Polycom 7000 manual System Security, Local Cluster Configuration

Page 4

Contents

System Security

37

Security Certificates Overview

37

How Certificates Work

37

Forms of Certificates Accepted by the Polycom RealPresence DMA System

37

How Certificates Are Used by the Polycom RealPresence DMA System

38

Frequently Asked Questions

40

Certificate Settings

41

Certificate Information Dialog

42

Certificate Signing Request Dialog

42

Add Certificates Dialog

43

Certificate Details Dialog

43

Certificate Procedures

44

Install a Certificate Authority’s Certificate

44

Create a Certificate Signing Request in the RealPresence DMA System

45

Install a Certificate in the RealPresence DMA System

46

Remove a Certificate from the RealPresence DMA System

47

Security Settings

48

The Consequences of Enabling Maximum Security Mode

53

Enabling File Uploads in Maximum Security with Mozilla Firefox

55

Login Policy Settings

55

Local Password

56

Session

56

Local User Account

57

Banner

58

Access Policy Settings

58

Reset System Passwords

59

Local Cluster Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61

Network Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61 Routing Configuration Dialog . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66 Time Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67 Licenses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68 Licenses for the Appliance Edition . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68 Licenses for the Virtual Edition . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69 Signaling Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70 H.323 and SIP Signaling . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70 Add Guest Port Dialog . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74 Edit Guest Port Dialog . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75 Add Guest Prefix Dialog . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76 Edit Guest Prefix Dialog . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77

Polycom, Inc.

4

Page 3 Page 5
Image 4
Page 3 Page 5
Contents Polycom RealPresence DMA 7000 System Page Contents Local Cluster Configuration System SecurityDevice Management MCU Management Integrations with Other SystemsConference Manager Configuration SuperclusteringCall Server Configuration Site TopologySystem Management and Maintenance Users and GroupsContents 361 System Reports Polycom RealPresence DMA System Snmp SupportPolycom RealPresence DMA System’s Primary Functions Introduction to the Polycom RealPresence DMA SystemConference Manager Call Server RealPresence Platform APISVC Conferencing Support Polycom RealPresence DMA System’s Three Configurations Two-server Cluster ConfigurationSingle-server Configuration System Capabilities and Constraints Settings System Port UsagePort Protocol Description Embedded DNSSend Usage Data Polycom Solution Support Accessing the Polycom RealPresence DMA SystemWorking in the Polycom RealPresence DMA System Field Input RequirementsSettings Dialog Menu/Icon Admin Provisioner AuditorMenu/Icon Admin Provisioner Auditor Menu/Icon Admin Provisioner Auditor Menu/Icon Admin Provisioner Auditor Open Source Software License InformationModifying Open Source Code To replace an Lgpl library with your modified versionSystem configuration Confirming configurationAdditional DNS Records for SIP Proxy Additional DNS Records for the Optional Embedded DNS Feature Additional DNS Records for the H.323 GatekeeperVerify That DNS Is Working for All Addresses License the Polycom RealPresence DMA SystemLicense the RealPresence DMA System, Appliance Edition Set Up Signaling License the RealPresence DMA System, Virtual EditionSet Up Security Set Up MCUs Connect to Microsoft Active Directory Set Up Conference Templates Test the System Security Certificates Overview How Certificates WorkDER System Security Frequently Asked Questions Certificate Settings Column DescriptionCertificate Signing Request Dialog Certificate Information DialogField Description Certificate Details Dialog Add Certificates DialogSection Description Certificate Procedures Install a Certificate Authority’s CertificateTo install a certificate for a trusted root CA Go to Admin Local Cluster CertificatesTo create a certificate signing request Actions list, select Add CertificatesActions list, select Display Details Actions list, select Create Certificate Signing RequestInstall a Certificate in the RealPresence DMA System Remove a Certificate from the RealPresence DMA System To remove a Trusted Root CA’s certificateActions list, select Delete Certificate Security SettingsCertificate Details dialog appears High security Field Description Maximum securityCustom security Servers, not to allow ongoing use of unencrypted connections Server in the Polycom RealPresence DMA system To change the security settings Go to Admin Local Cluster Security SettingsConsequences of Enabling Maximum Security Mode On the Troubleshooting Utilities menu, Top is removedSystem Security Login Policy Settings Local Password Field Description Password ManagementPassword Complexity SessionLocal User Account UnlimitedField Description Account Lockout Account InactivityBanner Access Policy SettingsCustom Reset System Passwords To reset system passwordsWait a few minutes to log back in. See also Local Cluster Configuration Network SettingsField Description Server DhcpField Description Shared Management Network SettingsTurn on Auto-negotiation or set Speed and Duplex manually Shared Signaling Network General System NetworkRouting Configuration Dialog IPv6address%eth0Time Settings Licenses Licenses for the Appliance EditionField Description Active License Activation KeysCluster Network Settings Licenses for the Virtual EditionSee Automatically Send Usage Data for more information DMA HostSignaling Settings SIP SignalingSIP Device Authentication Device AuthenticationUntrusted SIP Call Handling Configuration Signaling Settings Fields Field Description SettingsSIP Settings Add Guest Port Dialog FieldSecurity Settings page. See Security Settings Edit Guest Port DialogAdd Guest Prefix Dialog Logging Settings Edit Guest Prefix DialogAlerting Settings Add Licenses Local Cluster Configuration ProceduresAlert ID Threshold Condition Description Go to Admin Local Cluster Licenses To request a software activation key code for each serverTo enter license activation key codes Select Product ActivationTo configure signaling Configure SignalingGo to Admin Local Cluster Signaling Settings Under Unauthorized ports, click Add Under Unauthorized prefixes, click AddTo configure logging Configure LoggingAutomatically Send Usage Data See the Collected Data Enable or Disable Automatic Data CollectionTo see the collected data Device Management Active CallsCall Details Dialog Tab/Field/Column Description Call Info On the Call Server Settings Tab/Field/Column Description BandwidthCall Events Subscription EventsTab/Field/Column Description Property Changes EndpointsQoS Registration policy script see Registration Policy Command Description Server SettingsRegistration Policy Names/Aliases in a Mixed H.323 and SIP Environment RegistrationsDevice Management Add Endpoint Dialog Edit Device Dialog Edit Devices Dialog Site Statistics Add Alias DialogEdit Alias Dialog Associate User DialogSite Link Statistics External Gatekeeper ColumnAdd External Gatekeeper Dialog Authentication ModeColumn Description External Gatekeeper Edit External Gatekeeper Dialog PostliminaryThis script to open the Script Debugging Dialog for External SIP Peer Multiple External SIP PeersAdd External SIP Peer Dialog Field Description External SIP PeersUDP Domain List Authentication Field Description PostliminaryTemporarily select Use customized script To header optionsLync Integration External Registrations Edit External SIP Peer DialogField Description External SIP Peer Host/domain name Routed to this peer server Polycom, Inc 112 Lync Integration To Header Format Options SIP Peer Postliminary Output Format OptionsExternal Registration Default To header for Microsoft. Equivalent to template Request-URI Header Format OptionsFree Form Template Variables Default Request-URI for Microsoft Equivalent to templateVariable Description Original To Header Template Result To Header and Request-URI Header ExamplesOriginal Request-URI Header Template Result Add Authentication Dialog Edit Authentication DialogAdd Outbound Registration Dialog Template VariablesEdit Outbound Registration Dialog External H.323 SBC Add External H.323 SBC Dialog Column Description External H.323 SBCEdit External H.323 SBC Dialog Polycom, Inc 124 MCU Management MCUsPage Polycom, Inc 127 See SVC Conferencing Support Policy Not to make or receive calls Add MCU Dialog Field Description External MCUManagement IP address Prefix Dialog Gateway Selection ProcessGateway Profiles Media IP AddressesEdit MCU Dialog Management IP address Polycom, Inc 137 Polycom, Inc 138 Add Session Profile Dialog Edit Session Profile DialogMCU Procedures Isdn Gateway Selection ProcessTo view information about an MCU To add an MCUTo edit an MCU To delete an MCU MCU Pools Add MCU Pool Dialog CommandEdit MCU Pool Dialog MCU Pool Procedures To add an MCU PoolTo edit an MCU Pool To delete an MCU PoolMCU Pool Orders Add MCU Pool Order Dialog Edit MCU Pool Order Dialog MCU Selection ProcessMCU Availability and Reliability Tracking 24% MCU Pool Order Procedures To view the MCU Pool Orders listTo add an MCU Pool Order To edit an MCU Pool OrderTo delete an MCU Pool Order Integrations with Other Systems Microsoft Active Directory IntegrationMicrosoft Active Directory Field Description Connection Status Conference Settings Field Description Active Directory ConnectionUnderstanding Base DN Enterprise Conference Room ID GenerationEnterprise Chairperson and Conference Passcode Generation Active Directory Integration Procedure To integrate with Active DirectoryPolycom, Inc 160 Understanding Base DN Polycom, Inc 162 Adding Passcodes for Enterprise Users When you click Update on the Microsoft Active Directory About the System’s Directory QueriesGroup Search User SearchGlobal Group Membership Search Attribute Replication Search Configurable Attribute Domain SearchDomain Search Service Account Search Microsoft Lync 2013 IntegrationLync 2010 vs. Lync 2013 Integration Scheduled Conferences with Polycom RealConnectAutomatic Contact Creation and Configuration Active Directory Service Account PermissionsLync and non-Lync Endpoint Collaboration Considerations and Requirements for Lync 2013 IntegrationLync 2010 and 2013 Client / Server Feature Support Integrate RealPresence DMA and LyncDiagnose Presence Problems Microsoft Exchange Server IntegrationDifferences between Calendaring and Scheduling Polycom Solution and Integration SupportMicrosoft Exchange Server Exchange Server Integration Procedure RealPresence Resource Manager Integration Page RealPresence Resource Manager Join RealPresence Resource Manager Dialog RealPresence Resource Manager Integration Procedures To integrate with a RealPresence Resource Manager system Juniper Networks SRC Integration Juniper Networks SRCJuniper Networks SRC Integration Procedure To configure SRC integrationConference Manager Configuration Conference SettingsPresence Publishing Create Polycom conference contacts check box is enabled Contacts presence settings belowField Maximum Polycom conference contacts to publish Class of Service Default Polycom Conference Contacts Presence SettingsGo to Admin Conference Manager Conference Settings To specify conference settingsRemove Contacts from Active Directory Dialog Two Types of Templates Conference TemplatesSelect Publish presence for Polycom conference contacts Standalone Templates About Conference IVR Services Template PriorityAbout Cascading Cascading for Bandwidth Cascading for SizeCascading for Bandwidth Cascading for Size Field Description Common Settings RMX General SettingsConference Templates List Add Conference Template DialogMany of the MCUs have that profile for instance, 2 Cascade for bandwidth LPR Video switching is selected Field Description RMX Gathering SettingsRMX Video Quality  Conference mode is set to AVC only RMX Video Settings TIP compatibility is set to either None or Video Only OptimizedTelepresence mode is Yes GuideField Description RMX Audio Settings RMX SkinsRMX Conference IVR See Shared Number DialingRMX Site Names RMX RecordingCisco Codian Edit Conference Template Dialog Polycom, Inc 205 Field Description LPR Field Description RMX Gathering Settings  Conference mode is set to AVC only Polycom, Inc 210 Polycom, Inc 211 RMX Site Names Cisco Codian Conference Templates Procedures Go to Admin Conference Manager Conference TemplatesSelect Layout Dialog To select a video frames layoutClick the RMX General Settings tab To edit a conference templateTo change a conference template’s priority To delete a conference templateIVR Prompt Sets Prompt File Name Prompt Text Shared Number Dialing Polycom, Inc 219 Polycom, Inc 220 Conference Settings plus VEQ number Add Virtual Entry Queue DialogField Description Virtual Entry Queue Prompt SetsAdd Direct Dial Virtual Entry Queue Dialog Edit Virtual Entry Queue DialogEdit Direct Dial Virtual Entry Queue Dialog Script Debugging Dialog for VEQ Scripts Dialstring = sipxxx@10.33.120.58Sample Virtual Entry Queue Script Superclustering About SuperclusteringDMAs Polycom, Inc 228 Following table describes the fields on Join Supercluster Dialog Supercluster Procedures To create or join a superclusterTo remove a cluster from the supercluster Actions list, select Remove from SuperclusterCall Server Configuration About the Call Server CapabilitiesField Description General Settings Call Server SettingsModifications For the called endpoint For SIP calls gatewayed to an See External Gatekeeper Field Description Gatekeeper Blacklist Settings DomainsMycompany domains, this would not match eng.mycompany.com Dial Rules Test Dial Rules Dialog Sipsrbruce@10.47.7.9 Rule Effect Default Dial Plan and Suggestions for ModificationsSee Edit Site Dialog Polycom, Inc 244 H323xxxx@enterprisepartner.com Field Description Dial Rule Add Dial Rule DialogPreliminary Default port of the signaling protocol Template configured in Admin Conference Manager Conference Conference Manager Conference SettingsConference template MCU pool orderWeighted round-robin All in parallel forkingEdit Dial Rule Dialog Block Blocks the call Resolve to IP address Polycom, Inc 252 Polycom, Inc 253 Predefined Preliminary/Postliminary Scripting Variables Preliminary/Postliminary ScriptingVariable Initial value Preliminary/Postliminary Scripting Functions Usage exampleReturn value Function name and parameters DetailsReturn value None How Dial Rule Actions Affect SIP Headers Dial rule action Output SIP headersScript Debugging Dialog for Preliminaries/Postliminaries See Preliminary/Postliminary Scripting for a descriptionSample Preliminary and Postliminary Scripts Dialstring = 99 + Dialstring Strip Prefix SIPSubstitute Domain SIP Site Based Numeric Nicknames User = Callersitecountrycode + Callersiteareacode + user Hunt Groups Add Hunt Group Dialog Edit Hunt Group DialogField Description General Info Hunt Group MembersDevice Authentication Inbound Authentication Shared Outbound AuthenticationOn the Inbound Authentication tab, you can Field Description Inbound AuthenticationAdd Device Authentication Dialog Shared Outbound AuthenticationField Description Device Authentication Edit Device Authentication DialogRegistration Policy Compliant Registration Policy Scripting EpdefinedincmaEPISIPV4 Script Debugging Dialog for Registration Policy Scripts RegsitedigitsSample Registration Policy Scripts Reject aliases that arent the right length otherwise accept Prefix Service Add Simplified Isdn Gateway Dialing Prefix Dialog Edit Simplified Isdn Gateway Dialing Prefix Dialog Edit Vertical Service Code Dialog Embedded DNSTo enable DNS publishing Callservers.example.comRecord Type Retention Limit When Limit Is Reached History Retention SettingsNumber of Records Purged To configure history record retention History ReportSite Topology About Site TopologyBandwidth Management Sites Site Information Dialog Field Site InfoField Description General Info General Settings Add Site DialogDevice Types SubnetsTerritory Settings Field Description Bandwidth SettingsIsdn Number Assignment Isdn Outbound Dialing Isdn Range Assignment for did dialing methodRouting Isdn Range Assignment for gateway extension dialing methodSIP Routing Edit Site Dialog Subnet2 = 10.33.24.0/24Polycom, Inc 291 Override ITU dialing rules Subnet Name Unique name of the subnet Polycom, Inc 293 Add Subnet Dialog Edit Subnet Dialog Site Links Add Site Link Dialog Edit Site Link DialogSite-to-Site Exclusions Add Site-to-Site Exclusion WizardTo add a site-to-site exclusion TerritoriesGo to Network Site Topology Site-to-Site Exclusions Add Territory Dialog Edit Territory Dialog Add Network Cloud Dialog Network CloudsField Cloud Info Edit Network Cloud Dialog Field Description Associated SitesAdd Site Link Dialog Field Cloud Info DescriptionGo to Network Site Topology Sites Site Topology Configuration ProceduresGo to Network Site Topology Territories About Site Topology User Roles Overview Role DescriptionAdding Users Overview Users Are in the Local domain See Local Password Add User DialogSee Add User Dialog DialogRooms Dialog Service. See Conference SettingsAssociated Endpoints Field Description Associated Roles Edit User DialogConference Passcodes Prompted see Authentication Required Dialog Field Description Associated Endpoints Select Associated Endpoints DialogSelect Associated Endpoints Dialog Authentication Required DialogConference Rooms Dialog Its conferences. See Conference Templates Add Conference Room Dialog Conference Settings Namespace, enter the value in the box below the list Defined on the Admin Conference Manager Conference Settings  Publish presence Do not publish presence  Create contact and publish presenceConference see Edit Conference Template Dialog User DialogEdit Conference Room Dialog Settings Polycom, Inc 324 Dial-out Participants list Add Dial-out Participant Dialog Users ProceduresEdit Dial-out Participant Dialog To find a user or users To add a local userTo edit a user Go to User UsersConference Rooms Procedures To delete a local userTo add a conference room to a user To edit one of a user’s conference roomsGroups To delete one of a user’s custom conference roomsConference Templates See Conference Settings Import Enterprise Groups DialogEdit Group Dialog From the Search results boxTemplates Admin Conference Manager Conference Settings Manager Conference SettingsSetting on the User Users Manage Conf Rooms dialog Boxes on the Admin Conference Manager Conference SettingsEnterprise Groups Procedures Actions list, click Import Enterprise GroupsLogin Sessions To terminate a user’s login sessionChange Password Dialog Management and Maintenance Overview Administrator ResponsibilitiesAuditor Responsibilities Administrative Best PracticesAuditor Best Practices Recommended Regular Maintenance Regular archive of backupsProvisioner Responsibilities General system health and capacity checksMicrosoft Active Directory health Security configuration DashboardCertificates Network usage data exportActive Directory Integration Pane Call Server Active Calls PaneCluster Info Pane Call Server Registrations PaneConference History Max Participants Pane Conference Manager MCUs Pane Conference Manager Usage PaneExchange Server Integration Pane Juniper Networks SRC Integration PaneSignaling Settings Pane License Status PaneRealPresence Resource Manager Integration Pane Supercluster Status PaneUser Login History Pane Territory Status PaneAlerts Alert Supercluster StatusCluster cluster is orphaned Territory Status No clusters assigned to list of territoriesPolycom, Inc 351 RealPresence Resource Manager System Integration Asynchronous OperationFormatted string from server Active Directory Integration Zero enterprise conference rooms exist on cluster clusterPolycom, Inc 354 Exchange Server Integration Database Status Lync Integration Signaling Cluster cluster The server certificate has expired CertificateCertificates. See also Cluster cluster One or more CA certificates have expired Licenses Cluster cluster Cannot connect to licensing server lserverNetworks Cluster cluster DMA is not licensed for any callsCluster cluster a public network error exists on server Cluster cluster a private network error exists on serverCluster cluster a signaling network error exists on server Server Resources Server server CPU utilization 50% and 75% Server server CPU utilization 75% Data SynchronizationCluster cluster System version differs between servers System Health and Availability Cluster cluster Local users differ between serversMCUs MCU MCUname is currently busied out MCU MCUname is currently out of serviceMCU MCUname has count warnings MCU MCUname is disconnected MCU mcu disconnect rate is 1MCU mcu disconnect rate is MCU mcu call failure rate is 0.4MCU mcu call failure rate is MCU mcu is connected with no port capacityEndpoints Polycom, Inc 373 Conference Manager No territories configured to host conference roomsConference Status Conference VMR on MCU MCU failed to start reason Lync Presence PublishingOngoing conference VMR on MCU MCU failed reason Polycom, Inc 376 Polycom, Inc 377 Call Server Call Bandwidth Management System Log FilesCluster cluster External SIP peer sippeer is unresponsive System Logs Procedures To download a log archive to your PC or workstationTo delete a system log archive To manually roll the system logsActions list, click Download Archived Logs Troubleshooting Utilities PingTraceroute TopCheck Configuration Synchronization NTP StatusTo run iostat on each server To run sar on each serverTo check configuration synchronization Diagnostics for your Polycom ServerBacking Up and Restoring SHA1 Confirm Restore Dialog Backup and Restore ProceduresTo download a backup file To create a new backup fileTo upload a backup file Go to Maintenance Backup and RestoreTo restore from a backup file on the cluster Shut down the system. See Shutting Down and Restarting Close the utility Following table describes the parts of the Software Upgrade Upgrading the SoftwareBasic Upgrade Procedures Go to Maintenance Software Upgrade To install an upgradeReturn to Maintenance Software Upgrade To roll back an upgrade, restoring the previous version Return to Maintenance Software Upgrade Incompatible Software Version Supercluster Upgrades Factors to Consider for an Incremental Supercluster Upgrade Simplified Supercluster Upgrade Complete Service Outage System Management and Maintenance Polycom, Inc 400 Complex Supercluster Upgrade Some Service Maintained RealPresence DMA System, Virtual Edition System UpgradeTo upgrade a RealPresence DMA system, Virtual Edition Adding a Second ServerExpanding an Unpatched System Expanding a Patched System Shutting Down and Restarting Replacing a Failed ServerTo replace a failed server in a two-server cluster To restart or shut down one or both servers in a cluster Go to Maintenance Shutdown and RestartTo start up a shut-down cluster Alert History Call HistorySystem Reports Conference History Export HistoryExport History Associated CallsConference Events Property ChangesCall Detail Records CDRs Exporting CDR DataCall Record Layouts To download CDRsYYYY-MM-DDTHHMMSS.FFF+-ZHHMM 1024+768+384 Conference Room Dialog 486BUSY Here720p30 Conference Record Layouts ConfPolycom RealPresence DMA System Value from the Conference room pass-through to CDR fieldRegistration History Report Registration History Procedures To find a device or devicesActive Directory Integration Report All Domains Active Directory IntegrationGroups with Partially Loaded or No Membership Information Orphaned Groups and Users Procedures Orphaned Groups and Users ReportTo remove orphaned group data from the system To remove orphaned user data from the systemConference Room Errors Report Exporting Conference Room Errors Data To download conference room errors dataEnterprise Passcode Errors Report To download enterprise passcode errors data Exporting Enterprise Passcode Errors DataNetwork Usage Report Exporting Network Usage Data Field Description To download network usage data Snmp Overview Snmp FrameworkSnmp Notifications Snmp VersionsConfigure Snmp Enable the Snmp AgentTo enable the Snmp agent Go to Admin Local Cluster Snmp SettingsAdd an Snmp Notification User Go to Admin Local Cluster Snmp Settings Click Add UserTo add a notification user Add an Snmp Notification Agent Edit Notification User DialogTo add an Snmp notification agent to the system Click Add Agent Edit Notification Agent DialogUDP. See Snmp Overview Go to Admin Snmp Settings Click Download MIBs Download MIBsAvailable Snmp MIBs To download the MIB package for a DMA systemPolycom RealPresence DMA System Snmp Support
Related manuals
Manual 323 pages 54.38 Kb
Top Page Image Contents