HTTP Live Streaming (HLS) is an HTTP-based streaming protocol which supports delivery of adaptive bitrate video and audio streams. DuraCloud makes use of Amazon CloudFront to deliver its HLS streaming capability, so streaming content must be stored in the Amazon S3 storage provider to take advantage of this feature.
Media files must be transcoded into a format which is supported by HLS before streaming may occur. Typically transcoding results in a set of .ts segment files which contain the media in time-boxed fragments and .m3u8 index files which are used to capture the ordering and combinations of .ts files for playback.
Further background and information about HLS can be found on: wikipedia, encoding.com, and apple.com (as well as many other sites).
A simple example of displaying an HLS video file that is streamed via DuraCloud can be found on this page. If you review the page source, you will see that an HTML 5 video tag is used along with javascript from hls.js. The HTML 5 audio tag can be used similarly for audio content. The DuraCloud space where the video content is stored is set to allow open streaming (details on this below). The video in the example was transcoded using AWS Elastic Transcoder to create a single audio segment at 64k and a single video segment at 600k from a source MP4 video file.
Configuration of secure streaming is more involved due to the redirecting that is required (see the interaction flow below). For this reason, a demo application was created to provide an example of how your web application could utilize secure streams: https://github.com/duracloud/streaming-demo.
DuraCloud supports two different types of HLS streaming, open and secure. Open streaming allows anyone with access to the URL for a content item (in a space where open streaming is enabled) to stream that content. The exception to this is if the allowedOrigins parameter is utilized when enabling HLS streaming for a space, which limits browser-based (JavaScript) streaming requests to only certain hosts.
Secure streaming requires that permission be granted before a user is able to stream a file. Your web application will need to determine if the user has the necessary rights, and if so, allow a set of cookies to be set on that user's browser. Those cookies are used to verify that the user has permission to stream the files in a space. The request to generate those cookies can set further limits, such as the length of time the user will have access and the IP address range where the streaming is allowed to take place. The purpose of secure streaming is to restrict the use of the stream. This is ideal for scenarios where streamed content is not free to use or must only be provided to a limited audience.
Follow these steps to stream media files with DuraCloud using HLS
In order for media to be streamed from a space with secure streaming enabled, a set of cookies must first be set on the user's browser. These cookies provide the policy and signature used by Amazon CloudFront to verify that the user has permission to retrieve the files. One set of cookies applies to all content in a space. Each streamed space has its own streaming host and associated cookies.
Due to browser security requirements, cookies which apply to a domain can only be set in a response from that domain. In order to set cookies which apply to the CloudFront streaming domain, a call needs to be made to CloudFront by the user which results in the cookies being provided in the response. To make this happen, your web application (which is allowing the user to discover the streamed content) must interact with DuraCloud and the user following these steps:
The following diagram shows the flow of control described in the previous steps. The diagram uses a video list page as an example of a page the user could request from your web application, but this could be any page. The Web Application component is written and managed by the DuraCloud subscriber.
While this diagram may seem complex, the vast majority of the work is done for you by DuraCloud and CloudFront. As noted above, you need to make one call to retrieve the signed cookies URL, then respond to the user redirecting them to that URL. The rest of the flow for setting cookies is handled outside of your application. The user is then returned to your application in order to continue to search for media content, and that content is displayed in the same way as with open streaming.
If you add files to a space with streaming turned on, those files will automatically be made available for streaming as well. |