Security Certificates Overview | Polycom 7000 specification

System Security

This section describes the following Polycom® RealPresence® Distributed Media Application™ (DMA®)

7000 system security topics:

●Security Certificates Overview

●Certificate Settings

●Certificate Procedures

●Security Settings

●The Consequences of Enabling Maximum Security Mode

●Login Policy Settings

●Reset System Passwords

Security Certificates Overview

How Certificates Work

X.509 certificates are a security technology that assists networked computers in determining whether to trust each other.

●A single, centralized certificate authority (CA) is established. Typically, this is either an enterprise’s IT department or a commercial certificate authority.

●Each computer on the network is configured to trust the central certificate authority.

●Each server on the network has a public certificate that identifies it.

●The certificate authority signs the public certificates of those servers that clients should trust.

●When a client connects to a server, the server shows its signed public certificate to the client. Trust is established because the certificate has been signed by the certificate authority, and the client has been configured to trust the certificate authority.

Forms of Certificates Accepted by the Polycom RealPresence DMA System

X.509 certificates come in several forms (encoding and protocol). The following table shows the forms that can be installed in the Polycom RealPresence DMA system.

Polycom, Inc.

37

Image 37

Polycom 7000 manual Security Certificates Overview, How Certificates Work

Contents

Polycom RealPresence DMA 7000 System Page Contents System Security Local Cluster Configuration Device Management Integrations with Other Systems MCU Management Superclustering Conference Manager Configuration Site Topology Call Server Configuration Users and Groups System Management and Maintenance Contents 361 Polycom RealPresence DMA System Snmp Support System Reports Polycom RealPresence DMA System’s Primary Functions Introduction to the Polycom RealPresence DMA SystemConference Manager RealPresence Platform API Call Server SVC Conferencing Support Two-server Cluster Configuration Polycom RealPresence DMA System’s Three Configurations Single-server Configuration System Capabilities and Constraints System Port Usage SettingsPort Protocol Description Embedded DNS Send Usage Data Accessing the Polycom RealPresence DMA System Polycom Solution SupportWorking in the Polycom RealPresence DMA System Field Input Requirements Menu/Icon Admin Provisioner Auditor Settings Dialog Menu/Icon Admin Provisioner Auditor Menu/Icon Admin Provisioner Auditor Menu/Icon Admin Provisioner Auditor License Information Open Source SoftwareModifying Open Source Code To replace an Lgpl library with your modified version Confirming configuration System configuration Additional DNS Records for SIP Proxy Additional DNS Records for the H.323 Gatekeeper Additional DNS Records for the Optional Embedded DNS Feature Verify That DNS Is Working for All Addresses License the Polycom RealPresence DMA SystemLicense the RealPresence DMA System, Appliance Edition License the RealPresence DMA System, Virtual Edition Set Up Signaling Set Up Security Set Up MCUs Connect to Microsoft Active Directory Set Up Conference Templates Test the System How Certificates Work Security Certificates Overview DER System Security Frequently Asked Questions Column Description Certificate Settings Certificate Signing Request Dialog Certificate Information DialogField Description Certificate Details Dialog Add Certificates DialogSection Description Install a Certificate Authority’s Certificate Certificate ProceduresTo install a certificate for a trusted root CA Go to Admin Local Cluster Certificates Actions list, select Add Certificates To create a certificate signing requestActions list, select Display Details Actions list, select Create Certificate Signing Request Install a Certificate in the RealPresence DMA System To remove a Trusted Root CA’s certificate Remove a Certificate from the RealPresence DMA System Actions list, select Delete Certificate Security SettingsCertificate Details dialog appears High security Field Description Maximum securityCustom security Servers, not to allow ongoing use of unencrypted connections Server in the Polycom RealPresence DMA system Go to Admin Local Cluster Security Settings To change the security settings On the Troubleshooting Utilities menu, Top is removed Consequences of Enabling Maximum Security Mode System Security Login Policy Settings Field Description Password Management Local PasswordPassword Complexity Session Unlimited Local User AccountField Description Account Lockout Account Inactivity Banner Access Policy SettingsCustom To reset system passwords Reset System Passwords Wait a few minutes to log back in. See also Network Settings Local Cluster Configuration Field Description Dhcp Server Field Description Shared Management Network SettingsTurn on Auto-negotiation or set Speed and Duplex manually General System Network Shared Signaling Network IPv6address%eth0 Routing Configuration Dialog Time Settings Licenses for the Appliance Edition LicensesField Description Active License Activation Keys Licenses for the Virtual Edition Cluster Network SettingsSee Automatically Send Usage Data for more information DMA Host SIP Signaling Signaling Settings SIP Device Authentication Device AuthenticationUntrusted SIP Call Handling Configuration Field Description Settings Signaling Settings Fields SIP Settings Field Add Guest Port Dialog Edit Guest Port Dialog Security Settings page. See Security Settings Add Guest Prefix Dialog Edit Guest Prefix Dialog Logging Settings Alerting Settings Add Licenses Local Cluster Configuration ProceduresAlert ID Threshold Condition Description To request a software activation key code for each server Go to Admin Local Cluster LicensesTo enter license activation key codes Select Product Activation To configure signaling Configure SignalingGo to Admin Local Cluster Signaling Settings Under Unauthorized prefixes, click Add Under Unauthorized ports, click Add To configure logging Configure LoggingAutomatically Send Usage Data See the Collected Data Enable or Disable Automatic Data CollectionTo see the collected data Active Calls Device Management Call Details Dialog Tab/Field/Column Description Call Info Tab/Field/Column Description Bandwidth On the Call Server SettingsCall Events Subscription Events Tab/Field/Column Description Property Changes EndpointsQoS Registration policy script see Registration Policy Command Description Server SettingsRegistration Policy Registrations Names/Aliases in a Mixed H.323 and SIP Environment Device Management Add Endpoint Dialog Edit Device Dialog Edit Devices Dialog Add Alias Dialog Site StatisticsEdit Alias Dialog Associate User Dialog Site Link Statistics Column External Gatekeeper Add External Gatekeeper Dialog Authentication ModeColumn Description External Gatekeeper Postliminary Edit External Gatekeeper Dialog This script to open the Script Debugging Dialog for Multiple External SIP Peers External SIP Peer Field Description External SIP Peers Add External SIP Peer Dialog UDP Domain List Field Description Postliminary AuthenticationTemporarily select Use customized script To header options Lync Integration External Registrations Edit External SIP Peer DialogField Description External SIP Peer Host/domain name Routed to this peer server Polycom, Inc 112 Lync Integration To Header Format Options SIP Peer Postliminary Output Format OptionsExternal Registration Request-URI Header Format Options Default To header for Microsoft. Equivalent to template Free Form Template Variables Default Request-URI for Microsoft Equivalent to templateVariable Description Original To Header Template Result To Header and Request-URI Header ExamplesOriginal Request-URI Header Template Result Edit Authentication Dialog Add Authentication Dialog Template Variables Add Outbound Registration Dialog Edit Outbound Registration Dialog External H.323 SBC Column Description External H.323 SBC Add External H.323 SBC Dialog Edit External H.323 SBC Dialog Polycom, Inc 124 MCUs MCU ManagementPage Polycom, Inc 127 See SVC Conferencing Support Policy Not to make or receive calls Field Description External MCU Add MCU Dialog Management IP address Gateway Selection Process Prefix Dialog Media IP Addresses Gateway Profiles Edit MCU Dialog Management IP address Polycom, Inc 137 Polycom, Inc 138 Edit Session Profile Dialog Add Session Profile Dialog Isdn Gateway Selection Process MCU ProceduresTo view information about an MCU To add an MCU To edit an MCU To delete an MCU MCU Pools Add MCU Pool Dialog CommandEdit MCU Pool Dialog To add an MCU Pool MCU Pool ProceduresTo edit an MCU Pool To delete an MCU Pool MCU Pool Orders Add MCU Pool Order Dialog MCU Selection Process Edit MCU Pool Order Dialog MCU Availability and Reliability Tracking 24% To view the MCU Pool Orders list MCU Pool Order ProceduresTo add an MCU Pool Order To edit an MCU Pool Order To delete an MCU Pool Order Microsoft Active Directory Integration Integrations with Other Systems Microsoft Active Directory Field Description Connection Status Field Description Active Directory Connection Conference Settings Enterprise Conference Room ID Generation Understanding Base DN Enterprise Chairperson and Conference Passcode Generation To integrate with Active Directory Active Directory Integration Procedure Polycom, Inc 160 Understanding Base DN Polycom, Inc 162 Adding Passcodes for Enterprise Users About the System’s Directory Queries When you click Update on the Microsoft Active Directory Group Search User SearchGlobal Group Membership Search Attribute Replication Search Configurable Attribute Domain SearchDomain Search Microsoft Lync 2013 Integration Service Account Search Scheduled Conferences with Polycom RealConnect Lync 2010 vs. Lync 2013 Integration Active Directory Service Account Permissions Automatic Contact Creation and Configuration Considerations and Requirements for Lync 2013 Integration Lync and non-Lync Endpoint Collaboration Integrate RealPresence DMA and Lync Lync 2010 and 2013 Client / Server Feature Support Microsoft Exchange Server Integration Diagnose Presence Problems Differences between Calendaring and Scheduling Polycom Solution and Integration SupportMicrosoft Exchange Server Exchange Server Integration Procedure RealPresence Resource Manager Integration Page RealPresence Resource Manager Join RealPresence Resource Manager Dialog RealPresence Resource Manager Integration Procedures To integrate with a RealPresence Resource Manager system Juniper Networks SRC Juniper Networks SRC Integration To configure SRC integration Juniper Networks SRC Integration Procedure Conference Settings Conference Manager Configuration Presence Publishing Create Polycom conference contacts check box is enabled Contacts presence settings belowField Maximum Polycom conference contacts to publish Default Polycom Conference Contacts Presence Settings Class of Service Go to Admin Conference Manager Conference Settings To specify conference settingsRemove Contacts from Active Directory Dialog Two Types of Templates Conference TemplatesSelect Publish presence for Polycom conference contacts Standalone Templates Template Priority About Conference IVR Services Cascading for Bandwidth Cascading for Size About Cascading Cascading for Bandwidth Cascading for Size RMX General Settings Field Description Common SettingsConference Templates List Add Conference Template Dialog Many of the MCUs have that profile for instance, 2 Cascade for bandwidth LPR Video switching is selected Field Description RMX Gathering SettingsRMX Video Quality RMX Video Settings  Conference mode is set to AVC only TIP compatibility is set to either None or Video Only Optimized Guide Telepresence mode is Yes RMX Skins Field Description RMX Audio SettingsRMX Conference IVR See Shared Number Dialing RMX Recording RMX Site Names Cisco Codian Edit Conference Template Dialog Polycom, Inc 205 Field Description LPR Field Description RMX Gathering Settings  Conference mode is set to AVC only Polycom, Inc 210 Polycom, Inc 211 RMX Site Names Cisco Codian Go to Admin Conference Manager Conference Templates Conference Templates ProceduresSelect Layout Dialog To select a video frames layout To edit a conference template Click the RMX General Settings tabTo change a conference template’s priority To delete a conference template IVR Prompt Sets Prompt File Name Prompt Text Shared Number Dialing Polycom, Inc 219 Polycom, Inc 220 Add Virtual Entry Queue Dialog Conference Settings plus VEQ numberField Description Virtual Entry Queue Prompt Sets Edit Virtual Entry Queue Dialog Add Direct Dial Virtual Entry Queue Dialog Edit Direct Dial Virtual Entry Queue Dialog Dialstring = sipxxx@10.33.120.58 Script Debugging Dialog for VEQ Scripts Sample Virtual Entry Queue Script About Superclustering Superclustering DMAs Polycom, Inc 228 Following table describes the fields on Join Supercluster Dialog To create or join a supercluster Supercluster Procedures Actions list, select Remove from Supercluster To remove a cluster from the supercluster About the Call Server Capabilities Call Server Configuration Field Description General Settings Call Server SettingsModifications For the called endpoint For SIP calls gatewayed to an See External Gatekeeper Domains Field Description Gatekeeper Blacklist Settings Mycompany domains, this would not match eng.mycompany.com Dial Rules Test Dial Rules Dialog Sipsrbruce@10.47.7.9 Rule Effect Default Dial Plan and Suggestions for ModificationsSee Edit Site Dialog Polycom, Inc 244 H323xxxx@enterprisepartner.com Field Description Dial Rule Add Dial Rule DialogPreliminary Default port of the signaling protocol Conference Manager Conference Settings Template configured in Admin Conference Manager ConferenceConference template MCU pool order All in parallel forking Weighted round-robin Edit Dial Rule Dialog Block Blocks the call Resolve to IP address Polycom, Inc 252 Polycom, Inc 253 Predefined Preliminary/Postliminary Scripting Variables Preliminary/Postliminary ScriptingVariable Initial value Usage example Preliminary/Postliminary Scripting Functions Return value Function name and parameters DetailsReturn value None Dial rule action Output SIP headers How Dial Rule Actions Affect SIP Headers See Preliminary/Postliminary Scripting for a description Script Debugging Dialog for Preliminaries/Postliminaries Dialstring = 99 + Dialstring Strip Prefix SIP Sample Preliminary and Postliminary Scripts Substitute Domain SIP Site Based Numeric Nicknames User = Callersitecountrycode + Callersiteareacode + user Hunt Groups Edit Hunt Group Dialog Add Hunt Group DialogField Description General Info Hunt Group Members Device Authentication Shared Outbound Authentication Inbound AuthenticationOn the Inbound Authentication tab, you can Field Description Inbound Authentication Shared Outbound Authentication Add Device Authentication Dialog Field Description Device Authentication Edit Device Authentication DialogRegistration Policy Compliant Epdefinedincma Registration Policy Scripting EPISIPV4 Regsitedigits Script Debugging Dialog for Registration Policy Scripts Sample Registration Policy Scripts Reject aliases that arent the right length otherwise accept Prefix Service Add Simplified Isdn Gateway Dialing Prefix Dialog Edit Simplified Isdn Gateway Dialing Prefix Dialog Embedded DNS Edit Vertical Service Code Dialog Callservers.example.com To enable DNS publishing Record Type Retention Limit When Limit Is Reached History Retention SettingsNumber of Records Purged History Report To configure history record retention About Site Topology Site Topology Bandwidth Management Sites Field Site Info Site Information Dialog Add Site Dialog Field Description General Info General SettingsDevice Types Subnets Territory Settings Field Description Bandwidth SettingsIsdn Number Assignment Isdn Range Assignment for did dialing method Isdn Outbound Dialing Routing Isdn Range Assignment for gateway extension dialing methodSIP Routing Subnet2 = 10.33.24.0/24 Edit Site Dialog Polycom, Inc 291 Override ITU dialing rules Subnet Name Unique name of the subnet Polycom, Inc 293 Add Subnet Dialog Edit Subnet Dialog Site Links Edit Site Link Dialog Add Site Link Dialog Add Site-to-Site Exclusion Wizard Site-to-Site Exclusions To add a site-to-site exclusion TerritoriesGo to Network Site Topology Site-to-Site Exclusions Add Territory Dialog Edit Territory Dialog Add Network Cloud Dialog Network CloudsField Cloud Info Field Description Associated Sites Edit Network Cloud DialogAdd Site Link Dialog Field Cloud Info Description Go to Network Site Topology Sites Site Topology Configuration ProceduresGo to Network Site Topology Territories About Site Topology Role Description User Roles Overview Adding Users Overview Users Are in the Local domain Add User Dialog See Local PasswordSee Add User Dialog Dialog Rooms Dialog Service. See Conference SettingsAssociated Endpoints Field Description Associated Roles Edit User DialogConference Passcodes Prompted see Authentication Required Dialog Select Associated Endpoints Dialog Field Description Associated Endpoints Select Associated Endpoints Dialog Authentication Required DialogConference Rooms Dialog Its conferences. See Conference Templates Add Conference Room Dialog Conference Settings Namespace, enter the value in the box below the list  Publish presence Defined on the Admin Conference Manager Conference Settings Do not publish presence  Create contact and publish presence User Dialog Conference see Edit Conference Template Dialog Edit Conference Room Dialog Settings Polycom, Inc 324 Dial-out Participants list Add Dial-out Participant Dialog Users ProceduresEdit Dial-out Participant Dialog To add a local user To find a user or usersTo edit a user Go to User Users To delete a local user Conference Rooms ProceduresTo add a conference room to a user To edit one of a user’s conference rooms To delete one of a user’s custom conference rooms Groups Conference Templates Import Enterprise Groups Dialog See Conference SettingsEdit Group Dialog From the Search results box Templates Manager Conference Settings Admin Conference Manager Conference SettingsSetting on the User Users Manage Conf Rooms dialog Boxes on the Admin Conference Manager Conference Settings Actions list, click Import Enterprise Groups Enterprise Groups Procedures To terminate a user’s login session Login Sessions Change Password Dialog Administrator Responsibilities Management and Maintenance Overview Auditor Responsibilities Administrative Best PracticesAuditor Best Practices Regular archive of backups Recommended Regular MaintenanceProvisioner Responsibilities General system health and capacity checks Microsoft Active Directory health Dashboard Security configurationCertificates Network usage data export Call Server Active Calls Pane Active Directory Integration Pane Cluster Info Pane Call Server Registrations PaneConference History Max Participants Pane Conference Manager Usage Pane Conference Manager MCUs Pane Juniper Networks SRC Integration Pane Exchange Server Integration Pane License Status Pane Signaling Settings PaneRealPresence Resource Manager Integration Pane Supercluster Status Pane Territory Status Pane User Login History Pane Alerts Alert Supercluster StatusCluster cluster is orphaned No clusters assigned to list of territories Territory Status Polycom, Inc 351 RealPresence Resource Manager System Integration Asynchronous OperationFormatted string from server Zero enterprise conference rooms exist on cluster cluster Active Directory Integration Polycom, Inc 354 Exchange Server Integration Database Status Lync Integration Signaling Cluster cluster The server certificate has expired CertificateCertificates. See also Cluster cluster One or more CA certificates have expired Cluster cluster Cannot connect to licensing server lserver Licenses Cluster cluster DMA is not licensed for any calls Networks Cluster cluster a public network error exists on server Cluster cluster a private network error exists on serverCluster cluster a signaling network error exists on server Server Resources Server server CPU utilization 50% and 75% Server server CPU utilization 75% Data SynchronizationCluster cluster System version differs between servers Cluster cluster Local users differ between servers System Health and Availability MCUs MCU MCUname is currently busied out MCU MCUname is currently out of serviceMCU MCUname has count warnings MCU mcu disconnect rate is 1 MCU MCUname is disconnectedMCU mcu disconnect rate is MCU mcu call failure rate is 0.4 MCU mcu is connected with no port capacity MCU mcu call failure rate is Endpoints Polycom, Inc 373 Conference Manager No territories configured to host conference roomsConference Status Conference VMR on MCU MCU failed to start reason Lync Presence PublishingOngoing conference VMR on MCU MCU failed reason Polycom, Inc 376 Polycom, Inc 377 Call Server Call Bandwidth Management System Log FilesCluster cluster External SIP peer sippeer is unresponsive To download a log archive to your PC or workstation System Logs Procedures To delete a system log archive To manually roll the system logsActions list, click Download Archived Logs Ping Troubleshooting UtilitiesTraceroute Top NTP Status Check Configuration SynchronizationTo run iostat on each server To run sar on each server To check configuration synchronization Diagnostics for your Polycom ServerBacking Up and Restoring SHA1 Backup and Restore Procedures Confirm Restore Dialog To create a new backup file To download a backup fileTo upload a backup file Go to Maintenance Backup and Restore To restore from a backup file on the cluster Shut down the system. See Shutting Down and Restarting Close the utility Upgrading the Software Following table describes the parts of the Software Upgrade Basic Upgrade Procedures Go to Maintenance Software Upgrade To install an upgradeReturn to Maintenance Software Upgrade To roll back an upgrade, restoring the previous version Return to Maintenance Software Upgrade Incompatible Software Version Supercluster Upgrades Factors to Consider for an Incremental Supercluster Upgrade Simplified Supercluster Upgrade Complete Service Outage System Management and Maintenance Polycom, Inc 400 RealPresence DMA System, Virtual Edition System Upgrade Complex Supercluster Upgrade Some Service MaintainedTo upgrade a RealPresence DMA system, Virtual Edition Adding a Second Server Expanding an Unpatched System Expanding a Patched System Shutting Down and Restarting Replacing a Failed ServerTo replace a failed server in a two-server cluster To restart or shut down one or both servers in a cluster Go to Maintenance Shutdown and RestartTo start up a shut-down cluster Call History Alert History System Reports Export History Conference History Associated Calls Export History Property Changes Conference Events Exporting CDR Data Call Detail Records CDRsCall Record Layouts To download CDRs YYYY-MM-DDTHHMMSS.FFF+-ZHHMM 1024+768+384 486BUSY Here Conference Room Dialog 720p30 Conf Conference Record Layouts Value from the Conference room pass-through to CDR field Polycom RealPresence DMA System Registration History Report To find a device or devices Registration History Procedures Active Directory Integration Report All Domains Active Directory IntegrationGroups with Partially Loaded or No Membership Information Orphaned Groups and Users Report Orphaned Groups and Users ProceduresTo remove orphaned group data from the system To remove orphaned user data from the system Conference Room Errors Report To download conference room errors data Exporting Conference Room Errors Data Enterprise Passcode Errors Report To download enterprise passcode errors data Exporting Enterprise Passcode Errors DataNetwork Usage Report Exporting Network Usage Data Field Description To download network usage data Snmp Framework Snmp Overview Snmp Versions Snmp Notifications Enable the Snmp Agent Configure SnmpTo enable the Snmp agent Go to Admin Local Cluster Snmp Settings Add an Snmp Notification User Go to Admin Local Cluster Snmp Settings Click Add UserTo add a notification user Add an Snmp Notification Agent Edit Notification User DialogTo add an Snmp notification agent to the system Click Add Agent Edit Notification Agent DialogUDP. See Snmp Overview Download MIBs Go to Admin Snmp Settings Click Download MIBsAvailable Snmp MIBs To download the MIB package for a DMA system Polycom RealPresence DMA System Snmp Support