Inside Portugal Telecom's OTT Deployment: MEO@PC - Secured Internet TV Deployment with Envivio 4Caster C42 and Microsoft Technologies May 2010 ...
←
→
Page content transcription
If your browser does not render page correctly, please read the page content below
TV without Boundaries™ Inside Portugal Telecom’s OTT Deployment: MEO@PC Secured Internet TV Deployment with Envivio 4Caster C42 and Microsoft Technologies May 2010 Author: Olivier Milet
Contents 1. TELEVISION TRANSFORMED ................................................................................ 3 1.1 Key Ingredients for Deploying Premium Content OTT ................................................ 3 1.2 Technologies for Over-the-Top............................................................................................. 4 2. PORTUGAL TELECOM’S MEO@PC ........................................................................ 6 2.1 Challenges .................................................................................................................................... 6 2.2 Solution and Architecture Chosen....................................................................................... 6 3. EXCHANGES BETWEEN THE ENCODER AND THE DRM SERVER......................... 8 3.1 Dataflow ........................................................................................................................................ 8 3.2 Key Provisioning Interface Description .............................................................................. 9 3.3 Securing PlayReady Information Exchange....................................................................10 4. CONCLUSION ....................................................................................................... 11 5. ANNEX A: KEY PROVISIONING SOAP DESCRIPTION ......................................... 12 Envivio | TV without Boundaries™ Page 2 of 12
Case Study | Inside Portugal Telecom’s OTT Deployment: MEO@PC 1. Television Transformed Any Viewer · Any Device · Any Network · Any Time The appetite for online video is growing at an unprecedented pace. It started with YouTube, has been fueled by new service launches like Hulu and Vevo. Consumers seem to devour content online as fast as it can be posted, and there doesn’t appear to be anything will slow the pace. With huge audiences finally embracing new television distribution models, leading technology companies have begun developing new services that take advantage of the new devices: over-the-top content delivery of catch-up or on demand services enable users to capture and view their desired programs at any time. Over the top delivery has created a break-through that is not limited to the PC screen, but extends to any connected device: connected TV, gaming consoles, smart phones, connected tables, and more. Imagine the freedom of enjoying your favorite sporting event—like the Olympics, The Masters and the World Cup live as they unfold—without a cumbersome television. Now that is viewing freedom. This represents a new path for broadcasters who are looking for new vehicles through which to deliver their premium content directly to the users. For network operators, it is an opportunity to develop and implement a Three Screens strategy that not only provides added-value services, it creates new and untapped revenue streams. 1.1 Key Ingredients for Deploying Premium Content OTT As organizations begin looking at offering Over-the-Top (OTT) content delivery services, it is important to understand the key ingredients for having a successful implementation. User Experience (UX) ranks at the forefront, because the success of the service ultimately rests on the desire of the consumer to pay based on perceived value. Content Right Management follows closely behind, as OTT distribution of content creates a new paradigm not covered in traditional broadcast distribution models. 1. User Experience (UX): broadband users expect a continuous viewing experience from SD to HD resolutions. Service availability and video quality are keys ingredients from a user perspective, but also for service providers who expect substantial income. 2. Content Right Management: managing and protecting the content rights means insuring that each participant in the ecosystem, from the production to the distributor, remains in control of the content value. Content protection and right management is a strong requirement from producers to allow distribution of their Envivio | TV without Boundaries™ Page 3 of 12
Internet TV: OTT Content Delivery content to PC screen and connected devices. Content right solutions are usually based on two essential notions: • Protected delivery: the media, if distributed over a public medium (here the “public internet”) needs to be protected. Encryption technologies and secured exchanges are typically used to insure the content protection. • Digital rights and Business models: this refers to how the user can consume the media, its associated rights, and how the revenue streams flow between the end user, the distributor and the producer. 1.2 Technologies for Over-the-Top Several major vendors have now proposed framework and technologies to answer the key requirements for a successful OTT deployment. Three of the most prominent and important, in alphabetical order, include: • Adobe, notably with the “Zeri project” development in Flash • Apple, with HTTP streaming supported in their core products through QuickTime • Microsoft, with its Silverlight and PlayReady framework NOTE: This is not an all inclusive list. Notably, several other CAS and DRM providers are now proposing content delivery and protection solutions suitable for OTT deployments, and Envivio is working to ensure that we provide support for solutions as these are made available. Interestingly, the answer from each of the vendors listed above to address the Quality of Experience (QoE) is based on the same factors and similar approach: • Efficient Video Compression: Using the latest standard codecs, and notably H.264 as key foundation for a good experience • HTTP Delivery: HTTP is universal and works on any public networks. This simplistic but essential quality means that firewall, scalability, heterogeneity issues that might come up with other distribution mechanisms are non-existent with HTTP. • Adaptive Streaming: This is the ability to encode a video streaming into chunks of various sizes at different bitrates and resolutions in order to cope with the bandwidth variations. Different container formats are available for these chunks, with similar properties. The most used are based on MPEG-2TS segments or on Fragmented-MPEG-4. Envivio | TV without Boundaries™ Page 4 of 12
Internet TV: OTT Content Delivery Additionally, various vendors propose technologies to address the Content Protection and Right Management: • Secured delivery: Most of the security mechanisms are based on media protection (focusing on encrypting the content) and moving away from securing the delivery path. The encryption is based on AES with a 128-bit key which is directly supported inside Envivio 4Caster C42 to insure an end to end protected delivery. • Digital Right Management: Each vendor provides tailored solutions to manage the content rights. Following is a summary of the technologies discussed above for OTT delivery of premium content: Provider Encoding Transport Protection Playback Adobe fMP4 Flash H.264MP/AAC Flash Access Zeri over HTTP Player 10.1 Apple MPEG2-TS chunks H.264 AAC AES QuickTime X QuickTimeX over HTTP Microsoft VC-1/WMA fMP4 Silverlight PlayReady Silverlight H.264/AAC over HTTP Player Envivio | TV without Boundaries™ Page 5 of 12
Internet TV: OTT Content Delivery 2. Portugal Telecom’s MEO@PC Portugal Telecom (PT) is the largest telecommunications and broadband service provider in Portugal. In April 2008, PT launched MEO, an IPTV and satellite TV service composed of 120 channels and +2,000 VOD content. With advanced functionalities such as pause TV for live channels, PVR and interactive service guide, MEO reached over 500,000 subscribers in less than 17 months. PT decided to go beyond the way traditional television is consumed with a brand new service: MEO@PC. PT broadband users can now enjoy the MEO experience on their PC wherever they are. User experience and video quality has been a key driver: viewers have full control over the live channel with the ability to play/pause and rewind. Searching its favorite TV programming is facilitated through an interactive and intuitive program guide. Last, but not least, video quality is achieved using adaptive streaming, allowing a continuous viewing experience. 2.1 Challenges A television experience on PC has its challenges. One has to deal with the legal aspect of the distribution of premium content over the public internet and provide the best of breed service with interactivity and quality of service: • Legal: The distribution of Hollywood content requires the use of pre-approved DRM technologies. Right holders need to ensure their content is protected from piracy, and consumed according to user rights. Approval is done by consortium made of Hollywood studios, such as the Digital Entertainment Content Ecosystem (DECE). • Quality of Service: The aim of a television experience on PC screen is to offer the same level of service as IPTV. The viewing experience is expected to be continuous, without interruption due to network congestion. • Operational: From an operational standpoint, 24/7 broadcast environment is a must-have feature. This constraint is reinforced with the use of DRM for security. 2.2 Solution and Architecture Chosen Technology Chosen • Envivio Internet TV Head-end: Envivio 4Caster C42 is the only encoder capable of supplying the level of quality for Internet delivery combined with content security. • Microsoft Silverlight: Silverlight enables the development of Rich Internet Applications (RIA) to provide best of breed user experience. Using Silverlight Smooth Streaming, a continuous viewing experience is ensured with its adaptive streaming technology. It also natively supports play/pause and rewind functionalities. Envivio | TV without Boundaries™ Page 6 of 12
Internet TV: OTT Content Delivery • Microsoft PlayReady: Silverlight DRM powered by PlayReady is approved by right holders and DECE. PlayReady provides the level of security and the business models required for live and VOD delivery. Architecture The selected architecture is made of Envivio 4Caster C42 encoders, with Smooth Streaming output and PlayReady support. Monitoring and N+M failover management is achieved using Envivio 4Manager Network Management System (NMS). 4Caster C42 and 4Manager fit within a complete Silverlight ecosystem made of IIS streaming servers and PlayReady DRM system as depicted below: Encoding Content Delivery Silverlight Client IP IP Distribution backbone …. IIS Media Services Envivio 2 4Caster C4 Management Content Protection System Envivio 4Manager PlayReady Control & supervision system DRM servers Figure 1-Microsoft Silverlight Smooth Streaming Architecture For operational aspects and robustness of the ecosystem, an interaction has been envisioned between Envivio 4Caster C42 and Microsoft PlayReady DRM system. This interaction is referred to as “Key provisioning” within this document. The objective is to automate the exchange of PlayReady encryption information between the encoders and PlayReady DRM system. In addition, content owners required this interaction to be secured. This led to the definition of a communication interface and joint development between Envivio and Microsoft. Within the next section, we describe in technical details the joint implementation of the communication interface (a.k.a. “key provisioning”) and corresponding security aspects. Envivio | TV without Boundaries™ Page 7 of 12
Internet TV: OTT Content Delivery 3. Exchanges Between the Encoder and the DRM Server 3.1 Dataflow Before going deep into the description of the interface, we explain below the dataflow between the various components of a Silverlight ecosystem with PlayReady: Publish encrypted content Request & deliver content Envivio IIS Media 4Caster C42 Services Request and issue PlayReady encryption information Silverlight (Key provisioning) Client Request & issue license License Data PlayReady PlayReady Keys Server Licences server Figure 2-Microsoft PlayReady Dataflow • Envivio 4Caster C42: Retrieves PlayReady encryption information from PlayReady DRM keys server (“key provisioning”), and publish encrypted content over IIS distribution server. • Microsoft PlayReady keys server: In addition to its interaction with Envivio 4Caster C42, it will communicate license data to PlayReady license server. • Microsoft Silverlight client: Client will request license from PlayReady license server. License delivered contains content protection information (including encryption key) and rights for using the content. Client will ultimately connect to Distribution Server IIS to consume the content. Envivio | TV without Boundaries™ Page 8 of 12
Internet TV: OTT Content Delivery 3.2 Key Provisioning Interface Description The protocol used for exchanging PlayReady encryption information between the 4Caster C42 and the PlayReady DRM keys server is SOAP over HTTP (clear transmission) or HTTPs (security applies). The different communication steps are described above: 1. To obtain encryption information (including encryption key), 4Caster C42 sends a SOAP request to PlayReady DRM keys server. This SOAP request uniquely identifies the media asset or live channel to encrypt by means of an identifier (tag ). 2. Based on identifier, PlayReady keys server answers with the following encryption information: • Key: 16-byte AES key used for encrypting the content which identifier corresponds to • KeyID: 16-byte key identifier used to uniquely identify the key within the system • LicenseAcquisitionUrl: URL of the License Acquisition Web Service • LicenseAcquisitionUiUrl: URL of the non-silent License Acquisition Web Service • ServiceID: identifier of the domain service. This unique identifier is provided by Microsoft to PlayReady technology supplier. These parameters will be used by the Envivio 4Caster C42 to encrypt the content, and insert into Smooth Streaming content the rest of the information that will be used by Silverlight client. A complete description of the key provisioning SOAP interface is given Annex A. ContentID Key KeyID LicenseAcquisitionUrl Envivio Microsoft 4Caster C42 LicenseAcquisitionUiUrl PlayReady Server ServiceID Redundancy Considerations 24/7 broadcast is achieved using N+M redundancy scheme. During failover process, backup encoder needs the retrieve the entire configuration, including PlayReady DRM information. Envivio | TV without Boundaries™ Page 9 of 12
Internet TV: OTT Content Delivery Using key provisioning interface, failover management is totally transparent: prior to any encoding process, backup encoder will first connect to PlayReady DRM keys server, and once the information received, it will proceed to encoding and encryption of the content. In other words, key provisioning interface is a necessary condition for any N+M protected over the top deployment. 3.3 Securing PlayReady Information Exchange Securing the exchange of PlayReady encryption information has been a requirement from content owners to deploy protected premium content over the public internet. This is particularly necessary when the encoders and PlayReady DRM servers are not located within the same area. Two mechanisms have been implemented to meet right holders requirements: • Secure the transmission: Using SOAP over HTTPs, one encrypts and secures the data exchanged (see section 3.2 for more details) and prevents from piracy. • Authentication of encoders: By authenticating each encoder to PlayReady keys server, we ensure PlayReady keys server transmits encryption information to the right entity. Encoders’ authentication can be achieved in two different ways: 1. SSL Client Certificate or 2. HTTP basic Authentication (Username/password) Taking security and authentication process into consideration, the complete key provisioning data flow is described below: Username/Password OR SSL client Authorize Envivio 4Caster C42 Authentication ContentID Key Envivio Microsoft KeyID 4Caster C42 PlayReady Server LicenseAcquisitionURL LicenseAcquisitionUiURL ServiceID Secure transmission Envivio | TV without Boundaries™ Page 10 of 12
Internet TV: OTT Content Delivery 4. Conclusion In this paper we described the ecosystem, dataflow and components required to deliver a complete and secured television experience on PC. This solution was recently deployed by Portugal Telecom for their “MEO@PC” service, an off-network extension of their existing IPTV service delivering premium content to PC platforms. Based on Envivio 4Caster C42, Microsoft PlayReady and Silverlight technologies, the integrated solution delivers the key ingredients for an optimal Premium InternetTV service: • Excellent User Experience: A great subscriber experience begins with a service that is on air, all the time. Envivio’s high-availability platform delivers 99.999% uptime and unshakeable performance thanks to the Broadcast-grade fault management provided by Envivio 4Manager. Furthermore, support for adaptive bitrate streaming technologies including Silverlight Smooth Streaming ensures continuous viewing even under changing network conditions. Combined with interactive multimedia capability and economical HTTP delivery technology, Envivio InternetTV headends make it possible to create a unique experience for subscribers at substantially lower cost than dedicated or proprietary transport protocols. • Protected Delivery: Strong and standard encryption is applied right inside 4Caster C42 in order to protect the content delivery from its origin to the subscriber. • Digital rights and Business Models: Based on rules established within Microsoft PlayReady DRM, the user gets granted consumption rights based on his subscription. An innovative key provisioning layer between Envivio InternetTV headend and the Microsoft PlayReady DRM Server has been developed and deployed in order to automate the key and license exchanges and distribution with failover management. Thanks to the technology and expertise delivered by Envivio and Microsoft, the service went from design to deployment in less than three months, thus making Portugal Telecom the first Broadband Provider to deploy Over the Top services, as an expansion of their existing IPTV service. Envivio | TV without Boundaries™ Page 11 of 12
Internet TV: OTT Content Delivery 5. Annex A: Key Provisioning SOAP Description The following example is a SOAP request from encoder and the corresponding answer from PlayReady DRM keys server. SOAP Request from the 4Caster C42 Encoder: 1.0 PlayReady Disney Channel SOAP Answer from PlayReady DRM Keys Server: E67D4AA537CBB14B761E1277CFA9F8C2 Ja716gdj1USDr1/X44o2AQ== http://ip/rm.asmx http://ip/rm.asmx 6y1jDe93qpMN2ASMPg142w== Gone with the Wind]]> Envivio | TV without Boundaries™ Page 12 of 12
You can also read