Technology
Engineered for Encrypted Content at Scale
NexCache is a systems layer between your OTT providers and your viewers. It caches ciphertext, reasons about licenses, and schedules work so SSDs, CPUs, and uplinks spend cycles only where uniqueness demands — not on the thousandth replay of the same segment.
Architecture
System topology from origin to eyeballs
A deliberately boring WAN edge: fewer repeated bytes, deterministic policy enforcement, and observability that finance and security teams can share.
OTT origins
Encrypted CDN & packagers
TLS 1.3 fetch of ciphertext segments & manifests
Placement, license-aware retention, predictive scheduling, and observability — all without decrypting customer content on the wire for “insights.”
Encrypted segments fan out across edge nodes sized to your concurrency targets.
Edge node 1
Local NVMe · TPM · line-rate TLS
Edge node 2
Local NVMe · TPM · line-rate TLS
Edge node 3
Local NVMe · TPM · line-rate TLS
Corporate LAN
Campus Wi‑Fi
Constrained WAN
Encrypted segment caching
Traditional caches assume cleartext or static objects. OTT breaks both assumptions. NexCache indexes encrypted fragments as first-class citizens: deduplication happens at the ciphertext layer, aligned to packager boundaries and DRM session semantics so licensors retain veto power over how bits move.
The result is a cache hit that actually means something — fewer origin requests, lower join latency, and a measurable drop in peak Mbps without opening a side channel for content theft.
Cleartext exists only inside licensed decoder pipelines on end devices — never on NexCache disks for operational convenience.
- → Segment-aligned keys and IV scopes
- → Verified eviction on revocation events
- → Audit-friendly access logs without payload inspection
Scheduling
Predictive decryption scheduling
Decryption is not free — even when it happens downstream. NexCache shapes when and where ciphertext enters the device so CPUs spend less time in bursty catch-up mode.
Manifest-aware lookahead
Tracks MPD/HLS churn, ad insertion cadence, and CDN redirects to prefetch only segments that will likely be played.
Congestion feedback
Incorporates NIC utilization and queue depth so prefetch aggressiveness backs off before it harms interactive traffic.
License horizon respect
Schedulers cap retained material to the minimum of popularity and legal playback window — no silent hoarding.
First-frame performance improvements
Most QoE complaints are decided in the first second. By colocating hot ciphertext near the player, NexCache removes WAN RTT from the startup critical path. Manifests resolve faster, initial segments arrive over gigabit LAN, and adaptive bitrate ladders climb without stalling on cross-continent slow-start.
Hardware economics
SSD lifespan optimization
Write amplification is the hidden tax on every caching layer. NexCache coalesces metadata updates, aligns erasures to streaming access patterns, and avoids pathological small writes that prematurely age enterprise NVMe fleets.
Wear-aware placement
Hot tiers prefer drives with remaining endurance budget; cold catalogs migrate to SATA or object tiers when policy allows — stretching CapEx across refresh cycles.
Log-structured segment stores
Sequential append patterns keep SSD FTLs happy. Garbage collection windows align with maintenance periods you already schedule for patch cadence.
Zero cloud dependency — local-first by design
Edge nodes do not phone home for playback permission. Policy bundles and software updates can be delivered through your existing change-management channels. Air-gapped and regulated environments retain full control over what leaves the rack — including analytics, which remains optional and anonymized when enabled.
- Optional SaaS control plane — not a runtime requirement for serving viewers.
- Kubernetes, bare metal, or appliance images with identical behavior.
- Secrets never stored in vendor clouds unless you explicitly wire an integration.