00:00:00 Introduction

Thanks again. I think you've done admirably filling in for Faye, who's on vacation. Much appreciated. So as Gijs said, we're going to talk about the self-managed version. It is now out there in the world, so I'm happy to introduce it to you.

In today's presentation, we're just going to take a quick look at what is the difference between SaaS, which is ActivityInfo.org, and what does it mean to have self-managed software. We'll introduce you to the ActivityInfo Standalone server, and then I'm just going to walk through actually installing it and showing you how it works. Then we'll round up with questions at the end.

00:00:49 SaaS vs. self-managed software

The last 15 or 20 years has seen really a revolution in the way that software is delivered. It's something that BeDataDriven, with ActivityInfo, started out as Software as a Service (SaaS). This is kind of what we know and how we've been working up to now. So with Software as a Service, you have a vendor like us, and we're responsible for all aspects of operating the software. We manage the servers, we make sure everything works, and we do everything that needs to be done to run software. You just get to access it with a web browser.

Whereas self-managed software—this is, of course, how Microsoft Word used to work back in the day—we would actually buy software and install it on our computers. And of course, this is still relevant in many cases, but there, the customer is responsible for all these tasks that our team would do. You have to install software, you have to maintain it. If something goes wrong, it's on you to fix all of those things.

A knock-on consequence is that it means that the data that you store in a system like ActivityInfo, for Software as a Service, means that the data is stored on computers managed by us. We own those computers or rent those computers. Whereas if you have self-managed software, you know that you can choose where that data is.

00:04:14 Reasons for choosing self-managed hosting

With Software as a Service, we take care of so many details of running software. From everything to make sure that your data is backed up, we have a disaster recovery plan, we handle all of the network configuration, the SSL certificates, the DNS, the email delivery, and everything related to security. We monitor the system 24/7 to prevent abuse. For many years, I think for most organizations, this is really ideal because you can focus on your mission, and you don't have to worry about all of these details.

However, we've heard from a number of customers and potential customers over the last couple of years that, despite all of the advantages of Software as a Service, they still really need to be able to manage the software themselves. Either because they want to keep data on an internal or air-gapped network that's not connected to the internet, or some organizations have policies that just draw a red line under letting anybody else safeguard data.

Of course, you have governments in sovereign countries who really don't feel comfortable allowing their data to be subject to the laws of other countries. We store the data for ActivityInfo.org in three countries: the Netherlands, Belgium, and Germany. We keep backups in all three of those countries to ensure that the data is safe. But that means that we're subject to the laws of these countries. If the Dutch police come and knock on our door with a valid search warrant, we have to follow the law. Not all countries or organizations are comfortable with that. Those are some of the reasons that we've consistently heard that some organizations, for some data, want an option to have total and complete control over their data.

00:06:19 Design goals for the standalone server

We had three main design goals. We couldn't just take the software that we run, which requires a whole team full-time to manage and is integrated into our company with everything from billing to our reliance on the Google Cloud Platform. We really needed to come up with a new product that could be installed on a network and a device of your choice. We know from past experience that a lot of the organizations we work with have IT departments that are already stretched very thin. So it's not like you could allocate two people to work full-time on managing the software.

With that in mind, we've come up with a product that is super simple to install. Everything is contained in one server and is easy to manage on an ongoing basis. The ActivityInfo Self-managed version is a single server. It has everything included, from the application to a web server to an embedded database, all in one. If you do choose to manage this on your own, we've tried to make it as easy as possible.

00:08:18 Trade-offs and reliability

With that, there comes, of course, some trade-offs. So with the Software as a Service version, we have basically an instant recovery policy. If a server fails or if a hard disk goes down, you won't even notice it because we have backup servers ready to failover automatically. If there's a fire in a data center in Holland, that's okay; we have a replica of your data in a data center in Belgium and Germany that will fail over immediately. We can offer a very high uptime and guarantee 99.5% availability.

Of course, on the Self-managed version, that's really on you and your IT department. Having a simplified setup means that if you do have a hard disk failure, or if your data center has a fire, you'll have to rely on a nightly backup or a weekly backup. You might have some downtime, or you might lose access to the server. There are trade-offs to the simplified process.

00:09:52 Installation walkthrough

Let's go from the abstract to the concrete. I've got a virtual machine set up here running Windows Server 2019. You can follow along with me; this is on our website. I'm going to use the instructions for the Windows Server, but we also have instructions for Debian Linux, and ActivityInfo is a Java application, so it can really run anywhere.

We've got an MSI installer package ready to go here. You'll need to have a dedicated machine for this or a dedicated virtual machine running under Hyper-V. The server is going to need to have its own IP address if you want to grant other people on your network or outside of your network access to the system.

The first thing it's going to ask me is where I want to put the software. By default, we split this up: one is the Program Files ActivityInfo server code, and the second is a location where the ActivityInfo database files are actually stored. Next, you're going to need to choose the first administrator. This will be the first user account, allowing you to log into ActivityInfo. The standalone version doesn't have a free trial sign-up like our SaaS version, so you're going to have at least one administrator who is allowed to invite others, create databases, and configure the system.

It's going to prompt you to open up your firewall for ports 80 and 443. Those are just the standard WWW ports. Just keep in mind, it's going to need those open ports. So if you've got another web server running, like Microsoft IIS, you're going to have to disable those or uninstall those first before you can install ActivityInfo.

00:14:26 Server configuration

Once installed, I can access this on localhost. I'm going to log in with the credentials I entered during the installation process. As the System Administrator, you have access to the Server Settings section. Here you have some screens that will help you set up the rest of the configuration.

First, you see the License section. It comes with a 60-day free trial. You'll need to contact us if you want to use it after that and purchase a license. You can add additional administrators if you want to allow them to add databases of their own and potentially have access to this System Configuration.

We're also going to need to set up an SSL certificate. Setting up a certificate can be a bit complex, so we've built into this an integration with a service called Let's Encrypt, which is a free automated certificate issuer. I'm going to enable automatic certificate management using Let's Encrypt. You do need a domain name for a secure connection. Once configured, ActivityInfo will automatically renew this when about two-thirds of the certificate period has passed. This integration with Let's Encrypt only works if your service is publicly accessible via the internet. We have instructions in the documentation on how to do this if you have an internal network.

Next is email delivery. ActivityInfo will send notifications when you invite somebody to access your database. If you want those to be shared, then you will need to configure something for email delivery. You can either use an external service like Postmark or SendGrid, or you can do it with a Gmail account or Office 365, though you have to be careful about terms of service regarding automated sending.

The last thing is single sign-on (SSO). You may want your users to sign in via their accounts, either through Active Directory, Google, or some other OpenID Connect provider. The easiest option here is if you're running on a Windows Server joined to your domain; you can configure this integration with your Active Directory. You can also use Azure Active Directory by pasting in the client ID and a list of email domains that you want to be directed for login through Azure AD.

00:22:57 Using the self-managed version

Once you have all of this set up, then you're really ready to just start using ActivityInfo like you would normally on ActivityInfo.org. You can add a new database, for example, a multi-partner reporting database or case management database. You have all the same features that are available through the SaaS version. You can create forms, register data, and invite people to connect to the database just like you would on our Software as a Service.

You really have as much choice as you want in terms of deployment. You could choose to install this on an on-premise data center, or if you wanted to run it in your own Azure account, Google Cloud Platform account, or AWS account, you could do that too.

00:25:54 Q&A

Fouad asks about Humanitarian ID single sign-on. Yes, indeed. Humanitarian ID uses the OpenID Connect protocol. So, you should be able to configure that here by adding an OpenID provider. You'll have to put in the details provided by Humanitarian ID (client ID and secret), and then you can choose which email domains you want to direct through Humanitarian ID. Just note that every user account is associated with one and only one identity provider for security reasons.

Fouad also asks about limitations from using SQLite. That's one of the trade-offs in complexity. We've designed the SaaS system to scale to our global customer base. The self-managed version uses SQLite, which processes one update at a time. The trade-off is that it processes updates very quickly because it commits to disk immediately, whereas the SaaS version waits for replication across data centers. It can handle hundreds of updates per second, but I'm not sure I would recommend this yet for a massive global footprint. It scales very well for case management scenarios. The biggest trade-off is data durability; I would recommend a backup strategy, such as nightly backups.

Jonas asks for simultaneous translation for Francophones. That's something that we are looking into. We would like to do more for our webinars. I'm sorry we don't have something in place now. If there's something that you're missing, please drop me a line, and I'm happy to do a presentation in French. We have been slowly adding subtitles to the webinars, so you can find French subtitles for some webinars on our website under News.