Encryption for Office Communications Server 2007 R2
Microsoft Office Communications Server 2007 and Microsoft Office Communications Server 2007 R2 will reach end of support on January 9, 2018. To stay supported, you will need to upgrade. For more information, see Resources to help you upgrade your Office 2007 servers and clients.
Office Communications Server 2007 R2 uses TLS and MTLS to encrypt instant messages. All server-to-server traffic requires MTLS, regardless of whether the traffic is confined to the internal network or crosses the internal network perimeter. TLS is optional but recommended between the Mediation Server and media gateway, If TLS is configured on this link, MTLS is required. Therefore, the gateway must be configured with a certificate from a CA that is trusted by the Mediation Server.
Requirements for client-to-client traffic depend on whether that traffic crosses the internal corporate firewall. Strictly internal traffic can use either TLS, in which case the instant message is encrypted, or TCP, in which case it is not.
Note
If you enable public IM connectivity, be aware that while communications between Office Communications Server and the public IM server are encrypted, communications between the public IM server and the public IM client might not be encrypted, depending on whether encryption is provided by the public IM provider. For details, see the Knowledge Base article Known issues that occur with public instant messaging after you install Live Communications Server Service Pack 1 at https://go.microsoft.com/fwlink/?LinkId=145242.
The following table summarizes the protocol requirements for each type of traffic.
Table 1. Traffic Protection
Traffic type | Protected by |
---|---|
Server-to-server |
MTLS |
Client-to-server |
|
Instant messaging and presence |
TLS (if configured for TLS) |
Audio and video and desktop sharing of media |
SRTP |
Desktop sharing (signaling) |
TLS |
Web conferencing |
TLS |
Meeting content download, address book download, distribution group expansion |
HTTPS |
Media Encryption
All media traffic is encrypted using Secure RTP (SRTP), a profile of Real-Time Transport Protocol (RTP) that provides confidentiality, authentication, and replay attack protection to RTP traffic. In addition, media flowing both directions between the Mediation Server and its internal next hop is also encrypted using SRTP. Media flowing in both directions between the Mediation Server and a media gateway is not encrypted. The Mediation server can support encryption to the media gateway, but the gateway must support MTLS and storage of a certificate.