媒体服务 v3 常见问题解答Media Services v3 frequently asked questions

媒体服务徽标 v3media services logo v3


备注

Google Widevine 内容保护服务目前在 Azure 中国区域不可用。Google Widevine content protection services are currently unavailable in the Azure China regions.

本文解答有关 Azure 媒体服务 v3 的常见问题。This article gives answers to frequently asked questions about Azure Media Services v3.

常规General

Azure 门户针对媒体服务 v3 有哪些限制?What are the Azure portal limitations for Media Services v3?

可以使用 Azure 门户执行以下操作:管理 v3 实时事件、查看 v3 资产和作业、获取有关访问 API 的信息以及加密内容。You can use the Azure portal to manage v3 live events, view v3 assets and jobs, get info about accessing APIs, encrypt content.
对于其他所有管理任务(例如,管理转换和作业),请使用 REST APICLI 或某个受支持的 SDKFor all other management tasks (for example, managing transforms and jobs), use the REST API, CLI, or one of the supported SDKs.

如果视频以前是使用媒体服务 v3 API 上传到媒体服务帐户的,或者内容是基于实时输出生成的,则 Azure 门户中不会显示“编码”或“加密”按钮 。If your video was previously uploaded into the Media Services account using Media Services v3 API or the content was generated based on a live output, you will not see the Encode, or Encrypt buttons in the Azure portal. 使用媒体服务 v3 API 来执行这些任务。Use the Media Services v3 APIs to perform these tasks.

Azure 角色可对 Azure 媒体服务资源执行哪些操作?What Azure roles can perform actions on Azure Media Services resources?

请参阅媒体服务帐户的基于角色的访问控制 (RBAC)See Role-based access control (RBAC) for Media Services accounts.

如何流式传输到 Apple iOS 设备?How do I stream to Apple iOS devices?

确保在路径的末尾(在 URL 的“/manifest”部分之后)有“(format=m3u8-aapl)”,目的是告知流式处理源服务器返回 HTTP Live Streaming (HLS) 内容,以便在 Apple iOS 本机设备上使用 。Make sure you have (format=m3u8-aapl) at the end of your path (after the /manifest portion of the URL) to tell the streaming origin server to return HTTP Live Streaming (HLS) content for consumption on Apple iOS native devices. 有关详细信息,请参阅传送内容For details, see Delivering content.

如何配置媒体预留单位?How do I configure Media Reserved Units?

有关详细信息,请参阅调整媒体处理的规模For details, see Scale media processing.

转换可用来配置对视频进行编码的常见任务。Use Transforms to configure common tasks for encoding videos. 每个转换描述了用于处理视频或音频文件的脚本或任务工作流。Each Transform describes a recipe, or a workflow of tasks for processing your video or audio files. 作业是针对媒体服务的实际请求,目的是将转换应用到输入视频或音频内容。A Job is the actual request to Media Services to apply the Transform to an input video or audio content. 创建转换后,可以使用媒体服务 API 或任何已发布的 SDK 来提交作业。After the Transform has been created, you can submit Jobs by using Media Services APIs or any of the published SDKs. 有关详细信息,请参阅转换和作业For more information, see Transforms and Jobs.

我已经上传、编码并发布了视频。I uploaded, encoded, and published a video. 为什么在我尝试对视频进行流式处理时,它不播放?Why won't the video play when I try to stream it?

最常见的原因之一是,你播放时使用的流式处理终结点未处于“正在运行”状态。One of the most common reasons is that you don't have the streaming endpoint from which you're trying to play back in the Running state.

分页是如何工作的?How does pagination work?

使用分页时,应始终使用下一链接来枚举集合,而不依赖特定的页面大小。When you're using pagination, you should always use the next link to enumerate the collection and not depend on a particular page size. 有关详细信息和示例,请参阅筛选、排序、分页For details and examples, see Filtering, ordering, paging.

目前有哪些功能在 Azure 媒体服务 v3 中不可用?What features are not yet available in Azure Media Services v3?

有关详细信息,请参阅与 v2 API 之间的功能差距For details, see Feature gaps with respect to v2 APIs.

如何在订阅之间移动媒体服务帐户?What is the process of moving a Media Services account between subscriptions?

有关详细信息,请参阅在订阅之间移动媒体服务帐户For details, see Moving a Media Services account between subscriptions.

实时传送视频流Live streaming

广播完成后如何停止实时传送流?How do I stop the live stream after the broadcast is done?

你可以从客户端或服务器端来实现。You can approach it from the client side or the server side.

客户端Client side

当用户关闭浏览器时,Web 应用程序应该提示用户是否要结束广播。Your web application should prompt the user if they want to end the broadcast as they're closing the browser. 这是 Web 应用程序可以处理的浏览器事件。This is a browser event that your web application can handle.

服务器端Server side

可通过订阅 Azure 事件网格事件来监视实时事件。You can monitor live events by subscribing to Azure Event Grid events. 有关详细信息,请参阅 EventGrid 事件架构For more information, see the EventGrid event schema.

可以:You can either:

  • 订阅流式传输级别 Microsoft.Media.LiveEventEncoderDisconnected 事件,并监视一段时间内没有重新连接来停止和删除实时事件。Subscribe to the stream-level Microsoft.Media.LiveEventEncoderDisconnected events and monitor that no reconnections come in for a while to stop and delete your live event.
  • 订阅跟踪级别检测信号事件。Subscribe to the track-level heartbeat events. 如果所有跟踪的传入比特率下降到 0,或者最后时间戳不再增大,则可以安全地关闭实时事件。If all tracks have an incoming bitrate dropping to 0 or the last time stamp is no longer increasing, you can safely shut down the live event. 每个跟踪每隔 20 秒出现一次检测信号事件,因此可能有点冗长。The heartbeat events come in at every 20 seconds for every track, so it might be a bit verbose.

如何在实时传送流过程中插入中断/视频和图像盖板?How do I insert breaks/videos and image slates during a live stream?

媒体服务 v3 实时编码尚不支持在实时流过程中插入视频或图像盖板。Media Services v3 live encoding does not yet support inserting video or image slates during live stream.

可以使用实时本地编码器切换源视频。You can use a live on-premises encoder to switch the source video. 许多应用提供切换源(包括 Telestream Wirecast、Switcher Studio(在 iOS 上)和 OBS Studio(免费应用))的功能。Many apps provide to ability to switch sources, including Telestream Wirecast, Switcher Studio (on iOS), and OBS Studio (free app).

内容保护Content protection

应使用 AES-128 明文密钥加密还是 DRM 系统?Should I use AES-128 clear key encryption or a DRM system?

客户通常希望知道他们应该使用 AES 加密还是 DRM 系统。Customers often wonder whether they should use AES encryption or a DRM system. 这两个系统之间的主要差别在于,使用 AES 加密时,内容密钥将通过 TLS 传输到客户端,这样,密钥将经过传输中加密,但不会经过任何进一步的加密(“明文加密”)。The main difference between the two systems is that with AES encryption, the content key is transmitted to the client over TLS so that the key is encrypted in transit but without any additional encryption ("in the clear"). 因此,用于解密内容的密钥可由客户端播放器访问,并且可以在客户端上的网络跟踪中以纯文本形式显示。As a result, the key that's used to decrypt the content is accessible to the client player and can be viewed in a network trace on the client in plain text. AES-128 明文密钥加密适合查看者是受信任方的用例(例如,加密员工观看的在公司内部分发的公司视频)。AES-128 clear key encryption is suitable for use cases where the viewer is a trusted party (for example, encrypting corporate videos distributed within a company to be viewed by employees).

相比 AES-128 明文密钥,DRM 系统(例如 PlayReady 和 FairPlay)可对用于解密内容的密钥提供额外的加密级别。DRM systems like PlayReady, and FairPlay both provide an additional level of encryption on the key that's used to decrypt the content, compared to an AES-128 clear key. 内容密钥将会加密成受 DRM 运行时保护的密钥,此外还会进行 TLS 提供的任何传输级加密。The content key is encrypted to a key protected by the DRM runtime in addition to any transport-level encryption provided by TLS. 此外,解密是在安全的环境中在操作系统级别处理的,在这样的环境中,恶意用户更难进行攻击。Additionally, decryption is handled in a secure environment at the operating system level, where it's more difficult for a malicious user to attack. 在观看者可能不是受信任方且需要更高等级的安全性的用例中,建议使用 DRM。We recommend DRM for use cases where the viewer might not be a trusted party and you need the highest level of security.

如何在不使用 Azure AD 的情况下仅向具有特定权限的用户显示视频?How do I show a video to only users who have a specific permission, without using Azure AD?

无需使用任何特定的令牌提供程序,例如 Azure Active Directory (Azure AD)。You don't have to use any specific token provider such as Azure Active Directory (Azure AD). 可以使用非对称密钥加密创建自己的 JWT 提供程序(所谓的“安全令牌服务”,简称 STS)。You can create your own JWT provider (so-called Secure Token Service, or STS) by using asymmetric key encryption. 在自定义 STS 中,可以根据业务逻辑添加声明。In your custom STS, you can add claims based on your business logic.

确保颁发者、受众和声明在 JWT 中的内容和 ContentKeyPolicy 中使用的 ContentKeyPolicyRestriction 值之间完全匹配。Make sure that the issuer, audience, and claims all match up exactly between what's in JWT and the ContentKeyPolicyRestriction value used in ContentKeyPolicy.

有关详细信息,请参阅使用媒体服务动态加密保护内容For more information, see Protect your content by using Media Services dynamic encryption.

在使用 JWT 令牌请求许可证或密钥之前,如何以及在何处获取 JWT 令牌?How and where did I get a JWT token before using it to request a license or key?

在生产环境中,需要获取安全令牌服务(一个 Web 服务),以便根据 HTTPS 请求颁发 JWT 令牌。For production, you need to have Secure Token Service (that is, a web service), which issues a JWT token upon an HTTPS request. 对于测试,可以使用 Program.cs 定义的 GetTokenAsync 方法中所示的代码。For test, you can use the code shown in the GetTokenAsync method defined in Program.cs.

对用户进行身份验证后,播放器会向 STS 发出请求以获取此类令牌,并将其分配为令牌的值。The player makes a request, after a user is authenticated, to STS for such a token and assigns it as the value of the token. 可以使用 Azure Media Player APIYou can use the Azure Media Player API.

有关使用对称密钥或非对称密钥运行 STS 的示例,请参阅 JWT 工具For an example of running STS with either a symmetric key or an asymmetric key, see the JWT tool. 有关使用此类 JWT 令牌的基于 Azure Media Player 的播放器示例,请参阅 Azure 媒体测试工具For an example of a player based on Azure Media Player using such a JWT token, see the Azure media test tool. (展开“player_settings”链接可查看令牌输入。)(Expand the player_settings link to see the token input.)

如何授权使用 AES 加密流式传输视频的请求?How do I authorize requests to stream videos with AES encryption?

正确的方法是使用安全令牌服务。The correct approach is to use Secure Token Service. 在 STS 中,根据用户配置文件添加不同的声明(例如“高级用户”、“基本用户”、“免费试用版用户”)。In STS, depending on the user profile, add different claims (such as "Premium User," "Basic User," "Free Trial User"). 在 JWT 中添加不同的声明后,用户可以查看不同的内容。With different claims in a JWT, the user can see different contents. 对于不同的内容或资产,ContentKeyPolicyRestriction 会包含相应的 RequiredClaims 值。For different contents or assets, ContentKeyPolicyRestriction will have the corresponding RequiredClaims value.

使用 Azure 媒体服务 API 来配置许可证/传送密钥以及加密资产(如此示例中所示)。Use Azure Media Services APIs for configuring license/key delivery and encrypting your assets (as shown in this sample).

有关详细信息,请参阅:For more information, see:

应该使用 HTTP 还是 HTTPS?Should I use HTTP or HTTPS?

构建的 ASP.NET MVC 播放器应用程序必须支持以下功能:The ASP.NET MVC player application must support the following:

  • 通过 Azure AD 进行用户身份验证(使用 HTTPS)。User authentication through Azure AD, which is under HTTPS.
  • 客户端与 Azure AD 之间的 JWT 交换(使用 HTTPS)。JWT exchange between the client and Azure AD, which is under HTTPS.
  • 客户端的 DRM 许可证获取,如果许可证传送由媒体服务提供(必须使用 HTTPS)。DRM license acquisition by the client, which must be under HTTPS if license delivery is provided by Media Services. PlayReady 产品套件不会针对许可证传送强制要求使用 HTTPS。The PlayReady product suite doesn't mandate HTTPS for license delivery. 如果 PlayReady 许可证服务器位于媒体服务以外的地方,则可以使用 HTTP 或 HTTPS。If your PlayReady license server is outside Media Services, you can use either HTTP or HTTPS.

最佳做法是让 ASP.NET 播放器应用程序使用 HTTPS,使媒体播放器位于使用 HTTPS 的页面上。The ASP.NET player application uses HTTPS as a best practice, so Media Player is on a page under HTTPS. 不过,最好是使用 HTTP 进行流式传输,因此需要考虑这些混合内容问题:However, HTTP is preferred for streaming, so you need to consider these issues with mixed content:

  • 浏览器不允许混合内容。The browser doesn't allow mixed content. 但是 Silverlight 等插件和适用于平滑流与 DASH 的 OSMF 插件允许混合内容。But plug-ins like Silverlight and the OSMF plug-in for Smooth and DASH do allow it. 混合内容是一个安全隐患,因为存在插入恶意 JavaScript 的威胁,使客户数据处于风险之中。Mixed content is a security concern because of the threat of the ability to inject malicious JavaScript, which can put customer data at risk. 默认情况下,浏览器会阻止此类内容。Browsers block this capability by default. 唯一的解决方法是在服务器(来源)端允许所有域(不管是 HTTPS 还是 HTTP)。The only way to work around it is on the server (origin) side by allowing all domains (regardless of HTTPS or HTTP). 这可能也不是个好主意。This is probably not a good idea either.
  • 避免混合内容。Avoid mixed content. 播放器应用程序和媒体播放器应使用 HTTP 或 HTTPS。Both the player application and Media Player should use HTTP or HTTPS. 播放混合内容时,SilverlightSS 技术需要清除混合内容警告。When you're playing mixed content, the SilverlightSS tech requires clearing a mixed-content warning. FlashSS 技术在没有混合内容警告的情况下处理混合内容。The FlashSS tech handles mixed content without a mixed-content warning.
  • 如果流式处理终结点是在 2014 年 8 月之前创建的,则它不支持 HTTPS。If your streaming endpoint was created before August 2014, it won't support HTTPS. 在此情况下,请针对 HTTPS 创建并使用新的流式处理终结点。In this case, create and use a new streaming endpoint for HTTPS.

如何使用实时流?What about live streaming?

可以使用完全相同的设计和实现来帮助保护媒体服务中的实时传送视频流,方法是将与节目关联的资产视为 VOD 资产。You can use exactly the same design and implementation to help protect live streaming in Media Services by treating the asset associated with a program as a VOD asset. 若要为实时内容提供多重 DRM 保护,请在将资产关联到实时输出之前,将相同的设置/处理应用到资产,就如同它是 VOD 资产一样。To provide a multi-DRM protection of the live content, apply the same setup/processing to the asset as if it were a VOD asset before you associate the asset with the live output.

如何使用媒体服务外部的许可证服务器?What about license servers outside Media Services?

通常,客户可能已在自己的数据中心或由 DRM 服务提供商托管的位置投资了许可证服务器场。Often, customers have invested in a license server farm either in their own datacenter or in one hosted by DRM service providers. 使用媒体服务内容保护,可以在混合模式下操作。With Media Services content protection, you can operate in hybrid mode. 可以在媒体服务中托管和动态保护内容,而 DRM 许可证由 Azure 媒体服务外部的服务器传送。Content can be hosted and dynamically protected in Media Services, while DRM licenses are delivered by servers outside Media Services. 在此情况下,请注意以下变更:In this case, consider the following changes:

  • STS 需要颁发被许可证服务器场认可和验证的令牌。STS needs to issue tokens that are acceptable and can be verified by the license server farm.
  • 不再需要在媒体服务中配置许可证传送服务。You no longer need to configure license delivery service in Media Services. 配置 ContentKeyPolicy 时,需要提供许可证获取 URL(针对 PlayReady 和 FairPlay)。You need to provide the license acquisition URLs (for PlayReady, and FairPlay) when you configure ContentKeyPolicy.

媒体服务 v2 与 v3Media Services v2 vs. v3

能否使用 Azure 门户来管理 v3 资源?Can I use the Azure portal to manage v3 resources?

目前,可以使用 Azure 门户执行以下操作:Currently, you can use the Azure portal to:

对于其他所有管理任务(例如,转换和作业内容保护),请使用 REST APIAzure CLI 或某个受支持的 SDKFor all other management tasks (for example, Transforms and Jobs and content protection), use the REST API, the Azure CLI, or one of the supported SDKs.

v3 中是否有 AssetFile 概念?Is there an AssetFile concept in v3?

已从媒体服务 API 中删除了 AssetFile 概念,以便将媒体服务与存储 SDK 依赖项分开。The AssetFile concept was removed from the Media Services API to separate Media Services from Storage SDK dependency. 现在由 Azure 存储而非媒体服务来保存属于存储 SDK 的信息。Now Azure Storage, not Media Services, keeps the information that belongs in the Storage SDK.

有关详细信息,请参阅迁移到媒体服务 v3For more information, see Migrate to Media Services v3.

客户端存储加密在哪里进行?Where did client-side storage encryption go?

现在建议使用服务器端存储加密(在默认情况下为打开状态)。We now recommend that you use server-side storage encryption (which is on by default). 有关详细信息,请参阅静态数据的 Azure 存储服务加密For more information, see Azure Storage Service Encryption for data at rest.

脱机流式处理Offline streaming

适用于 iOS 的 FairPlay 流式处理FairPlay Streaming for iOS

以下常见问题解答可帮助你排查适用于 iOS 的脱机 FairPlay 流式处理的问题。The following frequently asked questions provide assistance with troubleshooting offline FairPlay streaming for iOS.

为什么在脱机模式期间只播放音频而不播放视频?Why does only audio play but not video during offline mode?

此行为似乎是示例应用专门设计的。This behavior seems to be by design of the sample app. 存在备用音频曲目时(这适用于 HLS),在脱机模式期间,iOS 10 和 iOS 11 都默认播放备用音频曲目。为了补偿 FPS 脱机模式的此行为,需要从流删除备用音频曲目。When an alternate audio track is present (which is the case for HLS) during offline mode, both iOS 10 and iOS 11 default to the alternate audio track. To compensate this behavior for FPS offline mode, remove the alternate audio track from the stream. 若要在媒体服务中完成此操作,请添加动态清单筛选器 audio-only=false。To do this on Media Services, add the dynamic manifest filter audio-only=false. 换言之,HLS URL 将以 .ism/manifest(format=m3u8-aapl,audio-only=false) 结尾。In other words, an HLS URL ends with .ism/manifest(format=m3u8-aapl,audio-only=false).

为什么添加 audio-only=false 之后,在脱机模式期间仍只播放音频而不播放视频?Why does it still play audio only without video during offline mode after I add audio-only=false?

根据内容分发网络的缓存键设计,可能会缓存该内容。Depending on the cache key design for the content delivery network, the content might be cached. 请清除缓存。Purge the cache.

除 iOS 10 之外,iOS 11 是否也支持 FPS 脱机模式?Is FPS offline mode supported on iOS 11 in addition to iOS 10?

是的。Yes. iOS 10 和 iOS 11 支持 FPS 脱机模式。FPS offline mode is supported for iOS 10 and iOS 11.

为什么在 FPS Server SDK 中,无法使用 FairPlay Streaming 和 HTTP Live Streaming 找到文档“脱机播放”?Why can't I find the document "Offline Playback with FairPlay Streaming and HTTP Live Streaming" in the FPS Server SDK?

从 FPS Server SDK 版本 4 开始,此文档已合并到“FairPlay Streaming 编程指南”。Since FPS Server SDK version 4, this document was merged into the "FairPlay Streaming Programming Guide."

iOS 设备上的已下载/脱机文件结构是什么?What is the downloaded/offline file structure on iOS devices?

iOS 设备上的已下载文件结构如下屏幕截图所示。The downloaded file structure on an iOS device looks like the following screenshot. _keys 文件夹存储已下载的 FPS 许可证,每个许可证服务主机一个存储文件。The _keys folder stores downloaded FPS licenses, with one store file for each license service host. .movpkg 文件夹存储音频和视频内容。The .movpkg folder stores audio and video content.

第一个文件夹(文件名以破折号加数字结尾)包含视频内容。The first folder with a name that ends with a dash followed by a number contains video content. 数值是峰值带宽视频呈现形式。The numeric value is the peak bandwidth of the video renditions. 第二个文件夹(文件名以破折号加 0 结尾)包含音频内容。The second folder with a name that ends with a dash followed by 0 contains audio content. 第三个文件夹(文件名为 Data)包含 FPS 内容的主播放列表。The third folder named Data contains the master playlist of the FPS content. 最后,boot.xml 提供 .movpkg 文件夹内容的完整说明。Finally, boot.xml provides a complete description of the .movpkg folder content.

FairPlay iOS 示例应用的脱机文件结构

下面是一个示例 boot.xml 文件:Here's a sample boot.xml file:

<?xml version="1.0" encoding="UTF-8"?>
<HLSMoviePackage xmlns:xsi="https://www.w3.org/2001/XMLSchema-instance" xmlns="http://apple.com/IMG/Schemas/HLSMoviePackage" xsi:schemaLocation="http://apple.com/IMG/Schemas/HLSMoviePackage/System/Library/Schemas/HLSMoviePackage.xsd">
  <Version>1.0</Version>
  <HLSMoviePackageType>PersistedStore</HLSMoviePackageType>
  <Streams>
    <Stream ID="1-4DTFY3A3VDRCNZ53YZ3RJ2NPG2AJHNBD-0" Path="1-4DTFY3A3VDRCNZ53YZ3RJ2NPG2AJHNBD-0" NetworkURL="https://willzhanmswest.streaming.mediaservices.windows.net/e7c76dbb-8e38-44b3-be8c-5c78890c4bb4/MicrosoftElite01.ism/QualityLevels(127000)/Manifest(aac_eng_2_127,format=m3u8-aapl)">
      <Complete>YES</Complete>
    </Stream>
    <Stream ID="0-HC6H5GWC5IU62P4VHE7NWNGO2SZGPKUJ-310656" Path="0-HC6H5GWC5IU62P4VHE7NWNGO2SZGPKUJ-310656" NetworkURL="https://willzhanmswest.streaming.mediaservices.windows.net/e7c76dbb-8e38-44b3-be8c-5c78890c4bb4/MicrosoftElite01.ism/QualityLevels(161000)/Manifest(video,format=m3u8-aapl)">
      <Complete>YES</Complete>
    </Stream>
  </Streams>
  <MasterPlaylist>
    <NetworkURL>https://willzhanmswest.streaming.mediaservices.windows.net/e7c76dbb-8e38-44b3-be8c-5c78890c4bb4/MicrosoftElite01.ism/manifest(format=m3u8-aapl,audio-only=false)</NetworkURL>
  </MasterPlaylist>
  <DataItems Directory="Data">
    <DataItem>
      <ID>CB50F631-8227-477A-BCEC-365BBF12BCC0</ID>
      <Category>Playlist</Category>
      <Name>master.m3u8</Name>
      <DataPath>Playlist-master.m3u8-CB50F631-8227-477A-BCEC-365BBF12BCC0.data</DataPath>
      <Role>Master</Role>
    </DataItem>
  </DataItems>
</HLSMoviePackage>

后续步骤Next steps

媒体服务 v3 概述Media Services v3 overview