sdvi update
Optimizing for a Resilient, Secure Media Supply Chain
Media companies require secure and robust infrastructure that is resilient even when failures or disasters hit. Traditionally, resiliency has been most critical for live-to-air operations, but the demand for content across multiple delivery platforms has elevated the need for resilient supply chains as well.
The cloud, with its natural redundancy and geo-diversity, serves as a reliable and highly-available media supply chain infrastructure. Cloud services provide the same level of business continuity at a fraction of the cost of terrestrial continuity strategies that rely on physical redundancy.
In a new white paper, we take a close look at how the SDVI Rally platform exploits cloud resiliency features to ensure that media supply chains continue to function in the event of a disruption.
Supply Chain Thinking:
The Value of Resiliency

Simon Eldridge, Chief Product Officer
The broadcast industry often thinks of resiliency as being a matter of staying on air continuously — the golden 99.999% uptime. But uptime is also vital in the file-based world too. After all, your supply chain feeds your commercial output. If you’re unable to get content from point A to point B quickly, you may not be able to deliver on a deal.

The broadcast industry often thinks of resiliency as being a matter of staying on air continuously — the golden 99.999% uptime. But uptime is also vital in the file-based world too. After all, your supply chain feeds your commercial output. If you’re unable to get content from point A to point B quickly, you may not be able to deliver on a deal.
What does it take to make your media supply chain resilient? How can you ensure that it is reliable, available, and scalable? How do you remain productive in the event of a failure somewhere in the media supply chain, in the event that your media operations infrastructure breaks down?
If you consider the conventional broadcast model, you might build two of everything in two different facilities. Or maybe, to save on costs, you’d weigh the risks and build a partial on-the-ground backup infrastructure that might keep you going in the event of a fault or power outage.
But what if you could achieve continuous productivity and cost-effectiveness operations with a different model of ensuring resiliency? Read on to find out how.
From Our Technical Solutions Team:
How Rally Ensures Security for Both Users and Content

Paul Murzell, Director of Technical Account Management
SDVI customers need to have confidence that their silos and content are accessible only to the users they choose. The Rally platform is designed to give customers complete assurance, allowing them to control who can use the system, access cloud-controlled storage, and access content. Customers set and adjust the level of security that their organization requires using Security Assertion Markup Language [SAML] authentication.
For Users
Rally uses SAML to authenticate users and their Group association with the platform. With a SAML provider, such as OKTA, customers use web application or service provider [user redirect] methods of authentication: no passwords are stored (Rally will only store a user’s email address) so a SAML provider is the sole path for gaining access to a Rally silo. Once authenticated, the SAML tool passes user and Group information on to Rally. This process puts control directly in the hands of the customer’s SAML administration team, where access can be centrally monitored and managed.
Rally permissions are defined by “Roles”. Roles are assigned to a group or groups, and it is the Role that defines what areas of Rally the authenticated users can access. Rally administrators create and modify Roles, tailoring them to specific functions with ease. An example Operations Role: a member of the operations team must not be allowed to access the Rally “factory” but should have access Gateway pages to perform operations functions.
Here you can see an example of an User Role setup:

For Content
The Rally platform operates on a ‘bring-your-own-storage’ model, meaning customers must specifically allow Rally to connect to the object storage they own. Rally connects to cloud object storage locations using the native APIs and permission models of the host cloud platform, allowing users to connect with AWS S3, Google Cloud Storage, Azure, or Alibaba storage locations. Rally will only “touch” content if the owner allows it; the owner always retains control of who or what has access to critical data in their object storage locations using the cloud platform tools and the roles associated to that object storage location.
A user’s access to content is defined by the Group or Groups they are part of, allowing administrators to limit access to content from the UI by leveraging “Allow” and “Deny” policies on Asset Tags, File Tags and File Labels for each Group. An Administrator could set up an “Allow” list of tags and/or labels for a Group which would then limit what the Group can see. In this screen shot the Group “Internal Silos” is assigned the Role of “User”. The “Internal Silos” Group is configured to only see Assets that have an Asset tag of “SDVI”; therefore, if an Asset is given an Asset tag of “XYZ” the users in the group “Internal Silos” will never see that Asset (or any inventory associated to it).

If you’d like to find out how to improve visibility into your Rally supply chains, reach out to your TAM or solutions architect.
New in Rally:
Several updates to the SDVI Rally platform in Q4 2022 improved efficiency and security in SDVI Mover. These enhancements make Rally even more effective in performing critical operations.
Support RSL as “externalStorage”
SDVI Mover can now be used to move files to a Rally Storage Location with the RSL: notation in the externalStorage portion of the preset used to prevent the resulting file to be tracked in inventory going forward. This is helpful where customers send files to external systems or partners, and where any changes to that new copy like renames or file removal does not need to be tracked by Rally operators or at worst, would even confuse or raise unwanted expectation messages.
Aspera Updates
An additional method for authenticating against Aspera on cloud has been added to Mover, strengthening the security posture of Mover. Also, presets can now utilize a “multiTransfer” setting for Aspera Node transfers. This will result in Mover batching several jobs into a single transfer job on Aspera so that the Aspera server is not overwhelmed.
Read the full list of updates made to the Rally platform in Q4 2022 in our latest Rally Update blog post.
Application Spotlight

Widevine DRM
Widevine’s DRM solution provides the capability to license, securely distribute and protect playback of content on any consumer device. Content owners, multiple service operators and digital media providers can utilize Widevine’s solutions to ensure revenue generating services keep flowing to whatever device consumers desire.
Learn more about the full spectrum of best-in-class tools in the Rally Application Services Market.