IP Security For Broadcasters: Part 10 - NATS Advanced Messaging

As IT and broadcast infrastructures become ever more complex, the need to securely exchange data is becoming more challenging. NATS messaging is designed to simplify collaboration between often diverse software applications.

All 12 articles in this series are available in our free 82 page eBook ‘IP Security For Broadcasters’ – download it HERE.

Articles in this series:

In this context, the acronym NATS stands for Neural Autonomic Transport System, as the structure of the messaging platform is said to function like a central nervous system. It’s important to note that this is a completely different solution than the NAT (network address translation) systems for IP addresses. It solves an entirely different problem.

Moving to virtualized environments and datacenters requires broadcasters to think completely differently about their infrastructures. To achieve the flexibility, scalability, and resilience that cloud computing promises, whether public or private, requires software to be written with virtualization in mind from the outset, not as an afterthought.

Virtualization has led to the development of software disciplines such as microservices working in containers. This is a complete change from the huge monolithic code base of previous years where scalability often relied on supplying ever larger servers. The beauty of microservices is that they can be deployed horizontally, that is, more servers of moderate power are deployed as opposed to a few huge servers, thus simplifying scalability.

Microservice Communications

For monolithic code, functions resided within the same compilation so exchanging data between them was relatively straightforward. However, as we move more to microservices and the philosophy of thinking they promote, programs must now communicate with each other outside of their codebase and often on entirely different domains. In essence, each microservice works in isolation but must still communicate with its counterparts.

One messaging solution is to use REST API communications. These are software interfaces that use HTTP messages such as GET and POST to exchange data. Although this is a well-proven technology and is used extensively, it tends to have limitations for scaling. For example, a resource-monitoring microservice may be requesting monitoring data from a single transcoder every second. This is easily achievable with REST APIs. If the number of transcoder-microservice instances increases to one hundred, or a thousand, however, then REST APIs start to show their limitations, especially in public cloud infrastructures where costs are predicated on the number of HTTP requests.

NATS messaging solves this type of scenario by using an advanced type of messaging system based on the client server model. It’s open source, scales well, and provides secure channels with the option of user client authentication.

Simple Messaging

In its simplest deployment, a NATS system will consist of two clients and a NATS server. A client will publish messages, and other clients known as subscribers will listen and opt in to receive them. This gives the potential of one-to-many broadcast type messaging, as well as querying. 

Figure 1 – NATS servers can be configured to provide scalability and resilience using virtualized servers that operate independently of the underlying network and infrastructure.

Figure 1 – NATS servers can be configured to provide scalability and resilience using virtualized servers that operate independently of the underlying network and infrastructure.

In the transcoder-microservice example, the monitoring service will publish a request-monitoring-data message to the NATS server which will in turn broadcast the message to the clients subscribing to this service (part of the configuration of the transcoding service will be to enable it to listen for monitoring broadcasts). On receiving them, the transcoders will each send their monitoring data back to the monitoring service via the NATS server.

Messages may also be point-to-point or many-to-one, as used when sending the transcoder monitoring data back to the monitoring microservice. But key to this deployment is the ability to both secure the communication channel and scale the system using the distributed resource mindset.

Message Scaling And Resilience

NATS is a middleware deployment, that is, it is independent of the underlying hardware infrastructure. This is particularly useful when scaling systems: new NATS servers can be easily deployed within a virtualized environment as it is lightweight and compact in terms of its resource utilization (see figure 1).

To improve resilience and scalability, NATS servers are clustered to provide main and backup systems as well as extra resource. A cluster of three NATS servers could be configured to provide one main NATS server and two backup servers, or three servers each acting as a client connection, or a combination of these.

Also, several clusters of NATS servers could be connected but geographically dispersed. For example, three clusters could be configured, one in Europe, one in US West Coast and one in US East Coast. Not only does this method provide local redundancy, it also provides scalable resources using virtualized servers that can be spun up and down at will.

It’s important to note that the NATS system is a message exchange method and not necessarily designed to shift large amounts of video and audio data. It is possible to achieve this, but a far better use of resources is for the microservice to read and write the media data directly to and from the storage servers. The relevant messages will be exchanged between the software applications connected to the NATS servers to provide location information for the media storage.

Keeping Messages Secure

Security is at the core of NATS and message connections can be encrypted with TLS. Also, client connections can be authenticated in several ways including Token Authentication, username/password credentials and TLS certification.

Authorization tokens are the equivalent of a stamped ticket to an event and are created when a user verifies their credentials. Once this is done, the token is used to access servers, storage, applications, and APIs thus freeing the user from logging in each time they need to access a particular service.

A centralized administration resource creates unique tokens based on a user’s login credentials with the appropriate read/write access. This is particularly useful for services exchanging messages between APIs as the token is sent with the message, allowing the receiving service to verify the request and provide the appropriate access.

NATS advanced messaging has been developed to simultaneously solve the challenges of allowing software applications to securely exchange messages while achieving scalability, flexibility, and resilience.

Part of a series supported by

You might also like...

The Big Guide To OTT: Part 1 - Back To The Beginning

Part 1 of The Big Guide To OTT is a set of three articles which take us back to the foundations of OTT and streaming services; defining the basic principles of the OTT ecosystem, describing the main infrastructure components and the…

Using Configurable FPGA’s For Integrated Flexibility, Scalability, And Resilience - Part 1

Although IP and cloud computing may be the new buzz words of the industry, hardware solutions are still very much in demand, especially when taking into consideration software defined architectures. And in addition, a whole new plethora of FPGA based…

Delivering Timing For Live Cloud Productions - Part 1

Video and audio signals represent synchronous sampled systems that demand high timing accuracy from their distribution and processing infrastructures. Although this has caused many challenges for broadcasters working in traditional hardware systems, the challenges are magnified exponentially when we process…

Professional Live IP Video - Designing Networks

There’s a lot to consider when planning to incorporate uncompressed media into your live production particularly using SMPTE ST 2110, ST 2022-6 or AES67 streams. In this article, we will look at the network hardware, its architecture and future-proofing you s…

IP Monitoring & Diagnostics With Command Line Tools: Part 6 - Advanced Command Line Tools

We continue our series with some small code examples that will make your monitoring and diagnostic scripts more robust and reliable