Networking.

Unreal Media Server was designed for streaming media over networks that support TCP/IP. The transport protocols between clients (players) and server are our proprietary TCP and HTTP(S) Unicast protocols, our proprietary RTP Multicast protocol and widely used MMS over HTTP Unicast protocol. This provides convenient choice of delivery method for LAN and public networks (Internet) and for any Operating System. Unreal Streaming Media Player can be used on Windows OS to play streams sent with our proprietary protocols, enabling low latency, user authentication and stream protection. Any player supporting MMS, on any OS, can use MMS delivery of Unreal media server. All players connect to media server's TCP port 5119; this port can be customized. Only exception is HTTP(S) delivery which works via IIS web server running our UHttpProxy extension. Players using HTTP(S) delivery should connect to whatever port IIS is configured to listen on, the default HTTP(S) ports are 80/443. For a client (player) to request media over Wide Area Network (WAN) the server machine must have a public IP address and/or resolvable Internet name. In case when both client and server are on the same LAN/VPN, server machine name can be used.
Live Server streams live media to Media Server which distributes these streams to the clients. Live Server computers communicate to Media Server on TCP only. The TCP connection can be initiated by Live Server via configurable Media Server TCP port (default is 5130), or by Media Server via Live Server TCP port 5120. Live Server computers can reside on different networks relative to Media Server, behind NAT firewalls and public routers. Media Server can connect to another Media Server to receive live media, which allows minimizing traffic over low-bandwidth network segments such as Internet connection.

Multicasting.

Unreal Media Server supports simultaneous multicasting of unlimited number of live sources and virtual folders. In order not to waste bandwidth, live sources are not multicasted when there are no active viewers. When the first viewer connects and requests Multicast delivery, the server will start multicasting. When the last viewer disconnects, multicasting is stopped. When multicasting files, administrator of Media Server must manually start and stop multicasting of virtual folder, using server configuration program.
When requesting multicast delivery, the client must connect to the server on TCP. The server will authorize this client and will send him multicast group information for this particular source. The client will join this multicast group and will receive media packets on RTP (UDP) multicast. No further TCP communication between client and server will be done.
Unfortunately, Multicast will not work via the Internet in most cases, since public ISPs don't allow their routers multicast delivery.

Streaming with MMS protocol.

Unreal Media Server supports Unicast streaming with MMS ( Microsoft Media Server ) over HTTP protocol. Live and recorded audio / video is being encapsulated into ASF container on the fly and sent as HTTP payload to any player on any OS that is capable of playing MMS streams. Various players on Windows, MAC, Linux, Mobile devices are supported, such as Windows Media Player, QuickTime Player, MPlayer. MMS streaming is not supported in Multicast mode. Live broadcasts and Virtual folders must have anonymous access in order to be operational for MMS protocol. MPEG-1 and MPEG-2 files are not supported with MMS protocol.

User Authentication and access restrictions.

Configuration programs of Unreal Media Server and Unreal Live Server make it possible to fully control access to media resources, allowing it only to trusted parties. Administrator can make Media Server grant access to authorized users only, and Live Server grant access to specific Media Servers only. There are 2 types of user authentication supported by Unreal Media Server: Internal Authentication and Session-based authentication. Every resource configured with Media Server Configurator (both virtual folders and live broadcasts), can be set to allow anonymous access or require one of these 2 types of authentication. Unreal Live Server supports access restrictions based on IP address of Unreal Media Server.

1. Internal Authentication
Media Server administrator creates users. Users can be administrated using either Media Server Configurator or Web page (Refer to useradmin page in our sample source code ). A user can belong to one of 3 user groups: Basic, Medium and Advanced. Resource that is set to use Internal authentication, can restrict access to a specific user group. When a user tries to access such a resource, the ActiveX control (hosted by Streaming Media Player, web page or some other container) will prompt the user to enter User name and Password, and will optionally persist it on the user's computer. User's credentials are bound to Media Server IP address, such that if the user accesses some resource on a different Media Server, he/she will be prompted to enter credentials again.
Security: User's credentials are encrypted with strong one-way hashing algorithm, before they are sent on the network. These encrypted credentials are encrypted once again with industry-strength symmetric algorithm when they are stored on user's computer (if the user chooses to remember them locally) and on Media Server's computer, when administrator creates users. This guarantees high degree of security without using certificates that require 3-rd authentication parties.

2. Session-based Authentication
Internal authentication is recommended when users access Media Server directly, typically launching Streaming Media Player and entering the parameters. In case when there is some external authorization portal, that provides authorized users with access to media resources (such as UMS:// links and pages with embedded ActiveX controls), a session-based authentication is a preferred way to handle secure access. In session-based authentication Unreal Media Server doesn't know anything about users. A secure Web-page that handles the authentication by any means creates a session for an authorized user. When the session is created, Unreal Media Server has to be notified about it, and when the session is expired, Unreal Media Server has to be called to remove it from its internal collection of active sessions. Also, when web server returns HTML page to the client, session ID needs to be appended to UMS:// links, or UseSessionID method needs to be called in the client-side scripting for embedded ActiveX control. That way when the client sends a request for streaming media to Unreal Media Server, the session ID will be passed along, and Unreal Media Server will be able to find this Session ID in its internal collection of active sessions. If matching session ID is found, the request will be trusted and served. Refer to our sample web application for reference on session-based authentication.

   © 2003-2008 Unreal Streaming Technologies. All rights reserved.