Wowza Community

Encrypted mediacache on edge

Hi Guys,

I would just like to know if there is a way to encrypt the contents stored by mediacache on an origin-edge configuration? Supposing that we store clear contents on the storage of the origin server so that the edge can encrypt it depending on the protocol it’s coming out (HLS AES, Playready Smoothstreaming), will the clear version of the content be stored on the mediacache or would it be the encrypted smoothstreaming or HLS segments? If it will be the clear version, is there a way to encrypt this files so that nobody can just copy them?

Regards,

Ferdinand

Hi Guys,

I would just like to know if there is a way to encrypt the contents stored by mediacache on an origin-edge configuration? Supposing that we store clear contents on the storage of the origin server so that the edge can encrypt it depending on the protocol it’s coming out (HLS AES, Playready Smoothstreaming), will the clear version of the content be stored on the mediacache or would it be the encrypted smoothstreaming or HLS segments? If it will be the clear version, is there a way to encrypt this files so that nobody can just copy them?

Regards,

Ferdinand

Btw, this is the concern of our client in the case that edge server’s security have been compromised. They are afraid that the cache storage can simply be copied and reconstructed to have the full version of the content.

Anyone?

I did a little bit of research and I just need a confirmation of the following:

It seems like the Wowza origin edge on VOD with mediacache doesn’t work. Media cache uses normal http server as source and not vod origin application of wowza and this for me raises more question than answer.

  • if the above is true then is it still possible to setup an origin edge for VOD using wowza with caching?

  • How about DRM, how can DRM be implemented if I cannot use Wowza origin edge application on VOD? If we will have to publish our mp4 from a normal http server as source how can we encrypt it with playready? From the dge server as it goes out? This will raise a lot of security issues.

The idea I had before with mediacache was a lot simplier. The idea was Wowza VOD origin + edge + mediacache to scale VOD. But it seems like that is not the case.

Please respond to this thread. I had posted this topic a week ago and still had not any responce from any support. Should I sent this inquiries instead to Wowza support? I got the impression that you guys would prefer us to post topics first on the forum before making a support ticket.

Regards,

Hello Ferdinand

I’ll attempt some clarification in what you’ve posted above:

You mentioned “They are afraid that the cache storage can simply be copied and reconstructed to have the full version of the content”.

I suppose it is possible but problematic especially if the content is not fully cached yet. The file would be there but only in parts. You could also explore the securing smooth streaming DRM which would allow encrypted vod assets to be stored.

You can run mediacache on your edge and you can pull files from your origin by mounting a network drive on your edge and attaching a mediacachesource to the shared mount.

The workflow of VOD origin => Edge + MediaCache should be a good workflow for this use-case.

Thanks,

Matt

Hi Matt,

Thanks for the responce.

Actually the idea was to have sufficient storage on the mediacache to cache the most frequently accessed streams. This way remote user from other cities can fully reproduce popular streams from the edge server assigned to them. There is no telling which content will be most popular on each cities so we are thinking of letting the mediacache determine that automatically.

The procedure in the link will require a separate encoder that outputs already encrypted playready content. This could be possible but can the same encrypted content be played and package as HLS by wowza as well? Or would we be only able to play this using Smoothstreaming? If wowza can package the encrypted ismv files to HLS what kind of encryption will it be? Will it encrypt the segments as envelope files like what is discussed in this article https://www.wowza.com/docs/how-to-secure-apple-hls-streaming-using-drm-encryption ?

Regards,

Hello Ferdinand

I’ll attempt some clarification in what you’ve posted above:

You mentioned “They are afraid that the cache storage can simply be copied and reconstructed to have the full version of the content”.

I suppose it is possible but problematic especially if the content is not fully cached yet. The file would be there but only in parts. You could also explore the securing smooth streaming DRM which would allow encrypted vod assets to be stored.

You can run mediacache on your edge and you can pull files from your origin by mounting a network drive on your edge and attaching a mediacachesource to the shared mount.

The workflow of VOD origin => Edge + MediaCache should be a good workflow for this use-case.

Thanks,

Matt