCentral Cloud UX ISO media.
2. At the Welcome screen, use the arrow keys on the keyboard to highlight the Troubleshooting
option and press Enter. Additional options appear as in the following illustration.
43
3. Highlight the Rescue a CentOS Linux System option and press Enter.
n When the “Press the <ENTER> key to begin the installation process” window appears, you can
press Enter or do nothing — the installation continues in either event.
After a few moments, the CentOS Rescue screen appears as in the following illustration.
4. In the CentOS Rescue screen, type 3 to “Skip to the shell” and press Enter.
The system replies with the following message and command prompt:
When finished, please exit from the shell and your system will reboot.
sh-4.2#
5. At the system prompt, use the CentOS fdisk utility to examine the current partitions:
fdisk -l
This command displays the available disks and partitions on the system. Since scroll bars are not
available in the rescue shell, you must press Shift+Page Up or Shift+Page Down on the keyboard
to view the entire output of the fdisk command.
In the following example, “sdb” represents the RAID 1 volume. Also present, but not shown is
an “sda” volume which represents a USB boot drive, and an “sdc” volume which represents the
RAID 5 volume.
Disk /dev/sdb: 500.1 GB, 500074307584 bytes
255 heads, 63 sectors/track, 60797 cylinders, total 97670732 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk identifier: 0xc755f5b0
44
Device Boot Start End Blocks Id System

/dev/sdb1 * 2048 1026047 512000 83 Linux
/dev/sdb2 1026048 42051583 20512768 8e Linux LVM
/dev/sdb3 42051584 976707583 467328000 8e Linux LVM
In this example, the sdb volume includes three partitions (sdb1, sdb2, sdb3). It is possible that
your server could include additional partitions (sdb4, sdb5, etc.).
You must delete all partitions on the RAID 1 volume and the RAID 5 volume (if applicable). The
remaining steps in this process assume that “sdb” is the RAID 1 and “sdc” is the RAID 5. If your
server does not follow the same naming convention, you might need to adjust some of the steps
in the following process to accommodate your environment.
6. Use the CentOS fdisk utility to select the sdb volume:
fdisk /dev/sdb
7. Type: p to print the current file system partition table. This command displays a similar output
as the fdisk –l command that you used earlier.
8. Type: d to begin deleting the partitions.
9. The fdisk utility prompts you to specify a partition to delete:
Partition number (1-3):
Enter the number of a partition on the sdb volume. For example: 3
10. Repeat the above two steps to delete the remaining “sdb” partitions.
11. Once complete, type p to print the partition table again. An empty partition table should look
like the following:
Device Boot Start End Blocks Id System
12. Type: w to write the changes to the partition table and exit the utility.
13. If you have a RAID 5 volume, repeat this process by specifying the RAID 5 “sdc” partition:
fdisk /dev/sdc
14. Repeat the above steps and type w to write the changes to the partition table and exit the utility.
15. Verify that the partitions on sdb and sdc (if applicable) were successfully removed using the
fdisk utility:
fdisk -cul
16. Reboot the server by pressing CTRL+ALT+DEL on your keyboard and proceed to “MCUX
Software Deployment” on page 46.
45
MCUX Software Deployment

This section details the process for installing CentOS and MediaCentral Cloud UX from either a
bootable USB drive or optical drive that include the contents of the Avid provided ISO file — your
Cloud UX ISO media.
For clarity, this section is divided into the following processes:

• “Initiating the Installation” on page 46
• “Configuring the Installation Destination in the CentOS Install Wizard” on page 47
• “Configuring Networking in the CentOS Install Wizard” on page 50
• “Configuring the Date and Time in the CentOS Install Wizard” on page 52
• “Finalizing the Installation” on page 53
Initiating the Installation

In this process, you boot from your Cloud UX ISO media to begin the CentOS installation and
configuration process.
To begin the installation:

1. Add the ISO media to the server and either boot or reboot the server (if it is already powered-on).
n For HP installs, you might encounter the following error message: “[Firmware Bug]: the BIOS has
corrupted hw-PMU resources”. This error can be ignored.
n If you are installing MediaCentral Cloud UX on an HP ProLiant Gen9 server and you get a black
screen on boot, you might need to alter a particular BIOS setting. Select Advanced Options > Video
Options from the system’s BIOS/Platform Configuration (RBSU) menu and change the embedded
video connection setting from “auto” to “always on”.
After a few moments, the installation splash screen appears as in the following illustration.
46
2. Use the arrow keys on the keyboard to highlight the “Install MCS Service host” option and press
the Enter key (or Return on a Mac keyboard) to begin the installation. Alternatively, you can wait
for the timer at the bottom of the screen to expire and the installation begins automatically.
n When the “Press the <ENTER> key to begin the installation process” window appears, you can
press Enter or do nothing — the installation continues in either event.
After some initial services are started, you are presented with the CentOS installation window.
Configuring the Installation Destination in the CentOS Install Wizard

MediaCentral Cloud UX servers are often configured with two volumes — a RAID 1 that is used for
the operating system and applications, and a larger RAID 5 that is dedicated as a media cache
volume. CentOS often defaults to installing the operating system on the largest volume that it finds. If
your server is equipped with both a RAID 1 and a RAID 5, you must manually configure the CentOS
installation destination to ensure that the operating system is installed on the RAID 1 volume.
If your server is equipped with a RAID 1 volume only, or if you do not plan to deploy System
Monitoring, you can bypass this process and proceed directly to “Configuring Networking in the
CentOS Install Wizard” on page 50.
To configure the installation destination:

1. Click on the INSTALLATION DESTINATION option to verify or configure your settings.
The Installation Destination window appears as in the following illustration.
47
This example illustration shows a server equipped with two volumes. The 100 GiB volume
represents the RAID 1 “sda” volume which is the desired installation destination for CentOS and
MediaCentral Cloud UX. The 500 GiB volume represents the RAID 5 “sdb” volume.
Also notice that the bottom of the window displays a warning about the current configuration. If
you click on the link in the warning, the system reports that a swap partition has not been
specified. This is normal for MediaCentral Cloud UX as Kubernetes deployment does not
support a swap partition.
n If you are installing MediaCentral Cloud UX from a USB drive, the USB drive might appear as the
SDA volume. At this point, the volume letters are unimportant. After you install CentOS and remove
the USB drive, the system drive will be relabeled as the SDA volume.
2. Click the drive icons in the Local Standard Disks area so that only the RAID1 volume is selected
(has a check mark over it).
3. Under the Other Storage Options area of the page, make sure that the “I will configure
partitioning.” button is selected. You might need to scroll down to see this option.
4. Click the Done button at the top of the page to confirm your settings.
The Manual Partitioning window appears.
48
The /var partition is generally the largest partition on the disk. You should not have a /swap
partition.
5. Click Done twice to confirm the partition information represented in this window.
CentOS displays the Summary of Changes window.
n After you click Done for the first time, the system might warn you about a missing swap partition.
This is normal and expected for MediaCentral Cloud UX installations.
6. Click Accept Changes in the Summary of Changes window.
49
Configuring Networking in the CentOS Install Wizard

In this process, you configure the networking parameters of your MediaCentral Cloud UX server. In
most cases, you configure only one network interface on the Cloud UX server. This interface might
be located on a native network adapter that is embedded in the server or it might be located on an
add-in PCIe adapter.
n As a reminder, this release of MediaCentral Cloud UX does not support DHCP or network port
bonding (teaming).
To configure the network interface:

1. Click on the NETWORK & HOST NAME option to configure the networking parameters.
n You might need to use the scroll bar on the right-side of the CentOS installation window to reveal this
menu option.
The NETWORK & HOST NAME configuration screen appears. The configuration window
includes a list of all available network interfaces on the left.
If you plan to configure multiple servers in a cluster configuration, it is important to note that the
network interfaces used for cluster communication must have the same name on each cluster
node. Note the name of your network interface and make a best effort to configure the network
interface with the same name on each node.
If you cannot select the same network interface on each node, you can manually rename the
interface at a later point in this installation process (see “Renaming the Primary Network
Interface” on page 55).
2. Enter the short host name of your MediaCentral Cloud UX server in the Host Name field and
click Apply.
The Current Host Name value to the right of this field is updated to reflect your custom name.
50
c You must use all lower-case when entering the MediaCentral Cloud UX server host name. The
only special character allowed is a dash “ - ”.
3. Click the Configure button to begin adjusting the network parameters.

4. Click the General tab and enable the following two options:
- Automatically connect to this network when it is available
- All users may connect to this network
5. Click the IPv4 Settings tab and configure the following settings:
a. Click on the Method menu and select Manual from the list of options.
b. Click the Add button and enter the following information:
- Address: Enter the static IP address that you want to assign to the server (e.g.
192.168.10.51)
- Netmask: Enter your network netmask (e.g. 255.255.255.0)
- Gateway: Enter the IP address of your network gateway (e.g. 192.168.10.1)
- Additional DNS servers: Enter the IP address of one or two DNS servers. If you add a
second server, separate each entry with a comma.
c Do not enter more than two DNS servers. If you add a second DNS server, both servers must
operate within the same physical location to avoid any potential latency issues.
n If one DNS server goes offline, MediaCentral Cloud UX uses the other DNS server automatically.
The order in which you enter these values is not indicative of a primary/secondary configuration.
51
- Additional Search domains: Enter one or more domain names (e.g. wavd.com). If you
plan to enter more than one domain, separate each entry with a comma.
Do not enter more than three search domains as this is the maximum number of domains
allowed in a Kubernetes configuration. If the MediaCentral Cloud UX system does not
need to communicate with a host in another domain, do not add that (unnecessary)
domain to the configuration. Avid recommends adding local search domains only.
n In a properly configured environment, you should generally not require more than one search
domain. If you define more than one, you could introduce issues such as incorrectly appended DNS
suffixes, additional retries, and a higher number of unnecessary calls from some services.
c. Click the Save button to save your settings and return to the previous screen.
6. Verify the status of the OFF/ON toggle switch in the upper-right corner of the NETWORK &
HOST NAME screen. It must be set to the ON position.
If the toggle is set to the OFF position, click the button to enable the network interface.
As shown in the following illustration, the interface shows a Connected status when it is enabled
and connected to your network.
7. Click the Done button in the upper-left corner of the screen to complete the NETWORK &
HOST NAME configuration process.
Configuring the Date and Time in the CentOS Install Wizard

In this process, you must configure your current time zone and verify or configure the current date
and time. You also have the option of configuring an NTP time source in this section.
Maintaining time synchronization between the MediaCentral Cloud UX server or servers and
integrated host systems (Avid NEXIS, MediaCentral Production Management, etc) is critical to the
operation of the system. Avid highly recommends configuring the Cloud UX server with a local NTP
source that is used to synchronize all integrated systems.
To configure date, time, and NTP settings:

1. In the INSTALLATION SUMMARY window, click the DATE & TIME option.
The DATE & TIME configuration window appears.
52
Notice that because you have already configured a network interface, the Network Time toggle
switch is already set to the ON position. Also notice that the date and time options at the bottom
of the window are disabled.
2. Click the arrow to the right of the Region field to select a region from the menu (e.g. Americas).
3. Click the arrow to the right of the City field to select a city in your current time zone from the
menu (e.g. New_York).
4. Configure time on the Cloud UX server in one of the following two ways:
Configure a local NTP source (recommended)
a. Click the gear button to the right of the Network Time option.
b. Enter the IP address of your NTP server in the field at the top of the NTP servers window
and press the plus “+” button to add the server to the list.
c. Deselect the Use check box to the right of all centos.pool NTP servers.
d. Click OK to save the changes.
e. Verify that the Network Time toggle switch in the upper-right corner of the screen is set to
ON.
Configure time directly on the Cloud UX server (not recommended)
a. Click the Network Time toggle switch so that it is in the OFF position.
The time and date options at the bottom of the configuration window become available.
b. Adjust the time and date options to reflect your local time and date.
5. Click the Done button in the upper-left corner to close the DATE & TIME settings window.
Finalizing the Installation

In this process, you configure some additional operating system settings and you initiate the
installation of CentOS and MediaCentral Cloud UX.
53
To install CentOS and MCUX:

1. (optional) If you need to alter the keyboard for a different language character set, click the
Keyboard option in the CentOS Installation Summary window and adjust the settings
accordingly.
c Some MediaCentral Cloud UX software components require that the language for CentOS is
set to English. English is selected automatically by the MCUX installation scripts. Do not add
or make changes in the LANGUAGE SUPPORT section of the CentOS installer.
2. Click the Begin Installation button to initiate the CentOS and MCUX installation process.
The installation process begins and the CentOS install wizard displays the User Settings window.
n If you see a “kickstart file is missing” message, it means that the installation program could
not locate the kickstart file on the “sda” partition. Linux might automatically assign the sda partition
to an SD card slot or a KVM with “virtual media” capability. To resolve the issue, temporarily
disable the device that is using the sda partition name. If you are accessing the server through a
KVM, unplug the KVM and connect a monitor and keyboard directly to the server.
3. Configure a password for the root user.

a. Click on the Root Password option in the User Settings.
b. After you decide on a password for the CentOS root user account, you must enter and
confirm your password.
If you are configuring a cluster, you must assign the same password to the root user account
on each of the cluster nodes.
c. Click the Done button to save the password.
If you entered a password that CentOS considers weak, you must press the Done button
again to confirm the password.
When the installation process is complete, the CentOS Wizard exits and the screen is replaced
with a terminal window that displays the following text:
4m[terminated]
This message remains on the screen for a few moments (or a few minutes — depending on your
server configuration) and then the server is rebooted automatically.
4. After the reboot, you must disconnect or eject the ISO media from the system. If the ISO media
remains connected and your server’s BIOS boot order is configured to use the USB or optical
drive before the internal hard disk, the system might attempt to repeat the installation process.
If this occurs, simply remove the ISO media and reboot the server.
The Avid MediaCentral Cloud UX Platform ISO is not required for the remainder of this
installation process.
54
Logging in to CentOS for the First Time
Logging in to CentOS for the First Time

Now that you have configured the server’s connection to the network, you can switch to using an
indirect method for configuring the server. For more information refer to “Accessing the Cloud UX
Server” on page 22.
To log in to CentOS:
1. Use an SSH client such as PuTTY to access the MediaCentral Cloud UX server from a remote
workstation.
2. When prompted, enter your user name (root) and the associated root user password.
The following illustration shows a successful log in to CentOS using PuTTY.
You can now configure additional operating system and MediaCentral Cloud UX settings
through this remote session.
If you are unable to connect to the server through the SSH client, you might need to troubleshoot
the network connection. For more information, see “Troubleshooting Your Network” on
page 344.
Additional Network Configuration

This topic includes the following sections:
• “Renaming the Primary Network Interface” on page 55
• “Verifying the Hostname and Network Connectivity” on page 57
• “Configuring DNS” on page 58
Renaming the Primary Network Interface

If you plan on enabling a clustered configuration, you must ensure that the name of the primary
network interface (the interface associated with your network gateway) is the same across all cluster
nodes. Review the following process to verify the name of your primary network interface and if
necessary, complete the process to alter the name of the interface on the required nodes.
55
If you find that you need to alter the network interface name on any cluster node, you must complete
the renaming process using a direct connection to the server (direct keyboard / monitor, or KVM).
Since the process disables the network, all remote connections are also disconnected.
c This process must be completed prior to “Running the Post-Install Setup Scripts” on page 60.
To verify the name of your primary network interface:

1. Use the ip addr command to obtain a status for the available network interfaces. For example:
[root@wavd-mcux01 ~]# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen
1000
link/ether 00:50:56:93:13:01 brd ff:ff:ff:ff:ff:ff
inet 192.168.10.51/24 brd 192.168.10.255 scope global eth0
inet6 ff30::222:56aa:fb93:1766/32 scope link
Review the list of network interfaces. As in this example, you might see multiple interfaces —
including a loopback “lo” interface. Locate the interface that is associated with your server’s IP
address and note the name. In this example “eth0” is the name of the interface.
2. If you need to rename a network interface, you must also make note of the hardware address
associated with the interface. You will need this information in the next process.
In the example above, 00:50:56:93:13:01 is the hardware address for the eth0 interface.
3. Repeat the ip addr command on each cluster node.
If you find that some nodes have a different primary network interface name, note the most
common name and complete the following process to update the name on the appropriate nodes.
To change the name of your primary network interface:

1. Use the process above to find the most common network interface name across your cluster
nodes.
For example if you have three nodes whose primary network interface is called “eth0” and one
that is called “em1”, it is most efficient to rename the “em1” interface only.
2. Enter the following command to temporarily disable the network interface:
ip link set <name> down
Where <name> is the name of the network interface that you want to rename.
3. Enter the following command to change the name of the interface:
ip link set <name> name <new_name>
Where <name> is the original name of your interface and <new_name> is your desired name.
4. Change the name of the network interface’s configuration file:
mv /etc/sysconfig/network-scripts/ifcfg-<name> /etc/sysconfig/network-
scripts/ifcfg-<new_name>
Again, you must replace the <name> and <new_name> variables with your interface names.
56
5. Use the Linux vi editor to open the configuration file for editing:
vi /etc/sysconfig/network-scripts/ifcfg-<new_name>
6. Review the configuration information and complete the following:
a. Update the NAME field with your new network interface name.
b. Update the DEVICE field with your new network interface name.
c. Verify that the configuration file includes a HWADDR field.
- If the configuration file already includes this field, make sure that the value associated
with the field matches the hardware address reported by the ip addr command.
- If the configuration file does not include this field, add a new line to the end of the
configuration file and add the hardware address reported by the ip addr command.
For example:
HWADDR=00:50:56:93:13:01
7. Save and exit the vi session. Press <ESC> and type: :wq
8. Finally, re-enable the interface with its new name:
ip link set <new_name> up
9. Enter the following command to reboot the server:
reboot
10. If you need to change the network interface name on multiple nodes, repeat the above process on
each node that requires a change.
11. After you have rebooted the server or servers, you should repeat the ip addr command to verify
that the change has been saved. The output of the command should display the new name.
Verifying the Hostname and Network Connectivity

Before continuing, you should take a moment to verify that the server’s hostname responds as
expected and that you can contact eternal systems over the network.
To verify the hostname:

1. Verify the short hostname by entering the following command:
hostname
The short hostname (e.g. wavd-mcux) should be printed to the screen.
2. Verify the fully qualified domain name (FQDN) by entering the following command:
hostname -f
The fully qualified hostname (e.g. wavd-mcux.wavd.com) must be printed to the screen. If the
command replies with the short hostname, there is a configuration error.
c If you do not receive the expected output, review the /etc/hosts and /etc/resolv.conf files for
errors. It is very important that you receive the expected output from both of these commands.
For more information, see “Troubleshooting Your Network” on page 344.
To verify network connectivity:

1. Use the ping command to verify connectivity to your network gateway address:
ping -c 4 <gateway IP address>
57
In this step, “-c 4” is the count of how many times the ping command is issued. If you do not
specify a count, ping will continue forever. In that event, press CTRL-C to stop the ping. For
example:
[root@wavd-mcux ~]# ping -c 4 192.168.10.1
PING 192.168.10.1 (192.168.10.1) 56(84) bytes of data.
64 bytes from 192.168.10.1: icmp_seq=1 ttl=255 time=0.362 ms
2. Now use the ping command to test the connection to other host servers in your network.
Examples include: Production Management Engine, Newsroom Management server, Avid
NEXIS, etc. This tests not only the connection to the host server, but also verifies DNS.
ping –c 4 <hostname>
Where <hostname> is the short host name of a server in your network.
3. Repeat the ping test; this time by pinging the host servers by their IP addresses.
Configuring DNS
The Avid installation of CentOS is not configured to automatically register with your site’s DNS
server. You must work with your on-site IT Department to manually enter each MediaCentral Cloud
UX server in both Forward and Reverse DNS. If you are configuring a clustered environment, you
must also enter the host name and IP address that you plan to associate with the cluster into the DNS.
c When entering your host name in DNS, do not enter any upper-case characters.
After the DNS has been updated, you can use the “nslookup” command from a Linux or Windows
command prompt to check the DNS records. This command bypasses the local hosts file and
communicates directly with the DNS server.
To verify your DNS server configuration:

1. List the contents of the resolv.conf file to display your configured name-servers:
cat /etc/resolv.conf
The following example shows two configured servers (192.168.10.10 and 192.168.10.20):
# Generated by NetworkManager
search wavd.com
nameserver 192.168.10.10
2. Verify that your MediaCentral Cloud UX server(s) can be resolved by each name-server:
nslookup <FQDN> <name-server>
Where <FQDN> is the fully qualified domain name of your MediaCentral Cloud UX server and
<name-server> is the name of your DNS server. For example:
nslookup wavd-mcux01.wavd.com 192.168.10.10
3. Repeat the above command for each of the servers listed in resolv.conf. If you have a cluster, you
must verify that each DNS server includes the name of each node as well as your cluster’s virtual
FQDN.
58
Updating the Avid NEXIS Client
Updating the Avid NEXIS Client

MediaCentral Cloud UX installs the Avid NEXIS Client software when installing from the
Platform.ISO. If you are completing an upgrade that includes a new version of the Platform.ISO, the
upgrade process upgrades the client automatically if necessary.
If you are connecting to an Avid NEXIS system and your client software version is earlier than the
server software version, the Avid NEXIS server might reject your connection. To resolve this issue, you
might need to update the version of the Avid NEXIS Client on the MediaCentral Cloud UX server(s).
Before you continue with your installation, you must verify the version of the Avid NEXIS Client
required for your environment. Enter the following command on your Cloud UX server to verify the
Avid NEXIS Client version:
rpm -qa | grep NEXIS
For version compatibility information, see the “MediaCentral Compatibility Matrix” on the Avid
Knowledge Base.
To upgrade (or if necessary downgrade) the Avid NEXIS Client:

1. Copy the client installer (AvidNEXISClient_el7.centos.x86_64_<version>.bin) from the
\AvidNEXISClientInstallers folder in the Avid NEXIS software kit to your MediaCentral Cloud
UX server.
For more information, see “Copying Software to the MCUX Server” on page 277.
2. Take the MediaCentral Cloud UX node offline by entering maintenance mode.
For more information, see “Putting a Node in Maintenance Mode” on page 251.
3. Prior to installing a new version of the Avid NEXIS Client, you must first uninstall the existing
version of the client:
/usr/sbin/avid-nexis-uninstaller
The script asks you to verify the removal of the software.
t Enter Y (or y) to confirm the client uninstall process.
When the uninstall process is complete, the script ends with a “Finished” message.
t Enter N (or n) to exit the script without removing the software.
4. Navigate to the directory to which you copied the installer:
cd /<path>
5. Type the following to change the permission on the installer file, then press Enter:
chmod +x AvidNEXISClient_el7.centos.x86_64_<version>.bin
6. Type the following to install the Avid NEXIS Client, then press Enter:
./AvidNEXISClient_el7.centos.x86_64_<version>.bin
The process completes with the following, or similar message:
Installation completed!
Note: Software modifications were made that require a reboot to take
effect...
n For additional installation options and more information, access the installer’s help function by
entering the following command: ./AvidNEXISClient_el7.centos.x86_64_x.x.x.bin -h
59
Running the Post-Install Setup Scripts
7. Reboot the MediaCentral Cloud UX server.

8. Following the reboot, log back in and then take the node out of maintenance mode.
For more information, see “Putting a Node in Maintenance Mode” on page 251.

After you have completed the software installation process and configured the operating system, you
are required to run a series of scripts that configure settings related to MediaCentral Cloud UX.
If you are creating a clustered environment, remember that Kubernetes clusters are configured with
multiple master nodes. Kubernetes has no concept of a “higher priority” master node — each master
is weighted equally. However, for the purposes of running the Avid scripts, you must select a node to
act as a primary master node. You must run all configuration scripts from this node.
Review the following information and complete the processes required for your environment:
• “Running the Cloud UX Setup Script” on page 62
This process is required for all configurations.
• “Creating a Site Key” on page 67
• “Creating Certificate Files” on page 69
• “Deploying the Secure Sockets Layer Certificates” on page 76
• “Configuring an Authentication Provider” on page 78
• “Connecting to MediaCentral Production Management” on page 86
This process is required only if you plan to connect to a Production Management module.
• “Connecting to MediaCentral Archive Production” on page 87
This process is required only if you plan to connect to an Archive Production module.
• “Connecting to Avid Shared Storage” on page 88
This process is required only if you plan to connect to an Avid NEXIS system.
• “Configuring Avid NEXIS API Services” on page 90
This process is required only if your organization is integrating with certain companion products.
see the link for additional information.
• “Configuring the Avid XFER and XFORM Services” on page 91
This process is required only if your organization plans to use certain features available in
v2021.3 and later.
• “Configuring MediaCentral Search” on page 92
This process is required only if you want to alter the system defaults.
• “Configuring MediaCentral Phonetic Index” on page 95
This process is required only if your organization purchased MediaCentral Phonetic Index.
60
• “Connecting to MediaCentral Ingest” on page 96

This process is required only if you plan to connect to a MediaCentral Ingest system.
• “Connecting to Avid Maestro” on page 97
This process is required only if you are integrating with an Avid Maestro News system.
• “Configuring Collaborate App User Groups” on page 98
This process is required only if you plan to use the MediaCentral Cloud UX Collaborate app.
• “Configuring the Frame-Ancestor Security Policy” on page 98
This process is required only if required by your network topology.
• “Enabling a Multi-Site Configuration” on page 99
This process is required only if you want to enable a Multi-Site configuration.
• “Enabling System Monitoring” on page 101
This process is required only if you want to enable System Monitoring.
• “Deploying the Kubernetes Dashboard” on page 109
This process is required only if you want to enable Kubernetes Dashboard.
• “Configuring Audit Logging” on page 106
This process is required only if you want to enable audit logging.
• “Running the Feature Pack Deployment Script” on page 111
When responding to the prompts in the following configuration scripts, you must enter text in all
lower-case letters. If answering a yes or no question, both y/Y and n/N are acceptable. Any other
exceptions to these rules are noted below.
Altering the Configuration
Each of the following processes require you to either create a configuration file, or execute a script
that results in a <name>.yaml configuration file. For example the Authentication Provider script
creates an auth.yaml file in the /etc/avid/config/ directory. If you need to alter the information
in a configuration file, you can repeat the process used to create that file.
When run in interactive mode (-i), most scripts display your prior responses to ease the process of
updating the configuration. If you want to use the same value as before, just press Enter. If you need
to update a value, you can enter the new data. After your updates are complete, the prior
configuration file is overwritten with your new values.
If you do not wish to repeat the process of running the script and the you know the specific value or
values that you need to alter, you can use the Linux vi editor to manually update the .yaml file:
vi /etc/avid/config/<name>.yaml
If for some reason you need to completely start over, you can delete the file with the following
command:
rm -f /etc/avid/config/<name>.yaml
If you delete a configuration file, you must repeat the process to create the file and then you must
recreate it. In this case, scripts to do not prompt you with custom default values.
61
If you alter a configuration file after having run the final avidctl platform deploy script, you
must redeploy the configuration to enable the changes. You can complete this task by executing the
following command from your single server or cluster master node:
avidctl platform redeploy
This script reads your existing configuration and deploys the changes without asking you to verify
which feature packs to install. When running the redeploy script, you are not required to mount the
Feature Pack ISO to the system.
n You can only use the redeploy script when altering an existing configuration file. If you need to
deploy a new feature or remove an existing feature, you must use the avidctl platform deploy
script. For more information, see “Running the Feature Pack Deployment Script” on page 111.
Running the Cloud UX Setup Script

In this phase of the installation, you must run an interactive setup script that requires you to answer
questions related to your environment. Before you run the script, make sure that you have the
following information available:
• The MediaCentral Cloud UX configuration type (single server or cluster).
c When configuring a MediaCentral Cloud UX cluster, you must have at least three cluster nodes
(servers). Two node cluster configurations are not supported.
• (if applicable) The host names of each cluster node.

• (if applicable) The host name and IP address of your virtual MediaCentral Cloud UX cluster.
• The IP address or Fully Qualified Domain Name (FQDN) of your Network Time Protocol (NTP)
server or servers.
• A Kubernetes Admin Token. In short, this is a user defined password that can be used to access
the Kubernetes Dashboard (web page) (if deployed).
• Kubernetes Networking Options. During the deployment process, the script allows you to define
the internal networks that are used by Kubernetes for internal communication:
- Kubernetes Service Network: The default range of this network is 10.254.1.0/24.
- Kubernetes Pod Network: The default range of this network is 172.19.0.1/16.
Kubernetes uses these network ranges to assign an IP address to each service and each pod that it
manages. Unless you have an existing network conflict that cannot be resolved (the default
ranges are already in use at your facility), Avid recommends that you do not change the default
values. As these ranges are used internally within the MediaCentral Cloud UX deployment, you
can have multiple MediaCentral Cloud UX workgroups within your facility that use the same
default network ranges.
c If you must change these values after running the avidctl platform host-setup script, you
cannot simply run this script again to update your system. In this case, you must re-image your
Cloud UX server(s) and redeploy the system.
As noted earlier in this guide, the setup script also defines the Docker Bridge Network. However
unlike the two Kubernetes networks, you cannot define the Docker network (172.17.0.0/16 by
default) during the deployment process. If the Docker default network range is already in use
62
within your organization, you can refer to “Reconfiguring the Docker Bridge Network” on
page 292 to change the network following the completion of the avidctl platform host-
setup script.
• The path to a GlusterFS block device.
In this context the “block device” is a volume on your server that can be used as a temporary
cache for proxy media. If you have a RAID 5 array, the block device is most likely your sdb
volume. If you do not have a separate RAID array, the installer creates a share (/var/gluster)
on the sda volume. However, using the sda volume for this purpose is not recommended and
doing so might introduce a performance impact on the system.
If you do not know what volumes are present on your system, you can enter parted -l in the
Linux console to display a list of available volumes. If your desired block device is an
unformatted disk, the parted command reports the following error. This is normal.
Error: /dev/sdb: unrecognized disk label
When configuring the block device, the following script configures a file replication system
called GlusterFS. In a MediaCentral Cloud UX cluster, GlusterFS is used to replicate proxy
media across all cluster nodes. For single-server environments, Gluster does not replicate the
media to any location. Instead, the software is installed and configured to prepare the system for
a possible future expansion to a clustered environment.
When running this Ansible-based script, the system might display multiple types of status messages.
Any messages that indicates a status of skipped, ignored, or rescued are generally considered to be
normal statistics from the Ansible script. Any message that indicates an unreachable or failed status
might require further investigation. When the script completes, the system displays a summary, or
“Play Recap” that details the number of unreachable or failed tasks (if any).
n If you need more information about the script referenced in this process, you can use the script’s help
function by entering the following command: avidctl platform host-setup --help
To run the setup script:

1. (Cluster-only) If you plan to configure multiple MediaCentral Cloud UX servers in a cluster
configuration, you must verify that the each server reports the correct date and time.
a. Enter the Linux date command on your first Cloud UX server to verify the date, time, and
time zone.
b. Repeat this command on each server and verify that all systems are time synchronized.
If the servers are not synchronized, resolve this issue before continuing.
2. If you did not complete the process for Verifying the Hostname and Network Connectivity and
Configuring DNS, you must do so now. It is very important that your MediaCentral Cloud UX
server or servers are entered in DNS and resolve correctly before completing the following steps.
c Avid does not support changing the hostname of your MediaCentral Cloud UX server(s) after
you run the avidctl platform host-setup script. If you need to change your hostname after
completing this process, you must re-image your server.
3. Enter the following command on your single server or primary master node to execute the script:
avidctl platform host-setup -i
The script prompts you to answer a series of questions. In some cases, the question is associated
with a default value. If the default value is correct for your environment, you can simply press
Enter (or Return on a Mac keyboard) to accept the default value and continue.
63
4. Enter a value for the Kubernetes Admin token.

The Admin token is a value that acts as a password to access the Kubernetes Dashboard. Avid
does not impose any minimum complexity requirements or maximum length limits on this value.
n When running the host-setup script for the first time, you cannot press Enter to use the current
password because Avid does not configure a default token. You can only leave this value empty if you
are running this script again after having completed an initial successful deployment.
5. The script prompts you to verify your Admin token by entering the value for a second time.
If you do not enter a matching token, you are returned to the previous step.
6. The script prompts you to enter one or more NTP servers.
t If you configured NTP as directed in “Configuring the Date and Time in the CentOS Install
Wizard” on page 52, you can press Enter to use the existing chrony.conf configuration file.
t If you did not already configure NTP, enter one or more NTP servers and press Enter.
Enter values as either an IP address or a FQDN (Fully Qualified Domain Name). If you have
more than one NTP server — for instance a master and a backup — you can enter multiple
comma separated values. When you press enter, MediaCentral Cloud UX creates a new
/etc/chrony.conf configuration file that includes the values that you specify here.
MediaCentral Cloud UX uses CentOS’s default network time protocol daemon: chronyd. For
more information, see: https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/
7/html/system_administrators_guide/ch-configuring_ntp_using_the_chrony_suite.
7. The script prompts you to enter the name of a GlusterFS block device.
Enter a path to a volume that can use used as a media cache. For example: /dev/sdb
If you are configuring a cluster, the path to the GlusterFS block device must be the same on all
nodes. If you are configuring a server that does not include an sdb volume (Newsroom
Management-only deployments), press Enter to leave this value blank.
8. The script prompts you with the following message:
Do you want to setup a Cluster? [y/N]:
t If you are configuring a single server, type N and press Enter.
After pressing Enter, you can continue with the next step in this procedure.
t If you are configuring a cluster of three or more nodes, type Y and press Enter to continue.
If you entered Y (yes), you must specify the following values:
- Cluster IP: Enter the IP address associated with your cluster.
The Cluster IP is a static IP address that is distinct from the IP addresses assigned to any of
the cluster nodes.
- Cluster Hostname: Enter the short host name that you want to assign to the cluster.
n As a reminder, the cluster IP and host name must be added to your DNS server manually.
MediaCentral Cloud UX clusters require a minimum of three nodes.
- Hostname for node 1: Enter the short host name for your primary master node and press Enter.
- Enter the short host name for each cluster node, pressing Enter after each entry.
After you have entered the host name of your final node, press Enter to continue.
64
If for example you have four nodes, enter the host names of the first four nodes. When the
script prompts you for a fifth node, press Enter to continue:
Enter Hostname for node 5 (leave empty when done):
9. The Kubernetes Internal Network Configuration prompt allows you the opportunity to define an
alternate network range in case the default range conflicts with other systems in your
environment.
t (recommended) If you want to use the default ranges, type N and press Enter.
The script continues to the next step.
t If your organization requires you to configure custom network ranges, type Y and press Enter.
At the Kubernetes Service Network prompt, enter an IP range and subnet mask and then
press Enter. For example: 10.254.1.0/24
At the Kubernetes Pod Network prompt, enter an IP range and subnet mask and then press
Enter. For example: 172.19.0.1/16
Avid recommends that you define a minimum /24 subnet (equivalent of 254 IP addresses)
for your Kubernetes Service Network. The Kubernetes Pod Network requires a /24 network
per node. Avid also recommends that you plan for spare addresses to allow for future
expansion — at least 30% more address than your minimum requirement. The following
table provides additional information and examples.
System Config Absolute minimum Recommended with Spare
Single-node Cloud UX /24 (254 IP addresses) /23 (510 IP addresses)
Three-node cluster /22 (1022 IP addresses) /21 (2046 IP addresses)
Ten-node cluster /20 (4094 IP addresses) /20 (4094 IP addresses)
10. The script prints the proposed system configuration to the screen and asks if you want to
continue. For example, a four-node cluster might look like the following:
Proposed node role configuration:
1. wavd-mcux01 [master,registry,worker]
4. wavd-mcux04 [worker]
Kubernetes Network Configuration:
- Service Network: 10.254.1.0/24
- Pod Network: 172.19.0.1/16
Continue with proposed configuration? [Y/n]:
t If you press Y, the script continues and uses the values that you defined above.
t If you press N, the script exits.
In this case, you must return to the beginning of this process and relaunch the script to
configure MediaCentral Cloud UX.
11. At the SSH password prompt, enter your root user password and press Enter to continue.
n The root user password must be the same on all cluster nodes.
65
The MediaCentral Cloud UX configuration script is executed. As the tasks in the script are
processed, information about each task is sent to the screen.
When the script completes its tasks, results similar to the following are displayed:
PLAY RECAP ************************************************************
wavd-mcux01 : ok=427 changed=226 unreachable=0 failed=0
skipped=85 rescued=0 ignored=2
Review the results and verify that there are no failed tasks. If you see a failure, you must
troubleshoot the issue before continuing with the MediaCentral Cloud UX installation process.
12. The host-setup script enables Transport Layer Security (TLS) communication between certain
system components. Before you can continue with the installation, you must create a new
connection to the MediaCentral Cloud UX server. You can make this new connection by
completing one of the following actions:
t Enter the following command to update your connection:
source /etc/profile
t If you are connecting to the MediaCentral Cloud UX Linux console using a SSH (Secure
Shell) client, close your current session and reconnect to Cloud UX in a new session.
13. Verify the status of your single server or cluster using the following Kubernetes commands and
tools.
a. Enter the following command to obtain the status of the Kubernetes nodes:
kubectl get nodes
Each server in your MediaCentral Cloud UX configuration should be listed under the name
column and the status of each node should report as Ready. The following example text
shows a four node cluster configuration:
NAME STATUS ROLES AGE VERSION
wavd-mcux01 Ready <none> 10m v1.20.6
b. If the previous command reports that all nodes are Ready, enter the following command to
verify that the Kubernetes pods are running:
kubectl --namespace kube-system get pods
The command should report that each pod is Ready and Running as in the following
example (from a single-server configuration):
NAME READY STATUS RESTARTS AGE
coredns-wkmqt 1/1 Running 0 30m
kube-flannel-ds-mxg8g 1/1 Running 0 30m
kube-proxy-cgvh9 1/1 Running 0 30m
registry-rtb7n 2/2 Running 0 30m
n The suffixes associated with the pod names are custom to each server and therefore will look different
on each system. For example, coredns will have a different suffix on your system.
66
Creating a Site Key

Each MediaCentral Cloud UX system must be associated with a unique and trusted digital signature.
These signatures allow system services to securely communicate with each other. If you are working
in a multi-site environment, the site key allows you to access remote systems without prompting you
for your user credentials. This process creates the following files that work together to provide this
unique digital signature:
• public-key.pem: This is the default name of the public key file that is generated through the
following script. Although the public key might have the same file name on multiple
MediaCentral Cloud UX systems, the contents of the key is specific to this local deployment.
• private-key.pem: This is the default name of the private key file that is generated through the
following script. Although the private key might have the same file name on multiple
MediaCentral Cloud UX systems, the contents of the key is specific to this local deployment.
• site-key.yaml: This configuration file includes the public and private key information. It is
referenced when you run the final avidctl platform deploy script.
n The public and private key files referenced in this section are not the same as the key files used during
the process of “Creating Certificate Files” on page 69. Do not attempt to use the same files for both
processes.
c The following processes require you to specify the FQDN (Fully Qualified Domain Name) of
your MediaCentral Cloud UX single-server or cluster. If you followed this guide, you should
have already verified DNS resolution of your MediaCentral Cloud UX server or servers.
Refer to the following processes to create or alter your site key:

• “Configuring New Site Keys” on page 67
You must complete this process for all new installations.
• “Redeploying Existing Site Keys” on page 68
This process might be required if you perform an intensive maintenance task, such as a server re-
image or server replacement.
• “Updating the Key Files in a Multi-Site Environment” on page 68
This process is required if you created new site keys and you are configured in a Multi-Site
environment.
function by entering the following command: avidctl platform config site-key --help
Configuring New Site Keys
Complete the following process to create the site key information for a new installation.
To create new site-key files:

t Enter the following command on your single server or primary master node:
avidctl platform config site-key --issuer https://<fqdn> --gen-keys
The following list explains each of the switches and values available in this command:
- issuer: This switch requires you to enter the fully qualified domain name (FQDN) of the local
MediaCentral Cloud UX system. If you have a cluster, specify the cluster’s virtual FQDN.
For example: https://bos-mcux.wavd.com
67
- gen-keys: This switch creates the public and private key files on your local system.
If you run this command more than once on the same node, the existing public and private
key are not overwritten. However, there might be times where new keys are required —for
example if you entered the wrong issuer value. In this case you can replace the existing
keys by adding the --force switch to the command.
The following provides an example of this command for a new installation:
avidctl platform config site-key --issuer https://bos-mcux.wavd.com/ --gen-
keys
When you press Enter, the public and private keys are created at /etc/avid/keys and the
site-key.yaml is created at /etc/avid/config/.
Redeploying Existing Site Keys
If for some reason you want to redeploy your existing site key information, you can use the following
process to do so. An example use case for this process is if you need to re-image your MediaCentral
Cloud UX server and you are included in a Multi-Site environment. This process allows you to use
your existing keys and avoid updating the configuration on each remote site.
To redeploy existing site keys:

1. Save a backup copy of your existing public-key.pem and private-key.pem files to an external
location such as a network share or a USB drive.
By default, the public and private keys are stored in the /etc/avid/keys folder.
2. Perform the task that is prompting you to redeploy your site keys.
3. Copy the public-key.pem and private-key.pem files from your backup location to the
/etc/avid/keys directory on your single server or primary master node.
4. Enter the following command on your single server or primary master node:
avidctl platform config site-key --issuer https://<fqdn>
Where the <fqdn> value is the fully qualified domain name of the local MediaCentral Cloud UX
system. If you have a cluster, specify the cluster’s virtual FQDN
The following provides an example of this command:
avidctl platform config site-key --issuer https://bos-mcux.wavd.com/
When you press Enter, the site-key.yaml is created at /etc/avid/config/.
5. Redeploy the configuration on your local site using the avidctl platform redeploy script.
For more information, see “Altering the Configuration” on page 61.
Updating the Key Files in a Multi-Site Environment
If you are part of a Multi-Site configuration and you created new site keys after having already
deployed existing site keys, you must complete the following process to redeploy the new local site
key information to each remote site.
If you followed the process for “Redeploying Existing Site Keys” on page 68, you are not required to
complete this process as each remote site already includes a matching copy of your local site keys.
68
To update the key files on remote sites:

1. Create the new site key information, as described in “Configuring New Site Keys” on page 67.
2. Redeploy the configuration on your local site using the avidctl platform redeploy script.
3. Issue one of the following commands on the single server or primary master node for each of
your remote sites:
t If you updated the site-key information on your local site only, enter the following
command:
avidctl platform config sites update-public-key <url>
Where <url> is the address of the site with the updated key files.
t If you updated the site-key information on multiple sites, enter the following command:
avidctl platform config sites update-public-key --all
This version of the command collects updated site key information from each site.
4. Finally, you must redeploy the configuration on each remote site using the avidctl platform
redeploy script.
Creating Certificate Files

Secure Sockets Layer (SSL) certificates are small data files that web browsers use to verify the
identity of a system for enhanced security. When you connect to an address that has a valid
certificate, you are connected to the system immediately. If your system does not have a valid
certificate, your browser might show various warnings to alert you to the unsecured connection.
There are two categories of SSL certificates:

• Self-signed certificates
Self-signed certificates have the benefit of being both free and easy to create. However,
workstations that connect to the server do not trust the certificate automatically. Instead, you
must import the certificate into the Trusted Root Certification Authorities store of any
workstation that wants to connect to the server.
• Trusted CA certificates
These certificates might be issued by one of two types of Certificate Authorities (CA):
- Internal. Some companies might have a Certificate Authority group within their
organization. Certificates issued by these groups must include the FQDN of your single-
server or cluster, but they might also include additional Subject Alternative Names (SAN)
such as the IP address or short host name of the system.
Like self-signed certificates, certificates signed by an internal CA must still be added to the
Trusted Root Certification Authorities store of any workstation that wants to connect to the
server. However, once that certificate is in place, any new certificate signed by the same CA
will be recognized automatically.
- External / Public. If you do not have an internal CA and you do not plan to use a self-signed
certificate, you can purchase a certificate through a 3rd party. As of November 2015,
industry best practices require that public certificates include the FQDN of your system only
69
— short host names and IP address are not allowed. For more information, see the CA/
Browser Forum at: https://cabforum.org/internal-names/.
Unlike self-signed and internal CA certificates, public certificates do not need to be copied
directly to the client workstations. These certificates are trusted by your web browser
automatically — no warnings appear when a connection is made.
If you have a cluster, the certificate must include the FQDN of the virtual cluster and the FQDN of
each individual node for all certificate types.
If you are using the MediaCentral Cloud UX Mobile app, you must import a certificate created by an
internal or public CA into your mobile device. Self-signed certificates are not supported.
n When using certificate that does not include all Subject Alternative Names, your local IT department
might be required to create additional references in the local DNS to associate the short host name(s)
and IP address(es) with the FQDN of the MediaCentral Cloud UX system.
Certificate Validity Periods
Validity periods define the length of time (in days) that the certificate is considered legitimate. After
this period expires, web browsers will identify the certificate as invalid and will attempt to block
users from accessing the site.
In 2019, Apple published updated certificate requirements for macOS 10.15 (Catalina). As part of
this notification, Apple instituted a maximum validity period of 825 days for all certificates. You can
read more about this and other requirement at the following link: https://support.apple.com/en-us/
HT210176.
As of September 1, 2020, multiple groups including Apple, Google, and Mozilla further reduced the
maximum allowed certificate validity period to 398 days. For more information, see https://
support.apple.com/en-us/HT211025.
c Organizations that deploy self-signed certificates need to plan on recreating their certificates
on a recurring basis. The maximum validity period for these certificates is 397 days. After that
period expires, the certificate is considered invalid and a new one would need to be created.
This same guidance might also apply to organizations that create internally-signed certificates.
Creating Certificates
Proceed to one of the following processes to create or prepare your certificate files:
• “Updating the Self-Signed Certificate” on page 71
Complete this process if you plan to deploy a self-signed certificate.
• “Creating a Certificate Request for an Internal or External CA” on page 72
Complete this process to use a certificate issued by a trusted Certificate Authority.
• “Redeploying Certificates” on page 76
Complete this process if you have already deployed a complete MediaCentral Cloud UX system
and you need to update the system with a new certificate.
c If you plan to configure a multi-site environment, you must create and deploy the certificate
files on all sites before attempting to create the multi-site configuration.
70
Updating the Self-Signed Certificate
The MediaCentral Cloud UX platform host-setup script creates a default pair of self-signed
certificate files. In the case of a single server, these certificates include the short host name of the
server. In the case of a cluster, the files include the short host name of each cluster node and the
virtual cluster IP address. While created automatically to facilitate the MediaCentral Cloud UX
installation process, the certificates are ineffective for production as they do not include the fully
qualified domain name (FQDN) of your MediaCentral Cloud UX server or cluster.
The following process allows you to create a new self-signed certificate that includes all Subject
Alternative Names (IP address, short host name, and FQDN). In the case of a clustered configuration,
the certificate must include the host information for all nodes and the virtual cluster.
function by entering the following command: avidctl tools cert-gen --help
To update the certificate files:

1. Enter the following command on your single server or primary master node to create a temporary
directory where the new certificate files can be created:
mkdir /<path>
For example:
mkdir /etc/mycerts
2. Navigate to the newly created directory:
cd /<path>
3. Create the certificate files using the following command:
avidctl tools cert-gen -c /<path>/dashboard.pem -k /<path>/dashboard-
key.pem -N <common-name> -s <value_1> -s <value_2> -s <value_N> -d <days>
The following list describes each value:
- <path> points to the location on the server where the certificate files will be created.
- dashboard.pem is the required name of the certificate file.
- dashboard-key.pem is the required name of the certificate key file.
- <common-name> enter the FQDN of the MediaCentral Cloud UX single-server or virtual
cluster.
- <value_x> is a list of subject alternative names for your MediaCentral Cloud UX system.
- If you are running a single server, you must enter the short host name, FQDN, and IP
address of the server.
- If you are running a cluster, you must enter the short host name, FQDN, and IP address
of the virtual cluster and each individual node.
- <days> is the value that defines the maximum validity period of the certificate. In this
release of MediaCentral Cloud UX, you are not required to include this value in the
certificate creation command. If you omit this option, the default value of 397 days is used
automatically. Although you can define a shorter value, you must not define a value longer
than 397 (days). If you do, your certificate might be rejected by modern web browsers.
71
Single Server Example:

avidctl tools cert-gen -c /etc/mycerts/dashboard.pem -k /etc/mycerts/
dashboard-key.pem -N wavd-mcux.wavd.com -s wavd-mcux.wavd.com -s wavd-mcux
-s 192.168.10.51 -d 397
c When entering this command, you must make sure to enter the FQDN twice: once with the -N
switch and again with the -s switch.
Cluster Example:
In this example, wavd-mcux and 192.168.10.50 are the short name and the IP address of the
virtual cluster. The other values represent the information for each of the individual nodes. The
following example adds line breaks for clarity. When you execute the script, you must enter all
information as a single command.
avidctl tools cert-gen -c /etc/mycerts/dashboard.pem -k /etc/mycerts/
dashboard-key.pem -d 397 -N wavd-mcux.wavd.com \
-s wavd-mcux.wavd.com \
-s wavd-mcux01.wavd.com \
-s wavd-mcux \
-s wavd-mcux01 \
-s wavd-mcux02 \
-s wavd-mcux03 \
-s 192.168.10.50 \
-s 192.168.10.51 \
-s 192.168.10.52 \
-s 192.168.10.53
4. Copy the new certificate files to the /certs directory on your single server or primary master node:
cp /<path>/dashboard.pem /<path>/dashboard-key.pem /opt/avid/etc/certs/
For example:
cp /etc/mycerts/dashboard.pem /etc/mycerts/dashboard-key.pem /opt/avid/etc/
certs/
When prompted to confirm that you want to overwrite the existing certificate files, enter Y for
each file.
5. Proceed to “Deploying the Secure Sockets Layer Certificates” on page 76.
Creating a Certificate Request for an Internal or External CA
If you plan to use a certificate from a trusted Certificate Authority (CA), you must first create a
certificate key file (.key) and a Certificate Signing Request file (.csr) on the MediaCentral Cloud UX
server. Once created, you must supply the files to your CA for additional processing.
As described above, certificates issued by these groups must include the FQDN of your single-server
or cluster. If you have a cluster, the certificate must include the FQDN of the virtual cluster and the
FQDN of each individual node. Some internal CAs might allow for additional Subject Alternative
Names (short names, IP addresses) to be included in the certificate. Certificates issued by external
CAs might allow FQDN values only. Before beginning this process, you must verify with your CA if
additional alternative names are allowed.
72
If you are deploying MediaCentral Cloud UX in a multi-site environment, you must use the same
Certificate Authority for each site in the multi-site setup.
n The following process details the most common method of creating the files needed to create a CA-
signed certificate. However, other methods do exist. Before completing this process, check with your
CA to determine if an alternate workflow is required.
To create the certificate request files:

1. Enter the following command on your single server or primary master node to create a temporary
directory where the new certificate files can be created:
mkdir /<path>/<directory>
For example:
mkdir /etc/mycerts
2. Navigate to the newly created directory:
cd /<path>/<directory>
3. (if applicable) If your CA group allows you to include Subject Alternative Names in the
certificate, you must complete this step to create a configuration “answer” file. This process is
also required for all cluster-based deployments.
a. Enter the following command to create a configuration file:
vi openssl.cnf
b. Add the following text to the file (bold text requires customization):
[req]
distinguished_name = req_distinguished_name
req_extensions = v3_req
[req_distinguished_name]
countryName = Country Name (2 letter code)
countryName_default = <value>
stateOrProvinceName = State or Province Name (full name)
stateOrProvinceName_default = <value>
localityName = Locality Name (eg, city)
localityName_default = <value>
organizationalUnitName = Organizational Unit Name (eg, section)
organizationalUnitName_default = <value>
commonName = FQDN of your MediaCentral Cloud UX single-server or cluster
commonName_default = <value>
commonName_max = 64
[ v3_req ]
# Extensions to add to a certificate request
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
subjectAltName = @alt_names
[alt_names]
DNS.1 = <value>
DNS.x = <value>
IP.1 = <value>
IP.x = <value>
73
Where each <value> represents site-specific information for the following fields:
- countryName_default: Two-letter ISO country code (e.g. US, CA, DE)
- stateOrProvinceName_default: State, Province, etc. (spelled out – no abbreviations)
- localityName_default: City, locality or jurisdiction (e.g. Paris)
- organizationalUnitName_default: The name of your organization (e.g. Avid)
- commonName_default: The single server or virtual cluster FQDN (e.g. wavd-
mcux.wavd.com)
- DNS.1 through DNS.x
If you are configuring a single server, enter the short hostname of your server for DNS.1
and delete the DNS.x line (if allowed by your CA).
If you are configuring a cluster, enter the FQDN (required) and short hostname (if
allowed) of the virtual cluster and each cluster node on separate lines. For example:
DNS.1 = wavd-mcux
DNS.2 = wavd-mcux.wavd.com
DNS.3 = wavd-mcux01
DNS.4 = wavd-mcux01.wavd.com
DNS.5 = wavd-mcux02
DNS.6 = wavd-mcux02.wavd.com
…and so on
- IP.1 through IP.x (if allowed by your CA)
If you are configuring a single server, enter the IP address of your server for IP.1 and
delete the IP.x line.
If you are configuring a cluster, enter the IP address of the virtual cluster and each
cluster node on separate lines.
n As a reminder, some external CAs might not allow you to include short hostnames or IP addresses as
Subject Alternative Names. You must verify the requirements with your Certificate Authority.
c. Save and exit the vi session. Press <ESC> and type: :wq
4. Create the certificate key file using the following command:
openssl genrsa -out <FQDN>.key 2048
Where <FQDN> is the fully qualified domain name of your MediaCentral Cloud UX single server
or cluster. The name must end with a .key extension. For example:
openssl genrsa -out wavd-mcux.wavd.com.key 2048
5. Enter one of the following commands to create the Certificate Signing Request file.
t If you created a configuration answer file, enter the following command:
openssl req -new -key <FQDN>.key -out <FQDN>.csr -config openssl.cnf
Again, the <FQDN> represents the fully qualified domain name of your MediaCentral Cloud
UX single server or cluster.
After you execute the command, you are prompted with a list of questions similar to the
following:
74
Country Name (2 letter code) [US]:

State or Province Name (full name) [MA]:
Locality Name (eg, city) [Burl]:
Organizational Unit Name (eg, section) [Avid Technology]:
wavd-mcux.wavd.com []:
If you created the answer file correctly, each question is associated with your custom data as
the default value (shown in brackets [ ]). Press Enter to accept each default value or type a
different custom value if necessary.
t If you do not want or need to include a list of Subject Alternative Names in your certificate,
enter the following command:
openssl req -new -key <FQDN>.key -out <FQDN>.csr -config
Again, the <FQDN> represents the fully qualified domain name of your MediaCentral Cloud
UX system.
After you execute this command, you are asked to answer a series of questions that relate to
information that will be included in the CSR file. The following data is requested:
- Country Name: A two-letter ISO country code (e.g. US, CA, DE)
- State or Province Name: State, Province, etc. (spelled out – no abbreviations)
- Locality Name: City, locality or jurisdiction (e.g. Paris)
- Organization Name: The name of your organization (e.g. Avid)
- Organizational Unit Name: The name of your department (e.g. Eng)
- Common Name: Your server’s FQDN (e.g. wavd-mcux.wavd.com)
- (optional) Email Address
- (optional) A challenge password
- (optional) An optional company name
6. Enter the following command to verify the contents of the CSR file:
openssl req -text -noout -verify -in <FQDN>.csr
The system should respond with a “verify OK” message and a structured dump of the CSR
contents.
7. Copy the .key and .csr files to your local workstation and e-mail them to your Certificate
Authority for additional processing.
n If your CA allows for Subject Alternative Names, Avid recommends that you include the same list of
names and IP addresses that you added to the CSR file as part of your e-mail to ensure that the
names are included in the certificate.
8. Wait for a reply from the Certificate Authority.

At this point you must wait for a response from the Certificate Authority before you can continue
with the certificate installation process. However, this does not mean that you need to halt the
entire MediaCentral Cloud UX installation process. You can continue the installation process,
and then return to this procedure after you receive the updated files from the Certificate
Authority.
If you are returning to this process after already having run the final Feature Pack deployment
script (avidctl platform deploy), you must redeploy the system to enable the certificate
files. For more information, see “Altering the Configuration” on page 61.
75
9. (if applicable) MediaCentral Cloud UX requires the certificate to be created with a .pem
extension. Depending on the file you receive, you might need to convert the file. The following
example command converts the .cer certificate file into the required .pem file type:
openssl x509 -inform der -in <FQDN>.cer -out <FQDN>.pem
Again, the <FQDN> represents the fully qualified domain name of your MediaCentral Cloud UX
single server or cluster.
n This step provides one possible example of a conversion command. If you need to convert your files
from any other file type, you must work with your CA provider for more information. Alternatively,
you might perform an Internet search to identify companies that offer conversion tools or
applications.
10. Proceed to “Deploying the Secure Sockets Layer Certificates” on page 76.
Redeploying Certificates
If you complete your MediaCentral Cloud UX installation and you need to deploy a new self-signed
or internal CA certificate, you must use the following process to complete this task.
To recreate and redeploy your self-signed certificate:

1. Use one of the following processes to create the new certificate:
t “Updating the Self-Signed Certificate” on page 71
t “Creating a Certificate Request for an Internal or External CA” on page 72
2. Complete the process for “Deploying the Secure Sockets Layer Certificates” on page 76.
3. Redeploy the system configuration using the following command:
For more information, “Altering the Configuration” on page 61.
4. Import the new certificate into your device or workstation.
For more information, see “Importing SSL Certificates” on page 315.
Deploying the Secure Sockets Layer Certificates

Before users can connect to the MediaCentral Cloud UX user interface, you must either obtain a
certificate from a Certificate Authority (the preferred and recommended option) or import a self-
signed certificate into any workstation that plans to connect to MediaCentral Cloud UX.
If you are enabling a multi-site environment and you are using self-signed certificates or certificates
provided by an internal CA, you must import the certificate from each site into each of your client
workstations. For example, if you have a multi-site configuration with three sites, you must import
three different certificates into each workstation. For this reason Avid highly recommends using
certificates provided by a public Certificate Authority if you are enabling a multi-site configuration.
The following process configures MediaCentral Cloud UX to use either a self-signed certificate or a
certificate obtained from a trusted Certificate Authority. If you are using a certificate obtained from a
trusted CA, you must obtain separate certificate and key files. Additionally, the certificate file must
be created using the PEM format — this requirement applies to the certificate file and not the key
file.
76
function by entering the following command: avidctl platform config cert --help
To configure a certificate:
1. If you have obtained a certificate file and a certificate key file from a trusted CA, you must copy
the files to a temporary location on the MediaCentral Cloud UX server such as /tmp.
After you copy the files to the server, make sure to retain a copy of the files on a safe, external
location such as a USB drive in the event that you ever need to reapply the certificates.
For more information on copying files to the server, see “Copying Software to the MCUX
Server” on page 255.
2. Enter the following command on your single server or primary master node to execute the
certificate deployment script:
avidctl platform config cert -i
3. At the File Path to Certificate prompt, define the path to the certificate file.
t If you want to use the self-signed certificate, press Enter to accept the default path of
/opt/avid/etc/certs/dashboard.pem.
t If you are adding a certificate obtained through a trusted CA, type the name and path to the
location of the certificate file and press Enter.
For example: /tmp/my_trusted_certificate.pem
4. At the File Path to Certificate Key prompt, define the path to the certificate key file.
t If you want to use the self-signed certificate, press Enter to accept the default path of
/opt/avid/etc/certs/dashboard-key.pem
t If you are adding a certificate obtained through a trusted CA, type the name and path to the
location of the certificate key file and press Enter.
For example: /tmp/my_trusted_certificate.key
5. (Multi-Site only) If your MediaCentral Cloud UX system is included in a Multi-Site
environment and you are using either a self-signed certificate or a certificate provided by an
internal Certificate Authority, you must enter the file name and path to the public .pem key file.
t If you are using a self-signed certificate, you must specify the location of the public-key.pem
file created through the process of “Creating a Site Key” on page 67.
For example: /etc/avid/keys/public-key.pem
t If you are using a certificate provided by an internal CA, the certificate authority provides
the public key file.
This is the final piece of data required by the script. After you press Enter, the values are written to a
cert.yaml file located at /etc/avid/config.
77
Configuring an Authentication Provider

MediaCentral Cloud UX requires a connection to an authentication provider to verify user identity
and allow access to the user interface. This section describes the process for enabling that connection.
Later in this guide, you will use the User Management app to import users from the provider. For
more information on importing user groups, see “Using the User Management App” on page 171.
MediaCentral Cloud UX supports the following authentication methods:

• Windows Active Directory
For more information, see “Integrating with Active Directory” on page 79.
• Okta
For more information, see “Integrating with Okta (BETA)” on page 84.
These two authentication providers work independently from each other. For example if you want to
use Okta, you are not required to complete the process for Integrating with Active Directory, nor are
you required to sync your Okta system with Windows Active Directory.
For more information on the user experience, see “Signing In to MediaCentral Cloud UX” in the Avid
MediaCentral | Cloud UX User’s Guide. For an alternative login option using Active Directory, see
“Configuring Single Sign-On” on page 188.
Changing Authentication Providers
If you fully configure MediaCentral Cloud UX for one provider and later want to switch to an
alternate authentication method, note the following:
• As you are temporarily removing access for all user groups, you complete this process during a
maintenance window. Users will not be able to reconnect until the system is fully reconfigured.
• Prior to altering the system configuration, you must use the User Management app to remove all
imported user groups.
• When you run the configuration script, new configuration strings are appended to the existing
file. To avoid any potential configuration issues, you must delete the existing auth.yaml file
prior to switching to your new provider. Alternatively if you want to retain the data for future
reference, you could rename the file. For example: mv auth.yaml auth.yaml.BAK
n If you want to rename the file to save a backup of the original configuration information, do not leave
.yaml as the file extension. Doing so might cause errors during the deployment process.
• After reconfiguring, you must use the User Management and License apps to resync the users,
and reconfigure the user group client licenses and entitlements.
• In some cases, you might also need to update the user associated with other configuration values
— such as with “Configuring Collaborate App User Groups” on page 98 or “Managing Service
Accounts” on page 189.
78
OpenLDAP
When you install MediaCentral Cloud UX, an open source authentication provider called
OpenLDAP is installed on the server automatically. This internal provider acts as a temporary
authentication system in the event that your permanent provider is not available at the time of
installation. This deployment includes one user account with the following credentials:
• User: Administrator
• Password: Avid123
If you do not have a permanent provider available during the initial installation and configuration of
the system, you can bypass the following process temporarily and use this internal instance of
OpenLDAP to access the MediaCentral Cloud UX Administrator apps. However, it is important to
note that Avid does not support creating additional users in this implementation of OpenLDAP. This
service is available only for the initial setup and configuration of the system.
If you decide to bypass this process and complete the installation without a permanent provider, you
must return to this process at a later time and complete the following:
1. Run the avidctl platform config auth script as described below.
2. Redeploy using the process described in “Altering the Configuration” on page 61.
3. Use the License app and the User Management app verify licenses, entitlements, and user
groups.
After you have established your connection to Okta or Windows Active Directory, the OpenLDAP
Administrator user account is disabled.
Integrating with Active Directory
You can complete the following process to enable a direct connection between your MediaCentral
Cloud UX system and Windows Active Directory. The authentication provider script requires you to
enter values for the following data points:
• The short host name, FQDN, or IP address of the authentication provider or providers (Windows
Active Directory server or servers).
If your organization uses Microsoft Active Directory Global Catalog, you can specify the Global
Catalog server in this field. However, note the following limitations:
- Only users in universal groups can be added to MediaCentral Cloud UX. Groups associated
with type domain local or global cannot be imported. Universal groups must not include
duplicate group names across the wider GC domain. If a duplicate group exists, only the first
added group will be known to the platform — the second will be ignored.
- You must not have any duplicate samAccountName users across all domains.
For more information, see https://docs.microsoft.com/en-us/windows/desktop/ad/global-catalog.
• The port number that will be used to connect to the provider.
The default port of 636 assumes that you are connecting to the server using a Secure Socket
Layer (SSL). If you are not using a secure connection, port 389 is the standard value. If you
specify more than one AD server, you must use the same port number for all connections.
• Communication with the Active Directory server is often transmitted over an unsecured
connection. The script prompts you to enter Yes or No to verify if you want to enable a secure
connection by enabling Secure Sockets Layer (SSL).
79
If you want to enable SSL on the Cloud UX server, you must verify that your Active Directory
server is also configured to communicate through an SSL connection. If you specify more than
one AD server, you must connect to all using the same SSL connection type.
• Bind User Name. This is the distinguished name of a user who has the right to query Active
Directory
Since the password for this user is stored in plain text in some system configuration files, Avid’s
best practices for system security recommends that your domain administrator creates a
dedicated user account that is limited to AD enumeration and is not used for any other purpose.
• Bind Password: This is the password for the above user.
• Base DN. This value represents the level of the tree available through the User Management app.
This DN typically points to the branch of the AD tree where the user objects are located. Any
users or groups that are outside of this tree will not be available in the User Management app.
When defining the Base DN, Avid recommends that you do not specify the top of the tree. If you
select too high of a level, MediaCentral Cloud UX might timeout when it attempts to read AD
structures that include a large number of user, groups, or containers. This might be exhibited by a
“Error while accessing the back-end server” message when attempting to sign in to
Instead, Avid recommends that you select a lower-level branch that includes the following:
- All users and groups that need to access MediaCentral Cloud UX
- The Bind Name user and Admin User described in this section
• Admin Group DN. In the Installation Prerequisites chapter, you were instructed to identify a user
group that would be used to access the MediaCentral Cloud UX Administrator apps. As a
reminder, this user group does not require any additional rights on your domain and the users
included in this group do not need to be domain admins — standard domain users are acceptable.
The Admin Group must be within the Base DN. If it is not, you could receive a “Cannot find
group” error when attempting to verify your settings.
• Admin Username. The MediaCentral Cloud UX License app requires an AD user to start the
licensing service. This user must be a member of the Cloud UX Admin group.
Avid suggests creating a new service user in Active Directory that can be dedicated to this task.
This user requires no special privileges and must be configured to never change its password.
Example User Name: clouduxadmin
• Connection Timeout. When polling the Active Directory server through the User Management
app, this value determines the number of milliseconds to wait for a response from AD before the
connection attempt is aborted. This defines the connection time only, not the entire read-time of
your Active Directory.
• Default Service Username. This is the short sAMAccountName of an account that can be used
by the MediaCentral Cloud UX services to communicate with each other. This account is used
by the services unless a user is explicitly assigned to a service through the Configuration Settings
app. For more information, see “Managing Service Accounts” on page 189.
You can specify any domain user (no special privileges required). However for security reasons,
Avid does not recommend that you use an account that is included in the Cloud UX Admin
group.
• Default Service User Group. This is the name of the user group that includes the Default
Username detailed above.
80
• Search Query Page Size. When polling Active Directory, this value determines how many entries
are gathered at one time. After the first page is returned, additional pages are delivered until the
end of the search is reached. The page size that you enter in this script must be less than or equal
to the MaxPageSize value defined on the Active Directory server.
For more information, see the Microsoft documentation page at: https://docs.microsoft.com/en-
us/windows/desktop/adsi/retrieving-large-results-sets
• CloudUX Active Directory Import Interval. After synchronizing with Active Directory, this
value represents the number of seconds before you can resynchronize with the server.
• CloudUX Active Directory Pool Connection age. This value defines how long MediaCentral
Cloud UX maintains a single connection to Active Directory. If you specify multiple servers
directly or through AD failover, this value also determines the amount of time before the
connection is switched to the next available server.
The default value for this option is 15 seconds, but can be lowered. Be aware that if this value is
set too low, Active Directory could identify the connections as an attack and block access after a
period of time.
c You must work with your in-house IT department to obtain the correct values to complete this
section of the installation. The examples provided in the process below might vary greatly from
the actual values defined in your organization’s Active Directory system.
function by entering the following command: avidctl platform config auth --help
Verifying your Data Points
After you have worked with your IT department to collect your data points, you might want to take
this opportunity to verify your connection to Active Directory. There are multiple tools available to
assist you with this task. One such tool is the Apache Directory Studio™ which can be downloaded
from: https://directory.apache.org/studio/. This tool provides a similar set of prompts as the Avid
authentication provider script and the tool allows you to verify your connection to Active Directory
after each step. If you complete this optional process, you will have confidence that MediaCentral
Cloud UX will be able to connect to Active Directory without issue.
If you do not want to verify your data points before running the script, you will have an opportunity
to verify the data at the end of the process.
To connect MediaCentral Cloud UX to your authentication provider:

authentication provider configuration script:
avidctl platform config auth -i
2. (if applicable) If an existing auth.yaml configuration file is found, the script asks if you want to
overwrite it.
t Enter Y to overwrite the file. Changes are only written to the file when you complete the
final step in this process. You can press Ctrl+C to exit without writing changes to the file.
t Enter N to exit the script.
81
3. At the Host prompt, enter the short host name, FQDN, or IP address of the authentication
provider (or providers). You can configure this value in one of following ways:
t If you are specifying a single AD server, Avid recommends that you use an IP address as it
eliminates DNS resolution.
t If you have multiple AD servers, you can enter multiple servers — each separated by a
comma. Avid recommends that you use IP addresses as this eliminates DNS resolution.
This method allows you to maintain tight control over which AD servers are used and in
which order they are prioritized.
t If you enable AD fail-over by registering the IP address of multiple AD servers to the same
DNS host name, Avid recommends that you specify the FQDN of this DNS entry.
When your AD has been configured for AD fail-over, MediaCentral Cloud UX attempts to
connect to the first server provided by your DNS. However note that if you are working in a
global organization, the AD server selected by DNS might not be optimal for your
MediaCentral Cloud UX server. If for example your MediaCentral Cloud UX server is
located in New York and your DNS provides an AD server that is located in Beijing, the
physical distance of these systems could introduce network latency and potential connection
timeouts.
The benefit of configuring AD in this way is that you can manage your list of AD servers
through DNS, rather than locally on the MediaCentral Cloud UX system.
t If your Active Directory is configured as a Global Catalog, specify the IP address of the
Global Catalog server.
4. Enter a port number that will be used to connect to the AD provider.
The default value for this field is 636. If your are integrating with Global Catalog, port 3268 is
often used with this type of configuration.
5. At the Use Secure SSL Connection prompt, enter Y for yes or N for no.
If you need to secure the data, enter Y (yes, the default selection) to enable a secure connection
through a Secure Sockets Layer (SSL) or N (no) to use an unsecured connection.
6. At the Active Directory Bind User prompt, enter the distinguished name of a user who has the
right to query Active Directory. This value must be entered using a format similar to the
following:
CN=<user>,OU=<group>,DC=<domain>,DC=<domain_extension>
In the following example, the Common Name (CN) user “WAVDadmin” exists in the
“Engineering” Organizational Unit (OU) at company “wavd.com”:
CN=WAVDadmin,OU=Engineering,DC=WAVD,DC=com
This is just a single example of the Bind Name formatting. You might have multiple Common
Names, no Organizational Units, or other variations in your environment. You must enter the
Bind Name according to the structure of your Active Directory system.
7. At the Bind User Password prompt, enter the password for the Active Directory Bind User.
8. At the Active Directory Base DN prompt, enter the search root path.
t If you are integrating with Global Catalog, Avid recommends that you press enter to leave
this value empty. This allows MediaCentral Cloud UX to reach across multiple domains.
t For all other configurations, this value must be entered using a format similar to the
following:
OU=group,DC=company,DC=com
82
9. At the Active Directory Admin Group DN prompt, enter the path to this user group. This value
must be entered using a format similar to the following:
CN=admin_group,OU=sub-group,OU=department,DC=company,DC=com
For example:
CN=CloudUX_Admins,OU=Security Groups,OU=Engineering,DC=wavd,DC=com
For more information about the Administrator-only area of MediaCentral Cloud UX, see
“Administrator App Overview” on page 118.
10. At the Admin Username prompt, enter the short sAMAccountName of the user that can be used
by the License app.
For example: clouduxadmin
11. At the Active Directory Default Service User Group DN prompt, enter the path to this user
group. This value must be entered using a format similar to the following:
CN=group,OU=sub-group,OU=department,DC=company,DC=com
For example:
CN=CloudUX_Default_Users,OU=Security Groups,OU=Engineering,DC=wavd,DC=com
12. At the Default Service Username prompt, enter the short sAMAccountName of the user.
For example: clouduxdefaultuser
13. At the Active Directory Connection Timeout prompt, enter a value (in milliseconds).
The default value for this setting is 9000 (9 seconds).
14. At the Active Directory Search Query Page Size prompt, enter a value that is less than or equal to
the page size defined on your Active Directory server.
The default value for this setting is 1000 (1 second).
15. At the CloudUX Active Directory Import Interval prompt, enter a value (in seconds).
The default value for this setting is 5.
16. At the CloudUX Active Directory Pool Connection age prompt, enter a value (in milliseconds).
The default value for this setting is 15000 (15 seconds).
17. Finally, the script asks you if you want to test your connection to Active Directory.
This test does not include verification of your Okta configuration details (if entered).
t If you enter Y (or y) for yes, the script attempts to connect to Active Directory using the
values that you specified above.
If successful, the script prints the connection information to the screen and exits. The values
that you entered are written to an auth.yaml file located at /etc/avid/config.
If the connection is not successful, an error is printed to the screen that indicates where the
process failed. You can then select to either reconfigure the information or quit. If you
choose the reconfigure option, you are returned to the first step in the script. However, this
time the script defaults to the values that you entered in the last attempt. This allows you to
review the values without reentering all the data.
t If you enter N (or n) for no, the script exits and the values are written to an auth.yaml file
located at /etc/avid/config.
If you decide to exit the script without testing the values, you can verify the contents of the
auth.yaml file at a later time by entering the following command:
83
avidctl platform config auth test --times=<value>

Where <value> equals the number of times that you want the test to repeat.
When run in test mode, the script uses the values in the auth.yaml file to contact Active
Directory. In some rare cases it is possible that a connection to AD might be successful once,
but might fail for subsequent logins. This command allows you to specify a retry count. Avid
recommends that you specify a value of three or more to test multiple logins. For example:
avidctl platform config auth test --times=3
n If you need more information about the script referenced in this step, you can use the script’s help
function by entering the following command: avidctl platform config auth test --help
Integrating with Okta (BETA)
Sometimes referred to as two-factor authentication or 2FA, multi-factor authentication (MFA)

provides organizations with more secure access to critical systems by requiring the user to verify
their credentials using a separate, but integrated system. Avid allows administrators to configure
MFA through Okta — a leading provider of identity management services. The following illustration
shows the Okta prompt that appears on the MediaCentral Cloud UX Welcome screen after you
enable the required settings.
MediaCentral Cloud UX connects to Okta through the OpenId Connect protocol, using a “code
grant” workflow to authenticate users. MediaCentral Cloud UX is identified as a standard web
application and Okta is an authorization server.
To enable the workflow, you must register MediaCentral Cloud UX as a web-based App in the Okta
Admin Console. If you have multiple MediaCentral Cloud UX systems within your environment (on-
premise or remote), you must configure each instance as a separate Okta-registered App with its own
application credentials. For more information on using the Okta Admin Console and for instructions
on creating the app, see the documentation on the Okta website at: https://developer.okta.com/docs/
guides/.
In this release of MediaCentral Cloud UX, Okta is the only qualified MFA provider. Organizations
are required to purchase their own Okta license before enabling this configuration option.
If you choose to enable integration with Okta, you will need the following additional data points. You
can obtain these values through the Okta Admin Console after creating your account and your Okta
web application — the profile you create to allow connections from MediaCentral Cloud UX.
• Okta domain URL. This must be the full URL of the corresponding Okta organization.
For example: https://wavd-29996069.okta.com/
• Your application’s Okta Client ID, as generated through the Okta system.
For example: 0ibb27bxcFfdhFjq14d6
84
• Your application’s Okta Client Secret

For example: jXLm44Ferr3TGHTLr12-34jhhq5rQwE6jmU2DD5Q
• Okta Callback URL. This must be the full callback URL that was configured during the creation
of the application. This information is transmitted back to Okta for all login requests.
For example: https://cloudux.customer.com/authorization-code/callback
• Okta API Token
The API Token must be generated by your Okta administrator to allow the Groups/Users API to
be accessible from MediaCentral Cloud UX. For example: SSWS 00QCjAl4MlV-WPXM
• Default Service Username
This is the name of an account that can be used by the MediaCentral Cloud UX services to
communicate with each other. This account is used by the services unless a user is explicitly
assigned to a service through the Configuration Settings app. For more information, see
“Managing Service Accounts” on page 189.
You can specify any valid user (no special privileges required). However for security reasons,
Avid does not recommend that you use an account that is included in the Cloud UX Admin
group.
• Okta Admin Group Name
This is equivalent to the Active Directory script’s Admin Group DN value.
In the Installation Prerequisites chapter, you were instructed to identify a user group that would
be used to access the MediaCentral Cloud UX Administrator apps. As a reminder, this user
group does not require any additional rights on your domain and the users included in this group
do not need to be domain admins — standard domain users are acceptable.
c The ability to authenticate using only Okta is considered a Beta feature in this release.
To authenticate using Okta:

authentication provider configuration script:
avidctl platform config auth okta -i
2. (if applicable) If an existing auth.yaml configuration file is found, the script asks if you want to
overwrite it.
t Enter Y to overwrite the file. Changes are only written to the file when you complete the
final step in this process. You can press Ctrl+C to exit without writing changes to the file.
t Enter N to exit the script.
3. Enter your Okta Domain URL and press Enter.
4. Enter your Okta Client ID and press Enter.
5. Enter your Okta Client Secret and press Enter.
6. Enter your Okta Callback URL and press Enter.
7. Enter your Okta API Token and press Enter.
8. Enter your Default Service Username and press Enter.
85
9. Enter your Okta Admin Group Name and press Enter.

The script ends with a “Validated” response and the values that you entered are written to an
auth.yaml file located at /etc/avid/config. In this case the validation is in reference to the
file being written to disk, it does not suggest that the values were validated against your Okta
system.
n If you need more information about the script referenced in this step, you can use the script’s help
function by entering the following command: avidctl platform config auth okta --help
Connecting to MediaCentral Production Management

If you plan to integrate MediaCentral Cloud UX with an Avid MediaCentral Production Management
system, you must run the following script to configure the connection settings.
function by entering the following command: avidctl platform config pam --help
To run the Production Management configuration script:

Production Management configuration script:
avidctl platform config pam -i
2. In the first prompt, you must enter the Fully Qualified Domain Name of your Production
Management Engine or cluster. Do not enter a short host name or IP address in this field.
If you are running a Production Management cluster configuration, make sure that you enter the
FQDN of the cluster and not an individual Production Management Engine.
3. Next, you must enter the name of a user that exists in the Production Management database.
This user must have Read/Write access (at minimum) to the entire database.
Avid best practices recommend that you create and use a dedicated user in the Production
Management database that has the “Internal Authentication” option enabled in the “User
Management” section of the Interplay Administrator. To avoid any possible conflicts with Active
Directory, this user should not share the same name as any domain user. Although there is no
technical limitation with enabling multiple authentication types for a single user, Avid best
practices recommend that you limit this user to “Internal Authentication” only.
4. Enter the password for the user that you specified in the previous step.
The password for this user must not be blank.
n In this release of MediaCentral Cloud UX, the Production Management password cannot include the
“@” symbol if you intend to enable a Send To Playback workflow.
5. (optional or if applicable) At the Lookup Server prompt, enter the short host name of the server
hosting the Production Management Lookup Service.
If there are multiple servers hosting this service, you can enter multiple values — each separated
by a comma. Do not use a Fully Qualified Domain Name (FQDN) in this field.
6. (optional or if applicable) At the Workgroup prompt, enter the name of the Interplay Production
Workgroup (Framework).
86
This value is case sensitive. You must enter the Workgroup name exactly as it appears in the
Interplay Framework.
7. At the Enable Dynamic Relink prompt, decide if you want to enable Dynamic Relink on the
Cloud UX system by entering Y (or y) for yes or N (or n) for no. The default value for this field is
yes.
You should generally enable this option if you are working in a multi-resolution environment. If
enabled, the Cloud UX player links to the lowest resolution associated with the asset. If this
option is disabled, the player links to the media associated with the asset at the most recent
check-in.
8. If you plan to specify more than one MediaCentral system as a Production Management
authentication provider, you must enter the FQDN of your MediaCentral Cloud UX server or
virtual cluster. For more information, see “User Authentication Providers” on page 136.
Although this value is optional, Avid recommends that you configure this setting in all cases to
enable functionality with Avid MediaCentral | Sync, or other potential future workflows.
This is the final piece of data required by the script. After you press Enter, the values are written
to a pam.yaml file located at /etc/avid/config.
Connecting to MediaCentral Archive Production

If you plan to integrate MediaCentral Cloud UX with an Avid MediaCentral Archive Production
system, you must run the following script to configure the connection settings.
function by entering the following command: avidctl platform config pam-archive --help
To run the Archive Production configuration script:

Archive Production configuration script:
avidctl platform config pam-archive -i
2. In the first prompt, you must enter the Fully Qualified Domain Name of your Archive Production
Engine or cluster. Do not enter a short host name or IP address in this field.
If you are running a Production Archive cluster configuration, make sure that you enter the
FQDN of the cluster and not an individual Production Archive Engine.
3. Next, you must enter the name of a user that exists in the Archive Production database.
This user must have Read/Write access (at minimum) to the entire database. This can be a local
user in the Archive Production database or a user imported to Archive Production from an
external authentication provider.
4. Enter the password for the user that you specified in the previous step.
The password for this user must not be blank.
5. If you plan to specify more than one MediaCentral system as a Production Management
authentication provider, you must enter the FQDN of your MediaCentral Cloud UX server or
virtual cluster. For more information, see “User Authentication Providers” on page 136.
Although this value is optional, Avid recommends that you configure this setting in all cases to
enable functionality with Avid MediaCentral | Sync, or other potential future workflows.
to a pam-archive.yaml file located at /etc/avid/config.
87
Connecting to Avid Shared Storage

If you plan to integrate MediaCentral Cloud UX with an Avid NEXIS system, you must run the
following script to configure the connection settings. Prior to running the script, make sure that you
have the following information:
• Your Avid NEXIS System Name.
This value is not the host name of the server, but rather a name assigned to the system during the
shared storage installation and configuration process. The value that you enter in this field must
be an exact match for the value that you enter in the Avid NEXIS user interface.
The following illustration provides an example of the Avid NEXIS System Setup page with the
System Name outlined in red.
• The Fully Qualified Domain Name or IP address of your System Director(s).

• The name and password of a user that exists on the Avid NEXIS system.
This user must have read/write access to all workspaces that contain media that you want to
access through MediaCentral Cloud UX. This can be a local user in the Avid NEXIS system or a
user imported from an external authentication provider.
• The name of the network interface used to communicate with Avid NEXIS.
If you do not know the name of your network interface, you can enter ip addr in the Linux
console to display a list of network interfaces.
• The preferred Avid shared storage connection mode.
When connecting MediaCentral Cloud UX to an Avid NEXIS server, the default client
connection mode is set to 1 (High). You must verify that this connection mode is appropriate for
your organization’s workflow.
For more information on client connection modes, see “Setting Client Types” in the Avid NEXIS
Client Manager Installation and User’s Guide on the Avid Knowledge Base at: http://
avid.force.com/pkb/articles/en_US/User_Guide/Avid-NEXIS-Documentation.
If you are returning to this process after having run the final avidctl platform deploy script, you
can repeat the process below to update your configuration. Unlike other scripts in this chapter, you
are not required to redeploy the feature packs after updating shared storage configuration.
function by entering the following command: avidctl platform config nexis --help
To run the Avid shared storage configuration script:

configuration script:
avidctl platform config nexis -I
To use the interactive mode, you must use either -I (must be a capital letter I)
or --interactive.
88
2. The script prompts you with a series of questions. Provide an answerer to each of the following
questions and press Enter or Return to continue to the next step.
If you need to connect to multiple Avid NEXIS systems, provide answers for the first shared
storage system only. After you configure the first system, you will have an opportunity to
configure the connection for additional systems.
- System Name: The System Name of your Avid NEXIS system. This value is case sensitive.
- System Directors: The Fully Qualified Domain Name or IP address of your Avid NEXIS
System Director.
- User: The name of a user that exists on the Avid shared storage system.
- Password: The password for the user that you specified in the previous value.
- Mode: The connection mode for the Avid NEXIS Client installed on the MediaCentral
Cloud UX server defaults to mode 1. If you need to configure the server for an alternate
connection mode, specify this value.
If you want to accept the default value of 1, you can press the Enter or Return key without
entering a value to proceed to the next prompt.
- Use Network Device: The name of the network interface used to communicate with the
Avid NEXIS system.
- Ignore Network Device: If you have configured an additional network interface on your
MediaCentral Cloud UX server, you must enter the name of the interface at this prompt. If
you have enabled three or more network interfaces, you can enter the name of each adapter,
separated by commas.
If you did not configure any additional network interfaces, you can leave this field blank and
press Enter or Return to proceed.
3. After answering the last question, the script asks if you want to configure another shared storage
system.
t If you enter yes (y), you are prompted to provide connection details for the next shared
storage system.
t If you enter no (n), the script exists and configures the connection to Avid NEXIS.
If you ever need to verify the values that you entered in this script, you can do so by reviewing
the nexis-config Config Map in the Kubernetes Dashboard.
4. (optional) After configuring the connection settings, you can restart the Avid NEXIS Client to
enable the configuration update:
systemctl restart avid-nexis-agent
If you are running a clustered configuration, repeat this command on each node.
n If you do not restart the service, the configuration changes are enabled automatically in the next poll
of the service (every 60 seconds). The manual restart of the service allows you to enable the change
without waiting for the polling interval. Restarting avid-nexis-agent also restarts the avidfos service.
5. Enter the following command to verify that the avid-nexis-agent service is running:
systemctl status avid-nexis-agent -l
The system should respond with output similar to the following:
May 10 10:49:17 wavd-mcux01 avid-nexis-agent[13635]: 2018/05/10 10:49:17
Mounting 'wavdNEXIS'...
89
May 10 10:49:17 wavd-mcux01 avid-nexis-agent[13635]: 2018/05/10 10:49:17

Mouted 'wavdNEXIS' successfully -> /mnt/media/default/wavdNEXIS
If the system reports a problem connecting to Avid NEXIS or mounting workspaces, you must
troubleshoot the issue before continuing with the installation.
If you made an error when running the script for the first time, you can run the script again to
apply new settings. After running the script, remember to restart the Avid NEXIS services.
6. If you have a cluster configuration, repeat the previous verification step on each node in the
cluster.
Configuring Avid NEXIS API Services

When completing the process for “Connecting to Avid Shared Storage” on page 88, you enabled the
MediaCentral Cloud UX servers to physically mount the Avid NEXIS workspaces to allow the
system to read and write to the shared storage. In the following process, you configure Kubernetes
managed, Avid API services to connect to the Avid NEXIS system. The following process is required
only if you are using an Avid NEXIS system and you are integrating with one or more of the
following products:
• Avid MediaCentral | Panel for Media Composer
Required only if you need to access Avid NEXIS from within the MediaCentral Panel — for
example as part of a MediaCentral Editorial Management workflow.
• Avid MediaCentral | Panel for Adobe Premiere Pro
Required only if you enable the MediaCentral | Connector for Adobe Premiere Pro.
After you enable the Avid NEXIS API Services, your Avid NEXIS system appears in the
MediaCentral Cloud UX Browse and Search apps for any user that includes a matching Active
Directory account on both MediaCentral Cloud UX and Avid NEXIS. Avid recommends that you
browse (or search) the Avid NEXIS system only if you plan to create and manage Adobe Premiere
Pro projects and assets through Adobe Premiere Pro workflow. For more information, see the Avid
MediaCentral | Panel for Adobe Premiere Pro ReadMe.
function by entering the following command: avidctl platform config nexis-api --help
To configure the Avid NEXIS API services:

avidctl platform config nexis-api -i
2. The script prompts you with a series of questions. Provide an answerer to each of the following
questions and press Enter or Return to continue to the next step.
- System Name: Enter the System Name of your Avid NEXIS. This value is case sensitive.
This value is not the host name of the server, but rather the name assigned to your Avid
NEXIS system during the installation and configuration process. The value that you enter in
this field must be an exact match for the value found in the Avid NEXIS user interface.
- System Director: Enter the Fully Qualified Domain Name or IP address of your Avid
NEXIS System Director.
- Port: Enter the network port number that is used to connect to the Avid NEXIS system. The
standard port number used for this value is 80.
90
- Username: Enter your Avid NEXIS Administrator account.

You must enter the word Administrator in this prompt. User accounts that include
administrative privileges cannot be used.
- Password: Enter the Avid NEXIS Administrator password.
After entering the password, you are asked to confirm the password.
- Broker User: Enter the name of the user associated with the RabbitMQ installation on your
Avid NEXIS system. The default value is: avid.
Only enter a different value for this question if directed to do so by Avid.
- Broker Password: Enter the password for the Broker User. The default value is nexis.
Only enter a different value for this question if directed to do so by Avid.
After entering the password, you are asked to confirm the password.
to a dp.yaml file located at /etc/avid/config.
Configuring the Avid XFER and XFORM Services

If you plan to use the Send to Playback workflow that is available in the MediaCentral Panel for
Adobe Premiere Pro v2021.3 or later, you must run the following script to configure settings related
to the Avid XFER and Avid XFORM services. These services act as an intermediary between
different MediaCentral modules and allow components used within the Adobe workflow to access
the Avid NEXIS system.
function by entering the following command: avidctl platform config xfer --help
To configure the services:

1. Enter the following command:
avidctl platform config xfer –w '\\<NEXIS\workspace>'
Where the following values are used:
- <NEXIS\workspace>: This value represents a UNC path that includes the Avid NEXIS
System Name and the workspace that will be used by the services. This value must be
enclosed in single quotes.
As a reminder, the Avid NEXIS System Name is not the server’s host name, but rather a name
assigned to the system during the shared storage installation and configuration process.
For example:
avidctl platform config xfer –w '\\wavd-nexis\xfer'
n If you run this configuration script, you must also deploy the Media Services feature pack when
“Running the Feature Pack Deployment Script” on page 111.
2. Press Enter (or Return) to execute the script.

As the script does not verify access to the Avid NEXIS system or validate the syntax, make sure
that your values are correct. If you find an error, repeat this process with the corrected values.
You configuration information is written to an xfer.yaml file located at /etc/avid/config.
91
If you encounter any problems with the workflows that are enabled by these services after fully
deploying your MediaCentral system, refer to “Troubleshooting the XFER Service” on page 353
for information that might help you resolve the problem.
Configuring MediaCentral Search

The following process allows you to configure aspects of MediaCentral Search — from areas of the
user interface, to the rules that govern search results. If you do not wish to alter the system defaults
(see values below) then you are not required to complete this process.
If you decide to run the script, you will be prompted to enter a “Total Field Limit” value. This value
represents the total number of fields that can be indexed by Elasticsearch, and it ensures that the
database cannot grow to an unusable size. While the default value of 10000 is appropriate for most
installations, some installations might require a larger field limit because the connected modules
include a large number of indexable fields. In these cases, the system might not be able to complete
the creation of the search index using the default value.
Prior to running this script, you can follow these steps to estimate your required field limit:
1. Connect to your Production Management module and count the number of fields that have a
check mark in the Select column of the MediaCentral Search Connector’s Property Selection tab.
2. Connect to your Asset Management module and verify the number fields marked in the
Datamodel Administrator as “searchable”.
3. Connect to your Newsroom Management module using the iNEWS Workstation and verify the
number of fields in the schema JSON stored in SYSTEM.SCHEMAS.KAFKA.
4. Add these values together and then multiply by 20% to accommodate for growth.
5. Multiply this final value by (2 + <n>). In this case <n> represents the number of additional
analyzers that you plan to define below.
If for example you configure the Simple, English, and French analyzers, Elasticsearch would
create a total of five sub-fields per string (2 default fields + 1 simple + 2 language fields = 5).
If the total number of indexed fields is less than 10,000, then the default value is acceptable. If the
value is higher than 10,000, you should increase the default field limit.
Instead of increasing the field limit, you could investigate the possibility of reducing the number of
indexed fields. If you do this, you might see an increase in performance as each search is required to
parse less data. In a Production Management system, you can disable indexed fields in the
MediaCentral Search Connector (Property Selection Tab) of the Interplay Administrator. In an Asset
Management system, you can reduce the number of searchable fields by deleting any unused Object
Classes.
function by entering the following command: avidctl platform config search --help
To run the search configuration script:

avidctl platform config search -i
2. In the first prompt, enter a two or five character language code and press Enter. Alternatively,
you can simply press Enter to use the default value of “en” for English.
92
This value defines the language used to display field names and some other elements in the
Search app user interface. If you select an alternate language when signing into MediaCentral
Cloud UX or if you change the language in the User Settings, that selection overrides this value
for the length of the user session.
Avid supports the following language codes:
Code Language Code Language Code Language
ar Arabic fr French ru Russian
de German it Italian tr Turkish
en International English ja Japanese zh-cn Chinese (China)
es Spanish ko Korean
et Estonian pt-pt Portuguese (Portugal)
3. Enter one or more language analyzer values and press Enter. Alternatively, you can simply press
Enter to use the default values of “simple, english”. Avid recommends that you configure at least
one language as well as the simple analyzer for best results.
Analyzers define how the search engine treats text-based metadata values. You can enter one or
more analyzers in this prompt, each separated by a comma and a space. To simplify the search
process and reduce unnecessary overhead, Avid recommends that you do not add a language
analyzer unless you plan to search for text-based metadata in that language.
Avid supports the following values:
Analyzer value Description
simple If your search term includes a number, the simple analyzer breaks term into multiple
values at the point at which the number and letter meet. In this case numbers are
eliminated or treated as a space. For example ‘title1’ is indexed as ‘title’ and
‘happy4ever’ is indexed as ‘happy ever’.
The following analyzers are all language related and enable language stemming. Stemming allows you to
search for a root word and have the engine return hits related to that word. For example a search for the
word “fish” might return hits for “fish”, “fishes”, “fishing”, “fished”, or others.
• arabic • italian • russian

• english • kuromoji (Japanese) • smartcn (Simplified Chinese)
• french • nori (Korean) • spanish
• german • portuguese • turkish
c Make sure to spell the analyzer values correctly. If you enter an invalid value (for example
“greman” instead of “german”), the Search app will ignore the entry.
For more information on how analyzers effect the user experience, see “Language Analyzers” on
page 216.
4. At the Exact Match Boost prompt, press Enter to accept the default value.
This setting has an impact on the way that results are displayed in the Search app. The default
value for this setting is 10. Do not change this value unless directed to do so by Avid.
93
5. Enter an Catalog Monitor Batch Size value and press Enter. Alternatively, you can simply press
Enter to use the default value of 500.
This value determines the number of catalog items indexed by search at any one time. Do not
change this value unless directed to do so by Avid.
6. Enter a Total Fields Limit value and press Enter. Alternatively, you can simply press Enter to use
the default value of 10000.
If you are unsure about your index field limit, Avid suggests using the default value of 10000. If
Elasticsearch begins to log errors indicating that the total_fields_limit has been exceeded, you
can return to this process and increase this value. Avid recommends that you do not exceed a
value of 30000 as doing so can lead to a performance degradation of the Elasticsearch database.
After you press Enter, the values are written to a search.yaml file located at /etc/avid/config.
must complete the following steps to redeploy the search index configuration:
• Redeploy the system after updating or recreating the configuration file.
• Reset the search index and resync your connected MediaCentral modules.
For more information, see “Resetting the MediaCentral Search Index” on page 275.
Disabling Asset Visibility
MediaCentral Production Management includes a feature that allows you to limit the results of the
Search app to display only those assets for which the individual users have permission to view. For
more information, see “Reviewing the Manage Status Tab” on page 140.
If you disable this feature in Production Management, you must also complete the following steps on
your MediaCentral Cloud UX server.
To disable Asset Viability in MediaCentral Cloud UX:

1. Copy the example configuration file to its active location (/etc/avid/config/):
sudo cp /opt/avid/examples/config/search-index-toggles.yaml /etc/avid/
config/search-index-toggles.yaml
sudo vi /etc/avid/config/search-index-toggles.yaml
3. Set the AVID_SEARCH_USERVISIBILITYSETTINGS_DISABLED option to a value of true. For
example:
AVID_SEARCH_USERVISIBILITYSETTINGS_DISABLED: "true"
94
Configuring MediaCentral Phonetic Index

If your organization has purchased a MediaCentral Phonetic Index license, you must run the
following script to configure the Phonetic Index connection settings. Prior to running the script, make
sure that you have the following information:
• The IP address or fully qualified domain name of the Search Grid server.
For more information, see “Installing Nexidia Search Grid” on page 121.
At this point in the installation, you are not required to have the Search Grid server operational.
function by entering the following command: avidctl platform config phonetic --help
To run the Phonetic Index configuration script:

Phonetic Index configuration script:
avidctl platform config phonetic -i
2. In the first prompt, enter the Fully Qualified Domain Name or IP address of your Search Grid
server and press Enter.
3. At the Cloud UX Hostname prompt, enter the IP address or Fully Qualified Domain Name of
your MediaCentral Cloud UX single-server or virtual cluster and press Enter.
4. Enter a phonetic language’s Globally Unique Identifier (GUID) and press Enter. Alternatively,
you can simply press Enter to use the default GUID for International English.
Example GUID value: d699037f-5b72-42fe-ad42-4512f34e1db0
This value defines the default language that users see when they add a Phonetic pill to the Search
app. While this option defines the default language, the additional options in the phonetic pill’s
language menu are determined by the language packs that you install on the Search Grid server.
If you specify a GUID for a language that is not installed on the Search Grid server, or licensed
in MediaCentral Cloud UX, the phonetic pill will still display the language option. However, the
Search app will not return any phonetic hits for that language.
The language selected by the user on either the MediaCentral Cloud UX welcome page or in the
User Settings has no bearing on the default language shown in the phonetic pill.
For a list of languages and their associated GUIDs, see “Language Packs” on page 122.
5. At the Phonetic Default Threshold prompt, enter a numerical value between 1 and 100 and press
Enter. Alternatively, you can simply press Enter to use the default value of 60.
While Avid recommends the default value in most cases, you can use this setting to adjust the
sensitivity of the phonetic search. As you lower the sensitivity, the phonetic search returns more
hits, and potentially more assets. However, a lower setting also means that the phonetic hits
might not be as accurate. A higher setting decreases the number of hits, but these hits have a
much higher likelihood of being an exact match for your search.
6. At the Phonetic Large Scale Threshold prompt, press Enter to accept the default value.
If you have more hours of phonetic metadata than the value defined here, the Search Grid server
switches automatically to an alternate search algorithm. The default value of this setting is 200.
Do not change this value unless directed to do so by Avid.
95
7. After you enter these values, the script prompts you to test the configuration.
t Enter y or Y to test your custom values.
If the test passes, the script creates a phonetic.yaml file located at /etc/avid/config.
If the test fails, you are given the opportunity to correct the values (reconfigure) or exit the
script without creating the phonetic.yaml file (quit).
t Enter n or N to create the phonetic.yaml file without testing the configuration.
must complete the following steps to redeploy the Phonetic Index configuration:
• Redeploy the system after updating or recreating the configuration file.
• If you entered a new phonetic language GUID, you must use the Kubernetes Monitor to delete
the avid-search-search pod or pods (there might be more than one) following the
redeployment.
For more information, see “Working with Kubernetes” on page 335.
• Reset the search index and resync your connected MediaCentral modules.
For more information, see “Resetting the MediaCentral Search Index” on page 275.
Connecting to MediaCentral Ingest

If you plan to integrate MediaCentral Cloud UX with Avid MediaCentral Ingest, you must run the
following script to configure the MediaCentral Ingest connection settings. Prior to running the script,
make sure that you have the following information:
• The IP address or Fully Qualified Domain Name of your MediaCentral Ingest system.
• Your Avid NEXIS System Name.
This value is not the host name of the server, but rather a name assigned to the system during the
shared storage installation and configuration process.
• The name of an Avid NEXIS workspace (with an optional folder path).
The MediaCentral Ingest workflow allows you to upload media from your local workstation to
Avid shared storage. This workflow requires a connection to an Avid NEXIS system — non-
Avid storage is not supported. Additionally, the user account that runs the MediaRewrapping
Services on the MediaCentral Ingest server must have read/write access to this workspace.
When you upload media using the Ingest app, the post-upload cleanup process checks the path
that you define in the following script every 60 seconds and deletes any files that are older than 4
hours. To avoid accidental deletions, the script appends whatever path that you configure below
with an ingest_upload folder. If you do not specify a path, the folder is created at the base-
level of the workspace. Only assets contained in the ingest_upload folder are deleted during the
post-upload cleanup process.
For more information on Avid MediaCentral Ingest, see the Avid MediaCentral | Ingest User’s Guide
on the Avid Knowledge Base.
function by entering the following command: avidctl platform config ingest --help
96
To run the MediaCentral Ingest configuration script:

1. Prior to running the script, you must verify the name and case of your shared storage. Enter the
following command to verify the name of your shared storage:
ls /mnt/media
The output might look similar to the following:
WAVD-NEXIS
Note the name and the case (upper/lower) of your shared storage system.
2. Enter the following command on your single server or primary master node to execute the Ingest
avidctl platform config ingest -i
3. At the MCI Hostname prompt, type the IP address or Fully Qualified Domain Name of your
MediaCentral Ingest system and press Enter. Do not enter a short host name for this value.
4. Type the Avid NEXIS System Name that will be used for file ingest and press Enter.
This name is case sensitive and must match the name of the system exactly.
5. Type the name of the workspace (and optional path) that will be used for file ingest and press
Enter. For example: my_workspace or my_workspace/ingest
This name is case sensitive and must match the name of the workspace exactly. If you specify a
path and that folder structure does not already exist, the Ingest process creates the path for you.
After you press Enter, the values are written to an ingest.yaml file located at /etc/avid/config.
Connecting to Avid Maestro

If your MediaCentral Cloud UX clients are not able to connect directly to the network subnet in
which the Avid Maestro News servers are located, you must complete the following process to allow
clients to access thumbnail images of Maestro assets in apps such as Browse or Search.
While this process is meant to address this specific networking requirement, Avid recommends that
you complete the following steps on any MediaCentral Cloud UX system that plans to integrate with
Avid Maestro News.
To enable integration with Avid Maestro:

1. Sign into your single server or primary master node as the root user.
2. Enter the following command:
avidctl platform config maestro --url http://<maestro-server>:<port>
- <maestro-server>: This is the IP address or FQDN of your Avid Maestro News server
- <port>: This is the port used to communicate with Maestro Service. The standard port used
in most configurations is port 9030.
For example:
avidctl platform config maestro --url http://wavd-maestro.wavd.com:9030
97
Configuring Collaborate App User Groups

If you plan to use the Collaborate app in this version of MediaCentral Cloud UX, you must edit a
configuration file to include the names of one or more Active Directory user groups. All users that
are included in these groups are added to the People section of the Collaborate app automatically as
employees. Although you can create non-employee user accounts through the app, employees are the
only users that can access either the Collaborate app or the Collaborate Mobile App.
For more information, see “Using the Collaborate App” in the Avid MediaCentral | Cloud UX User’s
Guide.
To create the Collaborate app configuration file:

2. Copy the example configuration file to its active location (/etc/avid/config/):
cp /opt/avid/examples/config/ca.yaml /etc/avid/config/ca.yaml
vi /etc/avid/config/ca.yaml
4. Edit the following line:
group_search_value: "<AD_user_group_1>,<AD_user_group_X>"
Where each value represents the group’s Active Directory alias and not the displayName. You
can enter one or more values. If you decide to enter more than one user group, each must be
separated by a comma. For example:
group_search_value: "news_editors,promotions,news_mgmt"
Configuring the Frame-Ancestor Security Policy

During the deployment process, MediaCentral Cloud UX configures the content-security-policy http
header to “frame-ancestors: 'self'”. While enhancing system security, this configuration value might
prevent MediaCentral Cloud UX from running as an embedded “iFrame” in products such as the
Avid MediaCentral | Panel for NRCS or the Avid MediaCentral | Panel for Adobe Premiere Pro — if
the connection is made from a different origin, such as a different domain or a sub-domain within
your network.
If your clients access MediaCentral Cloud UX through an embedded panel from a different origin,
you must complete the following steps to alter the MediaCentral Cloud UX configuration to enable
this connection.
c The following configuration changes might weaken system security and could expose your
systems to cross-site scripting attacks. Only enable these changes if your network requires it.
To enable remote origins:

2. Copy the example configuration file to its active location (/etc/avid/config/) to enable the
security policy change:
cp /opt/avid/examples/config/http-security.yaml /etc/avid/config/http-
security.yaml
98
3. Using the Linux vi editor, review the file contents and update the values as necessary for your
deployment. The example configuration file includes three variables, each set to true by default:
- (http_config) frame_ancestors_enabled: true
- (http_config) proxy_cookie_flags: true
- (oauth) frame_ancestors_enabled: true
Notice that the “frame_ancestors” value appears in two locations in the file. Depending on your
deployment type, you might want to alter these default values. The following configuration
options are available:
t To enable access from all MediaCentral panels:
Configure both frame_ancestors_enabled values to true, and the proxy_cookie_flags value
to true. You must also add frame_ancestors: '*' to both the default and oauth
sections of the file, as shown in the following example:
[root@wavd-mcux ~]# cat /opt/avid/examples/config/http-security.yaml
global:
http_config:
default:
content_security_policy:
frame_ancestors_enabled: true
proxy_cookie_flags: true
frame_ancestors: '*'
oauth:
content_security_policy:
frame_ancestors_enabled: true
frame_ancestors: '*'
t To disable access to MediaCentral Cloud UX from panels and enhance system security:
Configure both frame_ancestors_enabled values to true, and the proxy_cookie_flags value
to false. Do not add the frame_ancestors: '*' lines to the file.
t To enable access from the Panel for Adobe Premiere Pro, but prevent access from the Panel
for NRCS:
No changes are required. The default value of true enable this configuration. Do not add the
frame_ancestors: '*' lines to the file.
If you need to revert your system to the original default configuration, you must reconfigure the
values in the file, and then redeploy. Following the redeploy process, you can delete the http-
security.yaml file from /etc/avid/config/.
Enabling a Multi-Site Configuration

Multi-Site is an optional and licensed feature for MediaCentral Cloud UX that allows you to connect
multiple MediaCentral Cloud UX systems together to create a more seamless user experience for
Enterprise-level organizations.
This section includes the following processes:

• “Creating or Modifying the Sites File” on page 100
You must run this script for all new multi-site installations and you must repeat these steps for
each site in the multi-site configuration.
• “Removing Remote Sites from the Sites File” on page 101
99
Allows you to remove a site from your multi-site configuration.
After your MediaCentral Cloud UX system is fully deployed, you must decide which MediaCentral
modules will be shared with which users. For more information, see “Using the Multi-Site Settings
App” on page 235.
c The following processes require you to specify the FQDN (Fully Qualified Domain Name) of
your MediaCentral Cloud UX single-server or cluster. If you followed this guide, you should
have already verified DNS resolution of your MediaCentral Cloud UX server or servers and
you should be using a trusted certificate that includes the FQDN information for your system.
If your certificate does not include a valid FQDN, the multi-site configuration process will fail.
If you do not want to enable a multi-site configuration, you can bypass this procedure and continue
with the next phase of the installation.
Creating or Modifying the Sites File
The sites.yaml file is a list of all remote MediaCentral Cloud UX systems that plan to connect to
your local site in a multi-site configuration. The file includes the public key data, URL, and a user-
friendly name for each remote site.
You can use the following process to create a new multi-site configuration or you can use the same
script to add new sites to an existing multi-site configuration.
function by entering the following command: avidctl platform config sites --help
Reminder: As with other system configuration changes, if you add or remove a site from the
sites.yaml configuration file, you must redeploy the system with the avidctl platform
redeploy script. For more information, see “Altering the Configuration” on page 61.
To create the sites file or add a system to the file:

1. Before you run the following script, you must make sure that all remote MediaCentral Cloud UX
sites are running and fully operational. If your local site cannot connect to a remote site, you will
not be able to obtain a local copy of the remote site key.
2. Enter the following command on your single server or primary master node to create the sites file
or add a site to an existing file:
avidctl platform config sites add https://<fqdn> --label "<name>"
The following list explains each of the switches and values available in this command:
- <fqdn>: This value represents the FQDN of the remote MediaCentral Cloud UX system. If
you have a cluster, specify the cluster’s virtual FQDN. This is a required value.
- label: Enclosed in quotes, the <name> value represents a friendly name for the remote
MediaCentral Cloud UX system. This is a required value.
The following provides an example of this command:
avidctl platform config sites add https://nyc-mcux.wavd.com/ --label
"Boston"
When you press Enter, the sites.yaml is created or updated at /etc/avid/config/.
3. (optional) If you need to add another remote site, repeat the previous step — replacing the values
for the next remote site.
100
Removing Remote Sites from the Sites File
This section includes processes to remove sites from the multi-site configuration. If you need to
remove a site, you must make sure to remove that site from all locations. For example if you have
three sites (A, B, and C) and you remove sites A and B from the configuration on site C, you must
make sure to remove site C from sites A and B. Failure to do so could results in unexpected
configuration problems and user experiences.
To remove a single remote site from the multi-site configuration:

avidctl platform config sites remove <url>
Where <url> is the address of the remote site.
When you press Enter, the site is removed from the local configuration file.
n If you are not sure of the correct URL address, you can enter the following command to view the
contents of the sites.yaml file: avidctl platform config sites list
To remove all remote sites from the multi-site configuration:

avidctl platform config sites remove --all
When you press Enter, all sites are removed from the local configuration file.
Enabling System Monitoring

MediaCentral Cloud UX allows you to monitor and collect run-time information on your single-
server or cluster. This feature is available to all MediaCentral Cloud UX customers and does not
require any additional licensing from Avid to enable.
Comprised of distinct sub-systems, you can elect to install and configure the monitoring (metrics)
system only, or both monitoring and logging. The monitoring tools allow you to observe important
information about your systems during normal operation — such as disk space, CPU usage, memory
consumption, network data, and more. Even without long-term logging data, this information can be
used to assist troubleshooting efforts if the need arises. Additionally, Grafana allows you to configure
alarms that can trigger a notification if certain thresholds are met or exceeded.
If you do not want to configure system monitoring, you can bypass this procedure and continue with
the next phase of the installation.
c Avid strongly recommends that you deploy the System Monitoring tools for all MediaCentral
Cloud UX installations. This recommendation applies specifically to the Monitoring aspect of
the System Monitoring solution. Deployment of the Logging feature is at your discretion.
Monitoring vs Logging
The config metrics script referenced below installs the monitoring services (Prometheus® /
Grafana®) on your MediaCentral Cloud UX single-server or cluster. These services must always run
on the MediaCentral Cloud UX server(s) because Prometheus must operate inside Kubernetes to be
able to collect metrics.
101
The config logging script configures the system monitoring logging node which might or might
not be the same as a MediaCentral Cloud UX node. The logging node is responsible for collecting
and processing the information provided by the Kibana® monitoring services. This information is
stored in an Elasticsearch® database (version 6.8.23). Since the maintenance of this database and the
associated systems can be resource intensive, Avid allows you to configure the logging node in one
of two ways:
• Externally
Organizations that are interested system monitoring might have an Elasticsearch and Kibana
system deployed. In this case the logging setup script allows you to integrate with these existing
systems. However, even if you do not have an existing setup, there are advantages to creating an
external logging node:
- The resource intensive processes are offloaded from the MediaCentral Cloud UX system.
- If there is a problem with the Cloud UX system, the logging node is more likely to be
isolated from the issue and can be used to assist in the troubleshooting effort.
If you decide to enable external monitoring, Avid recommends that you use the same version of
Elasticsearch (v6.8.23) that is used in the internal deployment method.
• Internally
Avid supports the ability to configure a MediaCentral Cloud UX single-server or cluster node as
a logging node. However, be aware that the systems and services that create this solution are
resource intensive. If you configure a Cloud UX server as a logging node, you could see a
performance impact which could negatively effect the MediaCentral Cloud UX user experience.
If you have a cluster configuration of four or more nodes, Avid recommends that you configure a
worker node as the logging node.
The system monitoring solution used in MediaCentral Cloud UX is comprised of multiple services
and integrated systems. The following table provides additional information on these systems.
Component Description Monitoring Node(s) Logging Node
Logstash® Log transformation 1+n instances (depending NA

on number of nodes)
Filebeat™ Log collector 1+n instances (depending NA

on number of nodes)
Prometheus® Metrics back-end 1 instance (no high NA

availability)
Grafana® Metrics front-end 1 instance (no high NA

availability)
For more information, see “Working with
Grafana” on page 342.
Elasticsearch Back-end for log aggregation NA 1 instance (no

high availability)
If the logging node goes down, log aggregation
functionality is lost until the issue is resolved.
102
Component Description Monitoring Node(s) Logging Node
Kibana® Front-end NA 1 instance (no

high availability)
Kibana is exposed on port 30001 with a
delivered SSL certificate. If you configure
system monitoring prior to running the final
deploy script, Kibana uses the MediaCentral
Cloud UX certificate.
Curator Cleanup cron job NA 1 instance (no

high availability)
Curator is deployed as a cron job to cleanup
Elasticsearch in a regular interval.
If deployed internally, Avid configures Curator on the Cloud UX node. If deployed externally,
Curator must be configured manually on the logging node. For more information, see
https://www.elastic.co/guide/en/elasticsearch/client/curator/current/index.html.
Altering the System Monitoring Configuration
If you deploy system monitoring as an internal deployment and you want to switch to an external
deployment (or switch from external to internal) at a future point in time, you simply need to repeat
the steps below to reconfigure your system and redeploy monitoring as described in “Deploying
System Monitoring” on page 114. However, note that this reconfiguration process does not migrate
existing Elasticsearch data.
If you have already deployed and enabled system monitoring and subsequently need to disable it, you
can enter the following command to remove the services from the Kubernetes cluster.
avidctl monitoring remove
Note that this command removes the services, but it does not delete the data. If you deployed system
monitoring internally, this command does not remove the Elasticsearch database.
Configuring System Monitoring
The process to enable system monitoring is described in the following sections:

• “Configuring the System Monitoring Node” on page 103
• “Configuring an External Logging Node” on page 104
• “Configuring an Internal Logging Node” on page 105
Configuring the System Monitoring Node
The following process installs and configures the software that enables the system monitoring
services on your Cloud UX single-server or cluster. As these services simply monitor system
resources, they consume a minimal amount of memory and CPU cycles. After the software is
installed, you must run additional scripts to configure the node that will be responsible for running
more resource intensive tasks such as processing the log information.
function by entering the following command: avidctl monitoring config metrics --help
103
To install the system monitoring software:

avidctl monitoring config metrics -i
2. The first prompt in the script asks you to verify that you want to enable metrics.
t Enter Y (y) to enable system monitoring.
t Enter N (n) to exit the script.
3. Next you must decide of you want to integrate with Active Directory.
t Enter Y (y) to enable integration with Active Directory.
This setting enables any user in the Admin Group DN to access the Grafana user interface.
You defined the Admin Group DN during the process of “Integrating with Active Directory”
on page 79.
n Microsoft Active Directory is the only supported authentication provider in this release of
t Enter N (n) to use the default local user.

If you select this option, you can access the Grafana user interface with the following
credentials:
User: admin
Password: Avid123
n The admin user account is created as part of the Grafana deployment automatically. If you select AD
integration, you can delete the admin user through the Grafana interface if desired.
4. At the next prompt, you must identify the node that will run the metrics back-end (Prometheus)
and front-end (Grafana). The script displays a list of MediaCentral Cloud UX nodes.
Enter the corresponding number for the node and press Enter.
to a monitoring.yaml file located at /etc/avid/config. Additionally, the metrics=true label
is assigned to the node that you specified above. You can verify that the label has been added
using the kubectl get nodes --show-labels command.
5. Complete one of the following to continue the system monitoring setup:
t “Configuring an External Logging Node” on page 104.
t “Configuring an Internal Logging Node” on page 105.
Configuring an External Logging Node
If you want to integrate with an external Kibana system, complete the following process to configure
external log aggregation.
function by entering the following command: avidctl monitoring config logging --help
104
To configure external log aggregation:

avidctl monitoring config logging -i
2. The first prompt asks if you want to enable logging.
Type Y (y) and press Enter to confirm that you want to continue.
3. The script asks you to determine if you want to send logs to an external instance of Elasticsearch.
Type Y (y) and press Enter to continue.
4. Enter the short host name, FQDN, or IP address of the external Elasticsearch server.
To avoid DNS resolution issues, Avid recommends using an IP address.
5. Enter the network port used to communicate with the Elasticsearch server.
The default value for this field is 9200.
6. At the SSL Enabled prompt, enter Y (yes) to enable a Secure Sockets Layer (SSL) connection or
N (no) to use an unsecured connection.
If you want to enable SSL, you must verify that the Elasticsearch host is also configured to
communicate through an SSL connection.
7. Enter Y (yes) or N (no) to determine if Elasticsearch requires user authentication.
t If you enter Yes, you must specify an Elasticsearch user name and password.
t If you enter No, you advance to the next step automatically.
8. Enter the name of the index pattern that will be created in Elasticsearch.
The default and recommended value for this field is cloudux-.
to a logging.yaml file located at /etc/avid/config.
9. Do one of the following to continue:
t If you are completing a new MediaCentral Cloud UX install, continue to “Running the
Feature Pack Deployment Script” on page 111.
t If you are enabling system monitoring on a MediaCentral Cloud UX system that is already
fully deployed, proceed to the following sections to complete the configuration:
- “Running the Feature Pack Deployment Script” on page 111
- “Deploying System Monitoring” on page 114
Configuring an Internal Logging Node
If you want to use a MediaCentral Cloud UX server as a logging node, complete the following
process to configure internal log aggregation by installing Elasticsearch and Kibana.
When deploying an internal configuration, Avid recommends that you mount the monitoring data
root directory (/var/lib/mon) to a dedicated disk or a dedicated partition of at least 150GB of an
existing disk. If you did not already complete this process as part of “Configuring the Installation
Destination in the CentOS Install Wizard” on page 47, see the CentOS documentation at https://
www.centos.org/ for instructions on how to alter your existing configuration.
function by entering the following command: avidctl monitoring config logging --help
105
To configure internal log aggregation:

avidctl monitoring config logging -i
2. The first prompt asks if you want to enable logging.
Type Y (y) and press Enter to confirm that you want to continue.
3. The script asks you to determine if you want to send logs to an external instance of Elasticsearch.
Type N (n) to confirm that you want to use an internal instance of Elasticsearch.
4. Enter a value to define the number of days of logs that you want to maintain.
The default value for this setting is 30 days. If your logging node has limited disk space, you
should consider reducing this value.
5. Enter a value in a cron format that defines the log cleanup schedule.
The default value for this setting is: 0 12 * * *
This value clears the logs every twelve hours. Cron formatting can be somewhat complicated.
However, there are multiple resources available on the Internet that can help you to help you
understand cron job options.
6. At the next prompt, you must identify the node that will run the logging back-end (Elasticsearch)
and front-end (Kibana). The script displays a list of MediaCentral Cloud UX nodes.
Enter the corresponding number for the node and press Enter.
to a logging.yaml file located at /etc/avid/config. Additionally, the logging=true label is
assigned to the node that you specified above. You can verify that the label has been added using
the kubectl get nodes --show-labels command.
7. Do one of the following to continue:
t If you are completing a new MediaCentral Cloud UX install, continue to “Running the
Feature Pack Deployment Script” on page 111.
t If you are enabling system monitoring on a MediaCentral Cloud UX system that is already
fully deployed, proceed to the following sections to complete the configuration:
- “Running the Feature Pack Deployment Script” on page 111
- “Deploying System Monitoring” on page 114
Configuring Audit Logging

MediaCentral Cloud UX creates a number of logs that provide administrators with information about
startup events, services, and other details about many of its subsystems. While these system logs are
created automatically by default, audit logs are an optional feature that focus on user operations (not
system operations). Once enabled, this feature can monitor the following actions:
• User sign-in, sign-out, and failed sign-in attempts. Additionally, the system creates a log entry
for any time that an administrator force signs-out a user through the User Management app.
• Information about jobs that appear in the Process app.
106
This feature allows you to process the log files in two different ways. You can choose to enable one
or both, but at least one of the following must be enabled to use this feature:
• Local Logs Files
If you select this option, the system saves log files to a file path that you define when running the
script. While you can review the log files (buffer.<string>.log) using a standard text editor,
the log format is designed for external systems like Elasticsearch that can properly process and
display the data.
After a 24hr period, log files are compressed into a .gz file format. Buffered data is written to a
new log at the end of the next buffer flush period. Administrators should be aware that
MediaCentral Cloud UX does not automatically delete old log files. This is a design decision to
allow organizations to maintain the log files for as long as each site deems appropriate.
Organizations should periodically archive or delete old logs to avoid using an excessive amount
of disk space.
• Integration with Elasticsearch
If you have an external instance of Elasticsearch, you can send the logs through an encrypted and
optionally authenticated connection to the Elasticsearch host for further processing.
Although MediaCentral Cloud UX might host one or more instances of Elasticsearch, Avid does
not support sending audit logs to any of these instances. You must define an external host.
function by entering the following command: avidctl platform config audit-log --help
Complete the following steps to enable audit logging:

1. Enter the one of following commands on your single server or primary master node to execute
the configuration script:
t If you want to enable audit logging with the default local log file configuration, enter the
following command:
avidctl platform config audit-log --enable
After you press Enter, the values are written to an audit-logging.yaml file located at
/etc/avid/config.
t If you want to change the defaults, or enable integration with Elasticsearch, enter the
following command to run the script in interactive mode:
avidctl platform config audit-log -i
The script continues, prompting you to answer a series of additional questions.
2. At the file backend prompt, decide if you want to save local audit logs by entering Y (or y) for
yes or N (or n) for no.
If you answer yes, the system prompts you for two additional pieces of information:
t Define a location in which to store the audit logs. Press Enter or Return to accept the default
path of /var/lib/avid/audit, or type a custom path.
t Enter a value (in number of seconds) that defines the buffer flush period and press Enter or
Return.
When the audit log service receives data, it keeps it in a temporary memory buffer to avoid
constant writes to disk. The flush period defines how often that buffer is written to the log
file on disk. The default value is 1 (second).
107
If you enter no, the script proceeds to the next prompt. In this case the system does not save any
local audit logs.
3. Next you must decide if you want to send logs to an external instance of Elasticsearch.
Enter Y (or y) for yes or N (or n) for no.
If you enter no, the script exits. If you enter yes, you must define additional parameters.
a. Enter the connection information for your Elasticsearch hosts and press Enter or Return.
You must enter each host value using one of the following formats:
- <host>:<port>
- <scheme>://<user>:<password>@<host>:<port>
Where the following values are defined:
- <host>: This is the IP address or FQDN of your Elasticsearch host.
- <port>: This is the network port used to connect to Elasticsearch.
- <scheme>: Available options are http or https.
- <user>: A user name that can connect to your Elasticsearch host.
- <password>: If you specified a user name, enter the associated password.
You can enter multiple hosts by entering multiple values, separating each with a comma.
For example: host1:port1,host2:port2 or alternatively:
https://host1:port1,https://username@password:host2:port2
b. Enter a name for the Elasticsearch index, or press Enter or Return to use default index name
(auditlog).
The script attempts to contact the host to verify its existence. If the system fails to contact
Elasticsearch, the script exits with an error.
to an audit-logging.yaml file located at /etc/avid/config.
To disable audit logging:

1. Enter the following command on your single server or primary master node:
avidctl platform config audit-log --enable=false
The audit-logging.yaml file is updated, defining false values for each audit log option.
2. Redeploy the configuration.
Configuring a Licensing Proxy Connection

Organizations that license MediaCentral Cloud UX through subscription require an active connection
to the internet so that the system can continue to validate the license. To enhance security, Avid
allows you to route this connection through a proxy server.
Use of the proxy server is specific to the licensing service. Any other traffic between the
MediaCentral Cloud UX server and the internet does not use this connection. The actual proxy server
must be customer supplied as the required services are not installed with MediaCentral Cloud UX.
function by entering the following command: avidctl platform config audit-log --help
108
To enable a proxy server connection for subscription licensing:

t Enter the following command from your single server or primary master node:
avidctl platform config lms-proxy --enabled --host <proxy-host> --port 324
--user <user> --password <password>
Where the following values are defined:
- <proxy-host>: This is the IP address or FQDN of your proxy server.
- <user>: (optional) If your connection requires it, enter the name of a user that can connect
to the server.
- <password>: (optional) If you specified a user name, enter the associated password.
After you press Enter, the values are written to a lms-proxy.yaml file located at /etc/avid/
config.
To disable the connection to the proxy server:

1. Enter the following command from your single server or primary master node:
avidctl platform config lms-proxy --enabled=false
2. Redeploy the configuration.
Deploying the Kubernetes Dashboard

The Kubernetes Dashboard is a web-based tool that allows you to view and manage the Kubernetes
environment. As some organizations consider the Dashboard to be a security risk, the tool is not
enabled automatically.
The following processes describe how to enable or disable the Dashboard.
n If you choose not to deploy the Dashboard at this time, you can enable or disable the it at any point
in the future. The Dashboard deployment (or removal) process does not require you to redeploy the
feature packs.
For more information on Kubernetes, see “Working with Kubernetes” on page 335.
To enable the optional Kubernetes Dashboard:

1. Prior to deploying the Dashboard, you must create or obtain a valid certificate file. The same
certificate that you use to authenticate your connection to MediaCentral Cloud UX is used to
authenticate your connection to the Dashboard. If you do not have a valid certificate on your
local workstation, you might be blocked from accessing the Kubernetes Dashboard.
For more information, see “Creating Certificate Files” on page 69.
2. Enter the following command on your single server or primary master node to deploy the
Dashboard:
avidctl extra kube-dashboard deploy
3. Verify that you can access the Kubernetes Dashboard by entering the following address in a
supported web browser:
https://<hostname>:30143
Where <hostname> is the host name of your single server or primary master node.
109
If you have not yet imported a trusted certificate into your local workstation, your web browser
might display a warning to indicate that the connection is not private as shown in the following
illustration.
Example illustration from Google Chrome.
If you see this or a similar window, continue through the warning screens to access the
Kubernetes Dashboard.
Alternatively, you might want to take a moment to import the certificate to your local
workstation and verify that you can connect to the Kubernetes Dashboard without any security
warnings. If you complete this task now, you can verify that your connection to MediaCentral
Cloud UX will also be secure. If your connection to the Kubernetes Dashboard is still identified
as insecure, you should resolve the issue prior to deploying the MediaCentral Cloud UX feature
packs. For more information, see “Importing SSL Certificates” on page 315.
4. Click the Token button and enter the Kubernetes Admin token that you specified in the setup
script. For details, see “Running the Cloud UX Setup Script” on page 62.
5. Click the Sign In button to access the Kubernetes Dashboard.
110
The dashboard appears and defaults to the Overview page, as illustrated below.
6. When you are done using the Kubernetes Dashboard, Avid recommends that you disable the tool
to maximize system security.
To disable the Kubernetes Dashboard:

t If you deployed the Dashboard on your system and you wish to disable it, enter the following
command on your single server or primary master node to complete this task:
avidctl extra kube-dashboard remove
Running the Feature Pack Deployment Script

This script deploys additional Avid software packages that enable much of the MediaCentral Cloud
UX functionality.
c Do not install feature packs for any features that you have not purchased or that you have no
plans on using. For example, if you do not plan to integrate with a MediaCentral Asset
Management module, do not install this feature pack.
function by entering the following command: avidctl platform deploy --help
To run the deployment script:

1. Before you can run the following script, you must mount the Feature Packs ISO
(mediacentral_feature_packs_<build>.iso) to the /features directory on your single server or
primary master node.
The command used to complete this task might vary. If for example you copied the feature pack
ISO file directly to the server, you would use the following command to mount the ISO on the
system:
mount -o ro /<path>/mediacentral_feature_packs_<version>.iso /features
For information on alternative methods to mount an ISO to a Linux directory, see “Mounting an
ISO Image” on page 258.
111
2. Enter the following command on the same node that the ISO is mounted:
avidctl platform deploy -i
The script checks the /etc/avid/config/ directory on the local node to verify the existence of
the system configuration files. While some files, such as pam.yaml, might be present in certain
environments only, the cert.yaml and auth.yaml configuration files must be available on the
single-server or primary master node of every installation.
If the script finds a configuration file, it reports the status of each file [ OK ]. If the script cannot
find the configuration files, the script alerts you to the situation and provides you with an
opportunity to abort the installation and resolve the issue.
c If you are missing the configuration files, you are most likely installing a cluster and you are
attempting to complete the feature pack installation on a non-primary master node. Verify that
you are completing this step on the primary master node.
If you see the following message: “[ERROR] Site Keys and Issuer is not configured”, it means
that you did not complete the process for “Creating a Site Key” on page 67. After you have
successfully created the key files, you can return to this process to deploy the feature packs.
3. The script asks if you want to import features from the Feature Pack ISO.
t If you are performing a new installation, or if you are adding a new feature to an existing
installation, you must enter Y (yes) to import the feature packs from the mounted ISO file.
Example: If you are adding the Publisher app to an existing deployed system, the script must
pull data from the ISO file to complete the installation of the new feature.
t If you made a configuration change to the system and you need to redeploy the feature packs
that were already successfully deployed, you can enter N (no) at this prompt. In this case the
deployment process is much faster as you are not copying files from the ISO.
Example: You updated your Authentication Provider data and you need to deploy it.
4. (if applicable) If you entered yes to the previous question, the script prompts you to define the
mount point for the Feature Pack ISO. Press Enter to accept the default path of /features/
feature-packs/.
If you did not mount the ISO or if the script cannot find the /feature-packs directory at the
defined location, the script replies with an error and prompts you for a valid path.
If you entered No to the previous question, you are not prompted for the feature pack path.
5. The script prompts you with a series of yes or no questions. Each prompt is associated with a
default value which is identified as a capitol Y for yes or N for no. If you press Enter at the
prompt, the default value is used. Do one of the following:
t Press the Enter key to accept the default value.
t Press Y (or y) to install the feature pack.
t Press N (or n) to skip or uninstall this feature pack.
n If you are returning to this script after completing your system installation, you can enter N at the
prompt to remove any previously deployed feature pack from your system.
The following feature packs are covered:

- MediaCentral Production Management
- MediaCentral Asset Management
The Asset Management feature pack includes the Associations app.
112
- MediaCentral Hoverscrub
For more information on Hoverscrub, see “MediaCentral | Hoverscrub” on page 271.
- Enterprise Editing
If you deploy this feature pack, your environment must include both an Asset Management
and a Production Management module. For more information, see “Editing Mixed
Sequences” in the Avid MediaCentral | Cloud UX User’s Guide.
After you complete the installation process, make sure to access and save the Sync Job
Distributor settings. See “Configuring Enterprise Editing Sync Settings” on page 191.
- MediaCentral Ingest
For more information, see the Avid MediaCentral | Ingest User’s Guide.
- Media Composer Enterprise Admin Tool
For more information, see the Avid Media Composer | Enterprise Admin Tool
Administration Guide.
- Asset Logger
For more information, see “Working with the Log App” in the Avid MediaCentral | Cloud
UX User’s Guide.
- Publisher
If you have purchased the MediaCentral Cloud UX Publisher app, you must deploy this
feature. For more information, see “Using the Publisher App” in the Avid MediaCentral |
Cloud UX User’s Guide.
- Distributed Processing
For more information, see the Avid Media Composer | Distributed Processing
- Adobe PM
Only deploy this feature pack if your environment includes an Avid NEXIS system and you
have completed the process for “Configuring Avid NEXIS API Services” on page 90.
For more information on features related to the MediaCentral Panel for Adobe Premiere Pro,
see the Avid MediaCentral | Panel for Adobe Premiere Pro ReadMe.
- NRCS GFX Integration
If you have purchased a license to enable the MediaCentral | MOS Panel for Graphics, you
must deploy this feature.
- NRCS Integration
If you have purchased a license to enable the MediaCentral | Panel for AP ENPS,
MediaCentral | Panel for CGI OpenMedia, or MediaCentral | Panel for Octopus Newsroom,
you must deploy this feature.
- Avid Collaborate
Required if you plan to use the Collaborate app or MediaCentral Collaborate Mobile app.
- Media Services
This feature pack is required if you plan to enable the Send to Playback workflow available
in v2021.3 and later of the MediaCentral Panel for Adobe Premiere Pro.
- Avid Maestro
113
Deploying System Monitoring
Only deploy this feature pack if you plan to integrate your workflow with an Avid Maestro
News system.
The feature pack deployment process begins. Be patient as this process can take some time.
When complete, the script should reply with a “Deployment was successful” message.
6. (if applicable) After the feature packs are imported, they still need to be deployed through
Kubernetes before MediaCentral Cloud UX is available for use. If you deployed the optional
Kubernetes Dashboard on your system, you can use it to monitor the deployment process.
Where <hostname> is the host name of your single server or any cluster node.
When you first access the dashboard, the system will most likely still be in the process of starting
up. In this case, multiple areas appear as yellow or red.
When all services are running, the dashboard should report a green status for all components.
c Some Workloads might not turn green until after you have imported a license file through the
License app.
n The Kubernetes dashboard does not refresh automatically. You must reload or refresh your browser
to see dashboard updates.
Deploying System Monitoring

If you completed the process for “Enabling System Monitoring” on page 101, you must now deploy
System Monitoring on the MediaCentral Cloud UX system.
c Complete this step only if you enabled System Monitoring.
To deploy System Monitoring:

t Enter the following command on your single server or primary master node to execute the
avidctl monitoring deploy
For more information on using the monitoring features, see “Working with Grafana” on
page 342.
114
Installing Software Updates
Installing Software Updates

Avid releases software updates for MediaCentral Cloud UX on a regular basis to introduce new
features and address customer issues. If a software update is available, you can update your system
using one of the following processes:
• (recommended) License and test your current software deployment. After you have verified
basic functionality, download and install any software updates and retest.
• Download and install the software update now.
For more information on current software updates and related installation procedures, see the latest
Avid MediaCentral | Cloud UX ReadMe on the Avid Knowledge Base.
Signing in to MediaCentral Cloud UX

MediaCentral Cloud UX allows you to sign in to the user interface as one of two user types:
• Standard User
Standard users have access to User apps such as Browse, Search, and others. Any user that has
been imported into MediaCentral Cloud UX through the User Management app can obtain
access to the User apps. Your level of access to the apps is based on the client license associated
with your user group and the permissions enabled in the User Management app.
• Administrator
In addition to the User apps, administrators have access to a set of Administrator apps that are
available through a specialized URL. These administrator-only apps allow you to manage user
groups, import licenses, and configure additional settings that are related to your organization’s
custom workflow.
During the process of “Integrating with Active Directory” on page 79, a single user group is
identified as the MediaCentral Cloud UX administrators group. Any user that is added to this
group is granted access the administrator apps.
If you sign in to the administrator portal and subsequently need to access the user apps, you must
sign out of MediaCentral Cloud UX and sign back in using the standard (non-admin) URL.
When authenticating against Active Directory, users must sign in using the sAMAccountName and
not the User Principal Name (UPN). For example a user called John Smith might be able to login to
Active Directory using either jsmith or john.smith@wavd.com. For MediaCentral Cloud UX the
sAMAccountName “jsmith” must be used. This is also required to maintain compatibility with Asset
Management and Production Management.
When authenticating against Okta, users must use their standard Okta login.
The following steps detail the process for signing in to MediaCentral Cloud UX as either a standard
user or an administrator.
To sign into MediaCentral Cloud UX:

1. (if applicable) If you have not already done so, import a trusted certificate into your local
workstation or deploy a Trusted CA certificate in your network.
t If you are using a self-signed certificate or a certificate issued by an Internal CA, refer to the
process for “Importing SSL Certificates” on page 315 to import a trusted certificate.
115
t If you have already deployed a certificate provided by a public CA, you can bypass this
process and proceed to the next step.
If you attempt to access MediaCentral Cloud UX without importing a certificate, you might see a
security warning indicating that the connection is not private as in the following illustration.
This warning relates to your Secure Sockets Layer (SSL) certificate and it is usually encountered
if you are using a self-signed certificate or a certificate provided by an internal certificate
authority.
With the introduction of Google Chrome v80, you must install a valid signed certificate to access
the user interface for all versions of MediaCentral Cloud UX. Any attempt to bypass this security
warning without a valid signed certificate is unsupported and could result in negative impacts to
the user experience.
2. Launch a supported web browser on a Windows or macOS client.
For more information on supported browsers, see http://avid.force.com/pkb/articles/en_US/
compatibility/Avid-Video-Compatibility-Charts.
3. Enter the following URL in the browser’s address bar and press Enter:
https://<hostname>
Where <hostname> is the Fully Qualified Domain Name (FQDN) of the MediaCentral Cloud
UX server or cluster.
c Whenever connecting to MediaCentral Cloud UX, you must use the server’s FQDN.
The MediaCentral Cloud UX welcome screen appears.
116
MediaCentral Cloud UX allows you to customize the sign-in experience by giving you the
ability to personalize the welcome screen and the Fast Bar with a custom graphic, such as your
corporate logo. For more information, see “Adding Custom Graphics” on page 261.
n The welcome screen’s language selection menu does not affect the Administrator apps as these apps
are not localized. Administrator apps are always displayed in English and the menu itself is removed
from the user interface when you switch to the Admin login screen.
4. As an administrator, you must access the Administrator apps to license and configure your
system. To complete these tasks, you must do one of the following:
t Click the Avid logo in the upper-left corner of the MediaCentral Cloud UX welcome screen.
The look of the welcome screen changes slightly and the word Administrator appears over
the User Name field. You might also notice that /admin is added to the end of your URL.
t Enter the following URL in the browser’s address bar and press Enter:
https://<hostname>/admin
Where <hostname> is the Fully Qualified Domain Name (FQDN) of the MediaCentral
Cloud UX server or cluster.
5. Enter your user name and password to access the MediaCentral Cloud UX user interface.
If this is the first time you are signing in, you must enter one of the following:
t If you configured a connection to an authentication provider, enter the credentials for a user
that is part of the MediaCentral Cloud UX administrators group.
t If you did not configure a connection to an authentication provider, enter the predefined
OpenLDAP user: Administrator (password: Avid123).
After you click the Sign In button, one of the following occurs:
- If you enter a valid user and password, you are granted access to MediaCentral Cloud UX.
- If you enter invalid user credentials, the system alerts you to the issue and allows you to try
again. If you enter invalid credentials too many consecutive times, the system temporarily
blocks access to MediaCentral Cloud UX. The sign-in screen displays the following
message: “Login attempt rejected, too many attempts. Next login in 5 seconds”.
117
Administrator App Overview
If you keep trying, the “cool-down” period increases to a maximum of 30 seconds. This is a
security measure to prevent “brute force” attacks on the system.
6. The first time any user signs in, the Avid Software License Agreement is presented.
Click the Accept License Agreement button to proceed.
To sign out of MediaCentral Cloud UX:

1. Click the User Profile button on the right side of the Fast Bar.
2. Select Sign Out.
Administrator App Overview

When you sign in to the MediaCentral Cloud UX Administrator page, the Fast Bar displays a set of
apps that allow you to add licenses, configure system settings, manage users, and more. The
following illustration displays the Administrator Fast Bar (not all apps represented).
The following table briefly describes each of the Administrator apps:
Button Name Description
Configuration Settings This app allows administrators to configure settings related to general system operation,
including Publisher, Email settings, external applications and more.
For more information, see “Using the Configuration Settings App” on page 186.
Search Index Monitor This app provides a snapshot of the current state of the search index, catalogs, and
queues. Additionally, the app allows you to rebuild the search index for any connected
module.
For more information, see “Using the Search Index Monitor App” on page 206.
License Allows you to import licenses into MediaCentral Cloud UX.

For more information, see “Using the License App” on page 153.
Ingest Allows you configure settings related to the Ingest app.

For more information, see the Avid MediaCentral | Ingest User’s Guide.
Workflow Settings This app allows you to configure Playback settings and Send To Playback profiles.
For more information, see “Using the Workflow Settings App” on page 201.
User Management Allows you to import users from LDAP and assign client licenses to LDAP user groups.
For more information, see “Using the User Management App” on page 171.
Media Composer | If your organization has purchased Media Composer | Enterprise Admin Tool, this icon
Enterprise Admin Tool appears in the Administrator Fast Bar after you deploy and license the feature.
For more information, see the Avid Media Composer | Enterprise Admin Tool
118
Continuing the Installation
Button Name Description
Multi-Site Settings Allows you to connect multiple MediaCentral Cloud UX systems together.
For more information, see “Using the Multi-Site Settings App” on page 235.
Legal List The Legal List Administrator allows you to configure settings related to MediaCentral
Asset Management lists.
For more information, see “Using the Legal List Administrator App” on page 218.
Collaborate Settings Allows you to configure settings related to the Collaborate app.
For more information, see “Using the Collaborate Settings App” on page 243.
Metadata Mapping Allows you to map Avid metadata values to matching values in applications that
Management connect to MediaCentral Cloud UX, such as Adobe Premiere Pro CC.
For more information, see the Avid MediaCentral | Panel for Adobe Premiere Pro
ReadMe.
Process Modeler Allows you to graphically design process models that can be used by the MediaCentral
Asset Management Process Engine.
For more information, see the Avid MediaCentral | Cloud UX Process Modeler User’s
Guide.
User Profile Although not an Administrator app, this icon appears at the far right of the Fast Bar.
From here you can find more information About your user session, access the Help
system, or sign-out of MediaCentral Cloud UX.
When you access the Administrator apps, the User Profile button in the upper-right corner of the Fast
Bar appears with a gear icon. This is an indicator that you are accessing the Cloud UX
Administrators apps.
Since the information in the Workflow Settings can change more often than that of other apps,
MediaCentral Cloud UX defaults to the Workflow Settings app whenever you access the
Administrator settings.
It is important to note that all Administrator apps are Focused apps. Focused apps fill the user
interface and they can not be docked like some User apps such as Browse and Search.

Depending upon your workflow, complete the following sections as applicable:
• “Installing Nexidia Search Grid” on page 121
If your organization purchased MediaCentral Phonetic Index, you must complete this section.
• “Configuring Production Modules for MediaCentral Cloud UX” on page 132
You need to complete this section only if you plan to integrate MediaCentral Cloud UX with a
MediaCentral Production Management module.
• “Using the License App” on page 153
This section is required for all installations.
119
• “Using the User Management App” on page 171

• “Using the Configuration Settings App” on page 186
• “Using the Workflow Settings App” on page 201
• “Using the Legal List Administrator App” on page 218
If you are integrating with a MediaCentral Asset Management system, you must review this
section.
• “Using the Multi-Site Settings App” on page 235
If your organization plans to connect multiple MediaCentral Cloud UX systems together in a
multi-site configuration, you must complete this section.
• “Using the Collaborate Settings App” on page 243
If you are licensed for the Collaborate app, you’ll want to access this app to manage user
permissions to the app.
• “Importing SSL Certificates” on page 315
This section is required if you are using either self-signed or internal CA certificates.
120
4 Installing Nexidia Search Grid

• Nexidia Search Grid Overview
• Search Grid Prerequisites
• Installing the Operating System
• Installing the Search Grid Software
• Configuring MediaCentral Phonetic Index
• Phonetic Index and Search Grid Log Files
Nexidia Search Grid Overview

Nexidia Search Grid™ is a framework of services that MediaCentral Cloud UX uses to perform
phonetic indexing of audio media for use with MediaCentral | Phonetic Index and the MediaCentral
Cloud UX Search app. This chapter provides information about how to install and configure the
Nexidia Search Grid server.
Before you can use MediaCentral Phonetic Index, your MediaCentral Cloud UX license must include
the MediaCentral | Phonetic Index option. For more information on this license and how you can
license your system to index additional hours of content, see “Understanding the License Types” on
page 154.
Search Grid Prerequisites

Nexidia Search Grid must be installed on a dedicated server that meets the following specifications:
Specification Minimum Recommended
Server Count 1 See “Hardware Sizing Information” on page 122 for additional information.
Operating CentOS v7.x Avid recommends that you install the latest version of CentOS v7.x
System available at the time of your Search Grid installation.
CPU Core Count 4 12+
Memory 32 GB RAM 64+ GB RAM
Network 1 Gbps 1 Gbps or greater
Disk Solid State Drive (SSD)

Solid state drives offer a significant performance increase over spinning-disk storage. For
this reason Avid does not recommend nor support using spinning magnetic disk storage for
the Search Grid server.
For more information, see “Hardware Sizing Information” on page 122.
Specification Minimum Recommended
Additional For more information on minimum software requirements for integrated systems, see the
Software MediaCentral Compatibility Matrix on the Avid Knowledge Base at:
http://avid.force.com/pkb/articles/en_US/compatibility/Avid-Video-Compatibility-Charts.
Additional Configuration Notes
Avid does not support co-installing the Search Grid software on the same server that is running
You are not required to mount the source media storage, such as Avid NEXIS, directly on the Search
Grid server. The connection to the media storage is established through the MediaCentral Cloud UX
media playback services.
If your MediaCentral Cloud UX system is connected to a MediaCentral | Archive Production module,

Avid does not support phonetic indexing of the archived media.
Hardware Sizing Information

The number of hours of audio that you need to index can impact the minimum size of your storage.
The following table provides a purchasing guideline for your system storage.
Hours of Audio Media Minimum Recommended Storage
< 10,000 Hours 50 GBa
25,000 Hours 120 GBa
50,000 Hours 250 GBa
100,000 Hours 480 GBa
a. The values above represent the minimum recommended storage requirements for the phonetic indexing data.
You must allocate at least an additional 100 GB of storage for the operating system (binaries, log files, swap
space, etc).
Generally speaking, the storage required to hold indexes managed by Phonetic Index is a function of
the total duration of searchable media and not the number of assets. The amount of storage used by
the search indexes is approximately 5 MB per media hour.
When requisitioning your storage, you must make sure that you have enough disk space reserved for
the indexes. The indexing process will automatically stop if the drive gets close to full.
n Media files are not duplicated, transcoded, or stored permanently on the server. Storage
requirements are for Search Grid application data and asset artifacts — not the media itself.
Language Packs
Language Packs provide a basic structure for Phonetic Index to read your audio media. For instance,
there might be different dialects for Canadian French as compared to European French, and the
language pack helps to properly analyze the spoken words in your audio media.
122
The following table lists the Avid supported language packs and their associated Globally Unique
Identifiers (GUIDs):
Brazilian Portuguese Italian

(a4363b81-2b62-405e-afde-fa1952d74f50) (cd810e31-a8a3-48ef-add3-a2303ffc1a69)
Canadian French Japanese

(622265f9-36d6-46ab-a2af-f1c3e39a2e7e) (642af87b-5050-4fe8-b7f9-4de4594aeaf0)
Cantonese Korean
(83a601ae-9291-44ae-aaf7-91a88fa5fbcb) (f8a51d93-519c-45b4-9c6f-5f41e62e5d76)
Danish Latin American Spanish

(1ae0ed60-84fd-4225-9274-6dbdfed19d2d) (85468660-d1a2-4a23-bd40-770923621607)
Dutch Mandarin
(3ede0312-d969-4c73-8aed-7aabd08e5e7d) (3150feb1-de56-4f00-8474-b2d17d91e19b)
European French MS Arabic (SATTST)

(f0938c52-dd3b-428d-b55b-3d4253c0bc5c) (05612d1a-622d-4161-8e4a-5498910a491d)
European Spanish North American English

(1d20529f-e753-400f-97d7-73c709e7e1b5) (a3390ff3-eadb-4b2c-a9da-4a4fba0e2f77)
Farsi Polish
(58622f43-21bb-4615-96e4-277268ad1156) (2c06be82-c57d-4f36-9c28-0ed49ee40f52)
Flemish Russian
(90a702e6-50ad-43d5-a8da-1e9f28d8bbf3) (2b03551e-794f-4fed-8e55-c1dc9ac75e2c)
German Swedish
(b4b6f986-17a2-45e0-a6c7-b20352712a12) (3e443121-0633-4c7c-8c4a-887e22de3c81)
Hebrew Tagalog
(b84ac5b5-30c8-445d-9941-eede9e93d262) (93d29747-9175-4e89-b25f-981a3325caaf)
Hindi Thai
(94de18c6-5d48-489e-8ab6-c5b163b812ee) (86686103-3bf4-4379-a33e-4be82ac0dd72)
Indonesian Turkish
(a78cbff5-7564-40b0-a0ec-b38ff1801a2a) (057c90f9-42db-42ab-b015-acd7b0953077)
International English UK English

(d699037f-5b72-42fe-ad42-4512f34e1db0) (7026e1ac-7b2e-439a-b9f7-aad8ddabbb7e)
n Avid does not test the performance of individual language packs. All testing is performed using the
International English language pack. The quality of hits returned for phonetic searches could vary
based on your default language.
If desired, you can install and test your system using the International English language pack. After
system functionality has been verified, you can install and test with an alternate language pack.
You can download alternate language packs from the Avid Download Center. After you are logged
in, you can find the language packs under: Avid MediaCentral > MediaCentral Language Packs.
123
Installing the Operating System
Installing the Operating System

Before you can install the Search Grid software, you must install the CentOS operating system on
your server. The process of installing CentOS is not described in full detail here, but you can
reference “MCUX Software Deployment” on page 46 as a guideline for the process. For additional
installation options, details, and instructions, see the documentation on the CentOS Project page at:
https://www.centos.org/.
To install CentOS on the Search Grid server:

1. Download the 7.x CentOS ISO from the CentOS Project website:
https://www.centos.org/download/
When downloading the ISO, Avid recommends that you select the Minimal ISO option.
2. Install the operating system on the server.
When installing the software, note the following:
- Avid suggests that you select the Minimal Install option in the Software Selection screen.
- If your server includes only a single volume, you should be able to select the default
Installation Destination options.
- Make sure to configure networking — assigning a static IP address and a host name to the
server.
- You must configure the Search Grid server to connect to the same NTP (Network Time
Protocol) source as the MediaCentral Cloud UX system.
- When configuring your root user password, you might consider assigning the same
password to the Search Grid server that was assigned to the MediaCentral Cloud UX system
for consistency. However, this is not a requirement.
Installing the Search Grid Software

Before installing and configuring Nexidia Search Grid, you must verify that all media is online in
your source asset management systems (example: MediaCentral Production Management). Offline
audio media cannot be read by MediaCentral Phonetic Index and users will not be able to find
phonetic metadata for offline audio.
If your system is included as part of a Multi-Site configuration and each site is licensed for Phonetic
Index, Avid recommends that you install and license the same language packs for each site. If your
local site is missing a language pack, your search results will not include hits from the remote site
that uses the missing language pack.
For example, consider an organization that has three sites. Sites A and B are configured with the
International English language pack, and Site C is configured with the German language pack.
• If you create a phonetic search from Site A or B, you will not be able to select the German
language option from the phonetic pill’s language menu (because it is not installed). If you attempt
to execute the search using the default English option, the search results will not include hits for
Site C.
• If you create a phonetic search from Site C, the reverse is true. The search results will not include
any hits for Site A or B.
124
The installation process consists of the following sections:

• “Installing Search Grid” on page 125
• “Configuring Search Grid” on page 126
• “Installing Additional Language Packs” on page 128
Installing Search Grid

Complete the following process to install or upgrade the Search Grid software. The process to install
Search Grid on a new server and the process to upgrade the software on an existing server are very
similar. Upgrade-specific steps are noted below.
To install the Search Grid software:

1. Obtain the Search Grid installer package (SearchGrid_<version>.zip) from Avid and copy it
to a temporary location on a local Windows workstation.
2. Use the built-in capability of the Windows workstation to uncompress the Search Grid installer.
The .zip file contains the following files:
- IntlEnglishTeleUniversal-<version>.tgz : The Search Grid International English language
pack.
- LICENSE.pdf : The end user license agreement.
- SearchGrid.lic : The Search Grid license file.
- searchgrid_<version>.tgz : The Search Grid software installation package.
3. If you have purchased an alternate language pack from Avid, copy the language pack to the same
temporary location on your Windows workstation.
4. Log in to the Search Grid server as the root user.
For more information, see “Logging in to CentOS for the First Time” on page 55.
5. Copy the Search Grid installer, license file, and language pack (or packs) from the Windows
workstation to a temporary location on the Search Grid server.
For more information on how to copy files to a Linux server, see “Copying Software to the
6. After you have copied the files to the server, you must uncompress the Search Grid installer
package:
tar -xvzf searchgrid_<version>.tgz
n Do not manually un-tar (uncompress) the Search Grid language pack file or files.
7. Navigate to the new folder created in the previous step:

cd searchgrid_<version>
8. Before installing the Search Grid software, you must enter the following commands to disable
the Linux firewall service:
systemctl stop firewalld
systemctl disable firewalld
125
9. (Upgrades only) If you are upgrading an existing installation, stop the searchgrid services prior
to installing the new software:
service sgcontrol stop
service sgbase stop
service sgagent stop
service sggateway stop
10. Enter one of the following commands to install the Search Grid software:
t To complete a new installation, type the following and press Enter:
yum install -y searchgrid-{apps,control,data,gateway,opt,common}*.rpm
The installation process begins.
After the install process is complete, a message similar to the following is displayed:
Installed:
searchgrid-apps.x86_64 <version>
searchgrid-common.x86_64 <version>
searchgrid-control-node.x86_64 <version>
searchgrid-data-node.x86_64 <version>
searchgrid-gateway-node.x86_64 <version>
searchgrid-opt-media-accessors.x86_64 <version>
Complete!
t To upgrade an existing installation, type the following and press Enter:
yum upgrade -y searchgrid-{apps,control,data,gateway,opt,common}*.rpm
11. (Upgrades only) If you are upgrading an existing installation, restart the searchgrid services:
service sgcontrol start
service sgbase start
service sgagent start
service sggateway start
The software installation process is complete. If you are completing a new installation, proceed to
“Configuring Search Grid” on page 126.
Configuring Search Grid

After you have installed Nexidia Search Grid, you must configure the software to work with
MediaCentral Phonetic Index. This process uses the Search Grid license file (SearchGrid.lic).
To configure the Search Grid software:

1. Locate your Search Grid license file (SearchGrid.lic) and copy it to the following directory on
the Search Grid server: /opt/searchgrid-3.1/etc/
For more information on how to copy files to a Linux server, see “Copying Software to the
If you have already copied the file to a temporary directory on the server, you can use the
following command to copy the file into the required directory:
cp /<path>/SearchGrid.lic /opt/searchgrid-3.1/etc/
126
2. Verify or edit the contents of the Search Grid configuration file.

a. Use the Linux vi editor to open the Search Grid configuration for editing:
vi /opt/searchgrid-3.1/etc/local-properties.xml
If you are unfamiliar with vi, you can refer to “Using the vi Editor” on page 259 for a short
introduction to the text editor.
b. Navigate to the section of the file that contains the network configuration information as
shown in the following example:
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE properties SYSTEM "http://java.sun.com/dtd/properties.dtd">
<properties>
<entry key="nexidia.searchgrid.this.public.bindAddress">192.168.10.60</entry>
<entry key="nexidia.searchgrid.this.gridprivate.bindAddress">127.0.0.1</entry>
<entry key="nexidia.searchgrid.control.connectionString">127.0.0.1</entry>
</properties>
c. Verify that the public bind address matches the IP address of your primary network adapter.
In this example, 192.168.10.60 is the name of the public bind address.
If the IP address is not configured correctly, replace the current address with the correct IP
address.
d. Save and exit the vi session. Press <ESC> and type: :wq
3. Next you must enter the following commands to restart four related Search Grid services:
systemctl restart sgcontrol
systemctl restart sggateway
systemctl restart sgbase
systemctl restart sgagent
4. After restarting the services, you must verify that you can connect to the Nexidia Search Grid
Management Console before continuing with the installation process. This process ensures that
the required services are running before you install the language pack.
a. Enter the following command to sign in to the console:
/opt/searchgrid-3.1/bin/management-console -u admin -p admin
The console reports that you are logged in:
Nexidia Search Grid Management Console 3.1.13.18 (18ec2de)
Type 'get-help' for available commands
#
b. After you have successfully connected to the console, type exit to close the Management
Console.
5. Install your language pack or packs:
t If you want to install the International English language pack that is included with the
Search Grid installer, enter the following command to install the language pack:
/opt/searchgrid-3.1/bin/management-console -f -u admin -p admin add-lp
/root/IntlEnglishTeleUniversal-<version>.tgz
t If you need to install one or more additional language packs, proceed to “Installing
Additional Language Packs” on page 128.
127
Installing Additional Language Packs

If you purchased a language pack from Avid, you must use the following process to install the
language pack.
n If you are altering the language packs for a fully deployed MediaCentral Cloud UX where all
connected MediaCentral modules have already been indexed, you must resync the index using the
tools available in each source MediaCentral module.
To install and enable the language pack:

1. Enter the following command to install the language pack on the Search Grid server:
/opt/searchgrid-3.1/bin/management-console -f -u admin -p admin add-lp
/<path>/<pack_name>-<version>.tgz
2. Use the Nexidia Search Grid Management Console to verify the installation.
a. Enter the following command to sign in to the console:
#
b. Type get-lp to display a list of installed language packs.
The console might show one or more language packs, depending on how you completed
your installation. The following example output shows both the International English and
German language packs installed:
1: IntlEnglishTeleUniversal-9.0.0.193899
d699037f-5b72-42fe-ad42-4512f34e1db0
International English; 44
Includes search model
Includes phonetic digest model
2: GermanTele8kHz-9.0.0.191760
b4b6f986-17a2-45e0-a6c7-b20352712a12
German; 8
Includes search model
Includes phonetic digest model
c. After you have successfully connected to the console, type exit to close the Management
Console.
3. At this point you must use the Kubernetes Monitor to delete the avid-search-search pod or
pods (there might be more than one)
4. (if applicable) If you plan on indexing a Production Management system, refer to the process for
“Editing the Phonetic Indexing Tab” on page 150.
5. (if applicable) If you plan on indexing an Asset Management system, complete the following
steps to configure the Asset Management database:
a. Sign in to Control Center as an administrator.
b. In Control Center’s Configuration Profiles view, select the SyncCentralIndex profile.
128
c. Select the section PhoneticIndexing/LanguagePacks and create a separate key for each
alternate language pack you have licensed. By default, the key en with the ID of the
International English language pack is provided.
d. Click the Add > Setting button.
e. Type the name in the NewSetting field that is shown and press Enter.
f. Paste or type the ID of the language pack that you obtained (for example, from the Search
Grid console during the installation of the alternate language pack on the Search Grid server)
in the Value field.
g. Click the Save button on the Configuration Profiles view toolbar.
6. Continue to “Configuring MediaCentral Phonetic Index” on page 129.

The processes contained in this section allow you to configure Search Grid to index the MediaCentral
modules that are integrated with your MediaCentral Cloud UX system.
This section includes the following processes:

• “Configuring Asset Management Media Path” on page 129
Required for Asset Management integrations only.
• “Creating the Phonetic Index Configuration File” on page 130
Required for all installations.
• “Indexing Your Audio Media” on page 130
Required for all installations. This is the final step that creates the index of your audio media.
Configuring Asset Management Media Path

Before Search Grid can create the phonetic index data, you need to configure the path to the media.
This allows the sync agents to send the media location to the search index.
Complete this section if you are integrating with a MediaCentral Asset Management module. This
process requires you to use the Control Center utility on the Asset Management server.
To configure the media path:

1. Sign in to Control Center as an administrator and select the SyncCentralIndex profile.
n If you are configuring Asset Management v2021.7 or earlier, you can access the settings through the
System Administrator.
2. Select PhoneticIndexing and adjust the following values:

- Enabled: Set to true to enable Phonetic Indexing.
- AudioRenderUrl: Enter the following text exactly as shown here:
http://{mcshost}:30880/render?r=%2F{filename}&t=wav&a={trackbitmask}&b=
0&ext=.wav
If your AudioRenderUrl settings do not match the information above, you must update the
value to match the text above.
129
For additional information, including how to configure Phonetic Search for individual asset
types, see “Configuring MediaCentral Search for Asset Management” in the Avid MediaCentral
| Asset Management Installation Manual.
3. Click the Save button on the Configuration Profiles view toolbar.
Creating the Phonetic Index Configuration File

If your organization has purchased a MediaCentral Phonetic Index license, you must ensure that you
have created the phonetic.yaml file on your MediaCentral Cloud UX single server or primary
master node to enable this workflow.
To create the configuration file:

t If you are installing a new MediaCentral Cloud UX system with MediaCentral Phonetic Index,
you should have already completed the process for “Configuring MediaCentral Phonetic Index”
on page 95 as part of the standard system installation.
In this case, you can proceed directly to “Indexing Your Audio Media” on page 130.
t If you are adding MediaCentral Phonetic Index to an existing MediaCentral Cloud UX
installation, you must complete the following steps:
a. Create the configuration file per “Configuring MediaCentral Phonetic Index” on page 95.
b. Redeploy the Feature Packs by running the avidctl platform redeploy script as
directed in “Altering the Configuration” on page 61.
c. Proceed to “Indexing Your Audio Media” on page 130.
Indexing Your Audio Media

The process to phonetically analyze your audio media uses the playback services on the
MediaCentral Cloud UX system. Before you begin configuring Phonetic Index, you must verify that
your MediaCentral Cloud UX system is able to play back assets from all MediaCentral modules that
include audio media that you plan to index. Only after you have confirmed this functionality should
you complete the following configuration processes.
When indexing an asset that includes multiple audio tracks, Phonetic Index reads the first audio track
only by default. If you want MediaCentral Search to return phonetic data for additional audio tracks,
you must configure settings in your source asset management system.
To index your audio media:

t If you are completing a new MediaCentral Cloud UX installation, you must index your assets
using the tools available in each source MediaCentral module. As you have not yet indexed the
modules, this process creates both text and phonetic index data.
t If you are adding MediaCentral Phonetic Index to an existing installation, you must resync the
index using the tools available in each source MediaCentral module. For example, the
MediaCentral Search Connector in Production Management’s Interplay Administrator.
For additional information, refer to the following:

• For MediaCentral Production Management, see “Configuring the MediaCentral Search
Connector” on page 140.
• For MediaCentral Asset Management, see “Configuring Asset Management for MediaCentral |
Cloud UX” in the Avid MediaCentral | Asset Management Installation Manual.
130
Phonetic Index and Search Grid Log Files
Phonetic Index and Search Grid Log Files

After you have installed and configured the Search Grid server and MediaCentral Phonetic Index,
you can obtain log file information related to phonetic indexing at the following locations:
• MediaCentral Cloud UX
You can find log information in the avid-indexer-search Kubernetes pod. When reviewing
this log file, you might see errors reported for any offline media or assets that do not includes
audio data. In these cases the errors could be normal and might not be a cause for concern.
For more information on gathering Kubernetes logs, see “Working with Kubernetes” on page 335.
• Search Grid Server
Information related to the Search Grid software can be found at:
- /var/opt/searchgrid/gateway-node/logs/gateway-service.log
- /var/opt/searchgrid/control-node/logs/control-service.log
- /var/opt/searchgrid/data-node/logs/agent-service.log
131
5 Configuring Production Modules for
MediaCentral Cloud UX

• Production Module Overview
• Configuring Interplay Administrator Settings
• User Authentication Providers
• Configuring the MediaCentral Search Connector
Production Module Overview

Avid offers two modules related to production workflows:
• MediaCentral | Production Management
• MediaCentral | Archive Production
This chapter details the steps required to integrate MediaCentral Cloud UX with these two modules.
For more information on the processes and terms used in this section, refer to the Avid Interplay |
Engine and Interplay | Archive Engine Administration Guide on the Avid Knowledge Base at:
http://avid.force.com/pkb/articles/en_US/readme/Avid-Interplay-Production-Documentation.
n The illustrations in this chapter originate from Avid MediaCentral Production Management v2022.3.
If you are integrating a different version some settings might look different or might be located in
other areas of the Avid Interplay Administrator. See the documentation for your version of
Production Management for more information.
If you do not plan to integrate MediaCentral Cloud UX with a Production module, you can bypass
this chapter.
Some workflows associated with MediaCentral Archive Production require integration with Avid
MediaCentral | Shared Library. For more information, see the Avid MediaCentral | Shared Library
Configuring Interplay Administrator Settings

When integrating with a Production module, MediaCentral Cloud UX obtains many settings directly
from the databases of each module. System administrators use the Interplay Administrator tool to
configure these settings.
This section includes information the following sections of the Interplay Administrator:
• “Signing in to the Interplay Administrator” on page 133
• “Enabling Server Settings” on page 133
• “Configuring the MediaCentral Platform Settings” on page 134
• “Configuring the Interplay Transfer Settings” on page 135
• “Configuring the Application Database Settings” on page 135
• “Configuring Send to Playback Settings” on page 136
Signing in to the Interplay Administrator

Before you can adjust any of the settings found in this section, you must open and sign in to the
Interplay Administrator.
To sign in to the Interplay Administrator:

1. Launch the Interplay Administrator on the Production server or a workstation that has Interplay
Access installed. Depending on your operating system, this might be found at:
Start > Avid > Avid Interplay Access Utilities > Avid Interplay Administrator
2. Enter your Production module’s Administrator credentials and click Connect.
Enabling Server Settings

When you make a change to an asset in the Production module’s database, you want to make sure
that the change is picked up by the MediaCentral Cloud UX search engine. The Update Tracking
option described in this process allows changes in the search properties specified in the Production
module’s database to be pushed to MediaCentral Cloud UX search engine.
This process applies to both Production Management and Production Archive systems. If you have
both modules, you must complete this process separately on each module.
To configure the Server Settings:

1. From the main menu, select Server > Server Settings.
2. In the Update Tracking section, select Enabled to enable sync events.
3. Click Apply Changes to save the settings change.
133
Configuring the MediaCentral Platform Settings

This process applies to both Production Management and Production Archive systems. If you have
To configure the MediaCentral Platform Settings:

1. From the main menu, select Site Settings > MediaCentral Platform Settings.
2. Before you can find Production assets through the MediaCentral Cloud UX Search app, you
must configure the MediaCentral Connection setting.
In the Gateway Host field, type the short host name or FQDN (fully qualified domain name) of
your MediaCentral Cloud UX server or cluster.
3. (Production Management only) If your workflow includes Media Composer Cloud Remote
clients, you must configure the MediaCentral Playback Service settings:
- Hostname: Type the FQDN (fully qualified domain name) of your MediaCentral Cloud UX
server or cluster.
- Username / Password: Specify a user name and password that will be used to connect Media
Composer Cloud Remote users to the MediaCentral Cloud UX system.
This must be an Active Directory user that is part of a user group that has been imported into
MediaCentral Cloud UX. This user must also be associated with one of the following
Authentication methods in the User Management settings of the Production Management
database: MediaCentral Platform Authentication, LDAP Authentication, or Windows
Domain Authentication.
4. Click the Apply Changes button for any settings that were adjusted.
134
Configuring the Interplay Transfer Settings

If your organization plans to enable a Send to Playback workflow, you must configure the Interplay
Transfer Settings. MediaCentral Cloud UX uses these settings to populate menus in profiles created
through the MediaCentral Cloud UX Workflow Settings app.
To configure the Interplay Transfer settings:

1. From the main menu, select Site Settings > Interplay Transfer Settings.
2. Configure the settings in this panel per the Avid Interplay Transfer Setup and User's Guide.
3. After you have configured all areas of this panel, click Apply to save the settings.
Configuring the Application Database Settings

This process applies to MediaCentral Production Management only.
To configure the Application Database settings:

1. From the main menu of the Interplay Administrator, select Application Settings > Application
Database Settings.
2. Select the Edit Settings tab and adjust the following:
a. (optional) Format > Video Format: This setting determines the default video format for
sequences created in MediaCentral Cloud UX. You must select a specific video format from
the menu or leave the default selection of “Any”. If “Any” is selected, MediaCentral Cloud
UX determines the video format of the sequence by using the format of the first clip that the
user adds to the sequence timeline.
135
User Authentication Providers
b. (required) Audio > General Settings: Ensure that a Media Creation workspace has been
assigned. If this value is empty, voice-over recording in MediaCentral Cloud UX will fail.
3. (optional) Select the Application Defaults tab and adjust the following:
a. Default Shotlist Start Timecode: Shotlists created in MediaCentral Cloud UX are created
with this timecode value. The default value for this setting is 01:00:00.
4. Click the Application Defaults tab and configure the Audio Mixing Defaults option.
t If enabled, MediaCentral Cloud UX uses these values when you load a sequence into the
Asset Editor. However, enabling this feature also disables MediaCentral Cloud UX’s ability
to save custom panning changes that a user might make to a Sequence.
t If the check box is not selected, MediaCentral Cloud UX sequences assigns odd tracks=left
and even tracks=right for all tracks by default. Users can change the panning levels for
Sequences using the Audio tab in the Asset Editor.
5. Click Apply.
Configuring Send to Playback Settings

Depending on your settings, MediaCentral Cloud UX might add audio dissolves, panning, or gain
adjustments to your sequence automatically — even if your sequence is composed of only a single
clip.
While these effects are generally not a problem for MediaCentral Cloud UX or Media Composer,
some workflows might identify these adjustments as unrendered audio effects and block the STP
process. If your STP workflow includes Interplay Web Services (IWS) or another 3rd party solution,
you can configure the following settings to eliminate these audio effects.
To configure
1. From the main menu of the Interplay Administrator, select Application Settings > Application
Database Settings.
2. Select the Edit Settings tab and adjust the following:
- Audio Effects > Dissolve Duration [frames]: Set to a value of 0 (zero)
- (News sequences only) Center-Panned Sound on Tape and Voice Over: Disabled
- (News sequences only) Audio General Settings > Ducking [-dB]: Set to a value of 0 (zero)
3. Select the Application Defaults tab and verify that the Audio Mixing Defaults are configured to
alternate left and right. This is the application’s default setting — with odd number tracks
defaulting to Left, and even numbered tracks defaulting to Right.
4. Click Apply.
5. When sending the asset to your playback destination, you must also verify that all gain
adjustments made through Media Composer or the Audio tab of the Asset Editor are at their
default value (0 db).

When configuring a Production module with MediaCentral Cloud UX, you must enable
MediaCentral Platform Authentication as a User Authentication Provider. The following illustration
shows the User Authentication Providers configuration window in the Interplay Administrator.
136
After you enable MediaCentral Platform Authentication, any user that signs into MediaCentral Cloud
UX is added automatically as a user in the Production database. As with MediaCentral Cloud UX,
the Production database stores users, but not passwords.
The Import Users button allows you to import all MediaCentral Cloud UX users or selected groups of
users into Production Management. After a MediaCentral Cloud UX user or group is added to the
Production database, a Production Management administrator must enable the appropriate roles and
permissions (folder access, group access, and other options) for each user/group.
Refer to the following for more information:

• “Multiple Authentication Providers” on page 137
• “Configuring the Authentication Providers” on page 139
Multiple Authentication Providers

If you plan to connect two or more MediaCentral systems to the same Production Management
module, the tool includes an Add Server button that allows you to specify additional Authentication
Providers. You might run into this scenario if you connect your Production Management module to
both a MediaCentral Cloud UX and a MediaCentral Sync system.
As an alternative example, you might need to define a second MediaCentral provider in the event that
your engineering department purchases a second MediaCentral Cloud UX system as a lab
environment. However, you should not that certain limitations apply to adding two or more
MediaCentral Cloud UX systems as authentication providers — such as the ability to configure only
one Gateway Host (see next section), one Search provider, and more. Only the MediaCentral Cloud
UX server that is configured in all of these areas is fully production-ready. These limitations to do
apply to MediaCentral Sync because that product does not include features such as the Search app.
If you add more than one MediaCentral authentication provider, you must ensure that your /etc/
avid/config/pam.yaml configuration file includes the short host name of the MediaCentral Cloud
UX server or cluster as an auth hint value. For example: auth_hint: "wavd-mcux01"
When you add a hint, MediaCentral Cloud UX includes the value whenever communicating with the
Production system. When replying, the Production system uses this value to ensure that the reply is
directed at the correct MediaCentral Cloud UX system.
If you are editing an existing pam.yaml file, you must redeploy your system to activate the change.
For more information, see “Connecting to MediaCentral Production Management” on page 86 and
“Connecting to MediaCentral Archive Production” on page 87. For more information on the
redeployment process, see “Altering the Configuration” on page 61.
137
MediaCentral Production Management Workflow
When you specify more than one server in the MediaCentral Platform Authentication settings, users
might need to add a server prefix to their username when logging into either Interplay Access or the
Interplay Administrator. This prefix ensures that the user’s credentials are validated correctly. If this
value is missing, the client application might try to authenticate the user against the wrong
MediaCentral system and the login would fail.
The following illustration shows the Interplay Access login window with the MediaCentral Cloud
UX server prefix added to the Username field. Users must enter the server name, followed by a
backslash, and their user name.
This workflow change is applicable only to those users who have only the MediaCentral Platform
Authentication check box enabled in their user profile. The user in the following example illustration
would not need to enter the server prefix because their account is also associated with the Internal
Authentication option.
Users and groups created through MediaCentral Platform Authentication are added to the Production
module’s database under: Imported Users > MEDIACENTRAL > [server]. All user groups that are
imported through this process appear in this directory as [group]@[server]. This suffix ensures that
no two user groups appear with the same name in User Management.
138
If you configure more than one MediaCentral Authentication Provider, each system appears as a new
subdirectory under the MEDIACENTRAL directory
If you widen the permissions of any MediaCentral parent user (the generic “Imported
Users\MEDIACENTRAL” group or the linked group(s) directly below), sub-groups might also
inherit these new (wider) permissions. As a result, you might inadvertently grant more permissions to
the users in these sub-groups than intended. If for example you change the permissions of the
MEDIACENTRAL group from Read to Read/Write, lower-level groups will inherit these increased
permissions. For this reason, you must be sure to verify the roles of any sub-groups (as necessary)
after widening the permissions of the MEDIACENTRAL parent user group. If any sub-group’s role
has been manually set using the Administrator, the permissions of the sub-group are not altered.
c Administrators must not move the groups that are created through this process to a different
location in the Production system’s User Management tree. If you move a group, the Engine
might try to re-create the group and fail because the group name is not unique (it already exists
in a different location in the tree). Although the user login is successful, errors are logged in the
NxNServer.log.
Configuring the Authentication Providers

Complete the following steps to configure this area if the Interplay Administrator. This process
applies to both Production Management and Production Archive systems. If you have both modules,
you must complete this process separately on each module.
For more information on the User Authentication Providers window, see “Setting MediaCentral
Platform Authentication and Importing Users” in the Avid Interplay | Engine and Interplay | Archive
Engine Administration Guide.
c MediaCentral Platform Authentication must be enabled for any MediaCentral Cloud UX

installation that includes MediaCentral Production Management or Production Archive. If this
feature is not enabled, Cloud UX users will be unable to connect to the Production module.
To configure the User Authentication Providers:

1. From the main menu, select User Management > User Authentication Providers.
2. Click the check box to enable the MediaCentral Platform Authentication option.
3. Enter the FQDN (fully qualified domain name) of the MediaCentral Cloud UX server or cluster
in the text box for Server 1.
139
Configuring the MediaCentral Search Connector
4. (if applicable) Click the Add Server button and the name of another MediaCentral system.
5. Click the Apply button to save the changes.

Communication between each MediaCentral module (Production Management, Archive
Management, Newsroom Management, and others) and the MediaCentral Cloud UX search engine is
enabled through a search agent. This agent must be manually configured on each MediaCentral
module. The MediaCentral Search Connector settings found in this section enable the search agent
on the Production modules.
The concepts and processes found in this section apply to both MediaCentral Production
Management and MediaCentral Production Archive systems.
You can access the MediaCentral Search Connector settings through the Interplay Administrator
under the Site Settings category. The settings panel is divided into the following three tabs:
• Reviewing the Manage Status Tab
• Reviewing the Property Selection Tab
• Reviewing the Phonetic Indexing Tab
Reviewing the Manage Status Tab

When you first access the MediaCentral Search Connector, the panel defaults to the Manage Status
tab which might look similar to the following illustration.
140
This illustration shows “production” in the Instance name field. This is the name of the Production
Management search agent that is created on the MediaCentral Cloud UX server during the process of
“Connecting to MediaCentral Production Management” on page 86. If you are configuring a
MediaCentral Production Archive system, this field would show “archive” as the instance name.
The Manage Status tab is divided into the following four sections:
Status
This section provides information about the status of the instance which is assigned to the selected
database.
After you perform a Resync of the Production module’s database, the left side of the Manage/Status
pane also includes a progress bar for the Resync process. Note the following about this feature:
• The bar is only visible when a Resync is in progress.
• When selecting the Stop button, the Resync process is essentially paused. When you click the
Start button to re-initiate the Resync, the process picks up from where it left off. When this
happens, the percentage number in the progress bar resets to 0%. This new percentage does not
include the previously indexed assets in its calculation.
• The progress bar might not provide an accurate “time remaining”. It is possible that the last 3%
(for example) could take as long as the first 97%.
• Clicking “Resync” always starts the Resync process from the beginning (not from the last stop).
Assets are indexed in descending order according to their Initial Checkin Date (most recent first).
• Administrators are not required to allow the Resync process to complete before releasing the
system to the users. However in this case, the Search app might return only partial results until
the indexing process is complete. If you are performing a resync on an active production system,
you might want to schedule the process during a maintenance window to reduce the impact to the
search workflow.
The Extended Status area displays more detailed information about the indexing process, including:
• Asset Changes including Location Changes
• Taxonomy Changes
• Namespace Updates
• Message Processing in Production Management
• Message Transfer to Kafka
For more details on Kafka, see “Working with the Search App” on page 275.
The Extended Status area is displayed only after you successfully assign an instance and begin the
indexing process. If any of the error or fail counters begin to rapidly increase, you can review either
the Production Management logs or the MediaCentral Cloud logs. For more information, see
“MediaCentral Cloud UX and System Logs” on page 332. If you cannot determine the reason for the
issue, contact Avid Customer Care for additional assistance.
Manage
This section allows you to Start, Stop, and Resync the indexing process.
141
Assign
This section includes fields that let you assign an instance of the search agent to your Production
modules. For more information, see “Starting the Search Agent” on page 148.
Configuration
Introduced in v2021.3, the Asset Visibility option allows you to limit the results of the Search app to
display only those assets for which the individual users have permission to view. If you do not enable
this functionality the search results respect the permissions of the single user that is configured in the
Assign section of this window.
If you want to enable this feature you must meet the following minimum software requirements:
• MediaCentral Cloud UX v2021.3 or later
• MediaCentral Production Management Engine v2021.3 or later
You must install at least one instance of the v2021.3 Interplay Access client in your network to
access and configure this setting in the Interplay Administrator.
The Asset Visibility feature leverages the user account defined in the local pam.yaml file that is
created on the MediaCentral Cloud UX system when you complete the process for “Connecting to
MediaCentral Production Management” on page 86. This is true for both Production Management
and an Archive Management. If you enable Asset Visibility, you must ensure that the user defined in
the yaml file exists in both the Production Management database and the Archive Management
database.
If your MediaCentral Cloud UX system is included in a multi-site environment, you need to be aware
of how a mixed configuration might affect your search results. The following table assumes that you
are performing a search from your local site.
Local
Site Remote Site Result
Enabled Enabled Asset Visibility is enabled in all locations and the Search app returns assets based
on individual user permissions.
Enabled Disableda or The Search app returns assets for the local system based on individual user
Not Availableb permissions. Results from the remote system are based on the permissions
configured for the “assign” user on the remote Production Management system.
Not Enabled The Search app results are based on pre-v2021.3 behavior. Even though the
Availableb remote site is configured for Asset Visibility, the local site does not understand
how to process this information. Results from the remote system are based on the
permissions configured for the “assign” user on the remote Production
Management system.
Disableda Enabled Results from the local system are based on the permissions configured for the
“assign” user. Since all systems have met the minimum software requirements,
the local system is aware of the Asset Visibility feature and remote results respect
individual user permissions.
a
Systems are running the minimum required versions of software, but the Asset Visibility feature has been disabled.
b
The feature is not available because the minimum software requirements have not been met.
142
c The Asset Visibility feature requires matching user accounts across all MediaCentral Cloud
UX systems and Production Management modules in a Multi-Site environment. When
configuring your User Mapping options in the Multi-Site administrator app, you must
configure rules using only the “Map by Name” option. For more information, see “Configuring
User Mapping” on page 236.
Avid suggests that you enable this feature only after you have upgraded all MediaCentral Cloud UX
and Production Management sites in the multi-site environment to v2021.3 or later.
If you decide to disable Asset Visibility, you must also disable the feature in MediaCentral Cloud
UX. For more information, see “Disabling Asset Visibility” on page 94.
Production Management administrators can create a complex series of folder and user permissions.
However, the Asset Visibility workflow can respect up to two levels of permissions only. Consider
the following illustration and example workflows.
• You configure User-A for No Access to AvidWG (global), and Read access to Projects.
Permissions for both levels are respected. In this case User-A sees only those assets within the
Projects folder.
• You configure User-A for No Access to AvidWG (global), Read access to Projects, and No
Access to Acquire.
The workflow cannot access the third “nested” level of permissions that are configured for the
Acquire folder. This means that the Search app would return results for the Projects folder and all
folders within it.
• User-A has Read permissions for Projects/Acquire. These permissions might be a result of
either a role assigned directly to the user, or a group in which the user is a direct member. User-A
also has access to the Projects folder as an inherited permission from a different group.
In this case the Search app will not return results for everything in the Projects folder because
Asset Visibility cannot correctly interpret inherited role assignments that widen (more) direct
ones.
For information on how to enable Asset Visibility on an existing installation, see “Reconfiguring the
Search Permissions” on page 152.
143
Clean-Up
The Clean-up area of the MediaCentral Search Connector settings allows you to remove a search
connector from the MediaCentral Cloud UX system. As shown in the following illustration, the
Configuration menu provides a list of all current and previously created search instances.
There might be a situation where you need to remove an inactive instance from a previous
configuration. Alternatively, you might need to remove an active instance in the process of
troubleshooting an issue with the search connector. For more information, see “Removing a Search
Instance” on page 151.
Reviewing the Property Selection Tab

The Property Selection tab allows you to select the Properties used in the Search indexing process.
These properties can be selected by users when working with the MediaCentral Cloud UX Search
app. Some properties are part of the standard data model. These properties are enabled by default and
cannot be deselected. As you can see in the following illustration, Creation Date is an example of a
property that is enabled and cannot be deselected.
After you index your Production module’s database, you can return to this area to enable or disable
the indexed properties. If you enable a new a property after the database has been indexed, existing
assets in the search index are not updated to include this property. If you disable a property, new
assets are not associated with this metadata value. However, existing assets in the index are still
associated with the disabled property and can still be found using the MediaCentral Cloud UX
Search app
If you want to add a property to the index, you must perform a resync of the database. If you want to
remove a property from index, you must complete the process described in “Resetting the Text
Metadata Search Index (no Kafka)” on page 277 and then perform a resync to allow the
MediaCentral Cloud UX search engine to pick up the changes. In either case the resync process can
take a long to complete for large databases, so make changes to your database properties carefully.
144
The “Update Data Type Definitions” option located at the bottom-right corner of this window
corrects an issue with the MediaCentral Cloud UX Search Connector where some metadata fields are
associated with the wrong type. These incorrect assignments prevent users from searching for these
metadata fields in MediaCentral Cloud UX using criteria normally associated with a date/time,
timecode, or numerical value. Avid recommends that you enable this feature for all new
MediaCentral Cloud UX installations.
Reviewing the Phonetic Indexing Tab

After you assign an instance of the search agent in the Manage/Status tab and refresh the user
interface, the Phonetic Indexing tab appears in the MediaCentral Search Connector. If your
MediaCentral Cloud UX system is licensed for MediaCentral Phonetic Index, this area allows you to
configure the language packs to be used in the audio indexing process and define the number of audio
tracks that must be indexed.
The following illustration shows the default configuration of the Phonetic Indexing window.
The body of this tab acts as a text editor. You can alter the phonetic configuration directly in this
window or you can click the Save to File button to export the configuration as a file that can be
opened in an external text editor. The formatting of the text follows the standard JSON structure.
The top of the configuration file includes information about the ID and Version. You must not alter
these values. Following this information, the phonetic configuration is separated into three main
areas: Language Packs, Layout Definitions, and the Configuration Default. As you read, you will
notice that each section builds off data defined in the previous section. The Configuration Default
section depends on values defined in the Layout Definitions, which in turn, depend on values defined
in the Language Packs section.
n While spaces and most special characters are acceptable, Avid recommends that you use standard
alpha- numeric characters when defining the values below.
145
Language Packs
The purpose of this section is to map mnemonic names to language pack IDs. The following values
are required when defining a language pack:
• Name: This value defines a user-friendly name that is associated with the language pack ID. The
default name is “en” which is used to refer to the International English language pack, but you
can change the name of this default value if desired.
• ID: The ID provided in the default configuration references the International English language
pack. If you install an alternate language pack, you can either replace this existing configuration
line or add another set of values to define the language pack. For more information, see
“Installing Additional Language Packs” on page 128.
In the following example, the administrator has left the original International English language pack
values in place and added a second set of values for the German language pack:
"language-packs" : [ {
"name" : "en",
"id" : "d699037f-5b72-42fe-ad42-4512f34e1db0"
}, {
"name" : "de",
"id" : "b4b6f986-17a2-45e0-a6c7-b20352712a12"
} ],
In this example, the administrator used “de”, the ISO 639-1 two-letter language code for German, but
you can assign any custom value for the name.
Layout Definitions
When indexing an asset that includes multiple audio tracks, Phonetic Index processes audio track 1
by default. This section allows you to define additional audio tracks to be indexed. You can create
multiple layout definitions, but only the definitions defined in the Configuration Default are used.
The following values are required when defining a layout definition:

• Name: This value defines a user-friendly name for the definition.
• Language-Pack: This value must match the name of a Language Pack that you defined in the
previous section.
• Audio-Tracks: This value represents either a single audio track or a comma separated list of
audio tracks. You can configure this value to index up to 64 tracks. If you attempt to index track
65 or later, the Phonetic Indexing window produces an error when applying the settings.
In the following example, the administrator has added a layout definition for the German language
pack (de) and has instructed Phonetic Index to index audio tracks one through five:
"layout-definitions" : [ {
"name" : "first-track-english",
"language-pack" : "en",
"audio-tracks" : [ 1 ]
}, {
"name" : "german-5-track",
"language-pack" : "de",
"audio-tracks" : [ 1,2,3,4,5 ]
} ],
146
This example might be appropriate if you have a mix of 5 tracks where each track represents a
channel of the same audio (left, right, center, back left, and back right). When you specify multiple
audio tracks in a layout definition, the tracks are grouped together to define a single indexed audio
source.
If your database includes audio assets where tracks consist of distinct audio data, you might want to
configure multiple layout definitions, each associated with a different audio track or group of tracks
as shown in the following example:
"layout-definitions" : [ {
"name" : "german-stereo-source",
"audio-tracks" : [ 1,2 ]
}, {
"name" : "german-stereo-voiceover",
"audio-tracks" : [ 3,4 ]
}, {
"name" : "german-mono-audio-description",
"audio-tracks" : [ 5 ]
} ],
Configuration Default
The Language Packs and Layout Definitions sections of the configuration window define values that
might be used in the phonetic indexing process. The Configuration Default section defines which
values are used. If this section does not include the name of a layout definition, the definition is not
used in the phonetic indexing process.
The following values are required when defining the configuration default:
• Configuration-Default: This must match the name of one or more layout definitions.
In the following example, the administrator has replaced the default value with custom layout
definitions:
"configuration-default" : [ "german-stereo-source", "german-stereo-

voiceover", "german-mono-audio-description"],
"configuration-mapping" : null
}
In general, you would not add layouts to the Configuration Default that contain overlapping tracks. In
the example above, the administrator did not add the “german-5-track” layout because that would
cause the audio data to be indexed twice.
n The Configuration Mapping value is not used in this release. Do not alter the default value
associated with this field.
147
Configuring the Search Properties

Prior to starting the Search agent, you must configure the MediaCentral Search Connector settings to
specify the metadata properties that you want to add to your search index. If you have both modules,
you must complete this process separately on each module.
To select database properties:

1. Start Interplay Administrator and sign in to the Production module’s database.
2. In the Site Settings section of the Interplay Administrator, click the MediaCentral Search
Connector button.
3. Click the Property Selection tab.
4. Use one of the following methods to select the properties for your search index:
t Use individual check boxes to select the property types to be included in the search index.
Although applicable in rare cases, you should not use the Select All button to enable all
database properties. If you select all properties, the search index and the Search app’s filter
list might be populated with fields that users might never search for.
t Click the Sync with Property Layout button to match these selections with those in the
Interplay Administrator Property Layout (Site Settings > Property Layout).
5. Enable the check box for Update Data Type Definitions.
After enabling the check box, a Confirm Search Connector Change dialog window appears. You
must click OK to this window to confirm the setting change.
n If you enable this feature on an existing installation where you have already indexed the Production
Management database, you must reset the MediaCentral Search Index for all connected
MediaCentral modules (not just Production Management) and reindex the database for each module.
The same is true if you enable the setting and later decide to disable it. For more information, see
“Resetting the Phonetic Metadata Search Index” on page 279.
6. Click Apply to save your selections.
Starting the Search Agent

The final step in the process is to start the search agent and initiate the indexing process. If you have
n If you plan on configuring MediaCentral Phonetic Index, you might consider completing the Search
Grid installation and configuration process prior to starting the search agent. The Search Grid
configuration process requires you to reset the index and resync your database. If you complete that
process first, you can avoid indexing your Production Management database twice. For more
information, see “Installing Nexidia Search Grid” on page 121.
To configure an instance of the search agent:

1. Prior to starting the search connector, you must activate your MediaCentral Cloud UX license.
Connector button.
n The MediaCentral Search Connector is not available in the Interplay Administrator for macOS.
148
3. Click the Manage/Status tab.

4. (if applicable) Click the Asset Visibility check box in the Configuration section.
For more information, refer to “Configuration” on page 142.
5. Click the Instance menu and select the search agent name you want to use.
- If you are configuring a MediaCentral Production Management system, select production
from the menu.
- If you are configuring a MediaCentral Production Archive system, select archive from the
menu.
n The production and archive options in this menu are populated by MediaCentral Cloud UX. If you
did not create configuration files (xxx.yml) or you did not deploy the modules in the process of
“Running the Post-Install Setup Scripts” on page 60, you will not see the options appear in this
menu.
6. In the Engine Username field, enter the name of a Production Management user account. Refer
to the following guidelines regarding your Asset Visibility settings:
t If you enabled the Asset Visibility option, you are required to enter the name of a user with
administrator-level privileges to the Production Management database.
If you enable this option and you do not specify an administrative user, the application
displays a warning to alert you of the situation when you click Assign. If you attempt to
Resync or Start the indexing, the process will fail and display an error.
t If you do not enable the Asset Visibility option in the Configuration area, the MediaCentral
Search Connector settings respect the permissions that are configured for the Instance user.
If the user is not an administrator, database access can be limited to certain directories, and
only those directories are indexed.
Since searches respect the permissions of the Instance account and not those of individuals
logging into MediaCentral Cloud UX, users of the Search app might see fewer assets than
expected, or they might be exposed to assets that they could not otherwise view in Interplay
Access. Although MediaCentral Cloud UX users can see the asset metadata, they are
blocked from playing the assets.
In either configuration method, Avid recommends that you create a dedicated user for this
purpose in the Interplay Administrator’s User Management settings. If you have a dedicated user,
the process of troubleshooting a search-related issue can be simplified.
7. In the Engine Password field, enter the password for the user specified in the previous step.
8. Click Assign.
The Interplay Administrator should reply with the following message:
As shown in the following example illustration, you might notice that after a successful
connection, the Instance field reflects the name of your database and server host name.
149
n If you need to disconnect a Production module from the MediaCentral Cloud UX search engine, click
the UnAssign button.
9. (if applicable) If your MediaCentral Cloud UX server is licensed for Phonetic Index and you
want to either add language packs or alter the audio indexing configuration, proceed to “Editing
the Phonetic Indexing Tab” on page 150 at this time. When you have completed that process,
return to this section and complete the remaining steps.
10. Finally, click the Resync button in the Manage pane to start the indexing process of the
Production module’s database. Do not click the Start button.
You can use the Status pane on the left side of the window to check on the progress of the
indexing process. The results refresh automatically every 30 seconds, but you can click the
Refresh button to update the results on demand.
In most cases, you should not need to click the Resync button again. The Stop and Start buttons
are used to stop and restart the indexing process. If you click the Resync button on a system that
has already been indexed, a complete re-index is initiated.
11. If you have both production and archive modules, you must complete this process separately on
the next module.
Editing the Phonetic Indexing Tab

If your MediaCentral Cloud UX server is licensed for Phonetic Index and you want to either add
language packs or alter the audio indexing configuration, you must complete the steps in this section.
If you plan to use the system defaults of indexing audio track 1 using the International English
language pack, you are not required to complete this process.
To edit the Phonetic Indexing configuration:

Connector button. If you are already in the MediaCentral Search Connector, you might need to
go back to the main menu and open the settings again to enable the tab in the user interface.
2. Click the Phonetic Indexing tab.

If you do not see this tab, verify that you have configured and deployed Phonetic Indexing as part
of the MediaCentral Cloud UX software installation process.
3. Using the information in “Reviewing the Phonetic Indexing Tab” on page 145 as a reference, edit
the configuration data using one of the following methods:
t Edit the configuration directly in the Phonetic Indexing tab.
t If you exported the configuration to a file, click the Load from File button to import the
configuration information.
150
When editing the file, you might want to copy and paste existing default configuration to help
you maintain the proper formatting for all new values. If the formatting of the configuration file
is incorrect, you will not be able to apply your changes.
4. Click Apply to save your changes.
If the configuration information is valid, the system replies with the following message:
“Successfully applied Configuration”. If you encounter an error, a message appears to alert you
of the problem.
If you do not want to apply your changes, you can click the Cancel button. The configuration is
reverted to the previous state.
5. Complete one of the following to index your Production Management database:
t If you were directed to this process from “Starting the Search Agent” on page 148, return to
that process to complete the indexing process.
t If you edited the Phonetic Indexing tab on a system that was already indexed, you must stop
the indexing process and reindex your Production Management database using the tools in
the Manage Status Tab.
Removing a Search Instance

In the event that you need to remove an instance of the search connector from your Production
Management system, you can refer to the steps in the following process.
n If you remove an active instance, users will lose the ability to search the Production Management
system until the configuration is recreated and the search index is recreated.
To remove an instance:
Connector button.

3. Click on the Configuration menu in the Clean-Up section of the tool and select an instance from
the menu.
The system prompts you with one of two confirmation dialogue boxes — depending on the type
of instance you are attempting to delete: active or inactive.
4. Do one of the following:
t Click OK to delete the search connector instance.
t Click Cancel if you want to abort the deletion process.
151
Recreating the Search Instance

After you delete the search instance, you might need to complete the following steps to recreate the
search connector on the MediaCentral Cloud UX system.
To recreate the search connector:

1. Open a web browser on a local workstation and connect to the Kubernetes Dashboard.
For more information, see “Accessing the Kubernetes Dashboard” on page 339.
2. Enter the following text in the search field at the top of the dashboard to search for the pod that
includes the Production Management search connector:
avid-pam-search-connector-production-pam
3. Click on the context menu to the right of this pod and select Delete.
When you delete the pod, Kubernetes notes that the pod is missing and begins the process of
creating a replacement pod with the default values.
4. After waiting for a period of 2-5 minutes, open the Interplay Administrator and click the
MediaCentral Search Connector button to reindex your Production system.
n If you are already have the Interplay Administrator open, go back to the main menu and then open
the MediaCentral Search Connector settings to refresh the display.
Reconfiguring the Search Permissions

The following process describes how to enable the Asset Viability option that is described in the
Configuration section of this chapter on an existing Production Management system. This process
assumes that you have already upgraded all systems to the required minimum software versions.
If you decide to disable Asset Visibility, you must also disable the feature in MediaCentral Cloud
UX. For more information, see “Disabling Asset Visibility” on page 94.
To enable Asset Viability on an existing installation:

Connector button.
3. Click the Stop button in the Manage area.
4. (if necessary) Assign a new Instance user.
The Asset Viability settings require that you assign a user with administrator privileges to the
instance. If your existing user is not already an administrator, complete these steps.
a. Click the Unassign button.
b. Enter a new administrator-level user and password.
c. Click Assign.
5. Enable the Asset Visibility check box.
6. Click the Resync button in the Manage pane to start the indexing process of the Production
module’s database.
152
6 Using the License App

• Licensing Overview
• Activating a License
• Exporting a License
• Resetting the System ID and Device ID
• Reviewing the Licensing Results Panel
• User Profile Menu
Licensing Overview
MediaCentral Cloud UX includes a set of apps and features (such as the Browse app) that are
common to every installation. Avid allows organizations to add new options to MediaCentral Cloud
UX through an “à la carte” approach — allowing you to customize the user experience by
eliminating the need to purchase features that might not apply to your workflow. After you have
purchased and installed a new feature, you use the License app to activate the feature.
You can purchase additional licenses for MediaCentral Cloud UX by contacting the Avid Sales
department at 1-800-949-AVID (2843). For more information on the different license types, see
“Understanding the License Types” on page 154.
The following table and illustration describe the different areas of the app:
Section Description
1 License app Sidebar The sidebar allows you to switch between the Licensing and Registration areas
of the app.
This chapter describes the Licensing area of the app. The Registration area is
meant for internal use and you should access this area only as directed by Avid.
2 License app The Configuration area allows you to activate new licenses for MediaCentral
Configuration Cloud UX and monitor the communication status between your deployment and
the Avid license server (specific to subscription-based licenses).
For more information, see “Activating a License” on page 163.
3 License app Results The Results area shows the licenses that have been added to MediaCentral Cloud
UX.
For more information, see “Reviewing the Licensing Results Panel” on
page 167.
Licensing Overview
Accessing the License app
Each MediaCentral Cloud UX system includes one MediaCentral Platform license by default. This
license allows an administrator to connect to the server and configure additional licenses and system
settings.
You can access the License app through the administrator settings. For more information on
accessing the administrator settings, see “Signing in to MediaCentral Cloud UX” on page 115.
Understanding the License Types

MediaCentral Cloud UX supports two primary license types: perpetual and subscription.
Perpetual Licenses
With the exception the MediaCentral Support license options, the features activated through a
perpetual license do not expire. In some cases, Avid might provide a temporary perpetual license in
which all features are associated with an expiration date.
If you decide that a subscription license might make more sense for your organization, you can
contact Avid Sales for information on converting your perpetual license to a subscription.
Subscription Licenses
Subscription licenses are similar to perpetual licenses in that they enable the same set of features and
levels of access, but differ in that all features are associated with an expiration date. You might
consider purchasing a subscription if your organization requires access to a MediaCentral Cloud UX
154
Licensing Overview
system for a finite period of time — maybe for a specific project. When the subscription ends, you
can choose to either extend your subscription, end it, or convert it to a perpetual license. For more
information on expiration dates, see “Reviewing the Licensing Results Panel” on page 167.
Another difference is that subscription licenses allow you to over-subscribe some license types. If for
example you purchase a license for 25 Edit seats and you need to enable additional concurrent
connections, users are not blocked from accessing MediaCentral Cloud UX. As an administrator, you
can review the number of over-subscribed licenses in the Maximum Quantity column of the Results
area. Over-subscription allows you to instantly scale access to the system without requiring you to
contact Avid to enable additional seats. When your subscription ends, you might incur additional
charges for any licenses that were over-subscribed during your subscription period.
n MediaCentral Cloud UX does not allow for limitless over-subscriptions. The system is equipped with
safeguards that attempt to prevent you from creating an unfavorable user experience by exceeding
your system resources (memory, CPU usage).
Because the MediaCentral Cloud UX system needs to periodically communicate with Avid’s license
server, organizations are encouraged to maintain a connection between their MediaCentral Cloud UX
system and the public internet. If a subscription-based MediaCentral Cloud UX system cannot
connect to the license server, license usage is stored on the local system and transmitted to the license
server when the connection is restored. If the system cannot connect to the license server, it will not
be able to receive license updates or be able to extended the subscription past the active subscription
period.
Whenever connecting a system to the internet, Avid recommends that you follow your organization’s
best practices to ensure a safe and secure connection. To enhance security, Avid allows you to route
this connection through a proxy server. For more information, see “Configuring a Licensing Proxy
Connection” on page 108.
License Categories
When you purchase a license from Avid, you have the ability to customize the contents of that
license. You can define the number of client connections, the types of those connections, the features
that you want to enable on your MediaCentral Cloud UX system, and more. Licenses are divided into
the following sub-categories:
• “Client Licenses” on page 155
• “Platform Licenses” on page 156
• “App and Feature Licenses” on page 157
Client Licenses
After importing user groups through the User Management app, system administrators must
associate a client license type with each user group that contains users who plan to access
MediaCentral Cloud UX. The following client license types are available:
• Browse License: Offers access to a wide range of features, with some limitations.
• Edit License: This license enables access to the full range of options for each licensed app.
n If you are using a license that was created prior to November of 2020, your license might include
View and Full client license types. These license types were depreciated in October of 2020. For more
information on these license types, see v2020.4 of the Avid MediaCentral | Cloud UX Installation
Guide.
155
Licensing Overview
The following table describe the available features of each client license type.
Browse Edit Comments
Asset Editor ✓1 ✓ 1 Users can edit metadata, but not media.

Users that need access to the Graphics tab require an Edit license.
Browse app ✓ ✓
Ingest app* No access ✓
Log app* ✓1 ✓ 1 Only Edit clients include the ability to create and edit sessions.
Media Composer ✓ ✓ Edit license not required to access this feature.

Distributed Processing*
Media Composer ✓ ✓ Edit license not required to access this feature.

Enterprise Admin Tool*
Notifications app ✓ ✓
Process app ✓ ✓
Rundown app* ✓ ✓ Requires MediaCentral Newsroom Management module license.
Search app* ✓ ✓ Metadata search included. Phonetic search capability is optional.
Task app ✓ ✓
Apps marked with an asterisk (*) might require additional licenses to enable the feature set. For example, the Rundown app
might require one or more MediaCentral Newsroom Management licenses.
Platform Licenses
Platform licenses generally affect the entire system, crossing both user and feature licensing. For
instance MediaCentral Support licenses affect all aspects of the Cloud UX system.
The following table describes each license type.
Name Description
Asset Management Enables integration with a MediaCentral Asset Management module or MediaCentral | Shared
Library.
MediaCentral | Flex Asset Enables the Asset Management licensed features. Subscription license for MediaCentral Asset
Management Management, available in MediaCentral v2021.11 and later only.
For more information, see “Products” in the MediaCentral | Asset Management Installation
Manual.
MediaCentral | Flex Enables the Shared Library licensed features. Subscription license for MediaCentral Shared
Archive add-on Library, available in MediaCentral v2021.11 and later only.
Graphics Management Enables you to browse and search an integrated Maestro News database.
MediaCentral | Flex Enables the Graphics Management licensed features. Subscription license for MediaCentral
Graphics Management Graphics Management, available in MediaCentral v2021.11 and later only.
MediaCentral | Platform Every user consumes one Platform license regardless of the client type (web, mobile,
MediaCentral panel) or license type (Browse or Edit).
156
Licensing Overview
Name Description
MediaCentral | Multisite Required for Multi-Site workflows.

Connector
For more information, see “Using the Multi-Site Settings App” on page 235.
MediaCentral ExpertPlus If you are under an Avid support contract, this license shows the current support license type
Support and expiration date.
MediaCentral Elite If you are under an Avid support contract, this license shows the current support license type
Support and expiration date.
Newsroom Management Enables integration with the MediaCentral Newsroom Management module.
Production Management Enables integration with the MediaCentral Production Management module.
App and Feature Licenses
These licenses enable new apps or features in the MediaCentral Cloud UX user interface — such as
the ability to use the Collaborate app. Alternatively, feature licenses might enable additional
connections to MediaCentral Cloud UX — such as the Panel for Media Composer or 3rd party apps
developed through Avid’s API Connector.
For more information on subscription licenses that enable integration between the Rundown app and
MediaCentral Newsroom Management, see the “Licensing” chapter of the Avid MediaCentral |
Newsroom Management Administration Guide.
The following table describes each license type.
Name Description
Maestro | News Enables the Graphics tab in the Asset Editor and enables the ability to drag and drop graphics
MediaCentral into the Rundown app (Newsroom Management license required).
Media Composer | Cloud Enables Media Composer Cloud Remote clients to connect to the Platform.
Remote
Media Composer | Enables the Media Composer Distributed Processing workflow. For more information, see the
Distributed Processing Avid Media Composer | Distributed Processing Administration Guide.
Engine
Media Composer | Determines the number of Distributed Processing Worker nodes that can connect to the same
Distributed Processing workgroup. For more information, see the Avid Media Composer | Distributed Processing
Worker Administration Guide.
Media Composer | Enables the Media Composer Enterprise Admin Tool in the MediaCentral Cloud UX
Enterprise Admin Tool Administrator portal. For more information, see the Avid Media Composer | Enterprise
Admin Tool Administration Guide.
MediaCentral | Analytics Enables 3rd party cognitive services vendors such as Microsoft Azure Video Indexer to
integrate with the MediaCentral Platform.
MediaCentral | Flex AM Subscription license for MediaCentral Analytics. Available in MediaCentral v2021.11 and
Analytics add-on later only. For more information, see the Avid MediaCentral | Analytics ReadMe.
MediaCentral | API Enables integration of Avid partner or custom-built components to the MediaCentral
Connector Platform.
157
Licensing Overview
Name Description
MediaCentral | Archive Enables a connection to a MediaCentral | Archive Production.

Production
n Some associated workflows require integration with Avid MediaCentral | Shared Library. For more
information, see the Avid MediaCentral | Shared Library Installation and Configuration Guide.
MediaCentral | Cloud UX This license enables one or more users to access the Collaborate app.
Collaborate App
MediaCentral | Connector This license is required to use the additional features included in the MediaCentral Panel for
for Adobe Premiere Pro Adobe Premiere Pro CC.
Related license: MediaCentral | Panel for Adobe Premiere Pro CC
MediaCentral | Connector This license enables access to the MediaCentral Panel for AP ENPS. It must be used in
for AP ENPS conjunction with one or more MediaCentral | Panel for AP ENPS licenses.
Related license: MediaCentral | Panel for AP ENPS
MediaCentral | Connector This license enables access to the MediaCentral Panel for CGI OpenMedia. It must be used in
for CGI OpenMedia conjunction with one or more MediaCentral | Panel for CGI OpenMedia licenses.
Related license: MediaCentral | Panel for CGI OpenMedia
MediaCentral | Connector This license enables access to the MediaCentral Panel for Octopus Newsroom. It must be
for Octopus Newsroom used in conjunction with one or more MediaCentral | Panel for Octopus Newsroom licenses.
Related license: MediaCentral | Panel for Octopus Newsroom
MediaCentral | Connector Enables accelerated transfer of media and metadata within MediaCentral Cloud UX through
for WAN FileCatalyst FileCatalyst.
For more information, see http://filecatalyst.com/.
MediaCentral | Deliver Enables workflows for the MediaCentral Production Management Delivery service.
MediaCentral | Document Service for managing documents, including import, export, indexing, thumbnail and proxy
Management creation, and more. Requires MediaCentral | Asset Management module.
MediaCentral | Enterprise Enables mixed sequence editing, allowing Asset Management and Production Management
Editing assets to coexist in the same sequence.
MediaCentral | Gateway Enables a connection between the MediaCentral Platform and the Microsoft Azure Video
for Microsoft Azure Video Indexer service for use with Avid MediaCentral | Analytics. This item does not include any
Indexer licensing required by Microsoft.
MediaCentral | Hoverscrub Authorizes your system for a number of MediaCentral Hoverscrub seats. For more
information, see “MediaCentral | Hoverscrub” on page 271.
MediaCentral | Ingest Enables the MediaCentral Ingest app.
MediaCentral | Multisite Enables you to find assets from remote systems of your multi-site configuration.
Index Service
MediaCentral | MOS Enables integration with MOS Gateway. Subscription license available in MediaCentral
Gateway v2021.11 and later only.
MediaCentral | MOS This corresponds to a COM resource license on the Newsroom Management server.
Gateway COM Connection Subscription license available in MediaCentral v2021.11 and later only.
MediaCentral | Newsroom This license corresponds to the Community option on the Newsroom Management server.
Management Community Subscription license available in MediaCentral v2021.11 and later only.
158
Licensing Overview
Name Description
MediaCentral | Newsroom This is a new license type to be used with a predefined IP on the config file, intended for use
Management Control in the control room. Subscription license available in MediaCentral v2021.11 and later only.
Room Client
MediaCentral | Newsroom This license corresponds to the CPU licenses on the Newsroom Management server.
Management CPU Subscription license available in MediaCentral v2021.11 and later only.
Consumption
MediaCentral | Newsroom This license corresponds to the newer generic sessions licenses or old-style wire servers.
Management Wire Subscription license available in MediaCentral v2021.11 and later only.
Sessions
MediaCentral | Orchestrate Allows organizations to run custom MediaCentral Asset Management processes. Requires
MediaCentral | Asset Management module
MediaCentral | Panel for Enables Adobe Premiere Pro CC clients to connect to MediaCentral Cloud UX through a
Adobe Premiere Pro CC panel native to the application. Use of the panel requires a Full or an Edit license.
Each connection is included in the maximum number of concurrent MediaCentral Platform
seats and each consumes user's entitlements for enabled apps.
Related license: MediaCentral | Connector for Adobe Premiere Pro
MediaCentral | Panel for This license defines the number of users that can connect to MediaCentral Cloud UX from
AP ENPS within the Panel for AP ENPS.
To create sequences in the Panel, users must be associated with an Edit license.
Related license: MediaCentral | Connector for AP ENPS
For more information see the Avid MediaCentral | Panel for NRCS ReadMe.
CGI OpenMedia within the Panel for CGI OpenMedia.
Related license: MediaCentral | Connector for CGI OpenMedia
MediaCentral | Panel for Enables Avid Media Composer clients to connect to MediaCentral Cloud UX through a panel
Media Composer native to the application.
Each connection is included in the maximum number of concurrent MediaCentral Platform
seats and each consumes user's entitlements for enabled apps.
In addition to standard Media Composer workflows, this license is required for integration
with Media Composer Distributed Processing.
Octopus Newsroom within the Panel for Octopus Newsroom.
Related license: MediaCentral | Connector for Octopus Newsroom
159
Licensing Overview
Name Description
MediaCentral | Phonetic When activated, this license activates the Phonetic search option and displays the number of
Index hours of audio media that can be indexed by the search engine.
The Phonetic Index license authorizes your system for a specific number of hours of indexed
audio media. If the amount of audio media on your shared storage exceeds the number of
hours for your Phonetic Index license, only the most recent media is returned through the
Search app.
For example if you have 8,000 hours of audio media on your shared storage and you purchase
a 10,000 hour license, all 8,000 hours of media are indexed and all assets can be returned
through the Search app. If you add another 3,000 hours of audio media, all 11,000 hours of
media are indexed, but only the last 10,000 hours are available through the Search app.
MediaCentral | Phonetic MediaCentral Phonetic Index ships with the International English language pack by default,
License Packs but you have the option of configuring Phonetic Index to use an alternate language. As shown
in the following illustration, you can license multiple languages, but you can only index one
language at a time.
For more information, see “Search Grid Prerequisites” on page 121.
MediaCentral | Publisher This license is required if using the Publisher app.

Although the MediaCentral | Publisher license appears once in the License app, the SAAS
platform allows for three different levels of access (Standard, Premium, and Elite). Contact
Avid Sales for more information on the features included with each licensing level.
MediaCentral | Transcode Enables the ability to send Avid media through MediaCentral Production Transcode in Cloud
UX apps such as Browse and Search.
Although apps might not be specifically tied to licenses, the functionality for an app might not be
available without a particular license. For example, the Rundown app is available to all users — it is
present in the user interface regardless of your client license type or any other purchasable license.
However, functionality in the Rundown app depends on a connection to MediaCentral Newsroom
Management. If you do not have a license for the Newsroom Management module, the app Rundown
app is available, but it provides no functionality. For more information on optional subscription
licensing for Newsroom Management, see the “Licensing” chapter of the Avid MediaCentral |
Newsroom Management Administration Guide.
License Distribution
Every user that signs in to MediaCentral Cloud UX consumes a MediaCentral Platform license. This
is true if you are accessing the user interface through a web browser, mobile device, MediaCentral
Panel for Media Composer, or another method. In addition to a Platform license, each user also
consumes a client license (Edit or Browse).
160
Licensing Overview
When considering how to distribute the licenses, you need to make a decision:
• Should you employ a 1:1 distribution method?
• Should you over-allocate the licenses?
For example, consider an organization that has purchased the following:

• 50 Platform licenses
• 25 Edit licenses
• 25 Browse licenses
One-to-One Distribution
In a 1:1 distribution method, the system administrator must pay careful attention to manage the
number of users assigned to each user group and the number of licenses that are available in
In the example above, the organization has purchased 25 Edit licenses and 25 Browse licenses. In this
case, the system administrator could create two user groups consisting in their authentication
provider of no more than 25 users each. The administrator would use the User Management app to
assign the Edit licenses to the first group and the Browse licenses to the second group.
This method provides a high level of consistency as all fifty users are guaranteed to be allowed access
to MediaCentral Cloud UX. Additionally, each user knows exactly what kind of license they will
receive at sign-in.
You might also want to consider this method if you have a subscription license and want to avoid
over-subscription of client licenses (feature licenses might still be oversubscribed).
Over-allocating Connection Licenses
As an alternative to the 1:1 distribution method, administrators can elect to over-allocate

MediaCentral Cloud UX licenses. This method provides a great deal of flexibility, but it does not
allow for the “always-connect” peace of mind available through the 1:1 licensing method.
Again using our example, let’s assume that the organization has 100+ users separated into a number
of different user groups, and that each group is assigned either an Edit or a Browse license. Since the
site has purchased only 50 Platform licenses (assumes a perpetual license), the 51st person to attempt
to sign in to MediaCentral Cloud UX is denied access as there are no more available licenses.
This method might work well for a site that has a twelve hour shift rotation where only 50 concurrent
users are possible.
Over-allocating Client Licenses
n The following information applies to Perpetual Licensing only. As described above, subscription-
based licenses allow you to over-subscribe the number of licenses.
The administrator might chose to over-allocate the client licenses that are assigned to a user group.
Let’s assume that the administrator has assigned the Edit license (25 seats in our example) to a user
group called “Editor” that consists of 30 users. The first 25 “Editor” users that sign in to
MediaCentral Cloud UX are assigned the Edit license. The 26th user that attempts to sign in might be
denied access to MediaCentral Cloud UX.
161
Licensing Overview
Although this “26th”user has been assigned an Edit license through the user group in the User
Management app, no Edit licenses remain. However, if a lower tiered license (such as Browse) is still
available, MediaCentral Cloud UX allows the user to sign in with the lower tiered license. If all
licenses are consumed, the user is denied access to MediaCentral Cloud UX and the user is alerted to
the situation as in the following illustration.
License availability is verified when a user signs in to MediaCentral Cloud UX. If the original license
type assigned to the user becomes available during the session, the user is not alerted to the
availability of the more feature-rich license. To release the existing license and consume a new
license, the user must sign out, and sign back in to MediaCentral Cloud UX.
If a user belongs to multiple groups — each assigned with different license types, the user receives
the highest level license available at the time of sign-in.
Allocating Entitlements
As described in “Using the User Management App” on page 171, you can enable specific
entitlements for each user group. The distribution of licenses related to entitlements works similarly
to client licenses. If an entitlement is enabled for a group and the license is available, the user is
granted access to the associated feature. However just as with client licenses, it is possible to
oversubscribe entitlements.
If for example you purchase 20 Hoverscrub licenses, and you enable that entitlement for a user group
that includes 40 users — only the first 20 users that sign in to MediaCentral Cloud UX will have
access to the Hoverscrub feature.
Manually enabled entitlements, such as Hoverscrub, remain available to the user — regardless of the
client license. For example, consider a user that belongs to two groups — one associated with an Edit
license and the Hoverscrub entitlement and one associated with a Browse license with the default
entitlements. If the user signs in to MediaCentral Cloud UX and is assigned a Browse license
(because all the Edit licenses are used), that user still has access to Hoverscrub functionality (as long
as there are Hoverscrub seats still available.
162
Activating a License
The Configuration area of the License app guides you through the process of importing a new license
into MediaCentral Cloud UX. The following process expands on the steps that are outlined in the
License app’s user interface.
After you complete the licensing process, your organization might later decide to purchase additional
features, user seats, or even switch to a different license type. The process of upgrading an existing
license with new features or converting a license (from perpetual to subscription) is similar to the
process of installing a license on a net-new installation. The one major difference is that you are not
required to re-enter your System ID or create a new Device ID. Whenever you activate a license, the
previous license (if applicable) is overwritten.
Activating a Subscription License

Complete the following process to activate a subscription license.
To activate a subscription license:

1. Prior to entering your subscription license, you must verify that your MediaCentral Cloud UX
server(s) can connect to the Avid Licensing services.
a. Use a terminal application to log in to your single-server or primary master node as the root
user.
b. Enter the following command to verify that your server can access https://api.avid.com:
curl https://api.avid.com/cloudux/License/Activate
The system should respond with the following message:
{"Message":"The requested resource does not support http method 'GET'."}
If you see any other message (e.g. could not resolve host name, could not connect, etc.), you
must work with your IT department to enable the connection.
n This is an API endpoint, not a human-readable web site.
c. If your system is configured in a cluster with multiple servers, repeat the curl command
from each individual server.
2. Open a new tab in your browser and proceed to https://my.avid.com/.
If you do not already have an account, you must create one now so that you can access the
software registration tools that are located behind this login.
3. After you sign in to my.avid.com, click the Register Software With Code button.
163
4. Enter your software redemption code and click the Register Product button.
This process provides you with your System ID and Entitlement ID. Take note of both
5. Returning to the MediaCentral Cloud UX License app, enter your System ID into the provided
field, and click the Submit button to generate a Device ID for your system.
t If you enter a valid System ID, the Device ID field is populated with a unique 25 digit
identifier for your MediaCentral Cloud UX server or cluster.
t If you enter an incorrect System ID, you receive an error. In this case you must correct and
resubmit your System ID.
After you generate a Device ID, the SystemID and DeviceID fields in the License app become
locked. If you accidentally enter the wrong information, see “Resetting the System ID and
Device ID” on page 166 for details on clearing the information from the License app.
6. Enter your Entitlement ID in the Online (subscription) Activation area, and click the Activate
button at the bottom of the app.
t If successful, your license is imported into MediaCentral Cloud UX and the Results panel is
updated to reflect the new license. This process can take a few minutes to complete, so be
patient.
t If the activation process fails, the system alerts you with an error message.
Click anywhere outside of the pop-up window to dismiss the message.
After you active your subscription license, the two values below the Entitlement ID field begin to
populate with data.
License Last Checked On: Reports the last time that the MediaCentral Cloud UX server was able
to verify your subscription license with the Avid license server. The system also displays the
result of this verification step.
Metrics Last Transmitted On: Relates to subscription / over-subscription values. If you over-
subscribe any licenses during your subscription period, this data is used to track overages that
could result in additional fees at the end of your subscription.
164
7. Proceed to the User Management app to import user groups, assign client licenses to those
groups, and configure group entitlements (if applicable).
Activating a Perpetual License

Complete the following process to activate a perpetual license.
To activate a perpetual license:

1. Before you can activate your license, you must first complete the following steps to generate a
license file using the Avid Software License Activation website.
a. Enter the following link into your browser’s address bar:
https://my.avid.com/products/indirectactivation
b. Enter the required information on the Software Activation page.
n Your Entitlement ID (Activation ID) and System ID are provided to you by Avid.
c. Click the Submit button.

d. Click the Download button and save the license file to your local workstation.
2. Returning to the MediaCentral Cloud UX License app, enter your System ID into the provided
field, and click the Submit button to generate a Device ID for your system.
t If you enter a valid System ID, the Device ID field is populated with a unique 25 digit
identifier for your MediaCentral Cloud UX server or cluster.
t If you enter an incorrect System ID, you receive an error. In this case you must correct and
resubmit your System ID.
After you generate a Device ID, the SystemID and DeviceID fields in the License app become
locked. If you accidentally enter the wrong information, see “Resetting the System ID and
Device ID” on page 166 for details on clearing the information from the License app.
3. Click the Browse button in the Offline (perpetual) Activation area.
4. Navigate to the license.json file, and click the Open button to import the license to
5. Click the Activate button to complete the process.
t If successful, your license is imported into MediaCentral Cloud UX and the Results panel is
updated to reflect the new license. This process can take a few minutes to complete, so be
patient.
t If the activation process fails, the system alerts you with an error message.
t If you had already licensed your system with a subscription-based license and you are
concerting to a perpetual license, the system displays a dialog that asks you to confirm the
activation of the new license.
Click anywhere outside of the pop-up window to dismiss the message.
6. Proceed to the User Management app to import user groups, assign client licenses to those
groups, and configure group entitlements (if applicable).
165
Exporting a License
Exporting a License
After you successfully import a license into the app, you can use the Export feature at the bottom of
the Configuration area to save a plain text file that details the contents of your license. This includes
the Device ID, System ID, and the list of licensed features.
Although this same information is available in the user interface of the License app, the export ability
allows you to share this information easily with others — such as another group within your
organization or with Avid Customer Care.
If you are unable to access the user interface, MediaCentral Cloud UX allows you to export similar
information from the Linux command line. However when using this method, the file does not
include the Device ID or System ID information.
To export your license data through the user interface:

t After activating a valid license, click the Export button in the License app to export the license.
The license is saved to the file download location specified in your browser.
If you want to view the license, Avid suggests viewing the file in an application such as
Notepad++. This free source code editor displays files through an organized line-item display.
You can download Notepad++ from: https://notepad-plus-plus.org/
To export your license data through the command line:

1. Use an SSH client such as PuTTY to access the MediaCentral Cloud UX server from a remote
workstation.
2. When prompted, enter your user name (root) and the associated root user password.
3. Enter the following command where <user> is the name of a user that is included in your
MediaCentral Cloud UX administrator group:
avidctl tools license-report -u <user>
4. When prompted, enter the password for this user and press Enter.
The system creates a license-report.txt file at /var/log/.
5. Enter the following command to view the report:
cat /var/log/license-report.txt
function by entering the following command: avidctl tools license-report --help
Resetting the System ID and Device ID

After you click the Submit button in the Configuration area of the License app, the Submit button is
removed and a Reset IDs button is added to the user interface.
166
Reviewing the Licensing Results Panel
If you need to reset either the SystemID or DeviceID, you can click this button to delete the IDs from
your MediaCentral Cloud UX system. When you click the Reset ID button, both the SystemID and
DeviceID are reset. You cannot selectively reset only one of these values.
If you have already licensed your MediaCentral Cloud UX server with Avid and you reset the IDs,
you will be required to reactive your license and obtain a new license.json file that includes your
updated ID information.
To reset your SystemID and DeviceID:

1. Select the License app from the Administrator Settings Fast Bar.
For more information, see “Administrator App Overview” on page 118.
2. Before you reset the ID, you must take note of the System ID that was previously submitted. You
will need this information later in this process.
3. Click the Reset IDs button.
The system prompts you to confirm the reset command.
4. Click the Reset button to confirm the action or click Cancel to keep your existing IDs.
5. After confirming the reset command, you are prompted to confirm your system ID.
t To proceed, enter your previously submitted System ID and click the Reset IDs button.
t To exit without resetting, click the Cancel button.

The Results panel provides additional information on each license that is successfully imported into
167
The bar at the top of this area displays the total number of licenses that have been imported into
MediaCentral Cloud UX, a text field that you can use to filter the results, and a Type field that
indicates the license type (subscription or perpetual).
The Results area includes multiple columns of information. You can increase or decrease the size of
any column by clicking and dragging the separator bars in the column header. However, you cannot
reorder the list of columns. The following columns are displayed:
License Name
Each license that is imported into MediaCentral Cloud UX appears as a separate line item in the
Results panel. The Results area is sorted alpha-numerically by this column by default.
Type
Each license is associated with one of the following categories:

• Core: These licenses apply to the Platform, rather than to an individual feature of MediaCentral
Cloud UX.
Examples: Platform license
• Module: These licenses authorize MediaCentral modules on the platform.
Examples: MediaCentral Production Management, MediaCentral Asset Management, and others
• On / Off: These licenses enable a new feature for the Platform or enable access to the Platform.
The number of users that can access the feature is limited by other user or seat licenses.
• Quota: Quota licenses appear in the Quantity column with numerical value count. In the example
of Phonetic Index, the value equals the total number of hours of audio media that can be indexed
by the system.
• Seat: These licenses refer to the number of “seats” or users that access a certain feature.
Examples: MediaCentral Hoverscrub, Media Composer Cloud Remote, and others
• Support: These licenses grant access to Avid Customer Care.
Examples: MediaCentral ExpertPlus Support
• User: These licenses refer to the client types described in “Client Licenses” on page 155.
Current Quantity
Each license is associated with a number. In some cases the number represents a license count and in
other cases it could represent a value, such as the number of hours licensed for Phonetic Index. In the
case of an On/Off license type, a value of 1 means that the license is enabled.
In some cases the quantity value is listed as a fraction — 10/40 for example. The number on the right
indicates the total number of licenses available and the number on the left indicates how many
licenses are currently in use.
Maximum Quantity
This column displays the maximum concurrent user count of the corresponding license. As described
earlier in this chapter, subscription licenses allow you to extend beyond the number of licenses that
are displayed in the Current Quantity column. If this occurs, the number is displayed in red to
indicate the over-subscription.
168
Expiration Date
If you purchase a perpetual license, you might notice that most licenses are not associated with an
expiration date. Instead, they are listed as permanent — indicating that they do not expire.
Subscription licenses and MediaCentral Support offerings are valid only for a certain period of time.
In this case the Expiration Date column displays the date on which the license will expire.
Additionally, the License app provides visual colored feedback regarding the status of the expiration:
• White: Indicates that the license is active and is at least 30 days away from the expiration date.
• Yellow: Indicates that the license will expire in less than 30 days.
• Red: The license has expired.
If you need to continue to use a feature beyond its expiration date, you must contact Avid to renew
the feature or extend your subscription. If you plan to extend your subscription, Avid recommends
doing so proactively to ensure uninterrupted operation of your system.
If a license expires, the features associated with that license are disabled until the license is renewed.
However if a license expires while users are connected to the system, the associated features remain
available to all active (signed-in) users during their current session. In this case the expired features
are disabled only after the user signs out of MediaCentral Cloud UX and makes a new connection to
the system.
Filtering and Sorting the Results Panel

After you have imported one or more licenses into MediaCentral Cloud UX, you can use the Filter
and Sort controls to refine the list of licenses in the Results area. The following illustration highlights
the Filter and Sort options in the user interface.
• Filtering: This feature works almost like a search in that you can enter text in the filter field and
only those licenses whose name includes the filter term are displayed.
• Sorting: This feature allows you to reorder the list of licenses based on the column header.
Licenses are organized in alphabetical order (0-9, Aa-Zz) according to the License Name column
by default. You can sort the results by License Name, Type, Quantity, or Expiration Date — one
column at a time.
To filter the Results list:

1. Select the License app from the Administrator Settings.
2. Use the Filter Licenses field in the Results toolbar to enter the name or partial name of a license
that has been imported into MediaCentral Cloud UX.
As you enter text, the results list is immediately updated with the available results.
3. (optional) Clear the filter text to reset the Results area to show all licenses.
169
User Profile Menu
To sort the Results list:

1. Select the License app from the Administrator Settings.
2. Click on a column header to reorder the results list.
An up arrow appears to the right of the column name to indicate that this column is used to sort
the results in ascending order.
3. (optional) When you click on a column header, the column is sorted in ascending order by
default. If you need to sort the list in descending order, simply click on the column header again
to reverse the order of the list.
A down arrow appears to the right of the column name to indicate that this column is used to sort
the results in descending order.
User Profile Menu

After you import a valid license into MediaCentral Cloud UX, users can access the About option in
the User Profile menu to verify the type of license that is allocated for their current session. The
following illustration shows that user “editor” is assigned an Edit license.
If you access the About window while signed into the Administrator apps, the License field reports
the following message: “No License Required (Administrator Mode)”. Administrators that are
signed into the Administrator apps page do not consume a client license.
170
7 Using the User Management App

• User Management Overview
• User Management: Sidebar
• User Management: Results
• User Management: Details
• Adding or Removing User Groups
• Adding Client License Types
• Working with Group Quotas
• Working in Disconnected Mode
• Notes for Active Directory User Accounts
User Management Overview

The User Management app allows system administrators to define one or more user groups that can
be used to authenticate user access to MediaCentral Cloud UX. After you identify and add the groups
through the User Management app, you can enable access to MediaCentral Cloud UX features by
assigning a client license to each imported user group. For more information on client licenses, see
“Understanding the License Types” on page 154.
The app is divided between four primary areas, as described in the following illustration and table:
User Management: Sidebar
Section Description
1 Header The app header identifies the currently loaded app and provides access to the Help
menu.
2 Sidebar The sidebar displays the groups imported from your authentication provider — either
Windows Active Directory or Okta.
For more information, see “User Management: Sidebar” on page 172.
3 Results The Results area displays a list of users for the selected group in the Sidebar.
For more information, see “User Management: Results” on page 173.
4 Details This section of the app provides more information about individual users and groups.
This area also allows an administrator to assign a Client License to each user group and
to configure permissions for those groups.
For more information, see “User Management: Details” on page 177.
Accessing the User Management App
You can access the User Management app through the administrator settings. For more information
on accessing the administrator settings, see “Administrator App Overview” on page 118.
User Management: Sidebar

The sidebar displays all user groups that have been added to MediaCentral Cloud UX in an alpha-
numerically sorted list. You can click on any of the groups to obtain more information about the
group and the users contained in the group.
The User Management sidebar provides controls to add Active Directory or Okta user groups to
MediaCentral Cloud UX. You can also filter the groups list — allowing you to quickly and easily
identify a specific group for organizations with multiple user groups.
Sidebar Toolbar
The toolbar at the top of the User Management sidebar includes controls that allow you to execute
certain actions that relate to the groups directory. The following table lists the actions available
through the toolbar:
Section Description
Filter Group The filter option allows you to enter a custom value to limit the Groups directory
tree to show only those groups that include your filter text.
Add Group The Add Group button allows you to add user groups from your authentication
provider (Windows Active Directory or Okta) to MediaCentral Cloud UX.
For more information, see “Adding or Removing User Groups” on page 180.
Reload This button refreshes the list of imported groups.
172
User Management: Results
To filter the Groups directory:

1. Enter a custom value in the Find a Group field.
The list of groups is filtered to include only those whose name include your filter text.
In the following example, an administrator has filtered the list to include only the user groups
that include “ws” in the name.
2. (optional) Delete the filter text by pressing the X on the right side of the Find a Group field.
To reload the Groups directory:

t Click the Reload button to update the displayed group information.
Updates are not displayed automatically in the User Management app. If you have the User
Management app open and a change is made to an Active Directory or Okta user group, you
must click the Reload button to see the change in the User Management app.

The Results area displays information on all users added to MediaCentral Cloud UX by default. If
you click on a group in the User Management sidebar, the Results area displays information about
the users contained in the selected group. If you click on the All Groups link at the top of the sidebar,
the Results area reverts to its default view — displaying information about all users.
The following table provides more information on the different sections of the Results area.
1 Filter Allows you to filter the user results by column. For more information, see “Filtering
and Sorting the Results Panel” on page 174.
2 Results Count The upper-left corner of the Results area displays the total number of users that have
been added to MediaCentral Cloud UX. If you select an individual user group, the
value reflects the number of users in that group.
173
3 User Information Each row in the Results area provides additional information about the users
and Status included in the selected group.
The Status column allows administrators to determine which users are currently
signed-in to MediaCentral Cloud UX. If the user has a green dot over their icon,
then the user is currently active. Otherwise, the user is offline. Additionally, the
Status column provides controls to obtain more details on multiple user sessions.
The user Status column does not refresh automatically. If you want to update the
status, you must refresh the list by clicking the Reload button in the sidebar.
For more information, see “Viewing and Releasing User Sessions” on page 175.
4 Sessions For more information, see “Viewing and Releasing User Sessions” on page 175.
The Results area displays information about the users in columns and rows of data. You can resize all
but the status column to accommodate your available screen space.
You can click on an user to obtain detailed information about that user. For additional details, see
“User Management: Details” on page 177.
Filtering and Sorting the Results Panel

After you have imported the user groups to MediaCentral Cloud UX, you can use the Filter and Sort
controls to refine the list of users in the Results area. The following illustration and table highlight
the Filter and Sort options in the user interface.
1 Sort This option allows you to reorder the results list based on the column header. You can
reorder results list using any of the column headers.
2 Filter This option works almost like a search in that you can enter text in the filter field and
only those users whose details include the filter text are displayed.
You can filter the results list by the values that are associated with user sessions, such as
the user name, device host name, or device IP address.
To sort the Results list:

1. Select the User Management app from the Administrator Settings Fast Bar.
2. (optional) Select a group from the list in the app’s sidebar.
All users contained in the selected group are displayed in the Results area.
3. Click on a column header to reorder the results list.
174
An up arrow appears to the right of the column name to indicate that this column is used to sort
the results in ascending order.
4. (optional) When you click on a column header, the column is sorted in ascending order. If you
need to sort the list in descending order, simply click on the column header again to reverse the
order of the list.
A down arrow appears to the right of the column name to indicate that this column is used to sort
the results in descending order.
To filter the Results list:

1. Select the User Management app from the Administrator Settings.
3. Enter a value in the filter area of the Results toolbar.
As you enter text, the results list is immediately updated with the available results. The following
two examples provide more information on filter functionality:
t You know that user “Bob Smith” (username: bsmith) has been imported into MediaCentral
Cloud UX. You enter “smith” as a filter to quickly find all accounts that include that text in
the username.
t You enter “bob” as a new filter. In this case, the results list does not include Bob Smith
because “bob” is not part of the actual username (bsmith).
4. (optional) Clear the filter text to reset the Results area to show all users.
Viewing and Releasing User Sessions

When a user is signed into MediaCentral Cloud UX, the Status column in the Results list displays a
chevron (arrow) to the left of the user icon. If you click this button, the User Management app
displays additional lines of text that detail the workstation or mobile device that is being used to
access the user interface. Each device is identified by either its host name or its IP address.
If MediaCentral Cloud UX cannot determine the device’s name or IP, the app displays a Device ID
which is a internal identification label for the device.
If the same user account is used to sign into MediaCentral Cloud UX from multiple locations, you
might see multiple lines of text for an individual user. This information relates to the Sessions
column in the Results area which identifies the number of simultaneous connections for the account.
As an administrator, the User Management app allows you to forcibly sign a user or an individual
sessions out of the system. This functionality applies to signed-in users only.
175
To forcibly disconnect a user from MediaCentral Cloud UX:

3. Do one of the following to select one or more user sessions in the Results area:
t Click the user row to select the user and all associated user sessions.
t Click the chevron to the left of the user icon in the Results list to expand the session details
and click an individual session for the selected user.
t Ctrl+click or Shift+click several users or sessions to terminate multiple sessions
simultaneously.
When using the modifier keys to select user sessions, you can select any combination of
individual users and sessions.
4. Right-click the user, session, or sessions and select the Force Sign-Out option from the context
menu.
When you click the Force Sign Out button, MediaCentral Cloud UX displays the following
message to the user: “Your user session has timed out. You need to sign in again.” If the user
waits or clicks OK to the message, they are returned to the MediaCentral Cloud UX sign-in page.
c Although MediaCentral Cloud UX regularly saves progress to the local workstation’s browser
cache, forcibly disconnecting a user might result in loss of work.
176
User Management: Details

When you click on a user or user group, information about the selection is displayed in the Details
panel on the right side of the User Management app. As shown in the following illustration, the upper
half of the panel displays information about a selected user group and the lower half of the panel
displays information about an individual user that is selected in the Results panel.
Group Details and Entitlements

The groups area of the Details panel displays the Default Language, the Client License type
associated with the group, and the quota options.
• Default Language: In this release, MediaCentral Cloud UX sets the Default Language to English.
This cannot be changed.
• Client License: Assigned by an administrator, the client license defines the default level of user
access to MediaCentral Cloud UX for all users in the group. For more information, see “Adding
Client License Types” on page 182.
• Quotas: For more information, see “Working with Group Quotas” on page 183.
This area also displays the MediaCentral Cloud UX features that are available to the group. These
entitlements are initially based on the client license that is assigned to the user group. Unlike the
License app which displays all license types, the User Management app displays entitlements that are
of type User, Seat, or Permission only.
Administrators can alter the set of default entitlements on a group basis by selecting or deselecting
the check boxes in the Enabled column. However, not all entitlements can be toggled. For example,
the Browse app (entitlement) is enabled for all groups and administrators cannot disable this basic
functionality.
177
If you disable an entitlement, the app associated with that entitlement might be removed from the
MediaCentral Cloud UX user interface. For example if you disable the Rundown entitlement, the
Rundown app is removed from the user interface for the affected user group.
c Some apps default to a disabled mode in the entitlements list. In theses cases, you must
manually enable the entitlement to allows users to access the app or feature.
Most entitlements should be self-explanatory. However, the following entitlements are explained in
more detail:
• Collaborate App: This entitlement must be enabled for the user groups that you define when
completing the process for “Configuring Collaborate App User Groups” on page 98. If you
associate this entitlement with any other user group, the entitlement does not allow any
additional users within those groups to access the Collaborate app.
• Edit Content: Allows you to edit sequences in the Sequence Timeline section of the Asset Editor
and allows you to Transcode assets through the Browse or Search app context menus.
This entitlement is disabled for Browse client licenses and cannot be enabled.
• Edit Metadata: Allows you to edit the metadata in the tabs section of the Asset Editor. Without
this entitlement, users can only view metadata.
• Edit Rundown: Allows you to edit items in the Rundown app. Without this entitlement, users can
only view items in the Rundown app.
• Edit Session: Associated with the Log app, this entitlement allows clients to the ability to create
and edit sessions.
This entitlement is associated with Edit client licenses only.
• Master of Jobs
When signed into MediaCentral Cloud UX as a standard user, you are allowed to see only the
jobs that you submit in the Process app. If an administrator enables this entitlement for a user
group, the users within that group can see the list of jobs submitted by all users. This entitlement
applies to the Process app and if licensed, the MediaCentral Distributed Processing Status app.
• Distributed Processing Coordinator
This entitlement enables the user to access the Coordinator Tools and the Email Settings panels
within the MediaCentral Distributed Processing Status app. If this entitlement is not enabled,
these panels do not appear in the MediaCentral Cloud UX user interface for this user group.
178
n Access to the features described above might require one or more licenses. For more information on
client licenses, see “Understanding the License Types” on page 154. If the User Management app
does not display a particular entitlement, you might be required to obtain and install a new license to
enable the feature or entitlement.
User Details
If you select a user in the Results area, the lower-half of the Details panel displays additional
information about the user such as the user’s full name and e-mail address. These fields are defined in
your authentication provider and cannot be altered through MediaCentral Cloud UX.
As shown in the following illustration, the user details area also provides a list of entitlements that are
associated with the user.
You can use the “show entitlements” toggle in this view to alter the list of displayed entitlements:
• Show All: All entitlements are listed in the user details area. If an entitlement is associated with a
check mark, it means that the selected user has access to the feature or app.
• Show Enabled: Only the entitlements that are enabled for the selected user are displayed.
The From Groups column displays the group or groups from which the entitlement is inherited. If a
user is included in more than one group, that user might have multiple levels of access to
For example, consider a user that is included in both a “Producers” group and an “Editors” group. If
you assign an Edit license to the Producers group and a Browse license to the Editors group, the user
would have multiple levels of access. For more information on how licenses are consumed in
MediaCentral Cloud UX, see “License Distribution” on page 160.
179
Adding or Removing User Groups

The following process details the steps required to add or remove user groups within MediaCentral
Cloud UX. This process assumes that you have completed the process for “Configuring an
Authentication Provider” on page 78.
After you add a group to MediaCentral Cloud UX, the list of users remains synchronized with your
authentication provider. If you add a new user to a group that has already been added to
MediaCentral Cloud UX, you are not required to take any action within the User Management app.
The user is included automatically and is allowed to sign into Cloud UX using the license type
assigned to the group. Similarly, if a user is removed from a group, the change is reflected in
MediaCentral Cloud UX synchronizes the user groups automatically. When authenticating against
Active Directory, the interval between synchronizations is based on the CloudUX Active Directory
Import Interval value that you defined in the process of “Integrating with Active Directory” on
page 79. When authenticating against Okta, the synchronization happens once every 24 hours. The
Okta synchronization rate is intentionally longer to avoid exceeding the Okta API quota.
If you remove a group from your authentication provider, the group is removed automatically from
the User Management app. If any users that are included in that group belong to another user group
that has been added to the User Management app, the users retain access to MediaCentral Cloud UX.
However, it is possible that the level of access might be affected. For example, consider a user
(User1) that belongs to two groups (Group1 and Group2). Group1 is assigned an Edit Client License
and Group2 is assigned a Browse Client License. If Group1 is removed, User1 maintains access to
MediaCentral Cloud UX, but with Browse capabilities only.
If you completely remove a user or group of users from MediaCentral Cloud UX, any custom
settings associated with those users are deleted. Favorite searches that are saved in the Search app
represent an example of a custom setting.
To add a user group:

2. Click the Add Group button in the sidebar’s toolbar.
The Add or Remove Groups window appears.
The user groups that can be added to MediaCentral Cloud UX are listed on the left side of the
window. When using Active Directory. this list is populated using the Base DN value specified in
“Integrating with Active Directory” on page 79. If you do not see your desired user group, you
might need to specify a higher-level Base DN. When integrated with Okta, MediaCentral Cloud
UX sees the user groups that have been assigned to the app in the Okta Admin Console.
The Your Groups area on right side of the window displays all user groups that have been added
to MediaCentral Cloud UX. As seen in the following illustration, Your Groups automatically
includes the MediaCentral Cloud UX administrators group. In this example the administrators
group is called “Administrators”. When you configured your authentication provider settings,
you identified a user group that would serve as the administrators group. Therefore your
administrators group might be identified with a different name. You cannot remove the
administrators group.
180
As in other areas of the User Management app, you can use the Filter in either the Available or
the Your Groups areas to quickly find the name of a specific group or groups
3. Do one of the following to add a group to Your Groups:
t Click and drag a single group from the left side of the window to the right.
t Ctrl+click multiple groups and drag the selection from the left side of the window to the
right.
n If you Ctrl+click multiple groups and make a mistake in your selection, you can either Ctrl+click a
group to deselect it or you can release the Ctrl key and click on any single group to deselect all groups.
This process adds the group or groups to the Your Groups list. However, the change is not active
until you click the Save button.
4. (optional) Continue to add groups to the Your Groups list.
t Click the Save button to submit the changes and close the window.
t Click the Cancel button to exit the Add or Remove Groups process without importing any
new groups.
You can return to the Add or Remove Groups area at any time to add additional groups.
181
Adding Client License Types
To remove a user group:

2. Click the Add Group button in the sidebar’s toolbar.
3. Click the X to the right of any group in the Your Groups area of the window to remove the user
group from MediaCentral Cloud UX.
4. After you have finished removing groups, click the Save button to submit the changes and close
the window.
Adding Client License Types

Before users can access MediaCentral Cloud UX, you must assign a Client License to the user group.
The client license defines the level of access that each of the groups will have to the system.
The User Management app allows you change the client license type associated with a group, but you
cannot remove the client license. If you need to disassociate a client license from a group, you must
remove the group from MediaCentral Cloud UX. For more information, see the process for “Adding
or Removing User Groups” on page 180.
If you import a new license through the License app, you might need to reapply the client license to
the group. For instance if a new feature such as Hoverscrub is added to the client’s set of
entitlements, the feature might not be available until you reapply the license. As an alternate
example, if your system is already licensed for a set of Edit Client licenses and you simply add more
seats, you would not need to reapply the license.
n If you apply a client license and subsequently change the license — switch from Edit to Browse for
example — the user group retains all entitlements of type user only. Other entitlement types such as
seat or permission might be reset when you apply the new client license.
To add a client license to a user group:

2. Select a group from User Management sidebar.
Detailed information about the group is added to both the Results area and the Details area of the
User Management app.
3. In the Details area on the right, click the Client License menu.
A list of available license types appears as in the following illustration.
This list is populated by the licenses that have been imported into MediaCentral Cloud UX
through the License app. If for instance you import only a set of Browse licenses into Cloud UX,
then that is the only license type available in the menu.
4. Select a license type from the menu that you want to associate with the selected group.
182
Working with Group Quotas
Whenever assigning a license to a user group, the changes are saved automatically.
If you have not yet imported client licenses into MediaCentral Cloud UX, see “Using the License
App” on page 153 for more information.
Working with Group Quotas

Building on the License Distribution concept that is described in the Licensing App chapter, the User
Management app’s quota feature provides Administrators with a second level of control over the
number of users that can connect to the MediaCentral Cloud UX system. Quotas are configured on a
user group level and they determine the maximum number of users from that group that can connect
to the system.
Quotas allow you to ensure that users from all groups can access the system. If for example you have
a users group that includes 100 members, you can limit that group to a quota of 80. This ensures that
they do not consume all licenses — allowing members of other groups to access the system.
During the sign-in process, MediaCentral Cloud UX checks the quota count before the license count.
That means that it is possible for a user to be blocked from signing into the system, even if a Browse
or Edit license is still available. When a user signs-out, the quota consumption is freed, allowing
another user to sign in.
Consider the following example scenario:

• User Michael is a member of the Editors group.
• User Jennifer is a member of both the Editors and the Producers groups.
• Both groups have been imported from your authentication provider and an administrator has
used the User Management app to assign an Edit license to both groups.
• The administrator assigns a quota of 20 to the Editors group. This means that a maximum of 20
members of this group can access the system at any one time.
• The administrator assigns a quota of 10 to the Producers group.
Example 1
• 12 members of the Editors group and 5 members of the Producers group are currently signed in. There are
plenty of Edit licenses available on the system.
Result: Michael and Jennifer can both sign in. Michael deducts one “seat” from the Editor quota and Jennifer,
who is a member of both groups, deducts one seat from the Editor quota and one seat from the Producers quota
Users who belong to multiple groups always take one seat from each group’s quota. However, this is different
from the license count. The same user (Jennifer) consumes only one Edit license.
Example 2
• 15 members of the Editors group and 10 members of the Producers group are currently signed in. There are
still plenty of Edit licenses available on the system.
Result: Michael can sign in normally. However the system displays a message to Jennifer indicating that she
cannot access the system at this time. Since the Producers group has reached its maximum quota of 10 users,
Jennifer cannot access the system until another member of the Producers group signs out.
183
Working in Disconnected Mode
Example 3
• 5 members of the Editors group and 5 members of the Producers group are currently signed in. Other user
groups have consumed all of the available Edit licenses, but there is still one Browse license available.
• Jennifer signs in first (sorry Michael).
Result: Jennifer signs in normally. Even though all Edit licenses are being used, MediaCentral Cloud UX
allows her sign in with a Browse license. She consumes one quota seat in both the Editors and the Producers
groups.
Since all Edit licenses and Browse licenses are consumed, Michael is blocked from accessing the system —
even though the Editors group maximum quota has not been reached.
Example 4
• The administrator disables the quota option for the Producers group.
Result: When Jennifer signs in, the system checks the Editors group quota and the licenses only. Since the
Producers group quota value is disabled, the value is not used in the verification process.
To assign a quota to a group:

1. Select the group in the User Management app sidebar.
2. Click the slider button to enable the quota.
3. Enter a numerical value into the quota field.
Working in Disconnected Mode

As you know, MediaCentral Cloud UX requires a connection to Windows Active Directory or Okta
to validate user access to the system. If the connection to your provider is severed, users that are
already signed in to MediaCentral Cloud UX can continue working. However as Avid does not store
passwords on the Cloud UX server, users that are not already signed-in are denied access to
MediaCentral Cloud UX until the connection to the provider is restored.
184
Notes for Active Directory User Accounts
Notes for Active Directory User Accounts

As an administrator, be aware of the following rules related to Active Directory users:
• Password must be changed after next login
If you have this option enabled in Active Directory for any user and the user is attempting to
access the domain for the first time using MediaCentral Cloud UX, the user will not be able to
sign-in. MediaCentral Cloud UX does not prompt the user to change their password. In this case,
the user must sign into a Windows client to change their password before attempting to access
• Locked accounts
If your Active Directory system is configured to lock an account after a certain number of failed
login attempts, MediaCentral Cloud UX respects this configuration and displays the following
message after the specified number of failed attempts.
If your Active Directory system is configured to automatically unlock the account after a certain
period of time, the user might still see this message if attempting to sign into MediaCentral
Cloud UX with an invalid password after the unlock period has expired. This is an unexpected
response as the user should normally receive a “wrong credentials” message.
If the user enters a correct password after the lockout period has expired, the user is granted
access to MediaCentral Cloud UX as expected.
This scenario does not occur if a domain administrator unlocks the account manually.
185
8 Using the Configuration Settings App

• Configuration Settings Overview
• Configuring the General Settings
• Configuring Single Sign-On
• Managing Service Accounts
• Configuring Enterprise Editing Sync Settings
• Configuring the Publisher Settings
• Configuring External Applications
• Configuring System Modules
• Configuring the Email Settings
Configuration Settings Overview

This app includes settings that relate to the overall operation and configuration of the system.
The app’s sidebar includes a tree that divides the settings into multiple categories. Review the
information in this chapter and complete the sections that apply to your environment.
Configuring the General Settings
In some cases, you might see an Integrations option appear in the sidebar. This menu item only
appears if a connected module or service calls to it — exposing additional administrator settings. If
you see this menu item, refer to the documentation in the related module or system for information
on how to configure the settings.
The sidebar’s Playout Servers feature can be used in environments that include Avid MediaCentral
Shared Library. For more information on this feature, see the Avid MediaCentral | Shared Library
Configuring the General Settings

The General Settings apply to the overall MediaCentral Cloud UX system and not to any specific app
or area of the user interface.
To configure the General Settings:

1. Click on the Configuration Settings button in the Administrator Fast Bar and select General
Settings from the menu in the app’s sidebar.
2. Configure your Session Timeout settings:
t Verify the configuration of the session timeout feature. If enabled (blue), users are
automatically signed out of MediaCentral Cloud UX after the specified period of inactivity. If
disabled (black), user sessions do not expire. The session timeout feature is enabled by default.
t Enter a numerical value to define the period of inactivity before a user is automatically
signed out of MediaCentral Cloud UX. The default value of this field is 30 minutes and
acceptable values are 1 to 1000 minutes.
When a user exits MediaCentral Cloud UX by signing out of the UI, their session is ended and
their license is released for use by another user. However if a user ends their session by closing
the Chrome browser, the license might not be released for another 15 minutes of inactivity. For
this reason, administrators are encouraged to advise users to sign-out before closing their
browser. If you configure the Session Timeout for a value of 15 minutes or less, the user session
ends and the license is released at the same time – regardless of how the user exits their session.
n The Session Timeout settings do not apply to embedded MediaCentral Cloud UX panels, such as the
MediaCentral | Connector for Adobe Premiere Pro, the MediaCentral | Panel for ENPS, or other. In
these cases, the connection to MediaCentral Cloud UX remains active and does not time-out.
3. (Optional) Select a new time zone from the menu.

The Time Zone field allows you to configure a local time zone for the MediaCentral Cloud UX
interface. This field defaults to “Use System Timezone” which configures user interface to use
the same zone as the one configured in the server’s operating system.
After you click in the field, a menu appears with a list of possible selections. You can use the
scroll bar to the right of the menu to navigate the list of options.
The format of each time zone can vary based on your region and selection. For example the
following time zones can be selected:
- America/Argentina/Tucuman (region / country / province)
- Etc/GMT+8 (Greenwich Mean Time, plus 8 hours)
- Europe/Berlin (continent / city)
- US/Pacific (country / time zone)
187
Configuring Single Sign-On
4. Use the Date Format menu to define how you would like to have date fields appear in the user
interface.
5. Click the Save button at the bottom of the app to apply and save your settings.
Configuring Single Sign-On

Organizations that use Microsoft Windows workstations can configure the settings in this panel to
allow users to pass their user credentials directly MediaCentral Cloud UX. Once enabled, a new Sign
In button appears below the standard username / password fields on the Welcome page. In the
following example, an administrator has configured the settings to use Microsoft Windows as an
authentication method.
This method simplifies the sign-in process by allowing users to access MediaCentral Cloud UX with
a single mouse click. This alternative method is also beneficial to organizations that use smart cards
to sign into Windows — where users might not know their individual user / password details.
This optional procedure is required only if you want to enable this sign-on method. After you enable
the setting, users are allowed to either enter their user credentials manually (if known), or use the
single sign-on method (both options are available). If you enable the Multi-Factor Authentication
option during the process of “Integrating with Active Directory” on page 79, the manual user/
password fields are removed from the Welcome screen. In this case, users have access to the SSO and
MFA sign-in options only.
The following process requires access to a keytab or “key table” file. Used in conjunction with the
Kerberos Key Distribution Center (KDC) that is often installed on a Windows Active Directory
server, keytabs store accounts or principals and keys (similar to passwords). If you are unfamiliar
with these concepts, you can refer to the following resources for more information:
• https://www.kerberos.org/software/tutorial.html
• https://docs.microsoft.com/en-us/windows/win32/secauthn/key-distribution-center
• https://docs.microsoft.com/en-us/windows/win32/ad/service-principal-names
Before proceeding, you must work with your local IT Department or Domain Administrator to obtain
the keytab file and the associated SPN (service principal name). While you can define a custom
service name during the keytab file creation process, it is customary to use the short hostname of
your MediaCentral Cloud UX single server or virtual cluster as your service name.
188
Managing Service Accounts
c Due to the security-critical nature of the Kerberos ticket exchange, Avid strongly recommends
that you do not use the Kerberos SSO mechanism over the open internet. Always enable a
secondary encryption method such as a VPN.
n The SSO feature is limited to users that access MediaCentral Cloud UX through a Microsoft
Windows client workstation. In this release, Microsoft is the only alternate configuration option.
To configure the single sign-on settings:

1. Click on the Configuration Settings button in the Administrator Fast Bar and select the Single
Sign-On (SSO) option from the menu in the app’s sidebar.
2. Click the toggle in the SSO panel to enable the settings.
If you configure the keytab and SPN values in this panel, you can click the toggle to disable the
SSO option. After you save the change, the settings are retained, but the feature is disabled.
3. Import a keytab file.
a. Click the browse button to the right of the Keytab file field.
b. Navigate to the location of the file, select it, and click Open.
4. Enter the Service Principal Name (SPN) for the keytab file.
The SPN is defined when executing the ktpass command on your Windows server. Although
the exact format of this value can vary, it might look similar to the following example:
HTTP/<service_principal_name>@<DOMAIN_NAME.COM>
or
HTTP/cloudux@WAVD.COM
Note that the Domain name must be in all capital letters.
t Click the Cancel button to abort your changes.
6. Finally, you must use the Internet Properties control panel (Security tab) on your client
workstations to add your MediaCentral Cloud UX URL to the list of Local Intranet sites. While
you can accomplish this task on a per-client basis, larger organizations might prefer to deploy
this change through domain group policy.

Some system services need to execute operations (talk to other services) while not running in the
context of a user session (no access token from a logged in user is available). However without a
valid access token, communication between services is not possible.
The Services option in the Configuration Settings allows you to assign user accounts to these system
services. The following illustration shows the default Services Configuration Settings window.
189
During the process of “Integrating with Active Directory” on page 79, you are asked to define a
Default Username and Default Group DN. Although displayed in the UI as “unassigned”,
MediaCentral Cloud UX assigns the Default Username to each of the services in the Configuration
Settings app. As a result, the following process is optional in this release.
If you decide to assign a custom user account to one or more of these services, you must select a user
that has been imported into MediaCentral Cloud UX from your authentication provider. There is no
impact to the user that is assigned to the service. You can assign different users to each service or the
same user account to all services. The client license assigned to the user account through the User
Management app has no impact on the account’s ability to run a service.
To assign a user to one or more services:

1. Click on the arrow to the left of Services in the Configuration Settings sidebar and then select the
Services option.
2. Use the menu to the right of any service to assign a user name to the service.
If you know the name of the user that you want to assign to the service, you can start to type the
name of that user in the menu. The list of users is filtered to include only those users that match
your text. In the following example illustration, the administrator has filtered the menu to display
only those users that start with “svc”.
3. Click the Save button to apply your changes.
190
Configuring Enterprise Editing Sync Settings

Mixed sequence editing is a licensed feature that allows you to combine MediaCentral Asset
Management and MediaCentral Production Management assets in the same sequence. As soon as
you save a sequence that includes assets from more than one module, it is identified as a draft
sequence. Your server must be licensed for “MediaCentral | Enterprise Editing” to enable this
functionality. For more information on Enterprise Editing, see “Editing Mixed Sequences” in the
Avid MediaCentral | Cloud UX User’s Guide.
After you finish editing your draft sequence, you must synchronize it. The synchronization process
converts the draft sequence back into a standard sequence and saves it to the module on which you
created the draft sequence. The Sync Job Distributor service manages the synchronization process.
The rules that you define below determine the type of orchestration engine that is used to complete
the synchronization task.
When configuring the distribution rules, you must note the following:
• Although MediaCentral Cloud UX includes a set of default distribution rules, you must complete
a manual save of these rules after performing a new installation.
• When you access the Sync Job Distributor settings for the first time, the app displays the
following message which is normal and expected for this release. After you save your settings,
the message does not reappear.
191
n Since the “Media Services Orchestration” is not available in this release, your environment must
include an Asset Management module to orchestrate synchronization of assets from your Production
Management module.
• The Distribution Settings provide the following orchestration options to be used by the Sync Job
Distributor:
- AM Orchestration (Central): Use the Asset Management system selected as Orchestration in
the Central Settings group.
- AM Orchestration (Target): Use the orchestration of the Asset Management system where
the draft sequence was created and the synchronized sequence will be saved.
- AM Orchestration (Node): Use the orchestration of the Asset Management system from
which the first Asset Management clip was added to the timeline (this can be a local or a
remote Asset Management system).
Note that multi-site Enterprise Editing is not supported in the current version and planned
for a future release.
- AM Orchestration (Node Local): Use the orchestration of the Asset Management system
from which the first local Asset Management clip was added to the timeline.
- Media Services Orchestration: Use the Production Management Media Services for
orchestration. Can only be applied to draft sequences that contain a mix of local and remote
Production Management assets.
Note that multi-site Enterprise Editing is not supported in the current version and planned
for a future release.
To configure Sync Job Distributor rules:

1. Click on the arrow to the left of Services in the Configuration Settings sidebar and then select the
Sync Job Distributor option.
In the Sync Job Distributor panel on the right, the configuration options are arranged in the
General Settings and Distribution Settings groups.
2. Configure the General Settings:
- BPM Process: This field defines the name of the Asset Management BPM (Business Process
Model) process used to synchronize draft sequences. The default entry for this field is:
MCP_DRAFT_SEQUENCE_SYNC.
n Only change this default value if you have created a new custom synchronization process in the Asset
Management system.
- Orchestration: Select the Asset Management system to be used as orchestration engine from
the drop-down menu. This is only required if you want to use “AM Orchestration (Central)”
in one of the Distribution Settings menus.
The menu shows all registered Asset Management systems that can be used for
orchestration. The selected system is shown as a small card with an X button in the
Orchestration field. If a selected system is not available, the entry is highlighted in red.
The Orchestration field is mandatory as long as “AM Orchestration (Central)” is selected in
at least one of the Distribution Settings menus.
3. Configure the Distribution Settings:
- Sync to Asset Management: Select the orchestration for an Asset Management sequence to
which Productions Management assets are added; the sequence will be saved to the Asset
Management module.
192
Configuring the Publisher Settings
Options include AM Orchestration (Central) and AM Orchestration (Target). Note that you
can only use AM Orchestration (Target) in this release.
- (Not supported in this release) Sync to Production Management - Sequence contains only
PM clips: Select the orchestration for draft sequences that contain a mix of local and remote
Production Management assets.
Options include AM Orchestration (Central) and Media Services Orchestration.
- Sync to Production Management - Sequence contains AM and PM clips: Select the
orchestration for a Production Management sequence to which Asset Management assets are
added; the sequence will be saved to the Production Management module.
Options include AM Orchestration (Central), AM Orchestration (Node), and AM
Orchestration (Node Local).

If you have purchased and licensed the MediaCentral Publisher app, you must configure the
Publisher section of the Configuration Settings.
In MediaCentral Cloud UX v2020.9.4 and earlier, the connection between the MediaCentral system
and the Publisher back-end was initiated from the SAAS platform. This connection method required
organizations to establish either a VPN connection, or to introduce multiple firewall exceptions that
were not always possible or desired.
MediaCentral Cloud UX v2020.9.5 and later include proxy settings that simplify this connection
process, while maintaining a high-level of system security. When the tunneling options are enabled,
the connection to the SAAS platform originates from the MediaCentral system — essentially
reversing the previous connection method.
n After you have deployed the Publisher feature pack and configured these setting, you must work with
your Avid Representative to configure additional settings in the MediaCentral Publisher SAAS
platform.
To configure the Publishing settings:

1. Click on the Configuration Settings button in the Administrator Fast Bar and select Publisher
Settings from the menu in the app’s sidebar.
The Publisher Configuration Panel appears. The version information listed to the right of the
panel name is the internal version number of the Publisher feature pack.
2. Enter your custom configuration information into the following fields:
- Publisher SAAS Service
This is the URL of the Publisher back-end. This information is provided to you by Avid at
point of sale.
Example: us.wildmoka.com
- Wildmoka ID
This identification number is used to track your MediaCentral Cloud UX system in the
SAAS platform. It is provided to you at the same time as your SAAS platform URL.
Example: 580b2e2e-f1f2-4485-a15d-c55f004492cf
193
- Tunnel Web Site

This value represents the URL endpoint to which the MediaCentral Cloud UX system
connects. If you requested the tunneling option at point of sale (selected by default), then
this information is provided to you by Avid along with the Service ID and Wildmoka ID.
Example: https://proxy.us.wildmoka.com
- Cloud UX IP or Address
This field identifies the IP address or hostname that listens for API requests. This value is
defined as your local MediaCentral Cloud UX IP address or hostname.
3. Click the Save button to save your settings.
4. If you configured the Proxy settings, do one of the following:
t Click the Start Local Tunnel button to enable the proxy settings.
When connected, the app displays a “Got tunnel information” message in the Proxy area of
the app. If your connection is ever interrupted due to a temporary loss in network
connectivity, the connection is reestablished automatically.
t Click the Stop Local Tunnel button to disable the use of the proxy configuration.
If you need to disable database access for specific user profiles, see “Configuring Database
Access for Specific User Profiles” on page 194.
Configuring Database Access for Specific User Profiles

Using Publisher, users with Admin rights can browse and get access to the Production Management
or Asset Management database. These access rights are implemented on the Wildmoka back-end
system. However, it is also possible to enable or disable users from accessing the database for a
specific profile on the Wildmoka back-end system.
Basically an Administrator has the ability to enable or disable the database for these profiles that
should not have access from the Wildmoka back-end system.
To configure database access for specific user profiles:

1. Log into the Wildmoka system connected to your system or the Professional Services team
system.
2. Go to users set up, and navigate to Profiles Management.
3. Open the specific user profile that you want to enable or disable access to the database.
The user profile opens.
4. Select the Sources tab, and do one of the following:
- If you want to enable database access for a user profile, click to check the box next to the
Production Management or Asset Management database for which you want to enable
access.
With the box checked, the Production Management or Asset Management database will be
visible to that user profile.
- If you want to disable database access for a user profile, click to un-check the box next to the
Production Management or Asset Management database for which you want to restrict
access.
With the box is unchecked, the Production Management or Asset Management database will
no longer be visible to that user profile anymore.
194
Configuring External Applications
The following is an example of the Sources tab with the box unchecked, restricting access
for the user profile.
The Browse External Content tab will still appear on the dialog box, but there will not be any
source loading. So, for the specific user profiles that have the option disabled, there will be no
content to browse to both from the Wildmoka back-end, or from the Publisher app.

The External Application settings allow administrators to define one or more applications that can be
used to work with Avid assets, outside of MediaCentral Cloud UX. This allows you to potentially
take advantage of features included in other applications that are not present in MediaCentral Cloud
UX to review or enhance your assets. External applications can open or work with the asset, only if
they understand the asset parameters or type.
The following illustration provides a sample configuration as real-world example of this workflow. In
the first case, the Asset Management Cataloger has been configured to open audio- and video-type
assets.
For more information on this feature, see “Opening Assets with an External Application” in the Avid
MediaCentral | Cloud UX User’s Guide.
195
To configure the application settings:

1. Click on the External Applications option in the Configuration Settings sidebar.
2. Click the Add Application button on the right side of the External Applications panel.
A New Application entry appears in the panel.
3. Enter a user-friendly name for this application.
This name is displayed in the External Application menu when a user right-clicks on an asset in
either the Browse or Search apps.
4. Enter a value for the Base URL in the following format: <name>://
If you enter an invalid URL, the system responds with a message to let you know that the setting
must be corrected.
5. (optional) The parameter field allows you to forward any attribute value that might be associated
with the selected asset to the external application. You can select one or more options from the
Parameters menu.
If you know the name of the parameter that you want to select, you can use the filter at the top of
the menu to limit the list of available parameters.
6. (optional) Enable one or both of the following settings:
- (optional) Include Upstream URL: When selected, the external application URL includes an
embedded URL that points to the MediaCentral Cloud UX system. The Upstream URL is
required if the external application needs to connect to MediaCentral Cloud UX, e.g. to
resolve a passed asset.
- (optional) Include Global ID of Asset: The Global ID is a unique identifier for an asset. This
value is required to resolve the asset on the platform. If you select this option, you might also
be required to enable the Upstream URL value.
Both settings are required for Asset Management Cataloger.
7. Preview: The Configuration Settings app generates the value for this field automatically. Its
contents include the values that you configure in the fields above.
The Preview value allows you to define a language in which the user interface of the external
application is to be shown (if supported by the external application). For Asset Management
Cataloger, you can force that the user interface is shown in German. To do so, replace the part
lang={userlanguage} with lang=de
8. (optional) Use the menu to select one or more asset types that you want to associate with this
external application.
For example, you could create two external application profiles — each associated with the
sequence asset type. After you save the profiles, these options appear in the External Application
menu when you right-click on a sequence. However these options do not appear when right-
clicking on a master clip, because the configurations do not include the masterclip asset type.
If you do not associate a specific asset type with the application, the entry appears in the External
Application menu for all asset types.
If you know the name of the asset type that you want to select, you can use the filter at the top of
the menu to limit the number of displayed asset types.
9. Click the Save button to apply your changes.
196
Configuring System Modules

The Modules area of the Configuration Settings allow you to configure settings related to connected
MediaCentral modules. Review the following sections as they apply to your environment:
• “Reviewing the Asset Management Module” on page 197
• “Configuring the Newsroom Management Module” on page 197
• “Configuring the Production Management Module” on page 199
If your workflow includes the MediaCentral | Panel for Adobe Premiere Pro, the Modules area
includes an Adobe Integration Management selection. You can use the controls in this area to
resynchronize the index used by MediaCentral Search. For more information, see “Working with the
Adobe Integration Management Module” in the Avid MediaCentral | Panel for Adobe Premiere Pro
ReadMe v2021.3 or later.
Reviewing the Asset Management Module

If you are integrating with a MediaCentral Asset Management system, the Asset Management item in
the Modules area displays information on any locally connected Asset Management systems. If you
are configured in a multi-site environment, remote Asset Management systems are not shown here.
As shown in the following illustration, the Configuration Settings app provides a link to the MAM
Control Center. If you click on this link, a connection is made to the Control Center in a new tab in
your browser.
Configuring the Newsroom Management Module

If you are integrating with a MediaCentral Newsroom Management system, the Newsroom
Management item in the Modules area allows you to configure optional settings related to the
Newsroom workflow.
197
To configure the Newsroom Management module:

1. Click on the arrow to the left of Modules in the Configuration Settings sidebar and then select the
Newsroom Management module.
A list of settings and options appears in the panel on the right.
2. Adjust the following settings under the Sequence Association and Creation section:
- Timing Field: This value defines how the Newsroom Management timing field is updated
when you associate a sequence with a story. Options include: None, Audio Time, Tape Time,
and MOS Duration.
- Tape ID: Enter the name of a valid Newsroom Management form field. Typically, the
video-id field is associated with this value. The following information describes how this
option effects the story and associated sequence:
- If you enter a valid form field and your sequence’s Tape ID is empty, this Newsroom
Management value is set as the sequence’s Tape ID.
- If you enter a valid form field and your sequence already includes a Tape ID, the story’s
Video ID is updated with the sequence’s Tape ID.
- If you leave this setting empty or if you assign a value that does not exist as a valid field
in the Newsroom Management database, the sequence’s Tape ID is not altered.
n For more information, see “Form Field Types and Definitions” in the Avid MediaCentral | Newsroom
Management Setup and Configuration Guide.
- Allow Folder Selection: Enable this setting if you want users to be allowed to select target
folders when creating new sequences in a story. This setting impacts the options available in
the Create Sequence dialog box in the Rundown app.
3. (if applicable) Enter a MOS Identifier in the Video MOS Object section.
The Rundown app can manage a MOS object in the story form that corresponds to the Video ID
field, thus enabling playout devices referencing videos via a MOS object (as well as using the
Video ID in a MediaCentral Command workflow). To enable this feature, you must specify a
198
Configuring the Email Settings
“mosID” for the device that processes story form MOS objects for videos in the Newsroom
Management module. The mosID must also be in the SYSTEM.MOS-MAP story on the
Newsroom Management server.
Configuring the Production Management Module

If you are integrating with MediaCentral Production Management, you might have already
configured many of the settings listed in this section during the process of “Running the Post-Install
Setup Scripts” on page 60. These settings cannot be adjusted through the Configuration Settings app.
This section describes the process to adjust additional settings that are not included in the script.
To configure the Production Management module:

1. Click on the arrow to the left of Modules in the Configuration Settings sidebar and then select the
Production Management module.
A list of settings and options appears in the panel on the right.
2. MCDS URL: If you plan to enable a Send to Playback workflow, you must enter the URL of a
server hosting the MediaCentral Distribution Service. You can enter the server’s hostname, IP
address, or FQDN in this field. The standard port number used by this service is 8443. If you
installed multiple copies of MCDS, list each URL separated by a comma and a space. Multiple
instances of MCDS provide fail-over capability, but not load balancing.
Example 1: https://wavd-tc01:8443
Example 2: https://wavd-tc01:8443, https://wavd-tc02:8443
For more information, see the MediaCentral Distribution Service ReadMe on the Avid
Knowledge Base at: http://avid.force.com/pkb/articles/en_US/user_guide/MediaCentral-
CloudUX-Documentation
3. Location Script Sequence:
a. In the text field, specify a folder in the Production Management database where script
sequences will be stored. The correct path format does not include a leading slash.
Example: Projects/Scripts or Newsroom/Sequences
n If you do not complete this setting, you could get error when saving sequences associated with
Newsroom Management stories.
b. Select whether you want sub-folders in the parent folder to be created by Queue name, Date,
or Story name.

Some MediaCentral applications have the ability to generate e-mails to notify users of important
system events. This section allows you to configure the settings used to establish the connection to
your SMTP server, and allow you to enable or disable this feature system-wide.
In the case of the Collaborate app, offline users are able to receive a summary e-mail of any
notifications that they might have missed while signed out of MediaCentral Cloud UX. This e-mail is
generated automatically every 60 minutes. Users receive an e-mail only if another user took an action
that affected the receiver, such as adding the user to a new assignment.
199
E-mails arrive in the user’s in-box, showing “Avid MediaCentral | Cloud UX” in the subject header.
Administrators can define the “From” e-mail account through the settings in this panel.
To enable the e-mail settings:

1. Click on the Configuration Settings button in the Administrator Fast Bar and select the Email
Settings option from the menu in the app’s sidebar.
2. Click the Email Notifications toggle to enable the settings.
The button turns blue to indicate that the e-mail notification settings are enabled for all users.
3. Configure the following additional settings:
- SMTP Server Hostname: Enter the IP address or FQDN of your SMTP server.
- Port: This is the port number used to communicate to your SMTP server. The Email settings
define port number 465 by default.
- Connection Security: If you want to enable a security protocol, select an option from the
menu that is compatible with your SMTP system.
- User Name: Enter the name of a domain user that is capable of connecting to the SMTP
server. For example: smtpserviceuser
- Password: Enter the password for the user specified above.
- Disable Certificate Check: SMTP servers often use certificates to enhance security by
verifying the authenticity of a connection.
If you leave this setting at its default value of Disabled, the system attempts to validate the
certificate during its connection to the SMTP server. If the certificate is self-signed, or if it
invalid in any way, MediaCentral Cloud UX will not connect to the server.
If your environment requires it, you can enable this setting to skip the certificate validation
step. The button turns blue to indicate that the setting is enabled.
- Sender: Enter the e-mail address that will appear in the “From” field in the email.
t Click the Cancel button to abort your changes.
n If you select another menu item in the sidebar, the app prompts you with a Save Changes window.
Click Save or Don’t Save to proceed.
To disable the E-mail settings:

t Click the Email Notifications toggle to enable the settings.
The button turns gray to indicate that the e-mail notification settings are disabled for all users. If
you configured the settings, the information is saved in case you want to re-enable the e-mail
notifications at a later date.
200
9 Using the Workflow Settings App
Workflow Settings Overview

The Workflow Settings app allows system administrators to adjust settings related to user workflows.

• Configuring the Playback Settings
• Working with the Send to Playback Settings
Additional Settings:
• MediaCentral | Analytics is an optional feature that provides a framework for automated content
indexing, such as facial detection, scene recognition, and speech-to-text conversion, by using
third-party capabilities.
For more information on installing and configuring this feature, see the Avid MediaCentral |
Analytics ReadMe on the Avid Knowledge Base.
• Archive / Restore profiles are for use with Avid MediaCentral | Shared Library.
For more information, see the Avid MediaCentral | Shared Library Installation and
Configuration Guide.
Accessing the Workflow Settings App
You can access the Workflow Settings app through the Administrator settings. For more information
on accessing the Administrator settings, see “Administrator App Overview” on page 118.
Configuring the Playback Settings

This section allows you adjust settings related to playback of media through the Asset Editor.
Working with the Send to Playback Settings
To configure the Playback settings:

1. Select the Playback settings in the Workflow Settings sidebar.
2. (if applicable) Adjust the playback server’s host name.
If not specifically configured, this setting defaults to the host name or IP address that you entered
in your web browser to connect to MediaCentral Cloud UX. Avid recommends that you leave
this setting blank unless your network is configured in such a way that blocks playback.
If your environment requires you to manually specify a value, enter the Fully Qualified Domain
Name (FQDN) of the MediaCentral Cloud UX single-server or cluster.
3. (optional) Configure the Variable Speed Playback settings.
If you want to alter the default functionality of the J and L keys, type a new value in any column
or use the up and down arrows in each column to alter the default functionality of the J and L
keys. Acceptable values are whole numbers (1) and decimal numbers rounded to the tenth place
(1.5).
In the following example, an administrator has altered the functionality of the J and L keys. With
this setting in place, assets are played back at ten times their original speed when a user presses
the L keys four times in a row.
c If you increase the player speed to a factor of five or more, you might experience stuttered
playback or skipped frames. Smooth playback might be affected by multiple variables
including asset resolution, format, network speeds, system resources, or other.
For more information on variable speed playback, see “Using the J-K-L Keys for Playback” in
the Avid MediaCentral | Cloud UX User’s Guide.

If you require a Send To Playback (STP) workflow, you must configure one or more Send to
Playback profiles. Depending on your workflow, one or more of the following systems are required:
• MediaCentral Production Transcode – Required for STP profiles using stereo audio tracks (audio
mixdown) or for sequences with dissolves (video mixdown).
• MediaCentral Production STP Encode – Required for workflows that include Long GOP media
(including Adobe Premiere Pro media).
• MediaCentral Production Transfer Engine – Required for workflows that use non-Avid servers in
their STP workflow such as Harmonic Omneon or Grass Valley K2. MediaCentral Production
Transcode and STP Encode might also be required in this workflow.
202
Filtering Profiles
The Send to Playback settings includes an area to filter the list of profiles. If you have created a large
number of profiles, the Filter field makes it easy to find profiles quickly.
To use the Filter:

1. Enter text in the Filter field to locate your desired data.
You can filter by profile name as well as many of the configuration fields included in the profiles.
If found, your filter text is highlighted in the list of Authorization profiles.
2. After you have filtered the list, you can clear the filter by either deleting the text or clicking the X
button to the right of the filter.
Editing Profiles
If you have already created a profile and want to make a change to the configuration settings, you can
alter and save the profile at any time. If you need to undo your changes before saving the profile, you
can click the Revert button that appears to the right of the profile to return it to its original state.
If you begin to create or edit a profile and subsequently change your mind about saving the profile,
you can click the Cancel button to clear the panel of any unsaved changes.
Deleting Profiles
If you create a profile and later need to remove it, you can click the Delete button to the right of the
profile to delete it. The system prompts you to confirm the delete request. After you click Yes, the
profile is deleted.
Creating a Send To Playback Profile

Complete the steps in this section to create one or more Send to Playback profiles.
n If you have not configured your Production Management Transfer Settings, you might not be able to
configure the settings described in the following process. If you have already configured a Send to
Playback profile and those settings are no longer valid, some values might appear red. You can move
your cursor over the device to display a tool-tip that contains more information about the error.
To configure the Send To Playback settings:

1. Click the Send to Playback option in the Workflow Settings sidebar.
2. In the panel on the right, click the Add Profile button to the right of the Profile Name column.
3. Enter text in the Name field to add a name for the profile.
Profile names should be descriptive, but concise. Examples of good profile names include “To
AirSpeed” or “XDCAM-HD”, while a poor profile name would be “Use this one to send to the
AirSpeed”. Special characters and spaces are allowed in this field.
4. Specify if the profile should be created for an Individual Device or a Studio.
A “Studio” is a group of AirSpeed servers configured with a similar naming convention. The
Studio is presented to the user as a single device. When a sequence is sent to the AirSpeed
Studio, the media is sent to all AirSpeed servers simultaneously. This provides redundancy for
on-air operations.
203
If your “Transfer Settings” section of the Interplay Production Administrator Tool does not
include a studio, you can select the Individual Device option only. The reverse is also true if your
Transfer Settings include individual devices only (no studio).
5. Depending on your selection in the previous step, the next field appears as either Servers or
Studio.
t If you selected an Individual Device, the Servers field appears.

Select a Transfer Engine or Avid AirSpeed from the Servers field.
t If you selected a Studio, the Studio field appears.
Select an AirSpeed Studio from the menu.
The Server / Studio menu is populated through the Interplay Transfer settings in the Interplay
Production Administrator tool. If the Interplay Transfer Settings have not been configured, you
will not be able to select any servers from this menu.
6. Select a profile from the Playback Device menu.
t If you selected a Transfer Engine, select a profile from the menu. This menu is populated by
the profiles created directly on the Transfer Engine.
n If Sending to Playback from Transfer Engine, from the MediaCentral | Panel for Adobe Premiere
Pro, you must send to an OP1A Export Device (this enables the OP1A workflow).
t If you selected an individual AirSpeed or AirSpeed studio, the Playback Device menu shows
AirSpeed and AirSpeed-HD options. The –HD options are required if working with Long
GOP media, and Adobe Premiere Pro Media.
Adobe Premiere Pro creates an OP1A file for every media type, you must enable some form
of LONG GOP media to select when Sending to Playback from Adobe Premiere Pro.
In order to enable maximum compatibility with all Adobe Media Encoder presets, you must
make sure your Send to Playback Profile includes a LONG_GOP -HD media option. You can
add a LONG_GOP -HD option by doing the following:
a. Open the AirSpeed 5000 5500 or FastServe Management Console, and click on the
Inventory tab.
b. In the LONG_GOP Editor Send to Playback format field, select one of the -HD options. You
can select any one in the list. Once an -HD option is selected, it enables the HD workflow for
Adobe Premiere Pro to account for the OP1A files that Adobe Premiere Pro creates for all
media types.
7. Video Options:
- Long GOP: Select Long GOP if this profile will be used to transfer Long GOP media (for
example, XDCAM HD).
- AirSpeed: Select this option if transferring to an Avid AirSpeed server.
- Accelerated STP: If you select both Long GOP and AirSpeed, the Accelerated STP option is
activated. This option enables Play While Transfer (PWT) on the AirSpeed.
204
- Dalet: Select this option if transferring to a Dalet system.

8. Video Target Resolution: Select a target resolution from the menu. The target device must match
this setting. You must make sure to match the settings specified on the target device.
9. Video Frame Rate: Select a frame rate from the menu. You must make sure to match the settings
specified on the target device.
10. Audio Target Sample Rate: This is always configured for 48k.
11. Audio Target Bit Depth: Select the bit depth (16 or 24) for your target device. You must make
sure to match the settings specified on the target device.
12. Audio Target Mixdown Mode: Select the type of audio output you want. Options are: Stereo or
Direct Out.
13. Workspace: Enter the path to an Avid NEXIS workspace that can be used to store media
resulting from an audio mixdown or an STP Encode operation.
You must enter the path in the following format:
\\<host>\<workspace_name>
Where <host> is the System Name of your Avid NEXIS system and <workspace_name> is the
name of your shared storage workspace.
For example: \\wavd-nexis\mixdowns
The Workflow Settings app provides an example path for convenience. This path might or might
not contain the name of your actual Avid NEXIS system.
14. Do one of the following to save your profile:
t Click the Save button to the right of the profile.
The system prompts you to confirm that you want to accept the changes.
Click Yes to save the profile or No to return to the profile and make additional changes.
t Click the Save button at the bottom of the list of profiles.
If you have created or edited multiple profiles, this button saves changes to all profiles. This
button does not prompt you to confirm the action.
205
10 Using the Search Index Monitor App

• Search Index Monitor Overview
• Reviewing the Search Index Monitor Header
• Viewing and Working with Sites
• Reviewing the Search Analyzers
Search Index Monitor Overview

The Search Index Monitor app allows system administrators to monitor the status of the search
configuration, obtain details about the search indexes, and manually rebuild the index for one or more
connected systems.
When you access the Search Index Monitor, the app displays the Catalog Statistics page by default.
This page provides a “live view” of the system that auto-refreshes every 30 seconds (you are not
required to refresh the app to obtain system updates). As shown in the following illustration, the page
is divided into three main areas: the Search Index Monitor header (top), the All Sites area (middle),
and the Site Details area (bottom).
(not shown) The Search Index Monitor Sidebar (left), and the Details panel (right).
As you work with the app, you might need to obtain more information about errors, warnings, or
other details related to the indexing process. This information appears in the Details panel on the
right-side of the app. As you work with the app, the panel updates to display the current data only. If
Reviewing the Search Index Monitor Header
for example you were viewing taxonomy data and then you click an indexing error indicator button,
the taxonomy information is replaced with the indexing error details.
You can use the app’s sidebar to switch between the statistics and the Search Analyzers pages. For
more information on the latter, see “Reviewing the Search Analyzers” on page 215.
Accessing the Search Index Monitor App
You can access the app through the Administrator settings. For more information on accessing the
Administrator settings, see “Administrator App Overview” on page 118.
Reviewing the Search Index Monitor Header

The header at the top of the app provides you with a heath check of the back-end systems that enable
the functionality in the Search app. If MediaCentral Cloud UX determines that the system is
performing as expected, the header shows a green label for the component. If a problem is detected,
the component might appear as yellow or red, depending on the severity of the issue.
As shown in the following illustration, each components allows you to obtain additional status
information by hovering your cursor over the health indicator. In the event of a warning or error, this
tool-tip might help you identify the source of the problem.
Search Engine
During normal operation, this health indicator should report that the “Search API is Online”.
MongoDB
During normal operation, this health indicator should report that “MongoDB is responding to
commands”.
n MongoDB and Elasticsearch share the same storage. If Elasticsearch reports that you need to
address an issue with disk space, MongoDB is similarly affected.
For more information on this subsystem, see MongoDB: See “Working with MongoDB” on page 284
Elasticsearch
During normal operation, this health indicator should report that “Elasticsearch: All shards are
assigned”.
The Elasticsearch health indicator might turn yellow or red if the volume used to store the search data
is running low on space. If the system reaches the low watermark threshold (25% or less space
available), the indicator turns yellow. If you reach the high watermark value (10% or less space), the
207
Viewing and Working with Sites
indicator turns red. When red, the Elasticsearch database is put into a read-only mode and new assets
cannot be added to the index. In this case you might be able to alter your configuration in one of the
following ways to recover some space:
• Delete orphaned indexes and associated Kafka queues. See “Removing a Search Index” on
page 213.
• Enable Kafka compaction as described in v2021.11 of the Avid MediaCentral | Cloud UX
ReadMe.
• Reduce the number of fields indexed for your connected MediaCentral modules. See
“Configuring MediaCentral Search” on page 92.
• Remove search analyzers that might not apply to your workflow. See “Reviewing the Search
Analyzers” on page 215.
If these methods do not apply or they do not reclaim enough space, you might need to upgrade your
system storage. For more information, refer to “System Storage” on page 18 for storage guidelines.
Phonetic Engine
During normal operation, this health indicator displays a list of the installed language packs. For
more information on the language packs, see “Reviewing the Search Analyzers” on page 215.
If the Search Grid server is offline, the health indicator appears red.
For more information on Phonetic Index, see “Installing Nexidia Search Grid” on page 121

The Catalog Statistics page is divided into the All Sites, All Systems area, and the Site Details areas.
While separate, the controls and features for these areas provide similar functionality.
All Sites, All Systems
The top of the sites area displays the indexing status for all sites and all systems that are connected to
your MediaCentral Cloud UX server. In this context, the following definitions apply:
• If you are configured in a multi-site environment, sites refers to your local site and any remote
site that is included in the configuration.
• A system might refer to a connected MediaCentral module or a particular feature’s database,
such as the Avid Asset Logger data for the Log app.
Individual Site Details
The details for your Local Site appear directly under the All Sites area. This section includes
information on all MediaCentral modules and databases that are connected to your local
MediaCentral Cloud UX system. If you are connected to a Multi-Site environment, additional sites
appear below your Local Site. Each site is divided by a gray header bar that displays the name of the
remote MediaCentral Cloud UX system.
If you hover your mouse over the name of any individual system, the app displays the System ID for
that system. The System ID is a globally unique identifier (GUID) that is used by the search engine to
distinguish each connected system. While most systems use a unique string of characters as the
System ID, Newsroom Management systems use the system name as the GUID.
208
n Although connected and displayed in the app, the presence of any individual system or site does not
indicate that it is indexed and searchable. Each system must be associated with a green, Ready status
before you can search for the system’s associated assets.
Site and System Progress Bars
If the system detects a large number of changes, a blue progress bar appears below the associated
index. If you hover your mouse over the bar, the app displays a details window that provides
additional information about the indexing status. The contents of the details window can change
based on the current operation.
If you rebuild the index without selecting the delete option (re-indexing MongoDB), the bar displays
the number of pending assets that must still be indexed.
If you rebuild the index with the delete option (re-indexing from the Kafka queue) or you link a
module through the Multi-Site Settings app, the information is displayed as a fraction of indexed
Kafka messages / total Kafka messages.
Note the use of the phrase “Kafka messages” here. Since each asset might be associated with
multiple Kafka messages (possibly hundreds of messages per asset), you should never attempt to
compare your actual asset count against the message count.
For more information on re-indexing, see “Rebuilding an Index” on page 212.
Metadata and Phonetic Status Areas
The Sites area is displayed in a grid pattern with two columns and multiple rows of data. Each row
represents a MediaCentral module or database that is known to the system. The following example
illustration shows the Local Site with two rows of data that display the status for the connected
Production Management and Newsroom Management modules.
209
The column on the left displays the information related to the text-based metadata index and the
column on the right displays the phonetic index data. If a particular system has not been configured
for Phonetic Index or it does not support Phonetic Index, the Search Index Monitor app displays a
message indicating that the connected system does not include any phonetic tracks.
Both the Metadata and the Phonetic columns include three status categories:
• Ready: Displays the number of assets that are indexed and available to the user through the
Search app.
• Errors: If the system encountered a problem during the indexing process, the app displays a
counter that shows the number of errors.
For more information, see “Resolving Search Errors” on page 214.
• Pending: This value represents the number of assets that the search engine is actively indexing or
re-indexing. If you perform a search, pending assets are not included in the results.
If you are working in a multi-site environment, you might see a number of assets in the Phonetic
column that appear as pending — when in reality, they might have failed. This misreporting of
the asset status is due to a current limitation in the messaging between the local and remote
systems. If you suspect that there might be a problem, you can sign into the remote MediaCentral
Cloud UX system and verify the status in that system’s Search Index Monitor app.
Alert Indicators
If the Search Index Monitor detects a problem with an index, it might display a warning indicator in
the All Sites, All Systems header as well as the affected module’s header. The following illustration
provides an example of this status condition.
If you click the warning icon, additional information appears in the Details panel on the right-side of
the app. If the panel includes information on multiple warning conditions, the app highlights the
specific warning that you selected. You can use the slider to the right of the panel to see more
information about other system notifications (if they exist). Alternatively, you can click the warning
icons in the individual modules to navigate through the notifications.
210
These warnings are different from errors in that they usually identify a situation where the app is not
fully configured or is potentially mis-configured. In some cases users can still search for assets, but
the results might not be optimal. For example the Search Index Monitor might be aware of new
custom fields that have been enabled on a Newsroom Management system that are not yet included in
the search index. Although the user can still use the Search app to find Newsroom Management
assets, they would not be able to search against these new custom fields. In this case the Notifications
panel explains the problem, suggests a solution, and provides quick access to a Rebuild Index button
to help you resolve the issue.
Taxonomy Details
Taxonomies are metadata values associated with some MediaCentral modules that include controlled
vocabulary lists of data. Taxonomies allow you to search for consistent values that are defined in the
MediaCentral module’s database. Each module’s search connector reads these taxonomy lists as part
of the standard indexing process.
As shown in the following illustration, you can click the taxonomy status icon in either the All Sites,
All Systems area of the app, or the icon in the header of an individual module. When you click the
icon, additional information about the taxonomy index appears in the Details panel on the right-side
of the app.
If you make a change to an Asset Management taxonomy, you can review the synchronization
process in Traffic tab of the Sync Service Administrator. Synchronization updates are pushed to
MediaCentral Cloud UX automatically without any additional manual intervention. For more
information, see the Avid MediaCentral | Asset Management Sync Service Administrator User’s
Guide.
As an administrator, please be aware that the taxonomy indexing process might require multiple
hours to complete. The actual time is based on the amount of metadata that must be indexed. During
the indexing process, you can review the Details panel to verify the total completion percentage of
each value (100% meaning fully indexed).
211
Rebuilding an Index
In some cases, you might need to rebuild a search index for one or more systems. For example you
might be required to re-index when performing a software upgrade, or you might encounter an issue
where a re-index is the recommended troubleshooting step. Depending on your needs, the Search
Index Monitor app allows you to rebuild the index for a single system or you can rebuild the index for
all connected systems and sites in a single click.
The rebuild process re-indexes all documents contained in the local MongoDB database and adds
them to an Elasticsearch index. If you are configured for a Multi-Site environment, the local
MongoDB instance includes data on both local and remote sites. If you rebuild an index for a remote
system, you are still working with your local copy of the metadata — there is no impact to the remote
site.
In most cases, users can still search and find assets that were included in a previous index during the
rebuild process. When the rebuild is complete, any new assets found through the process are added to
the index and become available to the user. However, administrators have the option to delete the
existing index and build a fresh copy. If an admin selects the delete option, the Search app might
return a subset of the available assets (only those assets that have been re-indexed). A full results list
is possible only after the rebuild process is complete.
n In this release, you can use the Search Index Monitor app to rebuild the text metadata index only. You
cannot rebuild the phonetic index through the app. For additional information on re-indexing
procedures and details, see “Working with the Search App” on page 275.
To rebuild a search index:

1. Click on the Search Index Monitor button in the Administrator Fast Bar.
2. Determine the number of systems that need to be re-indexed.
t If you need to rebuild the index for a single system, click the Rebuild Index button for that
system.
t If you need to rebuild the indexes for all systems, click the Rebuild All Indices under the All
Sites, All Systems area.
The following confirmation window appears.
3. (optional) If you want to delete the index for the system or systems that you need to rebuild, click
the check box to delete all indexing data.
t Click the Rebuild Index button to start the re-indexing process.
212
The rebuild process starts and all assets are moved to a pending state. A progress bar appears
below the affected system and assets move to Ready as they are indexed.
t Click the Cancel button to abandon the rebuild.
Note that once you initiate the rebuild, you must wait for the process to complete. You
cannot abort the re-index through the Search Index Monitor app.
Removing a Search Index

There might be times where the app displays an index for a local module that is no longer available.
Whenever an index becomes “orphaned”, the Monitor app moves it to the bottom of the Local Site
area and adds a red Remove Index button to the module’s banner (as illustrated below).
The Search Index Monitor app might display an orphaned index for a number of reasons. If for
example you assign a new host name to your Production Management Engine and reindex the data,
the app might display an index under both the original name and the new name. In this case the
original index is orphaned and no longer used. You can use the Remove Index feature to eliminate the
stale index from the app and return disk space back to your system.
n The Remove Index button applies to local indexes only and does not appear in the banner for any
modules that are associated with a multi-site workflow. Remote systems are managed through the
Multi-Site Settings app and are removed automatically when unlinked.
To remove an index from the system:

1. Connect to the individual MediaCentral module to stop the search connector for the index that
you plan to delete. By stopping the search connector, you eliminate the possibility of new data
being transmitted to the Kafka topic on the MediaCentral Cloud UX server.
For more information on Production Management, see “Configuring the MediaCentral Search
Connector” on page 140. For more information on Asset Management and Newsroom
Management, see the documentation for those products.
2. Hover your cursor over the system name and take note of the System ID for the index that you
want to delete. You will need this information if you want to manually delete the related Kafka
topic following the index removal process.
3. Click the Remove Index button for the module that you want to delete.
A confirmation dialog box appears.
4. Click the Remove Index button in the dialog box to delete the index from your local
MediaCentral Cloud UX system.
5. As a fail-safe, the app displays a secondary confirmation message. Click the Remove Index again
to complete the operation.
The index is removed from the Search Index Monitor app and the index is deleted from the
MongoDB database. Depending on the size of the index, this operation could take several hours
to complete. If the index is associated with phonetic tracks, the process could take even longer.
213
6. (optional, recommended) Although the index is removed from MongoDB, the related topic is not
deleted from the Kafka queue. Refer to “Deleting a Topic from Kafka” on page 280 to remove
the stale topic from your MediaCentral Cloud UX system.
Resolving Search Errors

In some cases the search engine might fail to index one or more assets. When this happens, the
system displays the error count in the Sites area of the app. You can click on the counter to see more
details about the first 20 errored items. As shown in the following illustration, an Error Details panel
appears on the right side of the app when you click on the counter.
You can click on the error counter for either metadata or phonetic track indexing. The panel reports
errors for only one metadata type at a time.
If you hover your mouse over any of the items in the Error Details panel, a copy button appears to the
right of the error. You can click on this button to copy the full error text to your workstation’s
clipboard. Alternatively, you can obtain more information about all of the errors in the panel
simultaneously by clicking on the “More info on errored items” link at the bottom of the list. When
you click this link, MediaCentral Cloud UX opens a new browser tab that displays the error details.
Additionally, the Error Details panel includes a feature that allows you to retry the indexing process
for any failed assets. You can retry the indexing process for All Metadata, All Phonetic, or only those
assets that are associated with a single connected module.
To obtain more information about an error:

1. Click on the error counter in either an individual system row or the All Sites, All Systems area.
The error details panel appears on the right-side of the app.
t Hover your mouse over an individual error message and click the copy button that appears to
the right of the error to copy the text into the clipboard.
t Click on the More info on errored items link.
A new browser tab appears with information on all errors — both text and phonetic.
214
Reviewing the Search Analyzers
3. (optional) Copy the error details into a text editor for review.
n If you clicked on the link to see all error details, you can copy the information into an application
such as NotePad++. The errors are formatted in a JSON structure and this application features a
JSON viewer plug-in that correctly formats the data.
To retry the indexing process for failed assets:

1. Click on the error counter in either the All Systems (Metadata or Phonetic) area, or an individual
module row to display the Error Details panel.
2. Click the Try Failed Assets Again button to re-index only the failed assets.
A message appears briefly at the bottom of the app to inform you that the errored items are being
retried.
n When selecting a phonetic failure, you can retry errors for modules in the Local Site only. The retry
option is not available if you select an error in either the All Sites area or a remote module.
If the re-indexing process fails, you might need to rebuild the index for the system. For details,
see “Rebuilding an Index” on page 212.

The Search Analyzers page provides you with detailed information about the indexed languages and
the language options that have been installed or licensed on your MediaCentral Cloud UX system.
As shown in the following illustration, the left side of the page provides information about the
Metadata index, and the right side displays information about Phonetic Index.
n The Search Analyzers page provides information about the local site only. If your system is included
in a multi-site environment, you must connect directly to the remote sites to view information
regarding the language analyzers and phonetic language packs.
215
For more information, see:

• “Search Analyzers: Metadata Searching” on page 216
• “Search Analyzers: Phonetic Searching” on page 217
Search Analyzers: Metadata Searching

This section provides detailed information about the Language and Search Analyzers that are
configured on your MediaCentral Cloud UX system. These analyzers partially affect how the engine
executes searches that users enter in the Search app. While the process for “Configuring
MediaCentral Search” on page 92 defines the Language Analyzers, the Search Analyzers section
provides additional information on processes that are common to all MediaCentral Cloud UX
installations.
Each analyzer is associated with a status indicator (colored vertical line to the left of the analyzer)
and associated text. The following status conditions are possible:
• Indexed
• Partially Indexed
• Not Indexed
If an analyzer displays a status other than “Indexed”, you should review the information on the
Catalog Statistics page to identify and index (or re-index) the affected module.
If your system is included in a Multi-Site configuration, the Search app expects that all sites are
configured for the same language analyzers. If they are not, users might receive unexpected or
incomplete results when executing a search.
n If a user searches for a term in a language that does not include a matching analyzer, the search
might return unexpected or fewer results.
Language Analyzers
These analyzers define how the search engine treats text-based metadata values. They help to identify
language specific characters such as ligatures (examples: œ or Æ) and accents. They also help to
break compound words down into segments. For example, consider the phrase “Ballet Dancer”. In
German, Ballet is Ballett and Dancer is Tänzerin. However the phrase “Ballet Dancer” becomes a
new word: Balletttänzerin. The German language pack helps the search engine understand the
compound word, allowing it to return results for both Balletttänzerin and Ballett.
If you revisit the process for “Configuring MediaCentral Search” on page 92 to add or remove a
language analyzer, be aware of the impact to an in-production system:
• If you add a new analyzer, e.g. Spanish, then Search will look for *.spanish field mappings.
However this change will not be enabled until you rebuild the index through the Search Index
Monitor app.
• If you remove an analyzer, e.g. English, then the system will no longer search the *.english field
mappings. However, they will still exist in the Elasticsearch index until a rebuild is performed
(wasting resources).
216
Break Search Terms By Numbers
When a user uses the Search app to enter a combination of numbers and text (without spaces) in a
single search term or “pill”, this analyzer instructs the search engine to treat the point at which the
numbers and text meet as a word break — as if a space existed.
Search Analyzers: Phonetic Searching

As you know from reading the Installing Nexidia Search Grid chapter of this guide, Language Packs
provide a basic structure for Phonetic Index to read your audio media. The Phonetic Searching panel
displays the language packs that are installed and/or licensed on your Search Grid server.
The app displays a colored indicator for each language that it detects.
• Green: Installed and Licensed
• Yellow: The MediaCentral Cloud UX system has a license for the language, but the license is not
installed on the Phonetic Index server.
• Red: The language pack is installed on the Phonetic Index server, but your MediaCentral Cloud
UX server is not licensed for this language.
You must install the language pack and license it before you can index your modules using this
language pack. For more information, see “Using the License App” on page 153.
217
11 Using the Legal List Administrator App

• Legal List Administrator Overview
• Configuring Legal Lists
• Creating and Configuring Legal List Entries
Legal List Administrator Overview

MediaCentral Asset Management is shipped with a number of legal lists, which are shown as lists in
the GUI. They allow users to select entries and assign them to assets. Using legal list entries has the
following advantages:
• Facilitates annotation of assets
• Increases consistency of annotation
• Facilitates searches for assets
As part of the management of taxonomies, Legal List Administrator is used to add and remove terms
to and from legal lists and set various language labels. You can also define a custom sort order for
display.
Accessing the Legal List Administrator App
You can access the Legal List Administrator app through the Administrator settings. For more
information on accessing the Administrator settings, see “Administrator App Overview” on
page 118.
Understanding Legal Lists
Legal lists in MediaCentral Asset Management are administrated in the following applications:
• Datamodel Administrator: A legal list is created in Datamodel Administrator by defining its
name. Then the legal list is assigned to an attribute of type legal list. Only users with
administration rights to the Asset Management data model can create a legal list.
• Legal List Administrator: Once a legal list is created in Datamodel Administrator it can be edited
by users with administration rights in the Legal List Administrator app.
Sorting Legal List Entries
By default, legal list entries are displayed in ascending alphabetical order in the drop-down lists. The
order of the entries can only be rearranged in Legal List Administrator. However, this might require
changing the Sort by property of the attribute in Datamodel Administrator, where the default setting
for the attribute is “sort by language-specific labels” in “ascending” order. In Legal List
Administrator, legal list entries can be re-sorted any time. However, as long as the default setting of
the attribute is not changed in Datamodel Administrator, re-sorting in Legal List Administrator has
no effect. To make it effective, the default setting of the attribute must be changed from sort by
language-specific labels to sort by custom index. For more information, see the Avid MediaCentral |
Asset Management Datamodel Administrator User’s Guide.
Labels for entries
The entries of legal lists can be specified by labels in different languages to describe particular
aspects of processes, assets, and so on. For each entry, at least an English label must be defined.
Legal List Administrator Features
Legal List Administrator provides administrative features on two levels: legal list and legal list entry.
On the legal list level, Legal List Administrator offers the following features:
• Setting a default value for the legal list
• Changing the legal list’s default sort order
• Downloading legal lists
• Uploading legal lists
• Downloading legal list labels
• Uploading legal list labels
On the legal list entry level, Legal List Administrator offers the following features:
• Adding and editing entries
• Assigning labels to entries
• Deleting legal list entries
Understanding the Legal List Administrator Layout
The following illustration and table explain the layout.
rt
q
w
e
i
r
219
Description
1 Contains all local Asset Management systems connected to MediaCentral Cloud UX. Lets you select the
local Asset Management system from which you want to load and edit the legal lists. Remote Asset
Management systems are not supported and shown in the list.
When opening the Legal List Administrator app, the first Asset Management system in the list is selected.
The list is sorted alphabetically. Selecting an Asset Management system loads the corresponding legal
lists in the Legal List drop-down below.
2 Contains all legal list defined in Asset Management Datamodel Administrator. The drop-down list shows
the internal names — the IDs — not the labels of the legal lists, as defined in Datamodel Administrator.
The list is sorted alphabetically.
Selecting a legal list displays its entries in the Legal List Entries panel below.
3 Shows the entry, which is to be initially displayed for the legal list in the Asset Management and
MediaCentral Cloud UX UIs. See “Setting a Default Value” on page 221.
4 Opens a menu that lets you trigger download actions:

• Allows exporting legal lists as an XML-file. See “Downloading Legal Lists” on page 226.
• Allows exporting legal list labels as an XML-file. See “Downloading Legal List Labels” on page 228.
5 Opens a menu that lets you to trigger upload actions:

• Allows uploading legal lists from an XML file. See “Uploading Legal Lists” on page 227.
• Allows uploading legal list labels from an XML file. See “Uploading Legal List Labels” on page 229.
6 Legal List Entries panel: Shows a summary of the legal list entries and their specifications.
• ID: Is assigned to the entry automatically when you add the entry to the legal list. The first entry in
each legal list is always assigned the number “0.”
• Custom Index: Lets you define a customized sort order — others than by ID or label. The custom sort
order (“custom index”) can be enabled in Datamodel Administrator for the corresponding legal list
attribute. For more information, see “Creating a Custom Sort Index” on page 223.
• Icon. Shows the icon that is assigned to the entry. See “Configuring Icons for Hit Lists” on page 232.
• English Label: Shows the English label of the entry. For more information, see “Assigning Labels” on
page 231.
• Add Entry button: Adds a new entry to the legal list. For more information, see “Creating a Legal List
Entry” on page 230.
By default, the entries are listed by English Label in ascending order. Click the heading of the column by
which you want to sort. Ascending is the default sort order in each column. It sorts results sequentially,
beginning with the lowest number (ID, Custom Index) and the first letter alphabetically (English Label).
It can be reversed by clicking the column heading again. Clicking the Custom Index heading additionally
displays drag handles for each entry to allow creating or editing the Custom Index.
7 Controls to edit the contents of the legal list (from left to right):
• Drag handles: Lets you change the sort order of the legal list. Allows you to define a customized
index. The drag handles are only shown after you clicked the Custom Index column. For more
information, see “Creating a Custom Sort Index” on page 223.
• Delete button: Deletes the entry selected in the Legal List Entries panel from the legal list. For more
information, see “Deleting Entries” on page 233.
8 Text fields to provide localized labels for the legal list entry. For each language defined in the data model,
a text field is shown. For more information, see “Assigning Labels” on page 231.
220
Configuring Legal Lists
Description
9 Buttons to save or discard all changes:

• Cancel: Discards all unsaved changes you made to the entries of the legal list.
• Save: Saves all changes you made to the entries of the legal list.

The following topics describe the Legal List Administrator features on the legal list level:
• Setting a Default Value
• Creating a Custom Sort Index
• Downloading Legal Lists
• Uploading Legal Lists
• Downloading Legal List Labels
• Uploading Legal List Labels
Setting a Default Value

When you want a particular entry to be the initial value displayed in a legal list, you can set it as the
default value. If no default value is defined for the legal list, the corresponding legal list attribute is
initially empty. Legal List Administrator lets you define a default value, change an assigned default
value, and remove a default value assignment.
n Asset Management Datamodel Administrator offers the feature to define a default value for a legal
list attribute in a template. The Datamodel Administrator feature overrules the default value setting
of Legal List Administrator.
To set a default value:

1. (Optional) Select the Asset Management system from which you want to load legal lists from the
Asset Management System drop-down list.
2. Select a legal list from the Legal List drop-down list.
3. Right-click the entry in the Legal List entries panel and select “Set as the default value.”
The selected value is shown as the default value for the corresponding legal list entry. Any
previous default assignment is overwritten.
221
4. (Optional) To remove a default entry setting, right-click the default entry in the Legal List entries
panel and select “Remove default.”
The default settings is removed from the entry. No default value is set for the legal list.
Re-sorting Legal Lists

Defining the sort order of legal lists is always a two-step procedure that involves two applications:
• Legal List Administrator: Here you create the sort criteria — ID, label, and custom index.
• Datamodel Administrator: Here you apply one sort criterion to the legal list attribute to define
the sort order of the legal list.
See the following topics:

• “Creating a Custom Sort Index” on page 223
• “Dependencies Between Legal List Administrator and Datamodel Administrator” on page 225
222
Creating a Custom Sort Index
Entries are arranged by their English Label in ascending order in the Legal List Entries panel. This is
only an internal sort order in the Legal List Administrator app — the real sort order (how the entries
are sorted in lists in the Asset Management and MediaCentral Cloud UX GUIs) is arranged in Legal
List Administrator, but set in Datamodel Administrator.
There are three sort criteria:

• ID: Implicitly created by the IDs that are assigned automatically to each entry when it is created
in the Legal List Administrator app. You cannot change the ID of an legal list entry.
• Label: Implicitly created by the labels assigned by a user to the entries in the Legal List
Administrator app. Each entry has at least an English label.
• Custom Index: Explicitly created by you in the Legal List Administrator app.
You create and edit a Custom Index simply by drag and drop operations in the Legal List Entries
panel. Note the following differences in the behavior of the Legal List Entries panel when creating a
new Custom Index and editing an existing Custom Index:
• If no custom sort order was assigned to the legal list yet, the Custom Index column shows “0” for
each entry. Clicking the Custom Index heading shows the drag handles for each entry and but
does not set the sort order in the column.
• After assigning a custom sort order value to one entry, all other entries are assigned consecutive
numbers automatically.
• As soon as a Custom Index is created, the Custom Index heading behaves like the other column
headings: Clicking once sorts the entries in the column in ascending order, clicking a second
time sorts the entries in descending order. The drag handles are shown for all entries independent
from the sort order.
To create a custom index:

3. Click the Custom Index column header.
For each entry, a drag handle is displayed at the very left of the Legal List entries panel.
4. Click the drag handle of an entry and do one of the following:

t Drag and drop it downwards to create a custom index in ascending order and assign the entry
a high number.
223
t Drag and drop it upwards to create a custom index in ascending order and assign the entry a
low number.
5. Click the Save button at the bottom of the list of entries.

The system prompts you to confirm that you want to accept all changes.
6. Click Yes.
The Custom Index is saved and can be applied as sort criterion to the legal list attribute in
Datamodel Administrator.
To edit a custom index:

2. Click the Custom Index column header.
For each entry, a drag handle is displayed at the very left of the Legal List entries panel. The
entries in the Custom Index column are sorted in ascending order.
3. (Optional) Click the Custom Index heading again to sort the Custom Index column in descending
order.
224
4. Click the drag handle of an entry and drag and drop it to the new position in the Legal List entries
panel.
All numbers in the Custom Index are rearranged.
6. Click Yes.
The changed Custom Index is saved.
Dependencies Between Legal List Administrator and Datamodel Administrator
In Legal List Administrator you create the criteria for the sort order for legal list entries — but the
Sort by setting must be assigned in Datamodel Administrator for the Legal List Administrator sort
criteria to have any effect: In Datamodel Administrator you apply one sort criterion to the legal list
attribute to define the sort order of the legal list. For more information, see the MediaCentral | Asset
Management Datamodel Administrator User’s Guide.
Datamodel Administrator: Default sort order for legal list attributes
In Datamodel Administrator you define the default legal list sort order by editing the legal list
attribute: Select the criterion to be used to sort the legal list entries from the Sort by drop-down list, as
shown in the following illustration.
• Language specific label: Sorts entries alphabetically by their labels

• Index: Sorts entries by their automatically generated IDs
• Custom index: Sorts by customer-specific IDs
• Shortcut: legacy entry, not supported
Additionally, select the sort direction (ascending or descending) from the second list.
n If you do not change the Sort by setting, Datamodel Administrator sorts legal list attributes
automatically by language-specific labels in ascending order.
225
Datamodel Administrator: Specific sort order for legal list attributes in templates
Even if you have defined the sort order for a legal list attribute, you can overwrite the setting for
specific templates. Open the Properties dialog of a legal list attribute in a template and activate the
“Overwrite default legal list sort order” feature to define a different sort order for the legal list in that
specific metadata template.
Downloading Legal Lists

You can download legal lists to create a backup, edit them externally, or import them into another
Asset Management installation.
To download legal lists:

3. Click the Download button and select Download Legal List.
The Downloading Legal Lists dialog opens.

t Select the “Download values of legal list” option button.
t Select the “Download values of all legal lists” option button.
5. Click Download.
The legal lists are downloaded to your web browser’s default download directory and saved as
one *.xml file.
- If you downloaded all legal lists, the default file name is LEGALLISTS_<timestamp>.xml
226
- For an individual legal list, the file name is <legal list name>_<timestamp>.xml (for
example, COMPLIANCE_REASONS_1553157987745.xml
Uploading Legal Lists

You can upload previously downloaded legal lists, as described in the following procedure.
To upload legal lists:

3. Click the Upload button and select Upload Legal List.
The Upload Legal List Entries dialog opens.
4. Click the Browse button, select the legal list file (*.xml) in the Open dialog, and click Open.
The Open dialog is closed; the name of the selected XML file is shown in the Select file box.
5. Click the Upload button.
The upload starts. During the upload the following rules apply:
- Add: New legal list entries in the XML file are added to the legal list in the system.
- Overwrite: Legal list entries with the same name are overwritten by the uploaded entries.
- Delete: Legal list entries in the system that are not contained in the uploaded XML file are
deleted from the system’s legal list.
As soon as the upload is completed, a message opens. It shows statistics about uploaded and
deleted legal list entries.
6. Click Cancel to close the Upload Legal List Entries dialog box.
227
Downloading Legal List Labels

You can download the localizable labels of legal lists. The main purpose of the download is to
localize the labels outside Legal List Administrator and later re-import the localized labels or upload
them into another Asset Management installation.
To download legal list labels:

2. (Option) Select a legal list from the Legal List drop-down list.
3. Click the Download button and select Download Localization.
The Download Legal List Localization dialog opens. The legal list opened in the Legal List
Administrator app is preselected in the Legal List drop-down list.
4. Select the legal list whose labels are to be downloaded from the Legal List drop-down list.
“(All)” exports all labels of all legal lists as one file.
5. Select the language in which labels are to be exported from the Language drop-down list.
6. Click Download.
As soon as the download is completed, a message opens. It shows statistics about uploaded and
deleted legal list entries.
The legal list labels are downloaded to your web browser’s default download directory and saved
as one *.xml file.
- If you downloaded all legal list labels, the file name is legallists_<language>_
<timestamp>.xml (for example, legallists__en_2019-03-21_12-02-38.xml).
- For an individual legal list, the file name is <legal list name>_<language>_
<timestamp>.xml (for example,
AVID_RIGHTS_INDICATORS__en_2019-03-21_11-53-58.xml)
228
Creating and Configuring Legal List Entries
Uploading Legal List Labels

You can upload previously downloaded legal list labels, as described in the following procedure.
To upload legal list labels:

2. (Option) Select a legal list from the Legal List drop-down list.
3. Click the Upload button and select Upload Localization.
The Upload Legal List Localization dialog opens.
4. Click the Browse button, select the legal list localization file (*.xml) in the Open dialog, and
click Open.
The Open dialog is closed; the name of the selected XML file is shown in the Select file box.
t Select the Overwrite existing labels check box: Legal list labels with the same ID are
overwritten by the uploaded labels. Note that in this case labels might be cleared or
previously empty labels might be filled.
t Deselect the Overwrite existing labels check box: Legal list labels with the same ID are not
overwritten by uploaded labels.
6. Click the Upload button.
As soon as the upload is completed, a message opens. It shows statistics about uploaded and
deleted legal list localization entries. Note that labels for legal list entries that are only contained
in the legal list localization file but not in the target legal list are not imported.
7. Close the Upload Legal List Localization dialog box.

The following topics describe the Legal List Administrator features on the legal list entry level:
• Creating a Legal List Entry
• Assigning Labels
• Configuring Icons for Hit Lists
• Deleting Entries
229
Editing Entries
If you have already created a legal list entry and want to make a change to its settings, you can alter
and save the entry at any time. Click the Save button to save any unsaved changes in the legal list
entries panel.
If you begin to create or edit an entry and subsequently change your mind about saving the legal list,
you can click the Cancel button to clear the legal list entries panel of any unsaved changes.
Deleting Entries
If you create an entry and later need to remove it, you can click the Delete button to the right of the
entry to delete it. The system prompts you to confirm the delete request. After you click Yes, the
entry is deleted.
Creating a Legal List Entry

You can add entries to a legal list at any time. The procedure for adding entries to a new, empty legal
list or adding entries to existing entries in a legal list is the same.
To create a legal list entry:

3. Click on the Add Entry button of the Legal List Entries panel.
A “New entry” is displayed in the Legal List Entries panel. For each language defined in the
Asset Management data model, a label field is shown.
4. Type the text that is to be displayed as label in the English label (*en) field. Providing the
English label is mandatory.
Assign labels in other languages as needed. See “Assigning Labels” on page 231.
6. Click Yes to save all changes.
230
The English label is shown for the new entry in the Legal List Entries panel. The first entry in
each legal list is always assigned the ID 0, all others are assigned consecutive numbers.
7. Repeat steps 3 through 6 to create additional entries.
Assigning Labels
When you create a new legal list entry, you need to provide the English label. After saving the new
entry, the English label is copied to all other language label fields. To localize labels, expand the
entry and assign labels in different languages as needed. You can also change the English label but
you cannot delete the English label.
To assign labels to entries:

3. Expand an entry in the Legal List Entries panel.
4. Type the text that is to be displayed as label in all required label fields.
231

6. Click Yes.
The changed labels are saved.
Configuring Icons for Hit Lists

Legal List Administrator offers the option to show icons instead of labels for legal list entries in hit
lists.
n In this release, configuring icons for hit lists has no effect. The icons are only used in the Legal List
Administrator app but they do not show up in the MediaCentral Cloud UX UI.
The fields of the Icon column show the icons that are assigned to the entries of a legal list. If no icon
is assigned to an entry yet, the field shows “None.” The procedure for assigning an icon, replacing an
assigned icon, and removing an assigned icon is the same.
To configure icons for hit lists:

3. Click in the Icon field of the entry you want to edit.
232
The Icon picker opens. It offers all icons that are saved in the MediaCentral Cloud UX icon
registry for the selected legal list in the following way:
https://<myCloudUXServer>/icon-registry/icon/view/legallist/<legallist
name>/<LL-EntryID>_<icon.svg>.

t To assign an icon to the entry or replace an already assigned icon, click the icon that you
want to use.
t To remove an icon from the entry, select None.
The selected icon — or None, respectively — is shown in the Icon column.
5. Repeat steps 3 and 4 for all other entries of the legal list.
7. Click Yes.
The icon assignment is saved.
Deleting Entries
You can delete legal list entries as described in the following procedure.
n Before you delete an entry, make sure that it is not used by any asset. Since work is performed
directly in the database, Legal List Administrator does not offer an undo or restore function. If you
delete an entry by mistake you have to create it anew.
To delete a legal list entry:

3. Click the Delete button of an entry in the Legal List Entries panel.
A security prompt opens.
233

t Click No if you want to cancel the delete process.
t Click Yes if you want to irrevocably delete the legal list entry.
If you delete an entry that is still referenced by an asset, ##ID## is shown for that entry in
the corresponding legal list.
234
12 Using the Multi-Site Settings App

• Multi-Site Settings Overview
• Configuring User Mapping
• Reviewing the System Configuration
Multi-Site Settings Overview

Multi-Site is an optional and licensed feature for MediaCentral Cloud UX that allows you to connect
multiple MediaCentral Cloud UX systems together to create a more seamless user experience for
Enterprise-level organizations. Systems that connect through multi-site might consist of departments
in the same physical location (News, Sports, Production) or might consist of district offices in
geographically disperse locations (Boston, Beijing, Paris). After multi-site is fully configured,
MediaCentral Cloud UX offers the following benefits:
• Access MediaCentral modules that are connected to multiple MediaCentral Cloud UX
environments through a single-sign-on.
• Use the Browse app to navigate the directory tree of a remote MediaCentral module as if it were
just another locally connected system.
• Play and Hoverscrub assets from both local and remote MediaCentral Cloud UX systems.
• Create a single text-based metadata search to find assets across all connected modules.
• View and edit metadata (including Markers) for local and remote assets.
• And more...
n Some of the features listed above are license dependent.
If you are enabling a multi-site environment and you are using self-signed certificates or certificates
provided by an internal CA, you must import the certificate from each site into each of your client
workstations. For this reason Avid highly recommends using certificates provided by a public
Certificate Authority if you are enabling a multi-site configuration. If your local workstation does not
include a valid certificate for each site, you might encounter errors using the Multi-Site Settings app.
Multi-Site User Licenses
The process of linking remote modules or features to a local site does not have any impact on the
licensing for either system. Additionally, remote users only consume licenses on their local systems.
If a user accesses a remote module that is linked to their local Cloud UX system, no additional
licenses are consumed on the remote site.
To enable a multi-site configuration, the “MediaCentral | Multisite Connector” and “MediaCentral |

Multisite Index Service” licenses must be enabled on all linked systems. For more information, see
“Using the License App” on page 153.
Configuring User Mapping
Additional Notes
• You cannot combine MediaCentral Cloud UX systems in a multi-site environment with
MediaCentral UX systems.
• Avid supports a maximum of six sites in a single multi-site environment.
Accessing the Multi-Site Settings App
The Multi-Site Settings app provides administrators with an interface to view the connected systems,
select which remote MediaCentral modules are available to the local users, and configure remote user
access to the local site.
n Although the Multi-Site app defaults to the System Configuration tab, you must proceed to the User
Mapping tab to start configuring your multi-site settings. If you have not yet mapped any users, you
might see an error message in the System Configuration tab.
You can access the Multi-Site Settings app through the Administrator settings. For more information
on accessing the Administrator settings, see “Administrator App Overview” on page 118.

The User Mapping panel allows you to create rules that determine how remote users access your
local MediaCentral modules. Although related, this is different from the User Management app
which integrates with your authentication provider to determine which users can sign in to
When you access User Mapping, a list of existing rules is displayed.The following illustration shows
the User Mapping interface with three sample rules.
236
The User Mapping panel provides you with a great deal of flexibility when creating rules. The
following are just a few examples of possible rules:
• Allow all users with matching user accounts in the User Management app on both the local and
remote sites to access the modules specified in the Multi-Site System Configuration settings.
• Deny access to a specific remote user or group of users.
• Map all users in the remote site to a single local user account.
User entitlements are always based on the User Management app of the local site. If your local user
account is associated with a Browse client license with very few entitlements, you will have the same
rights and entitlements when working with remote assets — even if your user is mapped to a user
with an Edit client license on the remote system.
For example, user “Bob” signs in to his local MediaCentral Cloud UX system and his account is
associated with a Browse client license. The administrator of the remote site creates a rule where Bob
is mapped to user “Betty” — a user associated with an Edit client license. When Bob connects to his
local system and sees the linked remote modules, he retains Browse access only to the local and
remote assets.
Configuration Notes
Before you can configure the User Mapping section of the Multi-Site Settings app, you must first
configure the multi-site options for your local and remote sites. For more information, see “Enabling
a Multi-Site Configuration” on page 99.
If you have enabled the Asset Visibility feature that is available in v2021.3 of the Production
Management’s Interplay Administrator, your MediaCentral Cloud UX systems and Production
Management modules must include matching user accounts. For this reason you must configure rules
using only the “Map by Name” option. For more information on Asset Visibility, see “Configuring
the MediaCentral Search Connector” on page 140.
Continue to the following sections to create and edit the User Mapping rules:
• “Adding a Rule” on page 237
• “Reordering Rules” on page 239
• “Editing an Existing Rule” on page 239
• “Deleting a Rule” on page 239
Adding a Rule
Complete the following steps to add a rule to the User Mapping settings.
The User Mapping rules are processed in order, from the top-down. If the first rule applies to your
configuration, it is applied and all other rules are ignored. For information on how to alter the rules
list, see “Reordering Rules” on page 239.
To add a rule:
1. Click on the User Mapping option in the Multi-Site Settings sidebar.
2. In the User Mapping panel, click on the Add Rule button to the right of the Rule column.
As shown in the following illustration, a new rule is added to the list.
237
This default rule maps Any remote site with any user name (*) and maps that user by name to the
same user account on the local system. In other words, the system tries to find matching user
accounts on both systems.
3. (optional) Click on the Site menu and select a remote site from the list of options.
4. (optional) The User Mapping feature allows you to manage rules by Users or by Groups.
If you want to create a rule based on user group access, click on the User icon illustrated below
and select the Group option from the menu.
5. (optional) Enter the name of a specific user or group that exists on the remote system in the field
to the right of the User/Group button.
6. (optional) Click on the Rule menu and select a rule from the list. These options include:
t Map by Name: This rule maps the remote user or group defined in the previous field to the
same user or group name on the local system.
If you are connected to a common Active Directory or Okta system where users from all
sites are imported to all MediaCentral Cloud UX systems, this option might work well for
you.
t Reject: This rule denies the remote user or group access to all local MediaCentral modules.
t Map to User: This rule maps the user or group defined in the previous field to a specific user
account on the local system. When you select this option a new field appears to the right of
the rule that allows you to select a user name from a menu.
t Map by Name else Map to User: This rule attempts to map the remote user to the same user
account on the local system. If that account is unavailable, the user is mapped to the user you
define in the field to the right of the rule.
You can click on the menu to select a user account from the list, or if you know the name of
the account that you want to use, you can start to type the name in the menu. As you type,
the list is filtered to include matching user accounts.
7. Complete one of the following actions:
t Click the Save button at the bottom of the list of rules.
If you have created or edited multiple rules, this button saves all changes. This button does
not prompt you to confirm the action.
t Click the Revert button to abort all rule changes that you made in this session.
238
Reordering Rules
In some cases, you might want to create multiple rules per remote system. In doing so, it is possible
that you might create rules that overlap or conflict with each other. The order in which the rules are
listed in the User Mapping settings determine the priority. When a remote user wants to connect to
your site, the first rule at the top of the list is checked. If the rule does not apply to the user, the next
rule is checked until a matching rule is found.
To provide additional flexibility in configuring your system, User Mapping allows you to reorder the
list of rules to adjust their priority.
To move a rule to a different position:

t Click on the handle on the left-side of the rule and drag the rule to the desired position.
Editing an Existing Rule

After you work with a multi-site configuration for a period of time, you might see a rule with a value
in red text. This indicates that the value was once valid, but is no longer so. For example, you might
have associated a rule with a particular user account that no longer exists. Alternatively, you might
have removed a remote site from your configuration, but you still have rules related to that site. In
these situations, you can either edit the existing rule or delete the rule entirely. Invalid rules do not
prevent you from saving changes to the User Mapping panel.
If you need to edit a rule that has already been created, you can alter the values associated with the
rule at any time.
To edit a rule:
1. Click on the User Mapping option in the Multi-Site Settings sidebar.
2. Alter one or more rule values
3. Click the Save button at the bottom of the list of rules.
Deleting a Rule
Complete the following steps to remove a rule from the User Mapping settings.
To delete a rule:
1. Move your cursor on top of the rule that you want to delete.
The rule is highlighted and a Delete Rule button appears to the right of the rule.
239
Reviewing the System Configuration
2. Click the Delete Rule button.

A deletion confirmation window appears.
3. Click Delete to confirm the removal of this rule from the User Mapping settings.
The rule is deleted.

The System Configuration section of the Multi-Site app allows you to view information about the
remote sites that are connected to your local MediaCentral Cloud UX system and determine the level
of integration that you want to enable for each site. The following illustration provides an example of
a local site that is connected to two remote sites — only one of which is currently available.
As shown in this illustration, each site is listed in the panel to the right of the Multi-Site Settings
Sidebar with a section header. The area under the header shows the MediaCentral modules or
features that are capable of participating in a multi-site configuration. If you configure your system to
integrate with multiple remote sites, each is listed in this window in alphabetical order. You can use
the scroll bar on the right side of the user interface to view the information for any site that appears
off-screen.
As the administrator of the local system, you have the power to expose remote modules to your user
base. You can accomplish this task by clicking on the Link or Unlink buttons to the right of each
module. However, user access to each of these modules is determined by the user rights that are
configured in the remote site. For more information, see “Configuring User Mapping” on page 236.
240
For more information about the configuration of these systems, see “Enabling System Monitoring”
on page 101.
System Messages
As shown in the above illustration, MediaCentral Cloud UX might display a “not available” message
if a remote site cannot be reached. If an individual module within the site cannot be reached, the
module displays a “not available” message to the right of the module name.
These situations could indicate that the remote site or module is temporarily offline for maintenance,
or it could suggest a technical issue that requires manual intervention. If you are creating a new
multi-site configuration, you should verify the values that you entered in the system configuration
scripts. If you need to permanently remove a site from the multi-site configuration, see “Enabling a
Multi-Site Configuration” on page 99.
If your MediaCentral Cloud UX license includes the required multi-site options but you have not yet
configured multi-site, the System Configuration window displays the following message: “There is
no remote site configured for your MediaCentral Cloud UX setup”.
If you connect to a remote system where the remote CTMS registry does not return any MediaCentral
modules that support multi-site, the following message is displayed.
Note that in this example, the red “not available” text is not displayed. This provides a confirmation
that you can communicate with the remote site, but the site does not include any modules that support
a multi-site configuration. Alternatively, the site might only include one supported MediaCentral
module and that module is offline.
Other Systems
As shown in the following illustration, the System Configuration section might include an Other
Systems panel below the active sites area.
This section of the app might appear if you link to a remote module and then you subsequently
remove the remote site from the sites.yaml file. In this example, the remote modules are offline (not
available). However if the linked modules were still online, then the modules or features would
241
remain available to users until you click the unlink button to completely remove the remote site from
your multi-site configuration.
Linking and Unlinking Modules
The following process describes how to expose or hide individual modules connected to the remote
site in your local user interface.
If you link to a new module, users see the new module appear in the user interface the next time that
they refresh the user interface (reload the browser tab, close and reopen the Browse or Search apps,
log out and back in again, etc).
If you unlink a module on an active, in-production system, the following might apply:
• The users might see the module in the user interface and calls to this module (request to play
media) might fail.
• If a user initiates a Deliver-to-Me process, the delivery process should continue, but the Process
app might stop providing updates on the delivery.
• Error messages or other issues.
To avoid confusion for the users, Avid recommends that you unlink modules or features during a
maintenance window only.
To link or unlink a remote module:

1. Before you begin, make sure that you have completed the prerequisites for this process:
- You have configured the multi-site options for your local and remote sites. For more
information, see “Enabling a Multi-Site Configuration” on page 99.
- You must create at least one user map before you can link any remote sites to your local site.
For details, see “Configuring User Mapping” on page 236.
n If you do not complete the prerequisites, you might see error or warning messages in the System
Configuration panel.
2. Click on the Multi-Site Settings button in the Administrator Fast Bar and select System
Configuration from the app’s sidebar.
3. Toggle the Link / Unlink buttons to enable or disable features.
All MediaCentral modules appear as unlinked by default.
t When associated with a grey Unlink button, the module is not available in the user interface
of the local system. The module reads as Not Linked in the System Configuration window.
Click this button to link the remote module to the local site.
t When associated with a blue Link button, the module is currently available to the users of
the local system. The module reads as Linked in the System Configuration window.
Click this button to unlink the remote module from the local site.
242
13 Using the Collaborate Settings App

• Collaborate Settings Overview
• Configuring User Permissions
Collaborate Settings Overview

The Collaborate Settings app allows you to review the Active Directory group(s) that you have
associated with the Collaborate app, and define permissions for individual users in those groups.
For more information on importing groups into the Collaborate workflow, see “Configuring
Collaborate App User Groups” on page 98.
For more information on the Collaborate app, see “Using the Collaborate App” in the Avid
MediaCentral | Cloud UX User’s Guide.
Accessing the Collaborate Settings App
You can access the Collaborate Settings app through the Administrator settings. For more
information on accessing the Administrator settings, see “Administrator App Overview” on
page 118.
Collaborate User Permissions

The Collaborate app allows you to configure two types of users: Collaborators and Supervisors.
• Collaborators
This is the standard role that is assigned to the majority of all Collaborate users. The following
high-level permissions apply to this user type:
- Create and edit topics, assignments, and tasks
- Delete tasks created by the individual collaborator (cannot delete other user’s tasks)
- Cannot delete topics or assignments
- No access to either the People or Resources areas of the app
• Supervisors
As a supervisor, you can participate in the same workflows that are available to collaborators.
However, this role allows you to access features and other areas of the app that are restricted to
collaborators. The following permissions apply to this user type:
- Create and edit topics, assignments, and tasks
- Delete topics, assignments, and tasks (created by any user)
- Create and modify items within the People and Resource areas
Before you can begin with work within the Collaborate app, you need to assign the Supervisor role to
one or more users to enable the creation of new topics and assignments.
Filtering the User Permissions Panel

The User Permissions panel displays all groups and users by default. However, the app allows you to
filter this display by group or by keyword. Alternatively, you can enter the name of a specific user in
the Users panel to quickly locate that account.
To filter the users by group:

t Click the name of one or more groups under the Imported Groups area.
When you select a group, the name of the group is highlighted and a numerical counter is added
to the Selected Groups button that indicates the number of selected groups. The Users panel on
the right is filtered to display only those users that are included in the selected groups.
t You can remove a group from the selected group list by either clicking the name of the group
again, or by clicking the X on the right-side of the Imported Groups button to deselect all groups.
To filter the groups by user:

t Click the name of a user in the Users area of the app.
The Imported Groups area highlights the group or groups that include the selected user.
To filter by keyword:
t Enter the name or a partial name into the filter area above the Users list.
244
The list of users is filtered to include only those user names that match your search criteria.
n If the app does not display any results after you filter the list of users by group and by keyword, a
“Search in All Groups” button appears in the Users panel to allow you to expand your search beyond
the selected group.
t You can clear the filter by clicking the X to the right of the filter.
Configuring User Permissions

Complete the following steps to assign the permissions for one or more users.
To configure user permissions:

1. (optional) Use the sort by group or keyword features to narrow the list of users.
2. Click the Collaborator or Supervisor button to the right of the user name to assign the permission
level.
If the user is already signed into MediaCentral Cloud UX, the permissions are applied as soon as
the user takes an action to refresh the app — such as signing out of MediaCentral Cloud UX and
back in again, refreshing your browser tab, or simply closing the Collaborate app within an
active user session.
245
14 Avid MediaCentral | Cloud UX Mobile App

• Chapter Overview
• Before You Begin
• Installing MediaCentral | Cloud UX for iOS
• Upgrading the Mobile App
Chapter Overview
The Avid MediaCentral Cloud UX mobile app enables users of iOS devices to extend MediaCentral
Cloud UX workflows to the mobile platform. This app enables direct, secure access to your station’s
Newsroom Management and / or Production Management systems.
The Avid MediaCentral Cloud UX mobile app connects to your environment in one of two ways:
• Wi-Fi
• Carrier-specific cellular service— for example, 3G, 4G or Edge
n For information on the MediaCentral Cloud UX app for Android, see v2021.11 or earlier of the Avid
MediaCentral | Cloud UX Installation Guide.
Before You Begin

Before using the MediaCentral Cloud UX app, verify the following tasks have been completed:
• Confirm that the mobile device can access the MediaCentral Cloud UX server using its Fully
Qualified Domain Name (FQDN).
It is vital that the fully qualified domain names (FQDN) for all MediaCentral Cloud UX servers
are resolvable by the domain name server (DNS) tasked with doing so. This is particularly
important when the MediaCentral Cloud UX servers are accessed from the Cloud UX mobile
app. Mobile devices that cannot resolve the FQDN of the servers experience issues connecting to
the player service. Hostname resolution issues might allow mobile users to sign into
MediaCentral Cloud UX, but media playback might be intermittent or not possible. While
advanced users might be able to adjust the network settings directly on a mobile device, manual
adjustments should not be required and are not the recommended best practice.
n When connecting to a MediaCentral Cloud UX server or cluster through the mobile app’s sign-in
window, Avid recommends using the server’s FQDN (fully qualified domain name).
• Confirm that your server has been licensed with the appropriate number of Client Licenses and
features for your workflow. For more information, see “Using the License App” on page 153.
• If you plan on connecting to MediaCentral Cloud UX remotely, you must establish a VPN
connection between your mobile device and your corporate network.
Installing MediaCentral | Cloud UX for iOS
For more information, see “Remote Client Connections” on page 20.
Installing MediaCentral | Cloud UX for iOS

The following procedure assumes that licensing, setup, and configuration of the MediaCentral Cloud
UX, Newsroom Management, and / or Production Management servers have already been completed
n If you are using the MediaCentral Cloud UX Mobile app for iOS, you must import a valid certificate
into your mobile device. For more information, see “Importing SSL Certificates” on page 315.
To install the mobile app on an iPad or iPhone:

1. Open the iOS App Store.
2. Locate the Avid MediaCentral Cloud UX mobile application.
3. Select the application and tap Download.
When the MediaCentral Cloud UX mobile application is installed on your device, an icon
representing the application appears on the home screen. You can move it elsewhere like the
icons for other applications.
A direct link to the Avid MediaCentral Cloud UX app on the App Store is provided here (link
current at time of publication):
https://apps.apple.com/us/app/mediacentral-cloud-ux/id1280863531
For additional information on the configuration and usage of the MediaCentral Cloud UX mobile
app, see the Avid MediaCentral | Cloud UX User’s Guide.
Upgrading the Mobile App

If your iOS device is configured to automatically update the MediaCentral Cloud UX app, newer
versions of the software are installed automatically as they become available.
If you have deselected the option to auto-update, you must manually upgrade the app by selecting the
Update button on the app from within the App Store.
The App Store limits developers, such as Avid, to have only the most recent version of the app
available for download. Prior to upgrading the MediaCentral Cloud UX app, you might want to
create a backup of the current version of the app. A backup enables you to restore an earlier version
of the app in the event that you are unsatisfied with the updates made in the new version.
To back up an app:
Visit the Apple website for detailed instructions on how to back up apps on your iOS device: https://
support.apple.com/en-us/HT203977
To restore an older version of an app:

1. Uninstall the current version of the app from your iPhone or iPad.
2. Connect the device to a desktop workstation that has iTunes installed.
3. In iTunes, click on the “Apps” link from the sidebar.
This menu displays the apps that were on your device at the time of the last backup.
247
Upgrading the Mobile App
4. Select the previous version of the MediaCentral Cloud UX app from the Apps pane and drag it to
the device (iPhone or iPad) section of the sidebar.
5. Sync your device with iTunes.
The previous version of the app is reinstalled on your device.
For more information on syncing your iOS device with Apple Cloud, see the following link on the
Apple website: https://support.apple.com/en-us/HT201253
248
A Additional Topics
Chapter Overview
The purpose of this appendix is to provide additional information and detail on topics included in the
main body of the MediaCentral Cloud UX Installation Guide.

• Power Cycling and Maintenance Mode
• MediaCentral Cloud UX System Maintenance
• Copying Software to the MCUX Server
• Mounting an ISO Image
• Using the vi Editor
• Version Information
• Customizing the User Experience
• System Drive Partitioning
• Disk Usage Report
• MediaCentral Cloud UX Services
• MediaCentral Cloud UX Clustering
• MediaCentral | Hoverscrub
• Working with the Search App
• Working with MongoDB
• Backing Up the PostgreSQL Database
• Reconfiguring the Docker Bridge Network
• Importing Custom Logging Data
• Card Placement in MCUX Servers
Power Cycling and Maintenance Mode

As you know, the Kubernetes software installed on a MediaCentral Cloud UX server manages
resources to ensure continual operation of the system. If a highly available service goes down for any
reason, Kubernetes identifies the missing service and restarts it.
In most cases, you should not need to reboot or shut down a MediaCentral Cloud UX server. Avid
does not recommend performing a full shutdown of the system — especially in clusters where a full
shut down or reboot is often unnecessary as services are distributed across multiple nodes. If you
need to complete a task on a particular node that might result in an interruption of service to the
users, Kubernetes includes a command that allows you to put a node into a maintenance mode. This
command drains the Kubernetes managed resources from the node so that you can perform any
required maintenance tasks. After the maintenance is complete, you add the node back as a managed
resource.
If you must shut down or reboot a node, you must put the Kubernetes controlled resources into
maintenance mode first. This is required for both single-server and cluster configurations, but it is
especially important in cluster configurations. This avoids the possibility of Kubernetes attempting to
restart a service that was intentionally shut down.
This section includes information on how to put a server into maintenance mode and how to reboot or
shut down a MediaCentral Cloud UX server. These processes apply to both single-server and cluster
configurations. For additional information on rebooting a clustered node, see “Rebooting a
MediaCentral Cloud UX Cluster” on page 270.
If your installation includes MediaCentral Phonetic Index, the processes described in this section do
not apply to the Search Grid server. You are not required to shut down or boot the Search Grid server
at any specific point in the MediaCentral Cloud UX power-up or power-down cycle. When both
systems are fully available (after a power-up), they begin to communicate automatically.
For information on additional Kubernetes commands and cluster management, see:

https://kubernetes.io/docs/tasks/administer-cluster/cluster-management/
c If you take a single-server or entire cluster offline, you must wait a number of minutes (up to 30
minutes depending on your configuration and deployed feature packs) before attempting to
access the MediaCentral Cloud UX through your web browser. This allows time for Kubernetes
to restart all the pods and services on the required node or nodes.
MediaCentral Production Management Note
While you can restart a MediaCentral Cloud UX server without an impact to the Production
Management, the reverse is not true. If you need to reboot the MediaCentral | Production Index
(Media Indexer) server(s), you must sign in to Kubernetes and delete the pods related to playback.
Complete the following process to restart these pods:
1. Sign into Kubernetes.
2. Enter “playback” in the search tool at the top of the screen.
One or more avid-playback-<value> pods are listed in the search. If you have a single-server,
you should see only one pod. If you are running a clustered configuration, you should see
multiple pods.
3. Click on the menu to the right of the pod to delete each of the playback pods.
The Kubernetes management system detects that the pod has been deleted and automatically
creates a new pod to replace it.
4. Repeat the steps above to delete the avid-render-<value> pod.
250
Putting a Node in Maintenance Mode

The following process applies to single-server configurations or to a single node in a MediaCentral
Cloud UX cluster.
To put a single-server or cluster node into maintenance mode:

1. Use an SSH client such as PuTTY to access the node that you want to put into maintenance
mode. For details, see “Logging in to CentOS for the First Time” on page 55.
2. Enter the following command to put the node into maintenance mode:
avidctl node offline
This command drains all services from the node and prevents Kubernetes from scheduling new
services on it. This command also shuts down host services (like docker and kubelet) and deletes
local data (e.g. caches) on the node, but it does not delete Database information.
3. Perform any maintenance tasks on the node as needed.
4. Bring the node back online using the following command:
avidctl node online
5. Wait a few minutes and then enter the following command to obtain the status of the Kubernetes
node or nodes:
kubectl get nodes
column and the status of each node should report as Ready. The following example text shows a
three node cluster configuration:
6. After the nodes report as Ready, enter the following command to obtain the status of the
individual pods:
kubectl get pods
Before you release the system back to the users, you should verify that all pods report as
Running. Although these status values do not guaranty that all pods are started and ready, it is a
good indicator of the system health.
Rebooting or Shutting Down a Node

The following process applies to single-server configurations or to a single node in a MediaCentral
Cloud UX cluster.
To reboot or shutdown a single-server or cluster node:

1. Use an SSH client such as PuTTY to access the node that you want to put into maintenance
mode. For details, see “Logging in to CentOS for the First Time” on page 55.
2. Enter the following command to put the node into maintenance mode:
avidctl node offline
251
This command drains all services from the node and prevents Kubernetes from scheduling new
services on it. This command also deletes local data (e.g. caches) on the node, but it does not
delete Database information.
3. Enter one of the following commands to reboot or shut down the node:
t To reboot a node, type the following:
reboot
t To shut down a node, type the following:
shutdown -h now
4. After you reboot or power-on the server, you must enter the following command to bring the
Kubernetes resources back online:
avidctl node online
node or nodes:
kubectl get nodes
individual pods:
kubectl get pods
Power Cycling a MediaCentral Cloud UX Cluster

The following processes apply to clusters that are running MediaCentral Cloud UX v2018.11 or later.
n If you have an unexpected shut down due to an event such as a power outage where all nodes are
powered-down simultaneously, Avid recommends that you power-up all nodes at the same time and
allow the cluster to manage the role assignments. Note that an event of this nature might require you
to perform additional tasks to ensure that the system returns to normal operation.
To shut down all nodes in a MediaCentral Cloud UX cluster:

1. Enter the following command from any node to drain the Kubernetes controlled resources on all
nodes simultaneously:
avidctl node drain --all
nodes:
kubectl get nodes
252
When all nodes have been drained of resources, this command should report information similar
to the following:
wavd-mcux01 Ready,SchedulingDisabled <none> 10m v1.20.6
3. After all nodes report a Ready,SchedulingDisabled status, enter the following command on
all nodes to shut down the Cloud UX servers:
shutdown -h now
Avid recommends that you power-down the nodes in descending order. For example if you have
a four node cluster, you would shut down the nodes in the following order: 4 (worker), 3
(master), 2 (master), 1 (primary master).
To power-on all nodes in a MediaCentral Cloud UX cluster:

1. Power on all nodes in any order.
You do not need to power-on all nodes simultaneously, but all nodes at approximately the same
time is recommended.
nodes:
kubectl get nodes
This command should report information similar to the following:
Repeat this command as necessary. After all nodes report a Ready,SchedulingDisabled
status, continue to the next step.
3. Enter the following command from any node to bring the cluster out of maintenance mode:
avidctl node uncordon --all
nodes:
kubectl get nodes
individual pods:
kubectl get pods
253
MediaCentral Cloud UX System Maintenance
MediaCentral Cloud UX System Maintenance

Avid builds MediaCentral Cloud UX on the Linux (CentOS) operating system with server-class
hardware and multiple redundant systems, making it a very robust product. As such, MediaCentral
Cloud UX requires very little routine maintenance as compared to some other systems. The
following are just some of the elements that work together to reduce or eliminate standard
maintenance procedures:
• Linux cron jobs manage log files, automatically archiving, rotating, and deleting older logs as
newer log files are created.
• Self monitoring of the sdb volume ensures that you do not fill the drive to capacity with cached
media assets. After the system meets a certain threshold, older assets are deleted automatically. If
a user needs access to an asset whose proxy has been deleted, the systems creates new proxy
media automatically — “on the fly”. The same can be said for the MP4 proxy files used in the
Hoverscrub workflow.
• Kubernetes monitors Docker pods to automatically restart systems in the event of a failure. For
more information on this sub-system, see “Working with Kubernetes” on page 335.
• (optional) Clustering multiple MediaCentral Cloud UX servers not only increases the potential user
and stream counts, but enables high availability of many systems in the event of a hardware failure.
While many of these systems are fully automated, Avid highly recommends that system
administrators deploy the optional system monitoring services to help ensure that any potential issues
are found and resolved quickly. Once installed, Administrators can use Grafana actively monitor
memory usage, disk space, and other system basics. For more information, see “Enabling System
Monitoring” on page 101.
Per “Power Cycling and Maintenance Mode” on page 249, Avid does not recommend performing a
full shutdown of the system — especially in clusters where a full shut down or reboot is often
unnecessary as services are distributed across multiple nodes. Avid also does not recommend “forced
failovers” for clustered configurations.
Avid recommends the following regular maintenance steps:

• Create periodical backups of the PostgreSQL and MongoDB databases. You can find more
information about these two processes at:
- “Working with MongoDB” on page 284
- “Backing up the Mongo Database” on page 286
• Organizations that deploy self-signed certificates need to plan on recreating their certificates on a
recurring basis. The maximum validity period for these certificates is 397 days. After that period
expires, the certificate is considered invalid and a new one would need to be created. This same
guidance might also apply to organizations that create internally-signed certificates. For more
information, see “Creating Certificate Files” on page 69.
• If you are using Hoverscrub, run the proxy storage report to verify if you have an excessive
amount of small (<750k) proxy files. The frequency at which you run this script is heavily
dependent on your workflow (number of users, number of modules, etc). For more information,
see “Cleaning the Hoverscrub Cache” on page 274.
254

When working with MediaCentral Cloud UX, you might be required to copy software to or from the
MediaCentral Cloud UX server. This section details two methods for completing this task:
• Using an SFTP application on a client workstation
• Connecting a USB drive directly to the server
While the SFTP method might be preferred for ease of access, the USB method might be required for
some operations.
Copying Software Using an SFTP Client

Files can be copied to and from the MediaCentral Cloud UX server through the use of a secure shell
(SSH) file transfer protocol (FTP) client — commonly abbreviated SFTP. WinSCP© (Windows) and
muCommander© (macOS) are free, open-source clients that can securely copy files between Linux
and Windows or macOS operating systems. FileZilla®, another free open-source utility, can be used
in the same way and has the advantage of being available for both Windows and macOS.
The process below uses WinSCP as an example of an SFTP client.
To copy software using an SFTP client:

1. Download and install the WinSCP software on a Windows system that has network access to the
MediaCentral Cloud UX server.
WinSCP can be downloaded from the following location: http://winscp.net
2. Launch WinSCP.
3. Click the New button and enter the Host name (or IP address) of your MediaCentral Cloud UX
server, the User name (root), and Password.
4. Click Login.
The following warning message is displayed: “Continue connecting and add host key to the
cache?”
5. Click Yes.
The WinSCP interface is displayed. The left pane represents your source Windows system. The
right pane represents your MediaCentral Cloud UX server.
255
6. Use the left pane to navigate to the location of the files that you want to copy to the MediaCentral
Cloud UX server.
7. Use the right pane to navigate to the directory on the MCUX server where you want to copy the
files.
8. (optional) Create a directory structure on the MCUX server to organize your files.
a. Navigate to a location on the MediaCentral Cloud UX server where you want to create a new
directory.
In the example illustration above, the user has navigated to the /media directory.
b. Right-click in the right pane and select New > Directory.
c. In the “New folder name” field, type the name of the new directory and click OK.
n When manually creating folders, avoid spaces and other illegal Linux characters. Installations will
fail if spaces or illegal characters are encountered in the file path.
d. Double-click on the new directory in the right pane to navigate to it.

9. Drag and drop the files or folders you wish to copy from the left pane to the right.
Depending on your WinSCP settings, you might see a dialog box asking if you want to copy the
files to the remote directory. If asked, click Copy.
10. After all desired files or folders have been copied, close WinSCP.
Copying Software Using a USB Drive

For simply mounting and unmounting a USB drive, follow the process below and eliminate steps 7,
8, and 9.
To copy software using a USB drive:

1. Insert the USB drive into the MediaCentral Cloud UX server.
2. Enter the display message command in the Linux console to verify the name of the device:
dmesg
Information relating to the hardware appears on the screen.
Information for the USB drive will appear near the end of the output, near the list of SCSI
devices. The name of the USB drive is found inside square brackets (for example, sdc). This is
the name you use to mount the drive.
The dmesg command displays a great deal of information which can be difficult to review, given
the limited size of the VM display window. You can reduce the amount of information that
dmesg returns by using the Linux grep command to show only items that contain certain text
(such as “sd”) and the more command to display only one page of information at a time. The
following command can be used as an alternative:
dmesg | grep sd | more
Press the space bar to display additional pages.
3. Create a mount point for the USB drive:
mkdir /media/usb
If you have completed this process at least once before, the /media/usb directory should
already exist.
256
4. Mount the USB drive to the mount point:

mount /dev/sdc1 /media/usb
In this example, the name of the USB drive, sdc uses a 1 (one) in the mount command. This
indicates that a partition exists on the drive. When the USB drive was formatted, the partition
was created.
The USB drive is now mounted and available for use.
5. Verify that the USB drive is mounted:
df -h
Information is displayed about all mounted file systems and devices, and should include
information about the USB drive, similar to the following (some output omitted for clarity):
Filesystem Size Used Avail Use% Mounted on
/dev/sdc1 7.5G 5.3G 2.2G 71% /media/usb
6. Enter the following command to navigate to the USB mount point:
cd /media/usb
7. (optional) Create a directory structure on the MCUX server to organize your files:
mkdir /<path>
Where <path> is the name of the directory that you want to create. For example, to create a new
“installers” directory in the /media folder, you would enter the following command:
mkdir /media/installers
n When manually creating folders, avoid spaces and other illegal Linux characters. Installations will
fail if spaces or illegal characters are encountered in the file path.
8. Copy files to the MediaCentral Cloud UX server:

t For a single file:
cp filename /<path>
t For a folder:
cp -R foldername /<path>
9. Once you have finished copying your files, you must navigate away from the current directory.
CentOS cannot unmount the USB drive if it is the current active directory. Type the following to
navigate to the /root home directory:
cd
10. Unmount the USB drive from the server:
umount /<path>
For example:
umount /media/usb
11. Remove the USB drive from the server.
257
Mounting an ISO Image
Mounting an ISO Image

During the installation process, you are required to mount an ISO image on the server. This section
details three different methods for mounting an ISO.
To mount an ISO from a USB drive:

1. Connect a USB drive created from an ISO image to your server.
See “Creating the MCUX Installation Media” on page 23 for more information.
2. Enter the following command to mount the drive to a mount point on your server:
mount /dev/<volume> /<mount>
In this command <volume> is the volume name associated with the USB drive and <mount> is a
mount point on the server. For example, the following command uses a USB drive at “sdc1”
mounted to the “/sysinstall” directory.
mount /dev/sdc1 /sysinstall
If you do not know what volumes are present on your system, you can enter parted -l in the
Linux console to display a list of available volumes.
3. After you are finished using the device, you can unmount the USB drive by entering the
following command:
umount /<mount>
After this command has been executed, you can remove the USB drive from the server.
To mount an ISO from an optical drive:

1. Add a disc created from an ISO image to your server’s optical drive.
2. Enter the following command to mount the ISO media:
mount -o ro /dev/cdrom /<mount>
In this command <mount> is a mount point on the server. For example, the following command
mounts the ISO to the “/sysinstall” directory.
mount -o ro /dev/cdrom /sysinstall
3. After you are finished using the device, you can unmount the USB drive by entering the
following command:
umount /<mount>
After this command has been executed, you can remove the disk from your server’s optical drive.
To mount an ISO as a file:

1. Copy the ISO file to a directory on the MediaCentral Cloud UX server such as /tmp or /media.
2. After the ISO file is copied to the server, use the following command to mount the ISO:
mount -o ro /<path>/<filename> /<mount>
For example:
mount -o ro /media/mediacentral_feature_packs_<build>.iso /features
3. After you are finished using the ISO, you can unmount it by entering the following command:
umount /<mount>
258
Using the vi Editor
Using the vi Editor

Linux features a powerful text editor called vi. To invoke the command, type “vi”, followed by the
target file. If you are not in the directory containing the file to be edited, you must also enter a file
path.
vi [path]/<filename>
vi operates in one of two modes, insert mode and command mode. Insert mode lets you perform text
edits – insertion, deletion, etc. Command mode acts upon the file as a whole – for example, to save it
or to quit without saving.
• Press the “i” key to switch to insert mode.
• Press the colon (“:”) key to switch to command mode.
The following table presents a few of the more useful vi command mode commands:
Key Press Description
: Prefix to commands in command mode
:wq Write file and quit vi (in command mode)
:q! Quit without writing (in command mode)
The following table presents a few of the more useful vi insert mode commands:
Key Press Description
i Insert text before the cursor, until you press <Esc>
I Insert text at beginning of current line
a Insert text after the cursor
A Insert text at end of current line
w Next word
b Previous word
Shift-g Move cursor to last line of the file
D Delete remainder of line
x Delete character under the cursor
dd Delete current line
yy “Yank” (copy) a whole line in command mode.
p Paste the yanked line in command mode.
<Esc> Turn off Insert mode and switch to command mode.
For more information on vi commands, see the following link:
https://www.cs.colostate.edu/helpdocs/vi.html
259
Version Information
Version Information
This section includes information on how to get version information on various aspects of your
MediaCentral Cloud UX system.
Platform Version
Enter the following command to determine the version of the Platform ISO currently installed in your
server:
avidctl version
This command provides information on the version of the avidctl tool as well as the Platform version.
The output should look similar to the following example:
Version: 2020.4.0-733_ffc448c
Platform Version: 2020.4.0-258_86c7345
Alternatively, you could also enter the following command to show just the Platform version:
cat /etc/service-host-version
Feature Packs
You can enter the following command to list the installed feature packs:
helm ls
CentOS
You can enter the following command in the Linux console to determine your installed version of
CentOS:
rpm -qa centos-release
Docker Images
If you need to determine the version of any container image, you can enter the following command to
display a list of images installed on the system:
avidctl platform devtools show-images
The system responds with a list of images similar to the following:
avidregistry.azurecr.io/mcs_stage/avid-acs-attributes:3.6.5_2_gb0fd7fc
avidregistry.azurecr.io/mcs_stage/avid-acs-broker:3.2.0_42_g058d844
avidregistry.azurecr.io/mcs_stage/avid-acs-federation:3.5.12_2_gc39e59d
avidregistry.azurecr.io/mcs_stage/avid-acs-gateway:3.11.9_11_g7970262
...
Elasticsearch
You can enter the following command to list the installed version of Elasticsearch used by the Search
app. However, note that the version of Elasticsearch used with Avid System Monitoring might be
different. For more information, see “Enabling System Monitoring” on page 101.
260
Customizing the User Experience
avidctl platform devtools show-images | grep avid-elasticsearch
In the following example output, the server is running Elasticsearch v6.8.23:
<path>/mcs_stage/avid-elasticsearch:6.8.23_2022.3.0_20220304_132237

This section includes a set of procedures that administrators can follow to customize either the
system operation or the MediaCentral Cloud UX user interface.
The following topics are included:

• “Adding Custom Graphics” on page 261
• “Adding Custom Icons” on page 262
Adding Custom Graphics

MediaCentral Cloud UX allows you to customize the user experience by giving you the ability to
personalize the welcome screen and the Fast Bar with a custom graphic, such as your corporate logo.
The following illustration provides an example, showing the “WAVD” logo on the welcome screen.
After you sign-in to MediaCentral Cloud UX, the logo appears in the upper-right corner of the Fast Bar.
If you want to add a custom graphic, the file used for this process must adhere to the following
specifications:
• File Name: The file must be named exactly as the following: customer-logo.svg
• File Type: The file must be saved in the .svg (Scalable Vector Graphics) format.
• File Attributes: In order for the Chrome browser to display the graphic, the xlink:href
attribute of the SVG file must be configured as data:image and not data:img.
261
You can use the Elements tab of the Chrome Developer Tools to verify if your file is created
correctly. The following example illustration shows this attribute.
• Bit Depth: Any

• Size: The graphic can be any size. However when presented on screen, the image is adjusted to
the following dimensions:
- Maximum width: 70px (Fast Bar)
- Maximum height: 40px (Fast Bar)
- Maximum width: 100px (Welcome screen)
- Maximum height: 100px (Welcome screen)
• Alpha: Graphics are supported with or without an alpha channel
To add a custom graphic:

1. Log in to the MediaCentral Cloud UX server as the root user.
If you are running a clustered configuration, you must log in to one of the cluster master nodes.
2. Copy the graphic to the /mnt/gluster-cache/icon-server-public folder.
3. Access MediaCentral Cloud UX through a new browser window, or refresh your existing
instance to see your custom graphic.
Adding Custom Icons

MediaCentral Cloud UX allows organizations to upload custom icons that can replace the default
system iconography. For example, the strata icons that appear in the Timeline view of the Search
app’s In-Line Hits window use the same icon for all Asset Management strata types by default. An
organization might want to upload custom icons for the different strata types to make it easier for
users to differentiate between them.
If you are familiar with Asset Management, you might be aware that you can define thumbnail
placeholder icons to be displayed in Asset Management Desktop and Workspace Management
folders as identifiers for classes (asset types). However, this process has no effect on the icons that are
displayed in MediaCentral Cloud UX. For more information on that process, see “Defining
Placeholder Icons for Classes” in the MediaCentral | Asset Management Datamodel Administrator
User’s Guide.
Avid supports the ability to alter the following icon types:

• Asset Type Icons
These icons appear in multiple apps, such as Browse, Search, Associations, and others. They
normally adhere to the following naming convention: type-asset.<object_name>.svg
For example:
262
• Association (Relation) Type Icons

These icons are returned by the MediaCentral module’s connector (CTC). When the icon registry
calls for the image, the file name includes a relation (parent / child) or direction (forward /
reverse). They normally adhere to the following naming convention:
<association_type>.<relation or direction>.svg. For example:
• Search Strata Icons

These icons appear in the Search app. They normally adhere to the following naming convention:
<stratum_ID>.svg. For example:
When creating custom icons, you must meet the following requirements:
• File formats: *.svg
• File names must include all lower-case characters, even if the original layer ID or asset type uses
upper case letters.
• Avid expects the icon to be of a square aspect ratio. However the system automatically scales the
image to the following, so absolute dimensions are less important:
- Small icons: 18 x 18 pixels
- Large icons: 36 x 36 pixels
The svg files are used as a CSS mask-image. This means that both fill and stroke colors are ignored
and the alpha channel is filled with the gray from the MediaCentral Cloud UX color theme.
Folder Structure and Default Icon Usage
The icon registry always looks at the end of the file path first. If it does not find an icon at that
location, it checks the parent folder in the hierarchy until it finds a match. For example, consider the
following path for an icon used in the Associations app:
/mnt/gluster-cache/icon-server-root/interplay-mam/relations/12345678/
episodeversion_uses_stockfootage.forward.svg
263
In this case the path includes a MediaCentral module type (interplay-mam), and the ID of a specific
MediaCentral Asset Management system (12345678). The icon registry looks for the file in the
12345678 folder first. If it doesn’t find it there, it travels back up the folder path until it finds a
match...ultimately landing at the /icon-server-root/ folder if necessary.
To upload custom icons to MediaCentral Cloud UX:

1. Verify the asset ID or icon name. You might complete this task in one of two ways:
t Sign into MediaCentral Cloud UX. Then open a second tab in your browser to access the
MediaCentral Cloud UX “Icon test” page:
https://<your_MediaCentral_CloudUX_hostname>/icon-registry/icon/index.html
This page displays a list of all known svg icons and their names. If you want to replace an
existing icon, you will need to know the name of the asset type as defined on this page.
t Connect to your source MediaCentral module and verify the layer ID for your asset. The
icon filename must match the layer ID provided in the metadata namespace.
2. Create your custom svg icon and copy the file to one of the locations listed below.
You can complete this step from any master node, as Gluster will replicate the icons to all other
master nodes automatically.
n When creating a new folder, you might need to initialize the directory structure with the following
command: mkdir -p /mnt/gluster-cache/icon-server-root/<path>
t If the icon applies to all areas of the user interface, copy the file to the following location:
/mnt/gluster-cache/icon-server-root/
t If the icon applies to a specific app, copy the file to the following location:
/mnt/gluster-cache/icon-server-root/app/<app_name>/
You can verify the name of the app by selecting it in MediaCentral Cloud UX and then
checking the URL in your browser. For example, the Bookmark app appears as avid-ui-
bookmark in the URL.
Example: /mnt/gluster-cache/icon-server-root/app/collaborate/van.svg
t If the icon applies to a specific system type, copy the file to the following location:
/mnt/gluster-cache/icon-server-root/app/<system_type>/
The <system_type> defines the MediaCentral module or system type. Potential example
values include: interplay-mam, interplay-pam, inews, or others.
Example: /mnt/gluster-cache/icon-server-root/interplay-pam/type-root.svg
t If the icon applies to the Search app for any system that defines layers (a.k.a. strata or time-
based metadata) in their metadata namespace, copy the file to the following location:
/mnt/gluster-cache/icon-server-root/app/search/tbmd/<stratum_ID>
Example: /mnt/gluster-cache/icon-server-root/app/search/tbmd/
compliance.svg
t If the icon applies to the Associations app, copy the file to the following location:
/mnt/gluster-cache/icon-server-root/<system_type>/relations/<system_id>
In this case, the following values are optional:
<system_type>: Defines the MediaCentral module or system type. Potential example
values include: interplay-mam or interplay-pam.
264
System Drive Partitioning
<system_id>: This is the system ID for a specific MediaCentral module. If you define this
value, your custom icon is associated with this specific module only.
3. Sign in to MediaCentral Cloud UX using your web browser to verify that you see the updated
iconography.
If your custom icons are not displayed, you might need to clear your browser cache.
System Drive Partitioning

When you install MediaCentral Cloud UX, the system volume (sda) is divided into two partitions —
boot and lvm. You can determine the size of the partitions using the following command:
parted -l
The following shows an example output of this command:
[root@wavd-mcux01 ~]# parted -l

Model: HP LOGICAL VOLUME (scsi)
Disk /dev/sda: 107GB
Sector size (logical/physical): 512B/512B
Partition Table: msdos
Disk Flags:
Number Start End Size Type File system Flags

1 1049kB 525MB 524MB primary xfs boot
2 525MB 107GB 107GB primary lvm
In addition to the sda volume, the parted command shows you information about all volumes on your
server including optical drives, RAID 5 volumes, and more.
If your disk or partition reports that it is getting close to full, you can obtain more details on the disk
and folder structure using the “Disk Usage Report” on page 265.
Disk Usage Report

As with any computer system, you never want to allow a disk to get to a state where it is full or close
to full. To assist you in determining how much of your internal storage is being used and to identify
the areas of heaviest use, Avid includes the following script:
avidctl tools disk-usage
This command provides you with information on databases, containers, and other directories that are
known to take significant disk space. In most cases, you should not need to manually intervene to
increase the available disk space. If you find that a particular directory or system is taking an
abnormal amount of space, Avid recommends that you contact Avid Customer Care before taking
any actions to reclaim disk space.
265
MediaCentral Cloud UX Services
MediaCentral Cloud UX Services

MediaCentral Cloud UX is built on CentOS and depends on many of the core services included in
that operating system. However, Avid’s software deployment adds a number of additional services
that work together to create MediaCentral Cloud UX.
The following list details a number of these services.
Service Name Node Role Description
kube-apiserver Masters only See https://kubernetes.io/docs/reference/command-line-tools-

reference/kube-apiserver/.
kube-controller-manager Masters only See https://kubernetes.io/docs/reference/command-line-tools-

reference/kube-controller-manager/.
kube-scheduler Masters only See https://kubernetes.io/docs/reference/command-line-tools-

reference/kube-scheduler/.
kubelet Masters / Workers See https://kubernetes.io/docs/reference/command-line-tools-

reference/kubelet/.
docker Masters / Workers For more information on Docker and container technology, see
https://www.docker.com/.
glusterd Masters / Workers Glusterfs is used to enable shared storage repository for cached
assets (for playback), docker registry, draft sequence
information, helm chart repos, and more. Glusterfs is installed
and enabled in both single-server and clustered environments.
keepalived Masters only In clustered environments, this service manages the cluster IP
address.
This service is stopped and disabled on single node installations.
etcd Masters only ETCD is a database that is used by Kubernetes to store all
configuration and cluster states. The database is replicated
(active/active) and runs on all master nodes in the cluster.
avid-nexis-agent Masters / Workers The Avid NEXIS Client is managed by the NEXIS Agent
service. The NEXIS Agent is responsible for monitoring the
NEXIS configuration in Kubernetes and for mounting the
NEXIS workspaces.
In CentOS, you can start, stop, and get the status of services using the following commands:
• systemctl start <service-name>
• systemctl stop <service-name>
• systemctl status <service-name>
You can enter either of the following command to obtain a list of system services:
• systemctl list-unit-files --full
• systemctl list-units --type service --all
266
MediaCentral Cloud UX Clustering
Although not applicable to some basic CentOS system services, MediaCentral Cloud UX includes a
monitor service that ensures that other services are restarted automatically in the event that a failed
(stopped) service is detected. If you need to manually stop any service related to the MediaCentral
Cloud UX system, you must first stop the monitor service so that it does not attempt to restart the
service automatically.
• You can verify the list of monitored services using the following command: monit summary
• You can stop the monitor service with the following command: systemctl stop monit
• When your manual configuration or maintenance work is complete, restart the monitor service:
systemctl start monit
If you plan to work with one or more services, it might be more efficient (and safer) to put your
system or node into maintenance mode. For more information, see “Power Cycling and Maintenance
Mode” on page 249.

This section includes the following topics:
• Clustering Overview
• High Availability vs Failover
• Rebooting a MediaCentral Cloud UX Cluster
Clustering Overview
As referenced in “Understanding Docker Containers and Kubernetes” on page 20, MediaCentral

Cloud UX clusters consist of three or more nodes. The first three nodes in a cluster serve as both
master and worker nodes. Any additional nodes (4+) operate as worker nodes only.
Master nodes run services and databases that are critical to the operation of the system. These nodes
also run services found on worker nodes. Worker nodes run services such as playback for increased
performance and system load, but they do not host databases and core system services. If a non-
master worker node goes offline, system performance might be affected — but not system
availability.
n If Hoverscrub, System Monitoring, or any other single-instance services are deployed and the host
node is lost, those services remain unavailable until the node is restored. For more information, see
“High Availability vs Failover” on page 268.
As referenced in “Before You Begin” on page 16, each MediaCentral Cloud UX node is associated
with a dedicated IP address. However, cluster configurations also include a cluster IP address which
is used internally by the cluster and externally by users connecting to the system. The cluster IP
address is managed by the keepalived service which runs on all master nodes. Although running on
multiple nodes, the IP address is managed by only one node in the cluster (at any one time). If you
stop this service on the node currently managing the resource, the management of the IP address is
migrated to a different node.
You can verify which node is currently managing the cluster IP by entering the ip addr command
on each node. When you enter the command on the node that is managing the cluster IP, the output of
the command shows two IP addresses for the primary network adapter.
267
In the following example, 192.168.10.51 is the static IP of the server and 192.168.10.50 is the cluster
IP address.
2: ens192: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000

link/ether 00:20:16:94:3f:9d brd ff:ff:ff:ff:ff:ff
inet 192.168.10.51/26 brd 192.168.10.1 scope global ens192
inet 192.168.10.50/32 scope global ens192:0
c In the event that the cluster IP is migrated to a new node, administrators should expect a
temporary outage (~5 - 20 minutes) of any system or service that connects through the
MediaCentral gateway. Examples of such systems are MediaCentral Production Management,
MediaCentral Asset Management, and others. Users might also be signed-out of their current
session and returned to the MediaCentral Cloud UX login page. While users might still be able
access MediaCentral Cloud UX, gateway connected systems remain unavailable until the
cluster IP is available on the new node.
Be aware that the amount of down-time can vary based on your hardware configuration, system
resources, as well as the number of feature packs deployed on your system. As described above,
resource such as the cluster IP can also play a factor on the length of the outage.
The Cluster IP is assigned to a master node only after the “core application” (core feature pack) is
deployed and running. You cannot connect to a MediaCentral Cloud UX cluster through this virtual
IP address before this system and its dependencies are available.
High Availability vs Failover
Since MediaCentral Cloud UX runs with three master nodes, you should not associate the term
“failover” with this system. The first three nodes in a cluster are all master nodes. If a node is lost,
there is no failover of services to another node. The other two master nodes are already running at
least one copy of all high-available services that were running on the lost node. In most cases, you
can lose one master node and still continue to operate normally. If you lose more than one master
node, the system will be offline until the situation is resolved.
c The loss of any master node is a serious situation and must be resolved immediately. While
MediaCentral Cloud UX includes multiple technologies that are intended to restore
functionality automatically, manual interaction might be required to get the system back into a
fully operational state.
Kubernetes verifies that at least two copies of each high-available service is running at all times. If
Kubernetes detects a single instance of any service, it schedules another instance on whichever node
is not already running the service. However, not all services are scaled for high-availability. These
single-instance systems and services are only ever configured on one node and break down into two
categories:
• Single-Instance
Although these services run only on one node at a time, Kubernetes is still aware of them. If a
single-instance service is lost, Kubernetes schedules the service to start on another master node.
As the service is not highly available (already running on another node at the time that it goes
down), you are likely to experience a service outage until the new pod (service) is started.
268
• Single-Instance Explicit
Explicit services are configured one only one node and are not capable of moving to a new node.
If the node that is hosting the service goes offline, that service remains offline until the node is
restored. The node on which these services are installed is often configured by an administrator.
Hoverscrub and System Monitoring are examples of these types of services.
The following is a partial list of systems and services that are not highly available:
System Services
• avid-pam-search-connector: This service pulls data from Production Management and pushes it
to Kafka. Production Management assets added to the Production database will not be found
through MediaCentral Cloud UX while this system is down.
• avid-indexer: This service is responsible for pulling new data from Kafka and pushing it to
Elasticsearch and MongoDB. While important for long term use of the system, a temporary
outage of this service might be imperceptible by the majority of the end-users.
If Kafka is not processing any messages at the time of the outage, there are no long-term effects.
Kafka will begin processing messages where it left off when the service is restored. However, if
Kafka is actively processing a message and the node running the avid-indexer service is lost, you
might see any of the following side-effects:
- Missing assets in the search results
- Taxonomy creation/update and/or Metadata Namespace creation/update
- CBA Rules (Create/Update/Delete)
- Asset Locations (Production Management Asset Visibility)
- Search results include assets that have been deleted on the source asset management system
- Outdated phonetic manifest
If this occurs, you must rebuild your search index by Rebuilding All Indices (with the delete
option) through the Search Index Monitor app to ensure that all data is synchronized.
• avid-pam-ctc: This service includes both avid-pam-ctc and avid-pam-ctc-archiv. If unavailable,
access to MediaCentral Production Management or MediaCentral Archive Production
(respectively) will be lost.
• avid-draft-sequence: Loss of this service disables the Mixed Sequence Editing.
• avid-asset-logger-ctc: Loss of this service disables features related to the Log app.
• avid-mam-actions and avid-mam-processes: Loss of these services affect the ability to use
features related to MediaCentral Asset Management.
Hoverscrub
• avid-webproxy-generator, avid-webproxy-manager, avid-webproxy-nginx
System Monitoring
• For more information, see “Enabling System Monitoring” on page 101.
Nexidia Search Grid server

• The Search Grid server does not currently support high availability features. If the Search Grid
server is down, Phonetic Index will not be available. For more information, see “Installing
Nexidia Search Grid” on page 121.
269
If you need to shut down or put a master node into maintenance mode, Avid recommends that you
perform this task during a maintenance cycle. You can use the Kubernetes Dashboard to determine
on which node these single-instance services are running.
Rebooting a MediaCentral Cloud UX Cluster
In most cases, you should not need to reboot or shut down the MediaCentral Cloud UX servers.
However, there are circumstances such as a planned power outages or other scenarios that might
require you to reboot or shut down the system.
The general rule of thumb for completing these actions is that you follow a controlled-down / all-up
approach. If you have a four node cluster, Avid recommends that you power-down the nodes in
descending order: 4 (worker), 3 (master), 2 (master), 1 (primary master). When starting-up the
system, power-on all nodes at the same time (they don’t need to all start simultaneously, but close to
the same time). The primary reason for this is to ensure that the RabbitMQ queues are written and
saved correctly during the shut down process. On power-on, the nodes form a quorum to verify the
last known RabbitMQ instance and powering all nodes up simultaneously is the fastest way to
achieve that verification.
If you need to reboot a node, note the following:

• Worker nodes can be rebooted at any time. You can reboot multiple worker nodes
simultaneously. Be aware that system playback performance could be affected while the node or
nodes are offline.
Clients that were connected to the rebooted node might need to refresh their browser to establish
a connection to a new playback node.
• Avid does not recommend shutting down a master node unless you are doing so during a
dedicated maintenance period.
• If you first verify that single-instance, critical services are unaffected, it is possible to reboot a
master node. For instance if you verify that all single-instance, critical services are running on
the primary master node, you can reboot nodes two or three — but only one at a time.
You must make sure that the first master node is fully operational before rebooting a second
master node. If you do not, you could create a situation where MediaCentral Cloud UX is
inaccessible for a period of time. You must have at least two master nodes up and fully functional
at any one time.
• When rebooting or taking a master node offline, users will encounter an interruption of service if
the cluster’s “keepalived” service is forced to migrate to a new node. This service manages the
cluster IP address. Users are not disconnected from the system and they should not lose any work
during this period. If the user encounters a problem when performing a certain action, the system
generally displays an error or warning message. If this occurs, users must wait for the gateway
connected systems to become available before they can successfully perform the action that
generated the error message.
• If you know that you are experiencing a problem on a master node, do not reboot, shut down, or
put into maintenance mode other master nodes. Instead, Avid recommends troubleshooting the
problematic master node. If you take down another master node, you risk losing user access to
MediaCentral Cloud UX across the cluster until the original issue is resolved. Additionally, you
might encounter an error when rebooting the other mater nodes, similar to the following: “The
system was reset due to a timeout from the watchdog timer.”
For details on rebooting a clustered node, see “Power Cycling and Maintenance Mode” on page 249.
270
MediaCentral | Hoverscrub
MediaCentral Hoverscrub creates low resolution, video-only, MP4 files from assets included in
MediaCentral modules such as MediaCentral Production Management and MediaCentral Asset
Management. These proxy files are accessed when viewing assets in the Results area (Card view
only) of certain MediaCentral Cloud UX apps such as Browse, Search, or others. The following
image shows Hoverscrub in action with a vertical bar indicating the scrub position in the asset:
For more information, see “Using the Hoverscrub Feature” in the Avid MediaCentral | Cloud UX
User’s Guide.
Hoverscrub polls the MediaCentral Search index every two minutes (by default) to find either newly
created assets or modified sequences, and automatically creates a maximum of up to 50 proxies
during this period. This cycle repeats every two minutes with a five minute sliding window.
If for example you create 250 new assets in a five minute period, Hoverscrub could automatically
process 150 of those assets at maximum. Proxies would not be created automatically for the
remaining 100 assets as they would be beyond the five minute sliding window.
Each MP4 proxy file is created with approximately 170 representative frames at 170 pixels wide —
no matter the size of the original asset. The size of each proxy generally ranges between 200 kB and
2.x MB in size, depending on the compression rate of the original content.
This automatic proxy generation process applies only to assets created after the initial configuration
of the MediaCentral Cloud UX system. If you install MediaCentral Cloud UX into an environment
with existing Asset Management or Production Management assets, the system does not perform an
initial “burst” to create proxies for the existing assets.
If the automated process does not create a proxy for a particular asset, the media is created on
demand when a user begins to attempt to scrub the asset. The first time you scrub an asset, it can take
a moment for the proxy media to become available. After the proxy media is created, subsequent
requests to scrub the same asset are much faster. In this release, the MP4 proxy files are stored on the
Hoverscrub node at: /mnt/gluster-cache/hoverscrub. If you are running a cluster configuration,
this storage is shared with the other nodes.
The MediaCentral Hoverscrub services run on the same server as your MediaCentral Cloud UX
services. The Hoverscrub node runs four concurrent video render processes by default. If you enable
the Hoverscrub option in the avidctl platform deploy script, Hoverscrub is enabled on either
your single-server or one of the nodes in your cluster. If you enable Hoverscrub and you do not have
an associated license, the feature is disabled. If the Hoverscrub node is taken offline, the ability to
scrub assets is disabled.
Avid does not support configuring Hoverscrub on more than one node in any single MediaCentral
cluster. Hoverscrub does not support Edit While Capture (EWC) assets; assets must be fully online
before an MP4 proxy file can be created.
271
For troubleshooting information, see the Avid Knowledge Base at: https://avid.secure.force.com/pkb/
articles/en_US/Troubleshooting/Avid-MediaCentral-Hoverscrub-Troubleshooting.
Reconfiguring Hoverscrub
In cluster configurations, the avidctl platform deploy script assigns the Hoverscrub role to a
single node in the cluster. The role is often assigned to the last node that you add to the cluster when
running the avidctl platform host-setup script. If the script does not assign the Hoverscrub
role to your desired node, you can use the following process to move the role to a different node.
To reconfigure Hoverscrub:
1. Enter the following command to list the node on which Hoverscrub is currently running:
kubectl get node -l hoverscrub=true --show-labels
The following shows an example output of this command (some labels not shown):
NAME STATUS ROLES AGE VERSION LABELS
wavd-mcux03 Ready <none> 35m v1.20.6 ...hoverscrub=true
Since Avid supports running Hoverscrub on only one node at a time within a cluster, the
command should list only one node.
2. Enter the following command to delete the Hoverscrub role from the current node:
kubectl label nodes -l hoverscrub=true hoverscrub-
You must make sure to add the final dash “-” after hoverscrub in this command.
3. Enter the following command on any cluster master node to configure MediaCentral Hoverscrub
on a new node:
kubectl label nodes <node_name> hoverscrub=true
In this command <node_name> identifies the node that runs the Hoverscrub services.
For example:
kubectl label nodes wavd-mcux04 hoverscrub=true
After you run the command, the system reports the name of the Hoverscrub node:
node "wavd-mcux04" labeled
Altering the Hoverscrub Configuration

MediaCentral Cloud UX allows you to alter certain Hoverscrub configuration values to increase the
speed at which the proxy media can be created. Please note that altering either of these values could
have an impact to your system’s performance as each puts additional load on your system resources.
The following options are available:

• Concurrent Worker Count
If you need to create the MP4 proxy media for a large amount of assets at a faster rate, you can
increase the number of concurrent workers from the default of 4 to an alternate value. This
essentially increases the number of concurrent Hoverscrub render processes on your original
node. If you are running a cluster, this option does not distribute workers to additional nodes.
• Search Interval
This option allows you to increase the rate at which Hoverscrub looks for new assets. The default
refresh rate is 120 (seconds), but you can decrease this value to find new assets faster.
272
c Kubernetes config map changes are not saved following a software upgrade. If you alter the
config map, you will need to repeat this process following any software upgrade.
To increase the worker count:

1. Connect and sign in to the Kubernetes Dashboard.
For additional information, see “Accessing the Kubernetes Dashboard” on page 339.
2. Use the Search option at the top of the Dashboard to search for the “avid-hoverscrub” resources.
The search provides information on multiple aspects of the pod such as Config Maps,
Deployments, Pods, and more.
3. Click on the avid-hoverscrub link under Config Maps.
Detailed information about the config map appears in your browser to the right of the sidebar.
4. Click on the Edit button at the top-right side of the Kubernetes window.
The config map is opened in a Kubernetes text editor.
5. Enter the following new value in the JSON tab:
"AVID_WEBPROXY_GENERATOR_WORK_QUEUE_LIMIT": "<value>"
Where <value> is a numerical value between 1 and 20 that represents the number of concurrent
Hoverscrub render processes. For example:
"AVID_WEBPROXY_GENERATOR_WORK_QUEUE_LIMIT": "8"
6. Click the Update button to save your changes.
7. Enter the following command through a Linux console to activate your changes:
kubectl delete po -l feature=hoverscrub
To alter the refresh rate:

2. Use the Search option at the top of the Dashboard to search for the “avid-webproxy-manager-
hoverscrub” resources.
3. Click on the avid-webproxy-manager-hoverscrub link under Config Maps.
Detailed information about the config map appears in your browser to the right of the sidebar.
4. Click on the Edit button at the top-right side of the Kubernetes window.
The config map is opened in a Kubernetes text editor.
5. Enter the following new value in the JSON tab:
"AVID_WEBPROXY_MANAGER_SEARCH_POLLING_INTERVAL": "<value>"
Where <value> is a numerical value that represents the refresh rate in seconds. The value should
be greater than 10 to avoid unexpected behavior. For example:
"AVID_WEBPROXY_MANAGER_SEARCH_POLLING_INTERVAL": "30"
6. Click the Update button to save your changes.
7. Enter the following command through a Linux console to activate your changes:
kubectl delete po -l feature=hoverscrub
273
Cleaning the Hoverscrub Cache

During normal operation, Hoverscrub creates proxy files for your Production Management and Asset
Management assets. If you encounter an offline asset, Hoverscrub creates a Media Offline slide to let
you know that a proxy could not be created for the asset. Over time, these Media Offline slides can
build up — leading to unnecessary disk usage. The following script allows administrators to obtain
more information about the proxy files, as well as a method of deleting the proxy media.
n Avid does not recommend creating a custom cron job to automatically run this script as the job could
be I/O intensive for some systems.
To run the Hoverscrub report:

t Enter the following command from the Linux command line:
avidctl tools hoverscrub-clean -a
If you are running a cluster, you can run this command from any node, as the proxy files are
shared between the nodes. The following provides an example output of this report:
[root@wavd-mcux01 ~]# avidctl tools hoverscrub-clean -a
/media/web-proxy /opt/avid/sbin/avid-webproxy-generator
************************************
clean_hoverscrub_by_capacity report:
************************************
Actual volume capacity: 5% of max 95% for DIR: /media/web-proxy
Analyzing files...(1/4)
Total MP4 files: 760

Oldest MP4 file date: 2021-06-25+16:57:59.9746088790/media/web-proxy/c1a/
060a2b3400011100000b0013-00110-0000047lf710bc1-060e2b347f7f-2a80.mp4
Newest MP4 file date: 2021-11-16+17:09:06.4933442030/media/web-proxy/b93/
202111161807101010129157132225053C27A7FD0111024580B00211D0D000004.mp4
Hoverscrub MP4 files occupy 1.3G in total.
190 MP4 files smaller than 750k occupy 35M in total
To delete the Hoverscrub proxy files:

t Enter one of the following commands:
- avidctl tools hoverscrub-clean - e
The -e option tells the script to delete proxy files (oldest to newest) until the share reaches
95% free space. In the example report above, the share is already at 5% capacity.
- avidctl tools hoverscrub-clean - s
The -s option tells the script to delete all proxy files that are 750k or smaller. In most cases,
these are the Media Offline slides only. In the example above, that would be a 190 files.
As a reminder, if you delete any proxy media, the proxy files are regenerated the next time that
any user attempts to scrub the asset.
274
Working with the Search App

The MediaCentral search engine maintains three databases that work together to provide results to
user queries that originate from the Search app:
• MongoDB: This database is the master record for all search results.
• Elasticsearch: This database is used to perform Search queries and return results to the Search
app. The indexes contained in Elasticsearch are built from the MongoDB data.
Elasticsearch indexes can be split into primary and replica shards. If you have a cluster, the
system is configured for multiple primary shards which enable Elasticsearch to evenly distribute
the data across multiple nodes and thus take advantage of parallel processing. Replica shards
contain a copy of the data in the primary shards and allow the cluster to continue working if one
of the nodes goes down (redundancy). Replica shards also contribute to parallel processing.
MediaCentral Cloud UX v2021.3 and later configures one default shard and zero replicas for a
single-server, and six shards / one replica for a cluster.
• Kafka: Included as part of the MediaCentral Cloud UX v2019.6 release, Kafka® provides a
framework for storing, reading, and analyzing streaming data. Avid uses Kafka to process search
index data which is then consumed by the search engine. For more information on Kafka, see
https://kafka.apache.org/.
This section includes topics that allow administrators to manage and customize the Search app and
search engine:
• “Resetting the MediaCentral Search Index” on page 275
• “Deleting a Topic from Kafka” on page 280
• “Increasing the Elasticsearch Resources” on page 280
Resetting the MediaCentral Search Index

MediaCentral Cloud UX provides administrators with two methods for re-indexing the text-based
assets of connected MediaCentral modules. The first is available through the Search Index Monitor
app and the other is initiated through the CentOS command line interface.
n If you need to rebuild the metadata used by MediaCentral Phonetic Index, you must use the process
for “Resetting the Phonetic Metadata Search Index” on page 279. The Search Index Monitor app
does not include a process to re-index the phonetic metadata in this release of MediaCentral Cloud
UX.
Rebuilding through the Search Index Monitor App
As described in “Rebuilding an Index” on page 212, the app provides a method to rebuild the
Elasticsearch indexes. As long as you do not enable the “delete existing data” option, this process
does not affect the MongoDB or Kafka databases and is generally much faster than the command line
re-index process. Additionally, this method does not require you to complete any manual steps
directly on the connected MediaCentral modules.
If you plan to rebuild the indexes, Avid recommends that you use the Search Index Monitor app to
complete this process. However if for some reason you are unable to use the MediaCentral Cloud UX
user interface, you can enter the following command in a CentOS shell to execute the rebuild process
for All Sites and All Systems. This process deletes the MongoDB database, but not the Kafka data:
275
avidctl platform client search reindex-catalog -u <user> -p <password>
In this command, you must replace the <user> and <password> values with the user and password
of a member of the MediaCentral Cloud UX administrators group. For more information on this user
group, refer to the “Admin Group DN” value in “Configuring an Authentication Provider” on
page 78.
If you need more information, you can add the --help switch to the end of the command.
Re-indexing through Command Line
The command-line re-index process is slower than the Search Index Monitor app’s rebuild process,
but it provides a more complete re-index of the MediaCentral module’s databases. When you execute
the command line script, the master MongoDB databases are dropped and you must rebuild them
manually by completing tasks on the connected MediaCentral modules. When you initiate the re-
index script, you can select to drop or retain the Kafka database.
Use Cases
The following list provides some examples of when each process might be necessary. However, if
you are uncertain which process is required, contact Avid Customer Care for assistance.
• The MediaCentral Cloud UX documentation requires you to re-index.
In some cases the MediaCentral Cloud UX upgrade process might require a rebuild or re-index
of your search data. A re-index might be required if Avid modifies the Elasticsearch analysers or
if modifications are made to the standard Avid-provided metadata name-spaces. In these cases
the ReadMe provides you with specific instructions regarding the required processes.
• Incompatible metadata name-space changes. If for example a database field included in a
connected MediaCentral module is altered or deleted.
Complete the process for “Rebuilding an Index” on page 212 and select the delete option.
• The Search Index Monitor app reports index errors.
In this case you should attempt to resolve the errors using the retry process in the app. For more
information, see “Resolving Search Errors” on page 214. If that fails, verify that the MediaCentral
modules are functioning properly. If you find an error, complete the retry process again.
• The Search app returns assets that have been deleted in the source system.
Complete the process for “Resetting the Text Metadata Search Index with Kafka” on page 278.
• The Search app does not return assets that are known to exist on the source module.
Complete the process for “Resetting the Text Metadata Search Index with Kafka” on page 278.
• Errors in the Search Index Monitor app indicate that Elasticsearch is in read-only mode.
In this case you might need to contact Avid Customer Care for assistance to alter the
Elasticsearch configuration. After the issue is resolved, you can retry the index using the process
for “Resolving Search Errors” on page 214.
If your re-indexing task can be accomplished through the faster rebuild process, see “Rebuilding an
Index” on page 212 for more information. If you require a more complete reindex for all connected
MediaCentral modules, see the following processes for more information:
• “Resetting the Text Metadata Search Index (no Kafka)” on page 277
This process resets the text-based metadata search index located on the MediaCentral Cloud UX
server or cluster.
276
• “Resetting the Text Metadata Search Index with Kafka” on page 278
An alternate and more aggressive form of the process for resettings the text-based metadata.
• “Resetting the Phonetic Metadata Search Index” on page 279
This process resets the phonetic-based metadata search index located on the Search Grid server.
c If you are indexing multiple MediaCentral Modules, Avid does not recommend indexing
multiple modules simultaneously. You must index one module (Production Management for
example) before starting the indexing process on another module (Asset Management for
example). If you attempt to index multiple modules simultaneously, the indexing process could
fail. You can find more information about the index processes in the avid-indexer log files.
Resetting the Text Metadata Search Index (no Kafka)
This process resets the search index on the MediaCentral Cloud UX server or cluster. Clearing this
index has no effect on the phonetic metadata index located on the Search Grid server.
After completing this process, you must trigger a re-sync from all sync agents to repopulate the
search indices. This applies to MediaCentral Asset Management, MediaCentral Newsroom
Management, and MediaCentral Production Management modules.
c This process deletes the text-based search index on the MediaCentral Cloud UX system for
ALL connected MediaCentral modules. If you use the Avid Asset Logger, this process deletes
all logging data — resulting in an unrecoverable loss of this data.
To reset your search index:

1. The first step in the process requires you to clear the application site data from your web browser
to allow new defaults to be applied.
For additional details, see: https://developers.google.com/web/tools/chrome-devtools/manage-
data/local-storage#clear-storage
a. Press F12, Ctrl+Shift+I on a Windows keyboard, or Option+Command+I on a Mac
keyboard to access the Google Chrome Developer Tools.
b. Click the “Clear site data” button.
c. Next you must complete a “hard reload” of your Chrome browser.
With Google Chrome open as the foreground application, press CTRL+SHIFT+R to reload
the browser.
2. (cluster only) This process includes a script that deletes the local index on the MediaCentral
Cloud UX system. Before you can run this script, you must verify which server hosts the search
database (usually the primary master node).
Enter the following command to verify the node that hosts the search database:
kubectl get po -o wide | grep avid-elasticsearch
The system returns output similar to the following:
avid-elasticsearch-search-0 1/1 Running 0 5m 192.168.10.51 wavd-mcux01
In this case, wavd-mcux01 is the database node.
3. Use a terminal application to log in to your single-server or database host node as the root user.
277
4. Enter the following commands to delete the search index:

avidctl platform devtools search-reset -K
The -K option instructs the command to maintain the Kafka database. In most cases, you are not
required to drop this database as part of the search index reset procedure. For more information,
see “Resetting the Text Metadata Search Index with Kafka” on page 278.
The script asks you to verify that you want to continue:
This command deletes the search databases and indexes.
[WARNING] You lose all search data. Do you want to continue? [y/N]:
Type y (or Y) to run the script or n (N) to exit and press Enter (or Return on a Mac keyboard).
5. After you reset the search index, you must verify that the index services are running normally
before you attempt to reindex the modules.
Use the Kubernetes Dashboard to review the logs for the avid-indexer and avid-search pods.
If you see any Fatal error messages similar to the following, you must delete the avid-indexer and
avid-search pods:
2019-02-26 17:04:11.2222 [FATAL] [Avid.Indexer.MonitorServices.Metadata.
MetadataMonitor] [] Failed to create repository; will retry in 10 seconds
After deleting the pods, wait for at least 60 seconds to allow time for Kubernetes to create new
pods.
6. After the local index has been deleted, you must complete a resync of your search index from
any connected MediaCentral modules. For more information, see the following resources:
- For MediaCentral Production Management, see “Configuring the MediaCentral Search
- For MediaCentral Asset Management, see “Configuring MediaCentral Search for Asset
Management” in the Avid MediaCentral | Asset Management Installation Manual.
- For MediaCentral Newsroom Management, see “Central Indexing” in the Avid
MediaCentral | Newsroom Management Setup and Configuration Guide.
Depending on the size of database on each of the MediaCentral modules, the re-index process
could take a significant amount of time to complete. During this time, the Search app might
return a subset of the available assets (only those assets that have been reindexed). A full results
list is possible only after the rebuild process is complete.
Resetting the Text Metadata Search Index with Kafka
In most cases, you are not required to reset the Kafka data as part of the MediaCentral search index
reset process. This topic is included here only for advanced troubleshooting.
Complete the following process if you need to reset the text-based metadata index and the Kafka
data. In most cases, you should be working with Avid Customer Care if you believe this process is
necessary.
To reset the text-based metadata and Kafka data:

t Refer to the process for “Resetting the Text Metadata Search Index (no Kafka)” on page 277.
When running the avidctl platform devtools search-reset command, do not include the
-K option to skip the Kafka reset.
278
Resetting the Phonetic Metadata Search Index
If you need to clear the phonetic index, you must complete the following process from the Search
Grid server to delete and recreate the phonetic index. This process has no bearing on the text-
metadata. If you delete the phonetic index, the text metadata index remains unaffected.
c This process should be completed only at the request of Avid Customer Care as the recreation
of the phonetic index could take a long time to complete — depending on the number of hours
of audio located on your system.
To reset the phonetic index:

1. Log in to the Search Grid server as the root user.
For more information, see “Logging in to CentOS for the First Time” on page 55.
2. Enter the following command to sign in to the Nexidia Search Grid Management Console:
#
3. At the command prompt (#), enter the following command to delete the phonetic index:
delete-tenant DefaultTenant
The console reports the current tenant information and asks you to confirm the delete request.
Type DELETE to confirm the deletion.
The phonetic index data is deleted.
4. At the command prompt (#), enter the following command to recreate the phonetic index:
create-tenant DefaultTenant
The console reports a new tenant was created.
5. Type exit to close the Management Console.
6. After the phonetic index has been deleted, you must complete a resync of your search index from
any connected MediaCentral modules. For more information, see the following resources:
- For MediaCentral Production Management, see “Configuring the MediaCentral Search
- For MediaCentral Asset Management, see “Configuring MediaCentral Search for Asset
Management” in the Avid MediaCentral | Asset Management Installation Manual.
- For MediaCentral Newsroom Management, see “Central Indexing” in the Avid
MediaCentral | Newsroom Management Setup and Configuration Guide.
Depending on the size of database on each of the MediaCentral modules, the re-index process
could take a significant amount of time to complete. During this time, the Search app might
return a subset of the available assets (only those assets that have been reindexed). A full results
list is possible only after the rebuild process is complete.
279
Deleting a Topic from Kafka

If you use the Search Index Monitor app to remove a search index, the process does not delete the
corresponding Kafka topic. While this is not does not cause a problem for MediaCentral Cloud UX
or the search systems, it does leave stale data on your server that consumes unnecessary disk space.
After you complete the process for “Removing a Search Index” on page 213, you can complete the
following steps to remove the residual Kafka topic and reclaim the disk space.
To delete the unused Kafka topic:

1. Prior to deleting the topic from Kafka, you must remove the associated index from the system.
To complete this process, refer to “Removing a Search Index” on page 213.
Only proceed to the next step after the removal process is complete.
2. Enter the following command into the Linux console on your single server or primary master
node:
avidctl db kafka-topic-list | grep avid.search
This command lists all of the search-related Kafka topics. The following example output shows a
MediaCentral Cloud UX the includes Asset Management, Newsroom Management, and
Production Management modules, as well as other features such as Hoverscrub.
[root@wavd-mcux~]#avidctl db kafka-topic-list | grep avid.search
avid.search.avid--nexis.wavd--srdir1
avid.search.hoverscrub.ea22c5047c0000830ae2fc96483f7d8b62a916377a09
avid.search.inews.WAVD--NEWS
avid.search.interplay--mam.23457WDE--AAAA--0000--BE62--FBE1234D875F
avid.search.draft--sequence.1d6fff2ce12349734d4c55df6f912344b631747
avid.search.interplay--pam.FCCCCDF7--7AA3--466F--B245--5D554329A234
n If you enter this command without the “grep avid.search” option, you might see many more Kafka
search topics with the same system ID. Do not delete these topics.
3. Review the output and identify the name of the Kafka avid.search topic that includes the system
ID of the module that you want to delete.
4. Enter the following command to delete the topic from the system:
avidctl db kafka-topic-delete <topic_name>
For example:
avidctl db kafka-topic-delete avid.search.inews.WAVD--NEWS
Increasing the Elasticsearch Resources

When you first install your MediaCentral Cloud UX system, the deployment scripts define the
maximum amount of RAM and CPU resources that are available to Elasticsearch. While the default
configuration is appropriate for many organizations, sites with a high number of concurrent users or
sites with very large search indexes might want to increase these resources for optimal performance.
When thinking about resource allocation, you should note that the CPU count has an important
impact on your system’s ability to execute concurrent searches, while the amount of memory has a
greater impact on system performance for larger indexes. Depending on your needs, you might want
to increase one or both types of resources.
280
The following processes describe how to monitor your system’s CPU and memory resources and if
necessary, how to allocate additional resources to Elasticsearch. If you determine that you need to
increase the Elasticsearch resources, you are not required to increase the physical resources in your
MediaCentral Cloud UX server (or virtual machine). The Kubernetes system manages the process of
allocating the resources to the search pods automatically.
n The following processes apply to MediaCentral Cloud UX v2020.9.2 and later.
To monitor your system resources:
c It is important that you complete this process during a period of time when the MediaCentral
Cloud UX system is under heavy use. You will be asked to enter commands that monitor CPU
and memory resources. The best time to obtain accurate results is during the system’s peak
usage period.
1. Before you begin, you must first know your Elasticsearch Cluster IP.
a. Sign in to the Kubernetes Dashboard.
b. Use the Search option at the top of the Kubernetes Dashboard to search for “elasticsearch”.
The search provides information on multiple aspects of the resource such as Config Maps,
c. Scroll down to the Services area and note the Cluster IP address that is associated with the
avid-elasticsearch-search service.
d. (optional) Sign out of the Kubernetes Dashboard.

2. Log into the Linux command line as the root user. If you are running a clustered configuration,
Avid recommends that you open one remote session per node and if possible, display them all on
your monitor at the same time.
3. Monitor the CPU usage by entering the following command in the console for each node:
top -c -p $(pgrep -d',' -f bootstrap.Elasticsearch)
After you press Enter (or Return), the console displays a live dashboard of system activity that
includes specific information on the Elasticsearch process.
281
Verify the amount of CPU resources that are allocated to this process. If you have a single CPU
allocated to Elasticsearch, a value of 100% would indicate that the process is using all of that
CPU’s resources. Alternatively if you allocate four CPUs, a value of 400% would also indicate
that your CPU resources are being used to capacity.
When reviewing the results, the important thing to note is the average CPU usage. As you
monitor the dashboard, you might see periods of time where the CPU spikes to its maximum
usage. This is normal and is actually a good thing. You do not want to create a configuration in
which your CPUs are idle. Therefore short bursts of activity are acceptable. What you do not
want to see is a situation where the CPU usage reaches the maximum percentage...and stays
there.
n Later in this section, you will learn how to verify and alter the Elasticsearch CPU allocation. For
now, just monitor and take note of the average activity.
If you are running a clustered configuration, review the CPU percentage values for all nodes. If
all nodes show consistently high performance values, you might want to increase the resources
that are allocated to Elasticsearch.
4. Press CTRL+C on the keyboard to stop monitoring the system resources.
5. Next, you must verify Elasticsearch’s memory usage by entering the following command:
curl -q -XGET 'http://<elasticsearch-cluster-ip>:9200/_nodes/stats/
jvm?pretty=true' 2>/dev/null | grep heap_used_percent
Where <elasticsearch-cluster-ip> is the IP address associated with the avid-elasticsearch-
search service in the Kubernetes Dashboard. If you are running a cluster configuration, you can
run this command once from any cluster node. The following provides an example output of this
command for a three-node MediaCentral Cloud UX cluster:
[root@wavd-mcux01 ~]# curl -q -XGET 'http://10.254.1.33:9200/_nodes/stats/
jvm?pretty=true' 2>/dev/null | grep heap_used_percent
"heap_used_percent" : 37,
Each line represents a node in your cluster. If the values are consistently lower than 75%, your
current Elasticsearch memory allocation is appropriate. If the values are consistently higher than
90% (average for all nodes in a cluster), you might want to increase the memory allocation.
6. If the data that you collected in this process suggests that your Elasticsearch deployment does
not have enough resources, you can continue to the following process to reconfigure the
allocation.
To increase the resources assigned to Elasticsearch:

1. To reduce the number of manual configuration steps, Avid provides a default example file that
you can use with this process. Enter the following command to copy the example configuration
file to its active location (/etc/avid/config/):
cp /opt/avid/examples/config/search-eleasticsearch.yaml /etc/avid/config/
search-eleasticsearch.yaml
vi /etc/avid/config/search-eleasticsearch.yaml
282
3. Configure the memory and cpu values as appropriate for your organization.
As system usage varies for every site, Avid cannot provide you with specific values for this
configuration file. You must use the data that you collected in the previous process to estimate
your resource allocation. However, Avid can suggest that you make changes in small increments.
For example if Elasticsearch is configured to use one CPU, you might not want to immediately
set your limit to a value of eight. Instead, increase the value to two or maybe four. After
completing this process, reevaluate your CPU and memory usage. If your CPU usage is still at its
maximum, repeat this process to increase the value by another small increment.
The following illustration provides an example of a system that is configured for 8 CPUs and
8GB of RAM.
The following values are explained:

- resources > requests > memory: This value represents the starting amount of RAM that
will be allocated to Elasticsearch. You must enter a numerical value, followed by “Gi”
(gigabytes).
You must enter the same value for both the requests > memory and the limits > memory.
- resources > requests > cpu: This value represents the starting amount of CPU cores that
will be allocated to Elasticsearch.
- resources > limits > memory: This value represents the maximum amount of RAM that
could be allocated to Elasticsearch. You must enter a numerical value, followed by “Gi”
(gigabytes).
You must enter the same value for both the requests > memory and the limits > memory.
- resources > limits > cpu: This value represents the maximum amount of CPU cores that
could be allocated to Elasticsearch. You are not required to enter the same values for both
CPU fields.
- config > ES_JAVA_OPTS: The Xms and Xmx values must be enclosed in double-quotes
and must be equal to half of your allocated memory. In this example where “8Gi” is
configured as the allocated RAM, the value is entered as "-Xms4g -Xmx4g".
5. To implement the changes, you must redeploy the configuration using the avidctl platform
redeploy script.
283
Working with MongoDB

MongoDB (Mongo database) is a distributed database where copies or “shards” of the database can
exist on multiple servers for increased efficiency and redundancy. On a single server configuration,
MongoDB still works in a “sharded” configuration where the database consists of a single shard. In a
cluster configuration, MongoDB runs on the three masters nodes and the MongoDB database is
replicated across all three nodes. While other mitigating circumstances might apply, MongoDB can
continue to operate on the remaining two nodes in the event that a single master node is lost. The
configuration of MongoDB is completed automatically during the MediaCentral Cloud UX
installation process.
MongoDB is used by multiple Avid services to store critical system information such as license data,
imported user data, system settings, and more. Due to the nature of this data, administrators might
want to back up the database information in the event of a major system failure. To assist in this
effort, MediaCentral Cloud UX includes a script that can be used to back up and restore MongoDB.
When you complete a backup, the files are saved to the sda volume at: /var/lib/backup/
mongodb/. If you are running a clustered configuration, this volume is replicated across the three
master nodes by GlusterFS. This replication system allows you to perform backups and restores from
any master node.
See the following topics to back up and restore your Mongo database:
• “Reviewing the MongoDB Replica Status” on page 284
• “Reviewing the Database Files” on page 285
• “Backing up the Mongo Database” on page 286
• “Restoring the Mongo Database” on page 287
• “Scheduling Automatic MongoDB Backups” on page 289
The MongoDB script (avidctl db) includes a help feature. If you need assistance with the script,
you can type avidctl db --help for more information.
Reviewing the MongoDB Replica Status

You can use the following process to obtain more information about the status of one or all
MongoDB shards.
To obtain the shard status:

2. Enter one of the following commands.
t To obtain the status of all shards:
avidctl db mongo-replica-status --all
The system displays a list of shards, similar to the following:
|Replica Set |Status |Primary |
|avid-acs-attr-shardsvr0 |healthy |avid-acs-attr-shardsvr0-0 |
|avid-acs-shardsvr0 |healthy |avid-acs-shardsvr0-0 |
|avid-ca-mongodb-shardsvr0 |healthy |avid-ca-mongodb-shardsvr0-0 |
|avid-iam-configsvr0 |healthy |avid-iam-configsvr0-0 |
284
|avid-iam-shardsvr0 |healthy |avid-iam-shardsvr0-0 |

|avid-job-monitor-shardsvr0 |healthy |avid-job-monitor-shardsvr0-0 |
|avid-lms-configsvr0 |healthy |avid-lms-configsvr0-0 |
|avid-lms-shardsvr0 |healthy |avid-lms-shardsvr0-0 |
|avid-mongo-shardsvr0 |healthy |avid-mongo-shardsvr0-0 |
|avid-notification-shardsvr0 |healthy |avid-notification-shardsvr0-0 |
|avid-search-shardsvr0 |healthy |avid-search-shardsvr0-0 |
t To obtain the status of a single cluster resource:
avidctl db mongo-replica-status --name <cluster_name>
Where <cluster_name> is the name of a sharded cluster resource. For example:
[root@wavd-mcux01 ~]# avidctl db mongo-replica-status --name avid-iam
|Replica Set |Status |Primary |
|avid-iam-configsvr0 |healthy |avid-iam-configsvr0-0 |
|avid-iam-shardsvr0 |healthy |avid-iam-shardsvr0-0 |
The Primary column shows the current primary shard.
Reviewing the Database Files

The MediaCentral Cloud UX Mongo database consists of multiple files. The Avid provided script
allows you to back up all files in a single command or to back up individual database files. You can
use the Avid database backup script to list each of the database files.
To list the MongoDB files:

2. Enter the following command to display the Mongo database files:
avidctl db mongo-ls
The system displays a list of databases, similar to the following:
Triggering listing for available database clusters
|Name |Type |
|avid-search |standalone |
|avid-iam |sharded |
|avid-job-monitor |standalone |
|avid-lms |sharded |
|avid-mongo |standalone |
|avid-notification |standalone |
|avid-ca-mongodb |standalone |
|avid-acs |standalone |
|avid-acs-attr |standalone |
If you want to back up a single database file, you must note the name of that file as it will be
required when you complete the process for “Backing up the Mongo Database” on page 286.
285
Backing up the Mongo Database

Complete the following process to back up the Mongo database.
To back up the database:

2. The Avid backup script allows you to back up the entire database or individual database files.
Enter one of the following commands to initiate a backup of the Mongo database.
t If you want to create a backup of all database files, enter the following command:
avidctl db mongo-backup --full --wait
t If you want to create a backup of a single database file, enter the following command:
avidctl db mongo-backup --name <db cluster name> --wait
In this case, the <db cluster name> variable is the name of a Mongo database file. You
can obtain a list of these files through the avidctl db mongo-ls command.
After you press Enter, the script is executed and the system reports that the backup process has
been initiated. For example:
Backup triggered: avid-search-20210907190826 avid-acs-20210907190826 avid-
iam-20210907190826 avid-notification-20210907190826 avid-lms-20210907190826
avid-mongo-20210907190826 avid-ca-mongodb-20210907190826 avid-job-monitor-
20210907190826 avid-acs-attr-20210907190826
If you use the --wait option as directed above, the system performs the backup, reports a status
for each resource, and returns you to the command prompt when the process is complete. Similar
to the following:
Backup avid-iam-20210907190826 finished with status - succeeded
Backup avid-search-20210907190826 finished with status - succeeded
Backup avid-acs-20210907190826 finished with status - succeeded
Backup avid-ca-mongodb-20210907190826 finished with status - succeeded
Backup avid-lms-20210907190826 finished with status - succeeded
Backup avid-mongo-20210907190826 finished with status - succeeded
Backup avid-notification-20210907190826 finished with status - succeeded
Backup avid-acs-attr-20210907190826 finished with status - succeeded
Backup avid-job-monitor-20210907190826 finished with status - succeeded
3. (optional) If you want to check on the status of your backup job, you can enter the following
command to obtain a list of jobs and their status:
avidctl db mongo-tasks
For example:
|Name |Type |Status |
|avid-acs-20210129112612 |backup |succeeded |
|avid-ca-mongodb-20210129112612 |backup |active |
|avid-job-monitor-20210129112612 |restore |failed |
4. (optional) Copy the backup files from /var/lib/backup/mongodb/ to a secure location.
286
Restoring the Mongo Database

Complete the following process to restore a backup copy of the Mongo database.
As this process disconnects services from the Mongo database, Avid recommends that you schedule
a short maintenance window (1 hour) where users are not active on the system before starting this
process.
The mongo-backup-ls command used in the following process provides additional information on
prior backups. You might see one or more of the following Phases associated with each job:
• Succeeded: All components of the task ended without errors
• Active: One or more components of the task are currently running
• Failed: One or more components of the task are failed
If your backup lists a failed status, you can obtain more information about the failed task by typing
the following command: kubectl get jobs | grep <job time stamp>
For log information related to a failed job, type kubectl logs jobs/<name_of_job>, where the
<name of job> value is one of the jobs reported in the get jobs command. For example:
kubectl logs jobs/restore-avid-iam-configsvr0-20181211094854
To restore the database:

2. Before you can restore a MongoDB backup, you must obtain additional information about the
backup files. Enter one of the following commands to obtain details about the backup files.
t To see more information about full backup files, type:
avidctl db mongo-backup-ls --full
After you press Enter, the system displays information about the available backup files,
similar to the following:
|Backup |Created |Phase |
|20181119101308 |2018-11-19T10:13:08Z |succeeded |
The Backup column displays the backup timestamp that you must enter when restoring the
database later in this process.
t To see more information about individual backup files, type:
avidctl db mongo-backup-ls --name <db cluster name>
In this command, <db cluster name> is the name of a backup database file. For example:
avidctl db mongo-backup-ls --name avid-iam-mongodb
After you press Enter, the system displays information about the available backup files,
| Backup |Created |Phase |
|avid-iam-20181119101308 |2018-11-19T10:13:08Z |succeeded |
Take note of the time stamp on the backup file as you will need this information in the next step.
In each of these examples, the time stamp value is 20181119101308.
287
3. The restore process requires you to disconnect services from the database so that systems do not
attempt to make changes to the database in the middle of the restore process. Complete the
following steps to isolate the database.
a. Enter the following command to scale down the services:
kubectl scale deployments -l type=service --replicas=0
b. Enter the following command to monitor the system services:
watch 'kubectl get deployments -l type=service'
The system displays a list of services and their current state, similar to the (abbreviated)
example:
NAME READY UP-TO-DATE AVAILABLE AGE
avid-acs-attributes-core 1/1 1 1 121d
avid-acs-federation-core 1/1 1 1 121d
...
After all of the deployments report a count of zero (0), press CTRL+C to exit the monitor
and continue.
4. Enter one of the following commands to initiate a restore of the Mongo database.
t If you want to restore all database files, type the following:
avidctl db mongo-restore --backup <backup timestamp> --full
Where <backup timestamp> is the time stamp on the backup file.
t If you want to restore a single database file, type the following:
avidctl db mongo-restore --name <db cluster name> --backup <backup
timestamp>
Where <db cluster name> is the name of a backup database file and <backup
timestamp> is the time stamp on the backup file.
After you press Enter, the script is executed and the system reports that the restore process has
been initiated. Be patient as this process can take some time. For example:
Scaling avid-acs-attributes-core to 0
...
Restore triggered: [list of files]
...
Scaling avid-acs-attributes-core to 1
...
Rerun migration job avid-iam-migration-zqy04tu
Waiting for jobs completion
Migration job avid-iam-migration-zqy04tu succeeded
5. Use the following command to verify the status of your restore job:
avidctl db mongo-tasks
For example:
|Name |Type |Status |
|avid-acs-20210129112612 |backup |succeeded |
|avid-ca-mongodb-20210129112612 |backup |active |
|avid-job-monitor-20210129112612 |restore |failed |
288
6. After the restore task is complete, you must enter the following command to scale the services
back up.
a. Enter the following command to scale the services back up:
kubectl scale deployments -l type=service --replicas=1
b. Enter the following command to monitor the system services:
watch 'kubectl get deployments -l type=service'
The system displays a list of services and their current state, similar to the (abbreviated)
example:
NAME READY UP-TO-DATE AVAILABLE AGE
avid-acs-attributes-core 1/1 1 1 121d
avid-acs-federation-core 1/1 1 1 121d
...
After all of the deployments report a count of one (1), continue.
7. (cluster-only) If you are running a cluster, you must scale the deployment across the three master
nodes:
a. Enter the following command to scale the deployment:
avidctl platform scale-ha
b. After reading the on-screen description, enter Y (yes) to scale the services and databases
across your cluster nodes.
function by entering the following command: avidctl platform scale-ha --help
Scheduling Automatic MongoDB Backups

The Avid MongoDB backup/restore script can also be scheduled to create automatic backups of your
database. This section includes processes for scheduling a backup as well as processes to view or
alter your backup job.
To schedule a MongoDB backup:

t Enter the following command:
avidctl db mongo-backup-schedule-create --schedule "<format>" --backups-
keep-count <value>
In this command, the <format> variable must follow that of a Linux cron job. For example:
avidctl db mongo-backup-schedule-create --schedule "0 2 * * *"
This example instructs CentOS to run the job once per day at 2am. The following table provides
additional information on Linux cron values:
Minutes Hour Day of Month Month Day of Week
Variable (0-59) (0-23) (1-31) (1-12 or Jan-Dec) (0-6 or Sun-Sat)
Example command 0 2 * * *
The “*” is a special character that indicates every value in the list (i.e. every hour, every day of
the month, every month, every day of week).
289
Backing Up the PostgreSQL Database
n When creating a scheduled job, you must not create a schedule that would impact system operations.
For example, do not create a job that creates a backup every 30 minutes or every hour as this level of
activity could impact system performance. Avid recommends limiting the backup to once per day or
less (once a week).
The command’s backups-keep-count option allows you to define the maximum number of
backups that you want to retain on your server before the oldest copy is automatically deleted. If
you omit this switch, the system defaults to a maximum of 10 database backups. If you want to
disable the automatic cleanup, you can set the value to zero (0).
After you press Enter, the script reports that the job is created. For example:
CronJob scheduled-mongodb-backup was created with schedule 0 2 * * *
To view your scheduled backup jobs:

avidctl db mongo-backup-schedule
After you press Enter, the script displays information about your backup jobs. For example:
avidctl db mongo-backup-schedule --schedule "0 2 * * *"
|Name |Schedule |Last run|
|scheduled-mongodb-backup |0 2 * * * |<nil> |
To update an existing scheduled backup job:

avidctl db mongo-backup-schedule-update --schedule "<format>"
In this command, the <format> variable must follow that of a Linux cron job.
After you press Enter, the script reports that your backup job has been updated. For example:
CronJob scheduled-mongodb-backup was updated with schedule 0 5 * * *
To delete an existing scheduled backup job:

avidctl db mongo-backup-schedule-delete
After you press Enter, the script reports that your backup job has been deleted:
Scheduled job was deleted successfully!

When you use the avidctl platform deploy script to deploy the Media Services Feature Pack,
the script automatically installs a PostgreSQL database to support the XForm service that is used in
the associated workflows. In the event of a system failure, a server re-image, or another event, a
backup copy of this database can help you avoid losing data related to current tasks and execution
history.
This section includes information on how to backup and restore your PostgreSQL database. If you
are running in a cluster configuration, you can complete the following tasks from any master node.
PostgreSQL cluster synchronizes data to each member automatically. Avid recommends backing up
the database on a weekly or monthly basis. As the restore process stops services related to the Media
Services workflows, Avid recommends that you restore a database during a maintenance window.
290
To back up your PostgreSQL database:

1. Enter the following command to backup the database:
avidctl db postgres backup -n <filename>
<filename> represents the name of the backup file. You can enter any custom name (no spaces
or special characters). The backup file will be appended with a .gz extension.
For example:
[root@wavd-mcux ~]# avidctl db postgres backup -n full
[INFO] Create backup full (/var/lib/backup/postgres/full.gz) - Succeeded
As noted in the output of this command, the backup file is created in the /var/lib/backup/
postgres/ directory.
2. Copy your database to an external location such as a network share or a USB drive to ensure that
you have access to the file if and whenever you might need it.
3. (optional) You can obtain additional information about file names, file locations, and backup/
restore history using the following commands:
t avidctl db postgres backup-list
Displays the name and location of each backup database on your current server.
NAME FILE STATUS
------ ---------------------------------- ---------
full /var/lib/backup/postgres/full.gz Unknown
t avidctl db postgres job-list
NAME STATUS
----------------------- -----------
postgres-backup-full Succeeded
postgres-restore-full Succeeded
To restore your PostgreSQL database:

1. (if necessary) Copy the backup file from your saved external location to the /var/lib/backup/
postgres/ directory on your local server.
2. Enter the following command to restore the database:
avidctl db postgres restore -n <filename>
Where <filename> represents the name of the backup file without the .gz extension. The
following provides an example of this command:
[root@wavd-mcux ~]# avidctl db postgres restore -n full
To prevent access to the database during the restore process, the script scales the related services
down, restores the database, and then scales the services back up again. The procedure should
complete with the following message:
[INFO] Restore backup full (/var/lib/backup/postgres/full.gz) - Succeeded
If the scale-up process fails for any reason, you might see a [ERROR] Unable to scale up
PostgreSQL clients message appear. If this occurs, you can attempt to manually restart the
services by entering the following command:
avidctl platform scale-ha
291
Reconfiguring the Docker Bridge Network
Reconfiguring the Docker Bridge Network

During the initial deployment of your MediaCentral Cloud UX system, the avidctl platform
host-setup script automatically configures the Docker Bridge Network — a group of IP addresses
that the containers use to communicate with each other. Although you cannot define this network
range during the script execution process, you can assign a new range to the Bridge network after the
script completes successfully.
For more information about the Bridge network, see the following link to the Docker website:
https://docs.docker.com/network/bridge/
Since you cannot change the Docker Bridge Network without an interruption of system operations,
Avid highly recommends that you complete this procedure during a maintenance window. Although
you can complete this procedure after your MediaCentral Cloud UX system is fully deployed, Avid
recommends that you reconfigure the network prior to releasing the system for general operations.
To alter the default Docker network range:

1. Put your MediaCentral Cloud UX system into maintenance mode.
For more information, see “Power Cycling and Maintenance Mode” on page 249.
n If you have a clustered configuration, you are not required to put the entire cluster into maintenance
mode. You can complete the following process one node at a time to minimize down-time.
2. Starting with your single-server or primary master node, enter the following command to take
note of your current network configuration:
ifconfig docker0
The system prints the current configuration to the screen. The default configuration should look
docker0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
inet 172.17.0.1 netmask 255.255.0.0 broadcast 172.17.255.255
ether 02:42:61:ee:7a:ef txqueuelen 0 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
3. Open the daemon.json file for editing:
vi /etc/docker/daemon.json
4. Add a line to the file to specify the network range of the Bridge or “bip” network.
Avid recommends that you define a /24 network (equivalent of 254 IP addresses). The following
example shows the default configuration for a single-server MediaCentral Cloud UX system
with the new bridge network value in bold:
{
"bip": "192.168.1.5/24",
"live-restore": true,
"log-driver": "json-file",
"log-opts": {
"compress": "true",
"max-file": "2",
292
Importing Custom Logging Data
"max-size": "200m"
}
}
You must enter the “bip” value as an individual IP address within that range, and not the entire
range. For example, 192.168.0.0/24 would not be an acceptable value, while 192.168.0.1/24
would be acceptable. As long as it does not conflict with another IP, you can use any IP address
in the range.
6. Enter the following command to restart Docker on your current node:
systemctl restart docker
7. From your original node, repeat the command from step 2 and compare your results to ensure
that the inet, netmask, and broadcast values match your selected network. For example:
docker0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
inet 192.168.1.5 netmask 255.255.255.0 broadcast 192.168.1.255
ether 02:42:03:39:bd:4f txqueuelen 0 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
If the docker0 interface still shows the old network / IP address, then reboot the server. Following
the reboot, enter the ifconfig docker0 command again to verify your results. If you still do
not see your expected network information, verify the contents of the daemon.json file or
contact Avid Customer Care for additional assistance.
8. Following successful verification, bring the node or cluster back online.
For more information, see “Power Cycling and Maintenance Mode” on page 249.
9. If you have a cluster configuration, make sure that you repeat this process on each individual
node.

MediaCentral Cloud UX v2019.6 introduced the Log app to enable streamlined logging of live events
through the use of custom templates. If your organization used the Customizable Logger feature in
MediaCentral UX, the following process allows you to export and re-import this custom logging data
into MediaCentral Cloud UX.
This process requires your MediaCentral Cloud UX server to have access to the same systems and
media that were used during the log creation process. These systems include MediaCentral
Production Management (Interplay Production) and / or MediaCentral Asset Management (Interplay
MAM).
The following topics are included in this section:

• “Exporting Custom Logs from MediaCentral UX” on page 294
• “Deploying the Asset Logger Tools” on page 294
• “Importing the Custom Log Files” on page 295
• “Migrating the Custom Log Data” on page 295
• “Removing the Asset Logger Tools” on page 298
293
Exporting Custom Logs from MediaCentral UX

The first step in migrating the custom logging data to MediaCentral Cloud UX is to export the
existing logs from the source MediaCentral UX system. This process assumes that your
MediaCentral UX and MediaCentral Cloud UX servers can communicate through your corporate
network.
To export custom log data from MediaCentral UX:

1. Log into the MediaCentral UX server (at the Linux prompt) as the root user.
If you are working in a cluster configuration, you must export the logs from the current master
node. For more information on determining the master node, see “Identifying the Master, Slave
and Load-Balancing Nodes” in the Avid MediaCentral Platform Services Installation and
Configuration Guide.
2. Navigate to the /tmp directory on the server:
cd /tmp
3. Enter the following command to export the custom log files from the Mongo database:
mongodump -d customizable-logging --gzip
This process creates a new dumps folder in the current directory.
4. When the export process is complete, compress the dumps folder for delivery to the Cloud UX
server:
tar -cvf dump.tar dump
A new dump.tar file is created in the /tmp directory.
5. Copy the file to the MediaCentral Cloud UX single-server or primary master node:
scp dump.tar root@<hostname>:/tmp
Where <hostname> is the host name or IP address of your MediaCentral Cloud UX server.
After you enter this command, you might be presented with the following message:
The authenticity of host '[hostname (IP address)]' can't be established.
RSA key fingerprint is [fingerprint alphanumerical id].
Are you sure you want to continue connecting (yes/no)?
If you see this message, enter yes and enter the MediaCentral Cloud UX root user password
when prompted.
This process copies the dump.tar file created in the previous step from the /tmp directory on the
MediaCentral UX server to the /tmp directory on the MediaCentral Cloud UX server.
Deploying the Asset Logger Tools

Before you can import the MediaCentral UX custom log files into MediaCentral Cloud UX, you
must install some additional tools that are used to assist with the import process. You must complete
the following process on the Cloud UX server to install these tools.
function by entering the following command: avidctl extra asset-logger --help
294
To deploy the log import tools:

1. Enter the following command on your single server or primary master node to install the log
import tools:
avidctl extra asset-logger tools-deploy
2. Enter the following command to enable additional tools required for this process:
avidctl platform devtools enable
3. Before you can continue to the next step, you must first verify that the mongo-asset-logger-
migration pod has started in Kubernetes. Enter the following command to see a list of pods:
kubectl get pods
Repeat this command as necessary. After the mongo-asset-logger-migration-<value> pod
is listed as Running, continue to the next step.
Importing the Custom Log Files

After you have exported the logs from MediaCentral UX and you have installed the required tools on
your MediaCentral Cloud UX server, you can use the following process to import the custom log
files. During the import, you can use the Process app to monitor the status of the import job. For more
information, see “Working with the Process App” in the Avid MediaCentral | Cloud UX User’s
Guide.
To import the log files into MediaCentral Cloud UX

1. Navigate to the /tmp directory on your MediaCentral Cloud UX single server or primary master
node:
cd /tmp
2. Enter the following commands to prepare the Mongo database for the log import process:
a. export MONGOPOD=`kubectl get po -l app=mongo-asset-logger-migration |
tail -n 1 | cut -d' ' -f1`
b. kubectl cp /tmp/dump.tar $MONGOPOD:/tmp
c. kubectl exec -it $MONGOPOD /bin/bash
3. Uncompress or “untar” the dump.tar file:
tar xvf dump.tar
The file is uncompressed and the original dumps folder is created in the /tmp directory.
4. Finally, import the logs into the Mongo database:
mongorestore dump --gzip
The process reports progress and results on-screen. Review the text output to verify that the
process was successful.
Migrating the Custom Log Data

In the previous steps, you copied the logs to the MediaCentral Cloud UX server and imported the
logs to a temporary Mongo database. In the following process you migrate the data from the Mongo
database to a permanent database.
295
To migrate the log data:

1. Use local workstation to open a web browser and access the following page:
http://<hostname>:30800/acs.html
Where <hostname> is the host name or IP address of your MediaCentral Cloud UX single-
server or primary master node.
The Avid ACS Monitor page appears as shown in the following illustration.
n If you are having trouble connecting to the page, make sure that your address specifies http and not
https. If you do not see the list of attributes on the left side of the page, refresh the browser page.
2. Enter avid.asset.logger.tools in the search text box at the top of the page and click Apply.
The list of attributes is filtered to display only the services that match your search criteria.
3. Expand the configuration service options by clicking the Service Operations List icon in the
upper-left corner of the configuration service field.
4. In the Service Operations section, click the link for “migration procedure start”.
The following text appears in the Query panel to the right:
296
If you do not see the Query panel, your browser window might be too small. You can reveal the
panel by either widening the size of your browser window or clicking the Request/Response
button.
5. Replace the <username> and <password> variables in the Query panel with the name and
password of a user that is included in the MediaCentral Cloud UX Admins group.
When replacing the values, do not include the brackets inside the quotes.
6. Click the Query button to start the migration process.
After you click Query, the panel with additional information, include an ID that you can use to
track the progress of the migration.
Make note of this ID by copy and pasting it into a temporary text file on your local workstation.
7. Check the status of the migration.
a. Click on the “get status for particular migration by ID” link in the panel on the left.
b. Replace the value associated with the “migrationId” field with the ID that you made note of
in the previous step.
c. Click the Query button.
As shown in the following illustration, the status line might report a value of RUNNING or
SUCCESSFUL. You can repeat this query to obtain status updates as the process runs.
8. Finally, check the status of the overall migration and verify that there are no Undone events.
a. Click on the “request executions and events migrations report” link in the panel on the left
and then click the Query button in the panel on the right.
The panel updates with additional information, including an overall migration status.
297
b. If you see any Undone events, re-run the “migration procedure start” job with the
“retryFailed” parameter set to true.
Removing the Asset Logger Tools

After you have imported the custom logs from MediaCentral UX and verified the logging through the
MediaCentral Cloud UX user interface, Avid recommends that you uninstall the temporary tools that
you used to import the logs. This frees the system resources used by the tools such as memory and
disk space.
function by entering the following command: avidctl extra asset-logger --help
To remove the log import tools and temporary files:

1. Enter the following command on your single server or primary master node to remove the log
import tools:
avidctl extra asset-logger tools-remove
2. At this point, you can delete the temporary log files copied from the MediaCentral UX system:
a. Remove the temporary dump.tar file:
rm /tmp/dump.tar
b. Remove the temporary dumps directory
rm -rf /tmp/dumps
3. Enter the following command to disable the tools used in this process:
avidctl platform devtools disable
298
Card Placement in MCUX Servers
Card Placement in MCUX Servers

Some installations might require the addition of an add-in PCIe card such as a Myricom 10GigE
adapter which enables 10Gb network connection to the server. If your server requires additional
hardware, review the following sections for card placement information.
n The Myricom card ships with both a half-height and full-height bracket. Depending on which slot is
used, you might need to replace the bracket when adding the card to the server.
Dell® PowerEdge R630, and R640

The Dell PowerEdge R630 includes 3 PCIe half-height slots. The Myricom 10GigE card can be
added to any of the available slots. For consistency, Avid recommends using the top-left slot
The Dell PowerEdge R640 includes 1-3 PCIe slots. The Myricom 10GigE card can be added to any
of the available slots. For consistency, Avid recommends using the top-left slot
HP® ProLiant DL360 Gen9 and Gen10

The HP ProLiant DL360 Gen9 and Gen10 servers are equipped with one full height PCIe slot and
two half-height slots. The Myricom 10GigE card can be added to any of the available slots. For
consistency, Avid recommends using the top-left slot
299
B BIOS and RAID for Legacy Systems
Chapter Overview
The purpose of this appendix is to prepare the server hardware for the installation of CentOS and

• Changing BIOS Settings (Legacy)
• Configuring the Onboard RAID (Legacy)
• Working with the Dell R630 RAID Controller
Changing BIOS Settings (Legacy)

This section provides information on the BIOS settings for the following Avid qualified servers:
• “Configuring the BIOS on the HP ProLiant DL360 Gen9” on page 300
• “Configuring the BIOS on the Dell PowerEdge R630” on page 304
Servers are frequently shipped with BIOS settings configured for a power-saving mode.
MediaCentral Cloud UX makes intensive use of the server’s CPUs and memory, especially when
under heavy load. You must configure the server’s BIOS to operate at maximum performance to
ensure operational efficiency.
To ensure the smooth installation of CentOS and MediaCentral Cloud UX, you must set the system
clock within the BIOS. When configuring a cluster, maintaining time synchronization between the
nodes is particularly important.
Configuring the BIOS on the HP ProLiant DL360 Gen9

To configure the BIOS on the HP Gen9 server:
2. When the console displays the option to enter the “System Utilities” menu, press F9.
The BIOS responds by highlighting the F9 icon at the bottom of the screen.
3. Select the System Configuration menu item and press Enter.
4. Select the BIOS/Platform Configuration (RBSU) menu item and press Enter.
5. Select the Boot Options menu item and press Enter.

6. Select the Boot Mode menu item and press Enter.
You may see a warning message (shown below) indicating that Boot Mode changes will require
a reboot. Press Enter to acknowledge this message.
301
7. A smaller selection box will appear. Select the Legacy BIOS Mode menu item and press Enter.
8. Press ESC to navigate back to the BIOS/Platform Configuration (RBSU) screen.

9. Select the Power Management menu item and press Enter.
10. Press Enter to select HP Power Profile.
302
11. A smaller selection box will appear. Select Maximum Performance and press Enter.
13. Select the Date and Time menu item and press Enter.
14. Set the date (mm-dd-yyyy) and time (hh:mm:ss).

303
16. Depending on the options selected at time of purchase, Gen9 HP can be equipped with a 1 GB
flash memory partition embedded on the motherboard. During the USB installation, this
partition presents itself as an additional internal HD which causes the process to fail. Disable the
Embedded User Partition to avoid problems during the installation.
a. Select System Options from the BIOS/Platform Configuration (RBSU) screen.
b. Select the USB Options menu item and press Enter.
c. Select the Embedded User Partition menu item and press Enter.
d. Verify that the option is configured for Disabled (default).
17. Press F10 to save.
18. Press ESC to navigate back to the System Configuration screen.
If prompted, select “Y” to save changes and exit.
19. Press ESC to navigate back to the System Utilities screen.
20. Select Reboot the System and press Enter.

The server reboots with new options.
Configuring the BIOS on the Dell PowerEdge R630

This process includes steps to verify the server’s boot order. If you plan on installing MediaCentral
Cloud UX from a USB drive, verify that the drive is connected to the server prior to beginning this
process.
To configure the BIOS on the Dell PowerEdge server:

1. (if applicable) Connect your Cloud UX ISO media to one of the Dell’s USB ports.
3. Press F2 to enter the BIOS (System Setup).
4. In the System Setup menu, select the System BIOS option.
304
5. In the System BIOS menu, select the System Profile Settings option.
6. In the System Profile Settings window, select the Performance profile from the menu.
n There are three “Performance” profiles. Once of them specifically says “Performance” and not
“Performance Per Watt.”
7. Click the Back button in the bottom-right corner of the window to return to the System BIOS
menu.
305
8. In the System BIOS menu, select the Boot Settings option.
9. In the Boot Settings window, verify that the server is configured for the BIOS Boot Mode and
not the UEFI option. BIOS Boot Mode is the default on Dell 630 servers.
If you change the BIOS Boot Mode, you must reboot the server at this time to apply the changes.
Reboot the server and press F2 when prompted to return to the System BIOS menus. After you
have entered the BIOS, return to the Boot Settings menu.
n You might notice that the BIOS boot screen looks different after changing the BIOS Boot Mode. This
is normal.
10. In the Boot Settings window, click the BIOS Boot Settings option.
11. In the BIOS Boot Settings window, click the Hard-Disk Drive Sequence option.
12. In the Change Order window, use the + or – keys to move the USB boot drive to the top of the list
and click OK. This allows your server to boot from a USB drive if needed.
13. Click the OK button to accept the changes and then click the Back button until you return to the
System BIOS Settings page.
14. In the System BIOS menu, select the Miscellaneous Settings option.
306
Configuring the Onboard RAID (Legacy)
15. In the Miscellaneous Settings window, change the System Time and System Date by
highlighting the appropriate field and pressing Enter.
A new window appears with menu options to adjust the time or date.
16. Adjust the time and date and click OK when done.
17. Click Back and Finish to return to the main System Setup screen.
n When ordering a Dell server, an ”Internal SD Card Port” is an optional component. This device will
appear to Linux as a media device and it will automatically be assigned a device name. This can
interfere with the CentOS / MCUX deployment. If you have an “Internal SD Card Port”, temporarily
disable it in the BIOS: System BIOS > Integrated Devices > Internal SD Card Port > Off. The device
can be re-enabled once you have completed the MediaCentral Cloud UX installation.

This section provides information on the RAID configuration for the following Avid qualified
servers:
• “HP ProLiant DL360 Gen9 RAID Configuration” on page 308
• “Dell PowerEdge R630 RAID Configuration” on page 311
The majority of MediaCentral Cloud UX deployments are configured with two volumes:
• A RAID 1 volume consisting of a mirrored set of two physical drives. This is where the
operating system and applications are installed.
• A RAID 5 volume consisting of three or more physical drives (usually 5 to 8 drives). These
drives are used as a media cache volume.
While other configuration options are possible, this guide focuses on the RAID 1 and RAID 5 sets
described above. For additional configuration options, see the Avid MediaCentral | Cloud UX
Hardware Guide.
307
HP ProLiant DL360 Gen9 RAID Configuration

This document provides instructions for creating a media cache volume as a RAID 5 using multiple
disks in the server enclosure. The examples used in this process show two 500GB drives that are
used to create the RAID 1 and eight 450GB drives that are used to create the RAID 5. However, other
configurations are possible.
n If the list of available disks does not appear as expected, it may be that a RAID has already been
created. You can delete the existing RAID if necessary. Note that deleting a RAID destroys all the
data located on the drives.
c The RAID configuration process immediately transitions into the CentOS / MCUX installation.
It is recommended that you add your Cloud UX ISO media to the server at this time.

1. Reboot the server and press F10 to select Intelligent Provisioning.
2. Select Perform Maintenance.
3. In the following window, select the option for the HP Smart Storage Administrator (SSA).
4. At the “Welcome to HP Smart Storage Administrator” screen, select the Smart Array P840
controller by clicking on the link in the menu on the left side of the window.
5. Select Create Array under “Actions”.

6. Select both 500GB Drives then select Create Array.
308
7. Verify the following are selected: RAID 1, 256 KiB / 256 KiB Stripe Size, 32 Sectors, Maximum

n Do not press the Escape key to exit, since this reboots the server.
309

1. This process assumes you are continuing from the RAID 1 creation process.
Select Create Array under “Actions”.
2. Select all eight 450GB Drives then select Create Array.
3. Verify the following are selected: RAID 5, 256 KiB / 1.7 MiB Stripe Size, 32 Sectors, Maximum

6. Click the “X” (top right) to exit. Confirm the exit by clicking “OK” when prompted.
7. Click the “Power” button (top right) to exit. Select “Reboot” when prompted.
310
Dell PowerEdge R630 RAID Configuration

Dell servers often ship with preconfigured RAID 1 and RAID 5 arrays. In this step you verify the
RAID configuration through the BIOS. Later you will use CentOS to ensure the RAID arrays are
cleared of existing data.
MediaCentral Cloud UX installations configure two drives in the server as a RAID Level 1 – a
mirrored RAID – where the operating system and applications are installed.
If applicable, you must configure the remaining drives in the server enclosure as a RAID Level 5.
When drives are configured in a RAID 5, data is automatically distributed across all the disks in the
RAID for increased performance and redundancy.
n This document provides instructions for creating a media cache volume as a RAID 5 using multiple
disks in the server enclosure. However, other configurations are possible, including two drives in a
RAID 1 configuration, or a single drive.
To verify the PowerEdge Dell 630 RAID Configuration:

1. (if necessary) Reboot the server and press F2 to enter the BIOS.
2. From the main System Setup screen, select Device Settings.
3. From the Device Settings menu, select Integrated RAID Controller Configuration Utility.
4. From the Configuration Options menu, select Virtual Disk Management.

5. From the Virtual Disk Management menu, select View Disk Properties.
This window lists the configured RAID Groups on the server. You should see both a RAID 1 set
and a RAID 5 set.
311
n If the preconfigured RAID arrays do not exist, see “Working with the Dell R630 RAID Controller” on
page 313 for information on creating the RAID.
6. From the Configuration Options menu, select Controller Management.

7. From the Controller Management menu, select Change Controller Properties.
312
Working with the Dell R630 RAID Controller
8. Ensure the Set Bootable Device pull-down menu is configured for the RAID 1 volume.
9. Return to the main System Setup screen.

10. Click Finish to reboot the system.

This section provides information for working with the Dell R630 RAID controller. The installation
process assumes that the server shipped with preconfigured RAID 1 and RAID 5 arrays. If that is not
the case, this information can be used to create the RAID sets.
Creating the RAIDs

To create the RAID1 and RAID5 arrays:
1. Enter the Dell RAID BIOS Utility.
For more information, see “Dell PowerEdge R630 RAID Configuration” on page 311.
2. From the Virtual Disk Management menu, select Create Virtual Disk.
If you just deleted the disk, this item is grayed-out. Go up one level in the menu system, and then
return to the Virtual Disk Management page.
3. From the Create Virtual Disk page select Select Physical Disks.
4. Put check marks in the appropriate Physical Disk boxes.
t For the RAID 1 (system disk) this should be 00:01:00 and 00:01:01
t For the RAID 5 (optional cache disk) this should be 00:01:02 through 00:01:07.
5. Select Apply Changes.
A confirmation screen indicates success.
313
6. From the Create Virtual Disk Page, select Create Virtual Disk.
You may need to scroll down the page to see the link.
7. From the Warning page, confirm you selection and select Yes.
A confirmation screen indicates success.
8. Return to the Virtual Disk Management page and select View Disk Group Properties to view
your changes.
You should see a Virtual Disk 0 (the RAID 1) and a Virtual Disk 1 (the RAID 5).
9. Return to the Integrated RAID Controller Configuration Utility page.
10. From the Integrated RAID Controller Configuration Utility menu choose Controller
Management.
11. From the Controller Management menu choose Change Controller Properties.
12. Verify that the Virtual Disk 0 (the RAID 1) is selected in Set Bootable Device.
If not, select it and apply your changes. Once you install CentOS and MCUX, you want the
server to boot from the RAID 1.
13. Exit the RAID configuration utility and return to the System Setup menu.
Deleting the RAIDs

If necessary, it is possible to delete the RAID sets from within the RAID controller.
To delete the RAID1 or RAID5 arrays:

1. From the Virtual Disk Management menu select Select Virtual Disk Operations.
2. Select the virtual disk of interest (the RAID 1 or RAID 5) from the drop-down menu.
3. Select Delete Virtual Disk.
4. Confirm your action.
The menu indicates the success of the operation.
314
C Importing SSL Certificates
During the MediaCentral Cloud UX installation and configuration process, you have the option of
either creating a self-signed certificate or importing a certificate from a Certificate Authority (CA).
Current web browsers do not automatically accept self-signed certificates or certificates created by an
internal CA. When a user attempts to access MediaCentral Cloud UX, the browser might alert the
user that the connection cannot be validated as shown in the following example illustration.
If you want to use a self-signed certificate or a certificate created by an internal CA, you can refer to
the following processes to import the certificate into the client’s local workstation or mobile device:
• “Importing Certificates on Local Workstations” on page 316
• “Importing Certificates on iOS Devices” on page 324
Alternatively, you might be able to distribute the certificate to multiple clients simultaneously
through Windows Group Policy. For more information, see https://docs.microsoft.com/en-us/
windows-server/identity/ad-fs/deployment/distribute-certificates-to-client-computers-by-using-
group-policy.
If you still receive a connection warning in your browser after importing a certificate to the client
workstation, your certificate might not have been created correctly. In this case, you can refer to the
processes for “Verifying the SSL Certificate” on page 323.
Importing Certificates on Local Workstations
Similar to a web browser, iOS devices that connect to the MediaCentral Platform through the
MediaCentral Cloud UX mobile app also require a valid certificate. If not installed, you could
encounter issues playing media assets or even signing into the app.
The following table provides an overview of the different types of certificate files and guidelines on
where they can be used.
Supported Web Can include short What needs to be

Certificate Type for iOS Browser names and IPs imported on the client
Self-Signed No Yes Yes Self-Signed Certificate
Private / Internal CA Signed Yes Yes Yes (if allowed) Root CA Certificate
Public / External CA Signed Yes Yes No Nothing. Public certificates

are trusted automatically
If you need to alter your existing certificate files, refer to the process for “Redeploying Certificates”
on page 76.

The following processes are required if you are using a self-signed certificate. If you are using a
certificate signed by an internal CA, the following processes might or might not be required. Some IT
departments might distribute the certificate to connected browsers and mobile devices automatically
— eliminating the need to manually import the certificate. Check with your local IT department for
more information on certificate policies.
The section references the Google Chrome browser to assist in the certificate import process.
n Chrome menus, operating system menus, and related applications are subject to change. As a result,
the following processes might not reflect the options available in the latest Chrome browser or your
operating system. For the latest information on importing a certificate, see the documentation for
your operating system.
This section is divided into the following two processes:

• “Configuring Windows” on page 317
• “Configuring macOS” on page 321
316
Configuring Windows
Trusting a certificate in Google Chrome is a two-step process. First, you export the certificate from a
web browser. Second, you must import the certificate to the Trusted Root Certification Authorities
store. Both of these procedures are performed through Chrome menus.
To export a certificate from your browser:

1. Launch Google Chrome and enter the URL of the MediaCentral server in the address bar.
https://<FQDN>, where <FQDN> is the Fully Qualified Domain Name of the server.
n If you are exporting a certificate as part of “Deploying the Kubernetes Dashboard” on page 109, you
must enter the Kubernetes Dashboard and port number into the address bar. Since MediaCentral
Cloud UX is not yet deployed, you cannot enter the Cloud UX FQDN at this time. After you import
this certificate to your local browser, the certificate is valid for both the Kubernetes Dashboard and
2. Click on icon on the far-left of the browser address bar.

As shown in this illustration, the icon shows a “Not secure” status. When you click on the icon,
information about the connection appears in a new window.
3. Click on the Certificate link to obtain more information.

4. Use one of the following processes to access the certificate details window.
If you are using a self-signed certificate:
- Click the Details tab.
If you are using an internal CA signed certificate:
a. Click the Certificate Path tab.
b. Highlight the root certificate and click the View Certificate button.
As shown in the following illustration, the root certificate is listed at the top of the tree.
317
c. Click the Details tab.

5. Click the “Copy to File…” button in the Details window.
This starts the Certificate Export wizard.
Use the default options in the wizard to export the certificate from the browser, saving it to a
convenient temporary location, such as the local desktop.
Once you have exported the certificate, you must add it to the Trusted Root Certification
Authorities store, as described in the following process.
318
To add the certificate to the trusted certificates store:

1. If you are recreating a MediaCentral certificate or if you are uncertain if a certificate has been
created and imported in the past, it is good practice to verify that an existing certificate with the
same name does not already exist. Multiple certificates with the same name might cause
problems with certificate verification. Note: This process might vary, depending on your version
of Windows. If necessary, see the Microsoft Windows documentation for additional information.
a. Open the Windows Internet Properties Control Panel.
b. Select the Content tab and click the Certificates button.
c. In the Certificates window, click on the “Trusted Root Certification Authorities” tab.
The list of trusted certificates is listed alphabetically.
d. Search for the host name of your MediaCentral server in the list of certificates.
e. If you find a certificate that matches your hostname, highlight the certificate and click the
Remove button.
Click Yes to the two warnings about removing a certificate and close the control panel.
2. Double-click on the certificate file that you created during the export process.
A new Certification Information window appears.
3. Click the Install Certificate button to open the Certificate Import Wizard.
4. Click Next on the Import Wizard’s Welcome page.
5. In the File to Import dialog, click the Browse button to locate your certificate.
6. Select the certificate file that you exported in the previous procedure and click Open.
7. Click Next to proceed to the next window.
8. Click the Browse button in the Certificate Store window.
319
9. Browse to the “Trusted Root Certification Authorities” store and click OK to select the store.
10. Click Next to proceed to the next window.

11. The Certificate Import Wizard displays the information you have specified. Click Finish to
import the certificate to the browser.
12. A final security warning dialog appears, asking you to confirm installation of the certificate.
Click the Yes button to confirm the import of the certificate.
Successful import will result in the following window. Click OK to complete the process.
13. Restart Chrome and enter the FQDN of the MediaCentral server in the address bar.
The browser should connect to MediaCentral Cloud UX without issuing a certificate warning.
320
Configuring macOS
Use the following process to save and import a certificate into your macOS workstation.
To add a certificate to the Keychain Access utility:

1. If you are recreating a MediaCentral Cloud UX certificate or if you are uncertain if a certificate
has been created and imported in the past, it is good practice to verify that an existing certificate
with the same name does not already exist. Multiple certificates with the same name might cause
problems with certificate verification.
a. Use the Finder’s Go menu to access the Utilities folder.
b. Double-click the Keychain Access utility to view the certificates.
c. Select the “login” option from the list of keychains in the pane on the left.
d. Search for the hostname of your MediaCentral Cloud UX server in the list of certificates.
e. If you find a certificate that matches your hostname, highlight the certificate and select
Delete from the Edit menu.
When prompted, click the Delete button on the screen to confirm the action.
f. Finally, enter your Administrator password to complete the removal process.
2. Launch Google Chrome and enter the URL of the MediaCentral Cloud UX server in the address
bar: https://<FQDN>
Where <FQDN> is the Fully Qualified Domain Name of the server or cluster.
n If you are exporting a certificate as part of “Deploying the Kubernetes Dashboard” on page 109, you
must enter the Kubernetes Dashboard and port number into the address bar. Since MediaCentral
Cloud UX is not yet deployed, you cannot enter the Cloud UX FQDN at this time. After you import
this certificate to your local browser, the certificate is valid for both the Kubernetes Dashboard and
3. Click the warning (Not Secure) icon to the left of the URL in the browser’s address bar.
A drop-down menu with a list of options appears.
4. Click on the Certificate (invalid) link in the menu.
A new window appears that shows more information about the certificate.
5. Click on the certificate icon and drag it to the desktop as shown in the following illustration.
6. Click the OK button to close the certificate window.

7. Double-click on the certificate on your desktop.
The Keychain Access utility opens and prompts you with an Add Certificates window.
321
8. Click the Add button in the Add Certificates window.

The window includes an option to specify a Keychain. You can leave this setting at the default
selection for “login”.
9. Double-click on the certificate in the Keychain Access utility to see more details.
If you are do not know where to find the certificate, you can use the application’s built-in search
capabilities to help locate it. The name of the certificate matches the name that you saw during
the Chrome export process.
10. In the certificate details window, select “Always Trust” from the “When using this certificate”
menu.
This updates all the other trust categories to reflect the Always Trust selection.
11. Close the details window to save your changes.
A Certificate Trust Settings window appears.
12. Enter your Administrator password and click the Update Settings button.
13. Refresh your browser to update your connection the MediaCentral Cloud UX server.
As shown in the following illustration, the warning symbol should be replaced with a lock icon
in the address bar and you should be able to continue to the MediaCentral Cloud UX sign-in
page with no further security warnings.
322
Verifying the SSL Certificate
Verifying the SSL Certificate

After you install the certificate in your local browser, you can use the following process to verify the
contents of the certificate. This process uses Google Chrome on Microsoft Windows as an example.
You might need to follow alternative steps based on your browser, version of Chrome, or operating
system.
n Some browsers might cache certificate information. If you do not see a valid certificate, you might
need to clear your browser’s cache and reconnect to MediaCentral Cloud UX.
To verify the certificate files:

1. Click on the Site Information button and click the Certificate link to show more information
about the certificate.
2. Click the Details tab to display additional information about the certificate.
The following example illustration shows a certificate for a three node cluster.
323
Importing Certificates on iOS Devices
3. (if applicable) Verify that the certificate includes all of the subject alternative names that you
entered when creating the certificate.

Avid recommends using a certificate obtained through an external/public Certificate Authority when
working with the MediaCentral Cloud UX mobile app. If you are unable to obtain this type of
certificate, you must use an internal CA signed certificate that includes the FQDN of your
MediaCentral Cloud UX server. If you are running a clustered configuration, the certificate must
include the FQDN of the virtual cluster and each individual node. Additional Subject Alternative
Names such as the short name and IP address are recommended, but not required.
If you are using a certificate from an external / public certificate authority, your mobile device
accepts this certificate automatically and this process is not required. If you created an internal CA
certificate and your local IT department does not distribute certificates automatically, you must
complete the following process to import the certificate into the mobile device.
To import a certificate on iOS:

1. Follow the process to export the certificate through Google Chrome.
For more information, see “Configuring Windows” on page 317.
2. Attach the exported certificate to an e-mail and send the e-mail to an account that can be
accessed on the iOS device.
3. Open the e-mail on the mobile device and click on the certificate attached to the e-mail.
You should be prompted with an Install Profile window showing the name of the certificate.
324
4. Click Install in the upper-right corner of this window to begin the certificate installation process.
5. When prompted enter your device’s passcode.
6. As you are installing a self-signed or internal CA certificate, a message indicating that: “The
authenticity of “<server-name>” cannot be verified.” is presented.
After accepting this warning message, a second Install Profile window appears:
7. Click the Install button to install the certificate.

A third window appears indicating that the certificate has been installed.
8. Click Done to close the window.
9. After you install the certificate you must confirm that it is a trusted certificate on your iOS
device.
a. On your iOS mobile device, open Settings > General > About, and tap on the Certificate
Trust Settings option at the bottom of this window.
The Certificate Trust Settings screen appears as in the following example illustration.
b. Tap the toggle to enable the MediaCentral Cloud UX certificate.

A Root Certificate window appears over the Certificate Trust Settings screen.
c. Tap Continue to trust the certificate.

10. (optional) If desired, you can view the certificate on the mobile device by selecting Settings >
General > Profiles. The FQDN of your MediaCentral server should appear under the list of
Configuration Profiles.
325
D System Administration
Chapter Overview
The purpose of this appendix is to detail processes that can be used to manage your existing
MediaCentral Cloud UX environment.
Unless otherwise noted, all procedures in this chapter are disruptive to the users and must be
completed during a maintenance period in which the system is not in active use.

• Upgrading a Single Server to a Cluster
• Adding a Node to an Existing Cluster
• Removing Worker Nodes from a Cluster
• Altering the NTP Server Configuration
Upgrading a Single Server to a Cluster

If you have already deployed your MediaCentral Cloud UX system as a single-server installation,
you can complete the following steps to expand your environment into a cluster configuration.
Clusters provide high-availability of many systems services which can increase the “up-time” of your
system. Clusters also enable support for additional users and playback streams. For more
information, see “MediaCentral Cloud UX Clustering” on page 267.
The process of expanding to a cluster does not alter the options configured through the MediaCentral
Cloud UX Administrator apps, nor does it affect your product license.
When expanding to a cluster, your former single server will become the cluster’s primary master node.
To convert from a single server to a cluster:

1. Complete the steps listed in the “Special Notes on Cluster Configurations” on page 41 on all new
cluster nodes to complete the installation and configuration of the operating system and the core
Avid software packages.
2. Run the MediaCentral Cloud UX setup script on your primary master node, making sure to
update your cluster configuration with the new node count.
For details see, “Running the Cloud UX Setup Script” on page 62.
3. Enter the following command to update the issuer value of your site key:
avidctl platform config site-key --issuer https://<fqdn>
Where <fqdn> is the virtual FQDN of your cluster.
For more information see, “Creating a Site Key” on page 67.
Upgrading a Single Server to a Cluster
4. Update your MediaCentral Cloud UX certificate on your primary master node with the
information on your new node or nodes.
For details see, “Creating Certificate Files” on page 69.
5. Enter the following command on your primary master node to redeploy the SSL Certificate:
For details see, “Deploying the Secure Sockets Layer Certificates” on page 76.
6. If you have Phonetic Index, run the avidctl platform config phonetic script on your
primary master node and specify the FQDN of your MediaCentral Cloud UX cluster.
For details see, “Configuring MediaCentral Phonetic Index” on page 95.
7. Enter the following command on your primary master node to deploy the feature pack data to
your new node or nodes:
This script deploys all feature packs that are installed on the existing cluster nodes to the new
node or nodes. This includes the original feature pack deployment and any patches that might
have been installed on top of the original installation. For more information about the redeploy
command, see “Altering the Configuration” on page 61.
8. Review the configuration settings for all connected MediaCentral modules and systems that
might use the IP address or FQDN of your MediaCentral Cloud UX system. You must make sure
to update those settings with the virtual IP address or FQDN of your new MediaCentral Cloud
UX cluster.
9. If you are configured in a multi-site environment, you must update the site key information for
each remote site. Complete the following steps on each remote site:
a. Enter the following command to remove your old single-server configuration from the sites
file:
avidctl platform config sites remove https://<single-server-fqdn>
b. Enter the following command to add your new cluster to the file:
avidctl platform config sites add https://<cluster-fqdn>
c. Verify that the site file is up to date:
avidctl platform config sites list
Your old single-server entry should be removed and your new remote system should be
listed.
d. Redeploy the configuration to enable the changes:
e. Repeat these steps for each remote site.
For additional details see, “Updating the Key Files in a Multi-Site Environment” on page 68.
10. If you are using a self-signed or internal CA issued certificate, you must import the updated
certificate into all workstations that connect to MediaCentral Cloud UX.
For details see, “Importing SSL Certificates” on page 315.
11. If you have client workstations that connect to the MediaCentral Cloud UX server and you have
saved a favorite in your web browser, you must update the favorite to point to the FQDN of the
MediaCentral Cloud UX cluster and not to an individual cluster node.
327
Adding a Node to an Existing Cluster
Adding a Node to an Existing Cluster

If your MediaCentral Cloud UX system is deployed as a cluster configuration and you wish to add
worker nodes to support additional users or playback streams, you can complete the following steps
to add one or more nodes to your existing cluster.
To add a node to your cluster:

1. Complete the steps listed in the “Special Notes on Cluster Configurations” on page 41 to
complete the initial installation of the worker node.
2. Run the MediaCentral Cloud UX setup script on your primary master node, making sure to
update your cluster configuration with the new node count.
For details see, “Running the Cloud UX Setup Script” on page 62.
3. Update your MediaCentral Cloud UX certificate on your primary master node with the
information on your new node or nodes.
For details see, “Creating Certificate Files” on page 69.
4. Enter the following command on your primary master node to redeploy the SSL Certificate:
For details see, “Deploying the Secure Sockets Layer Certificates” on page 76.
5. Enter the following command on your primary master node to deploy the feature pack data to
your new node or nodes:
This script deploys all feature packs that are installed on the existing cluster nodes to the new
node or nodes. This includes the original feature pack deployment and any patches that might
have been installed on top of the original installation. For more information about the redeploy
command, see “Altering the Configuration” on page 61.
6. If you are using a self-signed or internal CA issued certificate, you must import the updated
certificate into all workstations that connect to MediaCentral Cloud UX.
For details see, “Importing SSL Certificates” on page 315.
Removing Worker Nodes from a Cluster

The following processes describe the steps required to remove one or more worker nodes from an
existing cluster. This process does not apply to removing a master node from the cluster.
• “Removing a Single Worker Node” on page 329
• “Removing Multiple Worker Nodes” on page 329
As a reminder, the first three nodes in a MediaCentral Cloud UX cluster are considered master nodes.
When you initially installed and configured the cluster, you were asked to define a “primary” master
node. When completing the following process, you must execute all commands from the primary
master node.
328
Removing Worker Nodes from a Cluster
Removing a Single Worker Node

The following process describes how to remove a single worker node.
To remove a single worker node:

1. Sign into your primary master node as the root user.
2. Enter the following command to begin the removal process:
avidctl platform host-remove-worker -i
The script reads the information from your configuration and displays a list of all non-master,
worker nodes. This “non-master worker node” distinction is made because although you might
have dedicated worker nodes, master nodes also function as workers within the cluster.
3. When prompted, enter the number that is associated with the worker node that you want to
remove, and press Enter to continue.
4. When asked if the node is still online, do one of the following: type Y (for yes) or N (for no), and
press Enter to continue.
t If your node is online and functional, type Y (for yes).
If you enter yes, the script performs additional actions to prepare the node for removal.
These steps include putting the node into (permanent) maintenance mode, unmounting
Gluster volumes, and other procedures.
t If your node is offline due to a hardware failure, or it is in an otherwise unrecoverable state,
type N (for no).
c If you enter no, you must ensure that the node cannot connect to the cluster at a future point. If
the node comes back online, it might attempt to rejoin the cluster which could lead to
unexpected behaviors to the production system.
After you press Enter, the script begins to execute processes to remove the node from the cluster.
5. (optional, recommended) Test the Platform upgrade process.
After altering the cluster configuration, it is possible that you might not perform a software
upgrade to your MediaCentral Cloud UX system for weeks or months from the point at which
you removed the nodes. You can use the same version of software that you are already running to
verify that the software upgrade process does not return any unexpected errors. If you complete
this task now, you can complete your next (real) upgrade with a high degree of confidence.
For a more information, see “Updating the Platform” in the MediaCentral | Cloud UX ReadMe
for your current version of software. You are not required to update the feature packs as part of
this test.
Removing Multiple Worker Nodes

The following process describes how to remove multiple worker nodes simultaneously.
To remove multiple worker nodes:

1. Sign into your primary master node as the root user.
2. Enter the non-interactive version of the command:
avidctl platform host-remove-worker --worker <hostname> --offline
329
Altering the NTP Server Configuration
Where the following variables are used:

- <hostname>: This value is the hostname of the worker that you want to remove. You can
add multiple values.
- offline: You can add this switch to the command if you know that all nodes that you plan
to remove are offline. If you have a mix of online and offline nodes, do not add this option.
In the following example, the system administrator has instructed the script to remove two
worker nodes (wavd-mcux05 and wavd-mcux06) from the cluster. The offline switch is not used
because both nodes are online and functional.
avidctl platform host-remove-worker --worker wavd-mcux5 --worker wavd-mcux6
3. Press Enter to execute the command.
The script begins to execute processes to remove the nodes from the cluster.
4. (optional, recommended) Test the Platform upgrade process.
After altering the cluster configuration, it is possible that you might not perform a software
upgrade to your MediaCentral Cloud UX system for weeks or months from the point at which
you removed the nodes. You can use the same version of software that you are already running to
verify that the software upgrade process does not return any unexpected errors. If you complete
this task now, you can complete your next (real) upgrade with a high degree of confidence.
For a more information, see “Updating the Platform” in the MediaCentral | Cloud UX ReadMe
for your current version of software. You are not required to update the feature packs as part of
this test.

When you initially deployed the MediaCentral Cloud UX software, you had multiple opportunities to
define the Network Time Protocol (NTP) configuration. The method you used to define the NTP
server can affect your ability to update your NTP configuration.
If you configured NTP during the CentOS installation process only, the system creates a
chrony.conf file in the /etc directory. In this case, you can update the file directly with your
updated NTP server information.
If you configured NTP during the when Running the Cloud UX Setup Script (maybe you did this in
addition to the NTP configuration in the CentOS install process), the setup script overwrites the
original chrony.conf file, and it writes the same NTP information to /etc/service-host-
inventory.json. The latter is referenced during the process of running the following:
• The avidctl platform host-setup script that is used for new installations.
• The avidctl platform host-upgrade script that is used in some upgrade processes.
In this case, you cannot simply update the chrony.conf file with changes because a system upgrade
will overwrite this file. Additionally, the upgrade script might fail if it detects a mismatch between
the chrony file and the service-host-inventory file. To avoid issues, complete one of the following
steps to update your NTP settings.
To configure new NTP settings:

t (recommended) Re-run the avidctl platform host-setup script, entering your updated NTP
server data. This will create a new chrony.conf file and update the settings in the service-host-
inventory.json file.
330
t Manually update the NTP server information in both service-host-inventory.json and chrony.conf
using a text editor such as vi. As noted in this single example below, service-host-inventory.json
contains multiple “ntp_servers” lines. You must update the NTP values in all lines.
"vars": {
"gluster_block_device": "/dev/sdb",
"kube_admin_token": "Avid123",
"kube_network_pod_ip_range": "172.19.0.1/16",
"kube_network_service_ip_range": "10.254.1.0/24",
"ntp_servers": "192.168.100.200"
}
When editing the file, you must take care to maintain the integrity and formatting of the file.
Inadvertently deleting a line or a single character could lead to other deployment problems. For
this reason (human error), Avid recommends re-running the setup script to update your NTP
configuration.
t Delete each “ntp_servers” line from the service-host-inventory.json file and then manually
update the chrony.conf file.
By deleting the information from the service-host-inventory.json file, you essentially break the
relationship between the two files. You can continue to manually update the chrony.conf file as
needed. As noted above, you must take care when editing the files to avoid mistakes.
Following the changes, Avid recommends that you restart the chrony service (systemctl restart
chronyd) and test your connection to the NTP server to validate your changes.
331
E Troubleshooting
Chapter Overview
The purpose of this appendix is to provide information on tools and processes that can be used to
identify and resolve issues on a MediaCentral Cloud UX server or cluster.

• MediaCentral Cloud UX and System Logs
• Working with Kubernetes
• Working with Grafana
• Troubleshooting Your Network
• Troubleshooting Playback
• Production Management Connection Issues
• Troubleshooting the Multi-Site Configuration Process
• Troubleshooting the XFER Service
MediaCentral Cloud UX and System Logs

If you encounter a problem with your system, you might need to contact Avid Customer Care for
assistance in troubleshooting the root cause of the issue. These troubleshooting efforts are often
expedited by collecting and reviewing the system log files. This section details the location of various
MediaCentral Cloud UX logs and describes the process of gathering them for offline review.
Log locations
Review the following table for information on log files that are available on a MediaCentral Cloud
UX server.
Log location Description
/var/log This directory includes system setup and upgrade logs:

• service-host-setup-<value>.log
• service-host-upgrade-<value>.log
/var/log/messages This is a general system log file. Most services write data to this file.
/var/log/containers/ This directory includes logs for each Docker container.

Docker container logs are rotated automatically when the file size reaches 200 MB
with a maximum number of two logs per container.
/var/log/glusterfs/ This directory includes logs related to GlusterFS.

To avoid excessive log collection over time, MediaCentral Cloud UX automatically deletes log files
that are older than 9 days. This automatic deletion schedule does not apply to the Docker log files.
For more information on Kubernetes log files, see “Displaying Pod Logs” on page 337.
Viewing Log Files

CentOS includes multiple commands that allow you to view logs directly on the MediaCentral Cloud
UX server. The following list details a few of these commands:
• less - Outputs the contents of a file to the screen in a shell; permitting forward and backward
movement through the file. Example command:
less /<path>/<file-name>
Press “q” to exit the shell.
• more - Similar to “less”, but does not allow you to move up and down through the file. “more” is
also not presented in a shell. For example:
more /<path>/<file-name>
The contents of the file is displayed in pages so that you can review the contents slowly and
easily. The bottom of the display provides a percentage of how much of the file has been output.
Once you reach the end of the file, you are returned to the Linux prompt.
You can press the space-bar to see the next page or press CTRL-C to exit the more command.
• cat - This command dumps the entire contents of the file to the screen. For example:
cat /<path>/<file-name>
• tail - By default, this command displays the last ten lines of a log file. Alternatively, you can add
a numbered value to specify additional lines:
tail /<path>/<file-name>
tail -50 /<path>/<file-name>
Adding the -f switch to the command allows you to view the growing log file in real-time (press
CTRL-C to exit the real-time view):
tail -f /<path>/<file-name>
The same command can be used to simultaneously view multiple log files in real-time. For
example:
tail -f /<path>/<file-name1> /<path>/<file-name2>
• grep - Use the grep command to search for regular expressions within a log file from the
command line.
For example the following command searches all log files in the current directory for the term
“fail-count”:
grep fail-count *.log
Adding a -r option to the same command recursively searches the log files in the current
directory and all subdirectories for the specified <search_term>:
grep -r <search_term> *.log
In addition to the commands above, CentOS includes the journalctl command which can be used
to monitor the direct output of a service.
333
For example the following command displays the output of the kubelet service:
journalctl -u kubelet
Alternatively, you can add a -f switch to the command to view the live output of the service log:
journalctl -u kubelet -f
Collecting Logs
Avid provides two scripts that can assist you in gathering information about your MediaCentral
Cloud UX server.
• avidctl tools system-report
This tool gathers the local hosts file, status information on services Kubernetes information, a
minimal number of log files, and more.
• avidctl tools collect-logs
This tool gathers log information only, including log information on all Kubernetes pods, and
many more logs than collected by the system-report tool. Because of the amount of logs
collected, the file created by this script can be very large.
Alternatively if you need to collect a single log file, you can use an SFTP client to access the
MediaCentral Cloud UX server and copy the file. For more information, see “Copying Software
Using an SFTP Client” on page 255.
If you need to collect a Kubernetes pod log, see “Working with Kubernetes” on page 335 for more
information.
After you have collected the logs, you can review them from an external location such as a Windows
machine. There are multiple tools that can be used to review the logs. Once such application is called:
Notepad++. This free source code editor displays logs through an organized line-item display and
enables users to search RHEL logs to quickly find the data they need. Notepad++ can be downloaded
from: https://notepad-plus-plus.org/
To run the system-report script:

1. Log into the Linux command line as the root user.
2. Enter the following command to execute the script:
avidctl tools system-report
The script creates a <localhost>-report.log file at /var/log/.
The default system report is limited to collecting only the information that is most commonly
requested by Avid Customer Care. In most cases, this is the best option to use when running the
script. However, the script includes a “complete” option that provides much greater detail. If
Avid Customer Care requires additional information, you can run the script again with the -c
option as shown here:
avidctl tools system-report -c
3. (optional) If you have multiple servers configured in a cluster, you must execute the command on
each node to collect the logs from each server.
4. After you have created the system-report files, you can collect the files for review.
334
Working with Kubernetes
For more information on tools and commands used to copy files to and from the MediaCentral
Cloud UX server, see “Copying Software to the MCUX Server” on page 255.
To run the log collection script:

1. Log into the Linux command line as the root user.
2. Enter one of the following commands:
t avidctl tools collect-logs
The script collects logs from your MediaCentral Cloud UX server and creates a new
<localhost>.tar.gz file in the current working directory.
t avidctl tools collect-logs -o /<path>
The -o /<path> option allows you to specify a location to save the compressed log files.
Since some log files can be large (multiple GB), you need to make sure that you select a
destination that has enough space for the file.
If you need help with this script, you can enter avidctl tools collect-logs --help to see
a list of options that can be used with the script.
3. (optional) If you have multiple servers configured in a cluster, you must execute the command on
each node to collect the logs from each server.
4. After you have created the compressed log files, you can collect the files for review.
For more information on tools and commands used to copy files to and from the MediaCentral
Cloud UX server, see “Copying Software to the MCUX Server” on page 255.

Kubernetes is an open-source system for automating deployment, scaling, and management of
containerized applications. Avid use Kubernetes with Docker as container platform. As noted in the
Installation Prerequisites chapter, Kubernetes manages pods — a construct that wraps around one or
more Docker containers (although usually just one).
This section describes a set of commands that can be issued from the CentOS command line.
However, many of these same functions can be completed using the Kubernetes web interface. For
more information on that tool, see “Accessing the Kubernetes Dashboard” on page 339.
The kubectl Tool
Kubernetes provides the kubectl tool that you can use to manage and interact with Kubernetes pods
and systems. You might recall using this tool when “Running the Cloud UX Setup Script” on page 62
to obtain the status of the MediaCentral Cloud UX nodes.
kubectl get nodes

You can get more information on kubectl commands by using the tool’s help system. To access the
help, enter: kubectl --help.
335
For more information on kubectl, see https://kubernetes.io/docs/reference/kubectl/overview/.
Pod Status Report
You can use the following command to obtain a list and a status of all pods (running or not):
kubectl get pods
Or you can use the following version of the command that reports additional information such as the
IP address and name of the node where the pod is running:
kubectl get pods -o wide
The following shows an example of this command (some data omitted for clarity):
[root@wavd-mcux1 ~]# kubectl get pods -o wide | more
NAME READY STATUS RESTARTS AGE IP NODE

avid-acs-attr-shardsvr0-0 2/2 Running 4 6d4h 172.19.1.205 wavd-mcux1
avid-acs-attributes-core-85ff 1/1 Running 0 3d23h 172.19.0.175 wavd-mcux2
avid-acs-attributes-core-85ff 1/1 Running 0 3d23h 172.19.2.48 wavd-mcux3
avid-acs-gateway-core-gt7g7 1/1 Running 0 4d 172.19.2.41 wavd-mcux3
avid-acs-gateway-core-sksk2 1/1 Running 0 4d 172.19.1.62 wavd-mcux1
avid-acs-gateway-core-w8968 1/1 Running 0 4d 172.19.0.165 wavd-mcux2
avid-acs-monitor-core-7c57bcr 1/1 Running 0 26m 172.19.1.135 wavd-mcux1
avid-acs-registry-core-8km27 1/1 Running 8 6d 172.19.0.60 wavd-mcux2
avid-acs-registry-core-stwk8 1/1 Running 10 6d 172.19.1.224 wavd-mcux1
avid-acs-service-manager-core 1/1 Running 7 6d 172.19.2.217 wavd-mcux3
avid-acs-service-manager-core 1/1 Running 8 6d 172.19.0.82 wavd-mcux2
avid-acs-shardsvr0-0 2/2 Running 7 6d4h 172.19.1.211 wavd-mcux1
If you run the “get pods” command in a cluster, the command reports the status for all pods in the
cluster. When running correctly, pods should report a Running status or a Completed status for “job”
pods.
If you see a pod that reports a CrashLoopBackOff status, it indicates that the pod attempted to start,
failed, and was scheduled to restart. The Restarts column that is output by this command shows the
number of times that a pod has restarted. If you see a pod that continues to fail, you can review the
pod’s log file for additional details. If you are unable to resolve the issue, contact Avid Customer
Care for assistance. For more information on reviewing Kubernetes log files see “Accessing the
Kubernetes Dashboard” on page 339.
Displaying Pod Details
If you want to obtain more information about a specific pod, you might want to start with the
Kubernetes Dashboard. For more information, see “Accessing the Kubernetes Dashboard” on
page 339. However if that is not an option for some reason, you can obtain pod information on the
command line level as well.
Enter the following command to obtain more information about a specific pod:
kubectl describe pod <pod_name>
For example: kubectl describe pod avid-pam-services-pam-69544d48ff-7qmpr
336
You can obtain the name of the pod using the kubectl get pods command.
Alternatively, if you want more information on a pod included in the kube-system group, you can run
the kubectl --namespace kube-system get pods command to get the name of the pod, and
then enter the following command to display the details:
kubectl -n kube-system describe pod <pod_name>
For example: kubectl -n kube-system describe pod registry-9dndb
If the pod is experiencing an error, the Events section at the bottom of the output might provide
valueable information that you can use to troubleshoot the problem.
Displaying Pod Logs

• Each pod creates a log that can be used to investigate the pod’s recent activity and troubleshoot
problems. You can enter the following command to display the log:
kubectl logs <pod-name>
• If the log contains a large amount of information, you can use the more command to display the
log one page at a time:
kubectl logs <pod-name> | more
• Some pods might include more than one container. For example avid-search-shardsvr0-0
includes multiple resources. If you attempt use the command above to view the logs for a
container of this type, you might receive an error similar to the following:
Error from server (BadRequest): a container name must be specified for pod
avid-search-shardsvr0-0, choose one of: [avid-search-shardsvr0 avid-search-
shardsvr0-init] or one of the init containers: [avid-search-shardsvr0-ssl
avid-search-shardsvr0-shared-secrets]
To view the contents of a specific resource within a pod, you must modify the command with the
-c option and the name of the resource that you want to view.
kubectl logs <pod-name> -c <resource-name>
For example:
kubectl logs avid-search-shardsvr0-0 -c avid-search-shardsvr0
• If a pod has stopped, you can still recover the log with the following command:
kubectl logs -p <pod-name>
Restarting a Pod
In most cases Kubernetes automatically restarts a stopped pod to minimize the amount of down-time.
Pods are usually managed by a deployment, statefullset, or daemonset. If you need to manually
restart a pod, you do not actually restart it — you delete it. When you delete pod, Kubernetes sees
this as a stop and it automatically starts a new pod to take its place.
You can enter the following command to delete a pod:
kubectl delete pod <pod-name>
337
When specifying the name of the pod, you need to enter the full name with the -suffix. For example:
[root@wavd-mcux01 ~]# kubectl delete pod avid-hoverscrub-784b4c4574-pk8qj

pod "avid-hoverscrub-784b4c4574-pk8qj" deleted
After deleting the pod, a new pod should be created. If you run the “get pods” command, you should
notice that a new pod has been created with a different suffix from the previous pod.
Changing the Kubernetes Token

During the MediaCentral Cloud UX installation process, you are required to specify an admin token
that can be used to access the Kubernetes dashboard. If necessary, this password can be changed after
the installation is complete.
The Kubernetes token is embedded in multiple system files and cannot be changed by simply editing
a single file. To make sure that the token is replaced in all of the required locations, you must run the
same host-setup script used to configure the original token.
c The following process is disruptive for systems with active users and must be completed during
a maintenance window.
To change the Kubernetes admin token:

1. Review the process for “Running the Cloud UX Setup Script” on page 62 and make sure that you
have answers for each of the values required by this script.
avidctl platform host-setup -i
When responding to the prompts, you must enter the same values as specified during the original
system installation — except for the admin token.
3. After the script completes successfully, you must enter the following command on your single
server or primary master node to restart the services related to this change:
systemctl restart kube-apiserver kube-controller-manager kube-scheduler
kubelet avid-nexis-agent
If you are running a clustered configuration, connect to each node individually and restart the
services on each node. You can enter this command in any node order and you do not need to
wait for the services to restart on one node before entering the command on the next node.
4. After the services are restarted on all nodes, verify that you can connect to the Kubernetes
dashboard with the new token. For more information, see “Accessing the Kubernetes
Dashboard” on page 339.
338
Accessing the Kubernetes Dashboard

The Kubernetes Dashboard is a web-based tool that allows you to view and manage the Kubernetes
environment. The following illustration shows the Dashboard for a fully installed and configured
MediaCentral Cloud UX single-server.
This section describes how to access the Dashboard and how to collect logs for Kubernetes pods. For
more information about the Dashboard, see https://kubernetes.io/docs/tasks/access-application-
cluster/web-ui-dashboard/.
n Although this process describes how to gather Kubernetes pod logs manually, you might want to use
the avidctl tools collect-logs script to gather all pod logs in a single step. For more
information, see “Collecting Logs” on page 334.
To access the Kubernetes Dashboard:

1. If not already enabled, refer to “Deploying the Kubernetes Dashboard” on page 109 to enable the
Dashboard.
2. Open a web browser and enter the following address:
Where <hostname> is the host name of your single server or any cluster node.
If your web browser displays a privacy warning, continue through the prompts to access the
page.
3. At the Kubernetes Dashboard window, select the Token button.
339
4. Enter the Kubernetes Admin token that you specified when “Running the Cloud UX Setup
Script” on page 62.
5. Click the Sign In button to access the Kubernetes Dashboard.

The Dashboard appears and defaults to the Overview page.
To collect Kubernetes pod logs:

1. Sign in to the Kubernetes Dashboard.
2. Click on the Pods link in the menu on the left-side of the Dashboard.
The dashboard displays a list of pods.
3. (optional) When you first access Pods, the list of pods is sorted by the Age column by default. If
this is not the best view for your situation, you can change the default view by clicking on the
name of any other column.
If you are looking for a specific pod and you do not see it on the first page of the list of pods, do
one of the following:
t Click the Next Page button in the bottom right corner of the Pods view to display the next 10
pods.
t Enter the full or partial name of the pod in the Search field at the top of the Dashboard to
search for your pod.
t Click on the Filter button at the top right of the Pods panel and enter the full or partial name
of the pod in the Search field to filter the list of pods by your custom value.
340
4. After you have located your desired pod, click the Logs button to the right of the pod name.
The Dashboard opens a new browser tab and displays the selected log. You can use the controls
at the top of the log panel to change the view or download a local copy of the log.
n Alternatively, you can click on the name of the pod to get detailed information about it. After you
have opened the Details panel, you can click on the Logs button from here as well.
Deleting a Pod
In some cases, you might need to delete a pod to enable new features or to troubleshoot an issue.
When you delete a pod, Kubernetes automatically creates a new pod to replace it — using system
settings files to configure the contents of the pod. In some ways, you might consider the deletion of a
pod to be similar to process of restarting a service.
To delete a pod:
2. Use the Search option at the top of the Kubernetes Dashboard to search for the name of the pod.
For example: avid-search-search
3. Click the Actions menu to the right of the pod and select Delete.
In some cases, such as the “avid-search-search” pod, you might have more than one pod with the
same name. In this case you often want to delete all of the pods with that name.
c Make sure that you only delete the pods. Do not delete the Config Maps, Deployments, or other.
When you delete a pod, Kubernetes recognizes the change and initiates the creation of a new pod
to take its place.
341
Working with Grafana

Grafana® is a visualization tool that allows you to analyze system data such as memory usage, CPU
usage, and much more through detailed graphic dashboards. Prometheus™ data models are used to
populate the Grafana dashboards with information that is gathered or “scraped” from various system
services. If you have not already configured this feature, review the process for “Enabling System
Monitoring” on page 101 for more information.
c Avid strongly recommends that you deploy the System Monitoring tools for all MediaCentral
Cloud UX installations. This recommendation applies specifically to the Monitoring aspect of
the System Monitoring solution. Deployment of the Logging feature is at your discretion.
The following illustration shows the Nodes Overview dashboard that displays the MediaCentral
Cloud UX network usage, CPU usage, disk I/O and more. You can use the time range controls to
view a snapshot of the current system status, or view an average of the system usage over time. In this
example the time range menu is configured to display the last three hours of data.
In addition to the Nodes Overview dashboard, Avid provides a series of other dashboards that you
can use to obtain information on Elasticsearch, MongoDB, system license usage, and more. While
these dashboards detail common areas of interest for many MediaCentral Cloud UX installations,
your organization can create custom dashboards by reviewing the documentation on the Grafana
website at: http://docs.grafana.org/.
342
When working with Grafana, you might notice a few common areas of the user interface. For
example the menu in the upper-right corner of the UI allows you to switch between the available
dashboards. This menu not only provides quick access to the dashboards, but also preserves the
selected time range so that you can easily compare data without the need to reconfigure the time
range controls.
If you are running in a clustered environment, the Host menu allows you to choose if you want to
display information for all nodes, or if you want to focus on one or two specific nodes.
Some dashboards also include an Interval menu that allows you to configure the time span used to
aggregate or group your data. When altering the interval value, you should note the following:
• A large interval will render quickly, but you might not capture all data peaks because the curve is
flattened.
• A short interval will take longer to render, but you might prefer this view if you need to identify
specific data peaks — for example a period in which CPU consumption spikes.
The MediaCentral Cloud UX deployment process installs the packages to enable Grafana and
Prometheus. If you need to troubleshoot system monitoring or logging, the following Kubernetes
pods are of particular importance:
• Monitoring
- grafana
- prometheus-server
• Logging (optional, if deployed)
- mon-eleasticsearch
- mon-filebeat
- mon-kibana
- mon-logstash
The following process provides information on how to access the Grafana user interface and an
example dashboard.
To access the Grafana user interface:

1. Open a web browser and enter the following address:
https://<hostname>:30003/login
Where <hostname> is the Fully Qualified Domain Name (FQDN) of the MediaCentral Cloud
UX server or cluster.
343
Troubleshooting Your Network
The Grafana Log In page appears.

2. Enter your Grafana user name and password and click the Log In button.
t If you have not yet integrated with an authentication provider, you can enter the default user
name and password: admin / Avid123
t If you have already integrated MediaCentral Cloud UX with Active Directory, any user that
is included in the Cloud UX Admin group can access Grafana.
n Microsoft Active Directory is the only supported authentication provider in this release of
After your user credentials are verified, the Grafana home page is displayed.
3. Click the Home button in the upper-left corner of the user interface to display your dashboards.
4. Select a dashboard from the list of options to display the related system information.
5. After you have finished using Grafana, you can sign out by clicking the user avatar in the
bottom-left corner of the window and click the Sign out button.

If you are experiencing issues connecting your MediaCentral Cloud UX server to your corporate
network, review the following topics for assistance:
• “Troubleshooting the Network Connection” on page 345
• “Verifying the Hosts File Contents” on page 346
• “Verifying the resolv.conf Configuration File” on page 347
• “Verifying the nsswitch.conf Configuration File” on page 347
If you think the issue could be related to firewalls or network port issues, see the Avid Networking
Port Usage Guide on the Avid Knowledge Base for more information.
344
Troubleshooting the Network Connection

If you are unable to connect to the server through an SSH client, you might need to troubleshoot the
network connection. Connect a monitor and keyboard directly to the server and review the following
items to verify your settings and connectivity.
• If you used a host name when connecting to the server in the SSH session, try using the server’s
IP address instead. If you are able to connect through an IP address and not a hostname, you
might have mis-configured the host name (spelling error) or you might have a problem with your
hosts file or DNS.
• Use the ping command to verify your connection to the network gateway:
ping <gateway_IP_address> -c 4
In this step, “-c 4” is the count of how many times the ping command is issued. If you do not
specify a count, ping will continue forever. In that event, press CTRL-C to stop the ping. For
example:
[root@wavd-mcux ~]# ping -c 2 192.168.10.1
PING 192.168.10.1 (192.168.10.1) 56(84) bytes of data.
If you are unable to ping the gateway, you might have a configuration issue on the server or you
could have a problem with the configuration on the network switch.
• Use the ip addr command to obtain a status for the available network interfaces. For example:
[root@wavd-mcux ~]# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen
1000
link/ether 00:50:56:93:13:01 brd ff:ff:ff:ff:ff:ff
inet 192.168.10.51/24 brd 192.168.10.255 scope global eth0
inet6 ff30::222:56aa:fb93:1766/32 scope link
You must verify that your primary network interface (the one associated with your network
gateway) is in an UP state and that it has the correct IP address.
• If necessary, you can type nmtui to enter the CentOS network setup tool to make changes to
your configuration.
1. When the tool opens, select the “Edit a connection” option and press Enter.
2. Highlight your primary interface, select Edit and press Enter to alter the interface settings.
345
Verifying the Hosts File Contents

The hosts file is used by the operating system to map hostnames to IP addresses. It allows network
transactions on the computer to resolve the right targets on the network when the instructions carry a
“people-friendly” hostname (e.g. wavd-mcux01) rather than an IP address (e.g. 192.xxx.xxx.xxx).
Querying and waiting for a response from a DNS server can be slow due to network latency. The
hosts file assists in quickly resolving hostnames to IP addresses.
When executing the script detailed in “Running the Cloud UX Setup Script” on page 62, your
server’s hostname and IP address are automatically added to the hosts file. If you are configuring a
cluster, all cluster nodes are added to the local hosts file.
To verify the local hosts file:

1. Using the Linux vi editor, open the hosts file (/etc/hosts) for editing:
vi /etc/hosts
If you have not run the Avid setup script yet, the hosts file should look similar to the following:
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4

::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
In this example, the default IP addresses of 127.0.0.1 and ::1 are mapped to various forms of
“localhost”, for both ipv4 and ipv6 systems.
In some cases, the hosts file might include an explicit call-out of the computer’s own host name.
In the following example, “wavd-mcux01” has been added to the hosts file in two places:
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 wavd-mcux01

::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 wavd-mcux01
If the computer’s host name is present in either line, remove the entries:

2. Exit the vi session using one of the following methods:

t If you made changes to the hosts file, save and exit vi by pressing <ESC> and type: :wq
t If you did not make any changes to the hosts file, exit vi by pressing <ESC> and type: :q!
After you run the Avid setup script your hosts file is updated with the required node information. The
following example shows a hosts file for a three-node cluster:
# Autogenerated BEGIN 192.168.10.51 by Ansible playbook. DO NOT REMOVE THIS COMMENT!!!

192.168.10.51 wavd-mcux01.wavd.com wavd-mcux01
# Autogenerated END 192.168.10.51 by Ansible playbook. DO NOT REMOVE THIS COMMENT!!!
346


Verifying the resolv.conf Configuration File

resolv.conf contains the DNS and domain information that you entered during the CentOS
installation and configuration process. If you are having trouble connecting to other systems by
hostname, you can review the contents of the file and update it if necessary:
The process for “Configuring Networking in the CentOS Install Wizard” on page 50, instructs you to
enter no more than three search domains as this is the maximum number of domains allowed in a
Kubernetes configuration. When reviewing certain system logs, you might also encounter three
additional search domains: default.svc.group-0, svc.group-0, and group-0. Kubernetes adds these
search domains to the system automatically. They do not count towards your three search domain
limit, and they do not appear in the resolv.conf file.
To verify the resolv.conf file:

1. Use the Linux cat command to display the contents of the file and verify its contents:
cat /etc/resolv.conf
The DNS servers (nameserver) and DNS search path should be present in the file as in the
following example:
# Generated by NetworkManager
search wavd.com
2. If necessary, you can use the vi editor to add one or more additional search domains. The file
should look something like:
search domain1.com domain2.com (multiple domain names separated by a single space or tab
can be entered)
nameserver <IP address of server1> (Primary DNS server)
nameserver <IP address of server2> (Secondary DNS server)
Verifying the nsswitch.conf Configuration File

nsswitch.conf is used to define which name resolution source to prefer — the local hosts file or DNS.
Avid suggests that you configure this file to prefer the hosts file before DNS. If you are having
trouble connecting to other systems by hostname, you can review the contents of the file and update
it if necessary.
To verify the nsswitch.conf file:

1. Use the Linux cat command to display the contents of the file and verify its contents:
cat /etc/nsswitch.conf | grep hosts
347
Troubleshooting Playback
In this command, “grep” has been added to limit the output of the file. The system outputs the
lines containing the string “hosts”, similar to the following:
#hosts: db files nisplus nis dns
hosts: files dns myhostname
In the second, uncommented line, verify that the word “files” comes before the word “dns”.
2. If “files” does not appear before “dns”, use the vi editor to reverse the priority order.
If you are having problems playing back media in the MediaCentral Cloud UX Asset Editor, you can
attempt to use the following processes to troubleshoot and resolve the problem.
The following list provides some general troubleshooting techniques:

• The Asset Editor includes a Reload Asset button. If you have a problem with a particular asset,
try reloading it before doing anything else.
• Load a different asset, preferably one that was not created in the same time frame as your first
asset. It’s possible that you might be experiencing a problem with a single asset or a group of
assets created around the same period of time.
• If you are having problems playing or loading an asset, you should verify that the asset is online
in the source MediaCentral module. For instance before taking any action in MediaCentral
Cloud UX for a MediaCentral Production Management asset, you should use Interplay Access to
verify that the asset is fully online.
Verifying Access to Shared Storage

If you are having a problem playing back all media assets, you should determine where the asset is
located and verify that MediaCentral Cloud UX has access to that network share.
If you are connected to Avid shared storage, you can enter the following command to verify if the
Avid NEXIS system is mounted successfully:
systemctl status avid-nexis-agent -l
If the Avid NEXIS storage is not mounted, you can enter the following commands to restart the Avid
NEXIS Client services:
systemctl restart avidfos
systemctl restart avid-nexis-agent
If you are mounting non-Avid storage for MediaCentral Asset Management, you can use the
following command to verify that the storage is mounted on the server:
df -h | more
For more information on mounting non-Avid storage, see “Mounting Volumes” in the Avid
MediaCentral | Asset Management Installation Manual.
348
Clearing the Player Cache

The MediaCentral Cloud UX player cache is cleared on a regular basis through a Linux cron job that
is configured automatically when you install your system. The cron job is programmed to delete a
percentage of the cache — based on available disk space. However, if you need to manually clear the
cache as part of a troubleshooting effort, you can use the following process to safely complete this
task.
To clear the playback cache on a single-server or cluster:

1. Enter the following commands on your single-server or any of your cluster master nodes:
rm -fr /mnt/gluster-cache/playback-cache/download/*
rm -fr /mnt/gluster-cache/playback-cache/fl_cache/*
2. After deleting the cache contents, you must sign in to Kubernetes and delete the pods related to
playback. This process restarts the services controlled by these systems.
a. Sign into Kubernetes.
b. Enter “playback” in the search tool at the top of the screen.
One or more avid-playback-<value> pods are listed in the search. If you have a single-
server, you should see only one pod. If you are running a clustered configuration, you should
see multiple pods.
c. Click on the menu to the right of the pod to delete each of the playback pods.
The Kubernetes management system detects that the pod has been deleted and automatically
creates a new pod to replace it.
d. Repeat the steps above to delete the avid-render-<value> pod.
Reviewing the Default Quota for the Gluster Cache

In early versions of MediaCentral Cloud UX, the Gluster cache was used exclusively by the player
services. Over time, the use of the Gluster cache storage has been leveraged by other MediaCentral
services. To ensure that the player does not over-consume the cache storage, MediaCentral Cloud UX
defines hard and soft limits for the player storage. These limits ensure that other consumers of the
Gluster cache have the required amount of storage available to them.
As an Administrator, you do not need to regularly monitor the capacity of the player cache or the
Gluster cache volume. As the player cache reaches capacity, older proxy files are simply overwritten
with newer files. You cannot reach a situation where new files cannot be created due to lack of
storage space.
n If you think that you might need to adjust the cache storage values, Avid recommends that you
contact Avid Customer Care to verify that the changes are truly required.
The following process describes how to verify the amount of storage allocated to the player, and how
to adjust the hard and soft limits if necessary.
To verify the current hard and soft limits:

t Enter the following command in the Linux console:
gluster volume quota gluster-cache list
349
The system should respond with output that is similar to the following example:
Path Hard-limit Soft-limit Used Available Soft-limit exceeded?
Hard-limit exceeded?
--------------------------------------------------------------------------
playback-cache 16.0GB 90%(14.4GB) 0Bytes 16.0GB No No
The following list provides additional detail on some of these values:
- Path: Directory for which you have requested quota information
- Hard Limit: Maximum amount of cache space allocated to the directory
- Soft Limit: When the capacity reaches this percentage value, system log files are updated to
note the situation.
To adjust the size of the player cache:

1. Verify the total size of the Gluster cache:
df -h /mnt/gluster-cache/
You should see an output similar to the following:
wavd-mcux01:/gluster-cache 20G 237M 20G 2% /mnt/gluster-cache
In this example, the total size of the Gluster cache storage is 20GB.
2. Enter the following command to verify the amount of storage that is allocated to the player:
df -h /mnt/gluster-cache/playback-cache/
You should see an output similar to the following:
wavd-mcux01:/gluster-cache 16G 0 16G 0% /mnt/gluster-cache
Note that the playback-cache is a subdirectory of the gluster-cache, and only 16GB of the total
20GB is allocated to the player.
3. Now that you know the current values, you can use the following command to alter the values:
gluster volume quota gluster-cache limit-usage <path> <hard-limit> <soft-
limit>
- Path: Defines the affected directory. In terms of altering the size of the player cache, this will
almost always be: /playback-cache.
- Hard Limit: Enter the maximum amount of cache space that you want to allocate to the
directory.
- Soft Limit: Enter a numerical value for the soft limit percentage.
For example:
gluster volume quota gluster-cache limit-usage /playback-cache 16GB 80
For more information on adjusting these values, see the following link to the Red Hat Customer
Portal: https://access.redhat.com/documentation/en-us/red_hat_gluster_storage/3/html/
administration_guide/chap-managing_directory_quotas
350
Production Management Connection Issues
Using the Player Demo Page

The player demonstration utility is a powerful tool that can be used for troubleshooting and verifying
playback functionality. If Avid Customer Care directs you to access the tool, enter the following link
in a supported web browser:
https://<host.domain>/player
Where <host.domain> is the FQDN (fully qualified domain name) of a MediaCentral Cloud UX
node (single-server or cluster node).
Production Management Connection Issues

Issue: You have configured MediaCentral Production Management and the Browse app shows either
nothing or only shows the name of the Production Management system (no directory tree).
To resolve this issue, review the following:

• Review the contents of the /etc/avid/config/pam.yaml configuration file.
- Carefully check the spelling of all host names, users, and passwords.
- If you used an IP address, verify that the IP address is correct.
- Verify that you can ping the Production Management server(s) over the network.
• MediaCentral Cloud UX includes two scripts that you can use to verify connectivity to the
Production Management Engine or Archive Engine. These scripts also verify that the engine
specified in the corresponding system configuration file is of the correct type (production or
archive).
- If you want to verify a Production Engine, you can enter the following script:
avidctl platform config pam test
- If you want to verify an Archive Engine, you can enter the following script:
avidctl platform config pam-archive test
- These scripts include options to specify a timeout and to loop the test for multiple attempts.
For more information, see the script’s help function by entering the following command:
avidctl platform config pam test --help
If the script can contact the host and verify the engine type, the script reports a message similar
to the following (example of the pam test):
Attempt 1/1
Performing PAM config validation using file /etc/avid/config/pam.yaml
Detected PAM engine on wavd-ie01.wavd.com
PAM config validation using file /etc/avid/config/pam.yaml succeeded
If the script can contact the engine, but determines that it is of the wrong type, you are alerted to
the issue so that you can correct the appropriate configuration file (pam.yaml or pam-
archive.yaml). For example:
Performing PAM Archive config test
[ERROR] wavd-ie01.wavd.com is not a PAM Archive server
• Have you imported the required licenses into MediaCentral Cloud UX using the License app?
351
Troubleshooting the Multi-Site Configuration Process
• Is your MediaCentral Cloud UX user account included in a User Group that has both a Client
License (Browse or Edit) and appropriate entitlements assigned to it?
Sign into the MediaCentral Cloud UX Administrator apps page and verifying licensing in the
License app.
• Verify that you have configured the MediaCentral Platform Authentication settings.
For more information, see “User Authentication Providers” on page 136.
• If you have imported users from MediaCentral Cloud UX into MediaCentral Production
Management and you have not performed any additional user management in the Production
Management system, you must make sure that the /Imported Users/MEDIACENTRAL/<server>
group in the Production database is granted Read access (at minimum).
• Restart the related Kubernetes pods and review the logs:
- Sign into the Kubernetes dashboard and delete the “avid-pam-ctc-pam-<value>” and “avid-
pam-services-pam-<value>” Kubernetes pods.
- Wait for at least two minutes for the pods to restart.
- Review the logs from the newly created pods for more information.
• If you specified more than one MediaCentral system in the MediaCentral Platform
Authentication settings, make sure that you pay special attention to the required changes to the
pam.yaml file.
For more information, see “User Authentication Providers” on page 136.
Troubleshooting the Multi-Site Configuration Process

Issue: You have configured your MediaCentral Cloud UX system as part of a multi-site environment
and you cannot connect to remote sites in the Multi-Site Settings app. You might also see a warning
similar to the following in the System Configuration section of the Multi-Site Settings app:
The CTMS Registry of this site is not available. Please contact the site administrator or update the
site registry in order to remove the site completely from the multi-site configuration. Please refer to
the MediaCentral Cloud UX Installation Guide for details.
To resolve this issue, review the following:

• Make sure that each system participating in the multi-site environment is licensed for the feature.
• If you are configuring multi-site after having already run the final deploy script, remember that
you must redeploy the system to enable the updated configuration files. For more information,
see “Altering the Configuration” on page 61.
• Verify that your server has a valid certificate that includes the Fully Qualified Domain Name of
your single-server or cluster.
If you are using self-signed or internal CA certificates, remember that you must import the
certificates from your local site and from each remote site into your local workstations.
If your certificate does not include the FQDN, refer to “Creating Certificate Files” on page 69 to
create and deploy and updated certificate.
• Verify that your system’s FQDN, short name, and IP address are fully resolvable in DNS.
• Verify that you have configured at least one User Map in the Multi-Site Settings app on each site
before you attempt to link to any remote modules.
352
Troubleshooting the XFER Service
• As referenced in “Before You Begin” on page 16, each MediaCentral Cloud UX server needs
proper time synchronization with the systems in the local site. When working in a multi-site
environment, Avid recommends that you connect all sites to a common time source to ensure that
both local and remote systems are in sync.
Troubleshooting the XFER Service

If you completed the process for “Configuring the Avid XFER and XFORM Services” on page 91
and you are seeing errors in either the logs or the MediaCentral Cloud UX Process app, you can
review the following information for assistance. If this information does not resolve your problem,
contact Avid Customer Care.
• The XFER service keeps restarting.
Check the Kubernetes logs for the avid-xfer-mediaservices pod. If the logs contain the following
error, your default Avid NEXIS workspace might be mis-configured:
java.lang.IllegalArgumentException: defaultWorkspace location is empty
In this case you must repeat the process of running the avidctl platform config xfer
script and define a new workspace. After updating the xfer.yaml file, remember that you must
redeploy your system configuration.
• The Process app reports that either the “XForm Relink And Extract Task” or “XForm
Download” task fails with the message “Cannot access unmounted storage…”
Check the Kubernetes logs for the avid-xfer-mediaservices pod. If the logs contain the following
error, your default Avid NEXIS workspace might be mis-configured:
...defaultUnc property is not reachable NexisPath(originalPath=)...
In this case you must repeat the process of running the avidctl platform config xfer
script and define a new workspace. After updating the xfer.yaml file, remember that you must
redeploy your system configuration.
353

MCCUX 2022 3 0 Install Guide

Uploaded by

Copyright:

Available Formats

MCCUX 2022 3 0 Install Guide

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

MCCUX 2022 3 0 Install Guide

Uploaded by

Copyright:

Available Formats

MediaCentral | Cloud UX™

The following disclaimer is required by Apple Computer, Inc.:

The following disclaimer is required by the Independent JPEG Group:

Copyright (C) 1989, 1991 by Jef Poskanzer.

Copyright 1995, Trinity College Computing Center. Written by David Chappell.

Copyright 1996 Daniel Dardailler.

Copyright (c) 1991 by AT&T.

The following disclaimer is required by Nexidia Inc.:

The following disclaimer is required by Paradigm Matrix:

The following disclaimer is required by Ray Sauers Associates, Inc.:

The following disclaimer is required by Videomedia, Inc.:

The following disclaimer is required by 3Prong.com Inc.:

The following disclaimer is required by Interplay Entertainment Corp.:

Portions © Copyright 2003-2007 of MOG Solutions.

P41-RR02188 by the National Institutes of Health.

Portions relating to gdft.c copyright 2001, 2002 John Ellson (ellson@lucent.com).

Attn. Government User(s). Restricted Rights Legend

Using This Guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13

The following documents are referenced in this guide:

Date Revised Changes Made

Important Terms and Notes

Symbols and Conventions

Symbol or Convention Meaning or Action

A note provides important related information, reminders, recommendations,

Symbol or Convention Meaning or Action

This symbol indicates a single-step procedure. Multiple arrows in a list

If You Need Help

Avid Training Services

The following main topics are described in this chapter:

Before You Begin

• Define a static IP address for each of your MediaCentral Cloud UX servers.

Host Name (FQDN) IP Address Description

wavd-mcux.wavd.com 192.168.10.50 Cluster host name and IP

wavd-mcux01.wavd.com 192.168.10.51 Cluster node 1

wavd-mcux02.wavd.com 192.168.10.52 Cluster node 2

wavd-mcux03.wavd.com 192.168.10.53 Cluster node 3

Users and User Management

Network Interface Cards and Network Connections

Remote Client Connections

Understanding Docker Containers and Kubernetes

What is Docker and What are Containers?

A container is generally composed of a single service or application as well as any dependent

For more information on Docker and container technology, see https://www.docker.com/.

Ancient Greek for “pilot” or “helmsman”, Kubernetes (“koo-burr-NET-eez”) is a cluster manager /

In a Kubernetes environment, each MediaCentral Cloud UX server is identified as a node. In a cluster

Operating System and Security

For more information about CentOS, see https://www.centos.org/about/.

Obtaining the MediaCentral Installation Packages

Accessing the Cloud UX Server

Additional Configuration for Integrated Modules

MediaCentral | Phonetic Index

Copying Software to the MCUX Server

Creating the MCUX Installation Media

The following main topics are described in this chapter:

Changing BIOS Settings

Configuring the BIOS on the HP ProLiant DL360 Gen10

Proceed to “Configuring the Onboard RAID” on page 31.

Configuring the BIOS on the Dell PowerEdge R640

To configure the BIOS on the Dell PowerEdge server: