Connect IP Devices to Teams with CyberGate
Enterprises use CyberGate to connect IP Devices to their Teams environment (Azure Tenant ID) with two-way audio and live video. Supported IP Devices are SIP Video Door Intercom, IP Paging System, or a SIP-enabled IP Camera. These devices use the Session Initiated Protocol (SIP) to set up and tear down calls to CyberGate, which will deliver the audio + video call to its destination: Teams user "firstname.lastname@example.org".
So … what is Secure SIP?
CyberGate is a transactable Software-as-a-Service (SaaS) hosted in Microsoft Azure. Secure SIP is a new feature released in July 2022 which secures and protects the connection between your connected IP Device and CyberGate in Azure.
Secure SIP is comprised of the following:
- SIP - Transport Layer Security (SIP-TLS) - SIP is the protocol to set up audio & video communications from the connected IP Device to CyberGate (and vice versa). TLS is the most widely adopted security protocol to provide communications security over an IP network. TLS provides a set of cryptographic functions for authenticity, data integrity checks, and encryption of communications. CyberGate supports only the secure TLS version 1.2. TLS versions 1.0 and 1.1 are not supported because the IETF has deprecated these.
- Secure Real-time Transport Protocol (Secure RTP or SRTP), RTP is used to transfer the actual "payload" in our case, the audio and video exchanged between, e.g., a Video Door Intercom where visitor Vincent calls into Teams User Rembrandt. Secure RTP enforces the Advanced Encryption Standard (AES) algorithm to encrypt and decrypt all incoming and outgoing messages and protects against replay attacks. The authentication mechanism provides a means to validate a message's authenticity and integrity.
Necessary: to make use of the new Secure SIP feature in CyberGate, your connected IP Device must also support Secure SIP (SIP-TLS and SRTP)
Is Secure SIP supported on my connected IP Device?
Our Compatibility List documents for each Manufacturer whose Device Type and Model passed the interoperability test. In the coming weeks, we will add a new "tag" in the Compatibility List that indicates if Secure SIP – SIP TLS and SRTP - is supported on that particular Device. For the following Manufacturers / Devices, we’ve already completed the Secure SIP interop test: Commend (OD1, ID5, OD5, OD10), 2N (IP Base, Solo, Verso, Vario, Force), AXIS (A8105-E).
Please note that you may need to purchase an additional software license from your Device Manufacturer or Channel Partner to enable Secure SIP.
How to enable Secure SIP for your IP Device connected to CyberGate?
Enable & configure Secure SIP (SIP TLS and SRTP) in your connected IP Device, and from that point onwards, CyberGate communicates with your device using Secure SIP.
Can we enforce Secure SIP in CyberGate for all our connected IP Devices?
Yes. Refer to the "Secure Only" option in the CyberGate Management Portal. The "Secure only" option enforces the use of Secure SIP for communications with all your connected IP Devices registered for your Teams environment (Azure Tenant ID). This also means that any existing or newly added IP Device that doesn’t support - or is not configured for - Secure SIP will not be able to communicate to CyberGate (anymore).
The (outbound) Firewall rules for (Secure) SIP are:
- For SIP: Port 5060 TCP and UDP
- For SIP-TLS: Port 5061 TCP
- For (S)RTP audio & video: UDP 30000 – UDP 30199
Need help determining if your IP Device supports Secure SIP? Contact your equipment manufacturer, or reach out to CyberTwice.