http://www.csimagazine.com/Digital-Editions/CSIApril2015digitalEdition.pdf
As
the video delivery service industry as a whole becomes more
software-empowered, the implementation of cloud-centric security
management would seem a logical progression. However, the issue is
complex and requires some unpicking.
In
some ways, the term cloud is a misnomer. Effectively, DRM delivered
as a service from a scalable platform allows content owners and
providers to shift away from the need to build, maintain and
ultimately upgrade the DRM platforms that are essential for the
majority of service provision.
“In
the past, providers would build their own DRM platforms which would
effectively become a software platform needing maintenance and
upgrades in line with changes to the underpinning technologies and
business evolution,” explains Giorgio
Tornielli, VP Product Engineering, Piksel.
“The
cloud model shifts to a case of integration and customisation with
the ongoing platform development and expansion taken care of by the
service provider. This approach benefits from economies of scale,
specialisation and the ability to provide more ancillary features
that would be prohibitively expensive to develop for a single
in-house installation.”
Several
consumer DRM products (PlayReady, Adobe or Widevine for instance) are
already offered as a cloud service. Cloud
DRM is also an emerging trend for implementing operator DRM products,
and, in particular for smaller operators, suggests NAGRA's Senior
Product Marketing Director, Christopher Schouten, as cloud services
are an efficient way to optimize their own operations while getting a
robust level of service.
Looking
further, Schouten sees large operators “starting to run their own
cloud infrastructure, implementing a generic IT infrastructure server
virtualization approach that brings cost benefits as well as added
elasticity.” Such an approach, he informs, “usually relies on a
combination of a private cloud environment with some highly scalable
online services put on a public cloud or using third party cloud
services, for functions such as multi-DRM management.”
So
there are two broad reasons why migration of DRM in hosted or cloud
environments for pay-TV (VOD) operators is occurring:
1
There are core benefits shared with other cloud technologies
As discussed, it is part of a wholesale shift of the video prep and delivery infrastructure towards pure software subsystems, fundamentally dependent on IP connectivity, which can then be implemented in physical data centres or in cloud CPU resources.
In
this case, according to Steve
Christian, SVP Marketing, Verimatrix, “DRM
technology and business logic does not change.” Some
vendors have taken generic implementations of DRM technologies
(Verimatrix is one) and are offering a SaaS model of key management
based on cloud resources. This, says Christian, “tends to shift the
business model for DRM costs rather than the underlying technology.”
2
OTT multiscreen content delivery
Cloud-based
DRM is an effort to address subscriber interest in viewing online
content that is encrypted in various DRM formats and is made
available through multiple online video providers. This results in
operators needing to support different content packaging and content
protection formats like MPEG-DASH and Common Encryption Scheme
(CENC).
As
more device functionality is moving to the cloud (user interfaces,
DVR storage, preference management etc) vendors sees a greater share
of the core rights management logic moving upstream.
“Traditional
pay-TV operators have been limited to supporting a single DRM vendor
given the operational complexity in rolling out multi-DRM library
support into their device footprint,” Sachin Sathaye, VP, Product
Strategy and Marketing, ActiveVideo. “The compliance rules
associated with supporting DRM vendors further inhibit expanding the
DRM solutions to existing devices that lack sophisticated
cryptographic features.”
Security
and business drawbacks
Deploying
DRM in the cloud in a manner that is secure and in agreement with the
DRM vendors studio compliance rules, is non-trivial.
“It
is very important that DRM infrastructure deployed in the cloud is
done so in a manner ensures studio compliance,” stresses Steve
Plunkett, CTO, Red Bee Media. “The storage of key material is
subject to particular restrictions that must be met to ensure
compliance. It also makes more sense to use cloud based DRM when
media processing workloads in general are moving into the cloud.
Doing so in isolation, while general media processing remains
on-premise, can slow down the media transit path and increase
workflow execution times.”
Christian
emphasises the point: “If the security
approach is simply an isolated subsystem divorced from the rest of
the deployment architecture, there can be potential barriers to
success, including those that arise from managing vital keys and
other essential consumption management control information uniformly
across multiple delivery formats and device screens.”
The
failure to provide a seamless user experience when wanting to
transfer viewing mid-stream of Netflix' House
of Cards
from an iPad to a Samsung smartTV, at best risks alienating the
subscriber to another service, at worse pushes them toward pirate
sites.
“The
real business challenge for operators who wish to target the broadest
number of devices is to eliminate service distribution and
consumption silos that serve only to frustrate consumers and may
nudge them towards alternative sources,” says Christian. “One
aspect of this is the need to enable support for multiple native DRM
systems on the devices and browsers in use, and to provide the user
with a transparent consumption experience.”
The
purpose of security goes far beyond the defensive aspects of
addressing piracy and theft of service, says Christian, “to that of
ultimately enhancing the subscriber’s quality of experience (QoE)
while also underpinning the operator’s bottom line.”
Partly
for this reason we've not yet seen the wholesale movement of DRM into
virtualised environments. “The cloud aspect of DRM is not a
process that aggregates large amounts of sensitive customer
information, billing or account accessibility,” explains Tornielli.
“In
essence, it is a streamlining of a well-understood process that has
typically resided in-house and can now be consumed as an externalised
service due to the maturity of connectivity and virtualised computing
technologies.”
André
Roy, Head of Security Practice, Farncombe warns
that not all cloud-based DRMs are optimised to handle content
preparation. “We audit CA (conditional access) systems and can say
that there are few cloud-based DRM systems that meet studio
content handling requirements for handling unencrypted content.
Primarily, having studio quality mezzanine files unencrypted in the
cloud would not meet MPAA (Motion Picture Association of America)
requirements. All encryption would need handling in a physical
facility rather than in the cloud.”
One
cloud workflow that does meet MPAA requirements is Akamai's.
According to Akamai content providers need only upload a single
source file to the Akamai Cloud – “which will then facilitate DRM
processing in addition to transcoding and stream packaging for
optimized, secure delivery to connected devices” the initial
reception and encryption is believed to occur in a non-cloud based
secure facility.
Verimatrix
suggest that Full DRM systems (generally
consisting of digital rights to manage, encryption, license
management, and a DRM-enabled client)
can be deployed in the cloud “very easily as a part of an overall
video delivery system” but it doesn't see this as the gold standard
right now for pay-TV. “Physical data centre deployment and virtual
machine deployments are still quite popular, although interest in
cloud implementations is growing,” reports Christian.
Another
potential drawback is flexibility. In certain cases, cloud based
services will only support a limited set of DRM technologies. “If a
particular feature is not available then it is not always possible to
just build it yourself and add it to the mix,” reports Tornielli.
“The
cloud can be defined as a shared multi-tenant environment so the
timescale of upgrades, features and fixes are dependent on the
diligence of the provider.”
Piksel
suggests cloud
DRM solutions are a relatively small percentage of deployments
(probably less than 1%) “although growing faster than on-premise
implementations.”
Only
a partial shift of the DRM infrastructure to the cloud is expected
from Telekom
Innovation Laboratories,
the research wing of
Deutsche
Telekom.
“This shift implies the adaptation of the current DRM
infrastructure towards more centrally hosted key servers and
therefore an overall reduction in the number of key server APIs for
the service operator,” says Dr.
Oliver Friedrich.
“It also implies the adaptation of content servers hosting files
encrypted by means of common encryption scheme, which could also
simplify the DRM encryption infrastructure.” Therefore, he says, a
real move into the cloud is not taking place.
The
primary DRM innovation for Friedrich,
is driven by the browser and multi-device scenarios and technologies,
such as MPEG DASH with CENC and HTML5 EME. The most important factor
is the de-coupling of the content from the DRM system itself.
Tackling
Fragmentation
Fragmentation
of the DRM market coming from the deprecation of the plug-in APIs on
the Google Chrome browser and the emergence of a DRM-per-device
platform environment has focussed attention on cloud deployment as a
solution, argues David Leporini, EVP of Marketing, Products and
Security, Viaccess-Orca.
The
recent Chrome update is only the beginning of a series of changes to
DRM support on web browsers. All browser vendors are moving to embed
a specific DRM technology on each of their web platforms. This means
that any OTT service viewed on a PC, Mac or the browser of any CE
device will need to support multiple DRMs in order to ensure that all
viewers can playback the content.
“This
is just the start of an industry-wide evolution,” contends Ben
Gidley, Director, Multiscreen Solutions, Irdeto.
“A single DRM for your OTT service will no longer be sufficient to
reach multiple platforms. But as the different DRM technologies are
becoming increasingly device- and browser-specific, the impact will
not be limited to DRM selection alone.”
As
this fragmentation continues, managing multiple DRMs, devices and
browsers will become increasingly difficult. “Operators will need
to ensure they either have the resources internally or a partner that
can provide a multi-DRM platform designed to remove all that
complexity,” says Gidley. “This challenge extends beyond just
multi-DRM to both the head end and client side.”
Opinion
seems divided as to how a cloud solution can solve the issue. “The
scenario is now unfolding where each browser vendor is headed towards
implementation of a protected media stack implemented around a
specific proprietary DRM with no mechanism to expand the default
option,” says NAGRA's Christian.
“This
seems likely to move the market from a form of streaming
fragmentation based around protocols to one divided by proprietary
device and browser silos. There’s nothing about cloud
implementations of DRM per se that seem to be able help with this
self-inflicted wound.”
Some
vendors, like Piksel, point to the compatibility and simplification
as significant benefits offered by cloud-based DRM. “Each
DRM schema has a cost and technical requirement to meet the needs of
the addressable audience,” says Tornielli.
“These factors are not set in stone and as business evolves, cloud
DRM enables organisations to dynamically change which DRM
technologies they use, for which devices and services. This
simplicity allows DRM
to be agnostic to much more critical changes in business strategy.”
Leporini
also points to the the reduced complexity afforded by cloud
deployments. “The complexity introduced by various content
packaging formats, streaming protocols, and DRMs to be supported can
be managed using a single platform in a multi-tenant mode of
operations,” he says. “In situations requiring real-time
on-the-fly packaging of content, such as in certain network PVR and
catch-up deployments, content service providers may benefit from the
scalability and elasticity of cloud infrastructures.”
For
ActiveVideo there
are three obstacles
that need to be overcome for cloud-based DRM to solve fragmentation:
First, the reality that in the pay-TV environment, the DRM is 'baked
into' the set-top box or the set-top browsed and cannot be changed;
Second, that few IP STBs support multi-DRM, and the increased cost of
multi-DRM devices is an impediment to deployment of those devices at
scale; and third,
not all content owners are able to or willing to invest in multi-DRM
solutions.
Recommendations
For
an organisation with no existing investment such as a new OTT, SVoD
or TVoD entrant, it’s hard not to make the case for cloud based DRM
from day one. Little CAPEX, fixed OPEX, rapid time to market and an
easy scale up or even down model that reduces risk.
Telekom
Innovation Laboratories
says it will wait and asses what the strategies of suppliers are.
“There are limitations in current implementations,” emphasizes
Friedrich.
“Moreover, support for interoperability is currently not being
offered by most market-leading DRM providers.”
For
an organisation with an existing DRM investment, it is a case of
examining the numbers, advises Tornielli.
“Organisations
need to understand how much current DRM actually costs including
licences, training, data centre and server costs, upgrades and
support. These numbers also need to be considered against the
direction of travel of the business. For example, will the service
need to support new device types or operating models such as TVoD.
Also, ask the same questions of the cloud provider. Get definite
costings and pose some ‘what if?’ scenarios to see how
alternatives stack up. All clouds are not created equally.”
Vendor
strategies
Viaccess-Orca’s
approach consists of solving the DRM fragmentation issue facing the
industry through its multi-DRM solution called Connected Sentinel,
which is available as a hosted service and also integrated with cloud
infrastructures for DRM management and content preparation.
ActiveVideo’s
CloudTV StreamCast is described as a “comprehensive solution for
delivery of online video to any existing pay-TV STB”. It addresses
- in the cloud and in real time -- Content Experience and Content
Delivery, in addition to Content Protection. “These are the three
key technological hurdles pay-TV operators face in bringing online
video to STBs at scale,” says Sathaye.
Verimatrix
offers cloud-based instances of its Video Content Authority System
(VCAS) to help facilitate integration for virtual end-to-end
solutions. “While yesterday’s legacy systems tended to have
large, proprietary hardware components —making it complex and
cumbersome to integrate multiple solutions — software- and IP-based
components can better support a cloud-based approach that relies on
virtual resources,” says Christian. Verimatrix
MultiRights also brings CE devices with embedded, non-Verimatrix
clients under the VCAS security umbrella.
Irdeto's
service maps a central list of operator owned content with the users
entitlements and then maps that to each DRM according to the business
rules for each content play. It does this for Liberty Global,
Australia's Foxtel and ITV among others.
NAGRA
says its MediaLive Services Platform, featuring multi-DRM
capabilities and available as a cloud service, provides an efficient
architecture for delivering a complete end-to-end content preparation
and delivery solution. It includes secure player apps for multiple
consumer devices that leverage studio-approved NAGRA anyCAST PRM.
MediaLive can also deliver specific vertical functions, such as
multi-DRM support and related workflow capabilities, to be integrated
into an existing operator platform (that can be in-house or
'cloudified').
No comments:
Post a Comment