System Security

If the system is integrated with Microsoft Active Directory, only one local user can have the Administrator role, and no local users can have the Provisioner or Auditor role.

If there are multiple local administrators when you enable Maximum security, the system prompts you to choose one local user to retain the Administrator role. All other local users, if any, become conferencing users only and can’t log into the management interface.

Each enterprise user can have only one assigned role (Administrator, Provisioner, or Auditor). If some enterprise users have multiple roles (or inherit multiple roles from their group memberships), they retain only the lowest-ranking role (Administrator > Auditor > Provisioner).

Local user passwords have stricter limits and constraints (each is set to the noted default if below that level when you enable Maximum security):

Minimum length is 15-30 characters (default is 15).

Must contain 1 or 2 (default is 2) of each character type: uppercase alpha, lowercase alpha, numeric, and non-alphanumeric (special).

Maximum number of consecutive repeated characters is 1-4 (default is 2).

Number of previous passwords that a user may not re-use is 8-16 (default is 10).

Minimum number of characters that must be changed from the previous password is 1-4 (default is 4).

Password may not contain the user name or its reverse.

Maximum password age is 30-180 days (default is 60).

Minimum password age is 1-30 days (default is 1).

Other configuration settings have stricter limits and constraints (each is set to the noted default if below that level when you enable Maximum security):

Session configuration limits:

Sessions per system is 4-80 (default is 40).

Sessions per user is 1-10 (default is 5).

Session timeout is 5-60 minutes (default is 10).

Local account configuration limits:

Local user account is locked after 2-10 failed logins (default is 3) due to invalid password within 1-24 hours (default is 1).

Locked account remains locked either until unlocked by an administrator (the default) or for a duration of 1-480 minutes.

Non-conference participants can’t be permitted to register for conference events.

Software build information is not displayed anywhere in the interface.

You can’t restore a backup made before Maximum security was enabled.

The RealPresence DMA system, Virtual Edition, does not support Maximum Security Mode.

If you’re using the Mozilla Firefox browser, you need to configure it to support TLS version 1.1 so that it can function correctly with a RealPresence DMA system configured for Maximum Security Mode.

File uploads may fail when using the Mozilla Firefox browser unless the proper steps have been taken. See below.

Polycom, Inc.

54

Page 54
Image 54
Polycom 7000 manual System Security