Wowza Community

Encrypting nDVR recorded stream in realtime using DRM addon and playready for HLS

Hi Guys,

We are trying to implement a server side API for encrypting live, DVR and VOD stream. We are able to encrypt live streams with key rotation features using IModuleOnHTTPCupertinoEncryption and METHOD_CHUNK_PLAYREADY. My question is, to encrypt the nDVR streams should we also use the IModuleOnHTTPCupertinoEncryption interface? As we have understood nDVR recorded streams are treated the same way as VOD but everytime a DVR is played the method onHTTPCupertinoEncryptionKeyVODChunk is not being called. Is there any other interface we can implement to set the Cupertino Encoding Info for DVRs in DVR store?

Regards,

Ferdinand

It seems like what is being called is onHTTPCupertinoEncryptionKeyLiveChunk but unlike the live it is called only once. Then the following error:

ERROR server comment - invoke(onHTTPCupertinoEncryptionKeyLiveChunk): java.lang.reflect.InvocationTargetException|at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)|at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)|at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)|at java.lang.reflect.Method.invoke(Method.java:483)|at com.wowza.wms.module.ModuleFunction.invoke(ModuleFunction.java:196)|

Could this be because this DVR is no longer connected to any live streams? We record DVRs per event and we stop and start recording according to the events stored on our EPG.Each event is recorded into different filename/directory for example, in the DVRFILESTORAGE there will be files such as these:

Channel1-Event1_720p.0

Channel1-Event1_360p.0

Channel1-Event1_240p.0

Channel1-Event2_720p.0

Channel1-Event2_360p.0

Channel1-Event2_240p.0

Hi,

The only requirement for DRM using nDVR according to the nDVR specific instructions in the PlayReady Guide is that the DRM module must be enabled during nDVR recording and playback. Make sure you are doing that.

Richard

Ferdinand,

You should still be able to use the edge locking method. It’s not really that necessary unless you are doing RTMP dynamic streaming from the edge.

Have you tried this setup as shown in that nDVR specific section of the guide? It should work.

Richard

Ferdinand,

I tested onHTTPSmoothStreamingPlayReadyCreateLive and it fires for me when a live stream is started on an application smoothstreampacketizer enabled, when packetization is started. It doesn’t fire for smooth playback client.

To point to different servers from one application you can use .stream files. The documentation doesn’t mention using .stream files with nDVR and Liverepeater, so I tried it and just found that you had to add application instance to the url in the stream file for it to work. For example:

/content/dvrorigin.stream

wowz://192.168.1.120/dvrorigin/definst/myStream

Playback:

http://192.168.1.106:1935/dvredge/dvrorigin.stream/Manifest?DVR

Richard

Hi,

The only requirement for DRM using nDVR according to the nDVR specific instructions in the PlayReady Guide is that the DRM module must be enabled during nDVR recording and playback. Make sure you are doing that.

Richard

Hi Richard,

I am using the wowza developer key on the development machine so I supposed the DRM is enabled. The encryption works just fine on live streams. I can see the tags that I made in the code whenever a method of IModuleOnHTTPCupertinoEncryption is called and I can confirm that the method onHTTPCupertinoEncryptionKeyLiveChunk is in fact being called whenever a client request a live stream.

I just copied a (clear) nDVR recording we have from the production machine to my development environment (smil files and nDVR directory). But as I have mentioned earlier, I am not streaming the live version of this DVR stream from my dev environment. I was exepecting the dev environment to just treat it as a VOD and therefore call onHTTPCupertinoEncryptionKeyVODChunk but I am not seeing any calls made to this method although playback of the same DVR recording without encryption works just fine. Now I am not so sure how can I control the encryption of our DVR recordings in realtime.

Regards,

Hi Richard,

I am using the wowza developer key on the development machine so I supposed the DRM is enabled. The encryption works just fine on live streams. I can see the tags that I made in the code whenever a method of IModuleOnHTTPCupertinoEncryption is called and I can confirm that the method onHTTPCupertinoEncryptionKeyLiveChunk is in fact being called whenever a client request a live stream.

I just copied a (clear) nDVR recording we have from the production machine to my development environment (smil files and nDVR directory). But as I have mentioned earlier, I am not streaming the live version of this DVR stream from my dev environment. I was exepecting the dev environment to just treat it as a VOD and therefore call onHTTPCupertinoEncryptionKeyVODChunk but I am not seeing any calls made to this method although playback of the same DVR recording without encryption works just fine. Now I am not so sure how can I control the encryption of our DVR recordings in realtime.

Regards,

Hi Richard,

Thanks for the reply, does that mean that nDVR recorded files stored on the dvrfilestore will already be encrypted? If this is the case then Im definitely doing it wrong, normally we encrypt live streams on the edge server. We are using the DRM API on the edge servers to encrypt live streams and we just share the dvrfilestore of the origin server using nfs to the edge. I thought dvr files will also be encrypted in realtime just like the live. If that is the case then will I still be able to use locked multibitrate streams on the edge server using configuration discussed on this article https://www.wowza.com/docs/how-to-lock-multi-bitrate-streams-on-live-stream-repeater-edge ? This is currently the method we are using and it is not clear for me if the communication between the origin and edge will be affected if I start encrypting on the origin. Althought perhaps it will be alright since the communication used between the two is rtmp/wowz protocol.

Another question is if I start encrypting the nDVR files on the origin, where will the encryption information be stored so that the edge will be able to contruct the proper playlist.m3u8? Considering the fact that we are just sharing the nDVR of the origin to the edge using nfs.

Regards,

Ferdinand

Hi Richard,

Yes, I have tried the nDVR specific solution setup and it worked ok.

The locking method on the otherhand didn’t work as expected, even if I was encrypting from the origin server the stream on the edge were going out in clear format. Although it’s not really important at the moment since we can just use the conventional way of origin/edge configuration.

While using the conventional way of using origin/edge, is there anyway I can specify from which origin server the application should fetch the content if streams are coming from different servers? There is only OriginURL on the Application.xml where you can specify the origin server (assuming that all streams are coming from this server), but what if there are multiple origin servers serving different streams?

Another question is, although off topic but still about DRM, are the server API available to encrypt smoothstreaming still available in 4.x? I tried using the API discussed in this article https://www.wowza.com/docs/how-to-secure-smooth-streaming-using-playready-drm-silverlight but the method onHTTPSmoothStreamingPlayReadyCreateLive is not being called. I dont know if I have to add a property on the Application.xml like with the cuperinoEncryptionAPIBased but there was nothing mentioned in the article of such. Maybe it’s worth mentioning, I have implemented both IModuleOnHTTPSmoothStreamingPlayReady and IModuleOnHTTPCupertinoEncryption in the same module.

Regards,

Ferdinand

Any input regarding onHTTPSmoothStreamingPlayReadyCreateLive not being called?