By Per Lindgren, CTO and Co-founder, Net Insight
However, so far IP has come with a caveat — the uncertainty surrounding security. The shift from the air-tight SDI to IP means that media companies need to change the guiding principles they operate on. Does this mean that media organizations and production companies should lower their security standards? Absolutely not, the shift to IP is a new paradigm for the broadcasting industry that cannot afford to miss out on. The IP Media Trust Boundary is the new mission critical security capability that brings security back to IP and will shape its take off moving forwards.
Saying goodbye to SDI
For the past two decades, SDI has been pivotal in enabling the broadcasting industry to switch from analog to digital video infrastructure and benefit from the transmission of uncompressed, unencrypted digital video signals. By adding an adaptation layer to and from IP when handing over SDI signals to the studio LAN, we could create a very clear demarcation point between the IP WAN and the studio. Ensuring media streams remained secure was not a particularly complicated or arduous process.
However, this can no longer remain the case. On the one hand, today’s consumer preferences and expectations when it comes to content experiences are fundamentally different. At the same time, the need for new remote and distributed workflows utilizing public IP networks has become vital during the pandemic. IP technology enables media companies and production houses to leverage the power, agility, and scalability of new high bandwidth UHD-4K and UHD-8K video formats. The broadcasting industry has moved on and SDI simply cannot catch up.
Building trust in the IP world
IP powers a technology ecosystem where broadcasting players are switching between local and public IP networks and different IP domains. Data, audio and video streams enter the different domains over the same network links and ports. To ensure the security of the network, media companies need to control the type of IP media traffic that can pass through these networks and the type of streams that can go in and out of each network domain. It’s also much more complicated than simply controlling ‘harmful’ IP media traffic. What we would typically consider ‘secure’ IP media traffic can pose serious challenges. For instance, if the content isn’t configured properly, it can flood the network and cause packet loss, jitter, and delay. To eliminate these risks, media organizations should have complete visibility and control of the content filtering in their IP media networks and services.
So far to address the IP media network security challenge, the industry has been leveraging a combination of existing security capabilities, including general purpose, media-unaware firewalls and to a certain degree Network Address Translation (NAT). These security ‘fixes’ didn’t have all of the functions and performance required to handle the large amount of streams and data in large IP media networks entails. With IP technology taking off, this is the right time for media companies to address the security challenge head-on without compromising on speed, latency or efficiency.
Reinstating security with the IP media trust boundary
When it comes to security, controlling which stream traffic is allowed to pass in which domains is critical. Net Insight has created the market-first IP Media Trust Boundary supporting both ST 2022 and ST 2110 workflows. The IP Media Trust Boundary automates traffic filtering of incoming and outgoing IP addresses and ports per stream and per core application. Through user selectable metrics, industry players benefit from strict control to define which data and streams to be allowed or blocked. This covers transferring content in mixed IP environments and between trusted and untrusted IP domains. The IP Media Trust Boundary does not simply reintroduce security, it also ensures flexibility and scalability. The NAT functionality allows for removal and reapplication of the full IP layer, creating a tamper proof seal while enabling the full reuse of IP addresses and dramatically simplifies the move between multicast and unicast networks and IP media devices.
These critical features were initially developed by our development team in the US, in close cooperation with strategic IP media customers. Now this next-generation capability has been integrated into the IP Media Pro App. To deploy and launch this new App, we worked closely with Red Bee Media to deliver the world’s first 100GbE IP Media Trust Boundary for its multi-site IP standards based managed services solution. Traditional firewalls can slow down zero-latency uncompressed IP media traffic and the enabling power of 100GbE based content production. If the non-media aware firewall introduces delays this can seriously harm live media workflows. Scaling a non-media aware firewall can also be overly expensive, pushing IP-based content production costs up. Net Insight’s IP Media Pro Application is a fully programmable, adaptable, and scalable foundation for handling the high data volumes needed with zero delay or performance impact. As part of Red Bee Media’s multi-site managed services offering, the IP Media Trust Boundary powers the delivery of trusted IP media between operation centers on the 100GE wide area network.
The future of IP media delivery is secure
The IP Media Trust Boundary addresses the key IP media security challenge in a cost-effective, reliable, and scalable way. It provides the high-bandwidth, low-latency mechanism required by media while protecting the IP media networks from untrusted, unapproved, and harmful media traffic. By removing the security roadblock, more industry players will feel ready to shift to IP media workflows, unleashing their revolutionizing power.
So far, the broadcasting industry has only scratched the surface of the benefits of IP technology. The Media Trust Boundary is a game-changing capability that makes securing individual streams in hybrid media and mixed IP domain environments a reality. Broadcasting players can finally leverage the power of IP with zero compromise.