This is a training deck that focus on Azure Media Services Content Protection.

1. Microsoft Azure Media Services
and Content Protection
Mingfei Yan (@mingfeiy)
Senior Program Manager - Azure Media Services – yanmf@microsoft.com
Microsoft Azure

2. Agenda
• Overview of Microsoft Azure and Azure media services
• Typical media workflow
• Encoding
• Dynamic packaging
• Indexer
• Content Protection
• Hosted AES and PlayReady License delivery
• Dynamic encryption
• Live streaming

3. 16 Regional Data Centers
29 CDN Super POPs
Azure is an open and flexible cloud platform that
enables you to quickly build, deploy and manage
applications across a global network of Microsoft-
managed datacenters. You can build applications
using any language, tool or framework. And you
can integrate your public cloud applications with
your existing IT environment.
Microsoft Azure
What is Azure?
Azure enables you to easily scale applications to
any size. It is a fully automated self-service
platform that allows you to provision resources
within minutes- Elastically grow or shrink your
resource usage based on your needs. You only pay
for the resources your application uses. Azure is a
available in multiple datacenters around the world,
enabling you to deploy your applications close to
your costumers.
Unlimited servers.
Unlimited storage.Azure delivers a 99.95% compute SLA and enables
you to build and run highly available applications
without focusing on the infrastructure. It provides
automatic OS and service patching, built in network
load balancing and resiliency to hardware failure. It
supports a deployment model that enables you to
upgrade your application without downtime.
Always up. Always on.

4. Digital media landscape is always changing:
The Challenge & The Opportunity
Huge capital investment requiredVideo is the new currency

5. H.264
HLS
DASH
Azure Media Services
Microsoft’s cloud platform now enables on
demand and live streaming video solutions
for consumer and enterprise scenarios.
Introducing
Azure Media Services

6. Plus a growing
ecosystem of value-add
third party partner
components
Live &
On Demand
Streaming
Content
Protection
Encoding,
Packaging,
and Indexing
Cloud Upload
& Storage
Scalable components for
building custom media
workflows in the cloud
What do we mean
by Azure Media Services?
Player
Clients
Integrated
CDN

7. 7
What you can do with Media Services
Enterprise video
management
Distribute and manage
corporate communications, IT,
HR content and training.
Web video for digital
marketing platforms
Services and tools for video
preparation, management and
publishing.
Live and Premium on-
demand streaming
Reach hundreds of millions of
device endpoints.

8. Wide Adoption
Premium video
on-demand
content,
broadcasts & live
event streaming,
online video
platforms for web
and mobile,
enterprise video
management….
And more!

9. Subscription Video Service
"With Microsoft
Azure, we instantly
have a scalable
video encoding
platform. We can
spin up hundreds
of encoding servers
when needed and
let them go when
the job is done."
-Jon Robinson
Group Head of IT,
blinkbox

10. Live to Video-on-Demand
“The functionality
and power behind
Microsoft Azure really
helped us develop,
implement, scale and
launch a video-
capable website in
near record time.”
-Chris Witmayer, Director
of Broadcast, Production
and New Media Tech,
NASCAR Production

11. NBC Sports streams Super Bowl XLIX live on Azure

12. Plus a growing
ecosystem of value-add
third party partner
components
Live &
On Demand
Streaming
Content
Protection
Encoding,
Packaging,
and Indexing
Cloud Upload
& Storage
Scalable components for
building custom media
workflows in the cloud
What do we mean
by Azure Media Services?
Player
Clients
Integrated
CDN

13. • Elastically scale to support lots of parallel jobs
• Pay only for what you use, charged per Output GB
• Manage via Azure Portal, API, or Azure Explorer Desktop Tool
Azure Media Encoding Features
• Broadcast/Studio quality video and audio formats
• Video - H.264, MXF, DVCPro, MPEG2 TS, WMV, De-interlacing
• Audio - AC3/Dolby Digital+, AAC,-LC, Multi Language Tracks
• SD, HD, or 4K AVC content
• Closed Captioning Support

14. Access to the capacity and
performance that you need for
bursting to the cloud.
Basic Standard Premium
ENCODER PERFORMANCE

15. Demo
Azure management portal

16. Dynamic packaging
Allows you to re-use your encoded content and bring it to various streaming formats without repackaging the
content.
Video sources Multi-bitrates Mp4
Origin Server
HLS
Smooth
Streaming
Encode
Video sources Multi-bitrates Mp4
Or Smooth Asset Origin Server
HLS
v3, v4
Smooth
Streaming
Encode
Dynamic
Packaging
Traditional Encode and Package
Dynamic Packaging
MPEG
DASH
HDS

17. Formats
http{media services account name}.origin.mediaservices.net/{locator
ID}/{filename}.ism/Manifest(format=mpd-time-csf)
Streaming Locator
Format Syntax
Smooth Streaming
MPEG DASH (format=mpd-time-csf)
Apple HTTP Live Streaming (HLS) V4 (format=m3u8-aapl)
Apple HTTP Live Streaming (HLS) V3 (format=m3u8-aapl-v3)
HDS (for Adobe PrimeTime/Access licensees only) (format=f4m-f4f)
bit.ly/playerdemo

18. Azure Media Player
Cross platform
JavaScript based player, detecting platform,
provides best experience
Defaults to open standards where
possible
Will switch to different packaging
depending on platform
Knows how to request streams from
Azure Media Services
“just works” experience
Aka.ms/azuremediaplayer

19. Media Services APIs and SDKs
REST API for all platforms
Reference: http://msdn.microsoft.com/en-us/library/windowsazure/hh973617.aspx
.NET library
Nuget package: https://nuget.org/packages/windowsazure.mediaservices
GitHub: https://github.com/Azure/azure-sdk-for-media-services
Extensions for .NET SDK: https://github.com/sazure/azure-sdk-for-media-services-extensions
PHP Library
GitHub: https://github.com/windowsazure/azure-sdk-for-php
Open Tech blog with demo: http://msopentech.com/blog/2014/01/23/ms-open-technologies-enhances-open-source-php-sdk-windows-azure/
JAVA library
http://www.windowsazure.com/en-us/develop/java/java-home Windows / Mac / Linux
GitHub: https://github.com/windowsazure/azure-sdk-for-java/
PowerShell cmdlets
How to use: http://www.gtrifonov.com/2013/08/24/how-to-use-windows-azure-powershell-for-media-services/
Node.js library
GitHub: https://github.com/fritzy/node-azure-media

20. Introducing Azure Media Indexer
Natural Language Processing technology
Catalogue vast content libraries
Generate transcripts from multimedia
Will support OCR, multiple languages, Search, Deep linking
Used by The Washington Post, NASA/JPL, and many others
Media Intelligence and Content Enhancements

21. Demo
Azure Media Services Indexer (link)

22. Azure Media Content Protection

23. Encrypt Smooth Streaming content with PlayReady
protection via common encryption scheme (CENC),
and the option of packaging it into HLS or DASH.
PlayReady technology allows you to define restrictive
licensing agreement to manage user access rights to
your media.
Source: IDC Successful Cloud Partners 2013
Microsoft PlayReady®
Who should use this feature:
Premium studio content or high business impact content: Key
is encrypted and decryption happens in a secure DRM decoder
environment
How to choose the best content protection method
Encrypt on-the-wire communication using the
widely-known symmetric AES encryption algorithm.
An authentication service for key is provided.
Source: IDC Successful Cloud Partners 2013
AES Clear Key encryption
Who should use this feature:
Trusted audience or time-valued content: Key is stored in
clear format so it can only be used with trusted users or
content that has time value associated with it. Used to prevent
“man-in-the-middle” attacks

24. Dynamic Packaging and Dynamic Encryption
Video sources
Smooth Streaming
Origin Server
Smooth
Streaming
+ PlayReady
Encode
Dynamic
Packaging
Static encryption
DASH
+ CENC
PlayReady
Smooth Streaming
+ PlayReady
Encryption
Video sources Multi-bitrates Mp4
Or Smooth Asset
Origin Server
HLS
+ AES or PlayReady
Smooth
Streaming
+ AES or PlayReady
Encode
Dynamic
Packaging and
Encryption
Dynamic Encryption
DASH
+ CENC

25. Storage
• MP4
Define:
Streaming
Endpoint
PlayReady/ AES Key Services
Token
verification
PlayReady License/
AES Key
Customer’s
Auth system
Content Key
Authorization policy
(Token/IP/Open, license template)
asset
Asset Delivery policy
(HLS with AES) or
(Smooth Streaming with PlayReady)
Client SDK
Customers
Architecture – Dynamic Encryption with AES/PlayReady

26. JWT Token Acquisition
When and for how long is it valid?
(Unix time, secs since 1st Jan 1970)
Who is it intended for?Who issued the token?
JWT Tokens can be generated by anyone and require at minimum:
Issuer Audience Expiration
HMAC SHA-256 (symmetric key) or RSA SHA-256 (asymmetric key, x509 certificate)
{ "aud":"https://contoso.com/relyingparty",
"iss":"https://contoso.accesscontrol.windows.net/",
"nbf":1336067338,"exp":1336070938,"nameid":"frankm",
"identityprovider":"contoso.com",“role”: [ “admin”, “user” ]}
• Header.Claim[.Claim].Signature
• Signed with symmetric or assymetric
key
Not Before
{"typ":"JWT","alg":"HS256"}
_3dZQ6cmmFgrZ_-VmOLrr7CHne3Xdko_WtE6-Je5Ihw

27. Player Your Backend
Authenticate User
Give back signed JWT token
Symmetric/Asymetric key, used
to configure
key auth policy with
JWT Token
Configure
Player to use Token
AMS Key Service
Check token from Auth
header/parameters
Player
plays media &
decrypts with key
Token Workflow

28. Demo
Dynamic encryption for on-demand
Playback with Smooth and DASH

29. A No-Code Easy UI way
to use Media Services
Release
http://aka.ms/amse
Source code
https://github.com/Azure/Azure-Media-Services-
Explorer
Blog post
http://azure.microsoft.com/blog/2014/10/08/managi
ng-media-workflows-with-the-new-azure-media-
services-explorer-tool

30. Features
Assets
Upload from local, watch folder, batch, drag & drop
Import from Azure, http (S3)
Download and export to Azure
Information & report, asset files management
Processing
Encode with AME, AME Advanced, Zenium
Call Content Indexer, or any processor
Job template, priority, information & report
Publish
Dynamic encryption
License & key delivery setup
SAS and Origin locators
Playback the content
Live
Create/Manage/Delete live channels and programs

31. Channel
Azure Load Balancer
Blob Storage
Preview URL
Program URL
Ingest:
Ingest endpoint to accept Live streams with
different bitrates (RTMP/smooth streaming)
through load balancer
Convert ingest data to fMP4
(e.g. RTMP fMP4)
Forwards the stream to all preview end-points
Preview:
Receives stream from Ingest
Forwards to Program
Exposes Preview URL (for monitoring)
Program:
Writes it to Blob Storage for Archive/DVR
Dynamic package into HLS, Smooth and DASH
Dynamic Encryption with AES or Playready

32. Storage
FMP4
Streaming
Endpoint
Client SDK
Players
Architecture: Live Streaming with dynamic encryption
Channel
Program
Multi-bitrate
RTMP/Smooth
Preview- monitoring
PlayReady license/ AES Key Services
Token
Authentication
PlayReady
License/ AES Key
Customer’s
Auth system

33. Azure
Azure Storage Streaming EndpointChannel
Ingest
URL
Preview
URL
Wirecast
RTMP
Smooth,
DASH or
HLS
Live Streaming Demo
Playback
AMS Explorer

34. Demo
Live streaming with content protection

35. Content Protection – Hybrid modes
35
Dynamic Encryption PlayReady license delivery
Cloud with Azure Media Services
Hybrid with your own server with Azure Media Services
Hybrid with Azure Media Services with your own server

36. Key Takeaways
• Media Services are easy, flexible, and powerful
• Customers can reach any device using any protocol
• Partner ecosystem: easily build-in or build-on
• Content protection across all clients
• Pay for what you use, easy to understand billing
• Any media, on any device, delivered from the cloud

37. Resources
www.azure.com/media
Receive $200 Azure Credit when you sign up
Content Protection documentation
http://msdn.microsoft.com/en-us/library/azure/dn282272.aspx
Sample code
https://github.com/AzureMediaServicesSamples
Mingfei’s blog
http://mingfeiy.com/
Email me at yanmf@Microsoft.com