[object Object] Icon

Encoding
Learn how to create, start, manage and modify Encodings

[object Object] Icon

Player
Learn how to create, start, manage and modify Players

[object Object] Icon

Analytics
Learn how to create, start, manage and modify Analyticss

Docs Home
User shortcuts for search
Focus by pressing f
Hide results by pressing Esc
Navigate via   keys

Thu Nov 19 2020

Bitmovin Cloud Connect with Azure

Bitmovin Cloud Connect with AzureLink Icon

This document explains how to set up Bitmovin Encoding on Azure Cloud infrastructure so that the Bitmovin platform can run encoders using the Azure API.

The instructions in this document for the Bitmovin Encoding Service apply to live encoding and file-based encoding. For a complete list of formats and input types, see the Bitmovin website.

PrerequisitesLink Icon

This feature requires a commercial agreement and needs to be specifically activated for a Bitmovin Account. It is not available by default. You will not be able to complete the configuration below without this activation.

Azure ConfigurationLink Icon

Request access to the bitmovin-azure-connect Application

Please replace <Your Tenant ID> in the link below with your Tenant ID and then call that link in your browser:


https://login.microsoftonline.com/<Your Tenant ID>/oauth2/authorize?client_id=ad59b58a-9910-409a-909e-cf98258bb566&response_type=code&redirect_uri=https%3A%2F%2Fbitmovin.com%2F


To determine your Tenant ID:

  • Go to https://portal.azure.com/#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/Overview
  • Copy your Tenant ID from the Tenant information box

Create a Resource group in which you intend to run your VMs

  • Select your subscription | Resource groups / Add
  • Assign a name to your Resource group
  • Assign a Region, as this is mandatory, but your Resource group can still contain resources from multiple regions.
  • Click Review + create

Give the bitmovin-azure-connect Application rights to run virtual machines on your subscription

  • Select your subscription
  • Select the recently created Resource group
  • Click Access control (IAM)
  • Click Add
  • Select Add role assignment
  • Role: Contributor
  • Select: Enter bitmovin-azure-connect (Please note that bitmovin-azure-connect only shows up in your selection if you performed the first step Request access to the bitmovin-azure-connect Application)
  • Click on bitmovin-azure-connect to get it into the Selected members
  • Click Save

Create a Network Security Group in every region that you want to run encodings in

  • Select your Resource group
  • Click Add
  • Type Network security group (+ Enter) in the search window
  • Click Create
  • Type in a name, e.g. myorgname-region-nsg
  • Select a Region
  • Click Review + create
  • Click Create
  • Click Go to resource
  • Add the following Inbound security rules (Inbound security rules / Add) (Please note that all non-listed values can be left at their default values: Source: Any, Source port ranges: *, Destination:Any. Action: Allow)

Basic Inbound security rules that are necessary to run any EncodingLink Icon

These are the basic Inbound security rules without which starting an encoding will fail.

Please add Inbound security rules with the following settings to each Network Security Group:

FieldValue to set
ProtocolTCP
Priority100
NameAllowEncoderServiceInbound
Destination port ranges9999
DescriptionFor communication with the service that manages the encoding


FieldValue to set
ProtocolTCP
Priority200
NameAllowSessionManagerInbound
Destination port ranges9090
DescriptionFor communication with the service that manages the encoding instances


FieldValue to set
ProtocolTCP
Priority1000
NameAllowSSH
Destination port ranges22
DescriptionFor incoming commands (i.e. pulling and starting docker containers)


Inbound security rules that are necessary to run RTMP live streams

If you intend to run RTMP live streams, please create an Inbound security rule with the following settings:

FieldValue to set
ProtocolTCP
Priority300
Namertmp-listener
Destination port ranges1935
DescriptionFor RTMP live streams


Inbound security rules that are necessary to run SRT live streams

If you intend to run SRT live streams, please create Inbound security rules with the following settings:

FieldValue to set
ProtocolTCP
Priority400
Namesrt-listener-tcp
Destination port ranges2088
DescriptionFor SRT live streams


FieldValue to set
ProtocolUDP
Priority500
Namesrt-listener-udp-2088
Destination port ranges2088
DescriptionFor SRT live streams


FieldValue to set
ProtocolUDP
Priority700
Namesrt-listener-udp-2090
Destination port ranges2090
DescriptionFor SRT live streams


FieldValue to set
ProtocolUDP
Priority800
Namesrt-listener-udp-2091
Destination port ranges2091
DescriptionFor SRT live streams


Inbound security rules that are necessary to run Zixi live streams

If you intend to run Zixi live streams, please create an Inbound security rule with the following settings:

FieldValue to set
ProtocolTCP
Priority900
Namezixi-listener
Destination port ranges4444
DescriptionFor Zixi live streams

Create a Virtual Network in every region that you want to run encodings in

  • Select your Resource group
  • Click Add
  • Type Virtual Network (+ Enter) in the search window
  • Click Create
  • Type in a name
  • Select a Region
  • Click Next: IP Addresses
  • The default IPv4 address space gives you a CIDR notation of /16, resulting in an address space of 65536 IP addresses, which should be sufficient.
  • Remove the default subnet
  • Click Add subnet
  • Type in a Subnet name, e.g. myorgname-region-subnet
  • Copy the entire address space from your virtual network
  • Click Add
  • Click Review + create
  • Click Create
  • Click Go to resource

Assign the Network security group that you created for that region to the subnet that you created for that region

  • Click Subnets
  • Click the subnet that you created
  • Under Network security group select the Network security group that you created for that region

Bitmovin ConfigurationLink Icon

Before you continue, make sure you have collected the following information:

From your Azure Subscription:

  • my_subscription_id
  • the_resource_group_id_that_i_intend_to_use
  • my_tenant_id

Create infrastructure

To enable your Bitmovin account to run encodings in your Azure Subscription, you need to create an Infrastructure object, using the Bitmovin Infrastructure API.

Using the Add Azure Account endpoint, submit the following JSON and replace the respective subscriptionId, resourceGroupId, and projectId values with the appropriate values collected in the previous steps:

1{
2 "name": "<my_name> Azure Connect <prod/dev>",
3 "subscriptionId": "<my_subscription_id>",
4 "resourceGroupId": "<the_resource_group_id_that_i_intend_to_use>",
5 "tenantId": "<my_tenant_id>"
6}

Use the Add Azure Region Setting endpoint to create region settings, with the following payload:

1{
2 "networkName": "the-network-name-that-i-have-created",
3 "subnetName": "the-subnet-name-that-i-have-created"
4}

For example, if you want to run encodings in westeurope, you will need to submit the following payload to this endpoint:

https://api.bitmovin.com/v1/encoding/infrastructure/azure/<infastructure-id>/regions/EUROPE_WEST

1{
2 "networkName": "the-network-name-that-i-have-created",
3 "subnetName": "the-subnet-name-that-i-have-created"
4}

No need to request access to machine images

As the bitmovin-azure-connect Application already has access rights to the Shared Image Gallery where the Images reside that are required to start VMs for Bitmovin Encodings, no action is required to authorize access to VM images.

Run encoding jobs in AzureLink Icon

After configuration has been completed, you will be able to run encoding jobs in your own Azure Subscription. To do so, use the Bitmovin API client SDKs to submit encoding jobs, in the same way as you would do for encodings running in the Bitmovin Managed Cloud service. The only difference is that you need to specify the new infrastructure instead of public cloud regions.

Here is a Python snippet demonstrating how to link your encoding to your infrastructure.

1 # ID of the Infrastructure object created in step 5.
2 infra_id = ‘<infrastructure_id>’
3
4 # Azure region of the Azure-connect setup
5 infra_region = CloudRegion.AZURE_EUROPE_WEST
6
7 infrastructure = InfrastructureSettings(infrastructure_id=infra_id,
8 cloud_region=infra_region)
9 encoding = Encoding(name='azure connect encoding',
10 cloud_region=CloudRegion.EXTERNAL,
11 infrastructure=infrastructure,
12 encoder_version='STABLE')

Resource QuotasLink Icon

If you want to run several encodings in parallel, then the default quota limits may not be sufficient. In that case, you will have to request limit increases for the following quotas in your Region(s):

ProviderQuota NameLimit to request
Microsoft.NetworkPublic IP Addresses(max. # of encodings) * (max # of instances per encoding)
Microsoft.ComputeStandard DSv3 Family vCPUs(max. # of encodings) * 8 )
Microsoft.ComputeStandard FSv2 Family vCPUs(max. # of encodings) * 8 )
Microsoft.ComputeTotal Regional Spot vCPUs(max. # of encodings) (max # of instances per encoding) 8 )

This implies the standard case: 8 core instances. If your use case requires instances with a different number of cores, multiply by that.

The maximum number of instances needed depends on the maximum number of parallel encodings running multiplied by the maximum number of instances needed for one encoding. The number of instances used by one encoding varies depending on the input file size and the number and data rate of the encoder Representations and cannot exceed 120.

Generally, it cannot hurt to multiply the expected limit calculated for your current situation by 2, to have some margin in case you need to ramp up.

To view/edit your quotas:

  • Select your Resource group
  • Click Usage + qotas (on the left)
  • Filter by Provider and type in a substring (e.g. IP or vCPU)
  • If you need to request a limit increase, click Request Increase on the upper right.

Give us feedback