administration.fm
A31003-S2010-M100-18-76A9
OpenStage HFA Family, Administration Manual
3-41
Administration
System Settings
3.5.11
Security
OpenStage phones support two security options, which are mutually exclusive:
•
H.235 Authentication and Encryption
•
PKI-based SPE (Signaling and Payload Encryption)
The security settings are be configured separately for the main gateway and for the fallback
gateway (standby) when using SRSR (Small Remote Site Redundancy).
Secure H.235 main/standby
sets the stage of security for communication between phone and
gatekeeper. When set to "None", there is no voice encryption. When set to "Partial", only the
data sent from the phone to the gatekeeper is encrypted. With "Full", the data sent in both di-
rections is encrypted.
The
Time H.235 main/standby
parameter defines a time window in milliseconds for the gate-
way. The gateway only accepts messages which arrive within this time window.
The
Signalling transport main/standby
parameter selects the protocol to use for signalling.
TCP and TLS are avaliable.
Certificate validation main/standby
determines whether the phone certificate used for en-
crypted logon via TLS is checked against the certificate on the gateway.
Data required
•
Secure H.235 main
: Security stage for communication when the main gateway is in use.
Value range: "None", "Partial", "Full".
•
Secure H.235 standby
: Security stage for communication when the standby gateway is in
use.
Value range: "None", "Partial", "Full".
•
Time H.235 main
: Time window length in ms when the main gateway is in use.
•
Time H.235 standby
: Time window length in ms when the main gateway is in use.
•
Signalling transport main
: Protocol to use for signalling when the main gateway is in use.
Value range: "TCP", "TLS".
•
Signalling transport standby
: Protocol to use for signalling when the standby gateway is
in use.
Value range: "TCP", "TLS".
•
Certificate validation main
: Check the phone certificate against the gateway certificate
when the main gateway is in use.
Value range: true, false.
•
Certificate validation standby
: Check the phone certificate against the gateway certifi-
cate when the main gateway is in use.
Value range: true, false.
>
For further information on deploying SPE, please refer to the manual of the HiPath
system in use, and to the Deployment Service Administration manual.