Manuals / Polycom / Computer Equipment / Network Router

Polycom 7000 manual System Security

Models: 7000

1 437

Download 437 pages 17.13 Kb

Page 39

System Security

2When the Polycom RealPresence DMA system connects to a Microsoft Active Directory server, it may present a certificate to the server to identify itself.

If Active Directory is configured to require a client certificate (this is not the default), the Polycom RealPresence DMA system offers the same SSL server certificate that it offers to browsers connecting to the system management interface. Active Directory must be configured to trust the certificate authority, or it rejects the certificate and the connection fails.

3When the Polycom RealPresence DMA system connects to a Microsoft Exchange server (if the calendaring service is enabled; see Microsoft Exchange Server Integration), it may present a certificate to the server to identify itself.

Unless the Allow unencrypted calendar notifications from Exchange server security option is enabled (see Security Settings), the Polycom RealPresence DMA system offers the same SSL server certificate that it offers to browsers connecting to the system management interface. The Microsoft Exchange server must be configured to trust the certificate authority. Otherwise, the Microsoft Exchange Server integration status (see Dashboard) remains Subscription pending indefinitely, the Polycom RealPresence DMA system does not receive calendar notifications, and incoming meeting request messages are only processed approximately every 4 minutes.

4When the Polycom RealPresence DMA system connects to a RealPresence Collaboration Server or RMX MCU configured for secure communications (this is not the default), a certificate may be used to identify the MCU (server) to the Polycom RealPresence DMA system (client).

5When performing call signaling requiring TLS, the Polycom RealPresence DMA system presents its certificate to the connecting client (one-way TLS). If the Require mutual authentication (validation of client certificates) SIP Settings option is enabled (see Signaling Settings), the system uses the installed CA certificates to authenticate the connecting client’s certificate as well (mutual TLS).

Polycom, Inc.

39

Image 39

Polycom 7000 manual System Security

Contents

Polycom RealPresence DMA 7000 System Page Contents System Security Local Cluster ConfigurationDevice Management Integrations with Other Systems MCU ManagementSuperclustering Conference Manager ConfigurationSite Topology Call Server ConfigurationUsers and Groups System Management and MaintenanceContents 361 Polycom RealPresence DMA System Snmp Support System ReportsIntroduction to the Polycom RealPresence DMA System Polycom RealPresence DMA System’s Primary FunctionsConference Manager RealPresence Platform API Call ServerSVC Conferencing Support Two-server Cluster Configuration Polycom RealPresence DMA System’s Three ConfigurationsSingle-server Configuration System Capabilities and Constraints Embedded DNS SettingsSystem Port Usage Port Protocol DescriptionSend Usage Data Field Input Requirements Polycom Solution SupportAccessing the Polycom RealPresence DMA System Working in the Polycom RealPresence DMA SystemMenu/Icon Admin Provisioner Auditor Settings DialogMenu/Icon Admin Provisioner Auditor Menu/Icon Admin Provisioner Auditor Menu/Icon Admin Provisioner Auditor To replace an Lgpl library with your modified version Open Source SoftwareLicense Information Modifying Open Source CodeConfirming configuration System configurationAdditional DNS Records for SIP Proxy Additional DNS Records for the H.323 Gatekeeper Additional DNS Records for the Optional Embedded DNS FeatureLicense the Polycom RealPresence DMA System Verify That DNS Is Working for All AddressesLicense the RealPresence DMA System, Appliance Edition License the RealPresence DMA System, Virtual Edition Set Up SignalingSet Up Security Set Up MCUs Connect to Microsoft Active Directory Set Up Conference Templates Test the System How Certificates Work Security Certificates OverviewDER System Security Frequently Asked Questions Column Description Certificate SettingsCertificate Information Dialog Certificate Signing Request DialogField Description Add Certificates Dialog Certificate Details DialogSection Description Go to Admin Local Cluster Certificates Certificate ProceduresInstall a Certificate Authority’s Certificate To install a certificate for a trusted root CAActions list, select Create Certificate Signing Request To create a certificate signing requestActions list, select Add Certificates Actions list, select Display DetailsInstall a Certificate in the RealPresence DMA System To remove a Trusted Root CA’s certificate Remove a Certificate from the RealPresence DMA SystemSecurity Settings Actions list, select Delete CertificateCertificate Details dialog appears Field Description Maximum security High securityCustom security Servers, not to allow ongoing use of unencrypted connections Server in the Polycom RealPresence DMA system Go to Admin Local Cluster Security Settings To change the security settingsOn the Troubleshooting Utilities menu, Top is removed Consequences of Enabling Maximum Security ModeSystem Security Login Policy Settings Session Local PasswordField Description Password Management Password ComplexityAccount Inactivity Local User AccountUnlimited Field Description Account LockoutAccess Policy Settings BannerCustom To reset system passwords Reset System PasswordsWait a few minutes to log back in. See also Network Settings Local Cluster ConfigurationField Description Dhcp ServerSettings Field Description Shared Management NetworkTurn on Auto-negotiation or set Speed and Duplex manually General System Network Shared Signaling NetworkIPv6address%eth0 Routing Configuration DialogTime Settings Activation Keys LicensesLicenses for the Appliance Edition Field Description Active LicenseDMA Host Cluster Network SettingsLicenses for the Virtual Edition See Automatically Send Usage Data for more informationSIP Signaling Signaling SettingsDevice Authentication SIP Device AuthenticationUntrusted SIP Call Handling Configuration Field Description Settings Signaling Settings FieldsSIP Settings Field Add Guest Port DialogEdit Guest Port Dialog Security Settings page. See Security SettingsAdd Guest Prefix Dialog Edit Guest Prefix Dialog Logging SettingsAlerting Settings Local Cluster Configuration Procedures Add LicensesAlert ID Threshold Condition Description Select Product Activation Go to Admin Local Cluster LicensesTo request a software activation key code for each server To enter license activation key codesConfigure Signaling To configure signalingGo to Admin Local Cluster Signaling Settings Under Unauthorized prefixes, click Add Under Unauthorized ports, click AddConfigure Logging To configure loggingAutomatically Send Usage Data Enable or Disable Automatic Data Collection See the Collected DataTo see the collected data Active Calls Device ManagementCall Details Dialog Tab/Field/Column Description Call Info Subscription Events On the Call Server SettingsTab/Field/Column Description Bandwidth Call EventsEndpoints Tab/Field/Column Description Property ChangesQoS Registration policy script see Registration Policy Server Settings Command DescriptionRegistration Policy Registrations Names/Aliases in a Mixed H.323 and SIP EnvironmentDevice Management Add Endpoint Dialog Edit Device Dialog Edit Devices Dialog Associate User Dialog Site StatisticsAdd Alias Dialog Edit Alias DialogSite Link Statistics Column External GatekeeperAuthentication Mode Add External Gatekeeper DialogColumn Description External Gatekeeper Postliminary Edit External Gatekeeper DialogThis script to open the Script Debugging Dialog for Multiple External SIP Peers External SIP PeerField Description External SIP Peers Add External SIP Peer DialogUDP Domain List To header options AuthenticationField Description Postliminary Temporarily select Use customized scriptLync Integration Edit External SIP Peer Dialog External RegistrationsField Description External SIP Peer Host/domain name Routed to this peer server Polycom, Inc 112 Lync Integration SIP Peer Postliminary Output Format Options To Header Format OptionsExternal Registration Request-URI Header Format Options Default To header for Microsoft. Equivalent to templateDefault Request-URI for Microsoft Equivalent to template Free Form Template VariablesVariable Description To Header and Request-URI Header Examples Original To Header Template ResultOriginal Request-URI Header Template Result Edit Authentication Dialog Add Authentication DialogTemplate Variables Add Outbound Registration DialogEdit Outbound Registration Dialog External H.323 SBC Column Description External H.323 SBC Add External H.323 SBC DialogEdit External H.323 SBC Dialog Polycom, Inc 124 MCUs MCU ManagementPage Polycom, Inc 127 See SVC Conferencing Support Policy Not to make or receive calls Field Description External MCU Add MCU DialogManagement IP address Gateway Selection Process Prefix DialogMedia IP Addresses Gateway ProfilesEdit MCU Dialog Management IP address Polycom, Inc 137 Polycom, Inc 138 Edit Session Profile Dialog Add Session Profile DialogTo add an MCU MCU ProceduresIsdn Gateway Selection Process To view information about an MCUTo edit an MCU To delete an MCU MCU Pools Command Add MCU Pool DialogEdit MCU Pool Dialog To delete an MCU Pool MCU Pool ProceduresTo add an MCU Pool To edit an MCU PoolMCU Pool Orders Add MCU Pool Order Dialog MCU Selection Process Edit MCU Pool Order DialogMCU Availability and Reliability Tracking 24% To edit an MCU Pool Order MCU Pool Order ProceduresTo view the MCU Pool Orders list To add an MCU Pool OrderTo delete an MCU Pool Order Microsoft Active Directory Integration Integrations with Other SystemsMicrosoft Active Directory Field Description Connection Status Field Description Active Directory Connection Conference SettingsEnterprise Conference Room ID Generation Understanding Base DNEnterprise Chairperson and Conference Passcode Generation To integrate with Active Directory Active Directory Integration ProcedurePolycom, Inc 160 Understanding Base DN Polycom, Inc 162 Adding Passcodes for Enterprise Users About the System’s Directory Queries When you click Update on the Microsoft Active DirectoryUser Search Group SearchGlobal Group Membership Search Configurable Attribute Domain Search Attribute Replication SearchDomain Search Microsoft Lync 2013 Integration Service Account SearchScheduled Conferences with Polycom RealConnect Lync 2010 vs. Lync 2013 IntegrationActive Directory Service Account Permissions Automatic Contact Creation and ConfigurationConsiderations and Requirements for Lync 2013 Integration Lync and non-Lync Endpoint CollaborationIntegrate RealPresence DMA and Lync Lync 2010 and 2013 Client / Server Feature SupportMicrosoft Exchange Server Integration Diagnose Presence ProblemsPolycom Solution and Integration Support Differences between Calendaring and SchedulingMicrosoft Exchange Server Exchange Server Integration Procedure RealPresence Resource Manager Integration Page RealPresence Resource Manager Join RealPresence Resource Manager Dialog RealPresence Resource Manager Integration Procedures To integrate with a RealPresence Resource Manager system Juniper Networks SRC Juniper Networks SRC IntegrationTo configure SRC integration Juniper Networks SRC Integration ProcedureConference Settings Conference Manager ConfigurationPresence Publishing Contacts presence settings below Create Polycom conference contacts check box is enabledField Maximum Polycom conference contacts to publish Default Polycom Conference Contacts Presence Settings Class of ServiceTo specify conference settings Go to Admin Conference Manager Conference SettingsRemove Contacts from Active Directory Dialog Conference Templates Two Types of TemplatesSelect Publish presence for Polycom conference contacts Standalone Templates Template Priority About Conference IVR ServicesCascading for Bandwidth Cascading for Size About CascadingCascading for Bandwidth Cascading for Size Add Conference Template Dialog Field Description Common SettingsRMX General Settings Conference Templates ListMany of the MCUs have that profile for instance, 2 Cascade for bandwidth LPR Field Description RMX Gathering Settings Video switching is selectedRMX Video Quality Optimized  Conference mode is set to AVC onlyRMX Video Settings  TIP compatibility is set to either None or Video OnlyGuide Telepresence mode is YesSee Shared Number Dialing Field Description RMX Audio SettingsRMX Skins RMX Conference IVRRMX Recording RMX Site NamesCisco Codian Edit Conference Template Dialog Polycom, Inc 205 Field Description LPR Field Description RMX Gathering Settings  Conference mode is set to AVC only Polycom, Inc 210 Polycom, Inc 211 RMX Site Names Cisco Codian To select a video frames layout Conference Templates ProceduresGo to Admin Conference Manager Conference Templates Select Layout DialogTo delete a conference template Click the RMX General Settings tabTo edit a conference template To change a conference template’s priorityIVR Prompt Sets Prompt File Name Prompt Text Shared Number Dialing Polycom, Inc 219 Polycom, Inc 220 Prompt Sets Conference Settings plus VEQ numberAdd Virtual Entry Queue Dialog Field Description Virtual Entry QueueEdit Virtual Entry Queue Dialog Add Direct Dial Virtual Entry Queue DialogEdit Direct Dial Virtual Entry Queue Dialog Dialstring = sipxxx@10.33.120.58 Script Debugging Dialog for VEQ ScriptsSample Virtual Entry Queue Script About Superclustering SuperclusteringDMAs Polycom, Inc 228 Following table describes the fields on Join Supercluster Dialog To create or join a supercluster Supercluster ProceduresActions list, select Remove from Supercluster To remove a cluster from the superclusterAbout the Call Server Capabilities Call Server ConfigurationCall Server Settings Field Description General SettingsModifications For the called endpoint For SIP calls gatewayed to an See External Gatekeeper Domains Field Description Gatekeeper Blacklist SettingsMycompany domains, this would not match eng.mycompany.com Dial Rules Test Dial Rules Dialog Sipsrbruce@10.47.7.9 Default Dial Plan and Suggestions for Modifications Rule EffectSee Edit Site Dialog Polycom, Inc 244 H323xxxx@enterprisepartner.com Add Dial Rule Dialog Field Description Dial RulePreliminary Default port of the signaling protocol MCU pool order Template configured in Admin Conference Manager ConferenceConference Manager Conference Settings Conference templateAll in parallel forking Weighted round-robinEdit Dial Rule Dialog Block Blocks the call Resolve to IP address Polycom, Inc 252 Polycom, Inc 253 Preliminary/Postliminary Scripting Predefined Preliminary/Postliminary Scripting VariablesVariable Initial value Usage example Preliminary/Postliminary Scripting FunctionsFunction name and parameters Details Return valueReturn value None Dial rule action Output SIP headers How Dial Rule Actions Affect SIP HeadersSee Preliminary/Postliminary Scripting for a description Script Debugging Dialog for Preliminaries/PostliminariesDialstring = 99 + Dialstring Strip Prefix SIP Sample Preliminary and Postliminary ScriptsSubstitute Domain SIP Site Based Numeric Nicknames User = Callersitecountrycode + Callersiteareacode + user Hunt Groups Hunt Group Members Add Hunt Group DialogEdit Hunt Group Dialog Field Description General InfoDevice Authentication Field Description Inbound Authentication Inbound AuthenticationShared Outbound Authentication On the Inbound Authentication tab, you canShared Outbound Authentication Add Device Authentication DialogEdit Device Authentication Dialog Field Description Device AuthenticationRegistration Policy Compliant Epdefinedincma Registration Policy ScriptingEPISIPV4 Regsitedigits Script Debugging Dialog for Registration Policy ScriptsSample Registration Policy Scripts Reject aliases that arent the right length otherwise accept Prefix Service Add Simplified Isdn Gateway Dialing Prefix Dialog Edit Simplified Isdn Gateway Dialing Prefix Dialog Embedded DNS Edit Vertical Service Code DialogCallservers.example.com To enable DNS publishingHistory Retention Settings Record Type Retention Limit When Limit Is ReachedNumber of Records Purged History Report To configure history record retentionAbout Site Topology Site TopologyBandwidth Management Sites Field Site Info Site Information DialogSubnets Field Description General Info General SettingsAdd Site Dialog Device TypesField Description Bandwidth Settings Territory SettingsIsdn Number Assignment Isdn Range Assignment for did dialing method Isdn Outbound DialingIsdn Range Assignment for gateway extension dialing method RoutingSIP Routing Subnet2 = 10.33.24.0/24 Edit Site DialogPolycom, Inc 291 Override ITU dialing rules Subnet Name Unique name of the subnet Polycom, Inc 293 Add Subnet Dialog Edit Subnet Dialog Site Links Edit Site Link Dialog Add Site Link DialogAdd Site-to-Site Exclusion Wizard Site-to-Site ExclusionsTerritories To add a site-to-site exclusionGo to Network Site Topology Site-to-Site Exclusions Add Territory Dialog Edit Territory Dialog Network Clouds Add Network Cloud DialogField Cloud Info Field Cloud Info Description Edit Network Cloud DialogField Description Associated Sites Add Site Link DialogSite Topology Configuration Procedures Go to Network Site Topology SitesGo to Network Site Topology Territories About Site Topology Role Description User Roles OverviewAdding Users Overview Users Are in the Local domain Dialog See Local PasswordAdd User Dialog See Add User DialogService. See Conference Settings Rooms DialogAssociated Endpoints Edit User Dialog Field Description Associated RolesConference Passcodes Prompted see Authentication Required Dialog Select Associated Endpoints Dialog Field Description Associated EndpointsAuthentication Required Dialog Select Associated Endpoints DialogConference Rooms Dialog Its conferences. See Conference Templates Add Conference Room Dialog Conference Settings Namespace, enter the value in the box below the list  Create contact and publish presence Defined on the Admin Conference Manager Conference Settings Publish presence  Do not publish presenceUser Dialog Conference see Edit Conference Template DialogEdit Conference Room Dialog Settings Polycom, Inc 324 Dial-out Participants list Users Procedures Add Dial-out Participant DialogEdit Dial-out Participant Dialog Go to User Users To find a user or usersTo add a local user To edit a userTo edit one of a user’s conference rooms Conference Rooms ProceduresTo delete a local user To add a conference room to a userTo delete one of a user’s custom conference rooms GroupsConference Templates From the Search results box See Conference SettingsImport Enterprise Groups Dialog Edit Group DialogTemplates Boxes on the Admin Conference Manager Conference Settings Admin Conference Manager Conference SettingsManager Conference Settings Setting on the User Users Manage Conf Rooms dialogActions list, click Import Enterprise Groups Enterprise Groups ProceduresTo terminate a user’s login session Login SessionsChange Password Dialog Administrator Responsibilities Management and Maintenance OverviewAdministrative Best Practices Auditor ResponsibilitiesAuditor Best Practices General system health and capacity checks Recommended Regular MaintenanceRegular archive of backups Provisioner ResponsibilitiesMicrosoft Active Directory health Network usage data export Security configurationDashboard CertificatesCall Server Active Calls Pane Active Directory Integration PaneCall Server Registrations Pane Cluster Info PaneConference History Max Participants Pane Conference Manager Usage Pane Conference Manager MCUs PaneJuniper Networks SRC Integration Pane Exchange Server Integration PaneSupercluster Status Pane Signaling Settings PaneLicense Status Pane RealPresence Resource Manager Integration PaneTerritory Status Pane User Login History PaneAlerts Supercluster Status AlertCluster cluster is orphaned No clusters assigned to list of territories Territory StatusPolycom, Inc 351 Asynchronous Operation RealPresence Resource Manager System IntegrationFormatted string from server Zero enterprise conference rooms exist on cluster cluster Active Directory IntegrationPolycom, Inc 354 Exchange Server Integration Database Status Lync Integration Signaling Certificate Cluster cluster The server certificate has expiredCertificates. See also Cluster cluster One or more CA certificates have expired Cluster cluster Cannot connect to licensing server lserver LicensesCluster cluster DMA is not licensed for any calls NetworksCluster cluster a private network error exists on server Cluster cluster a public network error exists on serverCluster cluster a signaling network error exists on server Server Resources Server server CPU utilization 50% and 75% Data Synchronization Server server CPU utilization 75%Cluster cluster System version differs between servers Cluster cluster Local users differ between servers System Health and AvailabilityMCUs MCU MCUname is currently out of service MCU MCUname is currently busied outMCU MCUname has count warnings MCU mcu call failure rate is 0.4 MCU MCUname is disconnectedMCU mcu disconnect rate is 1 MCU mcu disconnect rate isMCU mcu is connected with no port capacity MCU mcu call failure rate isEndpoints Polycom, Inc 373 No territories configured to host conference rooms Conference ManagerConference Status Lync Presence Publishing Conference VMR on MCU MCU failed to start reasonOngoing conference VMR on MCU MCU failed reason Polycom, Inc 376 Polycom, Inc 377 Call Server System Log Files Call Bandwidth ManagementCluster cluster External SIP peer sippeer is unresponsive To download a log archive to your PC or workstation System Logs ProceduresTo manually roll the system logs To delete a system log archiveActions list, click Download Archived Logs Top Troubleshooting UtilitiesPing TracerouteTo run sar on each server Check Configuration SynchronizationNTP Status To run iostat on each serverDiagnostics for your Polycom Server To check configuration synchronizationBacking Up and Restoring SHA1 Backup and Restore Procedures Confirm Restore DialogGo to Maintenance Backup and Restore To download a backup fileTo create a new backup file To upload a backup fileTo restore from a backup file on the cluster Shut down the system. See Shutting Down and Restarting Close the utility Upgrading the Software Following table describes the parts of the Software UpgradeBasic Upgrade Procedures To install an upgrade Go to Maintenance Software UpgradeReturn to Maintenance Software Upgrade To roll back an upgrade, restoring the previous version Return to Maintenance Software Upgrade Incompatible Software Version Supercluster Upgrades Factors to Consider for an Incremental Supercluster Upgrade Simplified Supercluster Upgrade Complete Service Outage System Management and Maintenance Polycom, Inc 400 Adding a Second Server Complex Supercluster Upgrade Some Service MaintainedRealPresence DMA System, Virtual Edition System Upgrade To upgrade a RealPresence DMA system, Virtual EditionExpanding an Unpatched System Expanding a Patched System Replacing a Failed Server Shutting Down and RestartingTo replace a failed server in a two-server cluster Go to Maintenance Shutdown and Restart To restart or shut down one or both servers in a clusterTo start up a shut-down cluster Call History Alert HistorySystem Reports Export History Conference HistoryAssociated Calls Export HistoryProperty Changes Conference EventsTo download CDRs Call Detail Records CDRsExporting CDR Data Call Record LayoutsYYYY-MM-DDTHHMMSS.FFF+-ZHHMM 1024+768+384 486BUSY Here Conference Room Dialog720p30 Conf Conference Record LayoutsValue from the Conference room pass-through to CDR field Polycom RealPresence DMA SystemRegistration History Report To find a device or devices Registration History ProceduresActive Directory Integration Report Active Directory Integration All DomainsGroups with Partially Loaded or No Membership Information To remove orphaned user data from the system Orphaned Groups and Users ProceduresOrphaned Groups and Users Report To remove orphaned group data from the systemConference Room Errors Report To download conference room errors data Exporting Conference Room Errors DataEnterprise Passcode Errors Report Exporting Enterprise Passcode Errors Data To download enterprise passcode errors dataNetwork Usage Report Exporting Network Usage Data Field Description To download network usage data Snmp Framework Snmp OverviewSnmp Versions Snmp NotificationsGo to Admin Local Cluster Snmp Settings Configure SnmpEnable the Snmp Agent To enable the Snmp agentGo to Admin Local Cluster Snmp Settings Click Add User Add an Snmp Notification UserTo add a notification user Edit Notification User Dialog Add an Snmp Notification AgentTo add an Snmp notification agent to the system Edit Notification Agent Dialog Click Add AgentUDP. See Snmp Overview To download the MIB package for a DMA system Go to Admin Snmp Settings Click Download MIBsDownload MIBs Available Snmp MIBsPolycom RealPresence DMA System Snmp Support