Axinom DRM - On-board
If you can assume that your users are online when they play videos, you can plan a centralized License Service running in a Cloud. It gets more complicated if the video playback takes place in a disconnected environment without Internet access. An environment can be disconnected due to technical or security reasons. A good example is an entertainment system on board of an aircraft or a train or bus (and this is why Axinom is talking about "DRM On-board"), but it can also be an autonomous kiosk application or a deployment in a rural area without a good Internet connection or any other case.
Axinom fully supports on-board environments by providing the DRM License Service as a Docker container for a local deployment. All the following DRM technologies are supported on-board:
- Google Widevine
- Apple FairPlay
- Microsoft PlayReady
If you intend to run Axinom DRM on-board, you should consider a few additional topics:
- Contractual Pre-Requisites
- Hardware and Software Pre-Requisites
- Software Deployment
- Configuration
- Logging and Monitoring
- Keys Management
- Updates
Contractual Pre-Requisitesβ
Both the Axinom Products Evaluation Agreement and Axinom Products Licensing Agreement already cover the the usage of Axinom DRM on-board.
However, before we can provide you the software for local use, you have to establish an agreement with the respective DRM technology vendor (Microsoft, Google and Apple). Read more about the contractual prerequisites.
If you run Axinom DRM on-board, you pay to Axinom based on the number of vehicles and their type (aircraft, train, bus) where the software is deployed. Check Pricing for more details. You have to provide monthly reports about the number of active deployments.
Hardware and Software Pre-Requisitesβ
Axinom DRM License Service is provided as a Docker image for Linux.
You need:
- A host (physical or virtual machine)
- CPU Architecture:
- Widevine: x64 / ARM 32-bit / ARM 64-bit
- FairPlay: x64 / ARM 32-bit (ARM 64-bit will follow)
- PlayReady: x64
- For x64:
- OS: Linux 64-bit. We recommend Ubuntu Server LTS. We support 18.04 or later; 20.04 is recommended. OS latest updates must be installed
- For ARM:
- Processor:
- ARM32: ARMv7-A or a later compatible architecture. A VFPv3 floating point unit and the Thumb-2 instruction set, or later compatible versions.
- ARM64: ARMv8-A/AArch64 or later compatible architecture.
- Free RAM: 400 MB
- Free disk space: 2 GB
- OS: 32-bit ARM Linux (for ARM32 DRM API images) or 64-bit ARM Linux (for ARM64 DRM API images). Any distribution that supports the latest Docker version can be used.
- Processor:
- Docker engine latest stable version (follow the official Docker documentation)
Axinom DRM License Service availability on different platforms
DRM Technology | Linux x64 | Linux ARM 32 | Linux ARM 64 | Windows |
---|---|---|---|---|
Widevine | X | X | X | - |
FairPlay | X | X | soon | - |
PlayReady | X | - | - | X |
Software Deploymentβ
Axinom DRM License Service is provided as a Docker image (for each DRM technology and CPU architecture its specific image).
At runtime, the image uses two storage volumes:
- Config - for all the configuration files, which Axinom DRM reads
- Logs - for the log files, which Axinom DRM produces.
Axinom DRM License Service uses NGINX as the web server. If additional configuration
is needed, it can be done through the nginx.conf
file in the Config folder.
Axinom DRM On-board Deployment Diagram
When you request Axinom DRM On-board, you receive from Axinom:
- Credentials for Axinomβs private Docker registry from where you can download the Docker image
- Configuration package, content of which you should store in the Config-volume.
See Deployment Guide for the deployment instructions.
Configurationβ
You receive the necessary configuration package from Axinom. If you find it necessary, you can adjust the configuration.
For details see:
Logging and Monitoringβ
Axinom DRM License Service produces logs and stores them in the configured Logs volume. The logs contain application-level information (e.g. license requests), errors, and technical details (e.g. webserver logs). It is possible to configure logging to get more debugging and troubleshooting information.
Supervisor tool is used to monitor important processes of the DRM License Service and restart them if they stop working. It also acts as a containerβs foreground process. Supervisor is already configured as required, but if thereβs a need to re-configure it, change the required parameters in the supervisor.conf
file inside the Config-folder.
See Logging and Monitoring for further details.
Keys Managementβ
We assume in the On-board setup the usage of the Key Seed Model for key generation.
The Key Seed (or multiple) is stored in encrypted form in the file KeySeeds.json
inside the Config-folder.
A Key Seed can be generated securely on the Key Service and then downloaded as a part of the Configuration Package.
Updatesβ
To keep the security level of your system high, check for updates of Axinom DRM and deploy new versions as soon as they get published. Check Release Notes for details. Also make sure you regularly update your OS and Docker with the latest security patches.
DRM technology vendors also require additional components to be regularly updated. Specifically, they maintain device lists, which shall be regularly updated (Device Certificate Status List for Widevine and Revocation List for PlayReady).
You may also want to update parts of configuration, e.g. the keys.
See Updating On-board Configuration for further details.