Edit

Syndicating Live Smooth Streams between Servers

  • Article

by John A. Bocharov

This walkthrough describes how to configure Live Smooth Streaming server-to-server syndication and uses the following terms to distinguish the servers involved:

  • Downstream. The server that is closer to the client in the delivery chain.
  • Upstream. The server that is closer to the encoder in the delivery chain.

Requirements

Usage Scenario

Live Smooth Streaming servers can be configured to receive content pushed from an encoder, or to pull content directly from another Live Smooth Streaming server. This walkthrough describes how to configure the servers for content syndication, and outlines steps to help secure the communication against misuse. The scenario is enabled through the following steps:

Security Best Practices

When communicating on an untrusted or partially trusted network, the following precautions are recommended:

  • Only enable Allow client connections for Live Smooth Streaming publishing points that you plan to use for streaming content to users.
  • Only enable Allow server connections for Live Smooth Streaming publishing points that you plan to use as an upstream source for server-to-server content syndication.
  • For any publishing points that use a "Push" Live source type, configure URL Authorization to restrict unauthorized POST attempts by following the steps in Securing the Upstream Publishing Point.
  • For any publishing points that allow server connections, follow all of the steps in this walkthrough to configure URL Authorization to help prevent unauthorized server-to-server syndication attempts.

Configuring the Upstream Publishing Point

To configure the Live Smooth Streaming publishing point on the upstream server, follow the steps in the Creating a Publishing Point section of Creating and Managing Publishing Points. The applicable scenario is: Deliver a Live Presentation to Other Web Servers.

Securing the Upstream Publishing Point

To help secure the publishing point on the upstream server, do the following:

  1. Create a user account for syndication
  2. Disable anonymous access
  3. Enable access for approved servers

Create a user account for syndication

Create a user account for use by authorized servers by doing the following (skip to Disable anonymous access if using an existing account):

  1. Open Server Manager (click Start > Administrative Tools > Server Manager).
  2. In the contents pane, navigate to the Users folder (Configuration > Local Users and Groups > Users).
  3. On the Action menu, click New User. - In the New User dialog box, enter a user name and password for the user, and clear the User must change password at next logon check box.
    Screenshot of the New User dialog box. User name is set to syndicator.

Disable anonymous access

Disable anonymous access for the Web site or server by doing the following:

  1. Open IIS Manager (click Start > Administrative Tools > Internet Information Services (IIS) Manager).

  2. In IIS Manager, navigate to the appropriate level in the Connections pane. Choose the folder, Web site, or the entire server such that the scope covers the publishing points for which you do not want to allow anonymous access.

  3. Select Features View in the center pane, if it is not already selected.

  4. In the Home page, in the IIS area, open the Authorization Rules feature.

    Screenshot of the I I S Manager with the Authorization Rules option being highlighted.

  5. In the Authorization Rules feature page, locate the rules whose Mode column is set to Allow and whose Users column is either All Users or Anonymous Users.

  6. For each such rule, select the rule and then in the Actions pane, click Remove.
    Screenshot of the Authorization Rules feature page with the Remove option in the Actions section being highlighted.

Enable access for approved servers

Add a rule that allows access for authorized users and servers by doing the following:

  1. Open IIS Manager (click Start > Administrative Tools > Internet Information Services (IIS) Manager).
  2. In IIS Manager, navigate to the appropriate level in the Connections pane. Choose the folder, Web site, or the entire server such that the scope covers the publishing points for which you do not want to allow anonymous access.
  3. Select Features View in the center pane, if it is not already selected.
  4. In the Home page, in the IIS area, open the Authorization Rules feature.
  5. In the Authorization Rules feature page, in the Actions pane, click Add Allow Rule.
  6. In the Add Allow Authorization Rule dialog box, select Specified users, and then enter the user name that you chose when creating a user account for syndication.
    Screenshot of the Add Allow Authorization Rule screen.

Configuring Credentials for the Downstream Publishing Point

To configure credentials on the downstream publishing point, do the following:

  1. In IIS Manager, in the Connections pane, click a Web site.

  2. Select Features View in the center pane, if it is not already selected.

  3. In the Home page, in the Media Services area, open the Live Smooth Streaming Publishing Points feature.

    Screenshot of the Default Web Site Home screen with the Live Smooth Streaming Publishing Points option in the Media Services section being highlighted.

  4. In the Actions pane, click Manage Credentials.
    Screenshot of the Actions pane with the Manage Credentials option being highlighted.

  5. In the Manage Credentials dialog box, click Add.
    Screenshot of the Manage Credentials dialog box with a highlight on the Add option.

  6. In the Add Credential dialog box, enter the user name and password that matches an authorized account on the upstream publishing point and a friendly name for the credential, and then click OK.
    Screenshot of the Add Credential dialog box, including the O K option.

Configuring the Downstream Publishing Point

To configure the publishing point on the downstream server, follow the steps in the Creating a Publishing Point section of Creating and Managing Publishing Points. The applicable scenario is: Deliver a Live Presentation from Another Web Server.

Basic Settings

  1. In the Live Smooth Streaming Publishing Points feature page, in the Actions pane, click Add.
    Screenshot of the Actions pane, with a highlight on the Add option under Publishing Point.

    -or-

    If the downstream publishing point has already been created, in the Live Smooth Streaming Publishing Points feature page, click the publishing point name, and then in the Actions pane, click Edit.
    Screenshot of the Actions pane with a highlight on the Edit option.

  2. In the Add Publishing Point (or Edit Publishing Point dialog box), on the Basic Settings tab, do the following:
    Screenshot of the Add Publishing Point dialog box, with syndicated in the file name field, Syndicated Publishing Point in the Title, 01:00:00 in the Estimated duration, and Pull in the Live source type fields.

    • In File name, enter the file name for the publishing point.
    • (Optional) In Title, enter a title for the presentation.
    • (Optional) In Estimated duration, specify the duration of the presentation.
    • In Live source type, select Pull.

  3. Click Add.
    Screenshot of the Add Publishing Point dialog box with a focus on the Add option.

  4. In the Add Publishing Point URL dialog box, enter the URL of the publishing point on the upstream server in the URL text box, and select the friendly name of the corresponding credential in the Credential drop down list. Click OK to accept.
    Screenshot of the Add Publishing Point U R L dialog box, showing the U R L and Credential fields, along with the O K option.

Advanced Settings

On the Advanced Settings tab, clearing the Allow server connections check box is recommended unless the publishing point will be used for further syndication.
Screenshot of the Add Publishing Point dialog box with the allow server connections option being highlighted.