Chapter 2-Additional Conferencing Information

Media Encryption

Encryption is available at the conference and participant levels, based on AES 128 (Advanced Encryption Standard) and is fully H.233/H.234 compliant and the Encryption Key exchange DH 1024-bit (Diffie- Hellman) standards.

Media Encryption Guidelines

Encryption is not available in all countries and it is enabled in the MCU license. Contact Polycom Support to enable it.

Endpoints must support both AES 128 encryption and DH 1024 key exchange standards which are compliant with H.235 (H.323) to encrypt and to join an encrypted conference.

The encryption mode of the endpoints is not automatically recognized, therefore the encryption mode must be set for the conference or the participants (when defined).

Media Encryption for ISDN/PSTN participants is implemented in RMX systems with MPM+ cards only.

Conference level encryption must be set in the Profile, and cannot be changed once the conference is running.

If an endpoint connected to an encrypted conference stops encrypting its media it is disconnected from the conference.

Mixing encrypted and non-encrypted endpoints in one conference is possible, based on system flag settings: (ALLOW_NON_ENCRYPT_PARTY_IN_ENCRYPT_CONF).

The behavior is different for H.323 and ISDN participants.

In Cascaded conferences, to encrypt the conferences the link between the cascaded conferences must be encrypted.

Media Encryption for ISDN/PSTN (H.320) participants is not supported in cascaded conferences.

The recording link from an encypted conference to the RSS set to encryption can be encrypted. For more details, see "Recording Link Encryption” on page 10-5.

You can define whether access to conferences for encrypted and non- encrypted participants is done at the conference level or at the participant level.

2-30

Page 72
Image 72
Polycom 2000/4000 manual Media Encryption Guidelines