Polycom RMX 1800 Monitoring, Active Directory

Chapter 14-Users, Connections, and Notes

Polycom, Inc. 14-7

Guidelines

•Application-users are only supported when TLS security is enabled and Request peer

certificate is selected. TLS security cannot be disabled until all application-user accounts

have been deleted from the system.

•For Secure Communications, an administrator must set up on the Collaboration Server

system a machine account for the CMA/DMA/XMA system with which it interacts. This

machine account must include a fully-qualified domain name (FQDN) for the CMA/

DMA/XMA system.

•Application-user names are the same as regular user names.

Example: the CMA application could have an application-user name of CMA1.

•The FQDN can be used to associate all user types: Administrator, Operator with the

FQDN of a server.

•Multiple application-users can be configured the same FQDN name if multiple

applications are hosted on the same server

• If the system is downgraded the application-user’s FQDN information is not deleted

from the Collaboration Server’s user records.

•A System Flag, PASS_EXP_DAYS_MACHINE, enables the administrator to change the

password expiration period of application-user’s independently of regular users. The

default flag value is 365 days.

• The server hosting an application-user whose password is about to expire will receive a

This is determined by the value of the

PASSWORD_EXPIRATION_WARNING_DAYS System Flag. The earliest warning

can be displayed 14 days before the password is due to expire and the latest warning

can be displayed 7 days before passwords are due to expire. An Active Alarm is created

stating the number of days before the password is due to expire.

•The MIN_PWD_CHANGE_FREQUENCY_IN_DAYS System Flag does not effect

application-user accounts. Applications typically manage their own password change

frequency.

• If an application-user identifies itself with an incorrect FQDN, its account will not be

locked, however the event is written to the Auditor Event File.

• If an application-user identifies itself with a correct FQDN and an incorrect password, its

account will be locked and the event written to the Auditor Event File.

•An application-user cannot be the last administrator in the system. The last administrator

must be regular user.

• User names are not case sensitive.

Monitoring

•An application-user and its connection is represented by a specific icon.

Active Directory

• When working with Active Directory, CMA, DMA, and XMA cannot be registered

within Active Directory as regular users. CMA and DMA application-users must be

manually.

• The only restriction is that TLS mode is enabled together with client certificate

validation.

• If the above configuration are set off it will not be possible to add machine accounts.