When I worked at Music Choice - almost five years ago - one of my responsibilities was to architect our implementation of Microsoft DRM. In fact my very first day with the company my boss, Stu who was and still is the vice president of IT, Engineering and Operations there, came to me and told me that my first task would be to research and set up DRM, even though it was a complete unknown to anyone else in the company. I love a good challenge and this experience went on to become a favorite anecdote that I would share at many interviews afterward.
The first thing I did was to use Microsoft's online reference to get their recommended implementation. It was fairly bare bones and architected something like this:
- content is wrapped in a DRM envelope and served to the end user
- the envelope contains a public key and the location of an authentication script on your license server
- when the user tries to play the content, the DRM engine first hits your license server and tries to authenticate the user via some predefined business rules you put in place - IP check, log in, etc.
- license server issues license DRM engine allows content to play
Now this was fine and served our needs for many months, but would occasionally break and was a cumbersome work flow. Keep in mind the act of DRMing content was its own process, essentially it was a batch process run on a directory of videos.
Once I had a better grasp on how DRM was implemented, how the licenses were generated and how we wanted to authenticate users I set out to re-architect our entire work flow.
To preface the new work flow let me briefly explain the previous work flow. We would get raw assets in from the record labels and run them through Sorenson Squeeze to encode them to Windows Media Video. Sorenson would drop the encoded files into a folder on our license server called Drop Folder. Once a day someone would run a batch script I wrote that took the files from Drop Folder, DRMed them and placed them in another folder called Out Folder. From there the files would be picked up by the automated distribution system that we created and sent to all of the different carriers of our service.
This existing work flow was cumbersome for several reasons. Since the DRM batch script needed to pull DRM profile information from the license server, the script needed to be run on the license server so we had to copy the video files from the encoding server to the license server. Copying large video files across the network took time and introduced potential breaking points, if connectivity dropped. Which it did often.
There were also manual parts to the process. The encoding was done by the Operations department, they had to initiate the encoding process by the batch. This occasionally led to natural human error.
That went on for around six months, while my team and I worked on other aspects of the portal. I then revisited the encoding and DRM work flow and came up with a unified approach that was machine agnostic. I will detail this approach in my next article.