Subscribe via RSS Feed Connect on LinkedIn

How to enable Lync Media Bypass over TCP (rather than TLS)

07/10/2012 6 Comments

I’ve had this question a couple of times so thought it might make a good post.

Media-Bypass allows a Lync client and gateway to transmit media (RTP) directly between each other, you are “bypassing” the Mediation Server (in OCS media had to go via a mediation server). Signalling will still go via the Mediation Server.  Note: Using TCP will mean your media traffic is running over the network in the clear.

Lync certified gateways should support Media Bypass. The default way to install these is with a TLS connection, but if for whatever reason you want to use TCP, Media Bypass is still supported. I have set this up with Sonus (NET) UX gateways and Cisco ISR’s, it should apply equally to other gateways.

There are three settings on Lync you need to get lined up.

Ensure your trunk to your gateway is setup to Encryption Not Supported and Enable Media Bypass is ticked

image

Ensure your CAC settings allow the gateway and users to do Media Bypass or you have always Bypass on

image

The above settings (apart from encryption) are the same on TLS, this is the unique setting:

set-csmediaconfiguration –identity global –encryptionlevel supportencryption

This allows the clients to make a non-encrypted connection directly to the gateway

image

The Sonus UX gateways have a nice feature on the Web GUI of showing you when calls are in Bypass with a “B” on the call watcher

image

You can also find out after a call via the monitoring server reports:

User Activity Report –> <user you want to look for> –> Details –> Media Quality Report –> Call Information –> Mediation Server bypass call (true/false). (source)

Take a second to share this, thanks, TomTwitter16LinkedIn1Facebook11Google+3
Tom Arbuthnot

Tom Arbuthnot

Managing Consultant at Modality Systems
Tom Arbuthnot is a Microsoft Lync Certified Master and MVP. He is currently Managing Consultant at Modality Systems. Tom is actively involved in the global Unified Communications community. He is a founding member of the Microsoft UC User Group London, a contributing writer to Lync Server 2013 Unleashed and a technical reviewer for Trainsignal. Modality Systems is a UC Centre of Excellence – specializing in strategy, infrastructure, user adoption, managed services and software development.
Tom Arbuthnot
Tom Arbuthnot
Filed in: vendor • Tags: , ,

Comments (6)

Trackback URL | Comments RSS Feed

  1. Alan Klein says:

    Hey Tom,

    Thanks for your regular valuable content. For the sentence, “Note: Using TCP will mean your media traffic is running over the network in the clear.”, I believe you wanted to say your signaling traffic will be in the clear.

    As well, your media traffic will also be in the clear since SRTP will not be used (since the media encryption keys would be exposed in the SDP body of the non-encrypted SIP signaling), media traffic often uses UDP on the internal enterprise LAN.

    • Hi Alan,

      Thanks for the comment.

      Media will be in the clear, direct from the client to the gateway.

      Signalling from client to med should still by encrypted (though I haven’t physically tested this), signalling from med – GW will be TCP/in the clear.

      Any thoughts?

      cheers

      Tom

  2. So signaling traffic and media are both in the clear using TCP?

  3. Gilberto says:

    Tom, how can i know the VX 1800 from NET is capable to support media bypass. On the Microsoft Supported IP PBX & Gateways it shows VX1800 as enhanced Gateway and Qualified with SRTP & TLS. Does that mean it supports media bypass?

    thanxs

Leave a Reply