Chapter 2-Additional Conferencing Information
2-30
Media Encryption
Encryption is available at the conference and participant levels, based on
AES 128 (Advanced Encryption Standard) and is fully H.233/H.234
compliant and the Encryption Key exchange DH 1024-bit (Diffie-
Hellman) standards.
Media Encryption Guidelines
• Encryption is not available in all countries and it is enabled in the
MCU license. Contact Polycom Support to enable it.
• Endpoints must support both AES 128 encryption and DH 1024 key
exchange standards which are compliant with H.235 (H.323) to
encrypt and to join an encrypted conference.
• The encryption mode of the endpoints is not automatically
recognized, therefore the encryption mode must be set for the
conference or the participants (when defined).
• Media Encryption for ISDN/PSTN participants is implemented in RMX
systems with MPM+ cards only.
• Conference level encryption must be set in the Profile, and cannot be
changed once the conference is running.
• If an endpoint connected to an encrypted conference stops encrypting
its media it is disconnected from the conference.
• Mixing encrypted and non-encrypted endpoints in one conference is
possible, based on system flag settings:
(ALLOW_NON_ENCRYPT_PARTY_IN_ENCRYPT_CONF).
The behavior is different for H.323 and ISDN participants.
• In Cascaded conferences, to encrypt the conferences the link between
the cascaded conferences must be encrypted.
• Media Encryption for ISDN/PSTN (H.320) participants is not
supported in cascaded conferences.
• The recording link from an encypted conference to the RSS set to
encryption can be encrypted. For more details, see "Recording Link
Encryption” on page 10-5.
You can define whether access to conferences for encrypted and non-
encrypted participants is done at the conference level or at the participant
level.
