You can configure the MCU to encrypt connections to and from H.323 and SIP endpoints.
The encryption technology that the MCU uses for encryption to and from H.323 endpoints is Advanced Encryption Standard (AES).
The encryption technology that the MCU uses for encryption to and from SIP endpoints is Secure Real-time Transport Protocol (SRTP).
To use encryption, you must have the Encryption feature key present on the MCU. For information about installing feature keys, refer to Upgrading the firmware. To access encryption settings, go to .
Encryption is used where both devices in a call agree to use encryption; by default if one of the devices cannot use encryption (for example if a SIP endpoint does not support SRTP), the MCU will allow the call to be unencrypted, unless the conference configuration dictates that encryption is Required. Where encryption is required, calls that cannot used encryption will not be allowed.
When encryption is in use to and from H.323 endpoints, the MCU will encrypt audio, video, and content media. It does not encrypt control or authentication information.
When encryption is in use to and from SIP endpoints, the MCU will encrypt audio and video media using SRTP. Control or authentication information can also be encrypted using TLS. For more information refer to Using encryption with SIP, below.
Note that using encryption does not affect the number of ports that are available on the MCU.
Note that the MCU will not show thumbnail previews on the Show thumbnail images option selected on the page, thumbnail previews will be shown for conferences where encryption is optional and there are encrypted participants.page if encryption is required for a conference. If you have the
Refer to this table for assistance configuring the encryption settings. After making any configuration changes, click.
|Field||Field description||Usage tips|
Whether the MCU is able to use encryption or not.
When encryption status is Enabled, the MCU advertises itself as being able to use encryption and will use encryption if required to do so by an endpoint. If this setting is Enabled, you can enable or disable the use of encryption on a per-conference basis.
If this setting is Disabled, no conference will be able to use encryption.
Select the setting for media encryption for SIP calls:
For more information refer to Using encryption with SIP, below.
When disabled, the MCU will not advertise that it is able to encrypt using SRTP. It is only necessary to disable SRTP if it is causing problems.
The MCU supports the use of encryption with SIP. When encryption is in use with SIP, the audio and video media are encrypted using Secure Real-time Transport Protocol (SRTP). When using SRTP, the default mechanism for exchanging keys is Session Description Protocol Security Description (SDES). SDES exchanges keys in clear text, so it is a good idea to use SRTP in conjunction with a secure transport for call control messages. You can configure the MCU to also use Transport Layer Security (TLS) which is a secure transport mechanism that can be used for SIP call control messages.
Using TLS for call setup is not sufficient for the call to be considered encrypted such that it can participate in a conference which requires encryption. Where encryption is required in the conference configuration, a SIP call must use SRTP.
To configure the MCU to use SRTP to encrypt media in calls that are set up using TLS:
Note: It is possible to make encryption the default on newly created conferences by setting the Encryption field on the conference template settings to Required. Go to .
|(c) Copyright TANDBERG 2003-2010, License information|