Securing your VidyoConferencing system involves securing your VidyoPortal and your various components such as VidyoManager, VidyoRouter, and VidyoGateway. This section of the guide shows you how to secure your VidyoPortal. For specific information about securing VidyoGateway and VidyoReplay, refer to the security sections in the VidyoGateway and VidyoReplay Administrator Guides in the Vidyo Support Center at http://support.vidyo.com.
Before we secure your Vidyo server, it’s important to understand there are two security layers available for your VidyoConferencing system:
- HTTPS – The web standard involves setting up HTTPS and using Secure Socket Layer (SSL). This ensures secure browsing on your Vidyo server.
While support for HTTPS is standardly included in Vidyo products, it does require the purchase and acquisition of SSL certificate or certificates from a valid CA (Certificate Authority). You may implement HTTPS without enabling Vidyo’s Encryption to implement secure browsing only.
Enabling HTTPS secure browsing establishes secure connections between:
- The desktop user’s browser (also, the VidyoRoom System’s browser) and the Vidyo User portal.
- The browser connection to the Admin and Super Admin web pages.
- The VidyoManager, VidyoRouter, and VidyoProxy Configuration pages.
HTTPS uses standard SSL certification to provide secured browsing to these web pages, protecting usernames and passwords, and actions performed on the pages. Confidential information shared during a VidyoConference browsing session is protected from phishing and hacking attempts.
- Encryption – This is an additionally purchased Vidyo licensed feature (referred to as the Secured VidyoConferencing Option) which provides encrypted endpoint management, signaling, and media for end-to-end security for your entire VidyoConferencing system. Encryption is meant to be implemented in addition to (and not in place of) HTTPS.
This software option still requires the implementation of HTTPS including the purchase and acquisition of an SSL certificate or certificates from a valid CA (Certificate Authority). Once Encryption is enabled, all calls are secured and encrypted for all users and components. Mixing secured and non-secured calls is not currently supported.
Encrypted end-to-end security uses AES-128 encryption to secure the connection between:
- The VidyoDesktop and VidyoRoom clients and the VidyoManager (for licensing and management) and VidyoRouters (for signaling and media).
- Connections between all VidyoPortal components: VidyoPortal, VidyoManager, VidyoRouters, VidyoProxy, VidyoGateways, and VidyoReplays.
Confidential information shared during a VidyoConference is protected from hijacking and eavesdropping attempts.
To configure the Secured VidyoConferencing Option in your VidyoConferencing system, you must have a valid System Console account in order to access the VidyoManager, VidyoRouter, VidyoProxy, and VidyoGateway, Configuration pages.
For VidyoReplay, you must access the VidyoReplay Super Admin portal using your VidyoReplay Super Admin Account. For more information, refer to the VidyoReplay Administrator Guide.
The overall procedure involves performing the following sections in order: