Manuals / TANDBERG / Computer Equipment / Computer Hardware

TANDBERG MSE 8510 manual o Encryption status to Enabled, Go to and set Outgoing transport to TLS

Models: MCU 4500 MSE 8510

1 190

Download 190 pages 25.71 Kb

Page 138

You must have the encryption feature key installed on your MCU.

The MCU supports the use of encryption with SIP. When encryption is in use with SIP, the audio and video media are encrypted using Secure Real-time Transport Protocol (SRTP). When using SRTP, the default mechanism for exchanging keys is Session Description Protocol Security Description (SDES). SDES exchanges keys in clear text, so it is a good idea to use SRTP in conjunction with a secure transport for call control messages. You can configure the MCU to also use Transport Layer Security (TLS) which is a secure transport mechanism that can be used for SIP call control messages.

Using TLS for call setup is not sufficient for the call to be considered encrypted such that it can participate in a conference which requires encryption. Where encryption is required in the conference configuration, a SIP call must use SRTP.

To configure the MCU to use SRTP to encrypt media in calls that are set up using TLS:

1.	You must have the encryption feature key installed on your MCU.
2.	Go to	and set:

oEncryption status to Enabled.

oDefault setting for new scheduled conferences to Required. o SRTP encryption to Secure transports (TLS) only.

3.Go to and set Outgoing transport to TLS.

Note that to allow the MCU to accept incoming calls that use TLS, go to	and ensure that Incoming
Encrypted SIP (TLS) is selected.

136

Image 138

TANDBERG MSE 8510 o Encryption status to Enabled, Go to and set Outgoing transport to TLS, Encrypted SIP TLS is selected

Contents

Codian MCU 4500 Series Codian MSE 8510 Series Software versionOnline help printable format TANDBERG Philip Pedersens vei 20 1366 Lysaker Norway Telephone +47 67 125 Telefax +47 67 125 Video +47 67 117E-mail tandberg@tandberg.com Page Page Page Page Page Using a web browser, enter the host name or IP address of the MCU Go to and add the recording as an H.323 endpointi. Set the address as the recording number To enter DTMF navigation mode Dial using a standard E.164 phone numberEnter the IP address or host name of the MCU device To exit DTMF navigation modeTypically, you will have these options There are usually two configured options for next to the conference name Understanding in-conference status icons The zoom out menu Using far-end camera controlsControlling conference views Understanding participants status The conference welcome messageYou are scrolling up through the layout views This participant has been given priority in the layout views conference settings This conference is being recordedPage H.243 floor control Important participants combined with view focus Clipped panesVideo streams vs. fixed bitmap images Muted participants In this sectionWhen considering which participants to show in which panes, a participants self view has the lowest priority. This has two main implications Page By comparison, there are some defined conference layouts, for example participants in 1 x 1 view full-screen view The MCU supports the following H.243 featuresWhere the conference supports floor and chair control o decide to disconnect any other participantsin Description See Using streaming to view conferences for more informationActive conferences Scheduled conferences Completed conferences choosePIN required At least one of the registrations for this conference has failedSee Conference ownership for additional Completed conferences listin the Active conferences list See Conference ownership for additional To remove all conferences from the list, clickAdding a conference Updating a conference Adding configured endpoints Using IDs and PINsPINs hoc conferences with gatekeeper control must bePINs configure the Numeric ID enabled on theparticipants can dial in using this number. Note Provides a level of security to conference accessNumeric ID and/or Guest numeric ID with the Register ad hoc conferences with gatekeeper setting onon the Global conference settings page is set to to H.243 floor and chair controlother participant is present is most appropriate for Configuring a SIP endpoint Initial video status and Initial audio status settingsrefer to Configuring an H.323 endpoint and See Configuring streaming settings for additionalWhen the MCU is not in port reservation mode This setting only applies to scheduled conferencesWhen the MCU is not in port reservation mode MCU guarantees that this many video participantsDisplaying general status for additional both Guest numeric ID and Guest PIN or neither Guest numeric ID nor Guest PINall participants are disconnected default Page This level of control permits the following operations This level of control permits the following operationsPage There are three types of media ports available on the MCU Page This affects the operation of the MCU in the following ways H.239 video streams sent from the MCU to viewing H.323 endpoints Allowing graphical and textual markup of the content channelthese features require the web conferencing feature key Text chat between conference participantsPage content channel alongside the main video channel in a video-conferencing call that uses SIP. A SIP conference participant opens a BFCP channel to the MCU and contributes a video stream, such as that supplied by a second camera or an attached PC If the MCU is configured to allow encryption, each individual conference can be configured to either require encryption or to optionally use encryption. The MCU can send either encrypted or unencrypted content to different participants in a conference depending on the capabilities of those participants endpoints allow participant to contribute content video channel video setting on the pageContent channel markup also has the following characteristics Markup of content channel video Text chat See port reservation for more information Customizing layout views Displaying conference statistics Adding a VNC participant Adding pre-configured participantsAdding participants Viewing the participants list Sending messages to all participantsConfiguring a SIP endpoint To call a participant with a SIP endpoint in to an active conferenceconference layout see Customizing a participants See Using pane placement belowlayouts participants layout displayTo return to the Custom layout page, click pane placement behavior There is a setting on the MCUspage to control this behavior called Loudest speaker Page The current number of contributing audio/video participants The current number of contributing audio-only participantsThe current number of streaming participants watching the conference see Conference settings Pre-configured participants Summary information Controlling the near-end camera Managing a participants audio signalsDisplaying diagnostics for a participant Moving a participant Viewing the conference participant listSee Adding participants Selecting a custom participant view and Customizing layout viewsCustomizing the user interface See Adding pre-configured participants for disable option to Content channel video supportvideo codec is on the The MCU is unable to send encrypted content video to this participantpage chair control statistics for a participantchair control chair controlSee Content channel video support for additional user interfaceviews participants layout viewSee Customizing layout audio in the conference stop mutingconnected, which have disconnected, and reasons See Customizing layout views endpoint H.323 endpoint and/or Configuring a SIPSee Selecting a custom participant layout participant parametersClick the Go toClick a Conference name and then click on a participants name Click on one of the magnifying options to zoom the view in or outClick a Conference name and then click on a participants name layouts is automatically chosen with theimply potential network problems feature key is present on the MCUsetting. Consistently large numbers typically delay added to the media to accommodate thePage on. This is not the same as packets where the Video packet-level errors such as sequencethe actual video data in the packets is in error content the actual video data is somehow inChannel bit rate if A count of the number of sender report type for auditing bandwidth, errors, and so on by theThe number of fast update requests sent and These are typically sent by any device that issee Conference settings Go toClick a conference name and then click on a participants name area simply disconnects the participant Adding and updating an auto attendant Adding a custom banner Gatekeeper settingsDisplaying the auto attendant list For tips on configuring gatekeepers, seeA thumbnail of the custom banner, if one has been specified See Gatekeeper settings and SIP settings for reservation, refer to Reservation of MCU media reservation, refer to Reservation of MCU mediaports portsChooses the default Codian MCU graphic to use for your banner Click the name of a configured auto attendantRefer to the table below to determine the most appropriate settings Go toTo add a new SIP endpoint, select To display the Endpoint List, go toTo add a new H.323 endpoint, select To add a new VNC endpoint, selectWhen you configure Call-in match parameters, an address!E.164Adding and updating gateways Content contribution from endpoints setting from the enabled in the per-conference configurationConference settings page will be used settingsSet to enabled if you want this endpoint to be participants settingsWhen a participant disconnects from a when only endpoints set to Automatic disconnectionOutgoing transport on the encryption, refer to Configuring encryptionConfiguring SIP settings settingsalso override any other default name that might When using LCS, the username that will bedefault name configured on the endpoint. It will endpoints default name can be the name of thesettings Conference settings page will be usedcourse of the conference by going to when only endpoints set to Automatic disconnection The descriptive name of the gateway The IP address or host name of the gatewayUse unit-wide setting this is the default To start the gatekeeper, go to Choose from the options IDs can be numbers, H.323 IDs or prefixes In the format X / Y where Y is the number ofThe ID which the registrant has registered with the gatekeeperModifying the admin User Modifying the guest User Go to After entering the settings, clickThe required password, if any Verifies the required password ClickFully control conferences Users with this privilege level can The configured image to display for this user 104 their settings. To display this list, go toThe access privileges associated with this user Refer to the table below for assistancepasswords securely Associated video endpoint as the same number. If a See Adding an H.323 endpoint for informationThis limits the setup you will need to do each You can enter a new passwordVerify the new password time you join a video conference. When theConference settings Advanced settings Note that the Motion/sharpness trade off setting forhow participants display in layout views endpoints Preferred bandwidth from MCU valuesendpoints Preferred bandwidth to MCU values See Port reservation modes for additionalrecording indicator to display, the appears on their endpoint when onetheir endpoint when a participant VCR and the MCU must be usingRefer to Using in-conference features with video The duration of the message is configured using This setting controls for how long if at all theWhen displayed, the Codian logo appears in the This setting controls for how long if at allWhen communicating with an endpoint, the Note that the Custom codec selection setting for ansetting for calls from that endpoint Note that the Custom codec selection setting for anYou should only enable this option if you are endpoints video configuration. If you set thislower than the default 1400 bytes if there was a resolutions in order to reduce the effect ofparticipants display in layout views for more Prevents the MCU from showing conferencehow participants display in layout views Understanding how participants display in layout When pane placement is in use, this optionviews reservation mode Select the delay to be applied to audio relative to videochair control service prefix will be registered individually with When this option is set, participants calling into acreated using either an auto attendant or via calls the configured gatekeeperGatekeeper settings Gatekeeper status Displaying the built-in gatekeeper registrationuse Gateway Cisco GK compatible which case use MCU compatiblethe Mandatory H.323 ID to register will be used as Prefix for MCU registrations see above, Codian page see Configuring globalconferences with gatekeeper setting on the Incoming calls to unknown E.164 number will beusage is set to Disabled page see Configuring globalconference settings the H.323 gatekeeper status will indicate Displays the IP address of the gatekeeperregistrations page and click to theType the ID, or a part of the ID for which you want to see details Configuring SIP endpoints for more information is set to No registrationis set to No registration global conference settings. Use this setting to Default bandwidth from MCU that is configured onpage Configuring the Default bandwidth from MCUthepage Configuring network services encryption. Where encryption is required in the conference configuration, a SIP call must use SRTP. For more information about SIP encryption, refer to Configuring encryption settingsconferences numberconference you require and select the Streams setting updating conferences This field sets a lower limit on the bandwidth of by the Display content in normal video channelspecified by the Outgoing content video codec setting Viewing the conference participant listenable the Automatically make content channel You can conference to eitherforce new ad hoc conferences to use encryption with SIP, below Encrypted SIP TLS is selected o Encryption status to Enabled3. Go to and set Outgoing transport to TLS You must have the encryption feature key installed on your MCUIP configuration settings IP status Ethernet configuration Ethernet statusactually lookup endpoint.codian.com Identifies the IP address of the name serverShows the fixed hardware MAC Media Access configuration, depending on the settings youconfiguration, depending on the settings you When troubleshooting connectivity issues, thisPort preferences IP routes configuration Current IP status Configuring network settings. Selecting Port B Use these fields to define the type of IP addressesPage management HTTPS feature key or an Encryption Configuring SSL certificatesfirmware If a port is disabled, this option will be unavailable Configuring streaming settingschannel video support Configuring streaming settingsAllow/reject incoming and outgoing calls to the Upgrading the firmware and you have checkedsettings Upgrading the firmware and you have checkedUnknown To configure monitoring using SNMP, go toselected to Enable traps above. Authentication Select this check box to enable the MCU to send trapsSelect this check box to enable authentication receivers when someone tries to read or write aAbout QoS configuration settings ToS configuration DiffServ configuration Default settingsAudio Bits 0-2 set IP precedence the priority of the packetYou must update the offset manually when the To configure Time settings, go toIf selected, use of the NTP protocol is Enabled on not adjust for daylight saving automaticallyUpgrading the main MCU software image Upgrading the loader software image Enabling MCU featuresStoring user passwords securely 10. Shutdown and restart the MCUSelect Hash stored passwords and click link next to the feature key on theGo to When the shutdown is complete, the button changes toTo shut down the MCU, follow these steps Click theresetting system time Conference status Video status Audio status Page The number of video streams being received by the MCU Displays active audio participants using neither G.711 or G.722Video status displays an overview of current video resource use The number of video streams being sent by the MCUPage To reset these values, click This is increased to 12 when running in SD mode 160 and make the changes you require. See Logging using syslog Page Syslog settings Using syslog To define a syslog server, simply enter its IP address and then click Page Call Detail Record log controls Call Detail Record log The current number of CDRs in the logDownloading and clearing the log CDR log display information about CDR time field, belowChanging the time and NTP’s UTC Offset on the Controlling the confirmation of participant disconnections Controlling the auto-refreshing of status pages on the MCUControlling the display of thumbnail preview images Controlling the audio and visual muting of conference participantsindividual participant disconnections option and click Using default US English voice promptsVoice prompt specification Making the best possible recordings Uploading a customization package Viewing the available voice promptssection, uncheck Use customized voice prompts and locate the .package file on your computerDownloading a customization package Deleting customized voice prompts Uploading individual voice promptsDownloading individual voice prompts To expand any list to show all customizations, clickor your web browsers equivalent to remove the voice promptIll connect you to your conference now Im sorry, there is already a conference with that numberYour conference is now over. Goodbye Please enter the conference code nowPage is checked, that file will be used are both uncheckedThe backup process is now complete 1. Ensure that the FTP service is enabled on the3. Copy this file and store it somewhere safe Ensure that the FTP service is enabled on theTo test connectivity with a remote device, go to the state or province where the business is located The details of the business to which the certificate has been issuedthe country where the business is registered the locality or city where the business is locatedYou can upload a trust store of certificates that the MCU will using TLS must have a certificate which is trustedBrowse to find the private key file that accompanies your certificate Note that uploading aNetBSD Info-ZIP Independent JPEG Group The OpenSSL Project CodianSoftware licenses Spirit Corporation AES HMAC SHA1 Lua DHCP Polycom Inc Fraunhofer IISCopyright 1999-2004 The NetBSD Foundation, Inc. All rights reserved Page Copyright c 1998-2007 The OpenSSL Project. All rights reserved =============================================================== =====Page Issue Date 29/07/2002 Copyright 1995-2003, SPIRITCopyright c 2001, Dr Brian Gladman, Worcester, UK All rights reserved Issue Date 26/08/2003 Issue Date 01/08/2005 Lua 5.0 licenseCopyright 2003-2004 Tecgraf, PUC-Rio Copyright 2004 Internet Systems Consortium, Inc. ISC Copyright 1995-2003 Internet Software Consortium All rights reservedMPEG-4 AAC audio coding technology licensed by Fraunhofer IIS