Did you miss the “Working From Home Securely: Best Practices for Media & Entertainment” webinar featuring Michael Kammes (BeBop Director of Business Development) and Brian Bedell (BeBop Customer Success Specialist)? Here’s another opportunity to catch this webinar, we’ve uploaded a copy of the video here for you!
If you have any questions or would like to find out more about how you can integrate BeBop Technology into your existing editorial or VFX workflow after watching, please click one of the buttons below, fill out the respective form and one of our professionals will help you get started.
Hello everyone. Thank you for you early risers there who are here are a few minutes early. We’ll get started in about two minutes. We’ll be going over working remotely securely, best practices. So, just a wait a few minutes. Thank you.
Don’t worry if you don’t hear anything. We have no audio going right now. We’ll be starting in about 60 maybe 90 seconds. So, just hold tight.
We’ll give it one more minute and then we’ll get started. During the presentation feel free to type in questions and chat and myself or my esteemed colleague, Brian Bardell will answer those in real time.
I’m seeing some familiar faces or at least some familiar names. Thanks for joining. We’ll get started in about 30 seconds.
Excellent. Thank you all for joining. My name’s Michael Kammes. Today we’re talking about working remotely, securely, best practices. I’m with BeBop Technology. Let me restart this because I’m already having technical issues. Awesome. There we go. That’s me. That’s me. My name is Michael Kammes. I’m with BeBop Technology. BeBop Technology specializes in cloud editorial, creative editorial, as well as VFX. What we want to do is speak to a larger segment of you today about what’s going on right now. And basically that’s lot of us are going to be working remote for whatever reason. I don’t need to go into which one. We do need to provision for working remote. And there are a lot of different ways of doing that. I think, in the best interests of the creative community at large, we look at the different ways of doing this, not just the way BeBop does it. Not just the way this other manufacturer does it. But to keep us going when we have to work remote. What are some of the best practices that we can follow regardless of the different paradigms?
That’s what we’re going to cover today. Hopefully we’ll get it done in about a half hour. Then after that we’ll show you where you can go for more information and this webinar series, which is going to be ongoing for the next few days and next few weeks. Moving forward, there are some priorities we need to take into consideration when you’re working remotely. There’s four main tenants. First is security. When you’re working at a creative facility and you’re working with creatives you’re behind a firewall. You’re behind a whatever InfoSec security has instituted. When you’re working from home, you no longer have that cushy pillow of a security to fall on so there are several things that you have to consider when you are looking to security at home.
Next we have usability. Meaning, are the tools that you’re using when you’re at home or at that coffee shop… are they the same or will they approximate what will get your job done? What we have to remember is that when you’re working at home or working remote it’s never the same experience as working at the facility so there has to be some concessions to get your job done.
Next we have organization or tips and tricks to organization your content in a way that other people understand. That make replication not an issue. That make accidental deletion not an issue. We’ll cover that as well. And lastly, collaboration. If you’re working in a facility with people it’s easy to pop over to their edit bay and ask them to view something or to change a lower third. But how can you do that when you’re not on shared storage and you’re not in the same facility? We’ll cover that as well.
There’s one thing I want you to remember and that’s we have to adapt. That means the tools that you’re accustomed to using, when you get to disaster recovery options, where you’re working remote, you may not have the exact same toolset you had prior. That’s expected, that’s okay. We all have to put on our shoes, we all have to sit in the seat, and we all have to work. That means we have to accept that there’s going to be a learning curve. We have to accept that it’s going to be protracted in terms of if we normally spent eight hours, this may be nine hours. There has to be the expectation that things are going to be a little bit different and we have to recognize that that’s uncomfortable but it’s something we have to do if we’re going to weather the storm.
Security. Things like the physical storage. When you have storage at your house, for example. Is the storage passworded? Is it available to the public internet? The computer, what kind of security settings are on there? What kind of firewalls? Is there security on your OS? What does InfoSec say and what are the legal ramifications? That’s the kind of security stuff I’m talking about and we’ll cover that in the different paradigms.
Usability, as I mentioned. Is it familiar to you? Do you understand the applications? Can we find a balance between functionality of the editing tool, of the VFX tool, of the creation tool and still find a balance with that and comfort of using the tool? And, also, as I mentioned, disaster recovery.
Organization can take many forms. It can be a person that’s a media manager. It can be an asset management system that you already have on prem. But when you start dealing with remote workflows there has to be someone who’s putting eyeballs on the media to make sure that what you’re getting is the right media. That also means that, perhaps you have to have multiple levels of backups because you may inadvertently copy something incorrectly. You may copy the avid media files folder onto another folder and erase the old files. You may overwrite a project file or save it in a newer version which makes it incompatible with other versions of software. You need to make sure you’re taking that into consideration.
You also need to have unified naming conventions to make sure that folders, files, have either the project name, the account number, the house code, the date modified, and whether you’re entering the year first or the month first. Those always have to be homogenized throughout the facility so everyone’s following the same procedure. And, of course, how do we replicate the collaborative tools? How are we doing file exchanges? How are we doing video and audio conferencing? How are we emulating shared storage platforms? And, of course, the review and approve.
The first solution is something that all of you, I’m sure, have done at one point or another. It’s the low hanging fruit. It’s the first way to go about doing things. That’s remote creatives with local drives. This is where all the media is back at home base and someone copies the applicable media to portable drives and you take those drives home. Or that media is pushed up to the cloud and then you download it to your local home system and then you work with it. It becomes more of a push pull methodology. That’s also called sneaker netting. You may have heard that term. That’s probably the first thing people will try and it’s a tried and true methodology. It does work but it does have a lot of bottlenecks and there are some things you have to be concerned with especially when you start doing this when transitioning from working at a facility.
First thing to look at, your home network and firewall. Do you have your firewall turned on? Do you have inbound ports turned off? Is the firmware on your router and your firewall updated? All of that needs to be checked. You may have heard some other hacks or break-ins in the industry and a lot of that was because the firewall was bypassed or it wasn’t on or the password was set as a default to the manufacturers default password. You can’t afford to have your content leak out or snuck out because you haven’t checked your firewall and security settings.
When it comes to getting content from the facility to where you’re editing at home one common method is hard drives. There are several solutions and many factors that make hard drives, which have hardware keys on them as you can see in the picture. Companies like Data Locker or Apricorn and Kingston. There’s also DISCatcher Pro and Keypads and several other companies that are making these drives that have passcodes on them. These passcodes are usually hardware so if it’s set and too many incorrect passwords are entered the media is deleted. This is a common way to get media from one location to another when your internet isn’t fast enough or you simply don’t have enough space in the cloud.
There’s also the concept of backups. The three, two, one methodology which is you should have three backups on two different types of media and one should be off premises. If you are getting content at home and you’re not being given a copy of a backup you should definitely look into some kind of second storage tier or even third storage tier at home. Whether it be uploading to a secure website that InfoSec clears for you or buying another hard drive and maybe expensing it and putting it on there. You need to have multiple backups to cover yourself.
Speaking of that, when you look into cloud storage and internet transfers that’s something you need to talk to your IT team about. There’s a ton of sites like We Transfer, Google Drive, et cetera. Certainly those work for moving media around but do they pass your security test? There is such a thing by security by obscurity. If no one catches you, well I guess it’s okay. Your company has signed a security agreement with the partners they work with. For example, if you’re an independent production company and you work with a studio and you’re doing VFX for a studio, you’re signing a contract saying you adhere to certain security guidelines. When you violate that by editing remote, regardless of what the conditions are, whether it be disaster recovery or whether it be human transit shut down or weather or whatever, you’re still bound by those security guidelines and no one wants to end up in litigation because research wasn’t done to verify that a website was safe or that permissions were set right on the cloud storage. You do need to double check that. That goes hand-in-hand, not only with the legal contracts, but your InfoSec guidelines. I highly recommend you work with your IT person to get recommended sites and transfer services that are okay to use.
When you’re working remote some things are really easy. You get to use creative tools. If you cut with Adobe at the office, well great, you load up Adobe at home. If you cut with Avid in the office, well I hope you have a copy of Avid at home. That makes usability that much easier. What you may want to start to look into is proxy work flows. I know that a lot of NLE’s tout the fact that they can work high res media but I think we all know that once you start getting into higher rasters, a lot of plug-ins, a lot of VFX work, you need to render. Getting those high res files locally, especially over the internet, can be difficult and can be expensive. So you may want to investigate going into proxy workflows. The good thing is that the big three NLE’s, actually the four if you count Resolve, all have proxy work flows. They can look at media and you can generate proxy files to cut with.
As I mentioned, usability, you want to make sure that your transfer tools are completely secure and authorized by your InfoSec team. There is something you may want to look into. I know five or six years ago this had a really bad aura around it. Most people will transfer content from on-prem to an FTP site or a server in the sky and then download it. That’s a two step process. You upload to one place and then you download from that one place. There are peer-to-peer tools or P2P. You may be familiar with that back in the old Napster days or LimeWire days. I know I’m dating myself with that but that kind of technology can accelerate data transfer from one location to another because there’s no middle man. And that’s what the image is is on the right there. It’s peer-to-peer network models. Resilio Sync is a great application and that will sync content from your location to another location without having to go to a cloud server first.
You need to take extra care, obviously, when you’re writing files and rendering files and deleting files so you’re not deleting the only copy of that file. As I mentioned in the onset, you have to plan for extra time to learn, period. You can’t assume that things are going to be smooth sailing. You got to take a deep breath and realize there’s going to be some assimilation time. Take a deep breath. Take a deep breath.
For organization, this is where you need to adopt, as I mentioned earlier, cohesive naming conventions. That may be something like the house account number underscore date underscore the editors name. This may be a folder structure that outlines your effects. Excuse me, outlines your project files, your render files. If you’re working on a Mac there’s a great application called Post Haste you may want to look into which will auto generate these file folders. That’s fantastic. But you want to keep whatever naming convention you’ve already used at your facility so when you do return to the facility you can copy that media back onto the shared storage. If someone looks back in a year things will be where they’re supposed to be.
You’ll also need to think long and hard about cache and render files. Cache files and render files are usually local to your machine or just for you to use. If you’re exchanging project files or bin files et cetera, you traditionally are not shelling around render files unless these are heavy VFX comps. You’re normally letting each person render their own because the file are just too bloated. So you need to work out where you’re saving those render files and if your team actually needs those render files or if you can just keep them locally.
Also, backups, as I mentioned. I’m going to keep repeating that because it’s very important. Again, double check everything you’re doing.
Collaborating. The good thing about many of the NLE’s out there is that as long as they see the media you can exchange project files or bin files between them. Avid, obviously you can exchange bin files. Resolve you can exchange project files. You have Adobe and their upcoming production panel and you can use their bins or their project files as virtual bin files. That’s what you can do. You can use tools like Post Lab which allows you to have Final Cut Pro share libraries across the cloud. There are ways to collaborate without having to send finished cuts to everybody.
There’s also a ton of video conferencing applications. I think you have to understand that video conferencing apps are going to be a little bit reduced. It’s not going to be 30 frames a second in glorious 4k, it’s going to be 720 or less and it’s going to be 15 to 20 frames a second and all the caveats of using free or shareware applications. Things like Zoom, which you’re on now. Things like BlueJeans if you’re using Microsoft. Obviously Teams is something that is used quite a bit. Skype is also a very popular solution. Don’t be afraid to do that. Also, for your mental well being, sometimes just being able to see someone smile and joke around with someone while you’re at home all day alone will certainly make you in a much better mood.
We also have things like review and approve. Review and approve takes its form in two different ways. We have asynchronous review and approve which means push-pull. This would be you pushing to YouTube on an unlisted link and then letting someone view that whenever they’re ready. Or, what we call, synchronous review and approve which is like having someone in your edit bay looking over your shoulder. Review and approve, when you’re working remote, can be difficult because you don’t have the internet bandwidth and you don’t have the expensive tools to do something like that. There are tools that can do real time review and approve. Things like EverCast which is just a fantastic piece of technology but that’s rather expensive. It can be upwards of $1,000 a month. More lower cost solutions like Teradek or Haivision or ClearView Flex by Sohonet are fantastic solutions. Those solutions allow you to stream full frame rate video across the internet to a receiver and it becomes a virtual screening room. Those are solutions to look into.
When we get into the non-real time or asynchronous review and approve, we have tools like Frame.io. Obviously there are things like Vimeo and YouTube which are not very secure, all it takes is for someone to share a link, but can be used. We do have Frame.io as I mentioned and then we have Vimeo, of course, with the paid accounts where you can password things which are pretty interesting.
That’s the remote creatives with local drives. Next we’re going to a very novel solution which is extended desktop. This is taking the machines that are already at the facility you work at and saying, “Hey, why don’t I remote into those systems as if I’m sitting in front of them? Why can’t I do that?” No, you’re right, there are some ways to do that. Here’s another way of looking at it. You’d have a main office, you have computer control that’s through a VPN or secured connection through the cloud, back to your home office where you access that machine. Since you’re not streaming 4k media to your local machine you’re only getting your computer gooey the data rate is drastically cut down. And because you’re only sending keyboard commands and mouse commands the amount of data you need to send back is very minimal. This has a lot of awesome benefits.
First is security. Well, you’ve already got the security because the computer is already sitting at your facility. All the firewall rules, all the InfoSec guidelines that are being followed, those are already setup. Half the battle is done there. However, what about your local security? Again, is your local firewall and firmware, is that all up to date? Have you locked down all the ports that maybe were open for gaming? You want to make sure that those are closed as well. Also, what does make things more difficult is if you’re trying to upload content from your home office to the shared storage at your office. That means that your IT team has to open up your shared storage at the facility to the world because there has to be a way of getting that content through the firewall to the shared storage. And that’s traditionally a big no-no. You never put your expensive fast storage with sensitive content that you’re under contract to keep secure… You never make that publicly available unless you have some very strict firewall set up and some very tight security guidelines.
It’s not as easy as simply opening up that storage to the world. You have to be very careful with that. Also, we have protocols. There are a dozen different ways for you to connect to a system at your facility from your home system. However, those protocols, most often, are not secure which means there’s no SLA on how secure it can be so people can hack into it. That’s why you want to look into protocols that are secure. For bang for the buck Teradici is probably the best out there with PC over IP. Not only is the video streaming encrypted but there’s NSA Suite B cyphers and 256 bit encryption. That’s a lot different than things like Team Viewer or VNC. You want to make sure that you’re using a protocol that supports the security that your facility is bound by.
For usability, you’re using your desktop as you would when you’re sitting in front of the machines. You get familiar apps, that’s great. However, if the protocols do not deliver a, shall we say, creative experience. Ones that are only giving you 10 or 15 frames a second and have color banding and out of sync audio and it looks like it’s dropping frames, that’s going to drive you nuts as an editor. You can’t determine where to make a cut if you’re not seeing every frame. You have to make sure the protocol that you’re using supports something robust like media. That’s, again, where Teradici comes in real well and where other protocols like VNC and Team Viewer and Go to My PC just aren’t up to the challenge for media.
If we look at shared storage, that’s obviously great. You already have shared storage at your facility so you can still interact with that in real time while you’re remote because, again, you’re just remoting into the system. You are going to lose face-to-face time but is that bad? A lot of us like to be in a dark room and edit by ourselves anyway so is it really bad we’re not seeing people face-to-face? That could be a bonus! For others who need that one-on-one interaction that’s when you start looking into video conferencing to kind of supplement that real world interactivity. Also, tech support becomes an issue. If you have a system at home who do you call for tech support? Your IT team can certainly support your gear in the building, that is, if they can come to work, but who does the IT for your home office? That can be challenge.
Lastly, collaboration. It’s business as usual if you’re on shared storage. You can use the same file structures you’ve been, you can use the same naming convention because at the end of the day you’re still using the same storage that you’re using when you’re in the office. Luckily, organization becomes a lot less of a challenge. If you are uploading from your home office to the shared storage back at the facility, which is very difficult from a security perspective, you want to make sure to adhere to that same naming convention.
Collaboration, we have the shared storage which I mentioned, and then review and approve is always going to be asynchronous. When you’re working in an extended desktop environment you can’t invite someone to walk into your bay because you’re not there. You don’t want to invite them over to your house to look over your shoulder because that’s why you’re working from home in the first place, to avoid working with other people. So it will take more time for you to export something and to put it on a wire drive or a Frame.io or some other platform to see that unless you’ve invested in some kind of video conferencing application.
Lastly, we have the solution that I’ve been working with mostly over the past year and a half. That’s everything in the cloud. That’s where your workstation, your storage, and your… Your workstation, storage, and applications are all in the data center near you. And this is kind of how it looks. You have your media that’s sitting at your facility, that’s uploaded to a data center and that’s where all your creative machines are. All the machines you could ever want are there. You then remote into that system, just like you would remote into your office system, but you’re not limited by the hardware and software that’s sitting at your facility, you have the infinite scalability of the cloud.
This gives me a chance to share something with you that a lot of people have wrong. That’s cloud service provides, or CSP’s, are more secure than your office I guarantee you. Hacks to CSP’s don’t happen. Hack is a term that’s been really, dare I say, bastardized in the industry because most hacks are nothing more than social engineering. Someone guessing your password or being able to steal your credit card or something along those lines as opposed to ab brute force breach. It’s a security flaw that people have opened up and that’s usually what the cause of most hacks are. And then the protocol that you’re using. You can certainly spin up a workstation in the cloud and then use Team Viewer to get to it but that’s not going to be secure. So you want to make sure that the protocol that you’re using to get to that workstation in the cloud is applicable.
Usability, this is where the growing pains come into play. Windows only. Data centers around the world, by and large, are Windows or Linux. They’re running Windows OS’s on top of hardware because Windows allows you to license the OS separate from the hardware. Apple doesn’t allow that. Apple doesn’t allow virtualization of their OS off of Apple hardware. There are a couple Mac data centers around the world but those don’t scale very well because virtualization, the Mac OS, isn’t as efficient as it is in Windows and the Mac’s don’t support protocols like Teradici and other protocols that need that kind of security. By and large it’s going to be Windows. I can’t say much for your Final Cut folks but if you’re working in Resolve, you’re working Avid, you’re working in premier, once you get into the application it looks about the same and you can certainly map your modifier keys without much trouble.
Usability, you want to make sure that you’re using this in a data center that’s near you. If you’re in LA, well you kind of want to avoid using a data center out in the UK. You want to use one near you because the closer you are the more it’s going to feel like it’s local. The great thing about the cloud is you can load virtually any app on there, no pun intended, and you get access to share storage if it’s built right which is what BeBop does. You may want to look into proxy’s because fast storage in the cloud is expensive. Sometimes $300 to $400 per terabyte per month for fast storage. A lot of folks with create proxy’s and edit with proxy’s or use a tiered storage approach in the cloud where they’ll use less expensive storage, like Bucket or Glacier or Blob, and park all their content there and then only move smaller chunks to their fast storage.
Organization, hey it’s standard. Again, you’re working in a shared environment that would emulate what you have working at the facility. So the naming convention should be exactly the same. In some instances you can simply mirror the content that’s on your facility SAN or NAS and mirror that in the cloud.
Collaboration, you’re using shared storage so obviously you can view shared projects if your application supports it. BeBop has something called Over The Shoulder which is allowing someone to view your computer screen and see your timeline and play head and program monitor in real time and you can communicate back and forth with audio. That’s pretty cool. You’ll see some of that tomorrow with Brian’s webinar.
Also, because we’re doing this in the cloud, we can do asynchronous review and approve. Which means we can push it to Frame.io, you can push it to Wiredrive, you can push it to YouTube or Vimeo, provided InfoSec allows for it, and that can continue as normal.
As I conclude this portion, and then we’ll jump into Q&A, you can see an address up there where we’re going to have more webinars like this, both tomorrow and next week. Tomorrow’s webinar will be a little bit more focused on BeBop and I’ll let Brian talk about that in a second. If that’s too long for you to remember, I got a nice little shortened URL right there. You can track me down and hound me online and tell me how wrong I am on Twitter and Instagram and the Facebook’s and the FaceSpaces as my grandmother calls it. @MichaelKammes or you can also email me at firstname.lastname@example.org. Before we jump into Q&A, Brian do you want to tell folks what tomorrows webinar is going to be on and then we’ll tackle Q&A?
Yeah, great, thank you Michael. Tomorrow we’ll be having a webinar specifically about what the creatives usage is going to be like. What’s it like to be an editor working remotely in the cloud? Specifically on the BeBop platform but I come from a background of working remotely with a lot of different organizations and bringing that experience into that webinar as well to talk about some of the best practices and ways to seamlessly transition from working in a studio or post facility into a cloud based environment. I’m really excite to talk to you guys about that tomorrow and go over some of those things. Let’s kick off this Q&A.
Okay. Let me see if I can track down my Q&A questions, hang on.
I think I already answered all of them.
Oh, well damn. Okay. Hang on, let me bring up my… Nope, that’s not what I want. You don’t need to see my Facebook. There we go.
I saw a question there about TPN compliance. It looks like that question came in earlier today. Yeah, TPN compliance is a very interesting topic and you’re going to see a big change in that in the next couple months. Mesa and a couple other organizations are working on revamping the TPN or trusted partner network. For those who don’t know, the trusted partner network is organizations that have proven that they have a certain level of compliance to security guidelines. Once they have the TPN label it allows studios and other production houses to go and say, “We are TPN compliant because we’re using these TPN compliant applications and services.” We’re not going over that explicitly especially since it’s going to be changing relatively soon.
Were there any other questions, Brian? That was the only one I saw.
No, there were a few questions about the TPN compliance with all the solutions that we were talking about and there were some other nuances… It’s obviously a very large discussion that we weren’t really going to have time to get into today but we are going to be hosting another webinar where CDSA will be present to speak about that more specifically.
Excellent, excellent. Well, I will cut everyone loose [crosstalk 00:31:41]-
We do have one question coming in, I know we’re right at the 2:30 time but I think this is a great question from Rick Nowak. Can we speak to setting up BeBop as an option should they need to have an immediate need to work remotely?
Yes. If any of you guys have seen any of my presentations you know that I tend to be very middle of the road so I can accentuate the positives and negatives. So I purposefully didn’t force BeBop down anyone’s throat. But, yes, we have a fantastic solution for that and I’ll give you a quick 60 second synopsis of that.
As some of you may have seen on social media last night, when you start looking at disaster recovery traditionally when folks are sent home they’re told a few days in advance or that day, “You’re going home.” And that means they have to begin working within a couple days. When you start looking at disaster recovery options none of them can be implemented in 24-48 hours. It just doesn’t happen unless you’re sneaker netting drives and holding on by the skin of your teeth you can’t do that. That’s not a way to go about things.
BeBop, when we work with you to set up your region and what not, usually takes a couple weeks. That’s because we have to get the workstations the way you need them, get the apps installed, get the licensing, get the security, get the storage, get the content moved up, and we’re then working with InfoSec and that can take a few weeks. A couple weeks or a few weeks. However, BeBop has a disaster recovery program whereas you engage with us and then starting tomorrow we start building the infrastructure you need. The amount of workstations, the amount of storage, the applications, the plug-ins, the security. And then once we have that built, we hibernate it. When we hibernate it you’re paying a skeleton cost just to keep the lights on. Think of it as an insurance policy. And then, you give us a call when you’re told you have to go home, and within 48 hours we spin everything back up and you’re ready to go.
There is a little bit of cost on the front end to get everything built and to get everything to your specifications, but once it’s done it’s done. We put it in the closet and we just let it sit there with the minimum power it needs to run. You’re paying pennies on the dollar to keep it running and then, when you’re ready, within 48 hours we can spin that back up. There’s certainly a DR solution but the DR solution is not going to work if you need it tomorrow, we need to start today. I don’t want to scare anyone, but it is something you have to be forward thinking about and provision for and not react to.
With that, I think we’ll stop the webinar. Thank you everyone for tuning in. This will be on demand hopefully in the next few days. Feel free to reach out online for more questions and join us for our webinar series continuing tomorrow. Thanks everyone.