MANAGER+AGENTSPOWERFUL AUTOMATED SYSTEM-TO-SYSTEM ENTERPRISE FILE MOVEMENT

PRODUCT WHITE PAPER

TABLE OF CONTENTSManager+Agents — Powerful Automated System-to-System Enterprise File Movement

Introduction ………………………………………………………………………………………………1

Technology and System Architecture ………………………………………………………………..2

System Components ………………………………………………………………………………..2

Storage Flexibility ………………..……………………………………..........................................2

Acceleration Technology ……………………………………….……………………………….......3

Security ………………………………………………………………….…………………………...5

Automated File Transfer Basics ……………………………………………………………………... 6

Network Configuration …………………………………………………………………….….........6

The Manager Console ………………………………………………………………….………......7

Creating Jobs …………………………………………………………………………….………....7

Inter-Company Transfers ………………………………………………………………….….........8

Growing File Support………………………………………………………………………….….....8

Common Use Cases …………………………………………………………………….......................8

Content Distribution …………………………………………………………..……………….........8

Content Contribution/Aggregation …………………………………………………….…..............9

Creative Workflows …………………………………………………………..………….………......9

Cloud Workflows ………………………………………………………………….…………….......9

Sports ……………………………………………………………………………………………....10

Applications Outside M&E …………………………………………..………………….…...........10

Resource Management Option …………………………………………………………………….....10

Integration with Other Systems…………………………………………………………………….....11

REST & SOAP APIs …………………….………………………………………………………......11

Automation Engine Option …………………………………………..….……………………........11

3rd Party Integrations …………………………….……………………………………………......12

Signiant Media Shuttle for Person-Initiated Transfers …………………………..........................13

Redundancy Options ………………………………….………………………………………………..14

Manager ………………………………………………………………………………………….....14

Agents ……………………………………………………………………………………….….......15

Relay Agents ………………………………………………….…………………………..……......15

Packaging Summary ……………………………………………………………………………….......15

Basic Functionality ……………………………………………………………………..….……......15

Add-on Options ………………………………………………………………………………......... 15

Signiant SaaS Products ……………………………………………………………………….........15

Conclusion …………………………………………………………………………………………….......16

1 | MANAGER+AGENTS PRODUCT WHITE PAPER | WWW.SIGNIANT.COM

INTRODUCTIONSigniant Manager+Agents (M+A) is the gold standard for scheduled, lights-out, automated transfer of large files between geographically distributed locations. Forming the core transport backbone of most major media companies, this powerful, secure enterprise software helps studios, broadcasters, cable networks and sports organizations move petabytes of data every day throughout their global content supply chains. By providing central control, visibility and tracking of all content deliveries, the Manager+Agents system serves as a hub for file-based workflows that span the globe.

In addition to the central role it plays in the Media & Entertainment sector, Manager+Agents is used by many businesses in other industries where there is a requirement for moving large unstructured data sets around the world.

The Manager+Agents (M+A) solution is designed to move large files over any public or private IP network, and to connect to a range of storage types – both on-premises and cloud. M+A software endpoints (known as Agents) are distributed throughout the customer’s ecosystem, and a logically centralized Manager orchestrates file movement between the Agents. Transfers between Agents take advantage of Signiant’s patented acceleration technology, which minimizes the impact of latency and congestion to ensure fast, reliable data transmission regardless of distance.

M+A’s unique architecture is capable of supporting thousands of endpoints from a central control point, offering the lowest TCO at scale of any solution in its class. In contrast with competing systems where an administrator needs to touch each endpoint for individual configuration, M+A’s policy-based architecture allows configuration information to be automatically propagated to an unlimited number of endpoints. This distinction is a huge differentiator for large-scale global deployments.

A feature-rich product, M+A provides administrators with granular control of file transfers. Daily content flow can be monitored via a configurable dashboard with alarms and status indicators. With broad operating system support, FIMS-compatible SOAP and REST APIs for integration with other media applications, and optional modules for workflow automation and network resource management, no system is more flexible, powerful or reliable.

Powerful Automated System-to-System Enterprise File Movement

2 | MANAGER+AGENTS PRODUCT WHITE PAPER | WWW.SIGNIANT.COM

TECHNOLOGY AND SYSTEM ARCHITECTURESYSTEM COMPONENTSA basic Manager+Agents deployment comprises three distinct

software elements:

➜➜ Manager: Manager software is installed on a server behind the

customer’s firewall. The Manager performs all administration,

control and reporting functions and orchestrates transfers. Users

configure the system, schedule transfers, and monitor activity via

the Manager’s web-based interface, which can be accessed from

anywhere in the world.

➜➜ Agents: Every endpoint in a M+A deployment requires Agent

software running on a server near the target or source storage,

running either as a single node or in a load-balanced pool for

enhanced availability and throughput. Signiant Agents execute

the tasks that the Manager defines – primarily accelerated file

movement and interoperability with third-party software and

systems. File movement occurs from Agent to Agent.

➜➜ Relay Agents: Relay Agents can be configured to transfer

content between public and private networks, transversing

firewalls while maintaining network security. The two types of

Agents are licensed differently, but the only functional different

between a Relay Agent and a transfer Agent mentioned above

is that a Relay Agent cannot be used as a transfer endpoint.

However, a transfer Agent can be used as a relay point.

A sample system deployment is show above, with some Agents

operating inside the corporate network and others at partner

locations.

STORAGE FLEXIBILITY

Manager+Agents was originally designed for traditional on-premises

file storage and was used to transfer content between global data

centers. With the proliferation of storage choices, the product has

evolved to accommodate other forms of storage. There is now an

M+A option that supports on-premises object storage; compatibility

has been certified with S3-compatible offerings from EMC, NetApp,

CleverSafe and other major storage suppliers.

M+A workflows can also be extended to include transfers to and

from cloud storage in Amazon Web Services and/or Microsoft

Azure. This is achieved via a Signiant SaaS offering known as

Flight. On the cloud side of a transfer via Flight, there is no need

for the customer to procure compute resources or deploy software

– Signiant handles all of that on an auto-scaling basis. On the

on-premises side, an additional piece of Flight software is installed

alongside the Agent. All transfers can be monitored and tracked via

the M+A console.

Per the diagram on the following page, a deployment of

Manager+Agents and Flight provides a fully integrated system to

support a hybrid cloud storage architecture.

FIGURE 1: MANAGERS+AGENTS SAMPLE SYSTEM DEPLOYMENT

OBJECTSTORAGE

FIREWALL

ADMIN/IT

CORPORATE DMZ

FILE STORAGE

CORPORATE NETWORK

PARTNER(S)

MANAGER AGENT(S)

RELAY AGENT(S)

FIREWALL

AGENT(S)

3 | MANAGER+AGENTS PRODUCT WHITE PAPER | WWW.SIGNIANT.COM

SIGNIANT ACCELERATION TECHNOLOGYManager+Agents utilizes Signiant’s patented UDP-based

acceleration technology to move large files much faster than is

possible via TCP. Achieved with a proprietary transport protocol

that minimizes the impact of network latency or packet loss, M+A

enables the full utilization of all available bandwidth.Another way

of visualizing the performance improvement is to compare Signiant

transfers with TCP transfers over various distances, and to then

repeat this comparison for different bandwidth connections. As

shown below, with TCP the file transfer takes proportionally longer

as distance/latency increases and packet loss occurs. With Signiant,

not only is the transfer time much shorter, it’s also independent of

distance — and as more bandwidth is added the Signiant transfer

time gets proportionally faster.

Proprietary Transport Protocol

Signiant’s proprietary transport protocol implements both an

advanced transmission control protocol on top of UDP as a

replacement for TCP, and an advanced file transfer protocol as a

replacement for FTP.

One fundamental problem with TCP is that it uses a relatively

unsophisticated sliding window mechanism, sending only a certain

amount of data over the network before it expects that data to be

acknowledged as received. As TCP receives acknowledgements,

it advances its window and sends more data. If the data doesn’t

get through or an acknowledgement is lost, TCP will time out and

retransmit from the last acknowledged point in the data stream with

a reduced window size. There are a number of problems with this,

such as retransmitting data that may have already been received, or

long stalls in data sent while waiting on acknowledgements.

Signiant uses a mechanism similar to a sliding window, but the

mechanism incorporates two key improvements over traditional

TCP: adaptive window size and selective acknowledgment. Adaptive

window size is a mechanism that measures the capacity of the

network and the round-trip distance. It then uses a window that’s big

enough to keep data in flight on the network at all the times. Selective

acknowledgement allows the endpoint to verify which pieces of the

transmission have been received so that any section that is missing

— even one in the middle of the data set — can be retransmitted

rather than the entire data set.

Additionally, Signiant is constantly measuring effective throughput,

network latency and loss, and building a history. By maintaining a

history, it is possible to see how all of these factors are changing

over time, and network congestion can be located by analyzing the

frequency of changes. This allows the Signiant protocol to adapt to

network conditions much more effectively than TCP, which employs

pure additive-increase/multiplicative-decrease window size changes

in response to point-in-time packet loss.

Signiant’s advanced transport control protocol is deployed on top of

UDP (User Datagram Protocol), but also enhances UDP in significant

ways. UDP enables chunks of data to be sent on a best-effort basis

that removes the TCP overhead of back-and-forth handshaking

between the two ends of the IP transmission path mentioned above

— but UDP typically does so by foregoing reliability.

FIGURE 2: MANAGERS+AGENTS AND FLIGHT INTEGRATION SUPPORTING HYBRID CLOUD STORAGE ARCHITECTURE

OBJECTSTORAGE

FIREWALL

ADMIN/IT

CORPORATE DMZ

FILE STORAGE

CORPORATE NETWORK

PARTNER(S)

MANAGER AGENT(S)

RELAY AGENT(S)

FIREWALL

AGENT(S)

AGENT(S)

4 | MANAGER+AGENTS PRODUCT WHITE PAPER | WWW.SIGNIANT.COM

The Signiant protocol implements functionality on top of UDP

that restores reliability in a TCP-like way, but with the following

improvements:

➜➜ Flow control ensures that data is transmitted at the optimal rate

for the receiver.

➜➜ Congestion control detects when the network is being

overloaded and adapts accordingly.

➜➜ Reliability mechanisms make sure that data loss due to

congestion or other network factors is compensated for and that

the order of the stream of data is maintained.

Signiant’s transfer protocol also adds enhanced FTP-like functions

to the UDP foundation. With FTP, each file sent requires its own

set of command and response interactions, and its own TCP

connection. The Signiant protocol reduces this high per-file overhead

by communicating about files being transferred more efficiently and

multiplexing the transmission of files over a single channel, thereby

enabling file operations to be performed in parallel.

When combined with Flight the Signiant transport also performs

intelligent application-level routing choosing the optimal protocol for

the observed latency and loss characteristics on available network

links. Writing to storage from the closest possible point allows

interactions with storage to be optimize whether using HTTP-based

object storage access protocols, Network Attached Storage (NAS)

interactions with NFS or CIFS, or Direct Access Storage (DAS).

Checkpoint Restart

In addition to the various protocol-level reliability mechanisms

noted above, Signiant includes a feature called Checkpoint Restart.

Checkpoint Restart adds a layer of fault tolerance into any transfer

by ensuring that if a transfer is interrupted for any reason (from

network failure to application or OS crashes) the transmission will

automatically restart after recovery from the point at which it was

interrupted, with no loss of data. This adds not only reliability but also

efficiency to the overall transfer process by avoiding the need to start

at the beginning again after a failure.

Signiant Acceleration Compared to TCP

Signiant acceleration technology has the greatest impact for large

file transfers over distance and takes full advantage of available

bandwidth. As shown in the diagram below, compared to TCP, as

distance and latency increases, Signiant performs exponentially faster

especially with higher bandwidth connections.

Another way of visualizing the performance improvement of Signiant

acceleration compared to TCP transfers is to compare transfer

time over various distances and to then repeat this comparison for

different bandwidth connections. As shown below, with TCP the file

transfer takes proportionally longer as distance/latency increases or

packet loss occurs. With Signiant, not only is the transfer time much

shorter, it’s also independent of distance — and as more bandwidth

is added the Signiant transfer time gets proportionally faster.

FIGURE 3: SIGNIANT VS. TCP-BASED TRANSMISSIONS

0

50 Mb 1 GB 20 GB

6

TR

AN

SF

ER

TIM

E (

HR

S) 12

DATA PAYLOAD

UP TO 200X FASTER

GREEN = 1 GBPS LINK LA TO SINGAPOREBLUE = 100 Mbps LINK LA TO NY

No Signiant

No Signiant

SigniantSigniant

18 HRS

12 HRS

6 HRS

FIGURE 4: TIME TO TRANSFER 1 HR OF HD CONTENT (ENCODED @50 Mbps AVC-21GB)

100 Mbps

TCP Signiant

LA Metro 1:28 0:32LA to NY 5:38 0:32LA to London 10:59 0:32LA to Singapore 21:05 0:32

TCP SIGNIANT

500 Mbps

TCP Signiant

LA Metro 1:28 0:06LA to NY 5:38 0:06LA to London 10:59 0:06LA to Singapore 21:05 0:06

TCP SIGNIANT

1 GBPS

TCP Signiant

LA Metro 1:28 0:03LA to NY 5:38 0:03LA to London 10:59 0:03LA to Singapore 21:05 0:03

TCP SIGNIANT

5 | MANAGER+AGENTS PRODUCT WHITE PAPER | WWW.SIGNIANT.COM

SECURITY

Transport Layer Security

Transport Layer Security (TLS) is built in as a core component of the

Signiant transfer protocol software stack and provides the base layer

of security in all Signiant tools. TLS is the standard cryptographic

protocol designed to provide communication security, privacy and

data integrity over IP networks. Encryption mechanisms provided

by TLS are used to secure data as it is transmitted with regards

to data transfer, advanced authentication, data integrity, and data

confidentiality. All transfers conducted through the Signiant transfer

protocol are encrypted, appropriately authenticated, authorized and

tracked, including proof that files were delivered thereby ensuring

nonrepudiation (protection against denial of performing an action).

Additional layers of service and application security are added to the

individual Signiant products on the management, control and end-

user components specific to each.

Defense-in-Depth

TLS within the transport layer is just the starting point for security at

Signiant. Because enterprises use our software to move their most

valuable assets, we take great care to secure every layer involved in

file movement. Our security technology and implementation regularly

undergo extensive third-party reviews to ensure effective protection,

and our development team is well-versed in secure design principles.

Trusted across the Media & Entertainment industry and beyond,

Signiant was awarded the DPP ‘Committed to Security’ mark for

both production and broadcast.

Effective security requires much more than encryption during

transfer or storage. Even the strongest lock is only as effective as the

protection of the key or combination used to unlock it.

Signiant’s Manager+Agents software, in conjunction with appropriate

organizational policies and procedures, protects assets from threats

posed by individuals, hacker groups and criminal adversaries. Assets,

including computing and network resources, intellectual property,

business timelines, and reputation must be protected from a wide

range of threats that include destruction, corruption, disclosure and

interruption.

Manager+Agents mitigates these threats via the implementation of

multiple security services including authentication, authorization, data

integrity, data confidentiality and non-repudiation.

Authentication

Authentication services confirm that someone or something is

what they claim to be. Signiant’s Manager+Agents implements

authentication services in the form of login and password credentials

with the added certainty of certificate-based authentication.

Whenever passwords are used for client-side authentication, the

server side is authenticated using SSL certificates from a public

‘certificate authority’ (CA) to make sure that User IDs and passwords

are sent to the intended target and not some rogue man-in-the-

middle trying to steal authentication. Signiant ensures that mutual

certificate-based authentication keys are always employed for

machine-to-machine connections and that the distribution of these

keys is secure so that they can be reliably used in the authentication

process.

Authorization

Authorization services implement and enforce access policies to

data. Signiant also enforces password policy, including a configurable

expiration cycle that requires users to change passwords periodically,

and minimum password strength validation to require users to create

formidable passwords. Enterprise customers have the option to use

Active Directory or LDAP, where authentication occurs behind the

customer’s firewalls. Through Active Directory and LDAP, customers

can implement multi-factor authentication as well.

Manager+Agents is able to “sandbox” transfers to a particular

directory on a particular host server, so that access policies can

be enforced as designed. The software does this by connecting

to the host using a local or domain userID, and thereby adhering

to the access rights policy assigned to the user on that server.

Similarly, users can be enabled or restricted when running transfers,

monitoring, and reporting according to the access rights given to

their profile.

Data Integrity and Confidentiality

Data integrity services protect information assets from corruption.

Signiant employs hashing and digital signing of data during transit

to prevent malicious tampering and errors between sending and

receiving parties.

FIGURE 5: MANAGERS+AGENTS SECURITY

6 | MANAGER+AGENTS PRODUCT WHITE PAPER | WWW.SIGNIANT.COM

Data confidentiality services protect information assets from

disclosure. Manager+Agents employs 256-bit AES encryption to

ensure data confidentiality during transfer of files and when the file is

at rest. Though AES encryption is the ‘state-of-the-art’ for encryption,

it is very important that the encryption key management scheme is

‘state-of-the-art’ as well. You can have big lock on the door, but if

anyone can find the key under the mat, then the door is not secure.

Signiant encryption keys are managed with a local certificate authority

based on OpenSSL. This key management scheme ensures that the

encryption keys are secure in transit and at rest.

Non-Repudiation

Non-repudiation services provide a trustworthy record of what has

been done by whom and when. The reporting and log files provided

by Signiant products enable companies to determine the complete

history of a file’s movement. The data will allow a forensic analysis

of who, where, and when file assets were moved. Signiant user

interfaces an audit trail of both end-user and administrative activity.

The “certified delivery” function provided by Signiant software

identifies each file that has moved from a source to a target, along

with signed hashes of the file as computed by the source and target

agents. These signed hashes are compared and if they match, it is

guaranteed that the file has not been modified in transit.

AUTOMATED FILE TRANSFER BASICSNETWORK CONFIGURATIONAs described in the acceleration technology section, the Signiant

protocol runs over UDP. To allow Manager+Agents to move content

throughout the LAN/WAN network environment, it is therefore

necessary to ensure that the appropriate ports are open on your

router/firewall devices. Signiant’s seasoned Customer Support team

can assist with this process, providing specific port details, device

knowledge, and guidance on the use of Relay Agents.

The diagram below provides an example for a simple transfer

configuration:

Detailed network information for sample mediadropbox

WAN accelerated transfer between two locations

RELAY-AGENT

FIR

EW

AL

L

DMZ

AGENT 1MAIL SERVER

SIGNIANT MANAGER

AGENT 2

LOCATION A

LOCATION B 12

24

4

3

2

INT

ER

NA

L F

IRE

WA

LL

FIGURE 6: SIMPLE TRANSFER CONFIGURATION

1. Manager sends instructions to Agent 1 (TCP or UDP port 49221) via manually authenticated and encrypted channel. 2. Agent 1 (src port random) authenticates with Agent 2 (TCP port 49221). Agent 1 and Agent 2 negotiate the UDP port to to use for WAN acceleration (starting with UDP 49222 as a default). If needed, the traffic to or from the internal networks can be relayed through a single port on one or more agents in the DMZ (to minimize firewall rules).3. Agent 1 updates the manager with statistics information while the job is running. Using the active control channel (TCP port 49221). 4. When job completes, the control channel closes and optionally an email is sent out for the job status (via TCP port 25 to Mail server).

7 | MANAGER+AGENTS PRODUCT WHITE PAPER | WWW.SIGNIANT.COM

THE MANAGER CONSOLECentral management of the Manager+Agents system is provided

via a highly configurable web-based administration console. The

Manager dashboard gives you the ability to customize views for

system configuration, task automation, scheduling, and managing

current system activity. Customized reporting, combined with the

power to take action as needed, ensure your business processes

run smoothly. M+A provides complete visibility into file movement,

and you can create and customize job completion email notifications,

as well as customize and schedule reports, file movement jobs and

system activity.

CREATING JOBSIn the Manager+Agents system, individual scheduled file transfers

between Agents are referred to as Jobs. The most straightforward

way to create a job is to use one of the pre-configured solutions that

come with the base product and are collectively referred to as Media

Mover.

Media Mover comprises four different solutions for specific use

cases:

➜➜ Media Dropbox transfers data between a single source Agent

and one or more destination Agents, based on a time of day or

upon changes to the source directory.

➜➜ Media Aggregator retrieves files from one or more Agents

to a single target Agent and stores the files on its local disk or

attached storage.

➜➜ Media Distributor is used for a simple scheduled push

distribution from one source Agent to one or more destination

Agents.

➜➜ Media Replicator is used for a simple scheduled push

distribution from one source Agent to one or multiple destination

Agents. Media Replicator supports Synchronization option

and has performance advantages over Media Dropbox when

transferring large numbers of files.

For customers with the Local Object Storage option, a set of Object

Mover solutions are provided to perform similar functions to Media

Mover:

➜➜ Object Dropbox transfers files from a single hot folder on the

source Agent to local object storage, based on a configurable

schedule.

➜➜ Object Uploader transfers multiple files and/or folders from one Agent to local object storage, on-demand or based on a configurable schedule.

➜➜ Object Downloader transfers multiple files and/or folders from local object storage to an Agent, on-demand or based on a configurable schedule.

➜➜ Object Replicator transfers contents from one local object storage container to another on the same system or between

systems, on-demand or based on a configurable schedule.

Object Mover also works in conjuction with Flight for transfers to and

from cloud object storage.

AGENT GROUPSAn Agent Group is a logical collection of Agents that Jobs can use

in place of individual agents. When a Job uses an Agent Group, the

controlling Agent sends data to or receives data from each Agent in

the group. This facilitates sending files to/from multiple locations, as

well as provides optional redundancy and scability across pools of

Agents.

FIGURE 7: MANAGER+AGENTS DASHBOARD

8 | MANAGER+AGENTS PRODUCT WHITE PAPER | WWW.SIGNIANT.COM

In load balancing mode, transfers are automatically routed so as to

balance the load across all active Agents in a group. Signiant’s load

balancing connects to all of the machines in the Agent Group and

picks the first one that responds. (The one that responds first is most

likely the one with the lightest load or with the fastest network path

to it.)

INTER-COMPANY TRANSFERSMost large media enterprises have an extensive network of partners

and use M+A to move content across a complex global supply

chain. M+A is specifically designed to provide secure mechanisms

for accelerated transport between companies, in addition to

supporting transfers within a single company.

This is accomplished via mechanisms for peering into two or more

Manager deployments to create “web of trust” relationships between

Signiant installations. Companies can easily establish mutual

authentication between multiple Managers and their Agents. In

addition, job components running on an Agent can be viewed and

controlled from Managers other than the initiating Manager.

The peering process is performed by exporting information from one

Manager (e.g. the certificate of the CA) and importing it onto another

Manager. The import process allows the CA certificate to then be

distributed to Agents in your network.

GROWING FILE SUPPORTManager+ Agents provides support for growing files, which is the

ability to begin sending files as soon as the file starts to be written

rather than waiting for the file write to complete. This allows for an

overall reduction in file transfer times and is particularly effective in

enabling highly efficient workflows for sports, news, and other types

of live event production.

COMMON USE CASESThe Manager+Agents system is highly configurable and can be

used for virtually any task that involves the automated movement of

large data sets. From a big-picture perspective, however, use cases

within the Media & Entertainment sector generally fall within several

high-level categories. This section provides an overview of the most

common types of use cases. It is important to note that all of these

examples involve business-to-business media workflows; Signiant

technology is not typically involved in delivery of content directly to

the consumer.

CONTENT DISTRIBUTION

Throughout the global media supply chain, Manager+Agents

software plays a key role in the B-to-B distribution of content – both

within and between enterprises. There are many situations where

there is a mission-critical need for content to flow from a single

source location where it is created or packaged to various endpoints

around the world.

The basic one-to-many workflow of content distribution has

long been an essential part of the media business. Prior to the

advent of file-based workflows, millions of videotapes and film

reels were shipped around the world every day. While there are

still situations where it’s practical to ship disk drives or data tapes,

B-to-B distribution is now largely accomplished via terrestrial

delivery over IP networks. In parallel with this transition, the

scale and complexity of global media supply chains has grown

dramatically with the increasingly diverse ways that video content

is delivered to consumers. With its highly scalable architecture, the

Manager+Agents solution can readily accommodate these growing

and changing content delivery ecosystems.

These are some of the most common distribution workflows that

employ M+A to provide acceleration, security and central control:

➜➜ Deliver first-run television content to multiple global playout

centers;

➜➜ Transfer Digital Cinema Packages (DCPs) to cinemas for theatrical

release of feature films to digital screens;

➜➜ Deliver video ads to online and/or television outlets;

➜➜ Send syndicated longform television content to licensees;

➜➜ Send VOD content to cable system operators;

➜➜ Transfer promos and other marketing content around the world;

➜➜ Send source content to languaging houses for localization;

➜➜ Deliver packaged assets from a media services provider to online

platforms.

In each of these cases, the content creator/owner will typically have

a Manager installation at their headquarters location and perhaps

at other sites around the world. Agents will be deployed at major

partners or international hubs, and deliveries can be tuned for various

situations. In the case of close-to-air television content, for example,

it is essential to give priority to certain files and verify receipt by a

certain time. In other scenarios, it is best to schedule deliveries

during off-hours while the corporate network is underutilized. With

M+A, administrators have the flexibility and granular control they

need to implement whatever process best meets the needs of the

business.

9 | MANAGER+AGENTS PRODUCT WHITE PAPER | WWW.SIGNIANT.COM

CONTENT DISTRIBUTION / AGGREGATION / INGESTAnother common workflow in the global media industry involves

collecting content from disparate sources and bringing it to a central

location for processing, packaging, and subsequent distribution

to partners and/or internal facilities. These many-to-one use cases

involve some of the same complexities as distribution; they are

similarly global in scale and often have time-critical elements.

Contribution and distribution workflows are often interleaved or even

interchangeable, with the control point determined by the commercial

arrangements between the parties. For example, a major cable

network that commissions content from many different producers

may design a contribution workflow to ensure timely content

submission and a uniform ingest process. The content producer will

be provided with (or will need to purchase) an Agent that is controlled

by the cable network’s Manager. In this case, the content producer is

a participant in the cable net’s contribution workflow.

That same content-producing entity may also independently create

video assets that are marketed and sold to other outlets around the

world. Some of those contracts are likely to require that the producer

deliver a finished asset to the buyer’s premises. In this situation the

content producer will drive a distribution workflow from their own file

transfer system. Because of these diverse needs, Manager+Agents

deployments within large media enterprises are often correspondingly

complex, involving the entity’s own M+A system, Agents from

multiple partners, and various cross-trust arrangements. Signiant

software is configurable enough to support whatever workflow is

desired, the details of which are generally dictated by business model

imperatives within the M&E industry.

These are some of the most common aggregation workflows that

employ M+A to provide acceleration, security and central control:

➜➜ Collect commissioned programs from many global producers

(cable or broadcast network)

➜➜ Ingest ads from agencies and production companies (ad

distribution business)

➜➜ Ingest packaged assets from various content producers (online

platform)

➜➜ Gather news content from global bureaus (cable of broadcast

network)

CREATIVE WORKFLOWSManager+Agents software plays a key role in the creative process

for most of the produced media assets that consumers see on

television, in theaters, or online. Fast, secure electronic transport of

media content between various locations and commercial entities is

an essential element of modern production and post production.

The journey from raw camera footage to finished media asset

involves many processes, some of which occur in series and some

in parallel. Certain of these activities are talent-driven, undertaken by

creative professionals whose artistic sensibilities add crucial value

to the finished product. In contrast, some processes are purely

technical and can be fully automated – while others lie somewhere in

the middle of this spectrum. A Manager+Agents system can provide

the underpinnings for all of these processes.

The more premium the asset, the more likely that a large number of

different, highly specialized companies will be involved in the creative

process. For a high-end feature film, dozens of different specialty

post production firms may provide services ranging from basic

editing to digital effects, sound production, colorizing, etc. Even after

the program master is finished, the asset is likely to move around

the world for localization. Localization might include voiceover,

subtitles, and/or closed captioning in various languages, along with

compliance editing to align with varying laws about what kinds of

content can be shown to the public.

The M+A system owned by a creative entity is likely to be operated

in a more agile manner than systems owned by large content

distributors and aggregators. A film production company might, for

example, schedule regular transfers for the duration of a production

to send rough-cut footage every night from an on-location system to

a production facility. During the day, deliveries for the post production

pipeline will be scheduled on an as-needed basis when the content

is ready for the next step. Timelines are usually tight and resources

are usually at a premium, so the granular controls available in the

M+A system can be essential. To meet multiple deadlines with the

available bandwidth, the operator may need to use resource controls

to prioritize a certain file delivery, followed by two more in parallel.

For high-end productions, security during the creative process is of

paramount importance. The creative community depends on M+A

to provide secure transfer, as well as a detailed chain of custody

record.

CLOUD WORKFLOWSAs cloud adoption in M&E continues to gain traction, M+A workflows

are evolving to touch the cloud in various ways. Individual workflows

that fit into each of the prior three use case categories (distribution,

aggregation, creative) might be implemented entirely on-premises,

mostly in the cloud, or with a hybrid cloud approach.

The Manager+Agents system in a cloud or hybrid cloud workflow

continues to serve as the ‘brains’ of the operation, orchestrating file

transfers, managing network resources, maintaining records, and

perhaps automating the entire workflow. As discussed on page 2,

the addition of Signiant’s Flight offering to the system provides a

transparent means of connecting cloud storage in either AWS or

Azure into a file transfer workflow.

10 | MANAGER+AGENTS PRODUCT WHITE PAPER | WWW.SIGNIANT.COM

SPORTS

The cornerstone of sports video is, of course, live action footage

from the multiple cameras at the venue. However, a surprising

volume of file-based content is generated by broadcasters before,

during and after the live event, including highlights, segments, studio

components and more. For fast-turnaround content during the

game, broadcasters often transfer footage to central headquarters for

editing, formatting and packaging. From there it might flow to various

digital media outlets or even back to the trucks for insertion into the

live game feed.

This production model rests on the ability to transfer huge amounts

of data, whether large files or many small clips, in a fast, secure

and reliable manner. Manager+Agents software has long served as

the core acceleration backbone for automated delivery of content

from OB trucks to and from headquarters, quickly and securely

moving large volumes of data. Before the game, things like graphic

elements and produced segments from the studio are delivered to

the truck for use during the game production. After the game, the

“melt file” consisting of the most relevant content is transferred back

to headquarters via M+A for access by content producers and for

archiving.

During the game, the fast-turnaround workflows noted

above generate staggering amounts of data that can only be

accommodated with highly automated, accelerated file transfer

solution. For example, just one OB truck at a 6-hour game might

generate 2000 – 2500 clips, with larger weekend-long tournament

events generating up to 40,000 clips for 10 trucks.

With M+A, broadcasters can ensure that the content is steadily

flowing out of the truck and back to headquarters, where it can be

available for use within minutes of capture. Specialized M+A features

such as growing file support (see p. X) help make sports workflows

even more efficient.

APPLICATIONS OUTSIDE M&E

While specific details of the use cases outlined in this section are

unique to the M&E space, there are parallels in other data-intensive

industries. For example, consider a provider of high-res satellite

images for mapping applications. A business model in this space is

likely to depend on quickly providing very large data sets to many

customers around the world. Some customers may receive the same

set of standard images, while others have contracted for customized

packages. An M+A deployment can ensure secure, timely data

transfer with detailed visibility and tracking of all deliveries.

Other industries that rely on Manager+Agents include life sciences,

where clinical trial data, genome sequences, and medical images

can all involve extremely large data sets. Earth sciences applications

include gas & oil surveys, seismic images, and drone video for

mapping. Finally, companies involved in various kinds of design use

M+A to move large code bases, architectural drawings, or product

design files.

RESOURCE MANAGEMENT OPTIONSigniant’s Resource Management module is ideal for organizations

seeking more sophisticated control of file-based assets, network

bandwidth and server resources. Resource Management allows

administrators to prioritize delivery of assets between sites based on

business needs and content delivery windows. As content priorities

change, the queue can be adjusted by moving more critical jobs to

the top, while jobs with less stringent timelines remain lower in the

queue.

Controlled by a single Signiant Manager or multiple Managers

operating in an enterprise environment, Resource Management can

be used to control bandwidth usage to specific locations or servers

to ensure systems or networks are not overloaded, including setting

ceiling and floor ranges based on the time of day or traffic loads on

the network and limits for running file movement jobs. Administrators

can set automated or manual bandwidth limits for running jobs, and

can define serial or parallel transfer flows.

When a job is submitted, a priority and complete-by-time can

be specified. Jobs are then automatically ordered by priority and

complete-by time. As such, all high-priority jobs are sorted before

all standard and low-priority jobs. Within high-priority jobs, jobs with

the nearest complete-by times will be sorted ahead of jobs with later

complete-by times.

11 | MANAGER+AGENTS PRODUCT WHITE PAPER | WWW.SIGNIANT.COM

INTEGRATION WITH OTHER SYSTEMSREST / SOAP APISManager+Agents includes a comprehensive set of APIs designed

to enable other systems to initiate file transfer jobs and collect

information. Signiant provides both a native web service API as well

as a FIMS-compliant API. Both APIs are available in both SOAP and

REST. For API details, please see developer.signiant.com.

FIMS

The Framework for Interoperable Media Services (FIMS) is an open

standard from the Advanced Media Workflow Association (AMWA).

Utilizing a Service Oriented Architecture (SOA) approach, FIMS

replaces the tightly-coupled, highly customized integrations used by

traditional systems with a set of “Media Services” that are

interoperable, interchangeable and reusable. The interfaces between

these different services and the centralized system that runs them are

defined by FIMS. For more information about FIMS, refer to fims.tv.

Signiant was involved in development of the FIMS standard and

maintains FIMS-compliant versions of the Manager+Agents REST

and SOAP APIs.

AUTOMATION ENGINE OPTIONA sophisticated add-on feature, the Manager+Agents Automation

Engine facilitates the creation of flexible Job Templates that can be

used to create customized workflows for the processing of content.

A template may be as simple as moving a file from one Agent to

another, or as sophisticated as directing a package for transcoding

and watermarking before publishing.

FIGURE 9: PARALLEL TRANSFERS WITH QUEUING

FIGURE 8: SERIAL TRANSFERS WITH QUEUING

668 MB asset

9.7 GB asset

50 GB asset

668 MB asset

11.1 GB asset

72.6 GB asset

Unprioritized New York-originating transfer jobs

Using Signiant Manager, jobs bound for London are prioritized in queue with a concurrent job limit set to one; queue order is adjustable

Transfers are completed serially, each utilizing allocated bandwidth until queue is empty

transfer complete, arrives in London

next transfer begins after previous transfer is complete

allocated bandwidth

668 MB asset

9.7 GB asset

50 GB asset

668 MB asset

11.1 GB asset

72.6 GB asset

New York- originating transfer jobs

Using Signiant Manager, jobs bound for London are placed in queue with a concurrent job limit set to four

Four transfers start simultaneously with two transfers remaining in queue

The two 668 MG transfers are completed, allowing the 1.1 GB and 72.6 GB transfers to begin

Aggregate bandwidth is shared evenly by four transfers

As transfers complete, aggregate bandwidth is reallocated for remaining transfers

One transfer still in progress; using all of aggregate bandwidth

Three transfers still in progress; each using one-third of aggregate bandwidth

12 | MANAGER+AGENTS PRODUCT WHITE PAPER | WWW.SIGNIANT.COM

FIGURE 10: AUTOMATION ENGINE FUNCTIONALITY

1. A user creates or modifies a job template, laying out components in a sequence and mapping inputs to outputs. 2. The job template is saved in the job template library database.3. A job is created from a template by an operator supplying job parameters and a schedule through the administrative interface or an external trigger.4. The Scheduler monitors the system for jobs to run and alerts the Supervisor to initiate the job using a specific template and job parameters.5. The Supervisor requests and receives the job template from the template library and runs the job using the job parameters.6. The Supervisor passes the relevant job template components and job state information to Agents for execution.7. In the case of a file transfer components, the Supervisor contacts the controlling Agent which connects with one or more Target Agents to perform the file transfer.8. Agents report the execution status of each component back to the Manager.

The Media Mover functions described on page 7 are effectively pre-

defined Job Templates; with the Automation Engine you can create

your own.

The Automation Engine includes a toolbox of standard Components

(such as transcode or QC steps) that can be linked together via

a visual drag-&-drop interface (known as the Workflow Canvas)

to form new Job Templates. You can also create your own

Components, and both Components and Job Templates can be

stored for future use. Any interpreted script language may be used

within the workflow Components. These new Job Templates can be

combined via the Manager with manual tasks and business rules to

implement highly complex, customized file transfer workflows.

The diagram below illustrates Automation Engine functionality. Please

note that the Scheduler and Supervisor are sub-components of

the Manager. The ‘controlling’ and ‘target’ nomenclature refers to

roles Agents take on for any given transfer/job.

SUPERVISOR

WORKFLOW MODELING AGENT

PROCESSING TRANSCODE GENERATED FILE DELIVER FTP DELIVER TARGET

JOB TEMPLATE LIBRARY DATABASE

USER(S) SCHEDULER

1

TARGET TRANSFER AGENT CONTROLLING TRANSFER AGENT

FTP

23

5

4

6 8

7

THIRD PARTY INTEGRATIONS

Media technology systems are highly complex, typically involving

software and hardware from many different suppliers. Signiant works

closely with major suppliers in the industry to facilitate integrations

with Manager+Agents utilizing the APIs and workflow automation

capabilities described earlier in this section. Signiant’s media

technology partners include most major suppliers in the space such

as:

AUTOMATION ENGINE

13 | MANAGER+AGENTS PRODUCT WHITE PAPER | WWW.SIGNIANT.COM

Integrations with Manager+Agents typically fall into two categories:

Programmatic Initiation of Signiant File Transfers by 3rd-Party Products

Some media workflows are designed so that a master system

such as a MAM or DAM controls the transfer of files. In this type of

integration, the 3rd-party system will make a web service API call

to the Signiant Manager. Progress and status details relating the

transfer are reported back to the calling system, typically for display

in that product’s user interface.

Control of 3rd-Party Products from Within Custom Signiant Workflows

In other media workflows, Signiant Manager+Agents serves as the

master system and M+A jobs coordinate the processing of files by

3rd-party products such as Transcoders and Quality Control (QC)

utilities. These workflows typically involve the transfer of files from

one location to another, with the Signiant system managing other

processes that occur immediately before or after the transfer.

In this type of integration, the Manager will generally utilize an API

on the 3rd-party application to send a list of files to be processed

as well as the type of processing to perform. These API-level

integrations allow for progress and status information from the

3rd-party product to be reported back into the Manager GUI for

operator advisement. Once the 3rd-party process is complete, an

intelligent decision can be made on the next step in the workflow.

For example, if the QC check is successful, the Manager will transfer

the file to a playout system. If QC fails, the Manager will move the

original file to a quarantine folder and distribute a notification for

operator intervention.

SIGNIANT MEDIA SHUTTLE FOR PERSON-INITIATED TRANSFERSWithin most enterprises that move large files, there are use cases

for both automated transfers and transfers that involve people.

Manager+Agents handles the automation tasks, while the de facto

standard for end user transfers is a Signiant SaaS offering called

Media Shuttle. Media Shuttle is sold separately but is fully integrated

with Manager+Agents to support both person-to-system and

system-to-person workflows.

About Media Shuttle

Media Shuttle is Signiant’s SaaS solution for “hands-on” accelerated

transfer of large files. Combining the simplicity of online file sharing

with Signiant’s enterprise-class acceleration, security, and control,

Media Shuttle is the easiest way to send any size file, anywhere, fast.

Media Shuttle makes it easy to share files between people, between

systems and to and from the cloud, while providing centralized

tracking and reporting for every transaction.

Portals for Every Project and User Type

Sending files with Media Shuttle is as simple as dragging and

dropping them onto a web page or protal. It’s so intuitive that your

users will never need a tutorial, training session, or even an email

explanation. There are three different types of portals that can be

created to support almost any use case:

➜➜ SEND portals allow for fast person to person file transfer.

➜➜ SHARE portals make it easy to upload and download files within

designated folders.

➜➜ SUBMIT portals provide an onramp for users to submit files into

automated workflows with Manager+Agents.

Media Shuttle offers roles for three key user types in the organization

– end users, operational administrators and IT administrators. Each

user type has a tailored view that’s made explicitly for their job

function. Media Shuttle makes it easy to enable all users, whether

internal or external, to access only the files and features they require.

Brandable, Customizable Experience

Media Shuttle customers can create and customize as many

portals as they choose, each with their own branding and imagery.

Setting up a portal for every project or partner is a quick and easy

task and it’s a great opportunity to extend your brand and create

a professional, visually appealing experience for transferring files.

Media Shuttle also supports multiple languages which can be

configured on a portal by portal basis.

Like all of Signiant’s products, Media Shuttle leaves storage under

your control. Media Shuttle portals can be individually configured for

either on-premises storage or your cloud object storage tenancy in

Amazon Web Services or Microsoft Azure.

14 | MANAGER+AGENTS PRODUCT WHITE PAPER | WWW.SIGNIANT.COM

Media Shuttle System Architecture

Media Shuttle is often deployed in a hybrid SaaS configuration as

shown above. The data plane (and associated server and software)

are on-premises, while the system control plane are delivered

from the cloud via Signiant’s multi-tenant cloud-native SaaS. This

architecture lets you maintain complete control of high-value content,

while simultaneously deriving the classic SaaS benefits of automatic

updates, scalability, and global availability.

Integrated Workflows for Manager+Agents and Media Shuttle

The two products can be connected together via the M+A workflow

engine and an optional Media Shuttle feature called the System-

to-Person Automation API, a capability that enables customers to

integrate Media Shuttle with other systems such as MAMs / DAMs

to automate distribution (“click to download”) and acquisition (“click

to upload”) workflows. The API also facilitates the transition from

Media Exchange to Media Shuttle for Manager+Agents customers

who want to connect complex automated workflows with end users.

REDUNDANCY OPTIONSManager+Agents software plays a mission-critical role in moving

highly valuable, time-critical content around the world. The system

is designed to accommodate a range of redundancy options, and

we encourage customers to carefully plan for mitigation of failure

scenarios.

MANAGERThere are four primary options for Manager redundancy:

Virtual Machine Snapshot

In this scenario, the Manager is installed on a virtual machine and

snapshots are taken automatically to allow quick restoration up to

the snapshot point either locally or at a disaster recovery location.

Downtime is dependent upon the length of time for the manual

process to note the issue and recreate the instance. No additional

Signiant licenses are required.

High Availability Option (Red Hat Linux Cluster)

The Manager is installed on a Red Hat Linux Cluster, typically with

two servers and shared RAID disk, operating in an active/passive

mode. The operating system monitors the hardware, operating

system, and application health. An automatic failover is triggered

in the event of a system malfunction, with a downtime of only a

minute or so. No data is lost and any running jobs are automatically

restarted and pick up where they left off. A Signiant Manager High

Availability license is required.

Warm / Remote Standby Option

The Signiant Manager software is installed on a server in a separate

location, and cross-trusted to the production Manager. A Manager

backup is transferred to the standby Manager on a daily basis.

CLOUD

ON-PREMISES/ CUSTOMER NETWORK

• WEB INTERFACE • EMAIL NOTIFICATIONS• CLIENT UPDATES• FILE TRANSFER LOGISTICS• DATA COLLECTION

END USEREND USEROPS/ADMINIT

INTERNET (OR CUSTOMER NETWORK)

FIGURE 11: MEDIA SHUTTLE HYBRID SaaS ARCHITECTURE

CUSTOMER’S ON-PREMISES STORAGE

CUSTOMER’S SERVER

RUNNING SIGNIANT FILE

TRANSFER SOFTWARE

SIGNIANT CONTROLLAYER SaaS

15 | MANAGER+AGENTS PRODUCT WHITE PAPER | WWW.SIGNIANT.COM

When an issue is noted, the backup is restored on the standby

Manager, and DNS change to point the Manager hostname from

the original production Manager IP address to that of the standby

Manager. Data loss is restricted to that since the backup was taken

Jobs will restart based on their schedule and will pick up where

they left off. Downtime is dependent on the length of time to notice

the issue and restore the backup (that duration could be an hour or

so dependent on the database size). A Signiant Manager Remote

Standby License is required.

Multiple Managers

The Signiant Manager software is installed on a server in a separate

location, and cross-trusted to the production Manager. Jobs on the

production Manager are re-created on the second Manager and left

in the suspended state. The second Manager has full monitoring

and control capabilities overall all agents and jobs in the Signiant

ecosystem. In the event of Manager failure, the jobs are resumed on

the second Manager. Downtime can be as low as a few minutes. A

Signiant Manager license, with the same options and capacity as the

production Manager, is required.

AGENTSAgents can be protected in the following ways:

Windows Cluster - Transfer or Relay Agents

Agent support is provided for Windows active/passive clusters. This

provides hardware and software redundancy, with automatic failover

by Windows. No additional Signiant licenses required.

Agent Groups - Transfer or Relay Agents

Agents, of any operating system, can be deployed in groups,

providing both redundancy and scalability. Transfers are

automatically balanced between the available Agents. Interrupted

transfers will be automatically resumed from where they left off on

any Agent in the group.

Either Transfer Agents or Relay Agents can be deployed in load-

balanced groups; an additional Agent license is required for each

added Agent.

PACKAGING SUMMARYBASIC FUNCTIONALITY

Manager+Agents is sold as perpetual license software. Costs scale

with the number of endpoints served, but there are no charges

for bandwidth and no charges for the amount of data transferred

between on-premises locations. The standard software is compatible

with file storage; local object storage is a separate line item.

To get started, you will need:

➜➜ A Manager, which includes the control console for configuration,

monitoring and reporting; and four standard job templates for the

distribution, aggregation, replication, and hot folder transfer of

files. Capacity to control up to 15 Agents is included.

➜➜ Transfer Agents are required at each endpoint location to

execute the file transfer tasks defined by the Manager. Agents

intended for use as Relay Agents are offered at a lower per-agent

price.

You can get started with just one Manager and an Agent for each

endpoint that you want to send and receive data. As the system

grows, you can purchase additional Agents for other locations and

partners, or for redundancy and load balancing. As Agents are

added, you will also need to add Agent control capacity to your

Manager. Add-on capacity is sold in 5-node bundles.

ADD-ON OPTIONS

There are a number of optional modules for the Manager, including:

➜➜ Local Object Storage enablement,

➜➜ Automation Engine for customized workflow automation,

➜➜ Resource Management for advanced bandwidth control,

Agent resource throttling, and job queuing,

➜➜ Manager Bundle, which includes a standard Manager plus the

Automation Engine and Resource Management,

➜➜ High Availability for Manager redundancy,

➜➜ Remote Standby for Manager remote backup and standby.

SIGNIANT SAAS PRODUCTS

The Manager+Agents system is designed to interoperate with two

other Signiant products:

➜➜ Flight is a SaaS offering for accelerated transfers to and from the

public cloud;

➜➜ Media Shuttle is a SaaS offering that provides end users with a

simple means of sending and sharing large files.

Most large M&E enterprises use all three products, as illustrated on

the next page.

16 | MANAGER+AGENTS PRODUCT WHITE PAPER | WWW.SIGNIANT.COM

FIGURE 12: PORTFOLIO - ENTERPRISE DEPLOYMENT

CONCLUSIONIf you need to automate system-to-system file movement across your enterprise, Signiant Manager+Agents is the gold standard for speed, security, visibility and control. Designed to move large files over any public or private IP network and to connect to a range of on-premises and cloud storage, M+A’s unique architecture is capable of supporting thousands of endpoints from a central database, offering the lowest TCO at scale of any solution in its class. No other system is more flexible, powerful or reliable. To speak with a specialist about how Manager+Agents can support your global ecosystem, contact us here.

ABOUT SIGNIANT

Signiant is changing the way businesses move large, high-value digital assets around the world and into the cloud. Their on-premises software products were originally adopted by Media & Entertainment enterprises, pioneers in the electronic transport of large files. Over the last decade, Signiant has embraced cloud technology to create next-generation SaaS file transfer and cloud upload solutions with scalable, reliable, cost effective, and easy to deploy capabilities.

Today, Media & Entertainment are no longer alone in the need to move massive files, and Signiant’s rapidly growing customer base includes companies with digital assets ranging from satellite imagery and big data analytics to genome sequences and biotech research. Signiant’s technologies work for every size company to provide: accelerated file delivery up to 200 times faster than standard internet transfers; enterprise-class security along with full visibility and control of transfers and storage; and simple user-friendly tools. Find out more at www.signiant.com.

CUSTOMER NETWORK

PUBLIC CLOUDSaaS

SaaS

INTERNET