This tutorial provides you a step by step guide to configure Widevine licence delivery and Widevine common encryption packaging with MPEG-DASH for streaming your asset. The sample code I provide here will also include PlayReady configuration. Thus, you can deliver a multi-DRM stream to reach multiple browsers. The code repository for this guide is posted here. Read more here
Here is some tips to help you debug your stream while configuring AES dynamic encryption in Azure Media Services. Please leave your questions if you don’t find it covered below so I could add yours. I intend to introduce tools to help you easily diagnostic your problem, however, all these steps introduced below can be achieved using APIs as well.
Before going into any of the step below, please double check whether you have at least 1 streaming reserved unit configured. You will need that to proceed with dynamic encryption. The following picture shows the correct setting under Streaming Endpoint tab in your media account: Read More…
This blog shows you how to configure ACS with Azure Media Services AES/PlayReady license services with token authentication. The source code is listed here: https://github.com/AzureMediaServicesSamples/AES-Key-Delivery-with-ACS. Please download the source code in order to configure Key authorization policy.
1. Go to the Active Directory Tab in the Azure Management Portal
2. Click on Access Control Namespaces in options at the top of the page and click “+ New” and select Access Control -> Quick Create to create a new ACS Namespace. Read More here
This is the Q&A page for AES and PlayReady license service in Azure Media Services, please email email@example.com if you have any questions.
- How can we setup a PlayReady license server in Azure Media Services?
You could either configure a license server through portal or our REST or .NET SDK. You could view the set up tutorial here.
- How can we manage content key in Azure? [encrypt/decrypt content]
The IContentKey interface and the ContentKeyCollection in our .Net Client SDK is used to interact with Content Keys in our system. You can create them, delete them, get the clear key value back, etc. There are also SDKs for other languages or a REST API if that works better for your development environment.
Azure Media Services announced the Public Availability of Azure Media Services Content Protection a month ago, which offers the capability to encrypt your media content with AES or PlayReady content protection. Now, with Media Services, you could ingest, encode, adding content protection and stream your content. However, there are customers who ask me the question, what if I want to just move my License/key delivery server onto Azure Cloud Platform first, and keep my encoding, encryptor and streaming server on premises, could I do it with Azure? The answer is yes, and this blog would walk you through the integration. I will use PlayReady as an example to explain the concept in this blog, however, the same logic applies to AES key server integration as well. Read more here
In Azure Media Services, there are two ways to encrypt your content regardless you are applying common encryption (PlayReady) or envelope encryption (AES) onto your content: dynamic encryption or static encryption. This blog will explain to you the difference and when to use which.
This is what we always recommend. Once you encode your file into multi-bitrate Mp4, you could configure the file to be encrypted by defining Content Key, Content Key authorization policy and asset delivery policy. The file is stored in clear in the storage, of course, you could put storage encryption on the container, which is optional. After configuration, our streaming server will apply sample level encryption on your media file on the fly. For example, if you configure AES dynamic encryption for HLS streaming protocol, our streaming server will encrypt your file on the fly with AES envelope encryption and deliver through HLS. Below is a diagram to show you how dynamic encryption works in Azure Media Services: Read more here