DRM 子系统的混合设计Hybrid design of DRM subsystems

媒体服务徽标media services logo


Google Widevine 内容保护服务目前在 Azure 中国区域不可用。Google Widevine content protection services are currently unavailable in the Azure China regions.

本主题介绍如何使用 Azure 媒体服务进行 DRM 子系统的混合设计。This topic discusses hybrid design of DRM subsystem(s) using Azure Media Services.


Azure 媒体服务针对以下两个 DRM 系统提供支持:Azure Media Services provides support for the following two DRM system:

  • PlayReadyPlayReady
  • FairPlayFairPlay

DRM 支持包括 DRM 加密(动态加密)和许可证传送,其中的 Azure Media Player 支持使用所有 2 个 DRM 作为浏览器播放器 SDK。The DRM support includes DRM encryption (dynamic encryption) and license delivery, with Azure Media Player supporting all 2 DRMs as a browser player SDK.

有关 DRM/CENC 子系统设计和实现的详细处理方法,请参阅标题为使用多重 DRM 的 CENC 和访问控制的文档。For a detailed treatment of DRM/CENC subsystem design and implementation, please see the document titled CENC with Multi-DRM and Access Control.

尽管我们针对两个 DRM 系统提供完整支持,但客户有时除了使用 Azure 媒体服务以外,还需要使用其自己的基础结构/子系统的各个部件来构建混合 DRM 子系统。Although we offer complete support for two DRM systems, sometimes customers need to use various parts of their own infrastructure/subsystems in addition to Azure Media Services to build a hybrid DRM subsystem.

下面是客户提出的一些常见问题:Below are some common questions asked by customers:

  • “可以使用我自己的 DRM 许可证服务器?”"Can I use my own DRM license servers?" (对于这种情况,客户已经投资购买了具有嵌入式业务逻辑的 DRM 许可证服务器场)。(In this case, customers have invested in DRM license server farm with embedded business logic).
  • “是否可以做到在 Azure 媒体服务中只使用你们的 DRM 许可证传送功能,而无需在 AMS 中托管内容?”"Can I use only your DRM license delivery in Azure Media Services without hosting content in AMS?"

AMS DRM 平台的模块性Modularity of the AMS DRM platform

作为综合性云视频平台的一部分,Azure 媒体服务 DRM 在设计上考虑到了灵活性和模块性。As part of a comprehensive cloud video platform, Azure Media Services DRM has a design with flexibility and modularity in mind. 可以针对下表中所述的任意不同组合使用 Azure 媒体服务(后面提供了表中使用的简写的说明)。You can use Azure Media Services with any of the following different combinations described in the table below (an explanation of the notation used in the table follows).

内容托管和来源Content hosting & origin 内容加密Content encryption DRM 许可证传送DRM license delivery
AMSAMS AMSAMS 第三方Third-party
AMSAMS 第三方Third-party AMSAMS
AMSAMS 第三方Third-party 第三方Third-party
第三方Third-party 第三方Third-party AMSAMS

内容托管和来源Content hosting & origin

  • AMS:视频资产托管在 AMS 中,通过 AMS 流式处理终结点(但不一定是动态打包)进行流式处理。AMS: video asset is hosted in AMS and streaming is through AMS streaming endpoints (but not necessarily dynamic packaging).
  • 第三方:视频通过 AMS 外部的第三方流式处理平台托管和传送。Third-party: video is hosted and delivered on a third-party streaming platform outside of AMS.

内容加密Content encryption

  • AMS:内容加密由 AMS 动态加密功能动态/按需执行。AMS: content encryption is performed dynamically/on-demand by AMS dynamic encryption.
  • 第三方:使用预处理工作流在 AMS 外部执行内容加密。Third-party: content encryption is performed outside of AMS using a pre-processing workflow.

DRM 许可证传送DRM license delivery

  • AMS:DRM 许可证由 AMS 许可证传送服务传送。AMS: DRM license is delivered by AMS license delivery service.
  • 第三方:DRM 许可证由 AMS 外部的第三方 DRM 许可证服务器传送。Third-party: DRM license is delivered by a third-party DRM license server outside of AMS.

根据混合方案进行配置Configure based on your hybrid scenario

内容密钥Content key

通过配置内容密钥,可以控制 AMS 动态加密和 AMS 许可证传送服务的以下属性:Through configuration of a content key, you can control the following attributes of both AMS dynamic encryption and AMS license delivery service:

  • 用于 DRM 动态加密的内容密钥。The content key used for dynamic DRM encryption.
  • 许可证传送服务要传送的 DRM 许可证内容:版权、内容密钥和限制。DRM license content to be delivered by license delivery services: rights, content key and restrictions.
  • 内容密钥授权策略限制的类型:开放、IP 或令牌限制。Type of content key authorization policy restriction: open, IP, or token restriction.
  • 如果使用令牌类型的内容密钥授权策略限制,则在颁发许可证之前,必须符合内容密钥授权策略限制If token type of content key authorization policy restriction is used, the content key authorization policy restriction must be met before a license is issued.

资产传送策略Asset delivery policy

通过配置资产传送策略,可以控制 AMS 流式处理终结点的 AMS 动态打包程序和动态加密使用的以下属性:Through configuration of an asset delivery policy, you can control the following attributes used by AMS dynamic packager and dynamic encryption of an AMS streaming endpoint:

  • 流式处理协议和 DRM 加密的组合,例如 CENC 下的 DASH (PlayReady)、PlayReady 下的平滑流式处理、PlayReady 下的 HLS。Streaming protocol and DRM encryption combination, such as DASH under CENC (PlayReady), smooth streaming under PlayReady, HLS under PlayReady.
  • 每个相关 DRM 的默认/嵌入式许可证传送 URL。The default/embedded license delivery URLs for each of the involved DRMs.
  • DASH MPD 或 HLS 播放列表中的许可证获取 URL (LA_URL) 是否包含 FairPlay 的密钥 ID (KID) 查询字符串。Whether license acquisition URLs (LA_URLs) in DASH MPD or HLS playlist contain query string of key ID (KID) for FairPlay.

方案和示例Scenarios and samples

以下五个混合方案根据前一部分中的说明,使用相应的内容密钥-资产传送策略配置组合(表格后面提供了最后一列中所述的示例):Based on the explanations in the previous section, the following five hybrid scenarios use respective Content key-Asset delivery policy configuration combinations (the samples mentioned in the last column follow the table):

内容托管和来源Content hosting & origin DRM 加密DRM encryption DRM 许可证传送DRM license delivery 配置内容密钥Configure content key 配置资产传送策略Configure asset delivery policy 示例Sample
AMSAMS AMSAMS 第三方Third-party Yes Yes 示例 2Sample 2
AMSAMS 第三方Third-party AMSAMS Yes No 示例 3Sample 3
AMSAMS 第三方Third-party 外部Outside No No 示例 4Sample 4
第三方Third-party 第三方Third-party AMSAMS Yes No

在示例中,PlayReady 保护适用于 DASH 和平滑流式处理。In the samples, PlayReady protection works for both DASH and smooth streaming. 以下视频 URL 是平滑流式处理 URL。The video URLs below are smooth streaming URLs. 若要获取相应的 DASH URL,只需追加“(format=mpd-time-csf)”。To get the corresponding DASH URLs, just append "(format=mpd-time-csf)". 可以使用 azure media test player 在浏览器中进行测试。You could use the azure media test player to test in a browser. 这样就可以配置要在哪种技术下使用哪个流式处理协议。It allows you to configure which streaming protocol to use, under which tech. Windows 10 上的 IE11 和 Microsoft Edge 支持通过 EME 使用 PlayReady。IE11 and Microsoft Edge on Windows 10 support PlayReady through EME. 有关详细信息,请参阅有关测试工具的详细信息For more information, see details about the test tool.

示例 1Sample 1

  • 源(基)URL:https://willzhanmswest.streaming.mediaservices.windows.net/1efbd6bb-1e66-4e53-88c3-f7e5657a9bbd/RussianWaltz.ism/manifestSource (base) URL: https://willzhanmswest.streaming.mediaservices.windows.net/1efbd6bb-1e66-4e53-88c3-f7e5657a9bbd/RussianWaltz.ism/manifest
  • PlayReady LA_URL(DASH 和平滑流式处理):https://willzhanmswest.keydelivery.mediaservices.windows.net/PlayReady/PlayReady LA_URL (DASH & smooth): https://willzhanmswest.keydelivery.mediaservices.windows.net/PlayReady/
  • FairPlay LA_URL (HLS):https://willzhanmswest.keydelivery.mediaservices.windows.net/FairPlay/?kid=ba7e8fb0-ee22-4291-9654-6222ac611bd8FairPlay LA_URL (HLS): https://willzhanmswest.keydelivery.mediaservices.windows.net/FairPlay/?kid=ba7e8fb0-ee22-4291-9654-6222ac611bd8

示例 2Sample 2

示例 3Sample 3

示例 4Sample 4


总而言之,Azure 媒体服务 DRM 组件非常灵活,只需根据本主题中所述适当配置内容密钥和资产传送策略,即可在混合方案中使用这些组件。In summary, Azure Media Services DRM components are flexible, you can use them in a hybrid scenario by properly configuring content key and asset delivery policy, as described in this topic.

后续步骤Next steps

查看媒体服务学习路径。View Media Services learning paths.

媒体服务 v3(最新版本)Media Services v3 (latest)

查看最新版本的 Azure 媒体服务!Check out the latest version of Azure Media Services!

媒体服务 v2(旧版)Media Services v2 (legacy)