locked
how to make sure SRTP is being used when using UCMA without Lync RRS feed

  • Question

  • In 'IVR Standalone Mode' (where UCMA is running without Lync) with our UCMA applications handling incoming calls, we would like to ensure the SIP traffic is encrypted. Lets assume out SIP telephony provider is able to support SRTP, what needs to happen on the 'UCMA side' to support SRTP? Is this just doing some configuration? Or does is there something in the UCMA application has to do in code (e.g. like maybe applying a template to the audioVideoFlow that specifies encryption is required)? I assume that if our SIP telephony provider is configured to send us calls using SRTP that if we are not properly set up on the UCMA side, the calls will just end up not getting connected. Does a certificate need to be installed to support this? and once installed, what needs to happen in the UCMA application (or configuration) so the certs are used?

    Sorry if the question isn't that clear, or isn't worded quite right. I'm clearly not so knowledgeable about this topic.

    Thanks for the help.

    Saturday, April 7, 2012 12:48 AM

Answers

  • If I understand your question correctly, then your UCMA app is handling incoming calls.  If they are SRTP calls, then the SDP that your provider sends to the UCMA app should include "RTP/SAVP" in the audio media line to indicate that it wants to use SRTP for the audio data.

    On the UCMA side, you need to have installed a certificate that your app will use to authenticate itself to the provider.  Take a look at the UCMA SDK documentation for details on the requirements for this cert.  You provider will also need to have a cert your app will trust to authenticate itself to your UCMA app.  You might have already done this when you configured your app in the first place.

    If your UCMA app is using TLS for connections, and the provider sends the appropriate SDP, then the UCMA app will negotiate the use of SRTP for the incoming session.


    Oscar Newkerk

    Oscarnew Consulting

    • Proposed as answer by Oscarn Sunday, April 8, 2012 2:23 AM
    • Marked as answer by Kai Strandskov [Msft] Wednesday, April 18, 2012 9:28 PM
    Sunday, April 8, 2012 2:23 AM