Chapter 7: Securing Your Scopia Xt Server For Ip Office; Securing Connections To The Xt Server Using Tls - Avaya RADVISION Scopia XT5000 Installation Manual

Chapter 7 | Securing your Scopia XT Server
You can secure the connection between video network devices and your Scopia XT Server for IP Office by
configuring the network's components to communicate via the Transport Layer Security (TLS) protocol, and enabling
encryption.
For details about securing your Scopia XT Server for IP Office, see:
Navigation
•

Securing Connections to the XT Server Using TLS

•
Enabling Encryption for Videoconferences
Securing Connections to the XT Server Using TLS
You can configure your video network, whether it is a Scopia Solution or a third party deployment, to
support Transport Layer Security (TLS) for the SIP protocol.
Important:
Using encryption is subject to local regulation. In some countries it is restricted or limited for usage.
For more information, consult your local reseller.
TLS is used to secure the connection between the XT Server and other video network devices.
The TLS protocol is based on a public and private keys for authorization and encryption, exchanged
between the XT Server and other video network devices to allow an authenticated and secure
connection. You can create a pair of keys, public and private, by generating a certificate which must be
signed by a certification authority. The public key is placed in a certificate and signed by a certification
authority (CA).
As you configure your deployment for TLS, you need to generate a certificate signing request (CSR) for
every XT Server that uses TLS in your deployment and send it to the CA to be signed. A CA has its own
certificate, known as the CA root certificate. When the CA signed certificate is ready, you upload it into
the XT Server for which it was created, together with the CA root certificate.
Each time a TLS connection is established, the video network device which starts the TLS
communication session requests a signed certificate together with the CA root certificate. After the other
device verifies its identity with these certificates, a secure connection can be established. Exchanging
certificates between devices is part of the TLS protocol; it happens in the background and is transparent
to a user.
The following set of procedures secure the connection between XT Server and other devices. Perform
these tasks in the order listed below:
1. Perform
2. Ensure you have the root certificate of the certificate authority your organization uses.
This root certificate is used when uploading signed certificates into the XT Server.
Installation Guide for Scopia XT5000 Server for IP Office Version 3.2
for IP Office
on page 97
Generating a Certificate Signing Request for XT Server
on page 88
on page 89.
Securing your Scopia XT Server for IP Office | 88