Off-Loading KYP.ai Connect App Processing to Reduce Local Resource Consumption

  • Updated on Jul 22, 2025
  • Published on Jul 9, 2025
  • 4 minute(s) read
Prev Next

πŸ“„ Overview

The KYP.ai Connect App is optimized to run with minimal overhead:

  • CPU usage: ~2–3%

  • RAM usage: <400 MB

  • Disk cache: <1 GB/day per user

However, when Image Processing and Anonymization runs locally, cumulative load increases - especially in multi-session environments.

Feature

Typical Increment per User

Resulting Average Footprint

Base Agent (activity capture only)

β€”

2–3% CPU

+ Image Processing

+3–4% CPU

5–7% CPU

+ Anonymization & Masking

+4% CPU

10–11% CPU


Note: The memory limit is fixed at 1 GB; Java uses this memory over time, and during image recognition and anonymization, it is consumed faster, which in time may delay the data processing.

Solution: Off-load these workloads to the KYP.ai Server to optimize performance and scalability.

πŸš€ Benefits of Server-Side Processing

  • πŸ”» Lower endpoint utilization – restores base 2–3% footprint.

  • πŸ“ˆ Predictable scaling – scales with server capacity, not user count.

  • πŸ› οΈ Centralized governance – unified management of OCR & anonymization rules.

  • ⚑ Faster client log-on – reduced DLL loads and cache growth on user workstations.

  • 🧾 Simplified compliance – all sensitive data handling is logged centrally.

πŸ—οΈ Architectural Comparison

πŸ”Ή Local Processing (Default)

  • OCR Location: βœ… Performed on the endpoint device

  • Anonymization: βœ… Performed on the endpoint device

  • Data Flow:

    1. πŸ“„ Raw OCR content is extracted locally

    2. πŸ“€ OCR results (text) are sent to the server in functions directly created in the KYP Connect App

    3. πŸ›‘οΈ Anonymization is performed locally on the created functions by the KYP Connect App

  • βœ… Recommended for: Single-session hosts

  • ⚠️ Considerations:

    • CPU load on endpoint for OCR

πŸ”Ή Server Processing (Recommended)

  • OCR Location: βœ… Performed on the server

  • Anonymization: βœ… Performed on the server

  • Data Flow:

    1. πŸ“Έ Screenshots captured on endpoint

    2. πŸ“¦ Compressed screenshots are sent to the server

    3. πŸ” OCR is performed on the captured screenshots on the server

    4. πŸ›‘οΈ Anonymization done by the server on the functions and screenshots

  • βœ… Recommended for: Multi-host sessions or shared desktops

  • ⚠️ Considerations:

    • Requires screenshots collection, which takes server`s disk space and performance

πŸ“‹ Prerequisites

  • πŸ”§ KYP.ai Server version Edinburgh 2025.03.01.01 or newer

  • 🧠 Server capacity:  β‰₯4 vCPU per 100 concurrent users. For more recommendations, please refer to the Installation requirement guide.

  • 🌐 Stable upstream bandwidth:  β‰₯10 Mbit

  • πŸ” TLS certificates in place (see SSL Configuration section of server manual)

  • πŸ§‘ Admin access to:

    • Admin Panel β†’ Configuration β†’ Other β†’ Special Settings

    • KYP Connect App Profiles

πŸ› οΈ Step-by-Step Procedure

⚠️ Maintenance Notice

It is important to perform changes outside business hours or through a phased rollout to minimize the impact on the data collection.

πŸ”§ 1. Enable Image Processing on Server

  • Go to: Admin Panel β†’ Configuration β†’ Other β†’ Special Settings

  • Enable:
    IMAGE_TO_TEXT_ON_THE_SERVER_ENABLED = true

  • (Optional) If using an external OCR engine, change the parameters mentioned below to values that correspond to your OCR engine.

    EXTERNAL_OCR_SERVICE_ENABLED = true  
EXTERNAL_OCR_SERVICE_ADDRESS = https://ocr.example.com/api  
EXTERNAL_OCR_SERVICE_TOKEN = [your_token]  


πŸ” 2. Check the Anonymization configuration

  • Go to: Admin Panel β†’ Configuration β†’ Organization β†’ Special Settings

  • Toggle: ANONYMIZATION_RULES_ENABLED = true

  • Leave CLIENT_DATA_ANONYMIZE = NONE (or set to DATA / AGGREGATED per policy if needed)

  • Go to: Admin Panel β†’ Configuration β†’ Organization β†’ Anonymization & Data Masking β†’ Properties

  • Change the Anonymization device to KYP Server:

🧩 3. Disable OCR in KYP Connect App Profiles

  • Go to: Admin Panel β†’ Service β†’ KYP Connect App Profiles  β†’ Operational

  • For each profile:

    • ❌ Disable KYP Connect App Image to Text (OCR)

    • πŸ’Ύ Save profile

  • Apply profiles to all relevant users/machines

Note: All Screenshot Collection has to be enabled in order for the OCR to be performed on the server.

πŸ” 4. Verify Data Flow

  • Navigate to: Admin Panel β†’ Home β†’ Quick Actions β†’ Data Flow

  • Confirm:

    • πŸ“· Confirm Screenshot and OCR Data Collection

      Navigate to the Screenshots and Functions item section and verify that screenshots are being captured correctly and that OCR-extracted content is present.

    • πŸ“‰ Monitor Hardware Metrics Panel

      Ensure that CPU usage on individual workstations has dropped to expected levels (≀3%) following the off-loading. This confirms the reduced local resource consumption.

    • πŸ” Validate Anonymization Functionality

      Check the Anonymization & Data Masking section to confirm that rules are being applied and sensitive data is being masked as expected. Make sure to select screenshots masking in the design

πŸš€ 5. Roll-Out to Production

  • Stage deployment:

    • 10% β†’ 30% β†’ 60% β†’ 100%

  • Monitor:

    • πŸ”” Performance Guard Alerts (AGENT_ENABLE_PERFGUARD)

    • πŸ“Š Server load via Prometheus / Grafana: CPU usage <70%

  • Log changes in Audit Log

πŸ› οΈ Troubleshooting Tips

Symptom

Likely Cause

Resolution

Endpoint still shows 7% CPU

Profile not fetched

Verify the profile in Connect App management, wait 15 minutes if correct and restart the KYP Connect App if still not working

Screenshots not processed

Screenshots collection disabled or OCR service unavailable

Enable Screenshots collection and verify the OCR parameters in special settings and KYP Connect profiles

Data not being anonymised

ANONYMIZATION_RULES_ENABLED = false

Re-enable setting & reprocess

Server spikes to 90% CPU

Insufficient server capacity

Scale containers / add vCPU on the server

πŸ” Rollback Plan

In case the changes need to be rolled back, so that the processing will be done on user’s workstations again, please follow these steps:

  • Re-enable features in KYP Connect App Profiles ( Check the parameters mentioned here)

  • In Special settings, set:

    IMAGE_TO_TEXT_ON_THE_SERVER_ENABLED = false
ANONYMIZATION_RULES_ENABLED = false

  • Change the Processing Device in Admin Panel β†’ Configuration β†’ Organization β†’ Anonymization & Data Masking β†’ Properties

  • Restart Connect Apps or wait for the configuration to be retrieved from the server ( This will take up to 15 minutes) – local OCR processing resumes

FAQ

Why should I move OCR processing to the server?

Off-loading reduces CPU usage on endpointsβ€”especially in multi-session or thin-client environmentsβ€”by removing the need for local processing. It also improves performance, simplifies compliance, and allows centralized rule management.

Will off-loading affect real-time data collection?

No. Activity capture still happens in real time on the endpoint. Only the heavy OCR and anonymization processes are deferred to the server, which handles them efficiently without delaying function creation.

Is the data secure during server processing?

es. Screenshots and raw data are transferred over TLS-encrypted channels. Anonymization is handled on secure server infrastructure, and all processing activities are logged for audit purposes.