DME Stream Authorization Lockdown Management
Enabling DME Stream Authorization in Rev places all DMEs in a lockdown state where playback of Live or VOD HLS assets requires authorization. When enabling (or disabling) this feature, Rev directs each DME to change its Stream Authorization state.
There are several configuration items that are necessary for a DME to enter this state. Most are automatically handled by the DME and include:
When DMEs are placed into lockdown by enabling this setting in Rev, the following steps are taken within each DME automatically:
●All DME Network Time Protocol (NTP) synchronization fields are enabled and set so that all DMEs can have a consistent time. NTP uses UDP port 123, so please plan accordingly. Customers that restrict traffic through Proxy should consult their network support staff. DMEs that cannot sync time will not be able to participate in content sharing.
●All DMEs are set to distribute content via HTTPS only.
●All DMES are checked to ensure that a valid security cert is in place.
If all three of these properties are met or set successfully, the DME returns a success message to Rev and is placed into a lockdown state.
DMEs that are not successfully placed into a lockdown state will not receive playback URLs from Rev. Rev automatically provides authorization encoded into the playback URLs for those DMEs that are in a lockdown state. DMEs receive the request, validate the security token, and subsequently authorize the stream.
Admins may put their entire systems into and out of this lockdown state as needed or required.
Caution: iOS Safari (on iPhones) requires additional playback considerations when utilizing Stream Authorization. This includes: ●Because your DMEs (which are on premises) and Rev (which is in the Cloud) have two different domains, default configuration on iPhones disallows playback. To fix this, disable cross-site tracking. This is done on your iOS device by visiting Settings -> Safari -> Prevent Cross Site Tracking. ●iOS Safari in Private Mode does not support playback when DMEs are utilizing Stream Authorization. |
The DME Management and DME Network Statistics page(s) within Rev may be reviewed to check on the status of each DME once this setting is enabled. As noted, DMEs that cannot enter the lockdown state will not be used for content delivery. This feature provides even higher level security than the existing user/video access level currently provided in Rev.
In addition to using the two modules above, DMEs that are used for streaming when this setting is enabled may also be edited and have their authorization viewed as seen below. If the DME is not authorized, an error will be seen instead.
Note: You must have all of your deployed DMEs on Version 3.21 (or later) to use this functionality. DMEs on previous versions will not be used for content distribution. Best Practice is to update all your DMEs before attempting to use this feature. |