Polycom 3725-74600-004 Switching to Secure Mode

Polycom® RealPresence Collaboration ServerVirtual Edition Administrator’s Guide

F-2 Polycom, Inc.

•Support of Extended Key Usage (EKU) for both:

—Client Authentication

—Server Authentication

The certificate template used by your CA server may need modification to meet the

Collaboration Server requirements.

Certificate Requirements for Polycom Devices

Each Polycom device must have security certificates for the entire Chain Of Trust.

The Collaboration Server must have:

• The public certificate of each server in the CA Chain or hierarchy that issued its

certificate.

For example: RootCA  IntermediateCA  SubCA

The public certificates of the chain that issued the administrator’s identity certificate. For

example: UserRootCA  UserIntermediateCA  UserSubCA

Configure Certificate Management

Within a PKI environment, certificate revocation policies are used to ensure that certificates

are valid. Certificates can expire or be revoked for various reasons (RFC 5280).

The Collaboration Server enforces these certificate revocation policies through Certificate

Revocation Lists (CRLs). CRLs are required for each CA Chain in use by the Collaboration

Server. These CRL files must be kept current

Switching to Secure Mode

The following operations are required to switch the Collaboration Server to Secure Mode:

• Purchase and Install the SSL/TLS certificate

• Modify the Management Network settings

• Create/Modify the relevant System Flags

Purchasing a Certificate

Once a certificate is purchased and received it is stored in the Collaboration Server and used

for all subsequent secured connections.

To create/purchase a certificate:

1In the Collaboration Server menu, click Setup > RMX Secured Communication >

Create certificate request.

Contents

Main Page Table of Contents RealPresence Collaboration Server Virtual Edition Overview . . . . . . . . . . . 1-1 Page Video Protocols and Resolution Configuration for CP Conferencing . . . . . 4-1 Entry Queues, Ad Hoc Conferences and SIP Factories . . . . . . . . . . . . . . . . .7-1 Page Polycom Conferencing for Microsoft Outlook . . . . . . . . . . . . . . . . . . . . . . .11-1 Conference and Participant Monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . . .12-1 Page Collaboration Server Administration and Utilities . . . . . . . . . . . . . . . . . . . . .19-1 Page Page Page Page Page Page RealPresence Collaboration Server Virtual Edition Overview About the RealPresence Collaboration Server Virtual Edition Administrators Guide Who Should Read This Guide? Prerequisites How This Guide is Organized About the Polycom RealPresence Collaboration ServerVirtual Edition System IP Networks Workstation Requirements Page Page Conference Profiles Conferencing Modes CP Transcoding - AVC-based Conferencing Media Relay - SVC Conferencing Mixed CP and SVC Conferencing Conferencing Capabilities in the Various Conferencing Modes Page AVC Conferencing - Video Session Types Continuous Presence (CP) Conferencing Video Protocol Support in CP Conferences AVC Conferencing Parameters Basic Conferencing Parameters Supplemental Conferencing Features Default Profile Settings in CP Conferencing Mode The default settings are as follows : SVC-based Conferencing Page Page MCU Supported Resolutions for SVC Conferencing Default Profile Settings in SVC Only Conferencing Mode Mixed CP and SVC Conferencing Default Profile Settings in a Mixed CP and SVC Conferencing Mode Page Resource Capacities for Mixed CP and SVC Conferences Page Viewing Profiles Profiles Toolbar Modifying an Existing Profile Deleting a Conference Profile Defining New Profiles Defining AVC CP Conferencing Profiles 4Click the Advanced tab. Page Page Page Page 8Click the Video Settings tab. The New Profile - Video Settings dialog box opens. 9Define the video display mode and layout using the following parameters: Page Page Page 12 Define the following parameters: Page The New Profile - IVR dialog box opens. 16 If required, set the following parameters: Page 18 Define the following parameters: Page Page Page Page Page Page Page Page Defining SVC Conferencing Profiles Page Page 6Define the following supported parameters: Page Page Page 12 If required, set the following parameters: Page Defining Mixed CP and SVC Conferencing Profiles CP Conferencing Additional Information Site Names Definition Site Names Display Position Page Message Overlay for Text Messaging Exporting and Importing Conference Profiles Exporting Conference Profiles Exporting All Conference Profiles from an MCU Exporting Selected Conference Profiles Importing Conference Profiles Page Page Page Additional Conferencing Information Content Sharing H.239 Protocol SIP BFCP Content Capabilities Defining Content Sharing Parameters for a Conference Page Page Content Sharing Parameters in Content Highest Common (Content Video Switching) Mode Content Settings Content Protocols Page 3-10 Page Page Selecting a Customized Content Rate in AVC CP Conferences Page Exclusive Content Mode Page Stopping a Content Session Content Broadcast Control Giving and Cancelling Token Ownership (AVC Participants) Managing Noisy Content Connections Content Display Flags Forcing Other Content Capabilities Content Sharing via the Polycom CCS Plug-in for Microsoft Lync Clients Video Preview (AVC Only Participants) Video Preview Guidelines Workstation Requirements Testing your Workstation Previewing the Participant Video Auto Scan and Customized Polling in Video Layout (CP Only) Enabling Auto Scan and Customized Polling (CP Only) Auto Scan Customized Polling Page Media Encryption Media Encryption Guidelines Mixing Encrypted and Non-encrypted Endpoints in one Conference 3-28 Direct Connection to the Conference * Connection to the Entry Queue Moving from the Entry Queue to Conferences or Between Conferences Recording Link Encryption Encryption Flag Settings Enabling Encryption in the Profile Enabling Encryption at the Participant Level Monitoring the Encryption Status Packet Loss Compensation (LPR and DBA) AVC CP Conferences Packet Loss Causes of Packet Loss Effects of Packet Loss on Conferences Lost Packet Recovery Lost Packet Recovery Guidelines Enabling Lost Packet Recovery Page Page Lecture Mode (AVC CP Only) Enabling Lecture Mode Selecting the Conference Lecturer Page Enabling the Automatic Switching Lecture Mode Monitoring Page Restricting Content Broadcast to Lecturer Muting Participants Except the Lecturer (AVC CP Only) Page Audio Algorithm Support SIP Encryption Mono 3-46 Stereo Monitoring Participant Audio Properties Page Permanent Conference Enabling a Permanent Conference Page Video Protocols and Resolution Configuration for CP Conferencing Video Resolutions in AVC-based CP Conferencing Video Display with CIF, SD and HD Video Connections H.264 High Profile Support in CP Conferences CP Conferencing with H.263 4CIF H.263 4CIF Guidelines The CP Resolution Decision Matrix H.264 Base Profile and High Profile Comparison Page Page Resolution Configuration for CP Conferences Modifying the Resolution Configuration Resolution Configuration - Basic Resolution Configuration - Detailed Page Flag Settings Minimum Frame Rate Threshold for SD Resolution Additional Video Resolutions Additional Intermediate Video Resolutions Microsoft RTV Video Protocol Support in CP Conferences Page Participant Settings Monitoring RTV Controlling Resource Allocations for Lync Clients Using RTV Video Protocol Page Threshold HD Flag Settings using the RTV Video Protocol Cascading Conferences Video Layout in Cascading conferences (CP and mixed CP and SVC) Flags controlling Cascade Layouts Basic Cascading Basic Cascading using IP Cascaded Link Dialing Directly to a Conference Page Meeting Rooms Meeting Rooms List Meeting Room Toolbar & Right-click Menu Creating a New Meeting Room Page Page Entry Queues, Ad Hoc Conferences and SIP Factories Entry Queues Page Defining a New Entry Queue Page 4Click OK. The new Entry Queue is added to the Entry Queues list. Listing Entry Queues Modifying the EQ Properties Transit Entry Queue Setting a Transit Entry Queue Page SIP Factories Creating SIP Factories Page SIP Registration & Presence for Entry Queues and SIP Factories Monitoring Registration Status Ad Hoc Conferencing Page Address Book Viewing the Address Book Displaying and Hiding the Group Members in the Navigation Pane Participants List Pane Information Displaying and Hiding the Address Book Adding Participants from the Address Book to Conferences Adding Individual Participants from the Address Book to Conferences Adding a Group from the Address Book to Conferences Participant Groups Managing Groups in the Address Book Managing the Address Book Adding a Participant to the Address Book Adding a New participant to the Address Book Directly 3Define the following fields: 8-10 Page 8-12 5Define the following Advanced parameters: Substituting E.164 Number in Dial String Adding a Participant from an Ongoing Conference to the Address Book Modifying Participants in the Address Book Deleting Participants from the Address Book Copying or Moving a Participant Searching the Address Book Filtering the Address Book Filtering Address Book Data Using a Predefined Pattern Filtering Address Book Data Using a Custom Pattern Clearing the Filter Obtaining the Display Name from the Address Book Enabling and Disabling the Obtain Display Name from Address Book Feature Importing and Exporting Address Books Exporting an Address Book Importing an Address Book Page Page Operator Assistance & Participant Move Operator Conferences Page Defining the Components Enabling Operator Assistance Defining a Conference IVR Service with Operator Assistance Options Page Defining an Entry Queue IVR Service with Operator Assistance Options Defining a Conference Profile for an Operator Conference Page Starting an Ongoing Operator Conference Page Saving an Operator Conference to a Template Starting an Operator Conference from a Template Monitoring Operator Conferences and Participants Requiring Assistance Requesting Help Participant Alerts List Audible Alarms Using Audible Alarms Moving Participants Between Conferences Moving Participants Options Page Conference Templates Using Conference Templates Toolbar Buttons The Conferences List toolbar includes the following button: Creating a New Conference Template Creating a new Conference Template from Scratch Page Page Page Saving an Ongoing or AVC-based CP Operator Conference as a Template Starting an Ongoing Conference From a Template Starting an Operator Conference from a Template (AVC Conferencing) Deleting a Conference Template Exporting and Importing Conference Templates Exporting Conference Templates Exporting All Conference Templates from an MCU Exporting Selected Conference Templates Importing Conference Templates Page Page Polycom Conferencing for Microsoft Outlook Setting up the Calendaring Solution Page bClick the OK button. Option 2 - Using an alternate Primary SMTP Mailbox aDefine the following fields: bClick the OK button. Option 3 - Using modified Exchange Server settings aDefine the following fields: Calendaring Guidelines Page Creating and Connecting to a Conference Creating a Conference Connecting to a Conference Collaboration Server Standalone Deployment Collaboration Server and Polycom RealPresence DMA System Deployment Polycom Solution Support Page Conference and Participant Monitoring General Monitoring Conference Level Monitoring Viewing the Properties of an Ongoing AVC CP and Mixed CP and SVC Conference The Conference Properties - General dialog box with the General tab opens. The following information is displayed in the General tab: 12-4 2Click the Advanced tab. The Conference Properties - Advanced dialog box opens. Page 12-6 The following information is displayed: 5Click the Video Settings tab to list the video parameters. Page Page Page Viewing the Properties of an Ongoing SVC-based Conference 12-12 3Click the Advanced tab. The Conference Properties - Advanced dialog box opens. Page 12-14 The following information is displayed: Collaboration Server V irtual Edition. Page Requesting Help Request to Speak Participant Alerts List Participant Level Monitoring Displaying Participants Properties 12-20 IP Participant Properties The following parameters are displayed for an IP participant Page Page Page Page Page 12-26 Page 12-28 Page Page Monitoring SIP BFCP Content Detecting SIP Endpoint Disconnection Recording Conferences Creating Multiple Virtual Recording Rooms on the RSS Configuring the Collaboration Server to Enable Recording Defining the Recording Link Page Enabling the Recording Features in a Conference IVR Service Enabling the Recording in the Conference Profile Page Recording Link Encryption Recording Link Encryption Flag Setting Recording Link Settings Managing the Recording Process Recording Link Layout Using the Collaboration Server Web Client to Manage the Recording Process 13-10 Using DTMF Codes to Manage the Recording Process Page Users, Connections, and Notes Users User Types Administrator Administrator Read-only Listing Users Adding a New User Deleting a User Changing a Users Password Disabling a User Enabling a User Renaming a User Machine Account Monitoring Active Directory Connections Viewing the Connections List Notes Using Notes Page IP Network Services IP Network Services Management Network (Primary) Default IP Service (Conferencing Service - Media and signaling) Modifying the Management Network The Management Network Properties - IP dialog box opens. The following fields can be viewed, but can not be modified: Page Page Page Modifying the Default IP Network Service Page Page Page 6Click the Gatekeeper tab. 7 Modify the following fields: Page Page Page Page Page 15-18 14 Click the Security tab. 15 Modify the following fields: Page IP Network Monitoring 3Click the H.323 tab. The H.323 tab displays the following fields: Page Page Page NAT (Network Address Translation) Traversal Deployment Architectures Remote Connection Using the Internet Page FW (Firewall) NAT Keep Alive System Configuration in SBC environments SIP Proxy Failover With Polycom RealPresence Distributed Media Application (DMA) 7000 System 15-28 New calls will connect using the original IP address, registration and connection parameters. RealPresence Collaboration Server Virtual Edition Network Port Usage Page 15-30 IVR Services IVR Services List 16-2 IVR Services Toolbar The IVR Services toolbar provides quick access to the IVR Service definitions as follows: Adding Languages Uploading a Message File to the Collaboration Server Table 16-2 lists the Message Types for each category: Defining a New Conference IVR Service Defining a New Conference IVR Service Page Page 9Select the various voice messages and options for the chairperson connection. 10 Click the Conference Password tab. Page Page 16-12 18 Click the Video Services tab. Page Page Page Page Change to Chairperson Entry Queue IVR Service Defining a New Entry Queue IVR Service Page Page Page Setting a Conference IVR Service or Entry Queue IVR Service as the Default Service Page Modifying the Conference or Entry Queue IVR Service Properties Replacing the Music File Adding a Music File Creating Audio Prompts and Video Slides Recording an Audio Message Page Page Creating a Welcome Video Slide Default IVR Prompts and Messages The system is shipped with the following audio prompts and messages: 16-32 16-34 The Call Detail Record (CDR) Utility The CDR File CDR File Formats Page Multi-Part CDR Files CDR File Contents Viewing, Retrieving and Archiving Conference Information Viewing the Conference Records Multi-part CDR File display Refreshing the CDR List Retrieving and Archiving Conference CDR Records RMX Manager Application Accessing the RMX Manager Directly Installing the RMX Manager Page Starting the RMX Manager Application Connecting to the MCU Page RMX Manager Main Screen MCUs Pane Conferences Pane Collaboration Server Management List Pane Status Bar Address Book Conference Templates Adding MCUs to the MCUs List Starting a Conference Starting a Conference from the Conferences Pane Starting an Ongoing Conference From a Template Monitoring Conferences Grouping the Participants by MCU Start Monitoring/Stop Monitoring Modifying the MCU Properties Disconnecting an MCU Removing an MCU from the MCUs Pane Changing the RMX Manager Language Import/Export RMX Manager Configuration Page Page Collaboration Server Administration and Utilities System and Participant Alerts System Alerts Page Participant Alerts RMX Time Altering the clock Resource Management Resource Capacity Resource Usage SVC Conferencing AVC Conferencing - Continuous Presence Forcing Video Resource Allocation to CIF Resolution Resource Report Displaying the Resource Report Page Page Port Usage Threshold Setting the Port Usage Threshold SIP Dial-in Busy Notification Port Usage Gauge Page System Information 19-16 SNMP (Simple Network Management Protocol) MIBs (Management Information Base) Traps MIB Files Private MIBs Support for MIB-II Sections The following table details the MIB-II sections that are supported: The Alarm-MIB MIB used to send alarms. When a trap is sent, the Alarm-MIB is used to send it. H.341-MIB (H.341 H.323) Unified MIB 19-20 Traps Figure 1 An Example of a ColdStart Trap Figure 2 An Example of an Authentication Failure Trap Status Trap RMX MIB entities that do not generate traps. Page Defining the SNMP Parameters in the Collaboration Server Page 19-26 10 Define the following parameters: 11 Click the Add button to add a new Manager terminal. Page Page Page 19-30 15 Define the following parameters: Audible Alarms Using Audible Alarms Audible Alarm Permissions Stop Repeating Message Configuring the Audible Alarms User Customization Replacing the Audible Alarm File Page Multilingual Setting Customizing the Multilingual Setting Banner Display and Customization Non-Modifiable Banner Text Sample 1 Banner Sample 2 Banner Sample 3 Banner Sample 4 Banner Customizing Banners Banner Display Login Screen Banner Main Screen Banner Software Management Backup and Restore Guidelines Using Software Management Ping Collaboration Server Using Ping Notification Settings Page Logger Diagnostic Files Page Information Collector Standard Security Mode Using the Information Collector Step 1: Creating the Information Collector Compressed File Step 2: Saving the Compressed File Step 3: Viewing the Compressed File Auditor Auditor Files Auditor Event History File Storage Retrieving Auditor Files Auditor File Viewer Page Audit Events Alerts and Faults Page 19-54 Transactions Table 2 lists Transactions that are recorded by the Auditor. ActiveX Bypass Installing ActiveX Page Resetting the Collaboration Server Page Upgrading and Downgrading Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page System Configuration Flags Modifying System Flags 20-2 Page 20-4 Page 20-6 Page 20-8 Page 20-10 Page Manually Adding and Deleting System Flags 20-14 20-16 Page 20-18 Page 20-20 Page 20-22 Page 20-24 Page 20-26 Page 20-30 Page 20-32 Manually Adding Flags to the CS_MODULE_PARAMETERS Tab Deleting a Flag Auto Layout Configuration Customizing the Default Auto Layout Page 20-36 CS_ENABLE_EPC Flag Automatic Password Generation Flags Enabling the Automatic Generation of Passwords Page Page Appendix A Disconnection Causes IP Disconnection Causes A-2 Page A-4 Page A-6 Appendix B Active Alarms B-2 Page Page Page B-6 Page B-8 B-10 Appendix C CDR Fields - Unformatted File C-2 The Conference Summary Record Event Records Standard Event Record Fields C-4 Event Types Page C-6 Page C-8 C-10 Event Specific Fields The following tables describe the fields which are specific to each type of event. Page C-12 Page C-14 Page C-16 Page C-18 Page C-20 Page C-22 Page C-24 Page C-26 C-28 Page C-30 Page C-32 Disconnection Cause Values C-34 Page C-36 MGC Manager Events that are not Supported by the Collaboration Server Page Page Appendix D Ad Hoc Conferencing and External Database Authentication Ad Hoc Conferencing without Authentication Ad Hoc Conferencing with Authentication Entry Queue Level - Conference Initiation Validation with an External Database Application Conference Access with External Database Authentication Conference Access Validation - All Participants (Always) Conference Access Validation - Chairperson Only (Upon Request) System Settings for Ad Hoc Conferencing and External Database Authentication Ad Hoc Settings Authentication Settings MCU Configuration to Communicate with an External Database Application Page Appendix E Participant Properties Advanced Channel Information Page Page Page Appendix F Secure Communication Mode Certificate Configuration and Management Certificate Template Requirements Certificate Requirements for Polycom Devices Switching to Secure Mode Purchasing a Certificate The Create Certificate Request dialog box is displayed. 2Enter information in all the following fields: 3Click Send Details. Installing the Certificate Creating/Modifying System Flags Enabling Secure Communication Mode Securing an External Database MS Active Directory Integration Directory and Database Options Standard Security Mode Page Enabling Active Directory Integration Page Appendix G Setting the Collaboration Server for Integration Into Microsoft Environment Overview Conferencing Entities Presence Configuring the Polycom-Microsoft Solution Media Over TCP Network Error Recovery SIP Dialog Recovery Content Sharing via Polycom CSS (Content Sharing Suite) Plug-in for Lync Clients Configuring the Collaboration Server for Microsoft Integration Modify the Collaboration Server Management Network Service to Include the DNS Server Page Defining a SIP Network Service in the Collaboration Server and Installing the Security Certificate The Security Certificate Configuring the Collaboration Server IP Network Service Page Page Page Page Page Page Collaboration Server System Flag Configuration Enabling the Microsoft Environment Setting the audio protocol for the Microsoft Client running on a single core PC Page Participant Settings Sharing Content via the Polycom CSS Plug-in for Lync Clients Configuring the MCU for Content Sharing via the Polycom CSS Plug-in Setting the System Flag Conference Profile Settings Page Page Adding Presence to Conferencing Entities in the Buddy List Enabling the Registration of the Conferencing Entities Creating an Active Directory Account for the Conferencing Entity Page Enabling the Conferencing Entity User Account for Lync Server Defining the Microsoft SIP Server in the IP Network Service Enabling Registration in the Conference Profile Verifying the Collaboration Server Conferencing Entity Routing Name and Profile Conferencing Entity List Page Page Connecting a Collaboration Server Meeting Room to a Microsoft AV-MCU Conference Active Alarms and Troubleshooting Active Alarms Troubleshooting Known Issues Polycom Solution Support Appendix H SIP RFC Support H-2