VBrick Systems V3.1 User manual

VBrick Systems V3.1 User manual
VBrick
EtherneTV Portal Server
ETV v3.1 Portal Server
Administrator Guide
VBrick Systems, Inc.
12 Beaumont Road
Wallingford, Connecticut 06492
November 10, 2005
4410-0118-0002
Copyright
© 2005 VBrick Systems, Inc. All rights reserved.
12 Beaumont Road
Wallingford, Connecticut 06492 USA
www.VBrick.com
This publication contains confidential, proprietary, and trade secret information. No part of this document may be
copied, photocopied, reproduced, translated, or reduced to any machine-readable or electronic format without
prior written permission from VBrick. Information in this document is subject to change without notice and
VBrick Systems assumes no responsibility or liability for any errors or inaccuracies.VBrick, VBrick Systems, the
VBrick logo, StreamPlayer, and StreamPlayer Plus are trademarks or registered trademarks in the United States and
other countries. Windows Media is a trademarked name of Microsoft Corporation in the United States and other
countries. All other products or services mentioned in this document are identified by the trademarks, service
marks, or product names as designated by the companies who market those products. Inquiries should be made
directly to those companies. This document may also have links to third-party web pages that are beyond the
control of VBrick. Use these links at your own risk. The use of such links does not imply that VBrick endorses or
recommends the content of any third-party web pages. Some VBrick products use open source software provided
by third parties. VBrick supports the Open Source Initiative (OSI) and this source code is freely available at http:/
/www.vbrick.com/opensource.
About VBrick Systems
Founded in 1997, VBrick Systems, an ISO 9001 certified vendor, is a privately held company that has enjoyed rapid
growth by helping our customers successfully introduce mission critical video applications across their enterprise
networks. Since our founding, VBrick has been setting the standard for quality, performance and innovation in the
delivery of live and stored video over IP networks—LANs, WANs and the Internet. With over 20,000 video
appliances installed across over 1,000 IP networks world-wide, VBrick is the recognized leader in reliable, highperformance, easy-to-use networked video solutions.
VBrick is an active participant in the development of industry standards and continues to play an influential role in
the Internet Streaming Media Alliance (ISMA), the MPEG Industry Forum, and Internet2. In 1998 VBrick
invented and shipped the world's first MPEG Video Network Appliance designed to provide affordable DVDquality video across the network. Since then, VBrick's video solutions have grown to include Video on Demand,
Management, Security and Access Control, Scheduling, and Rich Media Integration. VBrick solutions are
successfully supporting a broad variety of applications including distance learning and training, conferencing and
remote office communications, security, process monitoring, traffic monitoring, business and news feeds to the
desktop, webcasting, corporate communications, collaboration, command and control, and telemedicine. VBrick
serves customers in education, government, healthcare, and financial services markets among others.
Contents
Preface
Organization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . vii
Font Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . vii
Related Documents. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . viii
Printer-Friendly . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . viii
1. Introduction
Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Downloaded Components. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
MySQL . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
ETV Portal Server. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Server Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Desktop Requirements. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
End User Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Administrative Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Additional ETV Components . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
EtherneTV Video-on-Demand Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
EtherneTV-STB Set-Top Box . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
VBrick Encoders/Decoders . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Additional Portal Server Components . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
ETV Network Video Recorder . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
ETV Live Portal Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Portal Server License Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
1
1
2
2
3
3
4
5
5
5
5
6
6
6
6
7
2. Administration
Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
Administrator Login. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
Administrator Options. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
Global Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
Global Assignments . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
Custom Fields. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
Customize Streams. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
Servers. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
VBricks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
Set Top Boxes. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
Recorders . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
Script Devices. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
Scripts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
URLs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
Emergency Broadcast . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
Modify VOD Content. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
Access Control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
ETV Portal Server Administrator Guide
iii
Using Single Sign-On . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Using LDAP Servers with SSL . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Diagnostics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Help . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Logout . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
39
40
42
43
44
44
3. Access Control
Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Definitions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
STB Authentication. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Authentication by PIN. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Authentication by IP Address . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
1. Setup and Configure the EtherneTV System . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
2. Choose an Authentication Method . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
3. Create User Groups on the Portal Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
4. Create Resource Groups on the Portal Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
5. Create Users on the ETV Portal Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
6. Assign Resources to Users or User Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Add/Modify User Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Add/Modify User's Group Assignments . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Add/Modify User's Resource Group Assignments . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Add/Modify Live Channel Privileges . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Allow Access to Specific VOD Servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Allow Access to Specific VOD Content . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Allow Viewing by Content Type . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Allow Content Publishing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Allow Content Recording . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Default Content Recording . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Allow VBrick Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
STB Access. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Schedule Privileges . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Emergency Broadcast Privileges . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
User Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Add/Modify Group Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Add/Modify Group's User Assignments . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Add/Modify Group's Resource Assignments . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Resource Groups. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Add/Modify Resource Group Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Add/Modify User's Resource Assignments . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Add/Modify Group's Resource Assignments . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
45
45
47
47
48
48
49
50
50
51
51
51
53
54
54
54
54
55
55
55
55
56
56
56
56
56
56
57
57
57
58
59
59
59
4. Configuring for SSL
Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61
Generate a Certificate Request . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61
iv
Contents
Submit a Certificate Request . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62
Install the Certificate . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62
Configure Resources for SSL. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63
5. Auto Content Ingestion
Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65
Removing Closed Captions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66
Index
ETV Portal Server Administrator Guide
v
vi
Contents
Preface
This EtherneTV Portal Server Administrator Guide is written for anyone who will be using
or evaluating the VBrick EtherneTV Portal Server. This includes system administrators,
software developers, network technicians, and others. The ETV Portal Server is a web-based
portal for accessing and managing video assets including both live or stored audio and video
files. The ETV Portal Server is a key component in VBrick's EtherneTV Media Distribution
System. The ETV Portal Server provides a simple, intuitive interface that auto-discovers
available media assets in your network. Key components in VBrick's EtherneTV solution
include:
•
•
•
EtherneTV-NXG Video-on-Demand Server – Provides all standard Video-onDemand (VoD) features including support for MPEG-1, MPEG-2, and MPEG-4 for
maximum flexibility.
EtherneTV-STB Set-Top Box – Leading edge digital set-top box that provides a lowcost standalone decoder for DVD-quality MPEG-1, MPEG-2, and MPEG-4 videos.
VBrick Hardware Encoders/Decoders – Rugged, reliable video appliances that can
reside anywhere on your network to provide either distributed or high-density centralized
encoding/decoding of MPEG-1, MPEG-2, and MPEG-4 video.
Organization
Introduction – provides an overview of the application including server and desktop
requirements and an overview of features and functionality.
Administration – provides detailed explanations of all ETV Portal Server global settings and
configuration options, as well as diagnostics and status windows.
Access Control – explains how to configure the system for access control. It explains how to
create users and groups with specific permissions and access to resources.
Configuring for SSL – explains how to securely configure the system using the Secure Sockets
Layer.
Auto Content Ingestion – explains auto content ingestion. This is the process whereby video
content is automatically populated on the portal server.
Font Conventions
Arial bold is used to
Programs > VBrick
describe dialog boxes and menu choices, for example: Start > All
Courier fixed-width font is used for code elements (C++, HTML) as well as
filenames, directories, etc.
Bold Courier fixed-width font is used to indicate user input in keyboard
commands, scripts, etc.
Web addresses are displayed as hyperlinks in the format: http://www.VBrick.com
Italics are used to emphasize specific words or phrases.
ETV Portal Server Administrator Guide
vii
Related Documents
The following documents describe key components in the EtherneTV Media Distribution
System.
EtherneTV Portal Server User Guide
EtherneTV Portal Server Release Notes
EtherneTV-STB Admin Guide
EtherneTV-STB Quick Start Guide
EtherneTV-NXG 1&2 VoD Quick Start Guide
Printer-Friendly
Click on the following link to print a hard copy of the document. For best viewing, open and
resize the document using the magnification box at the bottom of the Acrobat Reader
window.
ETV Portal Server Administrator Guide
T
To save or print a PDF document:
1. Click once to open the PDF document in Acrobat Reader.
2. On the Acrobat Reader toolbar, click Save or Print .
viii
Preface
Chapter 1
Introduction
Overview
VBrick's EtherneTV Media Distribution System consists of a group of products that includes
the EtherneTV Portal (ETV Portal Server), EtherneTV Encoders, the EtherneTV-NXG
Video-on-Demand Server, EtherneTV Set-Top Boxes and StreamPlayer software. This
integrated system delivers both live and on-demand audio and video over an IP-based
infrastructure. The ETV Portal Server functions as a video portal, permitting end users to
view live and on-demand MPEG-1, MPEG-2 and MPEG-4 and other streams on a PC,
Macintosh, or Set-Top Box. The ETV Portal Server comes as software-only solution that can
be installed on a Windows Server or as a pre-configured hardware/software combination.
Downloaded Components
For Windows-based PC users only, ETV Portal Server uses VBrick StreamPlayer softwarebased components to decode video streams on the user desktop. The Portal Server
downloads these components to each user machine the first time you access the Portal Server.
No download is necessary for subsequent access. If this is a new installation, you must answer
Yes to security requests to download these components. The EtherneTV Portal Server may
require the installation of up to five components. If you check the box Always trust content
from VBrick Systems Incorporated , any required components will be automatically
downloaded the next time they are needed. You don’t have to restart your computer.
The standard method to download these components is by using CABs. When a user
connects to the Portal Server for the first time, the CABs are downloaded automatically to the
user computer. In certain circumstances however, the use of CABs is not allowed or
impracticable. In these cases, VBrick provides an .msi installer called
VBrickComponents.msi. This installer installs the same components and allows end-users
who cannot use CABs to gain full Portal Server functionality. This installer is located in the
utils directory under Portal Server. Go to Program Files\VBrick\MCS\utils to run this
utility.
Topics in this chapter
Overview
MySQL
ETV Portal Server
Additional ETV Components
Additional Portal Server Components
Portal Server License Files
ETV Portal Server Administrator Guide
1
MySQL
EtherneTV Portal Server is shipped with MySQL™ as the database. The MySQL database is
installed as part of the Portal Server installation package. If the hardware/software
combination was purchased from VBrick, MySQL will already be installed on your machine;
the default user name is root. To protect the integrity of the database, you should change the
default password (vbrick_18) after initial installation and periodically thereafter.
Note
T
MySQL Query Browser is an Open Source front-end that provides a graphical
interface to the MySQL database. MySQL Query Browser is available free of charge
under the free software GNU General Public License. Go to http://
www.mysql.com for details.
To change the MySQL password:
1. Open a Command Prompt window.
2. At the C: prompt type cd program files\mysql\mysql server 4.1\bin and press
Enter.
3. Type mysql -uroot -pvbrick_18 and press Enter.
4. Type set password for 'root'@'localhost'=password ('new_password'); (where
'new_password' in single quotes is the new password) and press Enter.
5. Type exit.
ETV Portal Server
The VBrick EtherneTV (ETV) Portal Server is a web-based portal for accessing Live and OnDemand audio and video files. A key component of VBrick's EtherneTV Media Distribution
System, the ETV Portal Server provides a simple interface to easily locate available media
assets on your network. Upon accessing the main portal page, users can navigate or search for
specific videos, select the video, and immediately begin viewing up to DVD quality video. For
on-demand videos, users can Fast Forward/Rewind and Seek to specific points in the video.
Standard access control functionality provides restriction of certain content to particular
users, user groups, or set-top boxes. An optional scheduling module allows users to schedule
devices to send video, receive video, record video, or to initiate a two-way conference.
2
© 2005 VBrick Systems, Inc.
Introduction
Figure 1. EtherneTV Media Distribution System
Server Requirements
The minimum server requirements include:
• Windows 2000 Server or Windows 2003 Server (with Service Pack 1).
• Pentium IV or Xeon Processor 1.26 GHz Minimum (2 GHz or higher recommended).
• RAM 512 MB Minimum (1 GB or more recommended).
• Hard Drive 36 GB Minimum (larger for frequent recording).
Note
VBrick has tested the ETV Portal Server on Windows 2000 Web Server and
Windows 2003 Server Web Edition. Note also that ETV Portal Server also will not
operate correctly on a server that is configured as a primary domain controller or
with other network-related services and software.
Desktop Requirements
Windows-based PC and Macintosh users access the ETV Portal Server through a web
browser. For Windows-based PCs, on the first access to the server, VBrick StreamPlayer
software is automatically downloaded to the PC. StreamPlayer software lets end users select a
stream and view TV-quality video directly on a PC. Macintosh users view MPEG-4 video
through the QuickTime player.
ETV Portal Server Administrator Guide
3
Windows PCs
•
•
•
•
•
•
•
•
•
•
Windows 98, 2000, XP (SP2) or above. XP SP2 has been tested and is supported.
300 MHz Pentium II processor for MPEG-1 streams.
500 MHz Pentium III processor for MPEG-2 streams.
500 MHz (minimum), 750 MHz Pentium III processor (recommended) for MPEG-4
streams.
128 MB RAM.
SVGA video card 640x480, 256 colors, video card acceleration recommended.
Windows-compatible sound device.
Minimum 10 MB hard disk space for installation.
Microsoft Internet Explorer 6.0 or higher.
DirectX Media Version 8.1 and higher.
Macintosh PCs
• Mac OS X with Safari 1.0 (or higher) or FireFoX for Mac 1.0.4; QuickTime Player 6.0 or
higher. (Internet Explorer is no longer supported.)
End User Features
•
•
•
•
•
•
•
•
•
•
•
•
4
Simple, intuitive user interface and unified portal for live and on-demand streams.
Windows-based PCs, Macintoshes, or STBs (connected to televisions or display
monitors) can all access the Portal Server. Mac support is for MPEG-4 only.
Users can view video at Full Screen for a television-like user experience.
Users can view Video-On-Demand assets with full VCR/DVD control, including Play,
Pause , Stop, Fast Forward , Rewind , and Seek .
Video can be viewed in a preview window or launched in an external, re-sizeable player
window (PC and Macintosh).
Set-Top Box users can use familiar Channel Up/Down keys and other hot keys on the IR
remote control to navigate through video listings.
Users can search through the list of Live or On-Demand videos by Title, Keyword ,
Description , or other custom fields defined by an ETV Portal Server administrator.
Users can record and store videos on the EtherneTV-NXG Video-on-Demand server via
ETV Portal Server.
Users can publish pre-recorded content and thumbnails directly to the EtherneTV-NXG
Video-on-Demand server.
Users can view closed caption text (Windows-based PCs and set-top boxes only).
Users can launch pre-configured emergency broadcasts. (Optional. Requires Scheduling
module.)
Users can schedule future recordings or broadcasts. (Optional. Requires Scheduling
module.)
© 2005 VBrick Systems, Inc.
Introduction
Administrative Features
•
•
•
•
•
•
•
•
•
•
•
•
Access Control - allows administrators to allow/deny access to specific functions of the
ETV Portal Server server. Access control functionality can use the local ETV Portal
Server database or authenticate to an LDAP directory server.
Clustering support – multiple EtherneTV-NXG Video-on-Demand servers can be
clustered to increase total throughput. The ETV Portal Server will automatically load
balance all servers defined in ETV Portal Server; no additional configuration is necessary.
See Servers on page 17 for more.
SSL/TLS security – the ETV Portal Server server can be set up to provide encrypted
access to the Administrative pages, the Login pages, or all pages. See Configuring for SSL
on page 61.
Customer defined URLs – can be entered into the system and displayed in the ETV
Portal Server interface. The URLs can point to video assets or other assets such as PDFs
or PowerPoint documents.
Autoingestion to the EtherneTV-NXG server – content placed in autoingestion folders
on the ETV Portal Server will be automatically transferred and ingested into the
EtherneTV-NXG server.
Customized global messages can display on the ETV Portal Server interface.
Channel numbers can be assigned to live streams.
Define a startup channel for STBs – the STB will automatically tune into this channel
when users select the Live TV option.
Emergency broadcasts – can define pre-configured emergency broadcast templates that
can be launched instantaneously. See Emergency Broadcast on page 32 for more.
Status window – shows the status of videos being added, recorded, or ingested.
Diagnostics window – displays a complete log of system events by source, time, and IP
address.
Custom fields and streams – the ability to add customized information and search
parameters to live and stored streams.
Additional ETV Components
EtherneTV Video-on-Demand Server
The EtherneTV Video on Demand (VoD) server provides the ETV Portal Server with a list
of available video content organized in folders. The VoD content is displayed on the ETV
Portal Server, along with the duration of the video and associated descriptions, key words, and
other custom information entered by an administrator. The user plays content from the VoD
server by selecting it by program name from the ETV Portal Server interface. The ETV
Portal Server currently supports NXG and VOD-W on demand servers. The configuration is
essentially the same (see Servers on page 17) and there is no difference in functionality for
end users.
EtherneTV-STB Set-Top Box
EtherneTV-STBs access the ETV Portal Server through a web browser within the Set-Top
Box. Using the Set-Top Box remote control, users can navigate and search for specific onETV Portal Server Administrator Guide
5
demand content or live video streams, select a stream, and begin viewing television-quality
video. Set-Top Box users can also record video directly on the ETV Portal Server using the
remote control or the wireless keyboard.
VBrick Encoders/Decoders
VBrick's VB4000-5000-6000 Series MPEG-2 network video appliances provide DVD quality
video and CD quality audio at 1–15 Mbps of bandwidth. MPEG-2 is the world's most
popular digital compression technology and is used to encode DVDs as well as Digital Cable
and Digital Satellite broadcasts. VBrick's VB4000-5000-6000 Series MPEG-4 encoders and
decoders are versatile and reliable video appliances for one or two-way interactive
communications over low or medium bandwidth IP networks. The VBrick MPEG-4
encoder/decoder can be used for webcasting, multicasting, transcoding, and two-way
interactive video. Designed for streaming over the Internet at lower bit rates (56K, 128K,
384K0 and over a LAN at higher rates (1Mbps and above).
Additional Portal Server Components
The ETV Network Video Recorder and the ETV Live Portal Server are optional components
that are purchased and installed separately. They have different license files that must be
installed separately. See Portal Server License Files on page 7.
ETV Network Video Recorder
The ETV Network Video Recorder lets you off-load all recording tasks from the ETV Portal
Server machine to a separate "recorder server" machine. This optimizes recording
performance as well as ETV Portal Server performance. The Network Video Recorder uses
ETV Portal Server components and requires two machines: the ETV Portal Server is installed
on one machine; the Network Video Recorder software is installed on a different machine.
Once installed, the NVR machine is used for all ETV Portal Server recording tasks. The NVR
has no GUI and runs continually as a background service. You simply install the NVR
software and change the Recorder Server configuration to match the new server. See the
ETV Network Video Recorder Release Notes for more details and installation instructions.
Note
A standard ETV Portal Server permits two concurrent recording operations. If you
purchase and install a Network Video Recorder, the number of concurrent
recording operations is fixed by the terms of your licensing agreement with VBrick.
ETV Live Portal Server
The ETV Live Portal Server provides ETV functionality that is limited to scheduling and
viewing live streams. It does not integrate with a VoD server and there is no functionality for
browsing the video library.
6
© 2005 VBrick Systems, Inc.
Introduction
Figure 1. Live Portal Server User Interface
Portal Server License Files
You are prompted to install a license (.lic) file as part of the ETV Portal Server installation
process. Different Portal Server functionality is available depending on the type of license you
purchase and install. (For example if you do not install a Scheduler license, you will not see a
"Scheduled Programs" option in the Portal Server client application.) After initial installation
you can install a different license as necessary by using Add or Remove Programs.
T
To install or modify a Portal Server license file:
1. Go to Start > Control Panel > Add or Remove Programs > VBrick Media Control
Server Suite.
2. Click Change/Remove and select the appropriate license file type (see below).
3. Click Next , then browse to the file and click Open .
4. When done, manually close the window and launch the application. There is no need to
restart the host machine.
ETV Portal Server Administrator Guide
7
License File
Description
License Errors
Live Portal Server
or Portal Server
Either a standard ETV Portal Server license file
or a Live Portal Server (see ETV Live Portal
Server on page 6.) license file.
If not installed, error page
displayed at login.
Player
The embedded Windows Media Player has
restrictions on the number of licensed users. Use
this option to select a license file that modifies the
number of allowed users for various MPEG-1,
MPEG-2, and MPEG-4 streams.
If not installed, a popup
message is displayed when
you try to launch a
stream.
Scheduler
Enables the broadcast or recording of future
If not installed, the Add
events. See the ETV Portal Server User Guide for option will not be shown
more information.
on Scheduler page.
Network Video
Recorder
A Network Video Recorder is a standalone
recorder option that can speed up recording
operations and/or enhance Portal Server
performance. (See ETV Network Video Recorder
on page 6.)
If not installed, there will
be a "record" failure for
more than two concurrent
record requests.
Modify Host Name Lets you auto-detect or manually change the
Not applicable.
or IP Address
Portal Server Host Name. This name must match
the machine name on which ETV Portal Server is
installed. If you change the host machine name,
use this option to change the Portal Server Host
Name.
Uninstall Media
Remove all ETV Portal Server components. You
Control Server Suite are prompted to save the database as desired.
8
Not applicable.
© 2005 VBrick Systems, Inc.
Chapter 2
Administration
Overview
The ETV Portal Server can be administered from Windows-based PCs using Internet
Explorer 6.0 or higher. The Administrative pages are best viewed at 1024x768 resolution.
Administration is not supported from Macintoshes or Set-Top Boxes.
Topics in this chapter
Overview
Global Settings
Modify VOD Content
Access Control
Diagnostics
Status
Help
Logout
Administrator Login
In order to access the administrative functions enter the following address in the Internet
Explorer browser of the PC where myserveraddress is the host name or IP address of the
ETV Portal Server . The session will timeout after 20 minutes of inactivity. admin is both the
default user name and password.
http://myserveraddress/admin/
Note
As a standard best practice, VBrick recommends changing the default administrator
User Name and Password.
Administrator Options
Login to the ETV Portal Server Admin pages with a valid user name and password to display
the following window. This window provides access to all admin configuration options.
ETV Portal Server Administrator Guide
9
Table 1. Administrator Options
Option
Description
Getting Started
The ETV Portal Server splash page shown above.
Global Settings
Provides system-wide configuration parameters to connect to VBrick
encoders and VoD servers as well as to customize the look of the
ETV Portal Server pages.
Modify VOD
Content
Provides the ability to Move, Rename, or Delete assets on the
EtherneTV-NXG Video-on-Demand server. (Not supported on some
legacy NXG servers.)
Diagnostics
Displays system log messages by source, time, and (generally) IP
address.
Status
Shows the status of events in progress including recordings, Add
Video commands, ingestion to the NXG server, and FTP downloads.
Access Control
Provides the ability to limit access to the ETV Portal Server system to
different users or groups of users.
Users†
Used in conjunction with Access Control to limit access to the ETV
Portal Server system to different users.
User Groups†
Used in conjunction with Access Control to limit access to the ETV
Portal Server system to different groups of users.
Resource Groups† Used in conjunction with Access Control to group resources which
can then be provided to users or user groups.
Help
10
Displays the ETV Portal Server online help system in a new window.
© 2005 VBrick Systems, Inc.
Administration
Option
Description
Logout
Logs out the user who is currently logged in.
† Users, User Groups, and Resource Groups are only displayed if Access Control is enabled.
See Access Control on page 45 for a description of these functions.
Global Settings
Global Settings include configuration settings and parameters that apply to the entire system.
Global Settings include:
Global Assignments
Custom Fields
Customize Streams
Servers
VBricks
Set Top Boxes
Recorders
Script Devices
Scripts
Emergency Broadcast
Global Assignments
Global Assignment are listed below. Most are self-explanatory and consist of text boxes
where you enter appropriate values.
ETV Portal Server Administrator Guide
11
Table 2. Global Assignments
Function
Description
Assign a Global Message
The global message will be displayed in the message area of
the Portal Server user interface, when there is no program
information available. Enter the message text and click
Submit. Example: There will be an all hands meeting today at
4:00 p.m. in the boardroom. Note that if you are running the
Portal Server on a Set Top Box, the message area will not
display more than 4 lines of text.
Define Set Top Box Startup When an STB (in ETV Portal Server Start mode) accesses the
Channel
"Watch live broadcasts" page, it can be set to automatically
play a defined channel in the Preview Window. Highlight that
channel from the list and click Submit. If there are no
channels listed, channels must first be defined as Customized
Live Streams.
Change Admin User Name Change the default admin user name of admin.
12
Change Admin Password
Change the default admin password of admin.
Define FTP User Name
ETV Portal Server is defaulted for "anonymous" FTP access,
which is configured in Windows IIS Default FTP Site. If a
more secure FTP access is desired, the User Name can be
changed in IIS (please reference the Windows Server
documentation for instructions on how to change the FTP
User Name). The same User Name should be entered here.
© 2005 VBrick Systems, Inc.
Administration
Function
Description
Define FTP User Password ETV Portal Server is defaulted for “anonymous” FTP access,
which is configured in Windows IIS Default FTP Site. If a
more secure FTP access is desired, the Password can be
changed in IIS (please reference the Windows Server
documentation for instructions on how to change the FTP
User Name). The same Password should be entered here.
Define a Record Duration
Applies to the on-demand Record pushbutton only (not to
scheduled recording). Defines the maximum duration (default
120 minutes) allowed for a continuous recording. Maximum
record duration limited only by size of hard drive.
Change Portal Server Title
Changes the text that is displayed on the upper left hand
corner of the Portal Server User Interface.
Change Announcement
Addresses
Changing these from the defaults is highly discouraged and should
only be done if advised by a VBrick technician or Network
Administrator. Changes the multicast address on which
Announcements (SAPs) are received. By default all VBrick
devices are set to the same addresses and ports as the defaults
in ETV Portal Server. These have to match on all devices for
proper functionality.
Change Announcement
Filter
Filters SAP announcements so that only the specified IP
addresses are shown in ETV Portal Server. Wildcards are
allowed. For example 255.*.*.* displays only those addresses
in the range 255.0.0.0 – 255.255.255.255.
Assign Multicast Address
Range
Defines the current multicast IP address range and port
range. The default multicast IP range is 225.1.1.0 –
239.128.255.255. The default port range is 1040 – 65534.
Assign VOD Polling
Interval
Not generally changed. Defines the interval at which the
Portal Server polls the NXG server(s) for new content
(default 120 minutes). This is only used to poll for content
added to the NXG from an interface other than ETV Portal
Server. When adding a server, use Sync Now to sync the
program listings on the client Browse Video Library page
with the content on the new server.
Assign VoD Content
Ingestion Maximum
Defines the maximum number of simultaneous video files
that can be ingested to the NXG Video-on-Demand server.
The default is set to 2. Increasing the default may increase the
speed at which files will be transferred to the NXG server,
but may result in playback issues from the NXG Video-onDemand server. VBrick recommends keeping the defaults.
ETV Portal Server Administrator Guide
13
Function
Description
Assign Presentations
The Presenter is a VBrick multimedia presentation
application that can be launched from the Portal Server. This
field defines the directory where presentations are stored. If
this folder is present and contains a valid index.asp file, View
Presentations will be shown as a option on the Portal
Server Home page and will launch the Presenter in a
separate window.
Custom Fields
Custom fields are used to add additional fields to the Info
pages associated with stored
videos and live broadcast streams. All stored videos, and those live streams that have been
"customized," have an Info icon. By default, the Info page has fields for Description and
Keywords. The Custom Fields funtionality lets you add additional "custom" fields that are
appropriate to your business or application. This lets you provide more information on the
page and it also makes it easier to search for specific streams. (All defined fields are listed in
the dropdown list box next to the Search button.) When you add a custom field using this
function, the field is available to administrators as a selection in the Customize Streams
window. It is also available to end users as the Modify Info button on the Info pages
associated with stored videos (if they have content publishing permissions).
T
To create a Custom Field:
1. Go to Global Settings > Custom Fields.
2. Enter a Field Name and a Field Type. If you select Dropdown , you can add items one at a
time followed by Add Item . These items will populate a dropdown list box on the
Customize Streams page.
14
© 2005 VBrick Systems, Inc.
Administration
3. When done, click Add Custom Field . The field will be added to the panel at the top of
the window; it will also be available as an option when you are customizing a stream.
Custom Field
This panel shows the existing custom fields that have previously
Name (Field Type) been defined.
Field Name
Field Type
The field name you want to display on the Info page for this
stream or video.
This determines how the field will be displayed on the Customize
page, either as a text field or as a dropdown list box.
Streams
Customize Streams
Customizing streams refers to changing the way live streams are displayed in the ETV Portal
Server. (VoD streams are customzed by end users rather than by administrators.) Customizing
a live stream allows you to change the displayed Program Name, assign a Channel number,
and enter a Description that displays in the Messages area of the window. You can also enter
Keywords for searching, and values for any custom fields that have been defined (see Custom
Fields above).
The ETV Portal Server auto-discovers live streams on the network by listening for
announcements, also known as SAPs (Session Announcement Protocols). On a network with
many live streams, the administrator can keep the stream list organized by assigning channel
numbers. This also provides an environment for end users that is similar to television.
T
To customize a stream:
1. Go to Global Settings > Customize Streams :
ETV Portal Server Administrator Guide
15
2. Choose an Available Live Stream (one that has not been customized), enter an optional
Channel number, and click Add Customization . This moves the customized stream to
the panel on the right.
3. Optionally, add a Description of the channel that will be displayed in the Messages area
on the broadcast list page and on the Info page.
4. You can also add Keywords and Links (see below) that are displayed on the Info pages
associated with a stream. They make it easier to search for specific content.
Program Name
Required. Name that will display in the directory of Live
Broadcasts.
Channel
Optional. Unique number that will display in the directory.
Description
Optional. Description that will display on the Info page.
Keywords
Optional. Enter each searchable keyword(s) separated by commas
or spaces.
Links
Optional. Add hyperlinks that will display on the Info page.
Add Link
This feature lets you add a hyperlink to the page you get by clicking the Info icon
associated with each live stream.
T
To add a link to a customized stream:
1. Highlight a stream in the Customized Live Streams panel.
2. Click Add New Link and enter a Link Title and Link Type.
3. Click Add Link when done. Repeat as many times as necessary.
Link Title
16
The title actually displayed on the Info page, for example
"Additional Information."
© 2005 VBrick Systems, Inc.
Administration
Link Type
• Web page URL – Enter a valid URL or copy and paste one
from your web browser.
• Uploaded File – Browse to select an upload file. This can be a
PowerPoint, an image, or any file you want to make available to
end users. The file is automatically uploaded to the Portal
Server, and the Portal Server creates a URL for end users to
access it.
Servers
Use the Servers page to add/modify VoD servers or to add/modify VoD content folders.
Note that you can cluster multiple servers to increase throughput. The ETV Portal Server will
automatically load balance all servers defined on the Servers page; no additional
configuration is necessary. If there are multiple servers configured, ingested content is written to
all the servers for which a user has access.
Add/Modify Video On-Demand Servers
Add one or more EtherneTV-NXG Video-On-Demand Server(s) to the system. If the
network supports Windows 98 users, you must use the IP address of the On-Demand
Server—not the host name.
IP or Domain
This is the IP address or Host Name of the On-Demand Server. The
Server Name or IP address entered into the ETV Portal Server must
be accessible by the ETV Portal Server. (If the network supports
Windows 98 users, you must use the IP address.)
Server Description This allows the administrator to define a descriptor such as location.
ETV Portal Server Administrator Guide
17
FTP User Name
This is the FTP user name that the Portal Server Server uses when
publishing content to the server. This FTP User is vbrickuser by
default. If nothing is entered, the Portal Server will automatically use
vbrickuser. This refers to a user account that already exists on the
server. If the FTP User Name is changed on the NXG server, it must
be changed here as well.
Server Type
• NXG – Kasenna VoD server.
• VOD-W – InfoValue VoD server.
• FTP – Use FTP only if you want to copy from the Recorder server
to another FTP server in which case it records to ftp:\root.
FTP Password
This is the FTP password that corresponds with the FTP user above.
The password is vbrickuser by default. If the FTP Password is
changed on the server, it must be changed here as well.
Publishing Local
Path
Maps the Publishing Directory to the physical location on the VoD
server.
Publishing
Directory
Used for Add Video, FTP, or Record. The logical path to a folder
under FTP root. This is the staging area on the VoD server from which
files are ingested to the destination folder.
Note
It may take up to 20 minutes for a new server to be displayed in ETV Portal Server.
Once added, any new content on any server is displayed immediately.
Add/Modify On-Demand Content Folders
The Add/Modify On-Demand Content folders can be used to autoingest content into a
particular NXG Video-on-Demand server. The Portal Server periodically polls certain folders
for presence of content and if found ingests the content onto multiple NXG servers. Any
files are FTP'd into a particular folder in the Autoingest folder will automatically be ingested
into the corresponding folder on the NXG server(s). You have to add these folders using the
window shown below. (See Auto Content Ingestion on page 65 for more about autoingestion.)
18
© 2005 VBrick Systems, Inc.
Administration
This function is useful for VBrick VBSTAR appliances to easily transfer content from their
hard drives to the NXG server. (This feature can also be used for users who acquire content
outside of the ETV Portal Server, for example StreamPlayer Plus.) When a folder is created,
you must check a box in Add/Modify Folders on Selected Servers to associate the folder
with a server for autoingestion. ETV Portal Server checks these folders every 5 minutes and
ingests new content if present. This feature only applies to Autoingest; it does not apply to
Record or Add Video.
As the folder structure is created in this section, autoingest folders will be created in the FTP
root path. For example, if the FTP root path is c:\inetpub\ftproot, then folders that are
created in the Add/Modify On-Demand content folders, will also be created in the
c:\inetpub\ftproot\mcs\autoingest folder.
Autoingested content can go into any folder that has been associated with a server or servers
using the Add/Modify Folders on Selected Servers check boxes shown above. If using a
VBStar, be sure to associate a folder with a server for autoingest. This enables the folder that
the VBStar will FTP files into. This function is not associated with a user or group
permission, and is controlled only by the Administrator. See Auto Content Ingestion on
page 65 for a more detailed description of the Auto-ingestion functionality.
Note
Existing folder structures on an NXG server will be mirorred in the Portal Server.
However you will still need to associate those folders with other server(s) if the file
is to be auto-ingested onto multiple servers.
VBricks
All VBricks must be configured in ETV Portal Server before they can be managed and used
for scheduled events. (Brick configuration is only required if you be using the Scheduled
Programs feature.) Once configured, all VBricks in the system are shown on the following
ETV Portal Server Administrator Guide
19
window. In the ETV Portal Server, SAP (Session Announcement Protocol) announcments
are sent to the Portal Server by network-connected VBrick devices (encoders and/or
decoders). The Select VBrick panel in the next screen shows VBrick appliances (encoders
and decoders) that have announced their presence on the network but have not been
configured for use in ETV Portal Server. (Note that if you delete a VBrick from the Currently
Configured VBrick List , it will not be shown as available until you logout and log back in to
the Admin pages.)
T
To add a VBrick configuration:
1. Go to Global Settings > VBricks.
2. Select Add VBricks and click Submit .
20
© 2005 VBrick Systems, Inc.
Administration
3. In Select VBrick , select one or more existing VBricks for which a SAP has been received.
If you select one VBrick, this populates the VBrick Configuration panel. (If you select
multiple VBricks, it does not populate the panel; if you need to configure the VBricks,
you must add them one at a time.)
4. Complete or modify the fields in VBrick Configuration as necessary and click Submit .
This adds the new configuration to the list of configured VBricks shown on the previous
page.
Note
The only time you will manually complete the VBrick Configuration fields is when
you are defining the configuration for a VBrick that will be added to the network at
a later time. In this case, you will need to know the configuration data in advance.
Host Name
Required. Host name of VBrick.
IP Address
Required. IP address of VBrick.
User Name
Defaults to system-defined value if blank.
User Password
Defaults to system-defined value if blank.
Confirm Password Defaults to system-defined value if blank. Must match User Password
if entered above.
Software Revision
Optional. To get the Software Revision in Integrated Web Server
(IWS), go to Status > System Information > Release Revision.
HTTP Port
Optional. To get the HTTP Port in Integrated Web Server (IWS), go
to Configuration > System > Securit y > IWS Server Port.
VBrick Model
Select from dropdown. Advanced settings are enabled if you select an
encoder or a VBStar.
ETV Portal Server Administrator Guide
21
Advanced Settings
Advanced settings are enabled if you select a VBrick encoder or a VBStar. Note that the Portal
Server will attempt to retrieve and autofill the Multicast IP addresses and Port numbers. You can
modify these fields as necessary.
Note
The following values are stored in the Portal Server database only. Depending on
how a scheduled event is configured, they may be saved and written back to the
VBrick device after the scheduled event runs.
Multicast IP
Destination multicast IP address.
Video Port
Destination video port.
Audio Port
MPEG-4 devices only. Destination audio port.
CC Port
MPEG-4 devices only. Closed captioning port.
Set Top Boxes
All STB (Set Top Boxes) must be configured in ETV Portal Server before they can be
managed and used for scheduled events. Once configured, all STBs in the system are shown
on the following window. The Select STB panel in the next screen shows STBs that have
announced their presence on the network but have not been configured for use in the Portal
Server.
T
To add an STB configuration:
1. Go to Global Settings > STBs.
22
© 2005 VBrick Systems, Inc.
Administration
2. Select Add STBs and click Submit .
3. In Select STB, select one or more existing STB for which a SAP has been received. This
populates the STB Configuration panel. (If you select multiple STBs, it does not populate
the panel; if you need to configure the STBs, you must add them one at a time.)
4. Complete or modify the fields in STB Configuration as necessary and click Submit . This
adds the new configuration to the list of configured STBs shown on the previous page.
ETV Portal Server Administrator Guide
23
Note
The only time you will manually complete the STB Configuration fields is when you
are defining the configuration for an STB that will be added to the network at a later
time. In this case, you will need to know the configuration data in advance.
Host Name
Required. Host name of STB.
IP Address
Required. IP address of STB.
User Name
Defaults to system-defined value if blank.
User Password
Defaults to system-defined value if blank.
Confirm Password Defaults to system-defined value if blank.
Software Revision
Optional.
STB Model
Select from the dropdown.
Start Mode
Select from the dropdown: ETV Portal Server, Local, or LocalFullscreen
Recorders
A Recorder server enables recording by Portal Server users. If a recorder server is not created
here, any attempt to record a live stream or a stored video will fail. Once enabled, users must
also be assigned the appropriate permissions (see Allow Content Recording on page 55).
Note
T
By installation default, all recordings are stored on the D: drive. If you install ETV
Portal Server on a system without a D: drive, you must subsequently go to Global
Settings > Recorders and change the record path as necessary. Also, the Max
Recording field shows the default number of concurrent recording sessions
allowed. If you exceed 2, you must purchase a record license.
To add a Recorder configuration:
1. Go to Global Settings > Recorders.
24
© 2005 VBrick Systems, Inc.
Administration
2. Select Add Recorders and click Submit .
3. Complete the fields in Recorder Configuration and click Submit . This adds the newly
configured recorder to the previous window.
Recorder Server
IP address or host name of recorder server. Defaults to localhost if
recorder server is on the same machine as ETV Portal Server.
ETV Portal Server Administrator Guide
25
Record Path
Path and folder where all recording are stored. By default, recordings
are stored on the D: drive. If you install ETV Portal Server on a
system without a D: drive, you must change the path. Also, in order to
record multiple streams, the Record Path must be under FTP root. For
example, if root is C:\Inetpub\ftproot the Record Path must be
C:\Inetpub\ftproot\<your_folder>
Max. Recording
The default number of concurrent recording sessions allowed is 2. If
you exceed 2, you must purchase a record license. Without a license,
any attempt to record more than 2 concurrent sessions will fail.
FTP User Name
FTP user name in operating system of Recorder server.
FTP Password
FTP password in operating system of Recorder server.
Confirm Password FTP password in operating system of Recorder server.
Script Devices
Script devices work with scripts. Script devices are VBricks, STBs, or non-MPEG-1, 2, or 4
devices (like cameras or VCRs) that are identified in the Portal Server database. Once defined
in the network, they can be subsequently controlled by a script (see Scripts on page 27) and
launched from ETV Portal Server. A script device must be physically connected to the
network (or to a VBrick or Set-Top Box) and must be available at the runtime of a scheduled
event. Script devices are controlled through a TCPIP port. For example, PTZ cameras
respond to pan, tilt, and zoom commands; these commands can be scripted and executed
from ETV Portal Server.
T
To add a Script Device configuration:
1. Go to Global Settings > Script Devices.
26
© 2005 VBrick Systems, Inc.
Administration
2. Select Add Script Devices and click Submit .
3. In Script Device Configuration , complete the following fields and click Submit . This
adds the newly configured script device to the list of devices shown in the previous
window. To modify a Script Device, first delete the device and then repeat these steps.
Device Name
Any user-defined name.
Address
Hard-coded device IP address. This can be the address of the
VBrick or Set-Top Box to which the script device is connected.
Port
TCPIP port number.
Scripts
Scripts work with script devices. Scripts are used to control the operation of MPEG-1, 2, or 4
devices or to control non-MPEG devices like cameras and VCRs. (MPEG devices are added
to ETV Portal Server as VBricks. non-MPEG devices are added as Script Devices.) For
MPEG devices, you select the device and build a script by selecting parameters from a
dropdown list—the parameters vary depending on the type of device you select. For nonMPEG (Other) devices, you write a script from scratch using the native language for that
device. This is for advanced users only. Note that if you are scheduling an event, any device
for which you write a script must be available to the network at runtime.
T
To add a Scripts configuration:
1. Go to Global Settings > Scripts.
ETV Portal Server Administrator Guide
27
2. Select Add Scripts and click Submit .
3. In Script Configuration , enter a Script Name and select a Device Type (MPEG1 , MPEG2/
MPEG4 , or Other ) from the dropdown list and wait a few seconds for ETV Portal Server
to populate the panel with an appropriate list of devices.
4. In Select Device , highlight one or more devices and use the arrow buttons to populate
the right panel with the selected devices.
5. Create the Script Content .
28
© 2005 VBrick Systems, Inc.
Administration
a.
For MPEG devices, select a Parameter Name from the dropdown, enter a Parameter
Value , and click Add . Repeat as many times as necessary and click Submit when
done. Note that the order in which you add parameters is critical. This is the order in
which they will be executed at runtime.
b. For non-MPEG (Other) devices, write the script in a native language compatible with
the device and click Submit when done.
URLs
Add/Modify a URL for a Live Video Stream
Administrators can manually enter URLs to live video streams that will not automatically be
displayed by the Portal Server. For example, the administrator may wish to have the
Announcements (SAPs) disabled on the VBrick encoders for security purposes. Or the
Administrator may want to enter the address of an off-network stream such as an MPEG-4
Stream from an Apple Darwin Server or a stream coming from a hosting provider.
Additionally, this feature leys you enter the addresses of non-MPEG streams such as
Windows Media and Real streams. Note that the Access Control feature Allow Viewing by
Content Type does not apply to manually added URLs.
Note
For any non-MPEG video, the correct player (such as Windows Media Player or
Real Player) must be present on the desktop for the client to be able to receive the
stream. Set Top Boxes will not be able to receive non-MPEG streams because the
Set Top Box only includes decoders for MPEG-1, MPEG-2, and MPEG-4.
The following examples show valid URL syntax for live video streams. The syntax must be
accurate and there is no internal validation of user input:
Valid for Types MPEG-1 and MPEG-2
vbricksys://ip=239.1.1.1&port=4444
Where 239.1.1.1 is the multicast IP address and 4444 is the multicast port.
Valid for Type MPEG-4
rtsp://172.1.1.1/vbrickvideo1
vbrtsp://172.1.1.1/vbrickvideo1
Where 172.1.1.1 is the source IP address and vbrickvideo1 is the program name.
vbhttp://172.1.1.1/vbs2d1.sdp
Where 172.1.1.1 is the source IP address and vbs2d1.sdp is the SDP file name.
Valid for Type Other
ASX Files
http://172.1.1.1/file.asx
http://myHost/file.asx
http://www.myCompany.com/files/file.asx
MP3 and WMA Files
http://172.1.1.1/file.mp3
http://myHost/file.mp3
ETV Portal Server Administrator Guide
29
http://172.1.1.1/file.wma
http://myHost/file.wma
WMV Files
http://www.myCompany.com/files/file.wmv
mms://www.myCompany.com/files/file.wmv
T
To add a URL for a live video stream:
1. Enter the URL or IP address in the URL field.
2. Enter the Type and Title and click Add to add the URL to the list of streams shown.
URL
Enter a valid URL or IP address.
Type
Choose MPEG-1, MPEG-2, MPEG-4 or Other (Other must be selected
for non-MPEG streams).
Title
Title is what will display to clients in the ETV Portal Server viewing pages.
VOD Content
Administrators can manually enter URLs to VoD content that will not automatically be
displayed by the Portal Server. These URLs can be to content that is located on a non-NXG
Video-on-Demand server, such as the QuickTime/Darwin server, a Windows Media server,
or a Real server. This is valuable if it is desired to enter an off-network stream such as an
MPEG-4 Stream from an Apple Darwin Server or if there is Windows Media or Real content
that needs to be displayed through the Portal Server interface. Examples of Syntax could be:
rtsp://ipaddress/programname
mms://ipaddress/videoname.wmv
30
© 2005 VBrick Systems, Inc.
Administration
Type
Choose MPEG-1 , MPEG-2 , MPEG-4 or other (user Other for nonMPEG streams).
Title
Title is what will display to clients in the ETV Portal Server viewing
pages
Folder
Folder is the folder on the VoD server in which the video will be
displayed.
Keywords
Enter keywords that can be searched.
Press Add to add the VoD content to the list. VoD content also can be Modified or Deleted.
Simply select the VoD content, make modifications (if required), and click Modify or Delete.
Non-Video to Content (PC Users Only)
In the VoD Content section, Administrators can also link to external documents such as PDF
files, PowerPoint files, web pages, or anything that can be displayed in a browser or other
external program. For content that needs to loaded in a specific program (for example,
PowerPoint slides), the application must be present on the desktop for that file to be viewed.
These URLs can point to a web servers or local drive. The Portal Server server can act as the
web server for this content, if the content is placed in the c:\program files\vbrick\mcs
directory on the ETV Portal Server (or in any subdirectory you create, e.g.
... mcs\test_files\test.doc). A local path or network shared path also can be entered.
Content accessed from a local drive (or network shared path) needs to be entered in the
format c:/path/file (it will fail if you use back slashes, for example c:\path\file). Also,
this drive needs to be accessible by those that have access to the link.
ETV Portal Server Administrator Guide
31
Emergency Broadcast
These pages are used to create emergency broadcast templates that Portal Server users can
subsequently use to launch an emergency broadcast. An emergency broadcast is a schedule
that can be executed by Portal Server users with appropriate permissions. This schedule
broadcasts a live or stored video to specified VBricks or STBs in case of an emergency. The
schedule is executed instantly, for a specified duration or indefinitely. When done (or manually
stopped) all preempted schedules automatically resume.
An emergency broadcast template pre-defines all parameters for the broadcast so that it can
be launched immediately; it pre-empts all other broadcasts. Very simply, you define the source
stream (live or stored) and the downstream targets (VBricks or STBs) and then save the
template for future use.
Note
T
Live and stored broadcasts, in this context, refer to content that is being streamed
over your IP multicast-enabled network. This does not mean there is IP
broadcasting to your entire network.
To add an Emergency Broadcast Template:
1. Go to Global Settings > Emergency Broadcast . This page shows a list of previously
defined templates (if any).
2. Select Add Template and click Submit to display the following window.
32
© 2005 VBrick Systems, Inc.
Administration
3. Enter a Template Name , select a Schedule Type, and click Next . (Duplicate template
names are allowed but not recommended.)
Each Schedule Type subsequently has a different wizard depending on the selections
you make but basically, you select the source stream (which can be a live or stored
broadcast), the downstream targets (VBricks or STBs) to which it will be broadcast, and
configure any Advanced Settings (see note below) for the VBricks or STBs. When done
the template you created is available to authorized Portal Server users as an Emergency
Broadcast template. See the ETV Portal Server v3.1 User Guide for more information.
Note
are available to configure VBricks and STBs with exceptional
configuration parameters. It is unlikely you will ever need to change these settings.
In all cases you can safely ignore the Advanced Settings and use the defaults
provided by ETV Portal Server.
Advanced Settings
Template name
Alphanumeric characters or spaces. No special characters.
Schedule Type
Live Broadcast
• VBrick – Select a live stream by VBrick Name. Then select the
destination VBricks or STBs.
• Program Name – Select a live stream by Program Name from all
available. Then select the destination STBs.
• Enter Manually – Select an MPEG source residing at a specified IP
address. Then select the destination STBs.
ETV Portal Server Administrator Guide
33
Stored Broadcast
• VoD Name – Select an NXG server and a source video. Then
select the destination VBricks or STBs.
• VBrick Name – Select a VBrick (or VBStar) and a source video.
Then select the destination VBricks or STBs.
4. Configure Advanced Settings for VBricks and STBs as necessary. As noted, it is unlikely
you will ever need to change these settings. In all cases you can safely ignore these settings
and use the defaults provided by ETV Portal Server.
These settings generally set configuration options for source devices and destination
devices (VBricks and STBs) so that they are configured properly (e.g. transmit/receive
enabled/disabled) at the beginning and end of an emergency broadcast. All required
devices must be present and enabled for a successful emergency broadcast. The settings
differ depending on the device (e.g. MPEG-2 or -MPEG-4) you select and will include
some or all of the fields shown in the table below.
34
© 2005 VBrick Systems, Inc.
Administration
Schedule Start
Options
Enter values that describe the device state at schedule start.
• Program Name – Program name selected above.
• Template – MPEG-4 only. Screen varies for MPEG-1, 2, or 4.
• Destination – Destination 1, Destination 2, RTSP Server.
• Destination Address – Enter value.
• Video Port – Enter value.
• Audio Port – Enter value.
• Closed Captioning Port – Enter value.
• Video – Enabled, Disabled, As Configured.
• Audio – Enabled, Disabled, As Configured.
• Closed Captioning – Enabled, Disabled, As Configured.
Schedule End
Options
Enter values that describe the device state at schedule end.
• Video – Enabled, Disabled, As Configured.
• Audio – Enabled, Disabled, As Configured.
• Closed Captioning – Enabled, Disabled, As Configured.
5. Click Next to page through each wizard.
6. Click Finish when done.
7. Verify the information and click Create Schedule when prompted (or use the Back
button to make changes). When finished, the template is added to the list of Emergency
Broadcast Templates available to ETV Portal Server users from the Portal Server
application. See the ETV Portal Server v3.1 User Guide for more information.
ETV Portal Server Administrator Guide
35
Modify VOD Content
(NXG Video on Demand Servers only.) Administrators and authorized users can modify and
delete content located on their video on-demand servers. Administrators can filter the
displayed assets by filtering on Keyword , Title , or All . Use the Purge button to remove the
artifacts of failed Delete operations. Also, a user with publishing permissions can delete
content by clicking the Info button and then Delete Video. To disable this user option, disable
the user's content publishing permissions (see Allow Content Publishing on page 55).
Note
T
You cannot rename or otherwise manage VOD files stored on some legacy NXG
servers. This feature is supported on NXG2 servers and on all servers currently
being shipped with ETV Portal Server 3.1.
To modify VoD Content:
1. Click on the content to be changed.
2. Enter a new filename and/or path for that file. Note that the file must be alphanumeric
characters and cannot contain embedded spaces.
3. To delete a file, select the file and click Delete.
Access Control
Under the Access Control section, administrators have the ability to enable Authentication
and Authorization which requires users to login and be authenticated. By default Enable
Authentication and Authorization is unchecked which allows everyone to access all content
and all functions (recording, publishing, etc.). When Access Control is enabled, Users, User
Groups, and Resource Groups are shown on the navigation bar. Access control determines
what functionality is available to each user. For example some users may have unlimited
36
© 2005 VBrick Systems, Inc.
Administration
access, while others can only view certain live channels and may not have permission to
record live channels or add videos to the VoD server.
Access control also lets you specify which folders are used when individual users record live
broadcasts, add videos, or autoingest content. If you do not enable Authentication and
Authorization , all of these actions default to the root folder (which can quickly get cluttered).
Note
As soon as you check Enable Authentication and Authorization , users will be
prompted for User Names and Passwords. VBrick recommends configuring the
system prior to user access or during off hours when the network is idle.
Administrators have the option of using the onboard VBrick database for authentication,
using an LDAP database, or using both. VBrick supports major LDAP vendors but only
Microsoft Active Directory, Novell eDirectory, and OpenLDAP are fully tested and supported. If
authenticating against Microsoft's Active Directory, check the LDAP Server is Microsoft
Active Directory check box and enter the path to the LDAP server in the LDAP Path box. If
authenticating against a directory other than Microsoft Active Directory, do not check LDAP
Server is Microsoft Active Directory. LDAP (Lightweight Directory Access Protocol) is a
standardized method to access directories from multiple vendors. A complete discussion of
LDAP is beyond the scope of this document.
Enable Authentication and
Authorization
Enable authentication and authorization which requires users
to login and be authenticated. If not checked, all users have
access to all functionality and content.
Use VBrick database
Use the VBrick (non LDAP) database provided with ETV
Portal Server.
ETV Portal Server Administrator Guide
37
Use LDAP database
Use an LDAP database. VBrick supports major LDAP
vendors but only Microsoft Active Directory and Novell
eDirectory are fully tested and supported.
LDAP Server is Microsoft
Active Directory
Check only if using Microsoft Active Directory.
Use Intengrated Windows
Authentication
Use "single sign-on." This means that once you login to your
local network, you can open ETV Portal Server without reentering your login credentials. See below Using Single SignOn.
LDAP Path†
Required by ETV Portal Server. Case sensitive. Must begin
with LDAP:// Points to a specific position in the LDAP tree
and also includes the machine IP address (or Domain name)
on which the server is running. For example use LDAP://
myLDAPServer with Microsoft Active Directory; use LDAP://
myLDAPServer:636 with Novell eDirectory. For more
information, see Installing the Root Certificate on page 40.
Attribute for Usernames†
Required by ETV Portal Server. Attribute to identify a user.
The following sample username attributes are widely used but
refer to a specific LDAP schema:
• Microsoft Active Directory: sAMAccountName
• Novell eDirectory: uid
Attribute for Groups†
Required by ETV Portal Server. Attribute to identify the
group to which a user belongs. The following sample group
attributes are widely used but refer to a particular LDAP
schema:
• Microsoft Active Directory: memberOf
• Novell eDirectory: groupMembership
User Base DN
Base distinguishing name (DN) of user nod and/or the Base
DN for the Master Username.
Username Prefix
Used in non-Active Directory environments where the user
name is prefixed with a specific string such as uid= or cn=.
The following sample prefixes are widely used but refer to a
specific LDAP schema:
• uid=
• cn=
Master Username
Required for single-sign-on. User name that has admin
permission to browse the LDAP tree. Used to browse the
LDAP tree to get user groups.
Master Password
Required for single-sign-on. Password for Master Username.
† ETV Portal Server required field. All others are optional.
38
© 2005 VBrick Systems, Inc.
Administration
Note
The Softerra LDAP Browser 2.6 provides an Explorer-like LDAP client you can use
to browse the LDAP tree. It is available for Windows only and can be downloaded
free of charge from Softerra at http://www.ldapbrowser.com
Using Single Sign-On
If the LDAP server is Microsoft Active Directory, you can select Integrated Windows
to enable "single sign-on." This means that once you login to your local
network with your assigned credentials, you can open ETV Portal Server without re-entering
your login credentials. ETV Portal Server uses your assigned credentials to authenticate and
authorize your defined permissions within the application. When configuring for Integrated
Windows Authentication, keep the following points in mind:
Authentication
•
•
•
•
Integrated Windows Authentication is only valid when using LDAP Authentication with
Microsoft Active Directory. ETV Portal Server enforces this as a business rule.
Integrated Windows Authentication only works seamlessly with Microsoft Internet
Explorer browsers (Windows and Macintosh). When accessing ETV Portal Server, you
will get a popup login window only if you have not previously logged in to the network.
When using Integrated Windows Authentication, all single-sign-on users must have an
Active Directory account and the Portal Server server must be part of the Windows
domain.
When using Integrated Windows Authentication, Microsoft Internet Explorer's default
behavior is that it will not prompt for an ID/password when the server is in the Local
Intranet Zone. (By default, Internet Explorer assumes a URL without a period (.). This
means http://yourserver/ is in the Local Intranet Zone while http://
yourserver.yourcompany.com (or http://199.88.7.11)) is in the Internet Zone.
T
To use single-sign-on (and avoid username/password prompts), you must do one of the
following:
•
Access the Portal Server server by the alphanumeric name (for example http://
yourserver/).
Access the Portal Server server by the IP address in which case you must also:
• Add the Portal Server server to the Local Intranet Zone (Internet Options >
Security > Sites ). This setting can be pushed company-wide by an administrator
using security policies.
• Change Internet Explorer's default settings to allow Automatic Logon for nonIntranet zones (Internet Options > Security Tab > Customize Level > User
Authentication ).
•
Note
If using an LDAP directory other than Microsoft's Active Directory, VBrick
strongly recommends using SSL to encrypt the communication between the Portal
Server server and the LDAP directory. Please consult your LDAP vendor
documentation for instructions on how to configure SSL.
ETV Portal Server Administrator Guide
39
Using LDAP Servers with SSL
Installing the Root Certificate
If the LDAP server requires SSL for authentication, you will need to install the certificate
locally on the ETV Portal Server.
T
To install the root certificate locally on the ETV Portal Server:
1. Open Internet Explorer.
2. In the address bar type https://LDAPSERVER:636 where LDAPSERVER is the address of
the LDAP Server associated with Certificate Authority (See Resolving Other Security
Alerts on page 42) and 636 is the SSL port used to authenticate with the LDAP Server.
3. The Security Alert window should appear allowing you to install the Root Certificate
from your Local CA.
Note
All three items in the Security Alert window below must be in compliance. The first
item can easily be installed using these instructions; for the middle item, the local
CA will need to create a new certificate if it is out of date; for the last item, the name
of the certificate will need to match the address entered in the address bar of your
browser.
4. Click View Certificate.
5. A Certificate window will open, click on the Certificate Path tab.
6. In the Certificate Path choose the root certificate by selecting the top-most certificate. If
there is only one certificate, go to Step 8.
40
© 2005 VBrick Systems, Inc.
Administration
7. Click the View Certificate.
8. Choose the General tab. and click Install Certificate.
9. Click Next .
10. Click Place all certificates in the folowing store.
11. Click Browse.
12.
13.
14.
15.
Check Show physical stores check box.
Click the plus sign (+) next to Trusted Root Certificate Authorities.
Select Local Computer and click OK .
Click Next and Finish when done.
ETV Portal Server Administrator Guide
41
16. Click OK and back out to the Security Alert window. Click No on Security Alert window.
17. Click Go on the address bar in your browser. If any warnings are present, go to the next
section.
Resolving Other Security Alerts
If you are receiving any other Security Alerts you will need to identify the problem as either
"out of date" or The name on the security certificate is invalid. If the certificate has an
invalid name, follow the steps below to determine the valid name. If the certificate has an
"out of date" error, a new certificate must be created.
T
To determine the valid certificate name:
1. Click View Certificate.
2. The General tab shows who the Certificate is issued to; the address shown is the address
that will need to be used in the browser address bar, as well as in the configuration of the
LDAP Server.
For example: if the information is edirldap.vb.loc then the address bar should read
and the LDAP Path should read LDAP://
edirldap.vb.loc:636 To find out if the address is accessible, ping the address given in a
command prompt. If the address is not accessible you must create or add a DNS entry to the
Host file on the local server or generate a new certificate with the correct information.
https://edirldap.vb.loc:636
Diagnostics
This window displays information about Scheduler events only. It displays system log
messages by source and time and (generally) IP address. Use Clear All to empty the log.
42
© 2005 VBrick Systems, Inc.
Administration
Status
This window shows the status of videos being added or recorded. Use Refresh and Purge as
necessary. Use the tree controls on the left to expand (or contract) individual entries. Click the
Cancel icon to the left of each to cancel a recording or ingestion in progress. This also
cancels the recording on the Live Broadcasts page.
ETV Portal Server Administrator Guide
43
Help
This command launches the ETV Portal Server online help system in a new window. This
online help system provide fast full-text search and makes it easy to find the information you
need. To navigate in the help window, use the tree controls on the left to expand a topic and
the navigation buttons at the top to move to a different page. Go to About this Help > Using
this Help for information about how to Print pages and use the full text Search feature.
Logout
This command logs you out of the application and lets you log back in as a different user.
This may be necessary to gain access to certain functionality. For example, some users may
not be allowed to create thumbnails and you may want to login as a user who has the
permissions to do this.
44
© 2005 VBrick Systems, Inc.
Chapter 3
Access Control
Overview
Adding the EtherneTV system to a network provides many benefits in the form of increasing
access to rich media. However, because of the sensitive nature of some video assets, many
customers want to limit access to different users or groups of users. VBrick's EtherneTV
Portal Server allows Administrators to setup the system in just this manner. The ETV Portal
Server makes it easy to provide different Users or User Groups access to different resources.
The ETV Portal Server Access Control system allows administrators to allow/deny access to
the portal server for Windows-based PCs, Macintoshes, and Set-Top Boxes:
•
•
•
•
•
•
•
•
Viewing of certain Live Channels
Viewing of stored content from specific VoD folders
Publishing content to specific VoD folders
Recording content to a specific VoD folder
Allow the viewing of content from only specific VoD servers on the network
The ability to place bandwidth restrictions for viewing content
The ability to limit certain users to only access Multicast or RTSP (unicast) content
The ability to group content resources (Live Channels and/or VoD content) into
Resource Groups, which allows the setup and modification of the Access Control
functionality to take place much more easily.
The ETV Portal Server is permissive by default, meaning, authentication is not enabled and
access to the entire functionality of the server is allowed. However, to follow good security
practices, once the Access Control functionality is enabled on the Portal Server, all resources
are by default not available to any users. Administrators need to provide access to resources to
different users or user groups.
Topics in this chapter
Overview
STB Authentication
Users
User Groups
Resource Groups
Definitions
The ability to provide different users different access to resources on a network is typically
referred to as access control, authentication and authorization, and/or access management.
VBrick refers to this functionality as Access Control. In order to fully understand the range of
ETV Portal Server Administrator Guide
45
functionality of the ETV Portal Server Access Control system, it is beneficial to define some
of terms that will be used throughout the remainder of this document.
Authentication
Authentication is the process of identifying an individual, usually based on a username and
password. In security systems, authentication is distinct from authorization (see below), which is
the process of providing individuals access to resources based on their identity.
Authentication merely ensures that the individual is who he or she claims to be, but says
nothing about the access rights of the individual.
The ETV Portal Server Access Control system allows administrators to authenticate users
against the ETV Portal Server database or authenticate users against an LDAP directory.
More details on the different authentication databases are given below.
Authorization
Authorization is the process of granting or denying access to a network resource. Most
computer security systems are based on a two-step process. The first stage is authentication,
which ensures that a user is who he or she claims to be. The second stage is authorization,
which allows the user access to various resources based on the user's identity. In the ETV
Portal Server, all authorization is done directly on the ETV Portal Server, through the ETV
Portal Server database.
LDAP
LDAP stands for Lightweight Directory Access Protocol which is a set of protocols for
accessing information directories. The LDAP standard defines both a network protocol for
accessing information from the directory and an extensible structure for defining how the
information is organized in the directory. The advantage of using an LDAP directory is
centralized management of users. For example, a new user needs only to be entered once into
the LDAP directory and all future modifications to that user can be done in the same central
location. Different applications can authenticate and/or authorize users against the LDAP
directory.
There are numerous LDAP directory products on the market today, but the most popular are
Microsoft Active Directory, Novell eDirectory, Sun iPlanet, and OpenLDAP. VBrick supports
major LDAP vendors but only Microsoft Active Directory and Novell eDirectory are fully tested
and supported.
VBrick Database
The ETV Portal Server server ships by default with the MySQL database, which is a fully
ODBC-compliant database. (Open Database Connectivity is a standard database access
method.) For those environments that have not migrated to an LDAP directory-based user
management system, all of the authentication functionality can be done directly in the ETV
Portal Server database itself. Also, for those environments that are using LDAP directories for
Authentication, all of the Authorization functionality also takes place in the ETV Portal
Server database. Additionally, to reduce the chance of system lockout, all Administrative
Users are located in the ETV Portal Server database.
Resources and Resource Groups
In the ETV Portal Server, providing a user with Resources refers to providing them access to
a particular functionality of the EtherneTV system. These include the ability to view Live
46
© 2005 VBrick Systems, Inc.
Access Control
Channels, to view VoD content, to publish content to the VoD, and to record content or
schedule a recording. A unique feature of the ETV Portal Server software is the ability to
group Resources into Resource Groups. This allows the administrator to quickly and easily
assign several resources at once to specific Users or User Groups.
STB Authentication
There are two ways (STP IP address or user PIN) to authenticate and authorize Set-Top
Boxes in the ETV Portal Server. STB access control is slightly different from PC and
Macintosh-based authentication (which uses the commonly employed User Name and
Password mechanism). The two methods are outlined in the table below.
Method
Description
User Interaction
Comment
User PIN
If Access Control is
enabled, but the STB is not
defined in the system, then
Access Control works based
on a User PIN. This PIN is
defined on a Per User (not
Per STB) basis, so that
Users need to be setup in
the system for this to work.
When the user logs
into the system, they
will be prompted for
their PIN. The user
simply enters the PIN
with the remote
control or the wireless
keyboard, and can then
access the video.
This implementation is appropriate
for environments where multiple
users with different privileges will be
accessing the same STB. An example
of this would be a shared classroom,
where multiple teachers are accessing
the STB at different times.
STP IP
Address or
Host Name
The ETV Portal Server
system determines the
content that the STB can
view based on its IP
Address or Host Name.
No user interaction is
required. The user
simply turns on the
STB, and only the
content that the STB
user can view displays.
This implementation is similar to a
cable TV setup, e.g. if the cable plan
does not include CNN, then that
channel cannot be viewed. This
implementation is easiest for end
users because you do not have to
remember user names or PINs. It is
appropriate for environments where
one or few people with the same
privileges access the same STB.
Authentication by PIN
When an end user accesses the ETV Portal Server via a STB, the Portal Server takes the
following steps to authorize users.
1. It determines if there is Authentication/Authorization information associated with the
Host Name of the STB. If so, based on the STB Host Name, the ETV Portal Server will
present the STB with the information appropriate to its privileges. Note that the ETV
Portal Server uses the least restrictive settings when providing access to the system.
2. If there is no Authentication/Authorization information associated with the Host Name
of the STB, the user will be prompted for a PIN. A PIN is a user-based mechanism to log
onto the STB. When the user enters his or her PIN, the ETV Portal Server authenticates
the user against the Portal Server database.
3. Once the user is authenticated, the ETV Portal Server will check the User Groups and/or
Resource Groups that the User is associated with and the privileges associated with those
groups.
ETV Portal Server Administrator Guide
47
4. After checking the Groups privileges, the ETV Portal Server will check for any individual
user privileges above the group privileges.
5. The user will be presented with the information appropriate to their privileges. Note that
the ETV Portal Server uses the least restrictive settings when providing access to the
system.
If Authentication and Authorization is enabled, but the STB is not defined in the system, then
Access Management works based on a User PIN. This PIN is defined on a Per User (not Per
STB) basis, so Users need to be setup in the system for this to work. When the user accesses
the ETV Portal Server through the STB, they will be prompted for their PIN. The user simply
enters the PIN with the remote control or the wireless keyboard, and can then access the
video for which they have privilege. This implementation is appropriate for environments
where multiple users with different privileges will be accessing the same STB. An example of
this would be a shared classroom, where multiple teachers are accessing the STB at different
times.
Authentication by IP Address
The ETV Portal Server determines the content that the STB can view based on its IP
Address or Host Name. No user interaction is required. The user simply turns on the STB,
and only the content that the STB user can view displays. This implementation is similar to a
Cable Television setup – for example, if the plan does not include HBO, then that channel
cannot be viewed. This implementation is easiest from the end user perspective because end
users do not have to remember user names or PINs. This implementation is appropriate for
environments where multiple people can access the same STB.
The following steps provide best practices for properly configuring the Access Control
section of the ETV Portal Server.
1. Setup and Configure the EtherneTV System
The following products need to be setup and properly configured prior to configuring Access
Control.
1. ETV Portal Server – The ETV Portal Server needs to be properly setup and configured
on the network. The following items should be configured in the Portal Server interface:
– If there is a VoD server(s) in the system, the proper addresses for these servers need to
be entered into the Portal Server Administrative pages and connectivity to those servers
should be ensured.
– The folder structure on the VoD server should be defined (even if there is no content
in these folders) as folders are how the Access Control functionality provides access to
end users to view VoD content, publish content, and record content. When setting up the
folder structure, the Administrator should be thinking about how they plan to provide
access to different groups of users. For example, if a corporation wanted to provide
certain content to the Engineering group and certain content to the Marketing group,
then they would want to set up an Engineering folder and a Marketing folder on their
VoD server.
– If there are live streams on the network, then those streams should be provided a
channel number if the Administrator wants to provide access to live streams via channel
number.
48
© 2005 VBrick Systems, Inc.
Access Control
– If security is a concern, SSL should be turned on between clients and the ETV Portal
Server server. This allows User Names and Passwords to be encrypted between the client
and the server. See the section Configuring for SSL on page 61 for instructions on how
to configure this.
2. VBrick – If there are VBricks in the network, they are auto-discovered but still need to
be added to the Portal Server database.
3. VoD Server – If there are VoD servers in the network, again they need to have
connectivity to the Portal Server and the folder structure needs to be configured.
4. Set-Top Boxes – If there are STBs to be deployed in the system, they should be
configured with a Host Name, and should be configured to point to the ETV Portal
Server.
Additionally, if an LDAP server is going to be used to authenticate users, then the
administrator should know the address of the server, the group structures on the LDAP
server, and the Context (if the server is not Microsoft's Active Directory).
Note
In order to scan the Groups available in Microsoft's Active Directory, in Windows
Explorer, go to Tools > Folder Options. On the General tab, make sure that the
Show common tasks in folders is selected. Then go to Start > My Network Places
and select Network Tasks > Search Active Directory.
2. Choose an Authentication Method
Select one of the following methods:
ETV Portal Server
User Database
The native ETV Portal Server user database provides local
authentication for users and administrators.
LDAP Directory
Server
Enables the ETV Portal Server to authenticate against, and
retrieve user and group data from, an existing LDAP server.
Both methods can be used simultaneously. If LDAP authentication is enabled, the ETV
Portal Server will attempt to authenticate against the LDAP server first, and if this is
unsuccessful, will attempt to authenticate against the local ETV Portal Server User Database.
VBrick Database
If authentication is enabled, you must select a database (either VBrick or LDAP). The VBrick
(ETV Portal Server) user database contains user, group, and resource information that
provides the Portal Server with information to allow it to provide the appropriate privileges
to users and Set-Top Boxes that are accessing the system. Administrators should authenticate
users with the native Portal Server user database if:
•
•
User authentication is required, but the organization does not have an LDAP server.
For STBs, the organization wishes to use User PINs. Since User PINs are not available in
the LDAP directory, the users need to be created in the ETV Portal Server database
(Note: only those users that need PINs to access STBs need to be created in the ETV
Portal Server database. PC or Mac users can still be authenticated against LDAP).
ETV Portal Server Administrator Guide
49
LDAP Directory Server
An LDAP directory server contains User and Group information which the ETV Portal
Server can authenticate against to verify User's identities. The Portal Server then uses this
information to authorize users to access the system. Administrators should authenticate users
with an LDAP Directory server if:
•
•
The organization has an LDAP server that they actively manage to allow products to
authenticate.
The ETV Portal Server administrator can obtain the necessary configuration information
from the LDAP administrator to allow the authentication to occur.
Using LDAP reduces the amount of administrative time necessary to add and modify users
from the ETV Portal Server system. VBrick Systems encourages customers who have LDAP
directories implemented to use them for authentication with the ETV Portal Server.
3. Create User Groups on the Portal Server
Grouping users is common practice and makes administering access to the ETV Portal Server
less complicated than administering access by individual user. The ETV Portal Server allows
the administrator to create groups, specify group memberships for users, and set access
privileges for the group. A user can be a member of one group or multiple groups. Group
access privileges also can be set and modified on a per group basis.
If an LDAP directory is being used for Authentication, the same group information that is
available in the directory can be used to Authorize end users to access the ETV Portal Server.
For example, if the organization has three User Groups in its LDAP directory—Marketing,
Engineering, and Sales—they can simply create these groups in the ETV Portal Server
system, and assign privileges to the groups.
4. Create Resource Groups on the Portal Server
In the Portal Server software, providing a user with Resources refers to providing them access
to a particular functionality of the EtherneTV system. These include the ability to:
•
•
•
•
•
View Live Channels.
View VoD content.
Publish content to the VoD.
Record content or schedule a recording.
Launch an emergency broadcast.
A unique feature of the Portal Server software is the ability to group Resources into Resource
Groups. This allows the administrator to quickly and easily assign several resources at once to
more than one User or User Groups. This also makes the ongoing management of this
content for these Users or User Groups much easier.
For example, if the organization has three User Groups – Marketing, Engineering, and Sales –
they might create four resource groups. These Resource Groups would be Full Access, which
are resources that everyone can see, and one Resource Group for each of the user groups.
Full Access would be assigned to all user groups, and the Marketing Resource Group would
be assigned to the Marketing User Group, the Engineering Resource Group to the
Engineering User Group, and the Sales Resource Group to the Sales User Group.
50
© 2005 VBrick Systems, Inc.
Access Control
Resource Groups provide the added bonus that they allow the Administrator to quickly
provide access to new content to Users and User Groups. For example, if the organization
originally had ten Live Channels on the network, and another Live Channel was added, the
Administrator would simply need to add that Channel to the appropriate Resource Groups
and the channel would be available.
5. Create Users on the ETV Portal Server
Creating users is an optional step that can be completed for the following reasons.
•
•
•
The organization needs to provide a single user with additional privileges above and
beyond what is available to his or her User Group or Resource Group.
The organization wants to authenticate STB users using a PIN.
Users can be assigned to multiple User Groups.
6. Assign Resources to Users or User Groups
The final step is to provide access to Resources to Users and/or User Groups. The
administrator can assign individual resources to Users or User Groups, or can assign
Resource Groups (if created) to Users or User Groups. Detailed information on the steps to
configure access control and provide access to resources to Users and/or User Groups is
provided in the following sections.
Users
There are several different ways to provide privileges to different User and User Groups with
the ETV Portal Server. The easiest way is to use the group structure of an existing LDAP
database. LDAP User Groups can be added to the ETV Portal Server system and assigned
permissions (see User Groups below). All of the users in this group will have the same
permissions. For ease of implementation, VBrick recommends configuring User Groups and
Resource Groups (see these sections below), prior to configuring users.
However, if further individual permissions need to be assigned, administrators can add them
as a user. Under the users section, administrators have the ability to add, modify and delete
users. Submit may be pressed at anytime during the process or can be done when everything
has been added/modified. Users will have the permissions of the group as well as the
additional permission that are assigned to them. The ETV Portal Server is additive in its
permissions, meaning that it takes all of the permissions that are provided to a particular user
and provides all of these to the user.
Users can be added by using the VBrick Database if LDAP authentication is not available or
desired. Finally, in order to assign user PINs to access Set-Top Boxes, a user assignment is
needed (see Set-Top Box Authentication section below). Note that STB PIN access is
dependent on the VBrick Database being enabled. See Access Control on page 36 for details.
ETV Portal Server Administrator Guide
51
Submit
Save changes and/or navigate to the next window.
Add New
Takes the administrator to the Add New User, User Group, or Resource
Group screen (depending on which section you are in)
Clear All
Clears any entries that have been entered in the individual sections.
Revert All
Returns all entries to the last state entered in the database. This selection is
important if a mistake is made during entry.
Cancel
Cancels out of the page. Changes are not saved.
Clear
Clear eliminates or de-selects any entries in the particular section.
Revert
Returns the selection to the last state entered in the database. This selection is
important if a mistake is made during entry.
Once all selections have been made, you can press Submit in the bottom right hand corner of
the screen (or any of the other buttons shown above) to submit the information to the
database. User privileges include the following options:
Add/Modify User Information
Add/Modify User's Group Assignments
Add/Modify User's Resource Group Assignments
Add/Modify Live Channel Privileges
Allow Access to Specific VOD Servers
Allow Access to Specific VOD Content
Allow Viewing by Content Type
Allow Content Publishing
52
© 2005 VBrick Systems, Inc.
Access Control
Allow Content Recording
Default Content Recording
Allow VBrick Access
STB Access
Schedule Privileges
Emergency Broadcast Privileges
Add/Modify User Information
To add or modify users, select Users from the navigation bar on the left.
User
User – Use this option if the EtherneTV system will be accessed by a
PC or Mac user, or if Users will be authenticated to STBs via PIN
numbers. This access is not limited to a specific PC or STB.
Set Top Box – Use this option if the EtherneTV system will be
accessed via a STB attached to a television or other video display. If
Set-Top Box is selected, then the privilege to the system will be on a
per STB basis. The authentication will take place automatically, so no
end user interaction is required. When choosing STB, the STB's host
name or IP address must be entered, as well as an optional location/
description of the STB.
Username
To authenticate using an LDAP database, the user name must match
exactly what is in the LDAP database (the Portal Server is case
sensitive). A new user can also be assigned (if using the VBrick
database option) that does not exist in the LDAP database.
Password
For LDAP authentication a password is not needed (the user will use
their normal network login password). If using the VBrick database a
password must be entered (passwords are case sensitive).
STB Pin
Optional. A PIN number can be assigned to a user that allows them to
access their content from any STB, regardless of the STB's privilege
level. This works well when an STB is going to be a shared resource.
Note: STB PIN access is dependent on VBrick Database being
enabled.
First Name
Optional. User First Name.
Last Name
Optional. User Last Name.
E-mail address
Optional. User e-mail address.
Location
Optional. User location.
Assigning Privileges to Users
There are three ways to assign privileges to users:
•
•
•
Assign the User to a User Group that has privileges assigned to it.
Assign the User to a Resource Group that has privileges assigned to it.
Individually assign resources to the User.
ETV Portal Server Administrator Guide
53
These methods all can be combined. For example, to provide a User with access to the
resources provided to a User Group but also provide them access to additional resources, the
administrator can a) Assign the User to that Resource Group and b) Individually assign the
additional resources to that user. Each of these methods is discussed below.
Add/Modify User 's Group Assignments
Users can be assigned to specific User Groups, and they will inherit the privileges of that
group. If no User Groups appear, then none have been defined. Click User Groups in the
main navigation to the left to create User Groups.
Add/Modify User 's Resource Group Assignments
Users can be assigned to specific Resource Groups, and they will inherit the privileges of that
Resource Group. If no Resource Groups appear, then none of been defined. Click Resource
Groups in the main navigation to the left to create Resource Groups.
Add/Modify Live Channel Privileges
A list of available live video streams will be displayed. A user can be provided access to all live
streams or specify individual streams.
Note
For live streams that have channel assignments, both the Channel Number and the
Program Name will appear in the Channel list. If the Channel number is selected,
the ETV Portal Server will always provide access to the particular channel (for
example, Channel 1) even if the Program Name of that channel changes. If the
Program Name is selected, the ETV Portal Server will always provide access to the
Program Name (for example, CNN), even if the channel that it is associated with
changes (for example, from Channel 2 to Channel 4).
Allow Access to Specific VOD Servers
Choose from a list of available NXG On-Demand Server(s) to which a user can have access.
A user can have access to multiple servers. This feature is particularly useful when VoD
servers are located in different physical locations that are separated by low bandwidth links.
For example, if a company has offices and VoD servers in both New York and Chicago, and
these offices are separated by a T-1 link, then they would want to limit the users in the
Chicago office to the Chicago VoD server and those in New York to the New York VoD
server.
Note
54
When a user is provided access to particular NXG Video-on-Demand server(s), and
they are given the privilege to Publish or Record to a particular folder, when they
Publish or Record, the video will be Published or Recorded to each server that they
have access to. This is important for clustering purposes.
© 2005 VBrick Systems, Inc.
Access Control
Allow Access to Specific VOD Content
Choose from a list of folders to which a user can have access. A user can have access to
multiple folders on multiple servers. If the user has access to multiple VoD servers, and the
folder names are the same on both servers, only one folder name will show up in the list.
Allow Viewing by Content Type
The Administrator can limit the types of content that a user can view and/or limit the
bandwidth that specific users can view. Note that this setting does not apply to URLs that
were manually added by an administrator (see URLs on page 29).
Do Not Allow
Multicast viewing
This will limit users that are on a non-multicast capable part of the
network from trying to view multicast video.
Restrict Multicast to
Kbps
This will limit users to only viewing multicast streams that are a
certain size or smaller. This works well to maintain bandwidth
utilization over a particular WAN port.
Do Not Allow RTSP
viewing
This will limit users from viewing RTSP Unicast Streams from
MPEG-4 Encoders and from accessing RTSP unicast streams
from a Video-on-Demand server (MPEG-1, MPEG-2, or
MPEG-4). This works well to maintain bandwidth utilization over
a particular LAN or WAN port.
Restrict RSTP viewing
to Kbps
This will limit users to only viewing RTSP streams that are a
certain size or smaller. This works well to maintain bandwidth
utilization over a particular LAN or WAN port.
Allow Content Publishing
Administrators can allow a user the ability to publish content to folder(s) on an NXG VideoOn-Demand Server. This function allows the user access to the Add Video page, where users
can add pre-recorded video content to a VOD. It also allows users to (1) create (and upload)
Thumbnails for video files in the folders to which they can publish, to (2) delete video
content from the VOD server, and (3) to add keyword and description data using the Modify
Info button. To prevent users from deleting content, be sure this option is disabled.
Note
If users are provided access to more than one VoD server, when they publish
content, it will be published to each of the servers to which they have access. This is
important for clustering purposes.
Allow Content Recording
Used for scheduled recording. Administrators can allow a user the ability to schedule the
recording of live content to a specific folder(s) on an NXG Video-On-Demand Server. They
cannot record content to any other folder(s). You must select a folder here to enable Default
Content Recording below. If there is no schedule license, Allow Content Recording is not
shown as an option and Default Content Recording lets you select any folder. If you add a
schedule license later (using Start > Control Panel > Add or Remove Programs) , Allow
ETV Portal Server Administrator Guide
55
will be shown as an option with all folders selected. You may want to
unselect specific folders in order to restrict recording privileges.
Content Recording
Default Content Recording
Used for on-demand recording. You must select a folder above for Allow Content Recording
before you can make a folder selection here. Administrators can allow a user the ability to
record live content to a specific default folder on an NXG Server by pressing the Record
push button below the Preview Window. For ease of use, the Administrator can only assign
one default folder where a particular user can record content. This allows one button
recording on the ETV Portal Server and is particularly important for Set-Top Box users, who
may not be able to enter a recording path with their IR remote control.
Allow VBrick Access
Administrators can allow a user the ability to access all VBricks or only specific VBricks when
scheduling events. When scheduling an event, users will see only those VBricks for which they
have been granted access.
STB Access
Administrators can allow a user the ability to access all STBs or only specific STBs when
scheduling events. When scheduling an event, users will see only those STBs for which they
have been granted access.
Schedule Privileges
Users may have full, partial, or no permission to schedule VBrick event. Users with full
privileges can modify all configuration parameters in a schedule. Users with partial privileges
cannot modify Advanced Settings.
Emergency Broadcast Privileges
Administrators can specify whether or not a user can launch Emergency Broadcasts.
User Groups
Grouping users is common practice and makes administering access to the ETV Portal Server
less complicated than administering access by individual user. The ETV Portal Server server
allows the administrator to create User Groups, specify group memberships for users, and set
access privileges for the group. A user can be a member of one group or multiple groups.
Group access privileges also can be set and modified on a per group basis.
If an LDAP directory is being used for Authentication, the same group information that is
available in the directory can be used to Authorize end users to access the ETV Portal Server.
For example, if the organization has three User Groups in its LDAP directory—Marketing,
Engineering, and Sales—they can simply create these groups in the ETV Portal Server
system, and assign privileges to the groups.
56
© 2005 VBrick Systems, Inc.
Access Control
Add/Modify Group Information
If LDAP is being used for authentication, then the group name has to exactly match the
group name in the LDAP directory. If LDAP is not being used, Group Names can be entered
directly into the ETV Portal Server database. If Microsoft's Active Directory is used, to find
the available list of active groups in Windows XP, browse to My Network Places and click on
the left-hand menu Search Active Directory. A new window will open. Click Find now to see
all available groups. In Windows 2000 , go to My Network Places > Entire Network >
Directory, the domain, and Users.
Note
Windows XP needs to be configured to Show Common Tasks in Folders. To
configure this, in My Network Places, go to Tools > Folder Options. In the General
> Tasks section, select the radio button called Show common tasks in folders.
Add/Modify Group 's User Assignments
Users can be assigned to specific User Groups, and they will inherit the privileges of that
group. If no Users appear, then none have been defined. However, if LDAP is being used for
Authentication, no users need to be defined. When a user Authenticates to the system, the
Authentication process will return the User's group information. The user will receive the
privileges that are provided to that group.
Add/Modify Group 's Resource Assignments
Resource groups can be assigned to User Groups, and the User Group will inherit the
privileges of that Resource Group. If no Resource Groups appear, then none of been defined.
Click Resource Groups in the main navigation to the left to create Resource Groups.
ETV Portal Server Administrator Guide
57
Note
The remaining options for User Groups (beginning with Add/Modify Live Channel
Privileges ) are the same as those described earlier for individual Users on page 51.
The only difference is that the descriptions will apply to groups of users rather than
to individual users.
Resource Groups
In the ETV Portal Server software, providing a user with Resources refers to providing them
access to a particular functionality of the EtherneTV system. These include the ability to view
Live Channels, to view VoD content, to publish content to the VoD, and to record content. A
unique feature of the ETV Portal Server software is the ability to group Resources into
Resource Groups. This allows the administrator to quickly and easily assign several resources
at once to more than one Users or User Groups. This also makes the ongoing management of
this content for these Users or User Groups much easier.
For example, if the organization has three User Groups—Marketing, Engineering, and
Sales—they might create four resource groups. These Resource Groups would be Full
Access, which are resources that everyone can see, and one Resource Group for each of the
user groups. Full Access would be assigned to each user group, and the Marketing Resource
Group would be assigned to the Marketing User Group, the Engineering Resource Group to
the Engineering User Group, and the Sales Resource Group to the Sales User Group.
Resource Groups provide the added bonus that they allow the Administrator to quickly
provide access to new content to Users and User Groups. For example, if the organization
originally had ten Live Channels on the network, and another Live Channel was added, the
Administrator would simply need to add that Channel to the appropriate Resource Groups
and the channel would be available.
58
© 2005 VBrick Systems, Inc.
Access Control
Add/Modify Resource Group Information
Add the Resource Group Name that is relevant for the Resource Group being created.
Add/Modify User 's Resource Assignments
Users can be assigned to specific Resource Groups, and they will inherit the privileges of that
Resource Group. If no Users appear, then none have been defined. Click on the Users section
to add Users.
Add/Modify Group 's Resource Assignments
User Groups can be assigned to Resource Groups, and the User Group will inherit the
privileges of that Resource Group. If no User Groups appear, then none have been defined.
Click User Groups in the main navigation to the left to create User Groups.
Note
The remaining options for Resource Groups (beginning with Add/Modify Live
Channel Privileges ) are the same as those described earlier for individual Users on
page 51. The only difference is that the descriptions will apply to resource groups
rather than to individual users.
ETV Portal Server Administrator Guide
59
60
© 2005 VBrick Systems, Inc.
Chapter 4
Configuring for SSL
Overview
Whenever there is concern regarding confidentiality and integrity of data being sent between
ETV Portal Server web server and external clients, the ETV Portal Server web server login
page and all administration pages should be configured with a digital X.509 certificate to
enable SSL encryption. Secure Sockets Layer (SSL) is a set of cryptographic technologies that
provides secure communications. SSL can be used between client browsers and ETV Portal
Server web server to create a secure communication channel. It should also be used between
the ETV Portal Server and any LDAP directory server that is not Microsoft's Active
Directory. Because the Portal Server software runs on a Windows 2000 or Windows 2003
server, the communication between the ETV Portal Server and Active Directory is
automatically secured using Microsoft's security scheme.
However, communications between the ETV Portal Server and other LDAP directories is not
automatically secured. Please refer to the LDAP server documentation for instructions on
how to setup SSL between the ETV Portal Server server and the LDAP directory server.
T
To set-up SSL for client access to the ETV Portal Server web server:
1.
2.
3.
4.
Generate a Certificate Request
Submit a Certificate Request
Install the Certificate on the ETV Portal Server web server
Configure Resources to Require SSL Access
Generate a Certificate Request
If your company does not have an X.509 certificate, or does not have one for the ETV Portal
Server web server, a new certificate request must first be created.
T
To generate a certificate request:
1. From the ETV Portal Server web server Macintosh, start the Microsoft Internet
Information Service (IIS) Manager.
2. Expand the server name and select the web site for which the certificate will be installed.
3. Right-click the web site, and then click Properties.
4. Click the Directory Security tab.
5. Click the Server Certificate button within Secure communications to launch the Web
Server Certificate Wizard.
6. Click Next on the welcome dialog box.
7. Click Create a New Certificate and then click Next .
If Create a New Certificate is unavailable, the certificate has probably been installed
already. If that is the case, skip the rest of steps, and go to the Configure Resources to
ETV Portal Server Administrator Guide
61
Require SSL Access section. If it is desired to create a new certificate for ETV Portal
Server web server, click Remove the current certificate to remove the certificate first,
and then restart the procedure.
8. Click Prepare the request now, but send it later and then click Next .
9. Type a descriptive name for the certificate in the Name field, type a Bit length for the key
in the Bit length field, and then click Next .
10. Type an organization name (such as VBrick) in the Organization field and type an
organization unit (such as Sales Department) in the Organizational unit field, and click
Next .
This information will be placed in the certificate request, so make sure it is accurate. The
Certificate Authority will verify this information and will place it in the certificate. A user
browsing the ETV Portal Server web server will want to see this information in order to
decide if they should accept the certificate.
11. In the Common name field, type a common name, and then click Next . (Important: The
common name is one of the most significant pieces of information that ends up in the
certificate.)
12. Enter the appropriate information in the Country/Region , State/province, and City/
locality fields, and then click Next .
13. Enter a file name for the certificate request. The file contains information similar to the
following.
-----BEGIN NEW CERTIFICATE REQUEST ----MIIDZjCCAs......
-----END NEW CERTIFICATE REQUEST-----
This is a Base 64 encoded representation of the certificate request. The request contains
the information entered into the wizard and also your public key and information signed
with your private key.
14. Click Next . The wizard displays a summary of the information contained in the certificate
request.
15. Click Next and then click Finish to complete the request process.
Submit a Certificate Request
If a CA-signed Certificate from a trusted Certificate Authority (such as VeriSign or Thawte) is
going to be purchased, the certificate request can now sent to a CA for verification and
processing. After the certificate response is received from the CA, the installation process can
continue on the ETV Portal Server web server. Purchasing a CA-signed certificate adds to the
security of the system, but also adds costs. Non-CA signed certificates will cause a security
alert in the browser upon the first access to the server.
Install the Certificate
62
T
To install the certificate on the ETV Portal Server web server:
1.
2.
3.
4.
Start Internet Information Services, if it's not already running.
Expand the server name and select the web site for which the certificate will be installed.
Right-click the web site, and then click Properties.
Click the Directory Security tab
© 2005 VBrick Systems, Inc.
Configuring for SSL
5. Click Server Certificate to launch the Web Server Certificate Wizard
6. Click Process the pending request and install the certificate and then click Next .
7. Enter the path and file name of the file that contains the response from the CA, and then
click Next .
8. Examine the certificate overview, click Next , and then click Finish .
A certificate is now installed on the ETV Portal Server web server.
Configure Resources for SSL
After installing the certificate on the ETV Portal Server web server, the ETV Portal Server
can now be configured to require SSL access.
T
To configure ETV Portal Server for SSL access:
1.
2.
3.
4.
Start Internet Information Services, if it's not already running.
Right click on Default Web site. Select Properties.
Go to the Directory Security tab.
Under Secure communications, click Edit .
If the Edit button is not available, the certificate may not have been installed correctly. Go
back to Install the Certificate on the ETV Portal Server web server section, and verify
that the certificate is installed.
5.
6.
7.
8.
Click Require secure channel (SSL) check box.
Client's browsing to file must now use HTTPS protocol.
Click OK , and then click OK again to close the Properties dialog box.
Alternatively, if only the Logon pages and the admin pages need to be secured, right-click
the following files, one at a time, and then click Properties.
Login.aspx
(Select File Security rather than Directory Security)
Admin
9. Repeat Steps 3–6 for both files for all required ETV Portal Server resources configured.
10. Close Internet Information Services.
ETV Portal Server Administrator Guide
63
64
© 2005 VBrick Systems, Inc.
Chapter 5
Auto Content Ingestion
Topics in this chapter
Overview
Removing Closed Captions
Overview
It is possible to FTP prerecorded content or copy prerecorded content to the ETV Portal
Server for easy ingestion to the NXG server. The ETV Portal Server periodically (every 5
minutes) polls certain folders for presence of content and if found ingests the content onto
multiple NXG servers. This process is called Automatic Content Ingestion or Auto-ingestion. The
content can come from a VBrick VBSTAR or a file recorded with StreamPlayer Plus.
The content should be placed in a pre-defined sub-folder (mcs\autoingest) under the FTP
root folder. This pre-defined folder is called the auto-ingest root folder. For example, if the FTP
root is at c:\inetpub\ftproot, the content could be placed anywhere under
c:\inetpub\ftproot\MCS\AutoIngest. In this example the auto-ingest root is
c:\inetpub\ftproot\MCS\AutoIngest.
Note
The default FTP path may be on a different drive, refer to the IIS default FTP
configuration to confirm.
Content that is placed under the auto-ingest root folder on the ETV Portal Server will be
ingested into the root video folder on the NXG server provided that it is configured using the
ETV Portal Server Administrator interface. If it is desired to place content on a subfolder in
the NXG server, that same folder would have to be created and configured using the ETV
Portal Server Administrator Interface as described below.
Go to Global Settings > Servers > Add-Modify On-Demand Folders. Here an existing or
new folder can be associated with select NXG Servers for auto-ingestion. The folders are
listed on the left with the path relative to auto-ingest root. The NXG servers are listed on the
right inside the Add-Modify Folders on Selected Servers box. Select the desired folder and
then select the target NXG servers to ingest content. Press Submit . The folder is now created
under the auto-ingest root folder and configured.
ETV Portal Server Administrator Guide
65
Example: If under the root video folder on the NXG Server you had a folder (or want to
create a folder) called Training and you wanted trainingvideo.mpg to be placed there.
FTP the file to the Portal Server into
<drive:>\inetpub\ftproot\mcs\autoingest\training\
The ETV Portal Server will then ingest the file automatically into the folder on the NXG
server(s) that this folder is associated with. The file trainingvideo.mpg would be displayed
on the ETV Portal Server user interface in the Training Folder.
Removing Closed Captions
MPEG-4 files with closed captions cannot be added to the EtherneTV-NXG Video-onDemand server until the closed caption track is removed. The ETV Portal Server will display
an error message if you try to add such files. VBrick provides a utility to remove the closed
captions track from an MPEG4 file if necessary. It is installed with ETV Portal Server in
c:\program files\vbrick\utils
66
© 2005 VBrick Systems, Inc.
Auto Content Ingestion
T
To remove the closed captions track from MPEG-4 files:
1. Go to c:\program files\vbrick\utils and double-click CCTrackRemover.exe
2. Enter an MPEG-4 File Name and click Remove CC Track . Depending on the size of the
file it may take a few moments to complete.
3. When done, you can add or autoingest the video file as necessary.
ETV Portal Server Administrator Guide
67
68
© 2005 VBrick Systems, Inc.
Index
A
C
Access 2
Access Control 36, 45
Access to Specific VOD Content, Allow 55
Access to Specific VOD Servers, Allow 54
Access, Allow VBrick 56
Access, STB 56
Add Link 16
Add/Modify a URL for a Live Video Stream 29
Add/Modify Group's Resource Assignments 57,
59
Add/Modify Group's User Assignments 57
Add/Modify Resource Group Information 59
Add/Modify User's Resource Assignments 59
Additional ETV Components 5
Address, Authentication by IP 48
Administration 9
Administrator Login 9
Advanced Settings 22
Allow Access to Specific VOD Content 55
Allow Content Publishing 55
Allow Content Recording 55
Allow VBrick Access 56
Assign Resources to Users or User Groups, 6. 51
Assignments, Add/Modify Group's User 57
Assignments, Add/Modify User's Group 54
Assignments, Add/Modify Group's Resource 57,
59
Assignments, Add/Modify User's Resource 59
Assignments, Global 11
Assignments, Add/Modify User's Resource
Group 54
Authentication by IP Address 48
Authentication by PIN 47
Authentication Method, 2. Choose an 49
Authentication 46
Authentication, STB 47
Authorization 46
Auto Content Ingestion 65
Certificate Request, Generate a 61
Certificate Request, Submit a 62
Certificate, Install the 62
Channel Privileges, Add/Modify Live 54
Choose an Authentication Method, 2. 49
components 1
Configure the EtherneTV System, 1. Setup and
48
Configuring for SSL 61
Content (PC Users Only), Non-Video to 31
Content Folders, Add/Modify On-Demand 18
Content Ingestion, Auto 65
Content Publishing, Allow 55
Content Recording, Allow 55
Content Recording, Default 56
Content Type, Allow Viewing by 55
Content, Allow Access to Specific VOD 55
Content, Modify VOD 36
Content, VOD 30
Control Server, Media 2
Control, Access 36, 45
Create User Groups on the MCS Server, 3. 50
Create Users on the MCS Server, 5. 51
Custom Fields 14
Customize Streams 15
B
Box, EtherneTV-STB Set Top 5
Broadcast Privileges, Emergency 56
Broadcast, Emergency 32
ETV Portal Server Administrator Guide
D
Database, VBrick 46
Database, VBrick 49
Default Content Recording 56
Definitions 45
Desktop Requirements 3
Devices, Script 26
Diagnostics 42
Directory Server, LDAP 50
Downloaded Components 1
E
Emergency Broadcast 32
Emergency Broadcast Privileges 56
EtherneTV System, 1. Setup and Configure the
48
EtherneTV-NXG Video-on-Demand Server 5
EtherneTV-STB Set Top Box 5
EtherneTV-STB Set-Top Box 5
69
ETV Portal Server 2
MySQL 2
F
O
Features, Administrative 5
Fields, Custom 14
Folders, Add/Modify On-Demand Content 18
On-Demand Content Folders, Add/Modify 18
On-Demand Servers, Add/Modify Video 17
Only), Non-Video to Content (PC Users 31
Options, Administrator 9
or User Groups, 6. Assign Resources to Users 51
Overview 1, 9, 45, 65
G
Global Assignments 11
Group Assignments, Add/Modify User's 54
Group Assignments, Add/Modify User's Resource 54
Group Information, Add/Modify Resource 59
Group Information, Add/Modify 57
Group's Resource Assignments, Add/Modify 57,
59
Group's User Assignments, Add/Modify 57
Groups on the MCS Server, 3. Create User 50
Groups, Resources and Resource 46
Groups, 6. Assign Resources to Users or User 51
Groups, Resource 58
Groups, User 56
H
Help 44
I
Information, Add/Modify Resource Group 59
Information, Add/Modify Group 57
Information, Add/Modify User 53
Ingestion, Auto Content 65
Install the Certificate 62
Installing the Root Certificate 40
Introduction 1
IP Address, Authentication by 48
L
LDAP 46
Link, Add 16
Live Channel Privileges, Add/Modify 54
Live Video Stream, Add/Modify a URL for a 29
Log-in 9
Login, Administrator 9
Logout 44
M
MCS Server, 5. Create Users on the 51
MCS Server, 3. Create User Groups on the 50
Media Control Server 2
Method, 2. Choose an Authentication 49
Modify VOD Content 36
70
P
PIN, Authentication by 47
Privileges to Users, Assigning 53
Privileges, Emergency Broadcast 56
Privileges, Schedule 56
Privileges, Add/Modify Live Channel 54
Publishing, Allow Content 55
R
Recorders 24
Recording, Allow Content 55
Recording, Default Content 56
Request, Generate a Certificate 61
Request, Submit a Certificate 62
Requirements 3
Requirements, Desktop 3
Requirements, Server 3
Resolving Other Security Alerts 42
Resource Assignments, Add/Modify Group's 57,
59
Resource Assignments, Add/Modify User's 59
Resource Group Assignments, Add/Modify User's 54
Resource Group Information, Add/Modify 59
Resource Groups, Resources and 46
Resources and Resource Groups 46
Resources for SSL, Configure 63
Resources to Users or User Groups, 6. Assign 51
S
Schedule Privileges 56
Script Devices 26
Scripts 27
security requests 1
Server Requirements 3
Server, Media Control 2
Servers, Allow Access to Specific VOD 54
Servers 17
Servers, Add/Modify Video On-Demand 17
Server, 5. Create Users on the MCS 51
Server, EtherneTV-NXG Video-on-Demand 5
Index
Server, 3. Create User Groups on the MCS 50
Server, LDAP Directory 50
Set Top Boxes 22
Set Top Box, EtherneTV-STB 5
Settings, Advanced 22
Settings, Global 11
Setup and Configure the EtherneTV System, 1.
48
Sign-On, Using Single 39
Single Sign-On, Using 39
Specific VOD Content, Allow Access to 55
Specific VOD Servers, Allow Access to 54
SSL, Configuring for 61
SSL, Configure Resources for 63
Status 43
STB Access 56
STB Authentication 47
STBs 22
Streams, Customize 15
Stream, Add/Modify a URL for a Live Video 29
System, 1. Setup and Configure the EtherneTV
48
Video On-Demand Servers, Add/Modify 17
Video Stream, Add/Modify a URL for a Live 29
Video-on-Demand Server, EtherneTV-NXG 5
Viewing by Content Type, Allow 55
VOD Content, Allow Access to Specific 55
VOD Content, Modify 36
VOD Servers, Allow Access to Specific 54
T
Top Box, EtherneTV-STB Set 5
Type, Allow Viewing by Content 55
U
URL for a Live Video Stream, Add/Modify a 29
URLs 29
User Assignments, Add/Modify Group's 57
User Groups on the MCS Server, 3. Create 50
User Groups, 6. Assign Resources to Users or 51
User Information, Add/Modify 53
User's Group Assignments, Add/Modify 54
User's Resource Assignments, Add/Modify 59
User's Resource Group Assignments, Add/Modify 54
Users on the MCS Server, 5. Create 51
Users Only), Non-Video to Content (PC 31
Users or User Groups, 6. Assign Resources to 51
Users 51
Users, Assigning Privileges to 53
Using LDAP Servers with SSL 40
Using Single Sign-On 39
V
VBrick Access, Allow 56
VBrick Database 46
VBrick Encoders/Decoders 6
VBricks 19
ETV Portal Server Administrator Guide
71
72
Index
VBrick Systems, Inc.
12 Beaumont Road
Wallingford, Connecticut 06492
Was this manual useful for you? yes no
Thank you for your participation!

* Your assessment is very important for improving the work of artificial intelligence, which forms the content of this project

Download PDF

advertisement