System Security

Field

Description

 

 

Allow unencrypted connections to

Normally, the Polycom RealPresence DMA system connects to Active

the Active Directory

Directory using SSL or TLS encryption. But if the Active Directory server or

 

servers (including domain controllers if you import global groups) aren’t

 

configured to support encryption, the Polycom RealPresence DMA system

 

can only connect using an unencrypted protocol. This option allows such

 

connections if an encrypted connection can’t be established.

 

This configuration causes an extreme security flaw: the unencrypted

 

passwords of enterprise users are transmitted over the network, where they

 

can easily be intercepted.

 

Use this option only for diagnostic purposes. By toggling it, you can determine

 

whether encryption is the cause of a failure to connect to Active Directory or to

 

load group data. If so, the solution is to correctly configure the relevant

 

servers, not to allow ongoing use of unencrypted connections.

 

 

Allow unencrypted connections to

Normally, the Polycom RealPresence DMA system uses only HTTPS for the

MCUs

conference control connection to RealPresence Collaboration Server or RMX

 

MCUs, and therefore can’t control an MCU that accepts only HTTP (the

 

default). This option enables the system to fall back to HTTP for MCUs not

 

configured for HTTPS.

 

We recommend configuring your MCUs to accept encrypted connections

 

rather than enabling this option. When unencrypted connections are used, the

 

RealPresence Collaboration Server or RMX login name and password are

 

sent unencrypted over the network.

 

 

Allow unencrypted calendar

Normally, if calendaring is enabled, the Polycom RealPresence DMA system

notifications from Exchange

gives the Microsoft Exchange server an HTTPS URL to which the Exchange

server

server can deliver calendar notifications. In that case, the Polycom

 

RealPresence DMA system must have a certificate that the Exchange server

 

accepts in order for the HTTPS connection to work.

 

If this option is selected, the Polycom RealPresence DMA system does not

 

require HTTPS for calendar notifications.

 

We recommend installing a certificate trusted by the Exchange server and

 

using an HTTPS URL for notifications rather than enabling this option.

 

 

Allow basic authentication to

Normally, if calendaring is enabled, the Polycom RealPresence DMA system

Exchange server

authenticates itself with the Exchange server using NTLM authentication.

 

If this option is selected, the Polycom RealPresence DMA system still

 

attempts to use NTLM first. But if that fails or isn’t enabled on the Exchange

 

server, then the RealPresence DMA system falls back to HTTP Basic

 

authentication (user name and password).

 

We recommend using NTLM authentication rather than enabling this option.

 

In order for either NTLM or HTTP Basic authentication to work, they must be

 

enabled on the Exchange server.

 

 

Polycom, Inc.

50

Page 50
Image 50
Polycom 7000 manual Servers, not to allow ongoing use of unencrypted connections