Distributed IP production workflows are shifting the dynamics of the broadcasting industry. Alongside opportunities for new production models and use cases come challenges with the security of IP networks becoming a key consideration.
The shift from SDI to IP technology means that the fundamental principles that made SDI connections secure no longer apply. This doesn’t mean that security and IP technology are incompatible. On the contrary, media companies can reap all the benefits of IP-based media delivery while maintaining media network security by leveraging a new mission critical security capability — The IP Media Trust Boundary that will define the IP media technology take off.
SDI “security” has run its course
SDI has been pivotal in switching from analog to digital video infrastructure and supporting the transmission of uncompressed, unencrypted digital video signals. Since the 2000s, we have transported SDI over IP networks. By adding an adaptation layer to and from IP when handing over SDI signals to the studio LAN, we could create a very clear demarcation point between the IP WAN and the studio. Security became a lightweight and scalable process for media streams.
However, the broadcasting industry has changed forever with global automation and commoditised network trends taking the reins. When it comes to new content experiences, consumer expectations have changed dramatically. Media companies and production houses are increasingly deploying IP technology to benefit from its flexibility and scalability when it comes to things like new high bandwidth 4K UHD and 8K UHD video formats.
Trust is the currency of the IP world
Transitioning to IP means switching between local and public IP networks and different IP domains. All data, audio and video will enter the different domains over the same network links and ports. This means that when it comes to security, controlling the type of IP media traffic that can pass through these networks and the type of streams that can go in and out of each network domain is essential. This needs careful consideration as it’s not just the ‘harmful’ IP media traffic we should be worried about. Even otherwise ‘secure’ IP media traffic can pose serious challenges. For instance, If the content isn’t configured properly, it can flood the network and cause packet loss, jitter, and delay. This is why media organisations should have complete visibility and control of the content filtering in their IP media networks and services.
So far to address the IP media network security challenge, the industry has been leveraging a combination of existing security capabilities, including general purpose, media-unaware firewalls and to a certain degree Network Address Translation (NAT). These security ‘fixes’ didn’t have all of the functions and performance required to handle the large amount of streams and data in large IP media networks entails. With IP technology taking off, this is the right time for media companies to address the security challenge head-on without compromising on speed, latency or efficiency.
The new IP Media Trust Boundary
To be able to strictly control which stream traffic is allowed to pass in which domains, Net Insight has created the market-first IP Media Trust Boundary supporting both ST-2022 and ST-2110 workflows. The IP Media Trust Boundary automates traffic filtering of incoming and outgoing IP addresses and ports per stream and per core application. User selectable metrics allow for fine-grained control to broadly or narrowly define which data and streams to be allowed or blocked. This covers transferring content in mixed IP environments and between trusted and untrusted IP domains. The IP Media Trust Boundary is not only about security, it is also about ensuring flexibility and scalability. Therefore, the NAT functionality implemented not only allows for removal and reapplication of the full IP layer, creating a tamper proof seal, but it also allows for full reuse of IP addresses and dramatically simplifies the move between multicast and unicast networks and IP media devices.
These critical features were initially developed by our development team in the US, in close cooperation with strategic IP media customers. Now these ground-breaking innovations have been fine-tuned into the all IP Media Pro app. We worked closely with Red Bee Media on this all new app to deliver the world’s first 100GbE IP Media Trust Boundary for its multi-site IP standards based managed services solution. Traditional firewalls can slow down zero-latency uncompressed IP media traffic and the enabling power of 100GbE based content production. If the non-media aware firewall introduces delays this can seriously harm live media workflows. Scaling a non-media aware firewall can also be prohibitively expensive, raising IP-based content production costs quite significantly. Net Insight’s IP Media Pro Application is a fully programmable, adaptable, and scalable foundation for handling the high data volumes needed with zero delay or performance impact. As part of Red Bee Media’s multi-site managed services offering, the IP Media Trust Boundary powers the delivery of trusted IP media between operation centres on the 100GE wide area network.
Securing trust and the way forward
The IP Media Trust Boundary resolves the fundamental IP media security challenge in a cost-effective, reliable and scalable way. It provides the high-bandwidth, low-latency mechanism that protects IP media networks from untrusted, unapproved media traffic. With security no longer a roadblock, the transition to IP media workflows will further take off, shifting the dynamics of the broadcasting industry.
The IP Media Trust Boundary has demonstrated that the possibilities are endless.and securing individual streams in hybrid media and mixed IP domain environments is a reality. IP media technology and security can finally go hand-in-hand.