SRT Publisher Assistance Security Set

SRT is the protocol which many professionals consider as a replacement for RTMP for content delivery among encoders, decoders, origin and edge servers. SRT has a tremendous set of features which make it great for reliable streaming, and we see comprehensive adoption of SRT among our customers for those use cases.

Softvelum was an early adopter of SRT with Nimble Streamer and most of SRT-related features were implemented within the first year after Haivision opened the spec and the SRT library source code. The feature set covered all transmission modes and protocol parameters which allowed our customers to try the technology and start transitioning to SRT easily.

However the technology evolved and Haivision as the leader of SRT Alliance followed the feedback to add features like "streamid" parameter and other improvements which made SRT the replacement to RTMP for publication use cases.

Filling the gap in Nimble Streamer

As our customers adopted the technology, they continuously gave a lot of great feedback, especially from use cases where they got user-generated content into their delivery networks. They compared Nimble Streamer RTMP implementation for securing and managing the publication process, and asked for the same extended support for SRT.

Main concerns were related to a few key areas. First one was to support for "streamid" parameter and give abstract layers of "application name" and "stream name" to perform processing of multiple streams on the same host and port. Second one was to give user name and password for each application and stream to have more authentication options. Advanced users wanted to be able to apply publish control framework to SRT like they did for RTMP and RTSP, which would allow controlling publishers all along the streaming process. So our team wanted to solve these problems by utilizing the latest features of SRT to fill the gap in our functionality.

Softvelum now has a premium SRT Publisher Assistance Security Set - or SRT PASSet - to cover those concerns.

Here are key capabilities of SRT PASSet which are applied when Nimble Streamer works as a receiver of SRT in Listen mode:

1. Accept streamid parameter.
2. Make per-server, per-application and per-stream authentication with user and password.
3. Apply any SRT parameters to each individual stream and even individual publisher.
4. Apply allow and deny lists for IP addresses on server and stream level.
5. Manage published streams via publish control framework.

Let's have a bird-eye view on how these features work. Detailed technical articles will be published shortly.

Per-server and per-application SRT authentication via user and password

With SRT PASSet enabled, Nimble Streamer allows setting server-wide and per-application processing settings. This was available for RTMP and RTSP, now you can go to WMSPanel and define all that for SRT published streams too. You can define:

• authentication details - user and password;
• output protocols set and their details like HLS chunk size.

This combination of server and application levels gives wide capabilities for providing proper security levels for your publishers and create various service levels.

The setup details are described in this article.

Publish control framework for SRT

With per-app settings in place you can get tighter control over the publication process using publish control framework. It's a functionality to authorize and control a publisher using custom business logic. It has several levels of control capabilities.

A. Add publishing signature to authenticate publisher. It allows making sure that your publisher is exactly the one you are expecting to produce the stream.

B. Use an external handler to verify a caller. The handler is your own web application which is able to control the initial connection process according to your business logic.

C. Control the streaming process. You can create a separate web app or a script which will request a server instance to check current streaming sessions against your rules and to make an immediate interruption of any on-going streams.

Read overview of Publish control framework to learn more about this feature set and setup details article showing the process step by step.

Those levels of authentication and control provide a flexible framework itself, however you can go even further.

Your rules: Per-stream per-user and global SRT parameters

Besides providing the authentication and control functionality similar to RTMP, we also developed separate SRT-specific mechanics which would cover SRT-related use cases. A separate file with rules definition is placed on the server where the Nimble Streamer instance is running. Here are the key features.

Global server-level allow and deny lists of publishers' IP addresses with IPv4 and IPv6 supported.

Stream-level settings can be used to define parameters for each individual stream:

• Allow and deny lists for publishers' IPs for each stream and per-server.
• Per-user settings. If callers specify user name or user ID, then each user can be associated with any available SRT parameters, such as passphrase, pbkeylen, latency, maxbw and any other.
• SRT Listener socket parameters can be combined with per-user parameters. E.g. you can define socket-level default latency and then re-define it for individual users.

Rules control can also be automated so you could update them according to your business logic.

Rules control setup and usage is described in this article.

Premium flexibility

The features which you saw above give true flexibility for handling SRT publishers. If you manage or build a streaming infrastructure relying on SRT-based delivery, they are must-have for your use cases. 

All the above SRT PASSet functionality is delivered as part of Nimble Addenda premium package which provides a number of extra capabilities which you may find interesting.

More articles with setup details and usage examples are coming soon.

Stay tuned for updates and follow us in Twitter, Facebook, LinkedIn, YouTube and Telegram to get further updates.