MEDIAL Upgrade, Version 5
Note: Before beginning the upgrade process, ensure that you have the installers and necessary license keys for both MEDIAL and the Wowza Media Server. If you need to obtain the latest version of the MEDIAL installer, log on to the self-service portal or contact the support team.
Before you begin
Before beginning the upgrade process, ensure the following:
The MEDIAL installer and v5 license key are present on the server.
The streaming URL is using a separate IP address to the media library websites.
Important: In version 5 of MEDIAL, the content is delivered using Adaptive Bitrate Streaming. In order to do this Wowza needs to be configured to deliver content securely over port 443 if the media library websites also use SSL.
Note: Only follow the instructions in this section if the streaming URL will be configured to deliver content over port 443. If port 8080 is going to be used, skip to the next section. For more information on the considerations when choosing between ports 443 and 8080, see the section Wowza Secure Streaming.
1. Open Internet Information Services.
2. Expand the server node, and then the sites node. Click on the HML site.
3. In the right-hand side of the window click on Bindings…
4. Click on any bindings that are present for the streaming URL.
5. Click Remove for each binding.
6. Open a command prompt with administrator privileges by right-clicking and choosing Run as Administrator.
7. Run the following command to remove the streaming IP address from the IIS bindings, replacing IP address with the streaming IP address for your streaming URL:
netsh http delete iplisten ipaddress=10.2.1.5
8. Restart the services using the following commands in the command prompt:
net stop http /y
net start http
net start w3svc
9. Close the command prompt.
If the host server is a virtual machine, it is strongly recommended that a snapshot be taken prior to upgrading in addition performing to the backup tasks below. The snapshot can be deleted once a successful upgrade is confirmed.
Important: Do not proceed without backing up the VLS database. If the upgrade fails the database backup will be required to roll back to the previous version.
1. Locate and open the SQL Server Management Studio Express.
2. Click Connect to log in.
3. Expand the Databases folder, and then right-click on the VLS database, go to Tasks and then click on Back Up...
4. In the window that opens, check the destination, as this is where the backup will be created. To change this, click Remove, and then Add. Enter the alternative path for the backup to be created in.
5. Click on Options, and then check the box to verify the backup once it is complete.
6. Click OK, and when the backup completes click OK on the notification box.
7. Exit SQL Management Studio.
Important: This is a mandatory step. If the upgrade fails it will only be possible to restore back to the old version if BOTH the web sites and the database backups are present.
1. Load Services by clicking on Start and then Run.
2. In the box type services.msc and then click OK.
3. Locate and stop the HMLService by right-clicking it and selecting Stop.
4. Locate your Media Library installation. The default location is C:\MediaLibrary.
5. Take a copy of the folders within the Media Library folder (or the folder that holds your sites) and place them in a backup location.
In version 5 of MEDIAL, secure streaming is supported. It can be configured in the following 2 ways:
If one IP address is being used for MEDIAL and Wowza, and the MEDIAL websites are running over SSL, the Wowza server will need to be moved over to a separate IP address in order to use port 443.
Progressive download streams being delivered from the Wowza URL through IIS will need to be moved to the front end site address.
Implementing this option will affect any Flash audio embed code that has been embedded outside of MEDIAL, and also any download links that have been hard-coded any web pages.
This option can be used if problems will arise with implementing SSL with Wowza on port 443. Considerations:
This option means that there is very little change needed in the setup of MEDIAL, and Flash legacy embed code and download links will continue to work
Port 8080 must be opened on the corporate firewall for playback to work externally
Configuring Wowza for Secure Streaming
The following steps describe how to generate and install a secure socket layer (SSL) certificate for Wowza.
1. On the server, right-click Computer/My Computer and click on Properties. In the System window that opens click on Advanced system settings.
2. In the System Properties window click on the Advanced tab, and then Environment Variables…
3. In the System Variables section, find the Path variable and double-click it to open it. In the Variable value field, add the path to the bin directory of your Java installation (this gets installed by default when Wowza is installed) at the end of the list of other variables, after a semicolon. For example:
4. If this has been set correctly, you should be able to run the keytool command from a command prompt.
Create a keystore (.JKS) and certificate signing request (.CSR)
Note: Only complete the steps in this section if a NEW certificate is being generated for Wowza
1. Open a command prompt as administrator and navigate to the [install-dir]\conf directory of your Wowza installation.
2. Execute the following command to create a keystore (.JKS) and a private key (within the keystore), changing the name of the keystore according to the name of the certificate being generated. In the example below, ssl.mycompany.com.jks is the name of the keystore:
keytool -genkey -keysize 2048 -alias wowzaprivatekey -keyalg RSA -keystore ssl.mycompany.com.jks
3. After this command, you will be prompted to answer several questions in order to complete the CSR. The following example assumes the domain name for the certificate request is ssl.mycompany.com:
[Enter keystore password]
[What is your first and last name]
[What is the name of your organizational unit]
[What is the name of your organization]
My Company Name
[What is the name of your City or Locality]
[What is the name of your State or Province]
[What is the two-letter country code for this unit]
[Enter key password for <password>]
4. 3. Create a CSR by executing the following command:
keytool -certreq -file ssl.mycompany.com.csr -alias wowzaprivatekey -keyalg RSA -keystore ssl.mycompany.com.jks
Submit the .CSR to a certificate authority
After the .CSR file has been generated (it will be in [install-dir]/conf/), it can be submitted to the security authority. In most cases this will mean using a text editor to open it and copy out the contents into the web form on the certificate issuers’ website. Once the request has been processed you will be issued with a certificate.
Import the certificate to the keystore
1. Open a command prompt as administrator and navigate to [install-dir]/conf/.
2. Execute the following command in order to determine the format of the certificate:
openssl x509 -in ssl.mycompany.com-2016-07-13-111324.cer -text
Tip: The command output specifies the Public Key Algorithm, such as rsaEncryption, and the format, such as X509v3.
3. Execute one of the following commands to import the signed certificate that you received from the certificate authority:
For a chain certificate:
keytool -import -alias [user-friendly-name] -trustcacerts -file [filename-of-chain-certificate] -keystore ssl.mycompany.com.jks
For a new certificate:
keytool -import -alias wowzaprivatekey -trustcacerts -file [filename-certificate] -keystore ssl.mycompany.com.jks
Importing an existing certificate into Wowza
Note: Complete the following steps if an existing certificate is being used for Wowza.
1. Locate the certificate .pfx file (i.e. stream.domain.com.pfx) and copy it into a directory on the server.
2. Download a tool called KeyStore Explorer. The official site for KeyStore Explorer is http://keystore-explorer.org/.
Warning: Ensure the official site is used for the download of KeyTool explorer. Streaming Ltd accepts no liability for the download and or installation of any third party applications.
3. Install KeyTool Explorer to the desired location and then open the application. Close the Tip of the Day box and then click the Open an existing KeyStore button.
4. Locate the certificate .pfx file copied to the server previously, select it and click Open.
5. Enter the password for the certificate at the prompt and click OK.
6. Select the certificate by clicking on it once, and then click on Tools, Change KeyStore Type and then choose JKS.
7. Ensuring that the certificate is still highlighted, click on File, and Save As. In the window that opens, navigate to the Wowza [install-dir]/conf/ directory, then change the Save as type drop-down box to KeyStore Files, and give the file a friendly name, using the .jks file extension, as in mycertificate.jks.
Configure a <HostPort> to use the certificate
Depending on whether you want to configure Wowza to stream securely over port 443 or 8080, the host port needs to be configured accordingly.
1. Open the [install-dir]/conf/VHost.xml file in a text editor in order to make the following changes:
a. Uncomment the <HostPort> definition for port 443. This entry follows the comment <!-- 443 with SSL -->. Be sure to remove the comment before <HostPort> and after </HostPort>.
Note: The <Port>...</Port> section needs to contain either 443 or 8080 depending on how you want secure streaming to work.
b. Set the value SSLConfig/KeyStorePath to:
c. The following example shows what the <HostPort> section should look like for the <!-- 443 with SSL --> section.
<Name>Default SSL Streaming</Name>
2. Set the SSLConfig/KeyStorePassword to the key store password entered earlier when creating the .jks file.
3. Restart your Wowza Streaming Engine.
Securing Live Channels
So that live channels that have been created in MEDIAL can only be streamed at the time they are scheduled for, and only if they exist on the system, some additional configuration needs to be carried out on the Wowza Streaming Engine.
1. Download the JAR file below and put it into the [wowza root]\lib folder on your server:
2. Open the Application.xml file at the following location in Notepad:
3. Copy the three lines below and paste them between the tags <Modules></Modules>.
It will look like the following example:
4. Below the end <Modules> tag, paste the following text inside the <Properties></Properties> tags:
<Property> <Name>MedialPublishUrl</Name> <Value>http://my.server/wowza/PublishAuth</Value> </Property>
5. Change upload.domain.com to the MEDIAL upload site domain name. It should look like the following example:
6. Open Services in Windows, then locate and restart the Wowza services.
1. Download the version 5 installer and license, and unzip the package if necessary.
2. Navigate to the license folder in the media library installation directory (for example, C:\medialibrary\license) and place the version 5 license in the folder.
3. Launch the installer by right-clicking it and selecting Run as Administrator.
4. Select the Upgrade radio button and leave the installation type on Full.
5. To proceed, click accept the license agreement and click Next.
6. If the media library is installed in a different location to the default, click Change and locate it.
7. Supply credentials of an account that has permissions to run the upgrade.
Note: This account is used for running the encoder scheduled task, so an account that does not expire should be used.
Tip: If the account is a domain account, prefix it with the domain, as in domain\username.
8. Click Next.
9. Once the upgrade is complete, click Finish to close the window.
Changing the Playback Port in MEDIAL
Once the upgrade is complete, the streaming port needs to be changed in MEDIAL to the port being used to deliver the content.
1. Log into MEDIAL as an administrator and then navigate to the upload/admin site.
2. Go to the Settings Menu.
3. Expand the URL References accordion and then enter either 443 or 8080 for the RTMP port field, depending on the port being used by Wowza for playback.
Configuring Playback Methods in the VLS Database
MEDIAL can be configured to use a primary playback method along with subsequent fallback methods. The methods that are supported are:
The default order of playback is as listed above, but it can be changed as desired, and any unwanted methods can be removed so they are never tried.
Note: Basic Flash audio will not work over SSL if the front-end MEDIAL site is also using SSL. If this is the case the Adaptive Flash delivery method should be used instead.
Changing the Playback Order
To change the order in which the playback methods are used, the database needs to be edited.
Note: Use caution when accessing and editing the database. Only attempt changing the data as described in the following instructions.
1. Log onto the server hosting the VLS database, and log into SQL Server Management Studio.
2. Locate the VLS database and open it so that the tables are listed.
3. Locate the General Settings table.
4. Right-click it and click Edit Top 200 Rows.
5. Make the changes to the SourceOrder field by changing the position of the playback methods or deleting any as necessary.
Tip: Clicking outside of the field will save the changes.
Generating SMIL Files for Flash Files
Once MEDIAL is upgraded to version 5, SMIL files need to be generated for the existing Flash files in order for adaptive bitrate (ABR) streaming to work.
For more information: The SMIL file generator tool can be downloaded from http://dev.medialibrary.com/builds/smilFileCreator.zip.
1. Once the file has been downloaded, extract the contents.
2. In a separate Windows explorer window, navigate to the install directory of MEDIAL, and open the VLS folder. Open the web.config file in Notepad and locate the SQL connection string:
3. Copy out the connection string, taking the whole string between the double quotes as shown in the example below:
4. In the other Windows explorer window containing the unzipped SmilFileCreator package, open up the file called SmilFileCreator.exe.config in Notepad.
5. Replace the example connection string with the one copied from the VLS web.config file, save the changes and then close the file.
6. Double-click the SmilFileCreator.exe application to run it.
7. Click on Create Smil Files.
Tip: A message will be displayed once the SMIL files have been created successfully.
8. Close the application down using the red ‘X’ in the top-right hand corner.
How to Roll Back an Unsuccessful Upgrade
This section explains how to roll back to the previous version of the media library if the upgrade was unsuccessful or if there a problem with the software following the upgrade.
To begin the process of rolling back the media library:
1. Click on Start, then Administrative Tools, and open Services.
2. Stop the service called HMLService.
3. Navigate to the Media Library installation directory. Rename the current installation, for example, from C:\MediaLibrary to C:\MediaLibraryFAILED, and create a new installation directory such as C:\MediaLibrary.
4. Restore the backed up media library installation to the original location (for example, C:\MediaLibrary) by copying over all the folders previously copied earlier in this document (vls, upload, license, vlsservice and encoder).
5. Open Services again and locate and stop the World Wide Web Publishing service.
6. To restore the previous VLS database, log into SQL Management Studio and expand the server node, and then the databases node.
7. Right-click the VLS database, then click Tasks, then Restore, and then Database…
8. In the Restore Database window that opens, select From device… for the source and then click the ellipsis to select the backup made prior to upgrading.
9. Click the Add button.
10. Locate the VLS backup.
11. Check the box in the Restore column for the backup once it has been selected.
12. Click on Options, then check the box to Overwrite the existing database (with replace). Click OK to restore the database.
13. Exit SQL Management Studio.
14. Load Services by clicking Start, Administrative Tools, Services.
15. Start the World Wide Web Publishing and HML Service.
16. Set the permissions on the Media Library installation directory by navigating to it (for example, C:\MediaLibrary) and then right-clicking it and selecting Properties.
17. Click on the Security tab. Check to see if the Network Service account is listed in the access list. If the account is present ensure it has Read & Execute rights. If it isn’t present in the list do this:
a. Click Edit.
b. In the window that appears, click Add.
c. Enter the name of the account and click Check Names. In this case type network service. Click OK.
d. Select the Network Service account and check the box to allow Read & Execute permissions, then click OK.
18. Click OK on the Properties box to exit.
19. The MEDIAL restore should now be complete. Load the sites to check they are fully working.
Changing the Wowza Configuration Back
If the installation has failed and MEDIAL is being restored back to version 4, the Wowza SSL configuration needs to be changed back to its previous state.
1. Open the vhost.xml file in the following location in notepad: [install-dir]/conf/VHost.xml
2. Locate the SSL section and, as shown in the example below, comment out the <HostPort> section.
3. Directly above the opening <HostPort> tag enter: <!--
4. Directly below the end <\HostPort> tag, enter: -->
Note: The other Wowza configuration for securing channels does not need to be undone, as this won’t affect the functionality with the previous version of MEDIAL.
Re-bind the Streaming URL in IIS
Note: This only needs to be carried out if the Wowza Streaming Engine was configured to use port 443 for secure content delivery.
1. Open a command prompt with Administrator privileges (Right-click, Run as Administrator).
2. Run the following command to add the streaming IP address from the IIS bindings, replacing the IP address with the streaming IP address for your streaming URL:
netsh http add iplisten ipaddress=10.2.1.5
3. Restart the services using the following commands in the command prompt:
net stop http /y
net start http
net start w3svc
4. Close the command prompt.
5. Open Internet Information Services. Expand the server node, and then the sites node. Click on the HML site.
6. In the right-hand side of the window, click on Bindings…
7. Click on Add. Leave the type set to http, and select the IP address of the DNS name of the streaming URL.
8. Click OK.