Implementation Guide

Overview

Clients typically implement virtual machines within which they create an environment to host and manage the containers. The platform uses Kubernetes as its primary supported container orchestration system.

Benefits

The containerized microservices architecture provides the following benefits:

  • Auto Scaling — Automatic scaling of resources allows the automatic increase or decrease of the number of containers running to meet capacity needs as workload changes. The system can easily handle peak times while allowing you to save resources when they are not needed.
  • Self-Healing — Using Kubernetes, containers are automatically replaced should one fail. This also assists with version rollbacks and makes upgrades easier.
  • Automated Disaster Recovery — Failover and disaster recovery (DR) is made possible using the Kubernetes architecture.
  • Local or Global Installation — After the system is in place you can scale up, add nodes or pods, and make it globally available.
  • Platform Independence — The platform is cloud-native and can be deployed on any Kubernetes system, whether on-premises or on any major cloud provider. You have the flexibility to set up your Kubernetes cluster in a private or public cloud, or in multi-cloud or hybrid environments.
  • Easy Product Integration — The entire technology suite uses this architecture, making deployment of additional products much faster. You can add CPA or TTS to ASR, for example, and once speech products are in place, you can add Voice Biometrics with greater ease.
  • Resources and Tools — Integration with Kubernetes is provisioned using Helm charts that streamline the installation. Sample test scripts and built-in diagnostics mean you can verify that everything works, allowing you to get up and running quickly.
  • Lower Cost of Ownership — Clients can make use of existing hardware, and the solution utilizes popular, well-supported open-source software components like MongoDB and PostgreSQL instead of more expensive proprietary database technologies.

Implementation Options for Container Orchestration

Small Node-Count Kubernetes

For small operations — typically on-premises, or for a testing proof-of-concept exercise — Kubernetes in a minimal configuration is a good option. The speech products, using any of the communication protocols, can support several hundred concurrent users in this configuration, depending on hardware. Sales Engineering can assist with hardware sizing guidance and provide a recommended installation process.

Full Kubernetes Cluster

Kubernetes is a portable open-source platform that manages containerized workloads and services, often called a container orchestration system. It is used to automate cloud software deployments and scaling of containers, pods, and clusters (a pod is one or more containers). Kubernetes typically also provides security, load balancing, automatic failover recovery, and self-healing.

Kubernetes can be deployed in multiple environment configurations, including a public cloud. To request access to a hosted evaluation instance, contact the sales team.

Authentication

The containers are designed to run inside a Kubernetes cluster. System hosts may provide security for this environment, or administrators may wish to utilize their own identification and authorization mechanisms.

In any case, it is recommended to follow industry-standard best practices as well as Kubernetes security best practices. This includes securing cluster nodes and other services, using appropriate firewalls, and VPC configurations as needed.

Environment

The solution requires an environment in which Kubernetes can be installed — typically a Linux-based environment, which offers optimal performance. Clients should consider separating test and production systems. It is recommended that the Redis, RabbitMQ, MongoDB, and PostgreSQL components be provisioned outside of the Kubernetes cluster for performance and resiliency purposes.

Hardware

Sizing for production will need to be determined based on your specific cluster requirements. Contact Technical Support or Sales Engineering for assistance with sizing design.

Load Balancing

Kubernetes has its own form of load balancer built in. In addition, the platform utilizes an advanced service mesh mechanism to optimize traffic and security within its containerized environment.

Other Implementation Considerations

Software and Activities in a Production Environment

Some or all of the following activities will take place in a production environment and are the customer or partner's responsibility:

  • Provision required hardware and host containerization software
  • Install the platform software and integrate the customer system for audio input and data output back into the customer speech application
  • Set up Kubernetes, RabbitMQ, Redis, MongoDB, and PostgreSQL
  • Monitor hardware, software, and services (e.g., using tools like Prometheus, Grafana, or others)
  • Analyze and consolidate logs (e.g., using log analysis tools like Datadog, Splunk, or others)
  • Stress test the full solution in a production environment
  • Monitor network and component latency
  • Manage databases including scheduling of database cleanups
  • Manage backups

Supported Audio Formats

Audio must be recorded in one of the following formats and converted and submitted as headerless byte-streams:

  • Linear signed PCM — 16-bit, 8 kHz sample rate
  • A-law compressed — 8-bit, 8 kHz sample rate
  • μ-law compressed — 8-bit, 8 kHz sample rate

WAV, FLAC, MP3, Opus, M4A, MP4, and GSM formats are also supported.

Security

Data is secure both at rest and in transit. Data is encrypted with keys only available to customers, and those keys are further encrypted. The platform operates inside secure environments with protection from outside access, and URL and port usage is designed to allow segregation of duties. Integration with external components supports uploading and working with security certificates.

In more detail, the platform provides the following security features:

  • Secure TLS communication between components. TLS (Transport Layer Security) is a cryptographic protocol and the successor of SSL.
  • Audio and data are encrypted at rest within the MongoDB and PostgreSQL databases.
  • PKI (Public Key Infrastructure) implementation manages digital certificates for the components and public key encryption. All security is managed by the customer, including customer-managed keys, which can be rotated as needed and need not be external-facing.
  • The administration portal has a dedicated port for the cluster admin and a separate dedicated port for tenant deployment administrators. The URLs are constructed to easily enable segregation of duties with firewall access rules. Tenants are shielded separately from one another and from cluster administration.
  • The only external connections required are the licensing service (collecting only product usage counts) and the link to download ASR and TTS model resources.

Migration from Existing Technology

There may be a learning curve for clients or partners not previously exposed to container technology. Containerization is widely embraced by cloud providers and large organizations for its benefits, including scalability and self-healing. To assist with the transition, Helm charts are provided to enable clients to configure and customize their systems in a consistent, repeatable manner. Test scripts are also available for rapid verification that everything is working correctly.

Visit the Knowledge Base, the Helm charts repository on GitHub, and the API documentation at developer.lumenvox.com for detailed implementation information.

Was this article helpful?