System Requirements and Overview

Before you begin to use Avid Content Core, you must ensure that your on-premises infrastructure meets certain minimum requirements.

On-Prem MediaCentral Cloud UX

The MediaCentral Cloud UX servers run services, such as the Search index and the Rules Engine, that enable the integration of your on-prem systems with Avid Content Core. You can connect up to ten MediaCentral Cloud UX systems to a single Avid Content Core system.

Note the following prerequisites:

  • You must be running MediaCentral Cloud UX v2026.4 or later.

  • Your MediaCentral Cloud UX system must be a cluster of three or more nodes. Avid does not support connecting single-server installations to Avid Content Core.

  • Your MediaCentral Cloud UX system must be configured for either Avid Production Management or MediaCentral Production Management (at minimum).

    While you can connect additional modules such as Asset Management or Newsroom Management to your local MediaCentral system, these modules are not integrated with Avid Content Core in this release.

  • Beyond the "standard" set of licenses required to establish a MediaCentral Cloud UX / Production Management workflow, your MediaCentral Cloud UX license must also include the following:

    • Media Composer | Distributed Processing Engine

    • Media Composer | Distributed Processing Worker

    • MediaCentral | Flex Cloud Storage add-on

For additional information on how to configure the on-prem MediaCentral Cloud UX system, see "Integrating with Avid Content Core" in the Avid MediaCentral | Cloud UX Installation Guide.

On-Prem Client Workstations

  • Web Browser (Google Chrome)

    For additional details and restrictions, see Connecting to Avid Content Core.

    Avid expects that organizations stay current with Chrome updates, and only qualifies Avid Content Core with the last two major Chromium releases.

  • Network Connection (also see Networking)

    As Avid Content Core is a could-based system, access to the public internet is required from any workstation that needs to access ACC.

  • Endpoint Security System

    As a general security guideline, Avid recommends installing and/or configuring an endpoint detection and response solution to protect your on-prem investments. While Avid does not support any specific solution, you can find general guidelines and information related to CrowdStrike Falcon on the following Avid Knowledge Base page:

    https://kb.avid.com/articles/en_US/troubleshooting/en239659

  • One or more Distributed Processing Service Workstations running v2025.12.2 or later.

    These systems are involved in creating the proxies of your high-resolution assets that are uploaded to Avid Content Core. For additional instructions, see "Installing a Service Workstation" in v2025.12 or later of the Avid Media Composer | Distributed Processing Administration Guide.

    For complete version compatibility information, see the Avid Knowledge Base.

Networking

All traffic between on-prem servers and workstations and Avid Content Core occurs over network port 443.

Access to Avid Content Core does not require a Virtual Private Network (VPN) connection from any workstation or server that needs to connect to it.

Assuming that your organization employs a network firewall, you might need to create URL rules to allow outbound traffic from MediaCentral Cloud UX to Avid Content Core:

Avid Content Core URL

  • *<your_org>.avidcontentcore.com

    For example: *wavd.avidcontentcore.com

  • *<your_org>.us-east-1.avidapis.io, or *<your_org>.eu-west-1.avidapis.io

    Requirement is based on location. Use us-east-1 for the Americas, and eu-west-1 for Europe.

  • admin-<your_org>.us-east-1.avidapis.io, or admin-<your_org>.eu-west-1.avidapis.io

    Requirement is based on location. Use us-east-1 for the Americas, and eu-west-1 for Europe.

Amazon Web Services

  • s3.<region>.amazonaws.com

    For example: s3.us-east-1.amazonaws.com

  • sts.amazonaws.com

  • https://sts.<region>.amazonaws.com

  • iam.amazonaws.com

  • https://<your_org>.auth.<region>.amazoncognito.com/

    For example: wavd.auth.us-east-1.amazoncognito.com/

  • rolesanywhere.<region>.amazonaws.com

  • rolesanywhere.<region>.api.aws

  • secretsmanager.<region>.amazonaws.com

Google Cloud Platform

  • storage.googleapis.com

  • oauth2.googleapis.com

  • accounts.google.com

User Authentication

The following design principles define the security posture for Identity and Access Management (IAM) and Role-Based Access Control (RBAC) in Avid Content Core. These principles inform both the role model and the enforcement architecture.

Principle

Description

Zero Trust

Every request is authenticated and authorized regardless of its source. Network location does not grant trust — a request originating inside the platform perimeter is subject to the same authorization checks as one coming from outside.

Tenant Isolation

Users and services operate within tenant boundaries. Each tenant has its own dedicated IAM user pool federated with the customer's identity provider. Cross-tenant access is prevented by default. A user or service in one tenant cannot access data or configuration belonging to another tenant.

Least Privilege

Users and services receive only the minimum permissions required for their role. No role includes permissions beyond what is needed to fulfill its purpose.

Layered Enforcement

Authorization is enforced at the API gateway, service, and database layers. A failure or misconfiguration in one layer does not compromise the overall security posture.

Fail-Closed

Absence or corruption of tenant context results in access denied. Data protection failures deny access rather than allow it. The system defaults to restriction, not permissiveness.

Customer Control

Customers integrate their existing identity providers. Tenant Administrators manage users and roles within their own tenant scope. Avid does not control day-to-day user access for the customer.

Auditability

Authentication attempts and authorization decisions are logged. Log entries include time-stamp, user identity, resource, action, and outcome. Logs support compliance reporting and incident investigation.

Server-Side Authority

Feature enablement and access decisions are determined server-side based on effective permissions. Client-side application logic does not control access and is not trusted as an enforcement point.

Limited Blast Radius

Compromised credentials affect only the scope of permissions granted to that identity. Role boundaries contain the potential impact of a credential compromise to the minimum necessary footprint.

User authentication and role management are enabled through the ACC Control Panel. For more details, see Using the ACC Control Panel.

System Configuration Overview

The following high-level checklist describes the steps that you need to complete to configure your Avid Content Core system:

  • Configure your identity provider settings and role mapping in the ACC Tenant Admin Portal.

    For details, see Using the ACC Control Panel.

  • Configure your local MediaCentral Cloud UX system or systems.

    For details, see "Integrating with Avid Content Core" in the Avid MediaCentral | Cloud UX Installation Guide.

  • Configure additional settings (as needed) through the Avid Content Core administrator apps.

    For details, see Managing the ACC Administrator Settings.