How do I enable encryption on my Dante network?
Dante media encryption is a feature of managed Dante networks to protect the confidentiality of media transmitted between Dante endpoints.
Prerequisites
-
Your Dante enabled devices must have recently released firmware capable of running Dante media encryption.
-
Your Dante enabled devices must be enrolled in a managed Dante network – such as Dante Director (available now) or Dante Domain Manager (feature coming soon).
-
You must have an Administrator user role in Dante Director or Dante Domain Manager (Restricted users are unable to make changes to the security policies within a network).
Secure by default
Managed Dante networks have introduced an “encryption policy” which is specified in Dante Director. Network administrators can put the transmit channels of a device into a “compatible” or “strict” policy to determine what enforcement level is required in different parts of a network.
A compatible policy (default) will attempt to make an AES-256 encrypted flow for a new subscription however, if the receiving channel is not capable of decryption, the flow creation will fall-back to an unencrypted flow for compatibility with existing Dante enabled devices.
A strict policy enforces that all new media flows will be protected with AES-256 encryption. If the receiving channel is not capable of decrypting the flow the flow creation will fail – with a corresponding error message.
It is not possible to force networks to use unencrypted media transport.
