Polycom RMX 1800 Mixing Encrypted and Non-encrypted Endpoints in one Conference

Polycom® RMX 1800 Administrator’s Guide

4-28 Polycom, Inc.

—All media channels are encrypted: video, audio and FECC.

—Collaboration Server SRTP implementation complies with Microsoft SRTP

implementation.

—LPR is not supported with SRTP.

—The ENABLE_SIRENLPR_SIP_ENCRYPTION System Flag enables the SirenLPR

audio algorithm when using encryption with the SIP protocol. The default value of

this flag is NO meaning SirenLPR is disabled by default for SIP participants in an

encrypted conference. To enable SirenLPR the System Flag must be added to

system.cfg and its value set to YES.

—The SEND_SRTP_MKI System Flag enables or disables the inclusion of the MKI

field in SRTP packets sent by the Collaboration Server. The default value of the flag

is YES. Add the flag to system.cfg and set its value set to NO to disable the inclusion

of the MKI field in SRTP packets sent by the Collaboration Server when using

endpoints that cannot decrypt SRTP-based audio and video streams if the MKI

(Master Key Identifier) field is included in SRTP packets sent by the Collaboration

Server. This System Flag should not be set to NO when HDX endpoints, Microsoft

Office Communicator and Lync Clients. For more information, see "Modifying System

Flags” on page20-1 .

Mixing Encrypted and Non-encrypted Endpoints in one Conference

Mixing encrypted and non-encrypted endpoints in one conference is possible, based on the

Encryption option “Encrypt When Possible” in the Conference Profile - Advance dialog box.

The option “Encrypt When Possible” enables the negotiation between the MCU and the

endpoints and let the MCU connect the participants according to their capabilities, where

encryption is the preferred setting. Defined participants that cannot connect encrypted are

connected non-encrypted, with the exception of dial-out SIP participants.

The same system behavior can be applied to undefined participants, depending on the

setting of the System Flag

FORCE_ENCRYPTION_FOR_UNDEFINED_PARTICIPANT_IN_WHEN_AVAILABLE_MODE:

• When set to NO and the conference encryption in the Profile is set to “Encrypt When

Possible”, both Encrypted and Non-encrypted undefined participants can connect to the

same conferences, where encryption is the preferred setting.

• When set to YES (default), Undefined participants must connect encrypted, otherwise

they are disconnected.

For defined participants, connection to the conference is decided according to the encryption

settings in the conference Profile, the Defined Participant’s encryption settings.

For undefined participants, connection to the conference is decided according to the

encryption settings in the conference Profile, the System Flag setting and the connecting

endpoint’s Media Encryption capabilities.