PARTNER
Media Service Offering on AWS
We provide Cloud Transformation Strategy development for broadcasters, content creators and media companies concerning the migration of contribution, production, management, playout and distribution to AWS.
Table of Contents
Description
Phase Testing
Phase Implementation & Migration
Reference Architecture
Relevant AWS technical expertise for the service offering
dentification and mitigation of risks associated with the service offering
How do we secure AWS accounts governance
Process to collect customer feedback
Description
Media-, broadcast-, entertainment- and telecom-companies profit from netorium’s experience on how to successfully migrate existing content contribution, content production, content management, content playout and content distribution into a hybrid or purely AWS based environment. netorium’s consulting service consists of several phases and includes several workshops and documentation, regarding:
Discussing the customer’s background
Presenting AWS’ potential on media and entertainment workflows
Discussing reference architectures and business potentials
Collecting customer thoughts on requirements and inspirations
Elaborating a concept together with the customer and providing the customer-specific AWS system architecture
In the form of a proof of concept, the concept is implemented as an example for one of the customer’s use cases
Testing the solution
Evaluating the success of the use case implementation and of the system design in general
Quality assessment and risk analysis
Design a dedicated migration strategy
Final commissioning and migration
Hands-on Training for the specific workflows
In the following, all phases of the offer will be described in detail.
Phase Analysis & Design
Analysis and documentation of the status “as is”
Analysis and documentation of requirements for a hybrid or purely AWS based system including two or three workshop days
Finalizing the “as is and requirement” document
Presentation workshop and handover of the “as is and requirement” document
System design sketch for a hybrid or purely AWS based system based on the requirements gathered in the analysis phase
Workshop on raw design, discussing details, assumptions and upcoming topics
Detailed system design for a hybrid or purely AWS based system built on the requirements gathered in the analysis phase and on the findings in the raw design workshop
Workshop on detailed design
Finalizing the system’s design and cloud infrastructure architecture
Definition of the potential migration strategy
Presentation workshop and handover of the “Detailed System Design” document
Summary, Review and Lessons Learned Workshop
Phase Testing
Setting up a Proof of concept based on the results of the Analysis & Design Phase. The Proof of Concept will be performed based on an assessment result, or on a specified use case by the customer.
The PoC service includes all tasks of the PoC such as project management, consulting by Solution Architects, review and status meetings, software implementation and workflow commissioning, documentation and trainings for a production pilot.
Agenda:
Workshop: Defining the scope and goals of the Proof of Concept: Definition of exemplary sub-workflows and use cases relating to the overall scope and requirement
Provisioning of AWS resources, based on project requirements
Provisioning of on-premise infrastructure in case of a hybrid architecture
Installation of AWS based applications
Installation of on-premise applications in case of a hybrid architecture
Configuration of all interfaces
Commissioning of the workflows
System and workflow tests
a feasibility study (incl. documentation)
PoC review and status meetings
Documentation of the system
Training
Summary, Review and Lessons Learned Workshop
The PoC results in the final concept for implementation & migration which leads to
a handout for a management decision.
The final implementation and migration project
Phase Implementation & Migration
The implementation service includes all tasks of the implementation such as project management, consulting by Solution Architects, review and status meetings, software implementation and workflow commissioning, documentation and trainings.
The implementation is based on the finding of the Testing Phase.
Agenda:
Realization of the implementation with consideration of the defined migration strategy
Provisioning of AWS resources, based on the results of the PoC
Provisioning of on-premise infrastructure in case of a hybrid architecture
Installation of AWS based applications
Installation of on-premise applications in case of a hybrid architecture
Configuration of all interfaces
Commissioning of the workflows
System and workflow tests
Documentation of the system
Training
Summary, Review and Lessons Learned Workshop
The actual duration of the process depends on the scope and the complexity of the project.
Reference Architecture
In the following graphic a generic reference architecture can be seen. These are the areas in which the offer is usually located.
If you would like to get to known to implemented use cases or would like to discuss how we could help you implementing your ideas, do not hesitate to contact us:
+49 6122 170 96-0
How we run a project
netorium AG offers a broad spectrum of experience within all current methodologies with its practice-oriented and internationally certified project managers. All processes are cooperative, agile and iterative. Projects are monitored intensely, ensuring that all functions and features are delivered in time. If desired, the implementation of a project can also be adapted to the methodological principles of the customer.
Project Steering
Depending on the scope of the project, project management is scalable up to the establishment of a cross-company steering committee. On the part of netorium, experienced employees of the solutions team and the support team who are also assigned to netorium’s “Cloud Center of Excellence” (CCoE), are available for the project in each phase.
A defined project manager controls all processes until the migration and application integration is implemented and acts as exclusive contact person.
Project plan and milestones
In order to meet the customer’s expectations and ensure that they are met throughout the entire project, the project follows an iterative process. In general, the project plan with the corresponding milestones results from the following project phases:
planning & coordination of scope of work
implementation
testing & quality assurance
commissioning
acceptance
closing
As part of this offer, the general project phases are matched within the various deliverables of the offer’s phases themselves. The deliverables are dependent on the scope of the whole project, especially, if a customer does not want to conduct all phases of the service offer. Therefore, the whole project plan is specially tailored to the customer needs.
To give you an idea of the structure we usually follow when realising our projects, you can find a template for our project plan here.
Relevant AWS technical expertise for the service offering
The offer is based on AWS Computing and Migration Competency in the Media production and broadcast field. The solution requires AWS EC2 infrastructure, Compute and Migration services expertise combined with media and broadcast industry know-how.
Technical Expertise:
AWS Services Expertise: EC2, VPC, VPC Peering concepts, CloudFormation, S3, IAM, IAM Identity Center, CloudFront, Recognition, Transcribe, Well Architected Framework
Domain/Industry Expertise: In depth knowledge of Media Production & Digital Video Broadcast; Transcoding, Formats, Codecs; Workflow Orchestration, Media Supply Chain Management; Content Delivery Networks (CDN) / OTT; MAM; Playout; Media Quality Control
netorium’s engineers Credentials:
AWS Solutions Architect – Associate; Engineers in media technology, Cloud Practitioner, PMP®
Certificates planned for the future:
AWS Solutions Architect – Professional; Potentially needed certifications for partner products, AWS Security – Specialty, AWS SysOps Adminstrator – Associate
Identification and mitigation of risks associated with the service offering
Potential risks:
Security risks
Loss of cost efficiency
Loss of performance efficiency
Loss of reliability
Wrong achitecture
Wrong migration strategy
Risk preventation and mitigation strategy:
Perform risk assessments, risk monitoring – Use and recommend AWS Well-Architected Tool to identify and resolve risks in the workloads
Identify and drive remediation of risks
Regular meetings and reports to ensure communication of risks across all components of the risk management process
implementation of an escalation process to provide visibility into high priority risks for management
How do we secure AWS accounts governance
ACCT.01 – Set account-level contacts to valid email distribution list instead of various individual contact email addresses
ACCT.02 – Restrict use of the root user
only uses the root user for specific tasks and functions that truly require it like Account Management
As another layer of security multi-factor authentication (MFA) is turned on for the root user account.
Create and use administrative users instead of the root account
ACCT.03 – Configure console access
ACCT.04 – Assign permissions
Configure user permissions in the account by assigning policies to the IAM identities (users, user group or role).
ACCT.05 – Require MFA
enable MFA for AWS account access, particularly for long-term credentials like e.g. the root user and IAM users
ACCT.06 – Enforce a password policy
Require passwords to comply with a strong password policy
configure password requirements in a custom IAM password policy
ACCT.07 – Log events<
Actions taken by users, roles, and services in the AWS account are recorded as events in AWS CloudTrail
Deliver CloudTrail logs to a protected S3 bucket to retain CloudTrail logs history beyond 90 days
ACCT.08 – Prevent public access to private S3 buckets
Configure block public access settings for your S3 buckets
ACCT.09 – Delete unused resources
regularly review and remove unused users, roles, policies, permissions and credentials from the account
ACCT.10 – Monitor costs
Configure AWS Budgets to enable monitoring of monthly spending and usage
Cost target thresholds and notifications when exceeded
ACCT.11 – Enable GuardDuty
Enable and respond to GuardDuty notifications
Create a CloudWatch Events rule to notify you of GuardDuty findings
ACCT.12 – Monitor high-risk issues by using Trusted Advisor
Monitor for and resolve high-risk issues related to security, performance, cost, and reliability
How do we secure access to customer-owned AWS accounts
Setting up cross-account access in the AWS Management Console using IAM Roles. Therefore, it is not needed to create individual IAM users in each account.
The following listing describes the steps required to configure cross account access:
Step 1: Set Up Trust Relationship in the customer-owned AWS account “Account A”
Step 2: Create an IAM Role in Account A
define the Account B as a trusted entity and specify a permissions policy
Step 3: Verify Trusted Relationship (Account Ah5. Step 4: Obtain Role ARN (Account A)
Step 5: Switch Role (Account B) using IAM User Credentials
Step 6: Verify ReadOnly Access (Account B)
Step 7: Deletion of the corresponding cross account role when the customer engagement is over
For temporary access we recommend using AWS IAM Identity Center to grant temporary access for external AWS accounts.
Process to collect customer feedback
Conducting a project is an iterative process. To meet customer’s requirements and get feedback, an iterative process is implemented through the whole project. Of course, feedback will be collected in every status meeting to live an open and trustful relationship between the members of the direct project team.
At least on every transition to the next phase, a review session will be conducted with the stakeholders to collect the state of satisfaction of the customer. It will be reviewed on senior leadership level as well.
After acceptance, a detailed lessons learned workshop will be held. Experiences, best practices out of the project and constructive critic will be collected for further improvement.
Please get in contact with us for any information.
+49 6122 170 96-0
