Support User Manuals

Polycom 1500 Server User Manual

Open as PDF

of 1124

Appendix I-Polycom Open Collaboration Network (POCN)

Polycom, Inc. I-41

In Prefer TIP mode, it is pre-requisite that the CTS and CUCM versions support

H.264 base profile content without restrictions and that the CTS version be 1.9.1 or

higher and that CUCM version be version 9.0 or higher.

Encryption

Encryption between the RealPresence Collaboration Server (RMX) 1500/2000/4000 and a

CISCO environment is supported. Media is encrypted using SRTP, while control is

encrypted using SRTCP. TIP is encrypted using SRTCP. SIP is be encrypted using TLS.

When upgrading, the Collaboration Server automatically creates a self-signed certificate to

support encrypted communications with CISCO endpoints.

For media encryption. the Collaboration Server will first attempt to exchange keys using

DTLS. If the Collaboration Server fails to exchange keys using DTLS, SIP TLS encrypted

with SDES is used to exchange media encryption keys.

Guidelines

• This feature is not supported in Ultra Secure Mode.

• Voice activity metrics and RTP are not encrypted.

• In the event that DTLS negotiation fails, SIP will be encrypted using TLS if enabled in

the IP Management Network properties, SIP Servers tab. DTLS negotiation does not

require SIP TLS.

— In a mixed CISCO and Microsoft Lync environment, in order to assure encrypted

communications with both CISCO endpoints and Microsoft Lync in the event of

DTLS negotiation failure, the certificate defined in the IP Management Network

Services properties dialog box, SIP Servers tab, must have been issued by the same

certificate authority that issued the certificates used by both the Microsoft Lync

server and the CUCM server.

• The flag, SIP_ENCRYPTION_KEY_EXCHANGE_MODE, is used to control this

feature. The possible values are:

— AUTO (default): Normal encryption flow

— DTLS: Only use DTLS for encryption

— SDES: Only use SDES (SRTP) for encryption

— NONE: Encryption is disabled

• The feature was tested using the following CISCO components:

— Cisco CUCM Version 9.0

— Cisco TPC Version 2.3

— Cisco endpoints running Version 1.9.1

• C20, C40, C60, and C90 running TC5

• CTS500

• CTS1310

• CTS3010

Content

Sender

HDX / ITP

H.239 / TIP Content

CTS

Table I-7 TIP Compatibility - Prefer TIP

previous next