Polycom 3725-76302-001O The Consequences of Enabling Maximum Security Mode

System Security

Polycom, Inc. 55

See also:

System Security on page 39

Certificate Settings on page 43

Reset System Passwords on page 61

The Consequences of Enabling Maximum Security Mode

Enabling the Maximum security setting is irreversible and has the following significant consequences:

●All unencrypted protocols and unsecured access methods are disabled, and the enhanced support

feature is disabled.

●The boot order is changed so that the server(s) can’t be booted from the optical drive or a USB

device.

●A BIOS password is set.

●The port 443 redirect is removed, and the system can only be accessed by the full URL

(https://<IP>:8443/dma7000, where <IP> is one of the system's management IP addresses or a host

name that resolves to one of those IP addresses).

●For all server-to-server connections, the system requires the remote party to present a valid X.509

certificate. Either the Common Name (CN) or Subject Alternate Name (SAN) field of that certificate

must contain the address or host name specified for the server in the Polycom RealPresence DMA

system.

Polycom RMX MCUs don’t include their management IP address in the SAN field of the CSR

(Certificate Signing Request), so their certificates identify them only by the CN. Therefore, in the

Polycom RealPresence DMA system, an RMX MCU's management interface must be identified by

the host name or FQDN specified in the CN field, not by IP address.

Similarly, an Active Directory server certificate often specifies only the FQDN. Therefore, in the

Polycom RealPresence DMA system, the Active Directory must be identified by FQDN, not by IP

address.

●Superclustering is not supported.

●The Polycom RealPresence DMA system can’t be integrated with Microsoft Exchange Server and

doesn’t support virtual meeting rooms (VMRs) created by the Polycom Conferencing Add-in for

Microsoft Outlook.

●Integration with a Polycom RealPresence Resource Manager or CMA system is not supported.

●On the Banner page, Enable login banner is selected and can’t be disabled.

●On the Login Sessions page, the Terminate Session action is not available.

●On the Troubleshooting Utilities menu, Top is removed.

●In the Add User and Edit User dialog boxes, conference and chairperson passcodes are obscured.

●After Maximum security is enabled, management interface users must change their passwords.

●If the system is not integrated with Active Directory, each local user can have only one assigned role

(Administrator, Provisioner, or Auditor).

If some local users have multiple roles when you enable Maximum security, they retain only the

highest-ranking role (Administrator > Auditor > Provisioner).