AWS for M&E Blog

Entitlements in AWS Elemental MediaConnect boost IP video transport adoption in the cloud

Where Does Cloud Video Transport Fit In Today’s Broadcast Workflows?

The use of private fiber networks in conjunction with satellite facilities is common in today’s broadcast workflows. Anyone who has lit up a dark fiber circuit or booked a slice on a satellite transponder knows the pain points of these processes, especially given their manual nature; however, the resulting redundancy to protect video flows has always made those efforts worthwhile.

As adoption of IP-based workflows increased, the case for video transport over IP was initially unclear. Security for video transport was confusing or nonexistent, and bandwidth considerations forced compression to be performed on-premises, which limited the amount of additional processing that could be done to feeds further down the chain. This scenario has changed dramatically in the past year with the advent of AWS Elemental MediaConnect.

AWS Elemental MediaConnect acts as a “cloud router” for mezzanine-quality live video. By allowing customers to contribute and distribute 80 Mbps transport streams with full end-to-end AES256 encryption into AWS using highly reliable protocols like Zixi, MediaConnect dramatically expands the ways in which IP transport can function in broadcast workflows. Configuring secure, high-bandwidth transport of a video signal from point A to point B can now be achieved in just a few minutes. The real value for many MediaConnect customers, though, lies with the entitlements feature.

What are entitlements? Acting as your main cloud hub, MediaConnect lets you share your live video with other AWS accounts who subscribe to your content via the entitlements mechanism. Instead of handing off an HLS or DASH stream transcoded before delivery with specified settings, MediaConnect allows your entitled partners to process the video as they see fit, either back in their data centers, inside their own Amazon VPCs, or using other AWS Elemental services including AWS Elemental MediaLive to create adaptive bitrate outputs that match existing OTT specs.

Overview of an entitled flow in MediaConnect shared from a content owner (originator) in one region to a subscriber in another region

Building Trust in IP Cloud Video Transport

Many workflows continue to rely on satellite and fiber for video transport. Remote locations often require a satellite truck, especially when there is no power or fiber connectivity available at the location. Some venues have fiber circuits installed that are directly connected to their final destinations or a Multi-Protocol Label Switching (MPLS) network. It may not make sense to use anything else in these use cases. MediaConnect will not replace all video transport with IP; rather, it is a future-facing tool that will work for 95% of use cases and offers increased flexibility and reliability. The future of transport is finding the right balance between available options to ensure that live video is distributed successfully.

Start with MediaConnect as a Backup

By building out a single flow in MediaConnect, you create a new option for delivering broadcast quality video anywhere in the world for a fraction of the cost of satellite or private fiber installation. MediaConnect is a perfect backup feed for existing single-pipeline workflows. Taking this a step further, you can create two isolated flows in MediaConnect and create the redundancy needed to handle broadcast-grade transmissions using a cloud-first technique. This approach is becoming more and more relevant.

Monitoring with MediaConnect

If you can’t monitor your video flow, then what’s the point? MediaConnect provides a series of tools that give you deep insight into your flow at all times, including source disconnects, output disconnects, ingress and egress bitrates, and TR 101 290 specification metrics. With these tools, you can build custom dashboards in Amazon CloudWatch to monitor your flows with minimal latency.

The Benefits of Choosing Zixi Pull or RIST, and Using Entitlements

While MediaConnect allows you to create multiple outputs and push UDP directly to other MediaConnect accounts using a public IP address, there are benefits of using other methods as well. This includes using entitlements, and, newly supported in MediaConnect, Reliable Internet Stream Transport (RIST) and the Zixi pull protocol.

Zixi Push

When pushing a flow to a receiving IP address with Zixi, you’re able to configure the maximum latency allowed. For ultra-low latency workflows, this becomes a critical component for the handoff. For example, we have tested 100 ms latency between two AWS accounts in the same region without experiencing dropouts in the video. Keep in mind that since this is a UDP push, if the MediaConnect flow that you are pushing to is in a “Standby” state, the primary account still accrues charges, as the push is still technically occurring blindly because it is stateless.

Zixi Pull

This option is great for three reasons. First, when you aren’t pulling the feed, you aren’t being billed for the data since there isn’t any video flowing. Second, you can have your receiver behind a firewall without a public IP address, which is key for security reasons and because it limits the amount of IT resources needed to set up a new workflow. Lastly, Zixi protocol is supported widely among IRD (Integrated Receiver/Decoder) providers, which means many off-the-shelf devices can pull the feed down directly from a MediaConnect flow with no additional setup.


RIST was specifically designed to support content traversing an unmanaged network — like the public internet — by a group of broadcast experts with the intent of becoming an accepted RFC standard. This benefits hardware manufacturers and end-users as the format can be published and a unified version can be adopted without the fear of additional licensing requirements or patent concerns. RIST support was recently added to MediaConnect, and is perfect for sending streams back to devices on-premises that support it.

Entitlements in MediaConnect

Entitlements using MediaConnect are always handed off in the same region. This means you only pay for transfer at $.01 per GB to deliver your content to your customers. If a subscriber to a flow needs to long-haul the feed across the world, their account is billed for that portion. This makes estimating costs much easier and more straightforward for both parties.

Content owners can also now specify the percentage of data transfer costs assigned to themselves and to subscribers. With this flexibility, owners can simplify billing by choosing to pay 100% of the data transfer themselves, splitting the cost with subscribers, or assigning subscribers to pay 100% of the cost. This means that sending a flow to a partner can now be done at no cost to the owner.

Entitlements have a built-in two second latency in order to ensure resiliency. If this is acceptable for your use case, then you can take advantage of the benefit of the managed connection. Unlike Zixi push, which continues to send video regardless of the connection state, entitlements ensure that the connection is established before the transfer begins. This avoids the unwanted billing scenario that can occur if you aren’t in tight communication with the receiving end. Since each flow can have up to 50 entitlements granted, there is a greater opportunity to distribute your content widely using this method.


Regardless of how you transport your live video between two MediaConnect instances, you can rest assured that your content is traveling on the AWS backbone and never hits the public internet. Combine this with AES256 encryption and you are ready to use MediaConnect for your next professional-grade live broadcast, no matter which underlying protocol you use. Finally, you can increase your flexibility and grow your audience globally using entitlements to share your video with partners.