Cisco Cisco TelePresence Video Communication Server Expressway
Enabling endpoints registered on the video network to call MOC/Lync clients registered on OCS/Lync
Cisco VCS Deployment Guide: Microsoft OCS 2007 R2, Lync 2010 and Cisco VCS X7.0
Page 42 of 104
Lync: configure Lync Server media encryption capabilities
By default Lync Server mandates the use of encrypted media. The headers used in Lync SRTP are
however different from those used by video network devices.
however different from those used by video network devices.
VCS has the capability to carry out on-the-fly modification of these headers if the Enhanced OCS
Collaboration option key is enabled on the “OCS/Lync gateway” VCS.
Collaboration option key is enabled on the “OCS/Lync gateway” VCS.
The choice of how to configure Lync’s encryption capabilities will depend on:
Is the connection between Lync and the “OCS/Lync gateway” VCS TLS?
- if it is not TLS, then crypto keys will not pass (they may only be sent over a secure – encrypted
signaling link), encryption must not be set to require on Lync server
- if it is not TLS, then crypto keys will not pass (they may only be sent over a secure – encrypted
signaling link), encryption must not be set to require on Lync server
does the “OCS/Lync gateway” VCS have the Enhanced OCS Collaboration option key enabled?
- if no, encryption must not be set to require on Lync server
- if no, encryption must not be set to require on Lync server
is the “OCS/Lync gateway” using the B2BUA?
- if no, encryption must be the same on the Lync server and in the video network
- if the B2BUA is in use and Encryption (in B2BUA Advanced settings) is set to Auto, the B2BUA
will allow calls with video side encrypted and Lync side not, Lync side encrypted and video side
not, both sides encrypted and both sides unencrypted
- if no, encryption must be the same on the Lync server and in the video network
- if the B2BUA is in use and Encryption (in B2BUA Advanced settings) is set to Auto, the B2BUA
will allow calls with video side encrypted and Lync side not, Lync side encrypted and video side
not, both sides encrypted and both sides unencrypted
do all video endpoints support encrypted media, and will they offer encrypted media when
initiating calls?
- if no, and the B2BUA is not in use, or is not configured to allow encryption to be different on Lync
and in the video network, encryption must not be set to require on Lync server
initiating calls?
- if no, and the B2BUA is not in use, or is not configured to allow encryption to be different on Lync
and in the video network, encryption must not be set to require on Lync server
In Lync the values:
RequireEncryption
,
SupportEncryption
,
DoNotSupportEncryption
are
allowed.
To configure the way Lync will handle encryption, use the command:
“
set-CsMediaConfiguration -EncryptionLevel
: <value>”
where <value> is one of:
RequireEncryption
,
SupportEncryption
,
DoNotSupportEncryption
.
For example:
C:\Users\administrator.CISCOTP> set-CsMediaConfiguration -EncryptionLevel
supportencryption
supportencryption
Note:
This parameter is a value communicated to Lync clients to affect its operation. To activate this
change on a Lync client, the Lync client must be logged off and logged back in again.
It may take a while for the parameter to be shared throughout the pool (up to an hour) so you
may have to wait a while before restarting the Lync clients for them take on the new value.
change on a Lync client, the Lync client must be logged off and logged back in again.
It may take a while for the parameter to be shared throughout the pool (up to an hour) so you
may have to wait a while before restarting the Lync clients for them take on the new value.
If the Enhanced OCS Collaboration option key is installed and the connection between the
Cisco VCS and Lync Server is TLS, then the default setting of the command set-
CsMediaConfiguration –EncryptionLevel RequireEncryption may be used. However, be aware
that if RequireEncryption is set, either the B2BUA must handle interworking encryption between
the video and Lync server, or all video endpoints must support encryption, otherwise calls will fail
– consider using SupportEncryption instead.
Cisco VCS and Lync Server is TLS, then the default setting of the command set-
CsMediaConfiguration –EncryptionLevel RequireEncryption may be used. However, be aware
that if RequireEncryption is set, either the B2BUA must handle interworking encryption between
the video and Lync server, or all video endpoints must support encryption, otherwise calls will fail
– consider using SupportEncryption instead.