Polycom 7000 Video Game Sound System User Manual


 
System Security
Polycom, Inc. 53
See also:
System Security
Certificate Settings
Login Policy Settings
Reset System Passwords
The Consequences of Enabling Maximum Security
Mode
Enabling the Maximum security setting is irreversible and has the following significant consequences:
All unencrypted protocols and unsecured access methods are disabled, and the enhanced support
feature is disabled.
The boot order is changed so that the server(s) can’t be booted from the optical drive or a USB
device.
A BIOS password is set.
The port 443 redirect is removed, and the system can only be accessed by the full URL
(https://<IP>:8443/dma7000, where <IP> is one of the system's management IP addresses or a host
name that resolves to one of those IP addresses).
For all server-to-server connections, the system requires the remote party to present a valid X.509
certificate. Either the Common Name (CN) or Subject Alternate Name (SAN) field of that certificate
must contain the address or host name specified for the server in the Polycom RealPresence DMA
system.
Polycom RMX MCUs don’t include their management IP address in the SAN field of the CSR
(Certificate Signing Request), so their certificates identify them only by the CN. Therefore, in the
Polycom RealPresence DMA system, an RMX MCU's management interface must be identified by
the host name or FQDN specified in the CN field, not by IP address.
Similarly, an Active Directory server certificate often specifies only the FQDN. Therefore, in the
Polycom RealPresence DMA system, the Active Directory must be identified by FQDN, not by IP
address.
Superclustering is not supported.
The Polycom RealPresence DMA system can’t be integrated with Microsoft Exchange Server and
doesn’t support virtual meeting rooms (VMRs) created by the Polycom Conferencing Add-in for
Microsoft Outlook.
Integration with a Polycom RealPresence Resource Manager system is not supported.
On the Banner page, Enable login banner is selected and can’t be disabled.
On the Login Sessions page, the Terminate Session action is not available.
On the Troubleshooting Utilities menu, Top is removed.
In the Add User and Edit User dialogs, conference and chairperson passcodes are obscured.
After Maximum security is enabled, management interface users must change their passwords.
If the system is not integrated with Active Directory, each local user can have only one assigned role
(Administrator, Provisioner, or Auditor).
If some local users have multiple roles when you enable Maximum security, they retain only the
highest-ranking role (Administrator > Auditor > Provisioner).