Inside Portugal Telecom's OTT Deployment: MEO@PC - Secured Internet TV Deployment with Envivio 4Caster C42 and Microsoft Technologies May 2010 ...
←
→
Page content transcription
If your browser does not render page correctly, please read the page content below
TV without Boundaries™
Inside Portugal Telecom’s
OTT Deployment: MEO@PC
Secured Internet TV Deployment
with Envivio 4Caster C42
and Microsoft Technologies
May 2010
Author: Olivier MiletContents 1. TELEVISION TRANSFORMED ................................................................................ 3 1.1 Key Ingredients for Deploying Premium Content OTT ................................................ 3 1.2 Technologies for Over-the-Top............................................................................................. 4 2. PORTUGAL TELECOM’S MEO@PC ........................................................................ 6 2.1 Challenges .................................................................................................................................... 6 2.2 Solution and Architecture Chosen....................................................................................... 6 3. EXCHANGES BETWEEN THE ENCODER AND THE DRM SERVER......................... 8 3.1 Dataflow ........................................................................................................................................ 8 3.2 Key Provisioning Interface Description .............................................................................. 9 3.3 Securing PlayReady Information Exchange....................................................................10 4. CONCLUSION ....................................................................................................... 11 5. ANNEX A: KEY PROVISIONING SOAP DESCRIPTION ......................................... 12 Envivio | TV without Boundaries™ Page 2 of 12
Case Study | Inside Portugal Telecom’s OTT Deployment: MEO@PC
1. Television Transformed
Any Viewer · Any Device · Any Network · Any Time
The appetite for online video is growing at an unprecedented pace. It started with YouTube,
has been fueled by new service launches like Hulu and Vevo. Consumers seem to devour
content online as fast as it can be posted, and there doesn’t appear to be anything will slow
the pace.
With huge audiences finally embracing new television distribution models, leading
technology companies have begun developing new services that take advantage of the new
devices: over-the-top content delivery of catch-up or on demand services enable users to
capture and view their desired programs at any time.
Over the top delivery has created a break-through that is not limited to the PC screen, but
extends to any connected device: connected TV, gaming consoles, smart phones, connected
tables, and more. Imagine the freedom of enjoying your favorite sporting event—like the
Olympics, The Masters and the World Cup live as they unfold—without a cumbersome
television. Now that is viewing freedom.
This represents a new path for broadcasters who are looking for new vehicles through which
to deliver their premium content directly to the users. For network operators, it is an
opportunity to develop and implement a Three Screens strategy that not only provides
added-value services, it creates new and untapped revenue streams.
1.1 Key Ingredients for Deploying Premium Content OTT
As organizations begin looking at offering Over-the-Top (OTT) content delivery services, it is
important to understand the key ingredients for having a successful implementation.
User Experience (UX) ranks at the forefront, because the success of the service ultimately rests
on the desire of the consumer to pay based on perceived value.
Content Right Management follows closely behind, as OTT distribution of content creates a
new paradigm not covered in traditional broadcast distribution models.
1. User Experience (UX): broadband users expect a continuous viewing experience
from SD to HD resolutions. Service availability and video quality are keys ingredients
from a user perspective, but also for service providers who expect substantial
income.
2. Content Right Management: managing and protecting the content rights means
insuring that each participant in the ecosystem, from the production to the
distributor, remains in control of the content value. Content protection and right
management is a strong requirement from producers to allow distribution of their
Envivio | TV without Boundaries™ Page 3 of 12Internet TV: OTT Content Delivery
content to PC screen and connected devices. Content right solutions are usually
based on two essential notions:
• Protected delivery: the media, if distributed over a public medium (here the
“public internet”) needs to be protected. Encryption technologies and secured
exchanges are typically used to insure the content protection.
• Digital rights and Business models: this refers to how the user can consume the
media, its associated rights, and how the revenue streams flow between the end
user, the distributor and the producer.
1.2 Technologies for Over-the-Top
Several major vendors have now proposed framework and technologies to answer the key
requirements for a successful OTT deployment. Three of the most prominent and important, in
alphabetical order, include:
• Adobe, notably with the “Zeri project” development in Flash
• Apple, with HTTP streaming supported in their core products through QuickTime
• Microsoft, with its Silverlight and PlayReady framework
NOTE: This is not an all inclusive list. Notably, several other CAS and DRM providers are now
proposing content delivery and protection solutions suitable for OTT deployments,
and Envivio is working to ensure that we provide support for solutions as these are
made available.
Interestingly, the answer from each of the vendors listed above to address the Quality of
Experience (QoE) is based on the same factors and similar approach:
• Efficient Video Compression: Using the latest standard codecs, and notably H.264
as key foundation for a good experience
• HTTP Delivery: HTTP is universal and works on any public networks. This simplistic
but essential quality means that firewall, scalability, heterogeneity issues that might
come up with other distribution mechanisms are non-existent with HTTP.
• Adaptive Streaming: This is the ability to encode a video streaming into chunks of
various sizes at different bitrates and resolutions in order to cope with the
bandwidth variations. Different container formats are available for these chunks,
with similar properties. The most used are based on MPEG-2TS segments or on
Fragmented-MPEG-4.
Envivio | TV without Boundaries™ Page 4 of 12Internet TV: OTT Content Delivery
Additionally, various vendors propose technologies to address the Content Protection and
Right Management:
• Secured delivery: Most of the security mechanisms are based on media protection
(focusing on encrypting the content) and moving away from securing the delivery
path. The encryption is based on AES with a 128-bit key which is directly supported
inside Envivio 4Caster C42 to insure an end to end protected delivery.
• Digital Right Management: Each vendor provides tailored solutions to manage the
content rights.
Following is a summary of the technologies discussed above for OTT delivery of premium
content:
Provider Encoding Transport Protection Playback
Adobe fMP4 Flash
H.264MP/AAC Flash Access
Zeri over HTTP Player 10.1
Apple MPEG2-TS chunks
H.264 AAC AES QuickTime X
QuickTimeX over HTTP
Microsoft VC-1/WMA fMP4 Silverlight
PlayReady
Silverlight H.264/AAC over HTTP Player
Envivio | TV without Boundaries™ Page 5 of 12Internet TV: OTT Content Delivery
2. Portugal Telecom’s MEO@PC
Portugal Telecom (PT) is the largest telecommunications and broadband service provider in
Portugal. In April 2008, PT launched MEO, an IPTV and satellite TV service composed of 120
channels and +2,000 VOD content. With advanced functionalities such as pause TV for live
channels, PVR and interactive service guide, MEO reached over 500,000 subscribers in less
than 17 months.
PT decided to go beyond the way traditional television is consumed with a brand new service:
MEO@PC. PT broadband users can now enjoy the MEO experience on their PC wherever they
are. User experience and video quality has been a key driver: viewers have full control over the
live channel with the ability to play/pause and rewind. Searching its favorite TV programming
is facilitated through an interactive and intuitive program guide. Last, but not least, video
quality is achieved using adaptive streaming, allowing a continuous viewing experience.
2.1 Challenges
A television experience on PC has its challenges. One has to deal with the legal aspect of the
distribution of premium content over the public internet and provide the best of breed service
with interactivity and quality of service:
• Legal: The distribution of Hollywood content requires the use of pre-approved DRM
technologies. Right holders need to ensure their content is protected from piracy,
and consumed according to user rights. Approval is done by consortium made of
Hollywood studios, such as the Digital Entertainment Content Ecosystem (DECE).
• Quality of Service: The aim of a television experience on PC screen is to offer the
same level of service as IPTV. The viewing experience is expected to be continuous,
without interruption due to network congestion.
• Operational: From an operational standpoint, 24/7 broadcast environment is a
must-have feature. This constraint is reinforced with the use of DRM for security.
2.2 Solution and Architecture Chosen
Technology Chosen
• Envivio Internet TV Head-end: Envivio 4Caster C42 is the only encoder capable of
supplying the level of quality for Internet delivery combined with content security.
• Microsoft Silverlight: Silverlight enables the development of Rich Internet
Applications (RIA) to provide best of breed user experience. Using Silverlight Smooth
Streaming, a continuous viewing experience is ensured with its adaptive streaming
technology. It also natively supports play/pause and rewind functionalities.
Envivio | TV without Boundaries™ Page 6 of 12Internet TV: OTT Content Delivery
• Microsoft PlayReady: Silverlight DRM powered by PlayReady is approved by right
holders and DECE. PlayReady provides the level of security and the business models
required for live and VOD delivery.
Architecture
The selected architecture is made of Envivio 4Caster C42 encoders, with Smooth
Streaming output and PlayReady support. Monitoring and N+M failover management is
achieved using Envivio 4Manager Network Management System (NMS). 4Caster C42 and
4Manager fit within a complete Silverlight ecosystem made of IIS streaming servers and
PlayReady DRM system as depicted below:
Encoding
Content Delivery Silverlight
Client
IP IP Distribution
backbone
….
IIS Media Services
Envivio
2
4Caster C4
Management Content Protection
System
Envivio 4Manager PlayReady
Control & supervision system DRM servers
Figure 1-Microsoft Silverlight Smooth Streaming Architecture
For operational aspects and robustness of the ecosystem, an interaction has been
envisioned between Envivio 4Caster C42 and Microsoft PlayReady DRM system. This
interaction is referred to as “Key provisioning” within this document. The objective is to
automate the exchange of PlayReady encryption information between the encoders and
PlayReady DRM system.
In addition, content owners required this interaction to be secured. This led to the
definition of a communication interface and joint development between Envivio and
Microsoft.
Within the next section, we describe in technical details the joint implementation of the
communication interface (a.k.a. “key provisioning”) and corresponding security
aspects.
Envivio | TV without Boundaries™ Page 7 of 12Internet TV: OTT Content Delivery
3. Exchanges Between the Encoder and
the DRM Server
3.1 Dataflow
Before going deep into the description of the interface, we explain below the dataflow
between the various components of a Silverlight ecosystem with PlayReady:
Publish
encrypted content
Request &
deliver content
Envivio IIS Media
4Caster C42 Services
Request and issue PlayReady
encryption information
Silverlight
(Key provisioning)
Client
Request &
issue license
License Data
PlayReady PlayReady
Keys Server Licences server
Figure 2-Microsoft PlayReady Dataflow
• Envivio 4Caster C42: Retrieves PlayReady encryption information from PlayReady
DRM keys server (“key provisioning”), and publish encrypted content over IIS
distribution server.
• Microsoft PlayReady keys server: In addition to its interaction with Envivio 4Caster
C42, it will communicate license data to PlayReady license server.
• Microsoft Silverlight client: Client will request license from PlayReady license
server. License delivered contains content protection information (including
encryption key) and rights for using the content. Client will ultimately connect to
Distribution Server IIS to consume the content.
Envivio | TV without Boundaries™ Page 8 of 12Internet TV: OTT Content Delivery
3.2 Key Provisioning Interface Description
The protocol used for exchanging PlayReady encryption information between the 4Caster C42
and the PlayReady DRM keys server is SOAP over HTTP (clear transmission) or HTTPs (security
applies).
The different communication steps are described above:
1. To obtain encryption information (including encryption key), 4Caster C42 sends a
SOAP request to PlayReady DRM keys server. This SOAP request uniquely identifies
the media asset or live channel to encrypt by means of an identifier (tag
).
2. Based on identifier, PlayReady keys server answers with the following
encryption information:
• Key: 16-byte AES key used for encrypting the content which identifier corresponds
to
• KeyID: 16-byte key identifier used to uniquely identify the key within the system
• LicenseAcquisitionUrl: URL of the License Acquisition Web Service
• LicenseAcquisitionUiUrl: URL of the non-silent License Acquisition Web Service
• ServiceID: identifier of the domain service. This unique identifier is provided by
Microsoft to PlayReady technology supplier.
These parameters will be used by the Envivio 4Caster C42 to encrypt the content, and insert
into Smooth Streaming content the rest of the information that will be used by Silverlight
client. A complete description of the key provisioning SOAP interface is given Annex A.
ContentID
Key
KeyID
LicenseAcquisitionUrl
Envivio Microsoft
4Caster C42 LicenseAcquisitionUiUrl PlayReady Server
ServiceID
Redundancy Considerations
24/7 broadcast is achieved using N+M redundancy scheme. During failover process, backup
encoder needs the retrieve the entire configuration, including PlayReady DRM information.
Envivio | TV without Boundaries™ Page 9 of 12Internet TV: OTT Content Delivery
Using key provisioning interface, failover management is totally transparent: prior to any
encoding process, backup encoder will first connect to PlayReady DRM keys server, and once
the information received, it will proceed to encoding and encryption of the content.
In other words, key provisioning interface is a necessary condition for any N+M protected over
the top deployment.
3.3 Securing PlayReady Information Exchange
Securing the exchange of PlayReady encryption information has been a requirement from
content owners to deploy protected premium content over the public internet. This is
particularly necessary when the encoders and PlayReady DRM servers are not located within
the same area.
Two mechanisms have been implemented to meet right holders requirements:
• Secure the transmission: Using SOAP over HTTPs, one encrypts and secures the
data exchanged (see section 3.2 for more details) and prevents from piracy.
• Authentication of encoders: By authenticating each encoder to PlayReady keys
server, we ensure PlayReady keys server transmits encryption information to the
right entity. Encoders’ authentication can be achieved in two different ways:
1. SSL Client Certificate
or
2. HTTP basic Authentication (Username/password)
Taking security and authentication process into consideration, the complete key provisioning
data flow is described below:
Username/Password OR SSL client
Authorize Envivio 4Caster C42
Authentication
ContentID
Key
Envivio Microsoft
KeyID
4Caster C42 PlayReady Server
LicenseAcquisitionURL
LicenseAcquisitionUiURL
ServiceID
Secure transmission
Envivio | TV without Boundaries™ Page 10 of 12Internet TV: OTT Content Delivery
4. Conclusion
In this paper we described the ecosystem, dataflow and components required to deliver a
complete and secured television experience on PC. This solution was recently deployed by
Portugal Telecom for their “MEO@PC” service, an off-network extension of their existing IPTV
service delivering premium content to PC platforms.
Based on Envivio 4Caster C42, Microsoft PlayReady and Silverlight technologies, the integrated
solution delivers the key ingredients for an optimal Premium InternetTV service:
• Excellent User Experience: A great subscriber experience begins with a service that
is on air, all the time. Envivio’s high-availability platform delivers 99.999% uptime
and unshakeable performance thanks to the Broadcast-grade fault management
provided by Envivio 4Manager. Furthermore, support for adaptive bitrate streaming
technologies including Silverlight Smooth Streaming ensures continuous viewing
even under changing network conditions. Combined with interactive multimedia
capability and economical HTTP delivery technology, Envivio InternetTV headends
make it possible to create a unique experience for subscribers at substantially lower
cost than dedicated or proprietary transport protocols.
• Protected Delivery: Strong and standard encryption is applied right inside 4Caster
C42 in order to protect the content delivery from its origin to the subscriber.
• Digital rights and Business Models: Based on rules established within Microsoft
PlayReady DRM, the user gets granted consumption rights based on his
subscription. An innovative key provisioning layer between Envivio InternetTV
headend and the Microsoft PlayReady DRM Server has been developed and
deployed in order to automate the key and license exchanges and distribution with
failover management.
Thanks to the technology and expertise delivered by Envivio and Microsoft, the service went
from design to deployment in less than three months, thus making Portugal Telecom the first
Broadband Provider to deploy Over the Top services, as an expansion of their existing IPTV
service.
Envivio | TV without Boundaries™ Page 11 of 12Internet TV: OTT Content Delivery
5. Annex A: Key Provisioning SOAP Description
The following example is a SOAP request from encoder and the corresponding answer from
PlayReady DRM keys server.
SOAP Request from the 4Caster C42 Encoder:
1.0
PlayReady
Disney Channel
SOAP Answer from PlayReady DRM Keys Server:
E67D4AA537CBB14B761E1277CFA9F8C2
Ja716gdj1USDr1/X44o2AQ==
http://ip/rm.asmx
http://ip/rm.asmx
6y1jDe93qpMN2ASMPg142w==
Gone with the
Wind]]>
Envivio | TV without Boundaries™ Page 12 of 12You can also read
