October 12, 2015

RTSP and RTMP publish control framework overview

For the past few years, mobile devices were showing significant improvements for video creation capabilities hence the popularity of video live streaming solutions - from mobile broadcasting libraries to complex all-in-one solutions. If you create a streaming solution yourself, you need to be able to control the publication process for the protocol which you choose to work with, e.g. for RTSP or RTMP.

RTSP and RTMP incoming streams were supported in Nimble Streamer for a while already among other protocols. Nimble supports both RTSP and RTMP streaming authentication server-wise as well as for specific applications. This is was done according to the standard. So if a customer needed to separate publishing permissions between his users, he needed to create separate application for each individual publisher. But when you broadcast from mobile devices, you probably will need some better way to make sure each publisher has separate permission to publish.

Our customers have been using WMSAuth Paywall functionality to secure the outgoing streaming for a long time. Now to secure the incoming streams, we introduce the Publish control framework which allows performing multi-level authorization.
Secure incoming and outgoing streams via Nimble Streamer.



So now Nimble Streamer allows controlling the RTSP and RTMP publication both when establishing connection time and during the streaming process. It has various options so let's see what we have, step by step.


The following scenarios of both RTSP and RTMP authentication are available.

"Zero option" is if you don't need any protection for incoming RTSP or RTMP streams, then you can just specify only RTSP port number or RTMP port number. Any publishers can push any streams to your server through the specified port so we do not recommend it.

1. The first scenario is to use publishing credentials. You create a separate application for each user with unique username and password to get authorized streams from different authorized users. This mechanism is unsuitable for the large number of users and does not allow to block users during streaming process because the authorization takes place only at the time of connection of the user.

2. In order to allow multiple users to publish streams to the media server and to have the flexibility to control streams, you need to use our Publish control framework.

At this step we add a publish signature, which is based on the following parameters:
  • user identifier (ID);
  • stream name;
  • password which was specified in application;
  • publisher IP address (this one is optional).
You need to specify an application in WMSPanel control UI to operate the incoming streams. Publishing users will be grouped in. The application name should be the same as specified on step 2. The password which is used in this signature should be specified in the publish control application settings via the UI.

To publish to Nimble Streamer, the publisher will use the URL like this:
rtsp://192.168.5.5:554/live/stream?publishsign=aWQ9SURfMSZzaWduPW95Zi9YVHBLM0c3QkQ4SmpwVnF1VHc9PSZpcD0xMjcuMC4wLjE=
For RTMP if will be
rtmp://192.168.5.5:1935/live?publishsign=aWQ9SURfMSZzaWduPW95Zi9YVHBLM0c3QkQ4SmpwVnF1VHc9PSZpcD0xMjcuMC4wLjE=/stream

Here, a publishsign is the signature for incoming stream.

When the user is going to publish RTSP or RTMP stream, the media server will check publish signature and if this signature does not match the calculated signature, then the user stream will not pass.
At this step the publish control is very similar to the hotlinking protection.

3. To get full control for the incoming streams, you need to create a handler application and specify its URL in the control UI.

The handler is an HTTP controller which is able to process POST requests and return the response according to the business logic of the customer. If you don't specify the handler URL then Publish control framework will not try to call the handler. This is done to allow debugging the signature-checking mechanism.
Besides handler URL, you can set up the grouping interval for the incoming streams. The handler is called with some timeout to aggregate several requests in one. This allows avoiding the resources waste in case of frequent calls.

Publish control passes the client signature (publishsign) to the handler. As a response to the request, the handler must return the status and Nimble Streamer acts accordingly to allow or deny the connection, based on the status received from the handler.

4. With publish control you can manipulate RTSP and RTMP streams not only at connection time, but also during the streaming process as well when the user is already connected and streaming. To perform this, each streaming session is assigned with its own key. Your publish control handler can request Nimble with any frequency to identify which users still publish their streams.
If you need to stop certain streaming session then your handler calls Nimble, specifies the session ID and this stream will be blocked immediately.


Using publish control framework you can implement any level of incoming streams security from basic level authorization to advanced business logic solution.

If you need to change the incoming streams' content parameters, like change the bitrate, use our Live Transcoder for Nimble Streamer to transform. It has high performance and low resource usage.



The next article describes step-by-step publish control set up with examples of source code, requests and responses.



Related documentation


RTSP streaming via Nimble Streamer, RTMP feature set in NimbleNimble Streamer paywall feature set, Mobile broadcasting library, Larix Broadcaster app to publish RTSP from mobile devices,  Build streaming infrastructure with Nimble Streamer

Обзор механизма контроля публикаций RTSP и RTMP

No comments:

Post a Comment