So, You Want To Stream Inside Your Firewall? Good Luck.

"We have to host and stream this stuff inside our firewall". I hear that statement frequently from prospects in the educational and corporate spaces. Usually the requirement stems from paranoia that their streaming content would fall into the wrong hands and compromise their integrity as an institution or business...or give their competitor an upper hand. From the way they describe the importance of securing their streams, you'd think there were an unruly band of "stream pirates" floating just outside their firewall...waiting to pounce on any and all accessible content and use it against the content creator. While I personally believe that those pirates more interested in the next "Iron Man" movie than they are in this month's "Accountability In The Workplace" pesentation, I can't completely dismiss their fears. After all, it's not MY content.

Yes, it's possible to host and stream your content within your own network...but you better have one heck of a network!

Streaming is a bandwidth-intensive process. Unless your corporate network is "multicast enabled" from end to end (which creates entirely different security risks), you'll have to propagate your content using Unicast, or "point to point" distribution. This means that everyone wanting to watch a live webcast on your network will compound the bandwidth utilized for the event. Say you have a 10 Megabit LAN, or even a Gigabit LAN. In either case, it's a simple mathematical reality that at some point...you run the risk of bringing your network to it's knees with your DIY streaming efforts. Simply put: There are only so many concurrent unicast viewers that your network can support. This weakness becomes more obvious during live webcasting of course, but also holds true for on-demand webcasting.

Just because you CAN host your streams internally, doesn't mean you SHOULD. By employing an external CDN (Content Delivery Network), you remove the above mentioned burden from your own network and place it on the shoulders of one that is designed specifically for bandwidth-intensive content like streaming media.

There are ways to make your streams more secure even if you host and distribute your content on a CDN. Unfortunately, the business leaders in your organization often have a picture in their minds-it's a picture of a walled fortress. Inside the walls is where they want their streaming to happen. Outside are the bad guys-those "streampirates" mentioned earlier. Overcoming this limited view requires education, and lots of questions. I like to start with these:

-What is the reason for your desire to stream on your own network? It may be purely financial or it may be due to a senior manager seeing a video-driven quarterly report show up on YouTube.
-What LEVEL of security would make decision makers feel....well, secure? Are they most concerned with your content being pirated, with your network being compromised or just with unauthorized viewership of your content?
-What is the technical ability of your network when it comes to streaming? If you have a satellite office with 100 folks on a shared T1 and you want them to tune in to a quarterly live webcast from the home office...ugh, we should talk. If it's a 500K stream, your T1 is only going to handle 3 or 4 concurrent viewers before it fails.

There are ways to enlist the power of a CDN without exposing the soft white underbelly of your organizations network. Domain level security, IP "allow/deny" lists and even Token Security can be used to dramatically limit unauthorized access to your streaming content.

Ultimately, this boils down to a necessary "cost/benefit" analysis. While you may gain a sense of security from internal hosting and distribution of streaming content, you may lose control, quality and oodles of network capacity. Another thing to consider is that those "streampirates" may actually be figments of your imagination anyway!