Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Here you will find a checklist of metrics you need to use to monitor the behavior of Oz system.
For your convenience, we provide an opportunity to monitor the Oz system behavior. The checklist below contains the monitoring recommendations: what to check and how to interpret results to ensure everything works well, and the system is ready to properly process your requests. To perform the check, you can use any monitoring system.
Ensure all servers are accessible. Use the ping command.
Check the free space on all disks. It should be 10% or more.
Check the RAM usage of your servers. It should be 90% or less.
Check the accessibility of the oz-api services. Launch the health check by calling GET `/api/version`. The successful response returns code 200.
Check the accessibility of the oz-bio services. Call GET `/v1/models/inquisitor`. The successful response returns code 200.
Check if the oz-bio license is up-to-date. Execute the code below in your console:
This code should return 1 in the console.
4. Check if there were any unusual delays in the last series of analyses. Execute the code below to get the 90 percentile delay value in seconds:
The result in your console should be lower than 20.
5. Check if the suspicious analyses queue is growing. Execute the code below to get the amount of unfinished analyses in the queue:
The result in your console should be lower than 20.
If anything doesn’t work as expected, please contact us at support@ozforensics.com.
It is recommended to give our engineers access to at least one channel you use to get the monitoring information. In this case, we’ll be able to provide a timely reaction to any trouble that appear.
How to install the Liveness Server biometric processor
Contact us to get the docker image archive link and download the archive
Load the image to docker: docker load -i <path to image tar file>
Run docker: docker run -p {port}:80 -t ozforensics/oz-api-lite:{tag}
The container might need several minutes to start.
The parameters are set by environment variables when starting the Docker container.
The following parameters are valid:
NUM_WORKERS – maximum for the analyses performing at once; might be different in different cases. Default: 16.
TF_ENABLE_ONEDNN_OPTS – used for acceleration. Default: 1, for AMD processors, set 0.
Interaction with the biometric processor is based on the REST API. The HTTPS protocol is used.
API access base URL: https://{hostname}/v1/face/pattern or https://{hostname}/v1/face/liveness depending on method (please refer to Oz API Lite methods).
Where:
{hostname} – the hostname and port of the deployed biometric processor server.
Example: localhost/v1/face/pattern
The API supports the following request content types ("Content-Type" HTTP header):
«multipart/form-data»;
«application/octet-stream»;
«image/jpeg» or «image/png»;
this part covers the installation of Oz modules: both full and lite versions.
Please note: this page covers the on-premise model of usage only.
If you use Oz Web SDK via SaaS, please contacts our engineers.
Oz Liveness WEB Adapter is set up via changes in the configuration file stored at the Oz Liveness WEB Adapter server: /core/app_config.json
Please find a sample for Oz Liveness Web SDK here. To make it work, replace <web-adapter-url> with the Web Adapter URL you've received from us.
For Angular and React, replace https://web-sdk.sandbox.ozforensics.com in index.html.
The usage manual for the standalone installer
The standalone installer is a software made to install all Oz Forensics modules to customers servers, performing all required settings related to personal topology and customer requirements.
This installer is intended to deploy the software to servers directly, under the server administration user account. The direct access to the Internet can be provided or not (with some notes). Linux OS should be preinstalled with the ability to connect with full access via SSH.
For installation to OpenShift and other orchestrators, please .
CPU: 16 cores
RAM: 32 GB
Disk: 80 GB
CPU: 8 cores
RAM: 16 GB
Disk: 300 GB
Please check the OS version with our team.
Kubernetes version: 1.27.
Mandatory components:
Prometheus (Helm chart version (kube-prometheus-stack) – 45.7.1),
ClusterIssuers.
Optional components:
Any Storage Class that supports the ReadWriteMany (RWX) mode.
Node resources’ requirements:
CPU Architecture: Intel
Request a list of clients’ URLs and the corresponding SSL certificates.
Check that all servers are accessible via the local network.
Check that access is allowed either via SSH with authorization by password or by key file and sudo without password.
For the installation, we recommend Docker or Podman. Alternatively, you need the Internet to download and install Docker or Podman automatically.
or
Check the availability of license service by address https://api.cryptlex.com for servers. The client’s firewall should be opened for this address.
Check that AVX flags for CPU on BIO host are supported. To verify this, run the lscpu | grep -E 'avx256|avx512' | wc -l command. The response should be 1.
The client’s firewall should not block:
any running scripts or binary image supplied;
any local ports for the processes’ intercommunication (docker networks: 192.168.0.1/24, 192.168.10.0/24, 192.168.11.0/24, 192.168.12.0/24, 192.168.13.0/24);
ports 80, 8000, 8080, 8090 on the API server and port 8091 on the BIO server;
port 5432 for the additional Postgres installations.
Please be ready to terminate the HTTPS connection and decrypt the traffic before forwarding it to the API server. This is typically done by a firewall or other security device.
It is important that you warn our team about all non-typical and/or non-official software or services preinstalled on the host servers.
You can order a trial bundle for free. For this bundle, you'll need two servers meeting system requirements listed above.
To run the installer, you need any machine with Windows or Linux matching the following system requirements:
1 GB RAM, 1 CPU, 3 GB hard drive
Windows 10+ (recommended)
Linux 64 bit (Python 3.7 is required)
Download and unpack your personal installer bundle.
Put the required configuration to the settings.yml file. The most important settings are described below. Usually, it is only required to fill the authorization and variables sections.
Please note: the configuration file is your personal copy, sharing it with any 3rd side is prohibited.
Run the command prompt with administrator's rights. Use the cd command to go to the folder where the unzipped installer is located. Launch the installation.
Windows:
Linux:
Optional parameters:
filename – filename with settings ('settings.yml' by default)
private_key – a path to the private SSH key (overwrites the appropriate option from settings file)
key_password – password to SSH key (if not specified, the system will ask to enter it in the console)
ssh_password – password for SSH login
debug – generate additional logging information for support
Usage example:
For Linux, place the private SSH key into the installer directory and set up the corresponding path in configuration: /installer/priv_key
Every step of the installer echoes information to process.log. To report any installation issues, please, attach that file to your ticket.
You need to extract the private part of the key and then specify the path to that file in section auth -> ssh_private_key
This error could arise when the docker-compose tool was installed independently before the installer and default binary was set to /usr/local/bin
For the correct work of the installer, please, make a symbolic link:
Some configuration file parameters can be changed without direct editing of the /core/app_config.json file. You can do it using the environment variables.
WA_ARCHITECTURE – redefines the architecture parameter
WA_API_URL – redefines the api_url parameter
Here's an example of using environment variables for the dockered Web SDK in the Lite mode:
How to install an offline licensing server
Oz Forensics provides flexible licensing rules for all products. To support licensing for servers without an Internet connection, you need to install an offline license server.
The installation is complete. For the next steps, use the Web interface on port 8090.
Open the default page in your Web browser http://server:8090 and authorize with your login and password.
Go to theSettings section.
The easiest way to activate the license server is via the Internet. Enter the license key and click ACTIVATE.
If your server isn't connected to the Internet, use the offline activation option. Click the SWITCH TO OFFLINE ACTIVATION link.
Enter the license key and hit NEXT.
ClickDOWNLOAD REQUEST FILE.
Enter the activation code in the offline activation response window and hit ACTIVATE.
Add an extra command line parameter with the LICENSE_KEY environment variable with license server host address and port.
Create the license.key file with the content of license host and IP and bind this file to your container:
You may also refer to the for further assistance.
Nginx Ingress Controller (Helm chart version – 4.7.1, please find our Helm chart repository ),
CPU/Memory: same as described in .
If you want to configure the values yourself, please .
version 19.03 and higher and version 1.27 and higher (should be installed in /usr/sbin);
version 4.4 and higher (with netavark and aardvark-dns modules) and podman-compose.
To install the balancer (only in case your installation bundle include it), we recommend installing (version >= 1.17.5). Additionally, SELinux should be switched to permissive mode (for CentOS and Redhat only). Alternatively, the Internet should be accessible for automatic download and installation.
your personal copy of the installer with the preliminary ordered product bundle for your test or production environment.
If the installation was interrupted by an issue, then, after the problem resolution, the process usually is allowed to continue. If it doesn't, be ready to reset servers to their original condition. You can try to solve the issue by adding the --debug flag to the command line of the installer. You can also for details.
You can install the software on any Linux-based non-virtual server. to get the files needed and follow the steps below.
You'll get the offline_activation_request.txt file. Send it to to receive the activation code.
Response codes
Description
200 OK
The method call completed successfully. The biometric processor response is included in the HTTP BODY.
400 Bad Request
The method call failed on the Client side. The error code is included in the HTTP BODY.
500 Internal Server Error
The method call failed on the biometric processor side. The error code is included in the HTTP BODY.
This part covers the containing of the /core/app_config.json file.
use_for_liveness – the option is used when bank managers are taking clients' videos. If the option is set to true, mobile devices use the back camera by default, and on desktop, flip and oval circling are off.
preinit – this optional parameter switches on the preliminary loading of scripts and face detection initialization. This is needed to reduce the plugin loading time. The default value is off that means all the scripts are loaded after calling OzLiveness.open(). The script value means that the scripts will be loaded before the plugin launches. The full value enables preliminary loading of scripts and face detection initialization.
architecture – this optional parameter is used to choose the architecture for Web SDK. The default value is normal.
api_url – Oz API server address, a text parameter;
api_token – Oz API access token, a text parameter;
api_use_token – a parameter to specify the source of the Oz API access token for the system. Possible values = config, client.
If the parameter value is client, then an Oz API access token is expected to be derived from the JS plug-in;
If you specify config in this parameter, a token will be retrieved from the api_token parameter of the Oz Liveness Web Adapter configuration file.
video_actions_list – block of video file tags used in the system, a text array. Current tag list.
photo_actions_list – block of photo file tags used in the system, a text array. Current tag list.
actions_default_importance – this parameter specifies whether override with an actions array from a web plug-in is allowed at launching an analysis. Possible values = true, false;
If true, the Adapter will use an actions array from the configuration file.
If false, the Adapter will use an actions array forwarded from your browser with the use of the open(options) method.
actions_default – the actions array. Options include:
video_count – the number of transmitted video files, a numeric parameter;
photo_front – whether there is a front-side page in the document. Possible values = true, false;
photo_back – whether there is a back-side page in the document. Possible values = true, false.
analyses – a block for configuring the launch of analyses. Options include:
quality – launch of Oz Liveness analysis. Possible values = true, false;
biometry – launch of Oz Biometry analysis. Possible values = true, false;
documents – launch of Oz Text analysis. Possible values = true, false;
collection_ids (since 1.4.0) – an array of the identifiers of collections for the Black List analysis.
extract_best_shot – a parameter that specifies if a direct link to the best shot (bestshot) extracted from the video should be appended to the analysis result. Possible values = true, false. If true, the response will contain a link to the extracted image inoutput_images (results_media);
result_mode – a parameter that specifies the contents of the server response with verification results. Possible values:
safe– only the state of analyses is returned (completed or not yet);
status– results of completed analyses are returned;
folder – same as status but with folder identifier added;
full– full Oz API response on the analyses is returned in the JSON format.
result_codes– a block of response codes with annotations.
delete_old_sessions: true, false– whether you want to delete old sessions
delete_old_sessions_offset_minutes: ***– old sessions deletion time offset (in minutes)
video_required_actions_list– the array of required actions
save_lossless_frame: true– saving the original frame without compression
video_file_format – optional; here you can choose the video file format. This video file is passed to the api. Possible values: zip (recommended) and mov (less secure). If you need to retrieve your captured video in the MP4 format, please find the instructions here.
debug (since 1.1.0) – if true, enables access to the /debug.php page, which contains information about the current configuration and the current license.
load_3d_mask (since 1.2.1) – if true, loads the model to process the video taken with the 3D mask functionality. The default value is false which means that the model is not used, and the 3D mask is unavailable (the enable_3d_mask parameter is being ignored).
enable_3d_mask (since 1.2.1) – enables the 3D mask as the default face capture behavior. This parameter works only if load_3d_mask is set to true; the default value is false.
master_license_signature (since 1.3.1) – the parameter for the master license signature; the default value is null.
results_polling_interval (since 1.4.0) – the interval for polling for the analyses’ results in ms; the default value is 1000.
get_user_media_timeout (since 1.5.0) – it defines camera access timeout in sec; after this timeout it displays a hint on how to solve the problem; default_default for all browsers and android_facebook for Facebook
disable_adapter_errors_on_screen (since 1.5.0) – if true, disables the display of API errors in modal windows, allowing you to view them solely using the on_error callback. The default value is False.
The configuration settings are contained in theconfig.py file. Its location depends on the installation method:
host machine or Docker container oz-api: /opt/gateway/configs
standalone installer: /var/lib/docker/volumes/api_oz-api-config-vol/_data
All incoming media files are saved in the local directory mounted to one of possible endpoints depending of the installation method:
host server or Docker container: /opt/gateway/static
in case of standalone installer: /var/lib/docker/volumes/api_oz-api-static-vol/_data
any path specified via configuration
In most of the integration cases, the media files can be accessed in web using the direct links to randomly generated filenames.
To access the media, you need to specify in the configuration file their external host name or IP address, port, and connection protocol.
WA_CORS_ORIGINS defines what sources are allowed to make requests. The's no default value. Please bear in mind that if you don't set this value, the CORS headers will be switched off and no such headers will be added within the Web SDK container.
WA_CORS_METHODS(optional) – HTTP methods allowed to use. If the variable is not set, it gets the default value, which is 'GET, POST, OPTIONS'. If the variable is not used, any method is accepted.
WA_CORS_HEADERS(optional) – HTTP headers allowed to use. If the variable is not set, it gets the default value which is 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type'. If the variable is not used, any header is accepted.
An example of using environment variables for server configuration:
Please note: this page covers the on-premise model of usage only.
If you use Oz Web SDK via SaaS, please contacts our engineers.
Our engineers will help you to install Oz Web SDK using the standalone installer (requires your technical personnel to take part) or manually (everything is done by us). Once installed, the adapter part generates the plugin files: file with styles (ozliveness.css) and the primary script of the plugin (plugin_liveness.php).
This part covers the license update process as the license is installed during the SDK installation; but a new license can be installed in the same way.
To generate the license, we need the domain name of the website where you are going to use Oz Forensics Web SDK, for instance, your-website.com. You can also define subdomains.
To find the origin, in the developer mode, run window.origin on the page you are going to embed Oz Web SDK in. At localhost / 127.0.0.1, license can work without this information.
Unzip the file received:
2. Copy the JSON license file to the host where you’ve deployed the container from the ozforensics/oz-webliveness-dev:latest image.
Example
-i ~/ozforensics/keys/id_rsa-test-hostname-vm is the path to the public ssh key of your host license.
0000aaaa-00aa-00aa-00aa-00000aaaaa.WebSDK_your_website.2022-10-11.json is the JSON license file.
user is the username on host.
hostname is the host alias.
/opt/oz/web-sdk is the directory where you’ve deployed the Web SDK container.
3. Replace the license file.
Example
4. Restart the Web SDK container for the new license to be applied.
Example
web-sdk is the name of the container you’ve deployed from the ozforensics/oz-webliveness-dev:latest image.
Once the license is added, the system will check its validity on launch.
Error
Description
License error. License at <> not found
Cannot find the license file
License error. Cannot parse license from <>, invalid format
The license containing is somehow invalid: e.g., incorrect JSON
License error. Current date is later than license expiration date
Your license has expired and needs renewal
License error. Origin is not in the list permitted by license
Your domain or subdomain name can't be found in the list of allowed URLs
