Polycom RealPresence Collaboration Server (RMX) 1500/2000/4000 Administrator’s Guide
4-42 Polycom, Inc.
The option “Encrypt When Possible” enables the negotiation between the MCU and the
endpoints and let the MCU connect the participants according to their capabilities, where
encryption is the preferred setting. Defined participants that cannot connect encrypted are
connected non-encrypted, with the exception of dial-out SIP participants.
The same system behavior can be applied to undefined participants, depending on the
setting of the System Flag
FORCE_ENCRYPTION_FOR_UNDEFINED_PARTICIPANT_IN_WHEN_AVAILABLE_MODE:
• When set to NO and the conference encryption in the Profile is set to “Encrypt When
Possible”, both Encrypted and Non-encrypted undefined participants can connect to the
same conferences, where encryption is the preferred setting.
• When set to YES (default), Undefined participants must connect encrypted, otherwise
they are disconnected.
For defined participants, connection to the conference is decided according to the encryption
settings in the conference Profile, the Defined Participant’s encryption settings.
For undefined participants, connection to the conference is decided according to the
encryption settings in the conference Profile, the System Flag setting and the connecting
endpoint’s Media Encryption capabilities.
Direct Connection to the Conference
Table 4-14, summarizes the connection status of participants, based on the encryption
settings in the conference Profile, the Defined Participant’s encryption settings or the System
Flag setting for undefined participants and the connecting endpoint’s Media Encryption
capabilities.
• When the conference encryption is set to "Encrypt when possible", dial out SIP participants
whose encryption is set to AUTO can only connect with encryption, otherwise they are
disconnected from the conference.
• In CISCO SIP environments, dial in endpoints that are registered to CUCM can only connect as
non-encrypted when the conference encryption is set to "Encrypt when possible" as the CUCM
server sends the Invite command without SDP.
Table 4-14 Connection of Defined and Undefined H.323, SIP and ISDN Participants to the
Conference Based on the Encryption Settings
Conference
Encryption
Setting
Defined Participant Undefined Participant
Encryption
Setting
Connection status
Connection
Status
*Flag = No
Connection
Status
*Flag = YES
No
Encryption
Auto Connected,
non-encrypted
Connected
non-encrypted
(Encryption is not
declared by the
RMX, therefore
the endpoint does
not use
encryption)
Connected
non-encrypted
(Encryption is not
declared by the
RMX, therefore
the endpoint does
not use
encryption)
No Connected,
non-encrypted
Yes Connected only if
encrypted.
Non-encrypted endpoints
are disconnected as
encryption is forced for the
participant.