Dante media encryption is a feature of managed Dante networks to protect the confidentiality of media transmitted between Dante endpoints.
Prerequisites
Your Dante enabled devices must have recently released firmware capable of running Dante media encryption.
Your Dante enabled devices must be enrolled in a managed Dante network – such as Dante Director (available now) or Dante Domain Manager (feature coming soon).
You must have an Administrator user role in Dante Director or Dante Domain Manager (Restricted users are unable to make changes to the security policies within a network).
Secure by default
Managed Dante networks have introduced an “encryption policy” which is specified in Dante Director. Network administrators can put the transmit channels of a device into a “compatible” or “strict” policy to determine what enforcement level is required in different parts of a network.
A compatible policy (default) will attempt to make an AES-256 encrypted flow for a new subscription however, if the receiving channel is not capable of decryption, the flow creation will fall-back to an unencrypted flow for compatibility with existing Dante enabled devices.
A strict policy enforces that all new media flows will be protected with AES-256 encryption. If the receiving channel is not capable of decrypting the flow the flow creation will fail – with a corresponding error message.
It is not possible to force networks to use unencrypted media transport.