配置资产传送策略Configuring asset delivery policies

备注

Google Widevine 内容保护服务目前在 Azure 中国区域不可用。Google Widevine content protection services are currently unavailable in the Azure China regions.

如果打算传送动态加密的资产,媒体服务内容传送工作流中的步骤之一是为资产配置传送策略。If you plan to deliver dynamically encrypted assets, one of the steps in the Media Services content delivery workflow is configuring delivery policies for assets. 资产传送策略告知媒体服务希望如何传送资产:应该将资产动态打包成哪种流式处理协议(例如 MPEG DASH、HLS、平滑流或全部),是否要动态加密资产以及如何加密(信封或常用加密)。The asset delivery policy tells Media Services how you want for your asset to be delivered: into which streaming protocol should your asset be dynamically packaged (for example, MPEG DASH, HLS, Smooth Streaming, or all), whether or not you want to dynamically encrypt your asset and how (envelope or common encryption).

本主题介绍为何以及如何创建和配置资产传送策略。This topic discusses why and how to create and configure asset delivery policies.

备注

创建 AMS 帐户后,会将一个处于“已停止”状态的默认流式处理终结点添加到帐户。 When your AMS account is created a default streaming endpoint is added to your account in the Stopped state. 若要开始流式传输内容并利用动态打包和动态加密,要从中流式传输内容的流式处理终结点必须处于“正在运行”状态。 To start streaming your content and take advantage of dynamic packaging and dynamic encryption, the streaming endpoint from which you want to stream content has to be in the Running state.

此外,要使用动态打包和动态加密,资产必须包含一组自适应比特率 MP4 或自适应比特率平滑流式处理文件。Also, to be able to use dynamic packaging and dynamic encryption your asset must contain a set of adaptive bitrate MP4s or adaptive bitrate Smooth Streaming files.

可以将不同的策略应用到同一个资产。You could apply different policies to the same asset. 例如,可以将 PlayReady 加密应用到平滑流,将 AES 信封应用到 MPEG DASH 和 HLS。For example, you could apply PlayReady encryption to Smooth Streaming and AES Envelope encryption to MPEG DASH and HLS. 将阻止流式处理传送策略中未定义的任何协议(例如,添加仅将 HLS 指定为协议的单个策略)。Any protocols that are not defined in a delivery policy (for example, you add a single policy that only specifies HLS as the protocol) will be blocked from streaming. 如果根本没有定义任何传送策略,则情况不是这样。The exception to this is if you have no asset delivery policy defined at all. 此时,将允许所有明文形式的协议。Then, all protocols will be allowed in the clear.

如果要传送存储加密资产,则必须配置资产的传送策略。If you want to deliver a storage encrypted asset, you must configure the asset’s delivery policy. 在流式传输资产之前,流式处理服务器会删除存储加密,然后再使用指定的传送策略流式传输内容。Before your asset can be streamed, the streaming server removes the storage encryption and streams your content using the specified delivery policy. 例如,要传送使用高级加密标准 (AES) 信封加密密钥加密的资产,请将策略类型设为 DynamicEnvelopeEncryptionFor example, to deliver your asset encrypted with Advanced Encryption Standard (AES) envelope encryption key, set the policy type to DynamicEnvelopeEncryption. 要删除存储加密并以明文的形式流式传输资产,请将策略类型设为 NoDynamicEncryptionTo remove storage encryption and stream the asset in the clear, set the policy type to NoDynamicEncryption. 下面是演示如何配置这些策略类型的示例。Examples that show how to configure these policy types follow.

根据配置资产传送策略的方式,可以动态打包、动态加密和流式传输以下流式传输协议:平滑流式处理、HLS、MPEG DASH 流。Depending on how you configure the asset delivery policy you would be able to dynamically package, dynamically encrypt, and stream the following streaming protocols: Smooth Streaming, HLS, MPEG DASH streams.

以下列表显示了用于流式传输平滑流、HLS、DASH 的格式。The following list shows the formats that you use to stream Smooth, HLS, DASH.

平滑流:Smooth Streaming:

{流式处理终结点名称-媒体服务帐户名称}.streaming.mediaservices.chinacloudapi.cn/{定位符 ID}/{文件名}.ism/Manifest{streaming endpoint name-media services account name}.streaming.mediaservices.chinacloudapi.cn/{locator ID}/{filename}.ism/Manifest

HLS:HLS:

{流式处理终结点名称-媒体服务帐户名称}.streaming.mediaservices.chinacloudapi.cn/{定位符 ID}/{文件名}.ism/Manifest(format=m3u8-aapl){streaming endpoint name-media services account name}.streaming.mediaservices.chinacloudapi.cn/{locator ID}/{filename}.ism/Manifest(format=m3u8-aapl)

MPEG DASHMPEG DASH

{流式处理终结点名称-媒体服务帐户名称}.streaming.mediaservices.chinacloudapi.cn/{定位符 ID}/{文件名}.ism/Manifest(format=mpd-time-csf){streaming endpoint name-media services account name}.streaming.mediaservices.chinacloudapi.cn/{locator ID}/{filename}.ism/Manifest(format=mpd-time-csf)

有关如何发布资产和生成流 URL 的说明,请参阅 生成流 URLFor instructions on how to publish an asset and build a streaming URL, see Build a streaming URL.

注意事项Considerations

  • 如果某个资产存在 OnDemand(流式处理)定位符,则不能与该资产关联的 AssetDeliveryPolicy。You cannot delete an AssetDeliveryPolicy associated with an asset while an OnDemand (streaming) locator exists for that asset. 在删除策略之前,建议先从资产中删除该策略。The recommendation is to remove the policy from the asset before deleting the policy.
  • 如果未设置资产传送策略,则无法在存储加密的资产上创建流式处理定位符。A streaming locator cannot be created on a storage encrypted asset when no asset delivery policy is set. 如果资产未经过存储加密,则即使未设置资产传送策略,系统也可让你顺利地创建定位符和流式处理资产。If the Asset isn’t storage encrypted, the system will let you create a locator and stream the asset in the clear without an asset delivery policy.
  • 可将多个资产传送策略关联到单个资产,但只能指定一种方法来处理给定的 AssetDeliveryProtocol。You can have multiple asset delivery policies associated with a single asset but you can only specify one way to handle a given AssetDeliveryProtocol. 也就是说,如果尝试链接两个指定 AssetDeliveryProtocol.SmoothStreaming 协议的传送策略,则会导致出错,因为当客户端发出平滑流请求时,系统不知道要应用哪个策略。Meaning if you try to link two delivery policies that specify the AssetDeliveryProtocol.SmoothStreaming protocol that will result in an error because the system does not know which one you want it to apply when a client makes a Smooth Streaming request.
  • 如果资产包含现有的流式处理定位符,则不能将新策略链接到该资产、取消现有策略与资产的链接,或者更新与该资产关联的传送策略。If you have an asset with an existing streaming locator, you cannot link a new policy to the asset, unlink an existing policy from the asset, or update a delivery policy associated with the asset. 必须先删除流式传输定位符,再调整策略,然后重新创建流式传输定位符。You first have to remove the streaming locator, adjust the policies, and then re-create the streaming locator. 重新创建流式处理定位符时,可以使用同一个 locatorId,但应确保该操作不会导致客户端出现问题,因为内容可能已被源缓存。You can use the same locatorId when you recreate the streaming locator but you should ensure that won't cause issues for clients since content can be cached by the origin.

备注

访问媒体服务中的实体时,必须在 HTTP 请求中设置特定标头字段和值。When accessing entities in Media Services, you must set specific header fields and values in your HTTP requests. 有关详细信息,请参阅媒体服务 REST API 开发的设置For more information, see Setup for Media Services REST API Development.

连接到媒体服务Connect to Media Services

若要了解如何连接到 AMS API,请参阅通过 Azure AD 身份验证访问 Azure 媒体服务 APIFor information on how to connect to the AMS API, see Access the Azure Media Services API with Azure AD authentication.

清除资产传送策略Clear asset delivery policy

创建资产传送策略Create asset delivery policy

以下 HTTP 请求将创建一个资产传送策略,该策略指定不要应用动态加密,而使用以下任何协议传送流:MPEG DASH、HLS 和平滑流式处理协议。The following HTTP request creates an asset delivery policy that specifies to not apply dynamic encryption and to deliver the stream in any of the following protocols: MPEG DASH, HLS, and Smooth Streaming protocols.

有关创建 AssetDeliveryPolicy 时可以指定哪些值的信息,请参阅定义 AssetDeliveryPolicy 时使用的类型部分。For information on what values you can specify when creating an AssetDeliveryPolicy, see the Types used when defining AssetDeliveryPolicy section.

请求:Request:

POST https://media.chinacloudapi.cn/api/AssetDeliveryPolicies HTTP/1.1
Content-Type: application/json
DataServiceVersion: 1.0;NetFx
MaxDataServiceVersion: 3.0;NetFx
Accept: application/json
Accept-Charset: UTF-8
Authorization: Bearer <ENCODED JWT TOKEN> 
x-ms-version: 2.19
x-ms-client-request-id: 4651882c-d7ad-4d5e-86ab-f07f47dcb41e
Host: media.chinacloudapi.cn

{"Name":"Clear Policy",
"AssetDeliveryProtocol":7,
"AssetDeliveryPolicyType":2,
"AssetDeliveryConfiguration":null}

响应:Response:

HTTP/1.1 201 Created
Cache-Control: no-cache
Content-Length: 363
Content-Type: application/json;odata=minimalmetadata;streaming=true;charset=utf-8
Location: https://media.chinacloudapi.cn/api/AssetDeliveryPolicies('nb%3Aadpid%3AUUID%3A92b0f6ba-3c9f-49b6-a5fa-2a8703b04ecd')
Server: Microsoft-IIS/8.5
x-ms-client-request-id: 4651882c-d7ad-4d5e-86ab-f07f47dcb41e
request-id: 6aedbf93-4bc2-4586-8845-fd45590136af
x-ms-request-id: 6aedbf93-4bc2-4586-8845-fd45590136af
X-Content-Type-Options: nosniff
DataServiceVersion: 3.0;
X-Powered-By: ASP.NET
Strict-Transport-Security: max-age=31536000; includeSubDomains
Date: Sun, 08 Feb 2015 06:21:27 GMT

{"odata.metadata":"https://media.chinacloudapi.cn/api/$metadata#AssetDeliveryPolicies/@Element",
"Id":"nb:adpid:UUID:92b0f6ba-3c9f-49b6-a5fa-2a8703b04ecd",
"Name":"Clear Policy",
"AssetDeliveryProtocol":7,
"AssetDeliveryPolicyType":2,
"AssetDeliveryConfiguration":null,
"Created":"2015-02-08T06:21:27.6908329Z",
"LastModified":"2015-02-08T06:21:27.6908329Z"}

以下 HTTP 请求将指定的资产链接到资产传送策略。The following HTTP request links the specified asset to the asset delivery policy to.

请求:Request:

POST https://media.chinacloudapi.cn/api/Assets('nb%3Acid%3AUUID%3A86933344-9539-4d0c-be7d-f842458693e0')/$links/DeliveryPolicies HTTP/1.1
DataServiceVersion: 1.0;NetFx
MaxDataServiceVersion: 3.0;NetFx
Accept: application/json
Accept-Charset: UTF-8
Content-Type: application/json
Authorization: Bearer <ENCODED JWT TOKEN> 
x-ms-version: 2.19
x-ms-client-request-id: 56d2763f-6e72-419d-ba3c-685f6db97e81
Host: media.chinacloudapi.cn

{"uri":"https://media.chinacloudapi.cn/api/AssetDeliveryPolicies('nb%3Aadpid%3AUUID%3A92b0f6ba-3c9f-49b6-a5fa-2a8703b04ecd')"}

响应:Response:

HTTP/1.1 204 No Content

DynamicEnvelopeEncryption 资产传送策略DynamicEnvelopeEncryption asset delivery policy

在指定 DynamicEnvelopeEncryption 传送策略时,需要确保将资产链接到 EnvelopeEncryption 类型的内容密钥。When specifying DynamicEnvelopeEncryption delivery policy, you need to make sure to link your asset to a content key of the EnvelopeEncryption type. 有关详细信息,请参阅:创建内容密钥)。For more information, see: Creating a content key).

获取传送 URLGet delivery URL

获取上一步创建的内容密钥的指定传送方法的传送 URL。Get the delivery URL for the specified delivery method of the content key created in the previous step. 客户端使用返回的 URL 来请求 AES 密钥或 PlayReady 许可证,以播放受保护内容。A client uses the returned URL to request an AES key or a PlayReady license in order to playback the protected content.

指定要在 HTTP 请求正文中获取的 URL 类型。Specify the type of the URL to get in the body of the HTTP request. 如果要使用 PlayReady 保护内容,请通过用 1 表示 keyDeliveryType 来请求媒体服务 PlayReady 许可证:{"keyDeliveryType":1}。If you are protecting your content with PlayReady, request a Media Services PlayReady license acquisition URL, using 1 for the keyDeliveryType: {"keyDeliveryType":1}. 如果要使用信封加密来保护内容,请为 keyDeliveryType 指定 2,以请求密钥获取 URL:{"keyDeliveryType":2}。If you are protecting your content with the envelope encryption, request a key acquisition URL by specifying 2 for keyDeliveryType: {"keyDeliveryType":2}.

请求:Request:

POST https://media.chinacloudapi.cn/api/ContentKeys('nb:kid:UUID:dc88f996-2859-4cf7-a279-c52a9d6b2f04')/GetKeyDeliveryUrl HTTP/1.1
Content-Type: application/json
MaxDataServiceVersion: 3.0;NetFx
Accept: application/json
Accept-Charset: UTF-8
Authorization: Bearer <ENCODED JWT TOKEN> 
x-ms-version: 2.19
x-ms-client-request-id: 569d4b7c-a446-4edc-b77c-9fb686083dd8
Host: media.chinacloudapi.cn
Content-Length: 21

{"keyDeliveryType":2}

响应:Response:

HTTP/1.1 200 OK
Cache-Control: no-cache
Content-Length: 198
Content-Type: application/json;odata=minimalmetadata;streaming=true;charset=utf-8
Server: Microsoft-IIS/8.5
x-ms-client-request-id: 569d4b7c-a446-4edc-b77c-9fb686083dd8
request-id: d26f65d2-fe65-4136-8fcf-31545be68377
x-ms-request-id: d26f65d2-fe65-4136-8fcf-31545be68377
X-Content-Type-Options: nosniff
DataServiceVersion: 3.0;
Strict-Transport-Security: max-age=31536000; includeSubDomains
Date: Sun, 08 Feb 2015 21:42:30 GMT

{"odata.metadata":"media.chinacloudapi.cn/api/$metadata#Edm.String","value":"https://amsaccount1.keydelivery.mediaservices.chinacloudapi.cn/?KID=dc88f996-2859-4cf7-a279-c52a9d6b2f04"}

创建资产传送策略Create asset delivery policy

以下 HTTP 请求将创建 AssetDeliveryPolicy,该策略配置为将动态信封加密 (DynamicEnvelopeEncryption) 应用到 HLS 协议(在本示例中,已阻止流式处理其他协议)。The following HTTP request creates the AssetDeliveryPolicy that is configured to apply dynamic envelope encryption (DynamicEnvelopeEncryption) to the HLS protocol (in this example, other protocols will be blocked from streaming).

有关创建 AssetDeliveryPolicy 时可以指定哪些值的信息,请参阅定义 AssetDeliveryPolicy 时使用的类型部分。For information on what values you can specify when creating an AssetDeliveryPolicy, see the Types used when defining AssetDeliveryPolicy section.

请求:Request:

POST https://media.chinacloudapi.cn/api/AssetDeliveryPolicies HTTP/1.1
Content-Type: application/json
DataServiceVersion: 1.0;NetFx
MaxDataServiceVersion: 3.0;NetFx
Accept: application/json
Accept-Charset: UTF-8
User-Agent: Microsoft ADO.NET Data Services
Authorization: Bearer <ENCODED JWT TOKEN> 
x-ms-version: 2.19
x-ms-client-request-id: fff319f6-71dd-4f6c-af27-b675c0066fa7
Host: media.chinacloudapi.cn

{"Name":"AssetDeliveryPolicy","AssetDeliveryProtocol":4,"AssetDeliveryPolicyType":3,"AssetDeliveryConfiguration":"[{\"Key\":2,\"Value\":\"https:\\/\\/amsaccount1.keydelivery.mediaservices.chinacloudapi.cn\\/\"}]"}

响应:Response:

HTTP/1.1 201 Created
Cache-Control: no-cache
Content-Length: 460
Content-Type: application/json;odata=minimalmetadata;streaming=true;charset=utf-8
Location: media.chinacloudapi.cn/api/AssetDeliveryPolicies('nb%3Aadpid%3AUUID%3Aec9b994e-672c-4a5b-8490-a464eeb7964b')
Server: Microsoft-IIS/8.5
x-ms-client-request-id: fff319f6-71dd-4f6c-af27-b675c0066fa7
request-id: c2a1ac0e-9644-474f-b38f-b9541c3a7c5f
x-ms-request-id: c2a1ac0e-9644-474f-b38f-b9541c3a7c5f
X-Content-Type-Options: nosniff
DataServiceVersion: 3.0;
Strict-Transport-Security: max-age=31536000; includeSubDomains
Date: Mon, 09 Feb 2015 05:24:38 GMT

{"odata.metadata":"media.chinacloudapi.cn/api/$metadata#AssetDeliveryPolicies/@Element","Id":"nb:adpid:UUID:ec9b994e-672c-4a5b-8490-a464eeb7964b","Name":"AssetDeliveryPolicy","AssetDeliveryProtocol":4,"AssetDeliveryPolicyType":3,"AssetDeliveryConfiguration":"[{\"Key\":2,\"Value\":\"https:\\/\\/amsaccount1.keydelivery.mediaservices.chinacloudapi.cn\\/\"}]","Created":"2015-02-09T05:24:38.9167436Z","LastModified":"2015-02-09T05:24:38.9167436Z"}

请参阅将资产与资产传送策略相链接See Link asset with asset delivery policy

DynamicCommonEncryption 资产传送策略DynamicCommonEncryption asset delivery policy

在指定 DynamicCommonEncryption 传送策略时,需要确保将资产链接到 CommonEncryption 类型的内容密钥。When specifying DynamicCommonEncryption delivery policy, you need to make sure to link your asset to a content key of the CommonEncryption type. 有关详细信息,请参阅:创建内容密钥)。For more information, see: Creating a content key).

获取传送 URLGet Delivery URL

获取上一步创建的内容密钥的 PlayReady 传送方法的传送 URL。Get the delivery URL for the PlayReady delivery method of the content key created in the previous step. 客户端使用返回的 URL 来请求 PlayReady 许可证,以播放受保护内容。A client uses the returned URL to request a PlayReady license in order to playback the protected content. 有关详细信息,请参阅获取传送 URLFor more information, see Get Delivery URL.

创建资产传送策略Create asset delivery policy

以下 HTTP 请求将创建 AssetDeliveryPolicy,该策略配置为将动态通用加密 (DynamicCommonEncryption) 应用到平滑流式处理协议(在本示例中,已阻止流式处理其他协议)。The following HTTP request creates the AssetDeliveryPolicy that is configured to apply dynamic common encryption (DynamicCommonEncryption) to the Smooth Streaming protocol (in this example, other protocols will be blocked from streaming).

有关创建 AssetDeliveryPolicy 时可以指定哪些值的信息,请参阅定义 AssetDeliveryPolicy 时使用的类型部分。For information on what values you can specify when creating an AssetDeliveryPolicy, see the Types used when defining AssetDeliveryPolicy section.

请求:Request:

POST https://media.chinacloudapi.cn/api/AssetDeliveryPolicies HTTP/1.1
Content-Type: application/json
DataServiceVersion: 1.0;NetFx
MaxDataServiceVersion: 3.0;NetFx
Accept: application/json
Accept-Charset: UTF-8
User-Agent: Microsoft ADO.NET Data Services
Authorization: Bearer <ENCODED JWT TOKEN> 
x-ms-version: 2.19
x-ms-client-request-id: fff319f6-71dd-4f6c-af27-b675c0066fa7
Host: media.chinacloudapi.cn

{"Name":"AssetDeliveryPolicy","AssetDeliveryProtocol":1,"AssetDeliveryPolicyType":4,"AssetDeliveryConfiguration":"[{\"Key\":2,\"Value\":\"https:\\/\\/amsaccount1.keydelivery.mediaservices.chinacloudapi.cn\/PlayReady\/"}]"}

请参阅将资产与资产传送策略相链接See Link asset with asset delivery policy

定义 AssetDeliveryPolicy 时使用的类型Types used when defining AssetDeliveryPolicy

AssetDeliveryProtocolAssetDeliveryProtocol

以下枚举说明可以为资产传递协议设置的值。The following enum describes values you can set for the asset delivery protocol.

[Flags]
public enum AssetDeliveryProtocol
{
    /// <summary>
    /// No protocols.
    /// </summary>
    None = 0x0,

    /// <summary>
    /// Smooth streaming protocol.
    /// </summary>
    SmoothStreaming = 0x1,

    /// <summary>
    /// MPEG Dynamic Adaptive Streaming over HTTP (DASH)
    /// </summary>
    Dash = 0x2,

    /// <summary>
    /// Apple HTTP Live Streaming protocol.
    /// </summary>
    HLS = 0x4,

    ProgressiveDownload = 0x10, 

    /// <summary>
    /// Include all protocols.
    /// </summary>
    All = 0xFFFF
}

AssetDeliveryPolicyTypeAssetDeliveryPolicyType

以下枚举说明可以为资产传递策略类型设置的值。The following enum describes values you can set for the asset delivery policy type.

public enum AssetDeliveryPolicyType
{
    /// <summary>
    /// Delivery Policy Type not set.  An invalid value.
    /// </summary>
    None,

    /// <summary>
    /// The Asset should not be delivered via this AssetDeliveryProtocol. 
    /// </summary>
    Blocked, 

    /// <summary>
    /// Do not apply dynamic encryption to the asset.
    /// </summary>
    /// 
    NoDynamicEncryption,  

    /// <summary>
    /// Apply Dynamic Envelope encryption.
    /// </summary>
    DynamicEnvelopeEncryption,

    /// <summary>
    /// Apply Dynamic Common encryption.
    /// </summary>
    DynamicCommonEncryption
    }

ContentKeyDeliveryTypeContentKeyDeliveryType

以下枚举说明可用于配置到客户端的内容密钥传递方法的值。The following enum describes values you can use to configure the delivery method of the content key to the client.

public enum ContentKeyDeliveryType
{
    /// <summary>
    /// None.
    ///
    </summary>
    None = 0,

    /// <summary>
    /// Use PlayReady License acquisition protocol
    ///
    </summary>
    PlayReadyLicense = 1,

    /// <summary>
    /// Use MPEG Baseline HTTP key protocol.
    ///
    </summary>
    BaselineHttp = 2
}

AssetDeliveryPolicyConfigurationKeyAssetDeliveryPolicyConfigurationKey

以下枚举说明为配置用于获取资产传递策略的特定配置的密钥可以设置的值。The following enum describes values you can set to configure keys used to get specific configuration for an asset delivery policy.

public enum AssetDeliveryPolicyConfigurationKey
{
    /// <summary>
    /// No policies.
    /// </summary>
    None,

    /// <summary>
    /// Exact Envelope key URL.
    /// </summary>
    EnvelopeKeyAcquisitionUrl,

    /// <summary>
    /// Base key url that will have KID=<Guid> appended for Envelope.
    /// </summary>
    EnvelopeBaseKeyAcquisitionUrl,

    /// <summary>
    /// The initialization vector to use for envelope encryption in Base64 format.
    /// </summary>
    EnvelopeEncryptionIVAsBase64,

    /// <summary>
    /// The PlayReady License Acquisition Url to use for common encryption.
    /// </summary>
    PlayReadyLicenseAcquisitionUrl,

    /// <summary>
    /// The PlayReady Custom Attributes to add to the PlayReady Content Header
    /// </summary>
    PlayReadyCustomAttributes,

    /// <summary>
    /// The initialization vector to use for envelope encryption.
    /// </summary>
    EnvelopeEncryptionIV
}

媒体服务学习路径Media Services learning paths

媒体服务 v3(最新版本)Media Services v3 (latest)

查看最新版本的 Azure 媒体服务!Check out the latest version of Azure Media Services!

媒体服务 v2(旧版)Media Services v2 (legacy)