Container element.

The elements nested within the Access container configure the Access log settings. The Access logs are located in the RootInstall\logs directory.

Determines whether aggregate messages are delivered from the edge cache when the virtual host is configured as an edge server. The default value is false.

If the edge server receives aggregate messages from the origin when this setting is disabled, the messages will be broken up before being cached.

<AggregateMessages enabled="true" 
    <MaxAggMsgSize>65536</MaxAggMsgSize>> 
</AggregateMessages>

The Alias element specifies the assumed name(s) of the virtual host.

An alias is an alternative short name to use when connecting to the virtual host. The Alias element lets you specify additional names to connect to this virtual host. Use the Alias element to shorten long host names, or if you want to be able to connect to this virtual host with different names.

<Alias name="abc">abc.adobe.com</Alias>

Container element.

The elements nested in this section list the alias(es) for this virtual host. You can specify an unlimited number of aliases by adding additional Alias elements. Each Alias must map to the IP address of the virtual host.

This element is a comma-delimited list of domains that are allowed to connect to this virtual host. The default value is all. If the Allow element is left empty, the only connections allowed are those coming from the same domain.

<Allow>adobe.com,yourcompany.com</Allow> 

<Allow>localhost</Allow>

<Allow>all</Allow>

Specifies whether overriding edge autodiscovery is allowed by specifying the rtmpd protocol. If enabled, edge autodiscovery is performed by default.

<AllowOverride>true</AllowOverride>

Configures the virtual host as an anonymous proxy (also called an implicit or transparent proxy) or as an explicit proxy. The default value is false. Setting this element to true creates an implicit proxy to intercept the incoming URIs.

Both anonymous and explicit proxies intercept and aggregate the clients’ requests to connect to the origin server. Here are some key differences between anonymous and explicit proxies:

• The identity (IP address and port number) of an anonymous server is hidden from the client.

• The anonymous proxy does not change or modify the routing information in the incoming URI before connecting the client(s) to the origin server.

• The URI for an explicit proxy specifies the edge server(s) that will intercept connection requests to the origin server.

You can create a chain of proxies by specifying them in the URI.

• Any anonymous proxy in the chain passes on, without modification, the routing information in the URI to the next edge server in the chain.

• The routing information in the URI for a chain of explicit proxies specifies the edge servers that are chained together to intercept connection requests to the origin server.

• The routing information in the URI for a chain of explicit proxies specifically identifies the sequence of edge servers in the chain.

• The URI for a chain of explicit proxies directs all clients’ connection requests through a specific sequence of edge servers before making the connection to the origin server.

• The explicit proxy modifies the routing information in the URI by stripping off its token or identifier in the URI before passing the URI on to the next server in the chain.

<Anonymous>falsetrue</Anonymous>

Specifies how often to check for and remove unused resources for application instances, such as Shared Objects, Streams, and Script engines.

The default interval is 1 minute.

<AppInstanceGC>1</AppInstanceGC>

Specifies the Applications directory for this virtual host.

The Applications directory is the base directory where all applications for this virtual host are defined. You define an application by creating a subdirectory with the application name.

• In Windows, the default AppsDir location is C:\Program Files\Adobe\Flash Media Server 3.5\applications.

• In Linux, the default location is /opt/adobe/fms/applications.

<AppsDir>C:\MyApps;D:\NewApps</AppsDir>

<AppsDir>\\myNetworkDrive\share\fmsapps</AppsDir>

Container element.

Determines whether or not to close idle clients automatically.

Set the enable attribute to true to close idle clients. If the enable attribute is omitted or set to false, the feature is disabled. The default value is false.

A client is active when it is sending or receiving data. Use AutoCloseIdleClients to specify how often the server should check for idle clients. When a client has been idle longer than the maximum idle time (60 seconds by default), the server sends a status message to the NetConnectionobject (the client). The server closes the client connection to the server and writes a message to the access log. The server also writes a message such as “Client x has been idle for y seconds” in the core and event logs.

To configure the closing of idle connections, you must enable the feature in the Server.xml file. Once you enable the feature in the Server.xml file, you can disable the feature for individual virtual hosts in the Vhost.xml files or for individual applications in Application.xml. The values defined in the Vhost.xml configuration file apply to all clients connected to the Vhost, unless values are defined in the Application.xml file. The Application.xml values override the Vhost.xml values. Subsequently, the values defined in the Server.xml configuration file apply to all clients connected to the server, unless the values are defined in the Vhost.xml file. The Vhost.xml values override the Server.xml values.

<AutoCloseIdleClients enable="false"> 
    <MaxIdleTime>600</MaxIdleTime> 
</AutoCloseIdleClients>

Container element.

This element enables or disables writing recorded streams to disk. Set this element on an edge server or an intermediate origin server to control the caching behavior. The contents of the cache change. This element controls whether the cached streams are written to disk, in addition to being cached in memory.

The edge server caches content locally to aid performance, especially for vod (video on demand) applications. Caching static content can reduce the overall load placed on the origin server.

The default value of the enabled attribute is false. The useAppDir attribute determines whether to separate cache subdirectories by application. The default value is true.

If a server has multiple virtual hosts, each virtual host should point to its own cache directory.

Enables logging checkpoint events. Checkpoint events log bytes periodically from the start to the end of an event. The following are available as checkpoint events: connect-continue, play-continue, and publish-continue.

This element contains the enable attribute which you can set to true or false. Set the enable attribute to true to turn on checkpoint events in logs. The default value is false.

You must enable checkpoint events at the server level in the Server.xml file. You can disable checkpoints at the vhost and application level in the Vhost.xml and Application.xml files. You can also override the logging interval at the vhost and application levels.

Specifies the primary DNS suffix for this virtual host.

If a reverse DNS look up fails to return the domain as part of the host name, then this element is used as the domain suffix.

Container element.

Contains elements that configure edge autodiscovery. An edge server may connect to another server that is part of a cluster. In this case, the edge server tries to determine which server in the cluster it should connect to (may or may not be the server specified in the URL).

<EdgeAutoDiscovery> 
    <Enabled>false</Enabled> 
    <AllowOverride>true</AllowOverride> 
    >WaitTime>1000</WaitTime> 
</EdgeAutoDiscovery>

Specifies whether edge autodiscovery is enabled. If Enabled is set to true, the edge server tries to determine to which server in a cluster it should connect. The default value is false.

<Enabled>false</Enabled>

When Flash Player connects to Flash Media Server, it sends the server a string containing its platform and version information. You can add Key elements that map Flash Player information to keys. The keys can be any alphanumeric value. In the following example, the keys are A and B:

<VirtualKeys> 
    <Key from="WIN 8,0,0,0" to="WIN 9,0,45,0">A</Key> 
    <Key from="WIN 6,0,0,0" to="WIN 7,9,9,9">B</Key> 
    <Key from="MAC 8,0,0,0" to="MAC 9,0,45,0">A</Key> 
    <Key from="MAC 6,0,0,0" to="MAC 7,9,9,9">B</Key> 
</VirtualKeys>

In the VirtualDirectory element, you map virtual directories used in URLs to physical directories containing streams. In the following example, if a client with key A requests a stream with the URL NetStream.play("vod/someMovie"), it is served the stream c:\on2\someMovie.flv. If a client with key B requests a stream with the URL NetStream.play("vod/someMovie"), it is served the stream c:\sorenson\someMovie.flv.

<VirtualDirectory> 
    <Streams key="A">vod;c:\on2</Streams>  
    <Streams key="B">vod;c:\sorenson</Streams>  
</VirtualDirectory>

For more information, see the “Configuring content storage” section of the Configuration and Administration Guide at www.adobe.com/go/learn_fms_content_en.

This element binds an outgoing edge connection to a specific local IP address.

The LocalAddress element lets you allocate incoming and outgoing connections to different network interfaces. This strategy is useful when configuring an edge to either transparently pass on or intercept requests and responses.

If the LocalAddress element is not specified, then outgoing connections bind to the value of the INADDR_ANY Windows system variable.

Container element.

Contains elements that control logging.

Specifies how often to log a checkpoint, in seconds. This value should be larger than the value for CheckInterval. If the value is smaller, the server logs a checkpoint every check interval. The default value is 3600 seconds (60 minutes).

Specifies the size in bytes of aggregate messages returned from the edge cache. (Aggregate messages must be enabled.) The default size is 65,536.

This setting only applies to messages retrieved from the disk cache. Aggregate messages received directly from the origin server are returned as is and their size is determined by the origin server settings for aggregate message size.

<MaxAggMsgSize>66536</MaxAggMsgSize>

Specifies the maximum number of application instances that can be loaded into this virtual host.

A chat application, for example, might require more than one instance, because each chat room represents a separate instance of the application on the server. The default number is 15,000 application instances.

A Flash SWF file defines which application instance it is connecting to by the parameters it includes with its ActionScript connect call.

<MaxAppInstances>15000</MaxAppInstances>

Specifies the maximum number of clients that can connect to this virtual host.

The maximum number of allowed connections is encoded in the license file. Connections are denied if the specified limit is exceeded. The default number is -1, which represents an unlimited number of connections.

<MaxConnections>-1</MaxConnections>

Specifies the maximum number of connections that can remotely connect to this virtual host. This number is enforced by the license key.

<MaxEdgeConnections>1</MaxEdgeConnections>

Specifies the maximum idle time allowed, in seconds, before a client is disconnected.

The default idle time is 600 seconds (10 minutes). A different value can be set for each virtual host. If no value is set for this element in the Vhost.xml file, the server uses the value in the Server.xml file. The value for the MaxIdleTime element in the Vhost.xml file overrides the value of the MaxIdleTime element in the Server.xml file.

<MaxIdleTime>600</MaxIdleTime>

Specifies the maximum number of shared objects that can be created. The default number of shared objects is 50,000.

<MaxSharedObjects>50000</MaxSharedObjects>

Specifies the maximum allowed size of the disk cache, in gigabytes. The server does LRU (least recently used) cleanup of the cache to keep it under the maximum size. The default value is 32 gigabytes. A value of 0 disables the disk cache. A value of -1 specifies no maximum.

Specifies the maximum number of streams that can be created. The default number of streams is 250,000.

<MaxStreams>250000</MaxStreams>

The Mode element configures whether the server runs as an origin server or as an edge server.

The Mode element can be set to local or remote. The default setting is local.

• When the Mode element is set to local, Flash Media Server runs its applications locally and is called an origin server.

• When the Mode element is set to remote, the server behaves as an edge server that connects to the applications running on an origin server.

• If the Mode element is undefined, the virtual host is evaluated as an alias for the default virtual host and assumes its configuration.

<Mode>local</Mode>

Specifies the physical location of the proxy cache. By default, the location is RootInstall/cache/. The value must be an absolute path. Relative paths are ignored and the server uses the default folder.

Container element.

The elements nested in this section configure this virtual host as an edge server that can forward connection requests from applications running on one remote server to another server.

If this virtual host is configured to run in remote mode and you want to configure the properties of an outgoing SSL connection to an upstream server, the SSL connection to upstream servers will use the default configuration specified in the SSL section of the Server.xml file.

The maximum amount of time, in seconds, the server waits for a response to a request from an upstream server. A request can be for metadata, content, and so on. This value -1 specifies an unlimited amount of time (no timeout). The default value is 2 seconds.

Container element.

The elements in this section specify the maximum resource limits for this virtual host.

Instructs the edge server to forward the connection request to one server’s IP address and port number [host:port] to a different IP address and port number.

Edge servers are configured with the RouteEntry element to direct connections to another destination. The RouteTable element contains the RouteEntry elements that control where the edge server reroutes requests.

You can also add the protocol attribute to an individual RouteEntry element to specify how the edge server reroutes requests. If no protocol is specified, however, Flash Media Server applies the protocol specified in the RouteTable element. Implicit proxies hide the routing information from the clients.

The connection syntax for this element is flexible, as demonstrated in the following examples.

<Proxy> 
    <RouteTable protocol=""> 
    <RouteEntry>foo:1935;bar:80</RouteEntry> 
    </RouteTable> 
</Proxy>

<RouteEntry>*:*;foo:1935</RouteEntry>

<RouteEntry>*:*;*:1936</RouteEntry>

<RouteEntry>*:*;*:80</RouteEntry>

<RouteEntry>foo:80;null</RouteEntry>

Container element.

<RouteTable protocol="rtmp">

or

<RouteTable protocol="rtmps">

The RouteEntry elements nested under the RouteTable element specify the routing information for the edge server. Administrators use these elements to route connections to the desired destination. The RouteTable element can be left empty or it can contain one or more RouteEntry elements.

The protocol attribute specifies the protocol to use for the outgoing connection. The attribute is set to "" (an empty string), rtmp for a connection that isn’t secure, or rtmps for a secure connection.

• Specifying "" (an empty string) means preserving the security status of the incoming connection.

  • If the incoming connection was secure, then the outgoing connection will also be secure.

  • If the incoming connection was not secure, the outgoing connection will not be secure.

• Specifying rtmp instructs the edge not to use a secure outgoing connection, even if the incoming connection was secure.

• Specifying rtmps instructs the edge to use a secure outgoing connection, even if the incoming connection was not secure.

You can override the security status for a connection mapping by specifying a protocol attribute in a RouteEntry element. By default, Flash Media Server applies the protocol configured in the RouteTable list unless the mapping for a particular RouteEntry element overrides it.

Container element.

If a virtual host is running in remote mode as an edge server and you want to configure the properties of an outgoing SSL connection to an upstream server, then you must enable this section and configure its SSL elements appropriately.

When Flash Media Server acts as a client to make an outgoing SSL connection, the following sequence of events takes place:

• The SSL elements in the Vhost.xml file are evaluated first.

• If the SSL elements in the Vhost.xml file override the SSL elements in the Server.xml file, Flash Media Server uses the SSL elements in the Vhost.xml file to configure the connection.

• If the SSL elements in the Vhost.xml file match the SSL elements in the Server.xml file, Flash Media Server uses the default values for SSL in the Server.xml file to configure the connection.

• If the SSL elements in an edge’s Vhost.xml file are not present, Flash Media Server uses the default values specified in the SSL section of Server.xml to configure the SSL connection to upstream servers.

You can also override the configuration for outgoing SSL connections for an individual virtual host in Vhost.xml by copying the SSL elements in Server.xml to the corresponding SSL section in the Vhost.xml file.

For more information on the SSL elements in Server.xml, see SSL.

Specifies the name of a file that contains one or more CA (Certificate Authority) digital certificates in PEM (Privacy Enhanced Mail) encryption format.

Specifies the name of a directory containing CA certificates. Each file in the directory must contain only a single CA certificate. File names must be the hash with “0” as the file extension.

For Win32 only: If this element is empty, attempts are made to find CA certificates in the certs directory located at the same level as the conf directory. The Windows certificate store can be imported into this directory by running FMSMaster - console - initialize from the command line.

Specifies the suite of encryption ciphers that the server uses to secure communications.

This element is a colon-delimited list of encryption resources, such as a key-exchange algorithm, authentication method, encryption method, digest type, or one of a selected number of aliases for common groupings. Each item in the cipher list specifies the inclusion or exclusion of an algorithm or cipher. In addition, there are special keywords and prefixes. For example, the keyword ALL specifies all ciphers, and the prefix ! removes the cipher from the list.

The default cipher list instructs the server to accept all ciphers, but block those using anonymous Diffie-Hellman authentication, block low-strength ciphers, block export ciphers, block MD5 hashing, and sort ciphers by strength from highest to lowest level of encryption.

The cipher list consists of one or more cipher strings separated by colons. Commas or spaces are also acceptable separators, but colons are normally used.

The string of ciphers can take several different forms.

• It can consist of a single cipher suite, such as RC4-SHA.

• It can represent a list of cipher suites containing a certain algorithm, or cipher suites of a certain type.

  For example, SHA1 represents all cipher suites using the digest algorithm SHA1, and SSLv3 represents all SSL v3 algorithms.

• Lists of cipher suites can be combined in a single cipher string using the + character as a logical and operation.

  For example, SHA1+DES represents all cipher suites containing the SHA1 and DES algorithms.

• Each cipher string can be optionally preceded by the characters !, -, or +.

• If ! is used, then the ciphers are permanently deleted from the list. The ciphers deleted can never reappear in the list even if they are explicitly stated.

• If - is used, then the ciphers are deleted from the list, but some or all of the ciphers can be added again later.

• If + is used, then the ciphers are moved to the end of the list. This option doesn't add any new ciphers—it just moves matching existing ones.

• If none of these characters is present, then the string is just interpreted as a list of ciphers to be appended to the current preference list.

• If the list includes any ciphers already present, the server does not evaluate them.

• The cipher string @STRENGTH sorts the current cipher list in order of the length of the encryption algorithm key.

The components can be combined with the appropriate prefixes to create a list of ciphers, including only those ciphers the server is prepared to accept, in the order of preference.

<SSLCipherSuite>ALL:!ADH:!EDH</SSLCipherSuite>

<SSLCipherSuite>RSA:!NULL!EXP</SSLCipherSuite> 
<SSLCipherSuite>RSA:LOW:MEDIUM:HIGH</SSLCipherSuite>

<SSLCipherSuite>ALL:+HIGH:+MEDIUM:+LOW:+EXP:+NULL</SSLCipherSuite>

<SSLCipherSuite>ALL:+HIGH:!LOW:!EXP:!NULL</SSLCipherSuite>

<SSLCipherSuite>ALL:+SSLv2</SSLCipherSuite>

Specifies whether the certificate returned by the server should be verified. Certificate verification is enabled by default. To disable certificate verification, specify false.

Specifies the maximum depth of the certificate chain to accept. If a self-signed root certificate cannot be found within this depth, certificate verification fails. The default value is 9.

<SSLVerifyDepth>9</SSLVerifyDepth>

Specifies the virtual directory mapping for recorded streams. The Streams element enables you to specify a virtual directory for stored stream resources used by more than one application. By using a virtual directory, you specify a relative path that points to a shared directory that multiple applications can access.

You can specify multiple virtual directory mappings for streams by adding additional Streams elements—one for each virtual directory mapping.

For more information, see the “Configuring content storage” section of the Configuration and Administration Guide at www.adobe.com/go/learn_fms_content_en.

<Streams>foo;c:\data</Streams> 

<Streams>common;C:\flashmediaserver\myapplications\shared\resources\</Streams> 

Specifies virtual directory mappings for resources such as recorded streams.

Virtual directories let you share resources among applications. When the beginning portion of a resource’s URI matches a virtual directory, Flash Media Server serves the resource from the physical directory. For detailed information on mapping virtual directories, see Mapping virtual directories to physical directories.

You can use the VirtualDirectory element in conjunction with the VirtualKeys element to serve content based on Flash Player version information. For more information, see VirtualKeys.

<VirtualDirectory> 
    <Streams>vod;d:\sharedStreams</Streams> 
</VirtualDirectory>

Root element of the Vhost.xml file.

This element contains all the configuration elements for the Vhost.xml file.

Lets you map Flash Player versions to keys. The keys are used in the VirtualDirectory element to map URLs to physical locations on a server. Use these elements to deliver streams to clients based on Flash Player version.

Specifies length to wait in milliseconds for edge autodiscovery. The number must be long enough to establish a TCP connection, perform a UDP broadcast, collect the UDP responses, and return an XML response. Do not set this number too low.

<WaitTime>1000</WaitTime>