We use cookies that are necessary to provide the Tencent Cloud website. We would also like to use other cookies to improve your experience, optimise and analyse Tencent Cloud website features and usage. For more information, please refer to our Cookies Policy.
Quickly Isolating Resources in Tencent Cloud’s VOD
Audio/Video content has become ubiquitous in our daily lives, and ensuing businesses are gradually going from local to the cloud. This is especially true for e-commerce, game, and online education fields, with ever-updating content and features for a wide range of businesses. Different types of video products are emerging, promising new opportunities and development directions.
As businesses become more diversified, developers are bound to face a more complicated application environment and higher operational costs. To make enterprise businesses more compatible and avoid risks caused by resource management chaos, resource isolation is imperative to facilitating business resource management, lowering business costs, and improving service capabilities. However, resource isolation is usually a sophisticated system of technical complexity and business complexity that doesn't come easy.
In this regard, we have launched the sub-application feature for Tencent Cloud’s Video-on-Demand (VOD) to help you easily isolate resources.
1. What is a sub-application?
Sub-applications give you a way to isolate resources in VOD. Each sub-application comes with media upload, storage, processing, distribution, and playback features, just like a root account. Sub-applications are also highly independent, which means their resources are isolated from each other. When you create or change the status of a sub-application, it will have no impact on other sub-applications. In this way, you can manage VOD resources securely and flexibly.
2. What can sub-applications do?
- Help you isolate resources - VOD sub-applications can implement efficient and secure resource isolation with zero O&M costs, and they have the same features and are used in the same way. In addition, the features of data statistics collection and usage analysis can be performed at the sub-application level, so that you can break down your data system for analysis.
- Help you control permissions - VOD sub-applications are connected to the Cloud Access Management (CAM) service of Tencent Cloud, and access to sub-application resources is controlled through permission policies. You can quickly implement permission control through simple operations that are easier to learn than those in sub-applications of other cloud vendors, as multi-level authorization is not required.
- Help you manage the resource lifecycle - VOD sub-applications have a complete lifecycle to allow for flexible sub-application management. Sub-applications can be disabled, terminated, or enabled as needed in different scenarios.
3. What are the typical use cases of sub-applications?
VOD sub-applications be used to implement multi-department/multi-business isolation, resource permission control, and production/test environment differentiation. The following describes two use cases.
- Sample use case 1
A company intends to develop its own products based on Tencent Cloud. Department A plans to use VOD to develop a short video application, and department B plans to develop a movie and television website. These two VOD businesses need to be isolated from each other. However, out of financial considerations, the company cannot create an independent Tencent Cloud account for each department.
In this case, the sub-application feature of VOD can be used to assign a sub-application to each department, so that the two departments can manage their business resources in separate sub-applications. Under the sub-application role, the features and usage of VOD are the same as those before the sub-application feature is enabled. VOD will generate separate data statistics for each sub-application to facilitate reasonable resource allocation.
- Sample use case 2
After each is configured with its own sub-application, departments A and B are further required to control permissions at a finer granularity. For example, sub-application 1 is assigned to department A and sub-application 2 to department B. Department A needs to have all the operation permissions of sub-application 1 and be able to access sub-application 2, but should not be able to perform video processing operations in sub-application 2.
This use case requires permissions to access isolated resources. To achieve this, a custom policy can be created through the account admin to refine access permissions in the API dimension, and then, the policy can be associated with the sub-account of department A.
Suppose the ID of sub-application 1 is "1400000001" and that of sub-application 2 is "1400000002", then the custom policy needs to allow for any operation on "1400000001" and any operation except ProcessMedia on "1400000002". The policy can be created in the following steps:
- Log in to the CAM console as the root account, select "Policies", and click "Create Custom Policy".
- Select "Create by Policy Syntax" to enter the policy creation page.
- In the "Select a template type" box, select "Blank Template".
- Click "Next" and rename the policy as needed (or leave it unchanged).
- Enter the following policy content in the "Policy Content" box:
{
"version": "2.0",
"statement": [
{
"effect": "allow",
"action": [
"name/vod:*"
],
"resource": [
"qcs::vod::uin/12345678:subAppId/1400000001",
"qcs::vod::uin/12345678:subAppId/1400000002"
]
},
{
"effect": "deny",
"action": [
"name/vod:ProcessMedia"
],
"resource": [
"qcs::vod::uin/12345678:subAppId/1400000001"
]
}
]
}
- Click "Create Policy".
- This policy can be used to assign permissions.
4. Summary
The VOD sub-application feature helps you implement resource isolation and permission assignment in VOD, thereby lowering your operations costs and facilitating resource management. Sub-applications are absolutely a good choice for complex production environments with multiple business scenarios.