On-Premises Deployment

FACEIO On-Premises allows organizations with restrictive IT policies or requirements for tighter integration to run the entire facial recognition layer on their own infrastructure, giving them complete control over biometrics hashes and users data which never leaves the deployment server(s).

FACEIO On-Premises is designed to address critical privacy and security needs of Enterprise customers without sacrificing performance or the user experience.

Please note that FACEIO on-premises is reserved for established business organizations such as enterprise class customers. For individuals, small or medium businesses, you should rely on the cloud plans as they are the most affordable, efficient, and privacy friendly where your indexes are encrypted, hashed, cannot be reverse engineered, and available to download periodically.

Features & Advantages

  • Complete control over users data. Biometrics Hashes* & MetaData never leaves the deployment server.
  • Unlimited Users Enrollment**
  • Unmetered Users Authentication
  • Unmetered Widget Instantiation
  • Full API Access & Unmetered API Calls
  • TLS Encrypted Transactions***
  • Straightforward & Automated Installation
  • Webhooks & Full Security Options
  • Continuous Updates, Bugs & Security Fixes
  • Priority Email & Integration Support
  • Completely Removed Telemetry
*If you opt for PixLab Insight instead of AWS Rekognition. Refer to the Facial Recognition Engine section for additional information.
**Bounded by your server(s) capacities. Refer to the requirements below.
***You have to install your own TLS certificates for each hostname where the solution is deployed.

System Requirements

The on-premises version of FACEIO prefer bare metal servers (CPU or GPU enhanced), but will also works on modern virtual environments (such as VMware), and managed instances from the cloud vendors (AWS, Google Cloud, Azure, OVH, etc).

Cloud vendors

Below, technical & minimal requirements for deploying the on-premises version on your own infrastructure:

Technical Requirements

CPU 4 cores at least with AVX, SSEx instructions set. The more CPU cores you can afford, the more concurrent operations you can process at instant T.
GPU NVDIA CUDA and cuDNN. Not required, but highly recommended.
RAM ≥ 16 GB DDR4
Operating System 64-bit Linux (Debian|Ubuntu|RHEL) or FreeBSD.
Disk Space ≥ 10 GB SSD or NVME
Software Stack Modern Clang or GCC compiler suite, with full support for C++17. Additional requirements includes OpenSSL, Python 3.9 or higher.

Deployment Instructions

When you opt for on-premises deployment for your application which is easily done via the FACEIO Console, you'll shortly receive a package composed of the following:

  • Precompiled & Binary Packages for Deployment

  • Download Tokens for Updates

  • Automated (wizard) Installation Script

  • Install Instructions PDFs

  • Commercial License Agreement

  • Email Addresses for Technical & Integration Assistance

Configure DNS & TLS Certificates

After successful deployment on the target server(s), you have to install your own TLS certificates, register the host name linked to the running server, and update the package configuration accordingly. This is easily done thanks to the automated wizard installation script shipped with the deployment package that will guide you through the whole configuration process. If you have deployed on more than one server, you will need to install the certificates on each server where the solution is deployed.

The section below gives you more information about the TLS certificates configuration for a given FACEIO installation. Please note that configuration generation is a fully automated process. All you have to do is answer few questions about the certificates path location, your fully qualified domain name (DNS) linked to the running machine, and so forth.

What You’ll Need

1. Your Server Certificate

This is the certificate you received from the CA for your domain. Do not generate a self signed certificate. It will not be trusted by any browser unless it is trusted by the client.

2. Your Intermediate Certificate

These files allow the browser connecting to your server to identify the issuing CA. There may be more than one of these certificates. If you got your certificate in a ZIP folder, it should also contain the Intermediate certificate(s), which is sometimes referred to as a CA Bundle.

3. Your Private Key

This file should be on your server, or in your possession if you generated your CSR from a free generator tool.

Configure the Websocket Service

Once the TLS certificate deployed on the target server, you have to adjust the package Websocket configuration accordingly:

  • The main configuration file is named fioconfig.json, and usually located at the root directory where the on-premise solution have been deployed. Usually, the default path is /usr/local/share/fio/, or any other directory you have selected during the installation.
  • Open the configuration file fioconfig.json in your favorite text editor, and point to the location where your TLS certificates are located. The fields of interest to updates in the configuration file are: TLSCertificateFile, TLSCertificateKeyFile and TLSCertificateChainFile. Again, the automated installation/configuration script should take care of performing the necessary changes to your configuration file. Just let the script know, where your TLS certificates are located.
  • Finally, a fully qualified domain name (FQDN) linked to the machine where the solution is deployed is a mandatory step in order for the on-premises package to register itself within the FACEIO Widget & API routing service.