Guidelines - Polycom 1500 Administrator's Manual

RealPresence Collaboration Server (RMX) 1500/1800/2000/4000 Administrator's Guide
For media encryption. the Collaboration Server will first attempt to exchange keys using DTLS. If the
Collaboration Server fails to exchange keys using DTLS, SIP TLS encrypted with SDES is used to exchange
media encryption keys.

Guidelines

● This feature is not supported in Ultra Secure Mode.
● Voice activity metrics and RTP are not encrypted.
● In the event that DTLS negotiation fails, SIP will be encrypted using TLS if enabled in the IP
Management Network properties, SIP Servers tab. DTLS negotiation does not require SIP TLS.
 In a mixed CISCO and Microsoft Lync environment, in order to assure encrypted communications
with both CISCO endpoints and Microsoft Lync in the event of DTLS negotiation failure, the
certificate defined in the IP Management Network Services properties dialog box, SIP Servers
tab, must have been issued by the same certificate authority that issued the certificates used by
both the Microsoft Lync server and the CUCM server.
● The flag, SIP_ENCRYPTION_KEY_EXCHANGE_MODE, is used to control this feature. The
possible values are:
 AUTO (default): Normal encryption flow
 DTLS: Only use DTLS for encryption
 SDES: Only use SDES (SRTP) for encryption
 NONE: Encryption is disabled
● The feature was tested using the following CISCO components:
 Cisco CUCM Version 9.0
 Cisco TPC Version 2.3
 Cisco endpoints running Version 1.9.1
 C20, C40, C60, and C90 running TC5
 CTS500
 CTS1310
 CTS3010
Polycom®, Inc. 1125