Mixing Encrypted And Non-Encrypted Endpoints In One Conference - Polycom RealPresence 800s Administrator's Manual

RealPresence Collaboration Server (RMX) 800s/Virtual Edition Administrator's Guide
 The SEND_SRTP_MKI System Flag enables or disables the inclusion of the MKI field in SRTP
packets sent by the Collaboration Server. The default value of the flag is YES.
Add the flag to system.cfg and set its value set to NO to disable the inclusion of the MKI field in SRTP
packets sent by the Collaboration Server when using endpoints that cannot decrypt SRTP-based
audio and video streams if the MKI (Master Key Identifier) field is included in SRTP packets sent by
the Collaboration Server. When all conferences on the RMX will not have MS-Lync clients
participating and will have 3rd party endpoints participating. This setting is recommended for
Maximum Security Environments.
Add the flag to system.cfg and set its value set to YES when Microsoft Office Communicator and Lync
Clients. When any conferences on the RMX will have both MS-Lync clients and Polycom endpoints
participating. Some 3rd party endpoints may be unsuccessful in participating in conferences with this
setting.
Polycom endpoints function normally regardless of the setting of this flag.
For more information, see
Mixing Encrypted and Non-encrypted Endpoints in one
Conference
Mixing encrypted and non-encrypted endpoints in one conference is possible, based on the Encryption
option "Encrypt When Possible" in the Conference Profile - Advance dialog box.
The option "Encrypt When Possible" enables the negotiation between the MCU and the endpoints and let
the MCU connect the participants according to their capabilities, where encryption is the preferred setting.
Defined participants that cannot connect encrypted are connected non-encrypted, with the exception of
dial-out SIP participants.
• When the conference encryption is set to "Encrypt when possible", SIP dial out participants whose
encryption is set to AUTO can only connect with encryption, otherwise they are disconnected from
the conference.In CISCO TIP environments, dial in endpoints that are registered to CUCM can
only connect as non-encrypted when the conference encryption is set to "Encrypt when possible"
as the CUCM server sends the Invite command without SDP.
When the conference encryption is set to "Encrypt when possible", SIP dial out participants whose
encryption is set to AUTO can only connect with encryption, otherwise they are disconnected from
the conference.
The same system behavior can be applied to undefined participants, depending on the setting of the System
Flag
FORCE_ENCRYPTION_FOR_UNDEFINED_PARTICIPANT_IN_WHEN_AVAILABLE_MODE:
● When set to NO and the conference encryption in the Profile is set to "Encrypt When Possible", both
Encrypted and Non-encrypted undefined participants can connect to the same conferences, where
encryption is the preferred setting.
● When set to YES (default), Undefined participants must connect encrypted, otherwise they are
disconnected.
For defined participants, connection to the conference is decided according to the encryption settings in the
conference Profile, the Defined Participant's encryption settings.
Polycom®, Inc.
Modifying System Flags .
174