Pexip Secure Meetings for Justice maintenance tasks

After you have installed and configured both Pexip Infinity and Pexip Justice there are several maintenance tasks that you may need to perform.

This topic covers the following maintenance tasks:

Upgrading to the latest version

The upgrade script below migrates all Pexip Justice portal information from the database except system files. These include SSL Certificates which must be moved over manually.

Also, the account password for the SMTP server is encrypted and will not be carried over in the upgrade. You will need to re-enter the password in the Pexip Justice portal in Global settings > SMTP server.

Upgrading is only supported between version n to n+1. You cannot skip a version. To upgrade to the latest version we recommend that you:

  1. Ensure that your existing Pexip Justice virtual machine is powered on.
  2. Perform a standard install of the new version.

  3. Run the following script on the new VM:

    pull-<vn>-data --<vn>-base-url <FQDN> --<vn>-auth '<username:password>' --<vn+1>-auth '<username:password>'

    Where:

    • n is the version number you are upgrading from and n+1 is the version number you are upgrading to.
    • username and password are your Pexip Justice web portal credentials.
    • FQDN is the FQDN of your Pexip Justice portal.

    Example

    pull-v2-data --v2-base-url https://portal.example.com --v2-auth 'admin:Pa$$phr4s3' --v3-auth 'admin:Pa$$phr4s3'

    For the script help page, run:

    pull-<vn>-data -h

  4. Change your DNS so that your Pexip Justice portal FQDN now points to the new VM's IP.
  5. When the upgrade is complete, ensure that the new version is working as expected, and then delete the old VM.

Version information for previous Pexip Justice releases

As mentioned in Upgrading to the latest version, upgrading is only supported between version n to n+1. You cannot skip a version. For this reason, you may need to upgrade to a previous version of Pexip Justice before moving to the latest.

Pexip Justice release Pexip Justice version number Pexip Infinity version prerequisite
v3.0.0 3.0.0-304.0.0 v35
v2.0.0 2.0.0-242.0.0 v35
v1.0.0 1.0.0-150.0.0 v35

Creating alias templates

Aliases allow different hearing participants to dial different aliases but still end up in the same hearing. To use aliases, you must first create an alias template in your Pexip Justice portal in Alias Templates > Create new alias template.

Each alias template you create must contain one of each of the following variables:

  • {{ long_alias }}

    This generates a UUID and may be more suitable for WebRTC calls where the alias does not have to be entered manually. Example: 958e52ba-4328-424b-8d77-c18a59f4c1da

  • {{ short_alias }}

    This generates a 9-digit number which may be easier to dial from a video endpoint. Example: 958524328

Aliases can include a domain or subdomain but this is optional. Aliases can contain numbers, letters, dashes and dots, but do not support wildcards or regular expressions.

Modifying the default email template

You can modify the content of the default email template used to create hearing invites. The email template uses a subset of the jinja2 templating language.

Supported variables

  • {{ encounter_name }}
  • {{ encounter_start_date }}
  • {{ encounter_end_date }}
  • {{ encounter_start_time }}
  • {{ encounter_end_time }}
  • {{ encounter_timezone }}
  • {{ encounter_main_language }}
  • {{ encounter_aliases }}

    Using this variable adds all aliases for the hearing, including ad hoc participant links, in the email invitations sent to existing participants.

  • {{ encounter_participants }}
  • {{ participant_display_name }}
  • {{ participant_email }}
  • {{ participant_authentication_method }}
  • {{ participant_pin }}
  • {{ participant_identity_provider }}
  • {{ participant_role }}
  • {{ participant_role_host }}
  • {{ participant_role_interpreter }}
  • {{ participant_language }}
  • {{ participant_aliases }}

    This contains a list of one or more aliases. You can loop over the aliases with a control structure such as:

    {% for alias in participant_aliases %}
    Dial the alias: {{ alias }}
    {% endfor %}

Email template examples

Here are some example email body templates that you can use as the basis for your own hearing invite emails.

Copy to clipboard 
<html>
    <p>Dear {{ participant_display_name }},</p>
    <p>Pexip is inviting you to a scheduled meeting. You can find the joining details below.</p>
    <h2>{{ encounter_name }}</h2>
    <p>{{ encounter_start_date }} / {{encounter_start_time }}-{{encounter_end_time }} ({{ encounter_timezone }})</p>
    <h3>Here's how to join the meeting from:</h3>
    <p>Web (PC / Mac / iOS / Android):</p>
    <p><a href="https://example.com/scheduler/#/?conference={{ alias }}&name={{ participant_display_name }}&pin={{ participant_pin }}">Join Meeting</a></p>
    <p>From a video conferencing endpoint dial:</p>
    <p>{{ alias }}</p>
    <p>PIN code:</p>
    <p>{{ participant_pin }}</p>
    <p>Login:</p>
    <p>{{ participant_identity_provider }}</p>
    <p>Test your connection and equipment today.</p>
    <p>Please test your connection, microphone, camera and speakers before the day of the meeting.</p>
    <p>Web (PC / Mac / iOS / Android):</p>
    <p><a href="https://example.com/courts/#/?conference=test_call@example.com&name={{ participant_display_name }}">Test your connection now</a></p>
    <p>From a video conferencing endpoint dial:</p>
    <p>sip:1234567@example.com</p>
</html>

This is an example of an email for a hearing with the interpretation feature enabled, containing formatting styles, and personalized joining information for interpreter and clerk participants.

Copy to clipboard 
<html>
    <head>
        <style type="text/css">
            table.joinTable {
                border: none;
                width: 520px;
                text-align: left;
                border-collapse: collapse;
            }
            table.joinTable td, table.joinTable th {
                border: none;
                padding: 10px 6px 10px 0px;
            }
            table.joinTable tfoot .links {
                text-align: right;
            }
            table.joinTable tfoot .links a {
                display: inline-block;
                padding: 2px 8px;
                border-radius: 5px;
            }
            td.listItem {
                color: #777777;
            }
        </style>
    </head>
    <body>
        <div>
            <p><b>Dear {{ participant_display_name }},</b></p>
            <p>Pexip is inviting you to a scheduled meeting. You can find the joining details below.</p>
            <div style="padding:1px 20px 15px;background-color:#f2f2f2;border-radius:5px;">
                <h2><b>{{ encounter_name }}</b></h2>
                <p>{{ encounter_start_date }} / {{encounter_start_time }}-{{encounter_end_time }} ({{ encounter_timezone }})</p>
            </div>
            <br>
        </div>
        <div class="container">
            <h3>Here's how to join the meeting from:</h3>
            <table class="joinTable">
                <tbody>
                    {% for alias in participant_aliases %}
                        {% if "@" not in alias %}
                            {% if participant_role == "Clerk" %}
                                <tr>
                                    <td class="listItem">Web (PC / Mac / iOS / Android):</td>
                                    <td><a href="https://example.com/courts/#/?conference={{ alias }}&name={{ participant_display_name }}&pin={{ participant_pin }}&callType=audiovideorecvonly">Join Meeting</a></td>
                                </tr>
                            {% elif participant_role == "Interpreter" %}
                                <tr>
                                    <td class="listItem">Web (PC / Mac / iOS / Android):</td>
                                    <td><a href="https://example.com/courts-interpreter/#/?conference={{ alias }}&name={{ participant_display_name }}&pin={{ participant_pin }}">Join Meeting</a></td>
                                </tr>
                            {% else %}
                                <tr>
                                    <td class="listItem">Web (PC / Mac / iOS / Android):</td>
                                    <td><a href="https://example.com/courts/#/?conference={{ alias }}&name={{ participant_display_name }}&pin={{ participant_pin }}">Join Meeting</a></td>
                                </tr>
                            {% endif %}
                        {% endif %}
                    {% endfor %}
                    {% for alias in participant_aliases %}
                        {% if "@" in alias %}
                            {% if participant_role != "Interpreter" %}
                              <tr>
                                  <td class="listItem">From a video conferencing endpoint dial:</td>
                                  <td>{{ alias }}</td>
                              </tr>
                            {% endif %}
                        {% endif %}
                    {% endfor %}
                    {% if participant_role == "Clerk" %}
                      {% for alias in encounter_aliases %}
                      <tr>
                          <td class="listItem">Ad-hoc alias:</td>
                          <td>https://example.com/courts/#/?conference={{ alias }}</td>
                      </tr>
                      {% endfor %}
                    {% endif %}
                    {% if participant_authentication_method == "PIN" %}
                    <tr>
                        <td class="listItem">PIN code:</td>
                        <td>{{ participant_pin }}</td>
                    </tr>
                    {% endif %}
                    {% if participant_authentication_method == "IDP" %}
                    <tr>
                        <td class="listItem">Login:</td>
                        <td>{{ participant_identity_provider }}</td>
                    </tr>
                    {% endif %}
                </tbody>
            </table>
            <hr>
            <p><b>Test your connection and equipment today.</b></p>
            <p>Please test your connection, microphone, camera and speakers before the day of the meeting.
            <table class="joinTable">
                <tbody>
                    <tr>
                        <td class="listItem">Web (PC / Mac / iOS / Android):</td>
                        <td><a href="https://example.com/courts/#/?conference=test_call@example.com&name={{ participant_display_name }}">Test your connection now</a></td>
                    </tr>
                    <tr>
                        <td class="listItem">From a video conferencing endpoint dial:</td>
                        <td>sip:1234567@example.com</td>
                    </tr>
                </tbody>
            </table>
        </div>
    </body>
</html>

Pinning participants to the layout during a hearing

Participant pinning allows you to place and lock specific participants, like the judge or prosecution, for example, in the most prominent positions in the video layout when a hearing is in progress. Pinning is enabled in the Pexip Infinity Administrator interface and a pinning configuration file is added to a theme.

For more information about creating pinning configurations, go here.

Adding new languages or changing translation strings in the user interface

You can add languages and change the user interface strings using Rosetta. To access Rosetta, go to the Pexip Justice portal > About > Rosetta. If you are not using Rosetta, you can upload a complete .po or .mo file instead.

Changing existing translation strings

After changing any strings you need to restart the service (or reboot the VM) for the changes to be applied. To restart the service use the following command:

systemctl restart courts-core.service

Adding new languages

Add new languages with the script add-language <language_code> and run the following commands:

sudo -s

cd /courts-core

/opt/courts-core/bin/python manage.py makeportalmessages -l <language_code>

/opt/courts-core/bin/python manage.py compilemessages

chown gunicorn -R locales/<terminology>/<language_code>/LC_MESSAGES/

systemctl restart courts-core.service

Uploading .po or .mo language files

Save your complete .po or .mo file in locales/courts/<language_code>/LC_MESSAGES/django.po or locales/courts/<language_code>/LC_MESSAGES/django.mo and run the commands below. If you are uploading a .mo file, you can skip the compilemessages step as this converts .po files into .mo files.

sudo -s

cd /courts-core

/opt/courts-core/bin/python manage.py makeportalmessages -l <language_code>

/opt/courts-core/bin/python manage.py compilemessages

chown gunicorn -R locales/<terminology>/<language_code>/LC_MESSAGES/

systemctl restart courts-core.service

Taking a diagnostic snapshot

When investigating any issues, your Pexip authorized support representative will typically want a diagnostic snapshot from both Pexip Infinity and the Pexip Justice deployments.

Pexip Infinity

See Downloading a diagnostic snapshot.

Pexip Justice

There is a diagnostic snapshot script available in the path in the VM which exports all the logs to a zip file in /tmp.

To take a snapshot, type snapshot in the VM. A snapshot .tar.gz file is created in /tmp with the current date and time. Example:
/tmp/snapshot_20240111151900.tar.gz

The snapshot contains all files in /var/log, the release.json file, and the database.

Diagnostic snapshots contain all the logs and the database contents and thus may contain personally identifiable information (PII), so they should be treated as confidential and only shared over secure channels.

Patching the operating system for the latest security bugs

We recommend that you keep the appliance's Operating System patched against the latest security bugs. The frequency with which you check for patches depends upon your local security policies but we recommend at least once per month, or whenever an important or critical CVE (Common Vulnerabilities and Exposures) has been resolved in Ubuntu.

Note that some updates may need some of the system services to be restarted or require a reboot of the VM, so we recommend performing these updates when a potential temporary loss of service is acceptable.

To install the latest security patches:

  1. Take a VM snapshot of the appliance.
  2. Log in to the server through SSH or VMware console as user 'pexip'.

  3. Run the following command:

    sudo apt-get update && sudo apt-get dist-upgrade

  4. Delete the snapshot after 1-2 days, when it has been confirmed that the patches have not had any detrimental effect.

Installing your own CA certificates

If you need to install your own CA certificates (e.g. to validate the LDAP server):

  1. If you have a .pem file you must first rename it to have a .crt extension.

  2. Place your CA certificates (one or more .crt files) in /usr/local/share/ca-certificates

    Note that as with replacing the default SSL certificate (described above), the pexip user does not have the necessary access rights to copy crt files directly to the /usr/local/share/ca-certificates folder so you must copy them via the /tmp folder of the Pexip Justice appliance, then move them to the ca-certificates folder:

    1. Using the SCP file transfer protocol, upload the CA certificate .crt file (cacert.crt in this example) to the /tmp folder of the Pexip Justice appliance using WinSCP or the ’scp’ command-line utility for Linux/macOS, using a command such as:

      scp cacert.crt pexip@10.0.0.10:/tmp

    2. After the .crt file has been transferred into the /tmp folder, connect over SSH to the VMR portal, log in as user pexip and run the following command:

      sudo mv /tmp/cacert.crt /usr/local/share/ca-certificates/cacert.crt

  3. Run the following command to apply the certificates:

    sudo update-ca-certificates

    The response should look like this:

    $ sudo update-ca-certificates
Updating certificates in /etc/ssl/certs...
1 added, 0 removed; done.
Running hooks in /etc/ca-certificates/update.d...
done.

  1. Run the following command to restart the Pexip Justice appliance:

    sudo reboot

Backing up configuration data

You should take regular backups of the configuration data on your Pexip Justice application and Infinity Management Node. For Pexip Justice, you must use your hypervisor's tools to create a full backup or snapshot. For the Infinity Management Node, you can back up at the VM level also, or use the backup and restore mechanism built into the Pexip Infinity Administrator interface. Go to Creating and restoring backups for more information.

Rerunning the install wizard

If you need to rerun the installation wizard after completing a maintenance task:

  1. Log into the Pexip Justice VM instance.
  2. At the command prompt, run the sudo installer command.
  3. At each step the default values use the answers from the previous run (if they are still valid). Press ENTER to accept the default value, or enter the value you want to use instead.
  4. When all of the installation wizard steps have been completed, the appliance automatically reboots.

Uninstalling Pexip Justice

If you need to uninstall Pexip Justice:

  1. Update the Pexip Infinity configuration:

    1. Remove the Pexip Justice external policy profile from the system locations that use it, and delete the policy profile.
    2. Remove the Call Routing Rules you set up to handle Pexip Justice calls.
    3. Disable breakout rooms if they are not required for any other purposes.
  2. Power off your Pexip Justice VM.