Vhost.xml configuration file defines an individual virtual host.
Each virtual host directory on the server contains its own Vhost.xml
The Vhost.xml file contains elements that define the settings
for the virtual host. These settings include aliases for the virtual
host, the location of the virtual host’s application directory,
limits on the resources the virtual host can use, and other parameters.
Each virtual host must have its own directory inside the adaptor
directory. The name of the directory must be the actual name of
the virtual host, such as streaming.adobe.com. Each defined virtual
host must be mapped to a DNS (domain name server) entry or another
name resolution, such as a WINS address or a hosts file, that specifies
an IP address on the server computer.
Each adaptor must contain a _defaultVHost_ directory in addition
to the custom virtual hosts that you define. If a client application
tries to connect to a virtual host that does not exist, the server
attempts to connect it to _defaultVHost_. If you are using a secure
port for the adaptor that contains the virtual host, you can only
define one virtual host for the adaptor, in addition to _defaultVHost_.
To see the element structure
and default values in Vhost.xml, see the Vhost.xml file installed
with Adobe Media Server in the RootInstall/conf/_defaultRoot_/_defaultVhost_
The Alias element
specifies the assumed name(s) of the virtual host.
An alias is an alternative short name to use when connecting
to the virtual host. The Alias element lets you
specify additional names to connect to this virtual host. Use the Alias element
to shorten long host names, or if you want to be able to connect
to this virtual host with different names.
the name of this virtual host is “abc.adobe.com”, but you wish to
connect by simply specifying “abc”, then specify the alias abc.
Keep in mind that abc must still map to the same
IP address as “abc.adobe.com”.
If more than one virtual host
on the same adaptor has been defined with the same alias, then the
first match that is found is taken. You can avoid unexpected behavior
by specifying a unique alias for each virtual host.
The elements nested in this section list the alias(es) for this
virtual host. You can specify an unlimited number of aliases by
adding additional Alias elements. Each Alias must
map to the IP address of the virtual host.
element is a comma-delimited list of domains that are allowed to
connect to this virtual host. The default value is all.
If the Allow element is left empty, the only connections
allowed are those coming from the same domain.
example allows only connections from the adobe.com and yourcompany.com
example allows localhost connections only.
example allows connections from all domains. Adobe does not recommend the
use of all; it may create a security risk.
the virtual host as an anonymous proxy (also called an implicit or transparent proxy)
or as an explicit proxy. The default value is false.
Setting this element to true creates an implicit
proxy to intercept the incoming URIs.
Both anonymous and explicit proxies intercept and aggregate the
clients’ requests to connect to the origin server. Here are some
key differences between anonymous and explicit proxies:
The identity (IP address and port number) of an anonymous
server is hidden from the client.
The anonymous proxy does not change or modify the routing
information in the incoming URI before connecting the client(s)
to the origin server.
The URI for an explicit proxy specifies the edge server(s)
that will intercept connection requests to the origin server.
You can create a chain of proxies by specifying them in the URI.
Any anonymous proxy in the chain passes on, without modification,
the routing information in the URI to the next edge server in the
The routing information in the URI for a chain of explicit
proxies specifies the edge servers that are chained together to
intercept connection requests to the origin server.
The routing information in the URI for a chain of explicit
proxies specifically identifies the sequence of edge servers in
The URI for a chain of explicit proxies directs all clients’
connection requests through a specific sequence of edge servers
before making the connection to the origin server.
The explicit proxy modifies the routing information in the
URI by stripping off its token or identifier in the URI before passing
the URI on to the next server in the chain.
can specify multiple applications directories by separating locations
with a semicolon (;). You can specify two locations,
each of which contains application subdirectories. If you change
the default location of the AppsDir element, be sure
to include a directory named admin in each directory.
This ensures that the Administration Console (ams_adminConsole.swf)
will be able to connect to the virtual host.
If no location
is specified for this element, the applications directory is assumed to
be located in the vhost directory.
following example shows a mapping to a network drive:
Determines whether or not to close idle clients automatically.
Set the enable attribute to true to
close idle clients. If the enable attribute is omitted
or set to false, the feature is disabled. The default
value is false.
A client is active when it is sending or receiving data. Use AutoCloseIdleClients to
specify how often the server should check for idle clients. When
a client has been idle longer than the maximum idle time (60 seconds
by default), the server sends a status message to the NetConnectionobject
(the client). The server closes the client connection to the server
and writes a message to the access log. The server also writes a
message such as “Client x has been idle for y seconds”
in the core and event logs.
To configure the closing of idle connections, you must enable
the feature in the Server.xml file. Once you enable the feature
in the Server.xml file, you can disable the feature for individual
virtual hosts in the Vhost.xml files or for individual applications
in Application.xml. The values defined in the Vhost.xml configuration
file apply to all clients connected to the Vhost, unless values
are defined in the Application.xml file. The Application.xml values
override the Vhost.xml values. Subsequently, the values defined
in the Server.xml configuration file apply to all clients connected
to the server, unless the values are defined in the Vhost.xml file.
The Vhost.xml values override the Server.xml values.
element enables or disables writing recorded streams to disk. Set
this element on an edge server or an intermediate origin server
to control the caching behavior. The contents of the cache change.
This element controls whether the cached streams are written to
disk, in addition to being cached in memory.
The edge server caches content locally to aid performance, especially
for vod (video on demand) applications. Caching static content can
reduce the overall load placed on the origin server.
The default value of the enabled attribute is false.
The useAppDir attribute determines whether to separate
cache subdirectories by application. The default value is true.
If a server has multiple virtual hosts, each virtual host should
point to its own cache directory.
Enables logging checkpoint events. Checkpoint events log
bytes periodically from the start to the end of an event. The following
are available as checkpoint events: connect-continue, play-continue,
This element contains the enable attribute which you can set
to true or false. Set the enable attribute
to true to turn on checkpoint events in logs. The default
value is false.
You must enable checkpoint events at the server level in the
Server.xml file. You can disable checkpoints at the vhost and application
level in the Vhost.xml and Application.xml files. You can also override
the logging interval at the vhost and application levels.
Contains elements that configure edge autodiscovery. An edge
server may connect to another server that is part of a cluster.
In this case, the edge server tries to determine which server in
the cluster it should connect to (may or may not be the server specified
in the URL).
When Flash Player connects to Adobe Media Server, it sends
the server a string containing its platform and version information.
You can add Key elements that map Flash Player
information to keys. The keys can be any alphanumeric value. In the
following example, the keys are A and B:
In the VirtualDirectory element, you map virtual
directories used in URLs to physical directories containing streams.
In the following example, if a client with key A requests
a stream with the URL NetStream.play("vod/someMovie"),
it is served the stream c:\on2\someMovie.flv. If a client with key B requests
a stream with the URL NetStream.play("vod/someMovie"),
it is served the stream c:\sorenson\someMovie.flv.
element binds an outgoing edge connection to a specific local IP
The LocalAddress element lets you allocate incoming
and outgoing connections to different network interfaces. This strategy
is useful when configuring an edge to either transparently pass
on or intercept requests and responses.
If the LocalAddress element is not specified,
then outgoing connections bind to the value of the INADDR_ANY Windows
Specifies how often to log a checkpoint, in seconds. This
value should be larger than the value for CheckInterval.
If the value is smaller, the server logs a checkpoint every check
interval. The default value is 3600 seconds (60 minutes).
the size in bytes of aggregate messages returned from the edge cache. (Aggregate
messages must be enabled.) The default size is 65,536.
This setting only applies to messages retrieved from the disk
cache. Aggregate messages received directly from the origin server
are returned as is and their size is determined by the origin server
settings for aggregate message size.
the maximum number of application instances that can be loaded into this
A chat application, for example, might require more than one
instance, because each chat room represents a separate instance
of the application on the server. The default number is 15,000 application
A Flash SWF file defines which application instance it is connecting
to by the parameters it includes with its ActionScript connect call.
the maximum number of clients that can connect to this virtual host.
The maximum number of allowed connections is encoded in the license
file. Connections are denied if the specified limit is exceeded.
The default number is -1, which represents an unlimited number of
the maximum idle time allowed, in seconds, before a client is disconnected.
The default idle time is 3600 seconds (60 minutes). If you set
a value lower than 60 seconds, the server uses the value 1200 seconds
A different value can be set for each virtual host. If no value
is set for this element in the Vhost.xml file, the server uses the
value in the Server.xml file. The value for the MaxIdleTime element
in the Vhost.xml file overrides the value of the MaxIdleTime element
in the Server.xml file.
Specifies the maximum allowed size of the disk cache, in
gigabytes. The server does LRU (least recently used) cleanup of
the cache to keep it under the maximum size. The default value is
32 gigabytes. A value of 0 disables the disk cache. A value of -1
specifies no maximum.
Specifies the number of buckets to divide the
cache into. The aggregate cache size is defined by MaxSize.
Can be any value from 2 to 128; the default value is 8. More buckets
mean that a smaller portion of the disk content will be deleted at
any one time, but also that files will need to be moved to new buckets
more often, which results in more disk activity and lower performance.
can define the number of buckets that contain contents that can
be moved with NumBucketsAtRisk.
Specifies the number of buckets considered to
be “at risk” of deletion. Can be any value from 0 to NumBuckets -
1; the default is NumBuckets/2. To avoid moving
files too frequently at the expense of disk performance, only segments that
are in the oldest NumBucketsAtRisk buckets will
be moved to the newest bucket when accessed. A value of 0 means
that segments, once pulled from the origin, are never moved to a
newer bucket, effectively turning the cache into an LRU (least recently
The default value of NumBuckets/2
means that only segments in the “older half” of content will be
moved. The idea is that segments in the “newer half” of content
are more likely to be accessed again before they are deleted, thus making
it less important to move them.
Specifies the physical location of the proxy cache. By
default, the location is RootInstall/cache/. The value must
be an absolute path. Relative paths are ignored and the server uses
the default folder.
The elements nested in this section configure this virtual host
as an edge server that can forward connection requests from applications
running on one remote server to another server.
Whenever a virtual host is configured as an
edge server, it behaves locally as a remote server.
If this virtual host is configured to run in remote mode
and you want to configure the properties of an outgoing SSL connection
to an upstream server, the SSL connection to upstream servers will
use the default configuration specified in the SSL section
of the Server.xml file.
The maximum amount of time, in seconds, the server waits
for a response to a request from an upstream server. A request can
be for metadata, content, and so on. This value -1 specifies an
unlimited amount of time (no timeout). The default value is 2 seconds.
the edge server to forward the connection request to one server’s
IP address and port number [host:port] to a different IP address
and port number.
Edge servers are configured with the RouteEntry element
to direct connections to another destination. The RouteTable element
contains the RouteEntry elements that control where
the edge server reroutes requests.
You can also add the protocol attribute to an
individual RouteEntry element to specify how the
edge server reroutes requests. If no protocol is specified, however,
Adobe Media Server applies the protocol specified in the RouteTable element.
Implicit proxies hide the routing information from the clients.
The connection syntax for this element is flexible, as demonstrated
in the following examples.
example shows how you can configure the edge to route all connections
to the host foo to the host bar.
Use of the wildcard character * to
replace host and port.The example shows how to route connections
destined for any host on any port to port 1935 on the host foo.
example instructs the server to route connections to any host on
any port to the specified host on port 1936. For example, if you
were to connect to foo:1935, the connection would
be routed to foo:1936.
example instructs the server to use the values for host and port
on the left side as the values for host and port on the right side,
and to route connections destined for any host on any port to the
same host on port 80.
example instructs the server to route a host:port combination to null.
Its effect is to reject all connections destined for foo:80.
The RouteEntry elements nested under the RouteTable element
specify the routing information for the edge server. Administrators
use these elements to route connections to the desired destination.
The RouteTable element can be left empty or it
can contain one or more RouteEntry elements.
The protocol attribute specifies the protocol
to use for the outgoing connection. The attribute is set to "" (an
empty string), rtmp for a connection that isn’t
secure, or rtmps for a secure connection.
Specifying "" (an empty string) means
preserving the security status of the incoming connection.
If the incoming connection was secure, then the outgoing
connection will also be secure.
If the incoming connection was not secure, the outgoing connection
will not be secure.
Specifying rtmp instructs the edge not to
use a secure outgoing connection, even if the incoming connection
Specifying rtmps instructs the edge to use
a secure outgoing connection, even if the incoming connection was
You can override the security status for a connection mapping
by specifying a protocol attribute in a RouteEntry element.
By default, Adobe Media Server applies the protocol configured in
the RouteTable list unless the mapping for a particular RouteEntry element
If a virtual host is running in remote mode
as an edge server and you want to configure the properties of an
outgoing SSL connection to an upstream server, then you must enable
this section and configure its SSL elements appropriately.
When Adobe Media Server acts as a client to make an outgoing
SSL connection, the following sequence of events takes place:
The SSL elements in the Vhost.xml file
are evaluated first.
If the SSL elements in the Vhost.xml file
override the SSL elements in the Server.xml file,
Adobe Media Server uses the SSL elements in the
Vhost.xml file to configure the connection.
If the SSL elements in the Vhost.xml file
match the SSL elements in the Server.xml file, Adobe Media Server
uses the default values for SSL in the Server.xml
file to configure the connection.
If the SSL elements in an edge’s Vhost.xml
file are not present, Adobe Media Server uses the default values
specified in the SSL section of Server.xml to configure
the SSL connection to upstream servers.
When Adobe Media Server is running in local
mode as an origin server, the SSL information in the vhost.xml file
is not evaluated.
You can also override the configuration for outgoing SSL connections
for an individual virtual host in Vhost.xml by copying the SSL elements
in Server.xml to the corresponding SSL section
in the Vhost.xml file.
For more information on the SSL elements in Server.xml, see SSL.
the name of a directory containing CA certificates. Each file in
the directory must contain only a single CA certificate. File names
must be the hash with “0” as the file extension.
For Win32 only: If this element is empty, attempts are made to
find CA certificates in the certs directory located at the same
level as the conf directory. The Windows certificate store can be
imported into this directory by running AMSMaster - console - initialize from
the command line.
the suite of encryption ciphers that the server uses to secure communications.
This element is a colon-delimited list of encryption resources,
such as a key-exchange algorithm, authentication method, encryption
method, digest type, or one of a selected number of aliases for
common groupings. Each item in the cipher list specifies the inclusion
or exclusion of an algorithm or cipher. In addition, there are special
keywords and prefixes. For example, the keyword ALL specifies
all ciphers, and the prefix ! removes the cipher
from the list.
The default cipher list instructs the server to accept all ciphers,
but block those using anonymous Diffie-Hellman authentication, block
low-strength ciphers, block export ciphers, block MD5 hashing, and
sort ciphers by strength from highest to lowest level of encryption.
Contact Adobe Support before changing the
The cipher list consists of one or more cipher strings separated
by colons. Commas or spaces are also acceptable separators, but
colons are normally used.
The string of ciphers can take several different forms.
It can consist of a single cipher suite, such as RC4-SHA.
It can represent a list of cipher suites containing a certain
algorithm, or cipher suites of a certain type.
For example, SHA1 represents
all cipher suites using the digest algorithm SHA1, and SSLv3 represents
all SSL v3 algorithms.
Lists of cipher suites can be combined in a single cipher
string using the + character as a logical and operation.
example, SHA1+DES represents all cipher suites
containing the SHA1 and DES algorithms.
Each cipher string can be optionally preceded by the characters !, -,
If ! is used, then the ciphers are permanently
deleted from the list. The ciphers deleted can never reappear in
the list even if they are explicitly stated.
If - is used, then the ciphers are deleted
from the list, but some or all of the ciphers can be added again
If + is used, then the ciphers are moved
to the end of the list. This option doesn't add any new ciphers—it
just moves matching existing ones.
If none of these characters is present, then the string is
just interpreted as a list of ciphers to be appended to the current
If the list includes any ciphers already present, the server
does not evaluate them.
The cipher string @STRENGTH sorts the current
cipher list in order of the length of the encryption algorithm key.
The components can be combined with the appropriate prefixes
to create a list of ciphers, including only those ciphers the server
is prepared to accept, in the order of preference.
cipher string instructs the server to accept all ciphers except
those using anonymous or ephemeral Diffie-Hellman key exchange.
cipher strings instruct the server to accept only RSA key exchange
and refuse export or null encryption. The server evaluates both
strings as equivalent.
cipher list instructs the server to accept all ciphers but place
them in order of decreasing strength. This sequencing allows clients
to negotiate for the strongest cipher that both they and the server
the virtual directory mapping for recorded streams. The Streams element
enables you to specify a virtual directory for stored stream resources used
by more than one application. By using a virtual directory, you
specify a relative path that points to a shared directory that multiple
applications can access.
You can specify multiple virtual directory mappings for streams
by adding additional Streams elements—one for each
virtual directory mapping.
For more information, see the “Configuring content storage” section
of the Configuration and Administration Guide.
following configuration maps all streams whose names begin with foo/ to the
physical directory c:\data. The stream named foo/bar maps
to the physical file c:\data\bar.flv.
a stream is named foo/bar/x, the
server tries to find a virtual directory mapping for foo/bar.
If there is no virtual directory for foo/bar, the
server checks for a virtual directory mapping for foo. Since
a virtual directory mapping does exist for foo,
the stream foo.bar maps to the file c:\data\bar\x.flv.
the virtual directory you specify does not end with a backslash,
the server adds one.
The following configuration maps streams
whose paths begin with common/ to the
the application “videoConference” refers to an item common/video/recorded/june5 and
the application “collaboration” refers to common/video/recorded/june5,
they both point to the same item C:\flashmediaserver\myapplications\shared\resources\video\recorded\june5\.
virtual directory mappings for resources such as recorded streams.
Virtual directories let you share resources among applications.
When the beginning portion of a resource’s URI matches a virtual
directory, Adobe Media Server serves the resource from the physical
directory. For detailed information on mapping virtual directories,
virtual directories to physical directories.
You can use the VirtualDirectory element in
conjunction with the VirtualKeys element to serve
content based on Flash Player version information. For more information,
If you are mapping a virtual directory to a
drive on another computer, make sure that the computer running Adobe
Media Server has the right permissions to access the other computer.
For more information, see Mapping
directories to network drives.
example, using the following VirtualDirectory XML,
if a client called NetStream.play("vod/myVideo"),
the server would play the file d:\sharedStreams\myVideo.flv:
you map Flash Player versions to keys. The keys are used in the VirtualDirectory element
to map URLs to physical locations on a server. Use these elements
to deliver streams to clients based on Flash Player version.
length to wait in milliseconds for edge autodiscovery. The number
must be long enough to establish a TCP connection, perform a UDP
broadcast, collect the UDP responses, and return an XML response.
Do not set this number too low.