System Security

Field

Description

 

 

Skip validation of certificates

Normally, when the Polycom RealPresence DMA system connects to a

received while making outbound

server, it validates that server’s certificate.

connections

This option configures the system to accept any certificate presented to it

 

without validating it.

 

We recommend using valid certificates for all servers that the system may

 

need to contact rather than enabling this option. Depending on system

 

configuration, this may include:

 

MCUs

 

Active Directory

 

Exchange

 

RealPresence Resource Manager system

 

Other RealPresence DMA systems

 

Endpoints

 

Note: Either the Common Name (CN) or Subject Alternate Name (SAN) field

 

of the server’s certificate must contain the address or host name specified for

 

the server in the Polycom RealPresence DMA system.

 

Polycom MCUs don't include their management IP address in the SAN field of

 

the CSR (Certificate Signing Request), so their certificates identify them only

 

by the CN. Therefore, in the Polycom RealPresence DMA system, a Polycom

 

MCU's management interface must be identified by the name specified in the

 

CN field (usually the FQDN), not by IP address.

 

Similarly, an Active Directory server certificate often specifies only the FQDN.

 

So in the Polycom RealPresence DMA system, identify the enterprise

 

directory by FQDN, not by IP address.

 

 

Unlock SIP Settings mutual

Normally, during encrypted call signaling (SIP over TLS), the Polycom

authentication option on the

RealPresence DMA system requires the remote party (endpoint or MCU) to

Signaling Settings page

present a valid certificate. This is known as mutual TLS.

 

When enabled, this check box unlocks the Require mutual authentication

 

(validation of client certificates) option for SIP signaling on the Signaling

 

Settings page, allowing you to disable the mutual TLS requirement for SIP

 

signaling.

 

Polycom recommends recommend installing valid certificates on your

 

endpoints and MCUs rather than enabling this option.

 

 

Allow non-conference participants

The SIP SUBSCRIBE/NOTIFY conference notification service (as described

to receive conference events

in RFCs 3265 and 4575), allows SIP devices to subscribe to a conference and

 

receive conference rosters and notifications of conference events. Normally,

 

the subscribing endpoints are conference participants.

 

This option configures the system to let devices subscribe to a conference

 

without being participants in the conference.

 

Note: A subscription to a conference by a non-participant consumes a call

 

license. Call history doesn’t include data for non-participant subscriptions.

 

 

Polycom, Inc.

51

Page 51
Image 51
Polycom 7000 manual Server in the Polycom RealPresence DMA system