With most of the key components of Azure Media Services (AMS) currently or soon to be in GA (General Availability), the author would like to share his comprehensive AMS tool.

This is a comprehensive tool set and covers all key areas of Azure Media Services:

1. Live
2. VOD
3. Live-to-VOD management and live archive diagnostics
4. PlayReady protection (both live and VOD)
5. AES-128 Encryption (both live and VOD)
6. Ad insertion (for Aventus live encoder)

The functionality included in this tool is based on real world solutions/use cases.

This tool has been “battle tested”:

1. This tool is used to test scenarios in NBC Sports solution as part of the release sign-off testing process of Azure Media Services.
2. This tool was used for NBC Sports event live streaming before iStreamPlanet CMS tool was ready.
3. This tool was used extensively in supporting Sochi Olympics streaming at both NBC Sports and Deltatre (for its diagnostics functionality).
4. This tool was used for operating a 24×7 live streaming engineering environment used by 15 vendors across North America, Europe and Asia, throughout the engineering process of NBC Sports/Sochi Olympics project.
5. This tool was used for all the VOD transcode workflow performance testing on both Azure Media Processors and Kayak Media Processor, for VOD subsystem in NBC Sports/Sochi Olympics project.
6. Majority of the source code in this tool has been shared with iStreamPlanet to develop their CMS tool for operating the NBC Sports/Sochi Olympics solution.
7. Part of the source code in this tool has been shared with Deltatre for some critical features during Sochi Olympics project.
8. This tool was also used to create the end-to-end PlayReady protection prototype and the end-to-end AES encryption prototype.

The source code has been approved by Microsoft LCA for OSS release under MIT license and can be found on GitHub.

Feature Highlights

In order to highlight the scope and capability of this tool, I’m listing a subset of the features of this tool which are all used in real-world solutions such as NBC Sports/Sochi Olympics solution, which is a line of business (LOB) solution used by NBC Sports for their daily sports streaming.

ACS Redundancy

It is well known that all AMS API calls, regardless it is REST or .NET API, requires a valid ACS bearer token and this ACS token is obtained from AMS ACS. Naturally, you would not want to rely on a single ACS instance during an important live event. If you cannot get an ACS token during a live event, you lose the access to everything in your media service, which is disastrous.

This tool provides an implementation for automatic failover among multiple AMS ACS instances, and provides “stickiness” with the “preferred ACS”. Specifically, the ACS redundancy feature in this tool meets the following live production requirements, good enough to be used for running 2014 Sochi Olympics live streaming:

Converting Azure Blob to AMS Asset

Often you have the physical video files as a blob in Azure storage and you need to convert it to AMS IAsset. This tool provides the conversion in the following scenarios:

1. The blob is in the storage associated with the media service you are working with;
2. The blob is in a storage NOT associated with the media service you are working with;

Creating Consistent URL across Data Centers for CDN

The URL for a live program in AMS is of the following format:

http://[origin_name]-[media_service_name].streaming.mediaservices.windows.net/[locator_id]/[manifest_file_name].ism

For example, http://chaventus-willzhanmediaservice.streaming.mediaservices.windows.net/faecd1a8-71de-4f1e-8607-739c989301d5/LyncSkypeSizzleVideo750k.ism/Manifest

Normally, a locator ID is a generated GUID.

If we use two data centers for redundancy, for the same live channel and program, we would need the two URLs differ only in the host name parts, and identical in the virtual paths. This requires that when we create two corresponding programs in two separate data centers, the locator ID (hence its locator path) are exactly the same and manifest file names are exactly the same.

This tool provides this capability in creating a program for live streaming.

Creating a Program in Specified Storage

Azure Media Services allows one to use multiple Azure storage for a single media service. For better reliability, a media service may use multiple underlying Azure blob storages for storing live archives or on-demand assets.

The tool allows one to specify which storage to use when creating a program. This way, multiple concurrent channels can distribute archiving load across multiple blob storages.

Live Archive Diagnostics

Besides providing normal operations, this tool also provide diagnostics of live streaming and live archives. It can quickly discover live archiving issues during and after a live streaming. For example, the tool can diagnose and report the following issues:

1. “Jagged start” in live archive and which quality levels are missing the first fragments. Live archives often have “jagged start”. According to WAMS team this is hardly a bug but due to the fact that fragments arrive at a different time.

1. Network delay between Aventus feeds and Azure ingest: delays and bursts from Aventus buffer. Normally, if we use 6 second GOP, the time difference between consecutive fragblob write should be in the neighborhood of 6 seconds. The second column below shows the actual time difference between two consecutive fragblobs minus 6 seconds.

1. Missing fragblobs in a live archive: the start time difference between two consecutive fragblobs should be around 6 seconds. If much bigger than that, there are missing fragblobs.

Content Protection

1. Dynamic PlayReady protection of on-demand streaming;
2. Dynamic PlayReady protection of live streaming;
3. Dynamic AES encryption for on-demand streaming of assets without storage encryption;
4. Dynamic AES encryption for on-demand streaming of assets with storage encryption

Content protection involves multiple subsystems in a solution: dynamic protection/encryption, license/key delivery, STS for authenticating a player client and issuing authorization token, origin and player. Please see the following two blogs for end-to-end content protection design and implementation, published in Azure Blog – Media Services:

1. An End-to-End Prototype of AES Encryption with ACS Authentication and ACS Token Authorization
2. An End-to-End Prototype of PlayReady Protection with ACS Authentication and ACS Token Authorization

Notice that the two end-to-end prototypes/designs have been upgraded to JWT token authentication in addition to SWT.

Limitations

This tool does have limitations. The main limitation is its lack of a user-friendly UI. The tool is of Windows console type Visual Studio project (one for live, one for on-demand and the other for ad marker insertion), with a color console custom class for color-coded UI. I personally found the most convenient way to use the tool is to “use Visual Studio as the User Interface” (changing input parameters, compile and run). Of course this requires the user to understand basic C# syntax.

The ideal UI would be a web UI backed by the following

• Authentication provided by Azure Active Directory;
• Multi-tenant so that different customers can use it against their own media services;
• Hosted as a SaaS in Azure so that there is no need for user to install/setup

I’m sure this day will not be far.

ACKNOWLEDGMENT: Special acknowledgment goes to many members of Azure Media Services Team for their help and insights over the years.