Table of Contents
Advertisement
Chapter 6 | Securing Your Video Network
You can configure your video network, whether it is a Scopia Solution or a third party deployment, to support
Transport Layer Security (TLS) for the SIP protocol.
Important:
Using encryption is subject to local regulation. In some countries it is restricted or limited for usage. For more
information, consult your local reseller.
TLS is used to secure the connection between Scopia Management and the gateway.
The TLS protocol is based on a public and private keys for authorization and encryption, exchanged between Scopia
Management and other video network devices to allow an authenticated and secure connection. You can create a
pair of keys, public and private, by generating a certificate which must be signed by a certification authority. The
public key is placed in a certificate and signed by a certification authority (CA).
As you configure your deployment for TLS, you need to generate a certificate signing request (CSR) for every
component that uses TLS in your deployment and send it to the CA to be signed. A CA has its own certificate, known
as the CA root certificate. When the CA signed certificate is ready, you upload it into the component for which it was
created, together with the CA root certificate.
In some cases, when the CA signing the certificate is not a known trusted source, you must obtain an additional
certificate vouching for the trustworthiness of the CA. These certificates are known as intermediary certificates, and
must be signed by a trusted CA.
Some third-party components of your deployment may have pre-installed certificates.
Each time a TLS connection is established, the video network device which starts the TLS communication session
requests a signed certificate together with the CA root certificate. After the other device verifies its identity with these
certificates, a secure connection can be established. Exchanging certificates between devices is part of the TLS
protocol; it happens in the background and is transparent to a user.
Important:
Managing certificates for communication between Scopia Management and other devices is done as follows:
• Scopia Video Gateway, Radvision SIP Gateway, and Scopia TIP Gateway certificates are managed from
Scopia Management's administrator portal.
• Scopia Desktop Server certificates are configured automatically during installation.
• MCU certificates are managed from the MCU web interface. For details, see the Administrator Guide for
Scopia Elite MCU
The following set of procedures secure the connection between Scopia Management and other devices. Perform
these tasks in the order listed below:
1.
Decide your deployment's requirements, as described in
52.
2.
Perform
Generating the Certificate Signing Request for Scopia Management
3.
Ensure you have the root certificate of the certificate authority your organization uses.
This root certificate is used when uploading signed certificates into Scopia Management and the gateway.
Deployment Guide for Scopia TIP Gateway Version 8.2
Using TLS
Planning the Required Certificates for TLS
on page 57.
Securing Your Video Network Using TLS | 51
on page
Advertisement
Table of Contents
