Configuring Media Stream Encryption

<< Click to Display Table of Contents >>

Navigation:  Configuration > Configuration Guide (Web Mode) > Advanced Configuration >

Configuring Media Stream Encryption

Navigation: Configuration > Configuration Guide (Web Mode) > Advanced Configuration >

hm_btn_navigate_prevhm_btn_navigate_tophm_btn_navigate_next

The unified gateway supports SRTP-based media stream encryption for voice calls to ensure the security of user communication information and prevent malicious eavesdropping.

Context

On the unified gateway, three encryption options are available for POTS users, office routes and conferences: Disable (not encrypted), Optional (encryption not mandatory), and Mandatory (encryption mandatory). These three options are also available for SIP terminals (IP phones and IADs). In P2P calling, voice conferencing, and automatic switchboard services, encryption status negotiation decides whether voice calls can be set up.

public_sys-resources_note_3.0-en-us

Media streams do not exist for calls between narrowband users (incoming calls routed through narrowband trunks or calls between intra-office POTS users).

ϒ⁄Encrypted P2P call

Encryption status negotiation between calling and called parties decides whether an encrypted P2P call can be set up, as described in Table 1.

Table 1 Connection rules for encrypted P2P calls

–

Disable for the calling party

Optional for the calling party

Mandatory for the calling party

Disable for the called party

The call is not encrypted.

The call is not encrypted.

The call fails to set up.

Optional for the called party

The call is not encrypted.

The call is encrypted.

The call is encrypted.

Mandatory for the called party

The call fails to set up.

The call is encrypted.

The call is encrypted.

ϒ⁄Encrypted voice conference

The conference encryption status can be specified during conference scheduling. For an instant conference, its encryption status depends on the encryption status of the conference initiator. The encryption status of a voice conference and that of participants together decide whether the participants can join the conference, as described in Table 2.

Table 2 Connection rules for encrypted voice conferences

–

Disable for a conference

Optional for a conference

Mandatory for a conference

Disable for a participant

x

Optional for a participant

Mandatory for a participant

x

public_sys-resources_note_3.0-en-us

§A tick () indicates that the participant can join the conference, and a cross (x) indicates that the participant cannot join the conference.

§Media streams between an encrypted participant and the conference are encrypted, and media streams between a non-encrypted participant and the conference are not encrypted.

§For a conference with the encryption mode set to Optional, phones can join the conference only when they support Optional encryption. All IP phone models in the  UScale 7900 series support this mode.

§If you want to hold an encrypted conference, choose User > Global Service in the web management system, click Configure next to Meeting encryption, and set conference encryption mode to Encryption or User custom.

If Encryption Mode in Meeting Configuration is set to User custom and when an instant conference is initiated in the web self-service system, the encryption mode of the phone number must be the same as the setting of software parameter 464; otherwise, the instant conference fails to be initiated.

§When the phone number is set to no encryption, software parameter 464 needs to set to no encryption or optional encryption.

config softargu type 464 value 0 or config softargu type 464 value 1

§When the phone number is set to encryption, software parameter 464 needs to set to encryption or optional encryption.

config softargu type 464 value 2 or config softargu type 464 value 1

ϒ⁄Encrypted automatic switchboard

In encrypted calling of the automatic switchboard, whether a call is encrypted is decided by the encryption status of the calling party:

§If the encryption status is set to Optional or Mandatory for the calling party and the calling party is a broadband user (an intra-office SIP user or a user whose call is routed through a SIP trunk), the call is encrypted.

§If the encryption status is set to Disable for the calling party and the calling party is a broadband user, the call is not encrypted.

Configuration Method

The following describes how to configure the encryption status for POTS users, office routes, and conferences on the unified gateway.

ϒ⁄Configure the encryption status for a POTS user.

The following uses an existing POTS user as an example. For a newly created POTS user, the configuration is the same.

1.Log in to the web management system. Choose User > POTS User.

2.Modify a POTS number, and set Media stream encryption to the desired encryption status.

3.Click OK.

ϒ⁄Configure the encryption status for an office route.

The following uses an existing office route as an example. For a newly created office route, the configuration is the same.

1.Log in to the web management system. Choose Trunk > Office Route Configuration > Office Route.

2.Modify an office route, and set Media stream encryption to the desired encryption status.

3.Click OK.

ϒ⁄Configure the encryption status for a conference.

1.Log in to the web management system. Choose User > Global Service and click Configure next to Meeting encryption.

2.Select an encryption mode and click OK.z

ϒ⁄If No encryption is selected, users fail to schedule encrypted conferences.

ϒ⁄If Encryption is selected, users cannot schedule non-encrypted conferences.

Parent Topic: Advanced Configuration

 

 

< Previous topic >