Topic Last Modified: 2011-05-15
Microsoft Lync Server 2010 uses Microsoft Exchange Server 2010, Exchange Server 2010 with Service Pack 1 (SP1), and Microsoft Exchange Server 2007 with Service Pack 2 (SP2) Unified Messaging (UM) to provide voice mail, missed call notification, and auto-attendant services. An Exchange UM dial plan supports three different security levels: Unsecured, SIPSecured, and Secured. You configure security levels by means of the UM dial plan’s VoipSecurity parameter. The following table shows appropriate dial plan security levels depending on whether MTLS, SRTP, or both are enabled or disabled.
Table 1. VoIPSecurity Values for Various Combinations of Mutual TLS and SRTP
| Security Level | Mutual TLS | SRTP |
|---|---|---|
|
Unsecured |
Disabled |
Disabled |
|
SIPSecured |
Enabled (required) |
Disabled |
|
Secured |
Enabled (required) |
Enabled (required) |
When integrating Exchange UM with Lync Server 2010, you need to select the most appropriate dial plan security level for each voice profile. In making this selection, you should consider the following:
- MTLS between Exchange UM and Lync Server is the default
configuration. Therefore, the dial plan security level of
SIPSecured or Secured is recommended. The use of SIP dial plans
with a security level of Unsecured is not supported.
- If you set the dial plan security to SIPSecured, SRTP is
disabled. In this case, the Microsoft Lync 2010 client encryption
level must be set to rejected or optional.
- If you set the dial plan security to Secured, SRTP is enabled
and required by Exchange UM. In this case, the Lync 2010 client
encryption level must be set to optional or required.