(similar to AWS S3 Object Storage) and delivered from Wasabi to Aviary for playback in the Application.
Link Upload: When a file is uploaded to Aviary using an external link. Aviary's background worker server downloads the files from the target link and the file is stored in
(similar to AWS S3 Object Storage) and delivered from Wasabi to Aviary for playback in the Application.
Embed Code: When an organization decides to provide a supported streaming link to Aviary, Aviary DOES NOT store and manage a media file for playback in the Application. In this scenario, Aviary streams or renders the file from an external source into the Aviary media player during playback in the Application. Currently Aviary supports the following types of embedded or streamed content:
Depending on your local security settings, we may need your IT to grant access to Aviary's IP address to allow access to .m3u8 playlist files remotely in order to connect them into our player.
Web-hosted Progressive Download Endpoints
Direct links to media files stored and available to Aviary on external servers.
Considerations When Selecting the Best Approach for Your Needs
Because Aviary is a SaaS platform for delivering content in a variety of ways, from fully public to fully locked down, Aviary's file security is based on a mutli-level approach. Aviary provides support to offer public access while also allowing organizations to implement multi-factor requirements to access a stream.
Application
Aviary's application layer supports authentication for users. This allows Aviary to employ platform-based controls related to who can load a page, or from where they can load a page.
Users create and manage their own accounts. That authentication gets them access to the platform and access to restricted assets.
Aviary has a complex array of status and permission approaches that allow publishers to limit user access to Collections, Resources, Media Files, Supplemental Files, Transcripts, Indexes, and Annotation Sets. This limits access to Aviary web pages and content delivered within Aviary sessions.
Storage
Files in Wasabi are stored encrypted at rest.
When Aviary is storing files for an organization in Wasabi, then Aviary sets the buckets and all objects to be private and not publicly available.
Aviary is granted limited-duration leases to access this content within a given session in the web application. This is handled using secret and public keys. The media file URLs leased to Aviary from Wasabi are only valid for 2x the duration of a given media file. Even if a user who has Application access to a resource tries to take a media URL outside of the Application, the URL will expire in short order.
Network (In-transit)
All traffic between Aviary and Wasabi is encrypted so that packets cannot be intercepted and decoded outside of the Aviary application. Aviary uses HTTPS protocols for all network traffic.
The File Upload and Link Upload options where media files are stored in Aviary-managed Wasabi storage buckets give Aviary comprehensive control over the privacy of the media files. Aviary can utilize Application, Storage, and Network security measures to offer the best protection for non-public media content.
The Embed/Streaming options allow Aviary to provide Application and Network security, but remove Aviary's ability to provide Storage security. This becomes the domain of the provider (whether that is a SaaS provider, a self-hosted service, or an externally-hosted service). In these cases, Aviary has no control over 1) the continuous availability of the media file nor 2) the security of the URL from which the media file is delivered. Some organizations take on the responsibilities of 1) and 2) which seals the holes left when Aviary cannot control those functionalities directly. For example, an organization that is streaming from an on-premise media server to Aviary using the m3u8 protocol can set IP access rules that only allow the Aviary server IP address to access the media server URLs.
Want to print your doc? This is not the way.
Try clicking the ⋯ next to your doc name or using a keyboard shortcut (