Polycom 3725-76302-001LI The Consequences of Enabling Maximum Security Mode

DMA OperationsGuide The Consequences of Enabling Maximum Security Mode

54 Polycom, Inc.

See also:

“System Security” on page 35

“Certificate Settings” on page 38

“The Consequences of Enabling Maximum Security Mode” on page54

“Login Policy Settings” on page57

“Reset System Passwords” on page 61

The Consequences of Enabling Maximum Security Mode

Enabling the Maximum security setting is irreversible and has the following

significant consequences:

•All unencrypted protocols and unsecured access methods are disabled,

and the enhanced support feature is disabled.

•The boot order is changed so that the server(s) can’t be booted from the

optical drive or a USB device.

•A BIOS password is set.

•The port 443 redirect is removed, and the system can only be accessed by

the full URL (https://<IP>:8443/dma7000, where <IP> is one of the

system's management IP addresses or a host name that resolves to one of

those IP addresses).

•For all server-to-server connections, the system requires the remote party

to present a valid X.509 certificate. Either the Common Name (CN) or

Subject Alternate Name (SAN) field of that certificate must contain the

address or host name specified for the server in the Polycom DMA system.

Polycom RMX MCUs don’t include their management IP address in the

SAN field of the CSR (Certificate Signing Request), so their certificates

identify them only by the CN. Therefore, in the Polycom DMA system, an

RMX MCU's management interface must be identified by the host name

or FQDN specified in the CN field, not by IP address.

Similarly, an Active Directory server certificate often specifies only the

FQDN. Therefore, in the Polycom DMA system, the Active Directory must

be identified by FQDN, not by IP address.

•SIP signaling is not supported.

•Superclustering is not supported.

•The Polycom DMA system can’t be integrated with Microsoft Exchange

Server and doesn’t support virtual meeting rooms (VMRs) created by the

Polycom Conferencing Add-in for Microsoft Outlook.

•Integration with a Polycom RealPresence Resource Manager or CMA

system is not supported.