In its bid to fight piracy from all angles, pay-TV network OSN has built a robust and sophisticated anti-piracy system based on AWS cloud architecture.
Piracy cost the Middle East entertainment industry $500m in 2017. Since then, the launch of a rogue box called Beoutq is likely to have raised that figure substantially. On a global level, Digital TV Research estimates that the amount of revenue lost to piracy globally will skyrocket from nearly $31.8bn in 2016 to almost $52bn in 2022 and those statistics do not even include sports or pay TV.
Given these shocking figures, pay-TV network OSN, a staunch anti-piracy advocate, has adopted a 360-degree approach to fortifying and shielding its content. Besides engaging actively with government authorities and collaborating with other media entities to stem piracy in the region, it has also worked untiringly to develop a strong technical infrastructure to protect its assets.
Its first attempt began as early as 2017, when it developed its Platform Security Information System (PSIS), an in-house content protection solution dedicated to web piracy (live and on-demand), free-to-air (FTA) piracy, illicit streaming devices (ISDs) and advertisements promoting such devices on e-commerce platforms. That system has evolved over the last year and a half to become the most advanced anti-piracy system tailored for the MENA region.
Designed to scan and take down pirated materials on a comprehensive set of illegal services popular in the MENA region, PSIS was launched with a user-friendly interface and a rich database containing all infringements identified. It was scalable but severely limited by the computational capabilities of OSNs on-premises infrastructure: only four servers were running a limited number of crawling instances 24/7.
In 2018, OSN decided against another round of CAPEX investment for on-premise infrastructure. Instead, it went with a full-scale migration to Amazon Web Services (AWS). The objective was to achieve full scalability in terms of the number of crawling instances and the number of assets protected. It was also a cost-saving initiative that offered better value than on-premises equipment. OSN chose the Amazon Aurora database, which replaced its on-premise database, and S3, an alternative to its on-premise NAS storage.
One of the key objectives of moving to AWS cloud was to make use of its native services as much as possible for scaling, reliability and efficiency, explains Dave Mace, Cloud and Digital Services Manager, OSN. We build everything as infrastructure-as-a-code (IaC) on AWS. This way, we ensure that the infrastructure set-up is templated and descriptive. This offers several key benefits when building on the cloud agility and simplicity, configuration consistency and reduced risk, to name a few. To help with this, we use Teffaform to create the whole infrastructure.
Oba Oluwaseun, Lead Solution Architect at OSN, says one of the key constraints of running the crawling jobs on-premise was fixed computer capacity.
With cloud providing the elasticity to scale, we started deliberating on how to make the most of the cloud flexibility while at the same time controlling cost based on a crawling job schedule. We thought of using the AWS autoscaling service, but this only supports CPU-based scaling metrics natively. We were more interested in scaling based on the number of scheduled jobs rather than CPU-based metrics, so we used AWS Batch instead. This dynamically provisions computer resources for batch jobs and was ideal for our use case.
Using AWS Batch also implied that we had to change our current way of running crawling jobs to use Docker containers, which is a key requirement for this service. With few lines of code change to make the configurations dynamic, we were good to go with the preliminary architecture.
Mace goes on: This way, we only pay for when we have a crawling job running, because the instances are terminated if there is no job scheduled on them. Apart from the crawling jobs, there is also a web interface for reviewing the crawling output and general console management, which needs to be moved to the cloud. Excited about running the crawlers in Docker, it was a no-brainer for us to run this application server in Docker as well. AWS has a couple of services for running containers (ECS with managed EC2 instances, ECS with Fargate or EKS with managed EC2 instances), and we chose ECS with Fargate, mainly to pay for only provisioned container resources and avoid managing the underlying servers.
We build everything as infrastructure-as-a-code on AWS. This way, we ensure that the infrastructure set-up is templated and descriptive
Dave Mace, Cloud and Digital Services Manager, OSN
With the cloud infrastructure set-up being a Blackbox with the use of Docker containers, effective monitoring became an essential requirement.
AWS already has in-built metrics for its services in raw form, so OSN took these and extended it to Prometheus, an open-source monitoring system used to ingest custom metrics. Prometheus is also used for alerting, while Grafana, used as a dashboard tool, relies on the metrics from Prometheus, clarifies Oluwaseun.
With cloud providing the elasticity to scale, we started deliberating on how to make the most of the cloud flexibility while at the same time controlling cost based on a crawling job schedule
Oba Oluwaseun, Lead Solution Architect at OSN
OSN also uses Newrelic APM for all application-based metrics and events. In the meantime, cloud watch logs are primarily used for logging, built into AWS Batch and Fargate services.
Prior to moving to the cloud, deploying code changes was a manual process. This involved the developer having to push the code to change to a version control system, and the release manager having to remotely connect to the application server manually to pull the latest code changes and restart the application to reflect the changes.
To automate the process of code changes and its readiness to be used by the application server, we used a number of AWS services and automated the continuous delivery pipeline. This involved the developer pushing code change to the version control system, with the AWS Code pipeline automatically triggering a workflow, AWS CodeBuild building the image and AWS Lambda deploying the latest changes to Fargate (with Slack and New Relic notification). This whole process is now fully automated and has improved the frequent deployment of small code changes, explains Mace.
By leveraging a fully serverless ecosystem and integrating various machine learning tools, OSN today boasts an accurate, fully scalable system in terms of crawling instances, volume of pirate websites monitored and volume of content protected.
Since migration, OSN has been able to significantly increase its anti-piracy capabilities: our results increased by 98% between 2017 and 2018. In 2018, the system was able to detect and act on more than half a million infringements, including Arabic, Turkish and Western pirated videos, pirated linear channels available on the web and on ISDs, as well as illegal adverts on e-commerce platforms, explains Dr Guillaume Forbin, Director Platform & Content Security.
With such a sophisticated in-house anti-piracy system in place, OSN no longer needs to rely on third-party services for online anti-piracy disruption.
OSN is one of the very few broadcasters worldwide operating its own anti-piracy system this, of course, brings a significant cost saving to the company. PSIS has enabled us to establish deep collaborations with all US studios, global anti-piracy associations and regional content production houses on piracy matters. The solution is cost-efficient compared to on-premise servers and maintains the infrastructure security, Dr Forbin says proudly.
OSNs Platform & Content Security team took a bold decision to re-architect the content protection solution with modern technologies during the AWS migration, while maintaining even better security principles in AWS with everything encrypted (both in-transit and on-rest). Our Platform & Content Security team was the first to do a complete cloud migration of all their infrastructure in OSN.
By moving platform security to AWS, OSN has increased its output capacity five-fold and reduced the overall TCO (total cost of ownership) by more than 50%.
We are now discovering and closing more illegal streams and sites with the increased capacity. The overall code changes and deployment are automated. We are using various machine learning techniques for content recognition, and we are in the process of integrating PSIS detections with OSN Platform Security features such as pirate device identification, enabling us to terminate illegal content redistribution on the spot. This creates severe disruption to pirate networks and greatly simplifies the day-to-day work of the Platform & Content Security team. Old servers have been decommissioned or re-purposed for other business projects, Dr Forbin concludes.