A large part of Hive's functionality relies on external communication with "Hive Helper Services" which manage a variety of tasks that support the streaming and distribution of video. Therefore it is vital that communication with the Helper Services are permitted through proxies and firewalls.
Standard Configuration and Whitelisting Procedures
Hive Streaming requires two external domains to reach the Hive Helper Services; additionally, communication coming in attempting to reach the local host must also be allowed. It is important to whitelist the appropriate domains and requests such that they are excluded from content filtering and authentication by your organization’s proxy servers/firewalls.
These steps below must be ensured:
- Bypass the web proxy for requests to http://127.0.0.1 and https://127.0.0.1 (localhost)
- White-list the source CDN's domain to allow Hive to fetch the video data (both for silent tests and real events) For Skype Meeting Broadcast this is *.streaming.mediaservices.windows.net AND hivemediaservices.hivestreaming.com
- White-list outbound *.hivestreaming.com and requests
- Disable user authentication of *.hivestreaming.com requests
- Disable caching of *.hivestreaming.com requests
- UDP communications must be permitted inside the corporate network to allow Hive Clients to communicate with one another.
Click here for more information on the Hive Client, including a complete list of ports.
Additional Security Configurations: SSL Termination
Some customers may utilize additional security measures that employ techniques which will prevent proper communication between Hive clients and helper services. The most common is the implementation of an SSL termination service from providers like Blue Coat System.
In short, these services provide additional security by scanning all encrypted traffic coming into the network. This is achieved by decrypting it, scanning for viruses, then re-encrypting it its own certificate.
If the Hive client is on the receiving end of encrypted traffic, it will not trust the new certificate and see this as a compromise of security thereby rejecting the traffic.
Due to the varied nature of these services, if your organization uses them, please contact your Hive representative for further details on a speedy resolution.