Polycom 7000 manual Consequences of Enabling Maximum Security Mode

System Security

See also:

System Security

Certificate Settings

Login Policy Settings

Reset System Passwords

The Consequences of Enabling Maximum Security Mode

Enabling the Maximum security setting is irreversible and has the following significant consequences:

●All unencrypted protocols and unsecured access methods are disabled, and the enhanced support feature is disabled.

●The boot order is changed so that the server(s) can’t be booted from the optical drive or a USB device.

●A BIOS password is set.

●The port 443 redirect is removed, and the system can only be accessed by the full URL (https://<IP>:8443/dma7000, where <IP> is one of the system's management IP addresses or a host name that resolves to one of those IP addresses).

●For all server-to-server connections, the system requires the remote party to present a valid X.509 certificate. Either the Common Name (CN) or Subject Alternate Name (SAN) field of that certificate must contain the address or host name specified for the server in the Polycom RealPresence DMA system.

Polycom RMX MCUs don’t include their management IP address in the SAN field of the CSR (Certificate Signing Request), so their certificates identify them only by the CN. Therefore, in the Polycom RealPresence DMA system, an RMX MCU's management interface must be identified by the host name or FQDN specified in the CN field, not by IP address.

Similarly, an Active Directory server certificate often specifies only the FQDN. Therefore, in the Polycom RealPresence DMA system, the Active Directory must be identified by FQDN, not by IP address.

●Superclustering is not supported.

●The Polycom RealPresence DMA system can’t be integrated with Microsoft Exchange Server and doesn’t support virtual meeting rooms (VMRs) created by the Polycom Conferencing Add-in for Microsoft Outlook.

●Integration with a Polycom RealPresence Resource Manager system is not supported.

●On the Banner page, Enable login banner is selected and can’t be disabled.

●On the Login Sessions page, the Terminate Session action is not available.

●On the Troubleshooting Utilities menu, Top is removed.

●In the Add User and Edit User dialogs, conference and chairperson passcodes are obscured.

●After Maximum security is enabled, management interface users must change their passwords.

●If the system is not integrated with Active Directory, each local user can have only one assigned role (Administrator, Provisioner, or Auditor).

If some local users have multiple roles when you enable Maximum security, they retain only the highest-ranking role (Administrator > Auditor > Provisioner).