Viostream security features are designed to ensure content storage and distribution is in line with our customers' corporate security policies.
From media encryption and URL signing to Sites Single Sign-On Active Directory Federation Services, we ensure that you have full control over who gets to see your content and protect you from unwanted sharing or malicious interference.
- Encrypted Streaming: Prevents man-in-the-middle access to the stream using encryption by delivering the stream over SSL (HTTPS).
- Adaptive Streaming: Adaptive streaming (HLS/HDS) breaks the source video file up into multiple short chunks across varying bit rates. The URL passed to the player is not a video file, but a manifest file that provides the player with information on each stream. The source video file cannot be downloaded by the viewer.
- User Registration: Video portals can be configured to require registration, and registered users must log in with a valid username and password to access content. Admins can choose whether registration is open to all users, or whether users must be activated by an admin first.
- SSO (Single Sign-on): Centralise access control by connecting your Active Directory or LDAP servers with Viostream using multi-factor authentication, directory integration based on SAML. This allows customers to authenticate users to view protected video portals, webcasts and media asset content using existing corporate directory groups. For more information, see [Sites Single sign on].
- URL signing: URL signing gives you the ability to protect content from unauthorised access by generating aURL that is valid only for a period of two (2) hours. For more information, see [URL signing].
- IP Restriction: IP Restriction prevents access to a site or media asset from any IP address outside a specified whitelisted range. Multiple restriction profiles can be configured and individually applied to specific sites or assets.
- URL / Domain Restriction: Prevents player from being embedded in unauthorised domains through a domain whitelist. If someone copies the player embed code, the player will not render and playback will be prevented. For more information, see [Managing content restriction profiles].
What does it do?
The module gives clients the ability to restrict playback of media assets to only those registered viewers who are 'authenticated'.
When you enable the new 'Asset security' setting on a media item, you are restricting a user from viewing that media, unless they are an authenticated Viostream member (Viostream member or they are using Single Sign On - SSO).
This means that the only way a user will be able to view your media will be when they are authenticated through your Viostream Site.
As an additional security measure we have introduced a feature called Disable embeds. This feature disables all attempts to embed your media, forcing all viewing to occur only through a Viostream Site.
When Disable embeds is enabled, all embed tabs are hidden from the console.
Active Directory Restriction Profiles
A new Active Directory Restriction Profile type to further restrict viewing of a particular asset to specified Active Directory group/s.
How it works
Asset security setting
By enabling Asset Security for an account:
- All assets uploaded after the account setting is applied will be secured to 'members only'. This means that only members can view the media asset.
- Any assets that already exist for the account will have to be secured individually with the new media setting which can be found in the MEDIA and LIVE details tab.
- Admin users will have the ability to override the account setting by going into the individual asset to 'enable' or 'disable' the security setting.
- Admin users will have to go into each media asset > go to the details tab > check the security setting: Restrict media to members only to secure assets already in the account.
- Admin users will go into each media asset > go to the details tab > uncheck the security setting: Restrict media to members only, to remove security for an asset.
- You can check if an asset is secured by going to the Media tab where you will see a new column called 'Secured'. All locked assets will have a padlock icon displayed. You can also sort by the new secured column to quickly see all assets that are secured in the account. Note: The 'Secured' column is only available when the Asset Security module is active.
Important points to note
If Asset Security is enabled on an asset then:
- The YouTube syndication option is removed to prevent a copy of the video being syndicated to YouTube
- All other social connectors remain available, as they only require a unique site URL for that asset
What does it work with?
- Sites with registered members
- Sites with SSO enabled
Setting it up
- Viocorp support: Enable the Asset security module on the account
- Viocorp support: In the distribution tab at the account level > enable the new setting 'Restrict media to members only' setting. This setting is a system default setting which means that only newly uploaded assets will be secured.
- Viocorp support: To disable all embeds on the account, go to the distribution tab at the account level > select the setting 'Disable embeds' > save. This setting will disable embeds across the whole account.