Manualshelf

Streaming Media Supplement sa2150 and sa2250

ManualsBrandsHP ManualsServerHP Media Cache Server Appliance sa2250
31323334353637383940
31
Chapter 3 Understanding Media-IXT and RealNetworks
one connection for the media streaming data protocol RDT, using UDP as its transport protocol
When UDP is not allowed, there is an alternative:
two connections interleaved–the first being for the control protocol, RTSP, and the second for the media
streaming data protocol, RDT–together using TCP as their transport protocol
The second approach provides markedly inferior streaming performance.
Application-level firewalls (proxy firewalls) and RealNetworks
An application-level firewall must understand and be able to communicate with the RTSP and PNA protocols,
which RealNetworks uses for streaming.
To enable RTSP and PNA on an application-level firewall you need to:
obtain from HP ??, and install, three software components on your firewall:
o RTSP Proxy Kit,
o PNA Proxy Kit, and
o the HP ?? RealNetworks firewall daemon.
configure Media-IXT to use the firewall as its parent proxy.
The RTSP Proxy Kit is intended to pass RTSP connections through between the child RealProxy and the origin
RealServer.
The PNA Proxy Kit is intended to pass PNA connections through between the child RealProxy and the origin
RealServer.
The HP ?? RealNetworks firewall daemon acts as a proxy for traffic between the proxy and the origin server’s
caching plugin.
About the HP RealNetworks firewall daemon
The HP RealNetworks firewall daemon:
runs on the firewall on port 7802
supports the connection to the caching plugin installed on the origin RealNetworks server
is run from the command line and can be spawned by editing an init file
reports statistics and errors to syslog, typically creating a single log entry for each incoming connection
reports bytes served, client and server IP addresses, connection/disconnection times, and errors
This daemon is needed because a generic tunnel from Media-IXT through a Gauntlet firewall to origin
RealNetworks server can not support caching. Such a deployment, even without the HP ?? RealNetworks
firewall daemon, can only support proxying.
For an even more secure firewall, some deployments do this:
configure the firewall's access control list to allow TCP connections on port 7070 and/or port 554 to be
initiated from the inside network exclusively
allow incoming traffic only if it is part of an ongoing connection; to do this, you can require incoming TCP
packets to have the ACK bit set in their TCP headers
WARNING Do not obtain either Proxy Kit from RealNetworks, because Media-IXT requires
patched versions of these software components that can only be obtained from HP ??.