locked
Media Encryption Policy Question RRS feed

  • Question

  • Can anyone explain how the client-side encryption policies and the server-side encryption policies interact?  Each Office Communicator client can be configured with an encryption policy in its registry settings (i.e. required, supported, ...) and the FE server pool can be also be configured to require or support encryption.  Which takes precedence?  Does the server modify the SDP parameters to enforce its encryption policy?

    Thanks,

    Mike
    Thursday, January 15, 2009 9:58 PM

All replies

  • According to the Voice Ignite documentation the 'PC2PCAVEncryption' client-side group policy setting can override the server-side A/V Conferencing encryption settings.  Pre-2007 clients only support TLS but OCS (including R2) clients will use Secure Realtime Protocol (SRTP) for communications.  Also keep in mind that an ExchangeUM dialpan will need to be set to SIPSecured as well if SRTP is used.

    Here are some more details on the PC2PCAVEncryption group policy setting for the OC client:
    http://blogs.technet.com/ucspotting/archive/2008/12/24/connecting-communicator-r2-to-exchange-um.aspx

    Jeff Schertz, PointBridge | MVP | MCITP: Enterprise Messaging | MCTS: OCS
    Sunday, January 18, 2009 2:42 PM
    Moderator