01-16-2007 12:22 PM - edited 03-14-2019 07:34 PM
We are looking at rolling out encryption on our CM 4.2 cluster. Does anyone have any experience doing this and if so are their any reasons we should not?
01-18-2007 12:50 PM
any one... any one....
bueller...
01-18-2007 12:59 PM
Tim,
I have done this only in lab environment with 4.1. Encryption was brought into CM world for the military.My advise to you is that unless there is a strict requirement for encryption, dont enable the feature.
It works pretty well if you make sure your time is sync'ed properly while generating certificates and all that. Also make sure that you get two USB tokens and safely store them as the first one is your master key.
Downsides include auto registration turned off system wide. Also conference calls today doesnt support encryption. For signalling traffic to be encrypted (especially for MGCP) you have to setup ipsec tunnels from the IPSEC management console. (CM 5.1 is a lot better from an administrative stand point to setup ipsec).
Deploying remote sites with encryption with SRST can be a pain. There is currently no way other than manual cut and paste of certificate information into the router. I was successfully able to lab it in a few hours time, but i really do hate the procedure involved in setting up Secure SRST.
When deploying remote sites you should also consider the extra bandwidth required for secure calls.
HTH
Sankar
PS: please remember to rate posts!
01-18-2007 04:03 PM
Thank you for the info. We are local lan only and are doing this to be hipaa and sox compliant. So to understand, I will not be able to do this on my 7935 conference phones because they do not support encryption on 4.2?
01-18-2007 04:37 PM
I meant to say that when three phones are in a conference, even if the phones are capable of encryption on a peer-peer call, the conference will be non-encrypted. Limitation of Conf bridge. Also here are some of the specifics of what calls are encrypted and what is not.
a. When encrypted phones call each other, you get a lock sign indicating that the call is encrypted.
b. When encrypted phones call a non encrypted phones, the call is not encrypted
c. non encrypted phones continue calls without encryption
d. When three encrypted phones are in a conference, the call is not encrypted (limitation of conf bridge)
e. When an encrypted phone calls a MGCP or H323 gateway, (which has encryption config on it), a lock sign is shown on the phone, indicating the call is encrypted.
f. When an encrypted phone calls Unity voice mail that is encryption enabled, a lock sign is shown on the phone, indicating call is encrypted.
Sankar
PS: please remember to rate posts!
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: