Mixing Encrypted And Non-Encrypted Endpoints In One Conference - Polycom RealPresence 800s Administrator's Manual

•
•
•
•
•
•
•

Mixing Encrypted and Non-encrypted Endpoints in one Conference

Mixing encrypted and non-encrypted endpoints in one conference is possible, based on the
Encryption option "Encrypt When Possible" in the Conference Profile - Advance dialog box.
The option "Encrypt When Possible" enables the negotiation between the MCU and the
endpoints and let the MCU connect the participants according to their capabilities, where
encryption is the preferred setting. Defined participants that cannot connect encrypted are
connected non-encrypted, with the exception of dial-out SIP participants.
•
•
When the conference encryption is set to "Encrypt when possible", SIP dial out participants whose
encryption is set to AUTO can only connect with encryption, otherwise they are disconnected from
the conference.
Polycom, Inc.
Conference level encryption must be set in the Profile, and cannot be changed once the
conference is running.
If an endpoint connected to an encrypted conference stops encrypting its media, it is
disconnected from the conference.
In Cascaded conferences, the link between the cascaded conferences must be encrypted
in order to encrypt the conferences.
The recording link can be encrypted when recording from an encrypted conference to
the RSS that is set to encryption. For more information, see "Recording Link Encryption"
on page 14-7.
Encryption of SIP Media is supported using SRTP (Secured Real-time Transport Protocol)
and the AES key exchange method.
Encryption of SIP Media requires the encryption of SIP signaling - TLS Transport Layer
must be used.
Encryption of SIP Media is supported in conferences as follows:
— All media channels are encrypted: video, audio and FECC.
— Collaboration Server SRTP implementation complies with Microsoft SRTP
implementation.
— LPR is not supported with SRTP.
— The ENABLE_SIRENLPR_SIP_ENCRYPTION System Flag enables the SirenLPR
audio algorithm when using encryption with the SIP protocol. The default value of
this flag is NO meaning SirenLPR is disabled by default for SIP participants in an
encrypted conference. To enable SirenLPR the System Flag must be added to
system.cfg and its value set to YES.
— The SEND_SRTP_MKI System Flag enables or disables the inclusion of the MKI
field in SRTP packets sent by the Collaboration Server. The default value of the flag
is YES. Add the flag to system.cfg and set its value set to NO to disable the inclusion
of the MKI field in SRTP packets sent by the Collaboration Server when using
endpoints that cannot decrypt SRTP-based audio and video streams if the MKI
(Master Key Identifier) field is included in SRTP packets sent by the Collaboration
Server. This System Flag should not be set to NO when HDX endpoints, Microsoft
Office Communicator and Lync Clients. For more information, see "Modifying System
Flags" on page 21-1.
When the conference encryption is set to "Encrypt when possible", SIP dial out participants
whose encryption is set to AUTO can only connect with encryption, otherwise they are
disconnected from the conference.
Chapter 3-Additional Conferencing Information
3-29