Polycom 1500 Server User Manual


  Open as PDF
of 1124
 
Chapter 4-Additional Conferencing Information
Polycom, Inc. 4-41
Media Encryption
Encryption is available at the conference and participant levels, based on AES 128
(Advanced Encryption Standard) and is fully H.233/H.234 compliant and the Encryption
Key exchange DH 1024-bit (Diffie-Hellman) standards.
Media Encryption Guidelines
Encryption is not available in all countries and it is enabled in the MCU license. Contact
Polycom Support to enable it.
Media encryption is supported in CP, SVC Only and mixed CP and SVC Conferencing
Modes.
Endpoints must support both AES 128 encryption and DH 1024 key exchange
standards which are compliant with H.235 (H.323) to encrypt and to join an encrypted
conference.
The encryption mode of the endpoints is not automatically recognized, therefore the
encryption mode must be set for the conference or the participants (when defined).
Media Encryption for ISDN/PSTN participants is implemented in Collaboration Server
systems with MPM+ and MPMx cards.
Conference level encryption must be set in the Profile, and cannot be changed once the
conference is running.
If an endpoint connected to an encrypted conference stops encrypting its media, it is
disconnected from the conference.
In Cascaded conferences, the link between the cascaded conferences must be encrypted
in order to encrypt the conferences.
Media Encryption for ISDN/PSTN (H.320) participants is not supported in cascaded
conferences.
The recording link can be encrypted when recording from an encrypted conference to
the RSS that is set to encryption. For more information, see "Recording Link Encryption”
on page 14-6.
Encryption of SIP Media is supported using SRTP (Secured Real-time Transport Protocol)
and the AES key exchange method.
Encryption of SIP Media requires the encryption of SIP signaling - TLS Transport Layer
must be used.
Encryption of SIP Media is supported in conferences as follows:
All media channels are encrypted: video, audio and FECC.
Encryption of SIP Media is available only in MPM+ and MPMx Card
Configuration Modes.
Collaboration Server SRTP implementation complies with Microsoft SRTP
implementation.
LPR is not supported with SRTP.
The ENABLE_SIRENLPR_SIP_ENCRYPTION System Flag enables the SirenLPR
audio algorithm when using encryption with the SIP protocol. The default value of
this flag is NO meaning SirenLPR is disabled by default for SIP participants in an
encrypted conference. To enable SirenLPR the System Flag must be added to
system.cfg and its value set to YES.