AWS for M&E Blog
Deploying your favorite post-production applications on AWS Virtual Desktop infrastructure
Virtualization quickly became a requirement to enable creative professionals to be productive during work from home mandates. This blog entry outlines key considerations when considering running your favorite post production applications from the AWS cloud.
Customers frequently ask if they can run their editing software in AWS. From these inquiries, it’s clear that patterns of use can be described in the form of distinct use cases, or what we call user personas. Some of the most common personas are News/Sports, Creative, and Promo. The goal in identifying personas is to provide enough flexibility around common use cases to allow for easy application against a variety of additional use cases, such as long and short form productions, conformance edits, and manual quality control. Personas have differing demands in terms of storage, network bandwidth, disk I/O, CPU, and memory. Naturally, there are some workflows that are a challenge in the cloud, including color grading, color fidelity, and multi-channel audio support. As Virtual desktop infrastructure (VDI) protocols evolve to support functionality such as 10-bit color and more audio channels, these workflows can be enabled, and AWS has designed its templates with flexibility in mind to accommodate future feature improvements.
Key Considerations for Creative Professionals Cloud Based Workflows
It is important to note that minimizing network latency has a direct impact on workstation interactivity, and that being physically closer to an AWS region provides a better user experience. Additionally, locations such as Los Angeles have dedicated AWS Local Zones, which reduce latency by placing AWS compute, storage, database, and other select services closer to large population, industry, and IT centers. Finally, when operating in a production facility, studio, or creative office, AWS Direct Connect enhances not only connectivity through dedicated capacity, but also adds a layer of security abstracting the public internet path. When choosing a deployment location or region, a target latency of around 30ms or less will provide an optimal experience. Higher latency may lead to lag in peripheral device interactivity such as jog/shuttle operations, or general playback and graphical interface activities.
Benefits of AWS
Moving your creative workflows to AWS has a number of benefits, one of which is the ability to scale your setup based on demand, and without a strict plan for capacity. Compute, storage, networking, and other AWS services are all billed pay as you go, and you no longer have to plan for large capital outlay to expand your storage or procure a large number of workstations. Upgrading, patching, and imaging your workstations is also simpler, and can be automated via AWS System Manger. Infrastructure can be centrally located and secured, enabling creative talent to collaborate using a single pool of resources and assets, versus the time-consuming and costly model of transferring content to all users. Additionally. for global, distributed and follow-the-sun creative operations, AWS now spans 73 Availability Zones within 23 geographic regions around the world, allowing your infrastructure to reside close to your local talent pools. As an example, embracing dynamic infrastructure and AWS technologies enables live events including World Cup Soccer to use remote talent for highlights and edits. Optimizing creative workflows by taking advantage of these benefits reduces cost, centralizes security and storage requirements, eliminates time-consuming data and personnel movement, and provides a faster time-to-market for creative workflows.
Security
AWS provides fine-grained access to securely control, monitor, and audit access to your workstations and content. Security in AWS is a top priority, and you can find many resources on securing your infrastructure and content through AWS Artifact, a central resource for compliance-related information, available via the AWS Management Console. Artifact provides detailed deployment guides that show you how you build secure, end-to-end production-ready systems in AWS around use cases such as Asset Management and Cloud Rendering. From a more detailed perspective, auditability and traceability are important factors to consider when building a cloud-based edit workflow, and AWS provides a number of services to reduce the security burden of managing virtual edit stations. You can fully audit your infrastructure using services including AWS CloudTrail, Amazon GuardDuty, and Amazon Simple Storage Service (Amazon S3) server access logging to name a few. In addition, AWS Security Hub provides a comprehensive and aggregated view of your security posture across services. When it comes to high value assets and content, AWS provides encryption at rest and in transit across services including Amazon Elastic Block Store (Amazon EBS) and Amazon S3. You bring your own keys using AWS Key Management Service (KMS) in both customer- and service-managed content encryption and key management models. Last and most importantly, edit station display protocols need to employ an adequate level of security. Teradici’s PCoIP display protocol provides FIPS 140-2 level ‘always-on’ AES256 encryption, keeping the pixels you stream back to your client secure. For an even higher level of security, you can protect your display protocol with a variety of VPN solutions from AWS or partners, including solutions optimized for low latency.
Through the use of AWS G4 GPUs and Teradici’s PCoIP protocol and Cloud Access Software on Amazon Elastic Compute Cloud (Amazon EC2) , customers can stream the desktop to their home or office. Teradici’s PCoIP protocol has the option to run on a zero or thin client (hardware dedicated appliances, available from HP, 10ZiG and other partners) or software clients on Mac, Windows and Linux systems, allowing creative users to enjoy the same editing experience no matter their local operating system of choice. As with the forward-looking evolution of VDI workstations and protocols, AWS has solution templates able to adapt to new Teradici protocols, such as PCoIP Ultra enhancements, which brings optimized bitrates and comprehensive support for 4K .
For multi-monitor editing workflows, you can use up to four monitors on the more powerful multi-GPU G4 family instances, providing a near-identical footprint to on-premises setups using discrete preview, timeline, and asset management monitors. Teradici also supports common USB HID-based peripherals such as Wacom tablets via USB pass-through. Simply plug in your compatible devices locally, and they are instantly available for use on your remote workstation. For more detail on this and other common Teradici deployment- and operation-related questions, please see the AWS Workstations for Content Creation guide.
Architecture
As you think about your architecture, it’s important to consider your workflow. Some media asset management solutions will support this workflow in the cloud and even use proxy-based workflows in your favorite editing applications. You have to think about how you get your content into Amazon S3 (object storage) and then, in turn, hydrate or move required assets from central storage to make them accessible to your local instance. You can take advantage of widely used, industry-accepted partner solutions such as MASV, Aspera, Signiant, or Data Expedition to ingest your content into Amazon S3 at high speed using self- or partner-managed services. Once available, you can hydrate your content to shared storage or local high performance NVME storage on a variety of Amazon EC2 GPU instance flavors, such as the G4 instance family. G4dn instances provide the latest generation NVIDIA T4 Tensor Core GPU, AWS custom Intel Cascade Lake CPUs, up to 100 Gbps of networking throughput, and up to 1.8 TB of local NVMe storage. These instances are ideal for streaming graphics-intensive applications that rely on NVIDIA GPU libraries such as CUDA, and well suited to support all persona-based scenarios.
The personas that AWS tested are the following popular M&E workflows included:
- News/Sports/Edit
- Simple edits
- Tested footage type: 1080i60
- Tested codec: XDCAM-50
- Running applications: Premiere Pro (primary) , After Effects, Photoshop, Illustrator
- Estimated disk bandwidth per user: 170 Mbps
- Instance type: g4dn.2xlarge
- Creative
- More complex timeline, 2 video, 2 graphic, 4-8 audio tracks
- Tested footage type: 1080i60 and UHD60i (3840×2160)
- Tested codec: DNxHD 145, DNxHR SQ
- Running applications: After Effects (primary), Premiere Pro, Photoshop, Illustrator
- Estimated disk bandwidth per user: 158 Mbps / 295 Mbps
- Instance type: g4dn.4xlarge
- Promos
- Dynamic timeline, 4 playback streams many graphics, 4-8 audio track.
- Tested footage type: 1080i60 and UHD60i (3840×2160)
- Tested codec: ProRes 422 HQ, ProRes 4444
- Running applications: After Effects (primary), Premiere Pro, Photoshop, Illustrator
- Estimated disk bandwidth required per user: 1120 Mbps / 4735 Mbps
- Instance type: g4dn.8xlarge
You will notice that more demanding workflows require more disk bandwidth, memory, and CPU. You can see how the G4dn instance type changes based on the persona as they scale from simple time-based edits to multi-layer compositions. All personas were tested with Windows Server 2019 Base AMI using popular postproduction tools.
Optimizing for shared storage performance is an important part of the persona-based workflows. As the quantity of active editors increases, there is a need to move from the local storage to a shared storage system. To this end, collaboration on projects can be quickly enabled with AWS native options like Amazon FSx for Windows File Server and AWS Storage Gateway. These managed services allow you to focus on content creation, and not on managing storage tiering, servers, and network capacity. Complementing AWS native services, a number of AWS Storage Partners have created scale out file systems that are well suited to media-based shared storage workflows, including Weka.io, Qumulo, QuoByte, and more. A full list of AWS Marketplace partners can be found here. In addition to Marketplace Solutions, many partners also offer full SaaS or PaaS solutions that complement virtual edit workstation and persona-based workflows. As an example, AWS has worked closely with Editshare to help bring a virtualized version of their Editshare File System to the cloud with the new EFSv platform. The EFSv bundle for AWS includes the Editshare Flow workflow automation tool with native S3 and S3 Glacier integration. Editshare Flow enables hybrid post-production workflows that exchange clips, sequences, or packages of media between on-premises edit workstations and Amazon EC2-based cloud editing workstation instances.
How to get started
While many customers may be comfortable deploying templates, we realize that not all deployment scenarios fit this mold. A dedicated Media and Entertainment (M&E) team can provide you prescriptive guidance and necessary resources to optimize your cloud production. Whether you are new to the cloud or looking to scale your production, an AWS M&E Specialist can help. For those looking to get started immediately, use a Github Repository that provides a full set of management and automation templates to quickly set up your own environment for cloud video editing, taking into account the use cases described in this post. Subsequent posts will dive into more detail and expand upon potential use cases.
Stay tuned for a how-to post that covers deployment of the solution step-by-step.