Media companies require secure and robust infrastructure that is resilient even when failures or disasters hit. Traditionally, resiliency has been most critical for live-to-air operations, but the demand for content across multiple delivery platforms has elevated the need for resilient supply chains as well.

The cloud, with its natural redundancy and geo-diversity, serves as a reliable and highly-available media supply chain infrastructure. Cloud services provide the same level of business continuity at a fraction of the cost of terrestrial continuity strategies that rely on physical redundancy.

In a new white paper, we take a close look at how the SDVI Rally platform exploits cloud resiliency features to ensure that media supply chains continue to function in the event of a disruption.

SDVI customers need to have confidence that their silos and content are accessible only to the users they choose. The Rally platform is designed to give customers complete assurance, allowing them to control who can use the system, access cloud-controlled storage, and access content. Customers set and adjust the level of security that their organization requires using Security Assertion Markup Language [SAML] authentication.

For Users
Rally uses SAML to authenticate users and their Group association with the platform. With a SAML provider, such as OKTA, customers use web application or service provider [user redirect] methods of authentication: no passwords are stored (Rally will only store a user’s email address) so a SAML provider is the sole path for gaining access to a Rally silo. Once authenticated, the SAML tool passes user and Group information on to Rally. This process puts control directly in the hands of the customer’s SAML administration team, where access can be centrally monitored and managed.

Rally permissions are defined by “Roles”. Roles are assigned to a group or groups, and it is the Role that defines what areas of Rally the authenticated users can access. Rally administrators create and modify Roles, tailoring them to specific functions with ease. An example Operations Role: a member of the operations team must not be allowed to access the Rally “factory” but should have access Gateway pages to perform operations functions.

Here you can see an example of an User Role setup:

For Content

The Rally platform operates on a ‘bring-your-own-storage’ model, meaning customers must specifically allow Rally to connect to the object storage they own. Rally connects to cloud object storage locations using the native APIs and permission models of the host cloud platform, allowing users to connect with AWS S3, Google Cloud Storage, Azure, or Alibaba storage locations. Rally will only “touch” content if the owner allows it; the owner always retains control of who or what has access to critical data in their object storage locations using the cloud platform tools and the roles associated to that object storage location.

A user’s access to content is defined by the Group or Groups they are part of, allowing administrators to limit access to content from the UI by leveraging “Allow” and “Deny” policies on Asset Tags, File Tags and File Labels for each Group. An Administrator could set up an “Allow” list of tags and/or labels for a Group which would then limit what the Group can see. In this screen shot the Group “Internal Silos” is assigned the Role of “User”. The “Internal Silos” Group is configured to only see Assets that have an Asset tag of “SDVI”; therefore, if an Asset is given an Asset tag of “XYZ” the users in the group “Internal Silos” will never see that Asset (or any inventory associated to it).

If you’d like to find out how to improve visibility into your Rally supply chains, reach out to your TAM or solutions architect.