Mediasite for the enterprise. Technical planner: TP-05

Transcription

1 Mediasite for the enterprise Technical planner: TP-05

2 2011 Sonic Foundry, Inc. All rights reserved. No part of this document may be copied and/or redistributed without the consent of Sonic Foundry, Inc. Additional copies may be obtained by contacting Sonic Foundry. Sonic Foundry, the Sonic Foundry logo, Mediasite, and the Mediasite logo are registered trademarks of Sonic Foundry, Inc. All other trademarks are the property of their respective owners. Sonic Foundry, Inc. 222 W. Washington Avenue Madison WI toll free from the US and Canada Sonic Foundry. Since For more information, please contact Version: 6.0, November 2011 Sonic Foundry, Inc.

3 Table of Contents Overview... 1 Audience... 1 Fundamentals of the Mediasite EX Server Platform... 2 Major Components... 2 Mediasite Recorders... 3 Room based capture: Mediasite RL Recorder... 3 Portable capture: Mediasite ML Recorder... 3 Mediasite Server... 4 Server components... 4 Server hardware requirements... 5 End User Playback... 6 Deployment Models... 7 Three server deployment... 7 Four server deployment... 8 Load balanced deployment... 9 Scaling Mediasite for Larger Deployments Authentication Enterprise directories Single sign on (SSO) using SAML Alternate Single Sign On (SSO) Solutions Custom SSO Learning Management Systems (LMS) and Content Management Systems (CMS) Mediasite Building Block for Blackboard Learn Mediasite Content Module for Moodle Embedded presentations and catalogs External Data Access Service (EDAS) API Network Integration Firewall SSL Media Security Network Attached Storage (NAS) Caching Multicast Push & Pull Distribution for live broadcasts Network Load Balancing (NLB) Mediasite Job Farm Additional Information Sonic Foundry, Inc.

4 Overview Mediasite is an enterprise webcasting, lecture capture, and hybrid event platform. Mediasite webcasting technology completely automates the recording, distribution, management, and analytics of high quality video and multimedia presentations. A Mediasite installation consists of Mediasite Recorders and the Mediasite EX Server. Recorders record, encode, and synchronize content from video, audio, and DVI/VGA devices. DVI/VGA capture provides high resolution content recording from laptops and tablet PCs as well as whiteboards, document cameras, and digital instrumentation. Recorders capture and encode content in real time, which means it is unnecessary to author content, pre upload slides, or devote time to post production. Recorders can be pre scheduled to automatically start and stop recording without presenter interaction. Presenters can also control their own recordings with the easy to use Recorder interface or a Crestron or AMX room control touch panel. Mediasite EX Server, available as an on premises or hosted/saas offering, is the unified platform for webcasting and managing live or on demand presentations captured by Mediasite Recorders. It simplifies rich media content management by providing all the necessary tools to schedule, organize, customize, secure, track, and search recorded webcasts. This document provides an overview of common deployment models that can be used to successfully deploy Mediasite in your enterprise. Audience Readers of this document should include Network, Database, and System Administrators responsible for managing the Mediasite installation. Sonic Foundry, Inc. Page 1 of 13

5 Fundamentals of the Mediasite EX Server Platform Major Components When deploying Mediasite, there are three major components: 1.) Mediasite Recorder(s) One or more Mediasite RL (rack mount) and /or ML (portable) appliances. 2.) Mediasite EX Server Software suite that allows users to view and manage Mediasite presentations. 3.) End users LAN and/or Internet users that watch and manage Mediasite presentations. This document will focus on planning for the deployment of the Mediasite Server Infrastructure. Sonic Foundry, Inc. Page 2 of 13

6 Mediasite Recorders The Mediasite Recorder is responsible for capturing the presenter s video, audio and visual materials in high resolution automatically webcasting them live or on demand without changing how they present. The Recorder can be controlled with a keyboard and mouse or through a web interface, or it can be automatically scheduled to start and stop recording at predetermined times. The Mediasite Recorder is available in the mobile or rack mounted form factors. Room-based capture: Mediasite RL Recorder For lecture halls, smart classrooms, conference and training rooms, or auditoriums Integrates with Crestron and AMX room control and automation systems Standard and HD models available Portable capture: Mediasite ML Recorder For on the go webcasting, live events, conferences, hybrid events, and trade shows Rugged, portable appliance moves easily from location to location and can be setup and ready to record in minutes Sonic Foundry, Inc. Page 3 of 13

7 Mediasite Server The Mediasite EX Server consists of multiple components that have various roles in managing the Mediasite solution. Depending on the business needs of the Mediasite system, the individual modules will be deployed across multiple servers. The major modules and their role are outlined in the table below. Server components Component Name Role Major System Requirement EX Server Software The EX Server includes web applications and web services that support thirdparty application integration with Mediasite and modules. The web applications include: Mediasite Management Portal to manage and set up access control for Mediasite content Windows Server 2003, 2008 or 2008 R2 Microsoft IIS 6+ Microsoft IIS FTP Services or 3 rd party SFTP server Microsoft.NET 4 Mediasite Catalog to publish Mediasite presentations to the web Mediasite Player to play back Mediasite presentations Mediasite Configuration Editor to configure system settings Mediasite Directory Active Directory or LDAP Media Server Control Service The local user directory that can store users and groups within the Mediasite application Connecting Mediasite with an external AD or LDAP allows the Mediasite Administrator to create Security Roles in Mediasite that map to a User or Group in the external directory. Application responsible for creating and removing live publishing points. Windows Server 2003, 2008 or 2008 R2 Microsoft Active Directory Application Mode (ADAM) or Microsoft Active Directory Lightweight Directory Services (AD LDS) 3 rd party Active Directory or LDAP directory Integrating with an external directory is optional. Windows Server 2003, 2008 or 2008 R2 IIS Media Services Windows Media Services Microsoft IIS FTP Services or 3 rd party SFTP server Sonic Foundry, Inc. Page 4 of 13

8 Component Name Role Major System Requirement Database System Services OCR Service Search Service Transcoding Service Responsible for storing presentation metadata, logs, and other settings. Media files are NOT stored in the database. Service responsible for creating Podcast and Publish to Go versions of a presentation. Scans and indexes the text from the slide images captured by the Mediasite Recorder. The results are used to improve search capabilities. The indexing service scans all Mediasite presentations allowing users to search for Mediasite content. Converts Mediasite presentations into different media formats (WMV, Smooth Streaming (H.264), MP4), enabling optimal playback on multiple desktop and portable devices. Microsoft SQL Server or Microsoft SQL Express Windows Server 2003, 2008 or 2008 R2 Microsoft.NET 4 Windows Server 2003, 2008 or 2008 R2 Microsoft.NET 4 Windows Server 2003, 2008 or 2008 R2 Microsoft.NET 4 Windows Server 2003, 2008 or 2008 R2 Microsoft.NET 4 Server hardware requirements The number of physical servers or virtual machines that you need for your deployment will vary depending on the business requirements of the Mediasite system. Each Server in your deployment running any of the Mediasite EX Server components should meet or exceed the following requirements listed below. If you are going to use a stand alone database server, please review the minimum hardware requirements at: Sonic Foundry, Inc. Page 5 of 13

9 Microsoft Windows Server 2008 or 2008 R2 CPU: Intel Xeon Quad Core 2GHz or better Microsoft Windows Server 2003 CPU: Intel Xeon Quad Core 2GHz or better RAM: 4GB or more RAM: 4GB or more Storage: Storage: o Web: Operating system plus 0.5MB storage per minute of content o Web: Operating system plus 0.5MB storage per minute of content o Media: Operating system plus 2MB storage per minute of content* o Media: Operating system plus 2MB storage per minute of content* o Transcoding: Operating system plus 50GB for temporary files o Transcoding: Operating system plus 50GB for temporary files o System, Search and OCR Services: Operating system plus 50GB for temporary files o System, Search and OCR Services: Operating system plus 50GB for temporary files RAID storage configuration and redundant power supplies (recommended) RAID storage configuration and redundant power supplies (recommended) * Additional storage is required if recording with Smooth Streaming or making content available for portable devices. End User Playback Mediasite playback gives students, employees, and stakeholders the most engaging and flexible online experience to watch lectures and webcasts unconstrained by viewing device or traditional webcast layouts. Currently, Mediasite is supported on the following devices. Sonic Foundry, Inc. Page 6 of 13

10 Deployment Models Depending on the business needs for Mediasite, server hardware requirements will vary. The easiest way to determine the preferred deployment model is based on the number of concurrent users viewing content and any uptime or redundancy requirements. The table below outlines a general recommendation for the type of deployment for the most common scenarios. Sonic Foundry Professional Services can provide comprehensive assistance with deployment planning. Concurrent Viewers Pilot 3 Server 4 Server Load Balanced Deployment Type Production 4 Server Load Balanced Load Balanced Enterprise or Campus Wide 4 Server Load Balanced Load Balanced Load Balanced Three-server deployment Sonic Foundry, Inc. Page 7 of 13

11 Module locations: EX Server Software ADAM/AD LDS Media Server Control Service Database System Services OCR Service Search Service Transcoding Service Web/Database Server Transcoding Server Media Server AD/LDAP (Optional) Key Recommended Optional This deployment model is ideal for: Situations where the number of concurrent users watching a presentation at the same time is low to moderate Customers who will not have a large amount of high bitrate content Four-server deployment Sonic Foundry, Inc. Page 8 of 13

12 Module locations: EX Server Software ADAM/AD LDS Media Server Control Service Database System Services OCR Service Search Service Transcoding Service Web Server Media Server Transcoding Server Database Server AD/LDAP (Optional) Key Recommended Optional This deployment model is ideal for: Situations where a large amount of live and on demand content will be produced on a daily basis Customers looking to leverage an existing database server on their network Situations where the number of concurrent users watching a presentation at the same time is moderate to high Customers who plan on recording high bitrate content Load-balanced deployment Sonic Foundry, Inc. Page 9 of 13

13 Module locations: EX Server Software ADAM/AD LDS Media Server Control Service Database System Services OCR Service Search Service Transcoding Service Web Server(s) Media Server(s) Database Server(s) NAS Transcoding/ Worker Server(s) AD/LDAP (Optional) Key Recommended Optional This deployment model is ideal for: Deployments where redundancy and capacity are critical Situations where a large amount of live and on demand content will be produced on a daily basis Customers looking to leverage an existing database and Network Attached Storage (NAS) on their network Situations where the number of concurrent users watching a presentation at the same time is high Customers who plan on recording high bitrate content Scaling Mediasite for Larger Deployments When configured properly, Mediasite is designed to be able to record from many simultaneous recorders and stream the recorded presentations live and on demand to thousands of LAN or internet users. In order to scale to this level, Mediasite can be configured to integrate with 3 rd party applications and various network hardware. Authentication Enterprise directories Connecting Mediasite to an external Active Directory or LDAP directory allows Mediasite Administrators to take advantage of existing groups and users on their network to grant access to the Mediasite system. Roles can be created in Mediasite that are automatically mapped to users or groups in an external directory and used to secure Mediasite content. As users are added and removed from the AD or LDAP group, these users are automatically granted or denied access to the secured Mediasite resource. Please refer to the Mediasite Security Technical Planner for more details on connecting Mediasite to an external Active Directory or LDAP directory. Single sign-on (SSO) using SAML 2.0 Mediasite provides the option to provide Single Sign On (SSO) using Security Assertion Markup Language (SAML) 2.0. SAML, developed by the Security Services Technical Committee of OASIS, is an XML based framework for communicating user authentication, entitlement, and attribute information. SAML 2.0 consists of an Identity Provider and Service Providers. SAML 2.0 compliant systems like Shibboleth 2.0 serve as an Identity Provider. Mediasite EX Server includes a built in SAML 2.0 compliant Sonic Foundry, Inc. Page 10 of 13

14 Service Provider. For further instructions on integrating Mediasite with a SAML 2.0 identity provider, please refer to the Mediasite Security Technical Planner. Alternate Single Sign-On (SSO) Solutions Sonic Foundry offers custom development services, at an additional cost, to implement a custom login page that authenticates users based on alternate schemes like: Single Sign On (SSO) based on integrated authentication with Internet Information Services (IIS) Single Sign On (SSO) from a proprietary authentication system such as CAS or e Authentication In such cases, the new login page is specified as part of the ASP.NET forms authentication settings for the Mediasite EX Server and Mediasite uses it instead of the default one. For more information about SSO development, please contact Sonic Foundry Technical Support, or your Sonic Foundry Sales Engineer for pricing. Custom SSO Mediasite includes the External Data Access Service (EDAS) API that provides programmatic access to many server functions, including custom authorization via ticketing functions. Custom development using this API can be implemented by Sonic Foundry on an engagement basis or by a software developer with some Microsoft.NET platform experience. Examples of such integration include developing Mediasite extensions for a learning management system or content management system, or integrating Mediasite into a web portal. Learning Management Systems (LMS) and Content Management Systems (CMS) Mediasite Building Block for Blackboard Learn The Blackboard Building Block allows Blackboard users to automatically publish any Mediasite recorded presentation, lecture or training, whether live or archived, to courses in Blackboard Learn. Single sign on (SSO) support streamlines access for students while ensuring content security and accurate reporting. For more information on this module, please contact your Sonic Foundry sales representative. Mediasite Content Module for Moodle The Moodle content module allows you to easily link to Mediasite content from within any Moodle course. With SSO support, students watch secure content without additional authentication to the Mediasite Server. This open source module is available at Embedded presentations and catalogs Mediasite s built in embedding capabilities and flexible Player and Catalog layouts also make it easy to integrate video and rich media content within other Learning Management Systems (LMS), Content Management System (CMS), blogs, and any website that support embedded content. Embedded Mediasite presentations retain any security restrictions that are assigned in the EX Server management system. External Data Access Service (EDAS) API Mediasite includes the External Data Access Service (EDAS) API that enables developers the ability to develop 3 rd party tools to allow seamless integration with the Mediasite platform. Custom development can be implemented by Sonic Foundry on an engagement basis or by a software developer with some Microsoft.NET platform experience. Sonic Foundry, Inc. Page 11 of 13

15 The documentation and sample code package for EDAS can be downloaded from the Mediasite Customer Assurance Portal. Network Integration Firewall Depending on how Mediasite EX Server is configured on a network, certain ports in the Windows Firewall or enterprise firewall may need to be opened. Please refer to the Technical Planner titled Network Setup and Firewall Considerations for more details. SSL By default, Mediasite uses a Self Signed SSL certificate to protect login credentials on the main login pages and to encrypt all back end traffic used between the different Mediasite components. For users wanting more security, it is possible to enable HTTPS for the entire web interface, requiring that users view all Mediasite Management Portal, Catalog and Player web pages over HTTPS. The video stream can also be streamed over HTTPS if content is encoded as a MP4 and served over IIS Media Services as a progressive download. When enabling SSL in a Mediasite deployment, Sonic Foundry recommends that customers purchase a certificate from a trusted provider. Media Security The system is capable of protecting video content through the use of the Mediasite Authorization module. The module is installed as a handler on IIS Media Services or a windows media authorization plug in on the Windows Media Server. When enabled, this IIS Media Services and Windows Media Services plug in ensures that the media file can only be viewed through the Mediasite player, reducing the chances of a hacker guessing the URL to the media file and playing or downloading it without permission. Network Attached Storage (NAS) For larger deployments and Load Balanced configurations, increased storage requirements may dictate that primary Mediasite presentation data (video, slide and custom graphics) is stored on a Network Attached Storage (NAS) device. Mediasite supports NAS hardware appliances or a Windows Server with a standard CIFS share that points to a large local disc or SAN. When configuring Mediasite to use a NAS device, a domain service account must be used. Caching Mediasite 6 is capable of integrating with most 3 rd party network caching devices. When properly configured, the network caching devices are capable of caching the video and the slide components of the presentation. In order to work properly, caching devices must be configured to cache Smooth Streaming and JPG images. Please see the Mediasite Server Deployment guide for more details on configuring Mediasite to integrate with 3 rd party hardware caching devices. Multicast The Mediasite multicast add on allows live Mediasite presentations to be broadcast using multicast if the Windows Media Server and network hardware support multicast. When a presentation is broadcast live using IP multicast distribution, only one stream is sent from the Windows Media Server to the network. Sonic Foundry, Inc. Page 12 of 13

16 Any number of viewers can join the multicast stream and the network routing and switching hardware will provide a copy of the video stream to the user without any additional load on the server. An engagement with Sonic Foundry Professional Services is required for Mediasite multicast implementation. Mediasite account representatives or resellers can provide cost information relative to specific multicast deployments. Push & Pull Distribution for live broadcasts Mediasite 6 Recorder is capable of pushing a live broadcast to a media server. This may be required when the inbound connection to a recorder from the Mediasite server is blocked. This typically occurs when a Mediasite recorder is placed at a remote location relative to the server deployment. The default configuration is for the EX server to pull the media stream from a Mediasite 6 Recorder. In both scenarios, you can specify a secondary media server to support failover of media servers. Network Load Balancing (NLB) In a load balanced deployment, the network load balancer is a critical piece to ensure that Recorder and End user traffic is automatically directed to the proper web and media servers. When using a 3 rd party Network Load Balancer (NLB), the following points must be considered: The NLB is configured with virtual IP addresses and FQDNs for Mediasite Servers and Media Servers. Sticky / persistent mode is enabled to maintain a user s connection to a single server for a session. The NLB should preferably be set up in active/active mode for high availability and scalability. The NLB should be capable of balancing HTTP, HTTPS and FTP traffic. Please note that each additional EX Server requires a high availability license. To purchase Mediasite EX Server high availability licenses contact your Sonic Foundry account representative or reseller. Mediasite Job Farm Mediasite 6 offloads long running jobs to the Mediasite Job Farm. Various services run on the Mediasite Job Farm and include transcoding, OCR, publish to go, reporting etc. This allows the machine running the EX Server to be maximized for managing, browsing and playback operations. The job farm can be scaled by adding more units of a particular service for faster turn around times. The Mediasite Configuration Editor provides a dashboard that allows administrators to see how their job farm is performing. The administrator can use this information to add new worker machines to the pool of services based on metrics. Additional Information Additional installation and deployment information is available in the Mediasite EX Server Deployment Guide, which can be downloaded from the Mediasite Customer Assurance Portal. New Mediasite customers may contact their Sonic Foundry sales representative for more information on scheduling a date for setting up a new Mediasite installation. Existing customers may contact Sonic Foundry Technical Support or visit us on the Mediasite Customer Assurance Portal to seek more information on upgrades and migration. Existing customers may also contact their Sonic Foundry sales representative for more information on scheduling a date for upgrading their Mediasite installation. Sonic Foundry, Inc. Page 13 of 13