Media Encryption - Polycom RMX 1500 Administrator's Manual

Chapter 2-Additional Conferencing Information

Media Encryption

Media Encryption Guidelines
2-66
Encryption is available at the conference and participant levels, based on
AES 128 (Advanced Encryption Standard) and is fully H.233/H.234
compliant and the Encryption Key exchange DH 1024-bit (Diffie-
Hellman) standards.
• Encryption is not available in all countries and it is enabled in the
MCU license. Contact Polycom Support to enable it.
• Endpoints must support both AES 128 encryption and DH 1024 key
exchange standards which are compliant with H.235 (H.323) to
encrypt and to join an encrypted conference.
• The encryption mode of the endpoints is not automatically
recognized, therefore the encryption mode must be set for the
conference or the participants (when defined).
• Media Encryption for ISDN/PSTN participants is implemented in RMX
systems with MPM+ and MPMx cards.
• Conference level encryption must be set in the Profile, and cannot be
changed once the conference is running.
• If an endpoint connected to an encrypted conference stops encrypting
its media it is disconnected from the conference.
• Mixing encrypted and non-encrypted endpoints in one conference is
possible, based on system flag settings:
(ALLOW_NON_ENCRYPT_PARTY_IN_ENCRYPT_CONF).
The behavior is different for H.323/SIP and ISDN participants.
• In Cascaded conferences, the link between the cascaded conferences
must be encrypted in order to encrypt the conferences.
• Media Encryption for ISDN/PSTN (H.320) participants is not
supported in cascaded conferences.
• The recording link can be encrypted when recording from an
encrypted conference to the RSS that is set to encryption. For more
details, see "Recording Link Encryption" on page 12-8.
• Encryption of SIP Media is supported using SRTP (Secured Real-time
Transport Protocol) and the AES key exchange method.
• Encryption of SIP Media requires the encryption of SIP signaling -
TLS Transport Layer must be used.