Based on the enterprise security policy, IPSec (Internet Protocol Security) can be used between Lotus Sametime Unified Telephony and several applications in order to enable secure interfaces.
IPSec can be used between Lotus Sametime Unified Telephony and:
the external Telephony Control Server Assistant or MetaManagement application to protect the SOAP/SNMP (Simple Network Management Protocol) interface.
the external media server to protect the MGCP (Media Gateway Control Protocol) interface.
the Lotus Sametime ComAssistant or Telephony Application Server server to protect the CSTA III/XML interface.
the billing server to protect the FTP interface.
a third-party trusted host or peer server that is not bound to a known Lotus Sametime Unified Telephony element type.
The default security policy for the signaling IP addresses is to allow all sources to talk to the Lotus Sametime Unified Telephony signaling IP address/port. All ports are blocked for that IP address except the ones required for that signaling protocol.
The default security policy for the management and billing IP addresses is to allow all sources to talk to Lotus Sametime Unified Telephony with SSH (Secure Shell). All other ports on the management and billing IP addresses are blocked. As an option, access control can be applied to SSH to restrict which source addresses can log on to the Lotus Sametime Unified Telephony secure CLI interface.
Access control is mandatory for FTP, CORBA (Common Object Request Broker Architecture), and SNMP, with or without the use of IPsec.
Parent topic: IPSec (Internet Protocol Security)