polycom realpresence clariti military unique deployment ... · video, audio, and content bridging...

MILITARY UNIQUE DEPLOYMENT GUIDE 8.8.0 | June 2019 | 3725-86189-001

Polycom RealPresence Clariti

Copyright© 2019, Polycom, Inc. All rights reserved. No part of this document may be reproduced,translated into another language or format, or transmitted in any form or by any means, electronic ormechanical, for any purpose, without the express written permission of Polycom, Inc.

6001 America Center DriveSan Jose, CA 95002USA

Trademarks Polycom®, the Polycom logo and the names and marks associated with Polycom productsare trademarks and/or service marks of Polycom, Inc. and are registered and/or common law marks in theUnited States and various other countries.

All other trademarks are property of their respective owners. No portion hereof may be reproduced ortransmitted in any form or by any means, for any purpose other than the recipient's personal use, withoutthe express written permission of Polycom.

End User License Agreement By installing, copying, or otherwise using this product, you acknowledgethat you have read, understand and agree to be bound by the terms and conditions of the End UserLicense Agreement for this product. The EULA for this product is available on the Polycom Support pagefor the product.

Patent Information The accompanying product may be protected by one or more U.S. and foreignpatents and/or pending patent applications held by Polycom, Inc.

Open Source Software Used in this Product This product may contain open source software. You mayreceive the open source software from Polycom up to three (3) years after the distribution date of theapplicable product or software at a charge not greater than the cost to Polycom of shipping or distributingthe software to you. To receive software information, as well as the open source software code used inthis product, contact Polycom by email at [email protected] (for video products) or [email protected] (for voice products).

Disclaimer While Polycom uses reasonable efforts to include accurate and up-to-date information in thisdocument, Polycom makes no warranties or representations as to its accuracy. Polycom assumes noliability or responsibility for any typographical or other errors or omissions in the content of this document.

Limitation of Liability Polycom and/or its respective suppliers make no representations about thesuitability of the information contained in this document for any purpose. Information is provided "as is"without warranty of any kind and is subject to change without notice. The entire risk arising out of its useremains with the recipient. In no event shall Polycom and/or its respective suppliers be liable for anydirect, consequential, incidental, special, punitive or other damages whatsoever (including withoutlimitation, damages for loss of business profits, business interruption, or loss of business information),even if Polycom has been advised of the possibility of such damages.

Customer Feedback We are striving to improve our documentation quality and we appreciate yourfeedback. Email your opinions and comments to [email protected].

Polycom Support Visit the Polycom Support Center for End User License Agreements, softwaredownloads, product documents, product licenses, troubleshooting tips, service requests, and more.

mailto:[email protected]



http://support.polycom.com/

Contents

Before You Begin................................................................................................5Document Change History.................................................................................................. 5Conditions Of Fielding.........................................................................................................5

Polycom® RealPresence Clariti™ Solution Overview...................................... 7RealPresence Clariti Solution Architecture......................................................................... 7RealPresence Clariti Solution Components........................................................................ 8Preparing for System Installation...................................................................................... 10

First-Time Setup Worksheets..........................................................................12Complete the First Time Setup Worksheet....................................................................... 12Complete the First-Time Setup Worksheet....................................................................... 14Complete the First-Time Setup Worksheet....................................................................... 15

RealPresence Clariti Solution Software Installation and NetworkConfiguration................................................................................................22

First Time Installation Resource Manager..................................................... 23Preparing for System Installation...................................................................................... 23

Set up DNS Host and Service Records..................................................................23Request Certificates............................................................................................... 23Pre-stage a Computer Account.............................................................................. 24Prepare Client Systems..........................................................................................24

Virtual Edition Installation..................................................................................................24Host Installation Guidelines for Virtual Editions......................................................25Install the Virtual Edition Software..........................................................................25Log In to the System, Virtual Edition...................................................................... 26

Initial Configuration........................................................................................................... 26Complete the First-time Setup Wizard................................................................... 27Enabling the License Server for ............................................................................ 30License Your System with a License File............................................................... 33Additional Configuration......................................................................................... 33

Security Deployment Procedures Resource Manager..................................34Configuring Certificates.....................................................................................................34

Create a Certificate Signing Request..................................................................... 34

Polycom, Inc. 1

Request a Certificate..............................................................................................37Install the Certificate...............................................................................................38

Integrating with an Enterprise Directory............................................................................ 39Prestage Machine Account for RealPresence Resource Manager........................ 40Integrate with the Enterprise Directory Server....................................................... 41

Integrate with RealPresence DMA.................................................................................... 43Configure the Mail Server................................................................................................. 43Site Topology Setup.......................................................................................................... 44

Add a Site...............................................................................................................45Add a Site Link....................................................................................................... 50Add a Network Cloud............................................................................................. 51Add a Territory........................................................................................................ 55

Working with Provisioning Profiles.................................................................................... 56Configure Network Provisioning Profile..................................................................56Configure Admin Config Provisioning Profile......................................................... 60Configuring Polycom Trio Phone Provisioning....................................................... 62

Add a Provisioning Rule....................................................................................................65Auto-Generate SIP URI.....................................................................................................68Configure E.164 Numbering..............................................................................................69Add a User........................................................................................................................ 70Provisioning Endpoints......................................................................................................71

Provision RealPresence Group Series...................................................................71Provision Polycom Trio...........................................................................................73

Configuration for Polycom DMA Edge Integration............................................................ 73Add RealPresence DMA Edge to the RealPresence Resource Manager

Network Device List...........................................................................................74Define a New Site in the RealPresence Resource Manager..................................75Create Network Provisioning Profile for Endpoints that Connect to

RealPresence DMA Edge................................................................................. 77Create Provisioning Rule........................................................................................81Configure Site Links to Connect RealPresence DMA Edge Site with Existing

Topology............................................................................................................83

First Time Installation DMA............................................................................. 85Collect the Necessary Materials........................................................................................85Shipment Contents............................................................................................................86Unpack and Install the Hardware...................................................................................... 87Configure Initial Settings Without the USB Flash Drive.................................................... 89Secure the Polycom RealPresence DMA SystemServers................................................ 90Add DNS Records for the Polycom RealPresence DMA System..................................... 91Create Local System Administrator Account.....................................................................91License the System...........................................................................................................92

Contents

Polycom, Inc. 2

Configure Signaling...........................................................................................................92

Security Deployment Procedures DMA..........................................................94The Consequences of Enabling Maximum Security Mode............................................... 94

Enabling File Uploads in Maximum Security with Mozilla Firefox.......................... 96Intrusion Detection Systems............................................................................................. 96

HIDS.......................................................................................................................96NIDS.......................................................................................................................96

Install Security Certificates and Enable OCSP................................................................. 97Configure Secure SIP or AS-SIP Connections................................................................. 97

Integrate the DMA System With a Local Session Controller (LSC)........................98Configure Default AS-SIP Resource Priority Values for Dial-Out Conferencing.... 99Configure Encryption for Conference Templates....................................................99Enable Secure Inbound SIP or AS-SIP VMR Connections.................................... 99Configure VMRs for Users................................................................................... 100

Set Security Configuration to Maximum Security............................................................100To Switch to Maximum Security Mode................................................................. 100To Manually Change the BIOS Password on a Polycom RealPresence DMA

Server..............................................................................................................101Review and Modify (If Necessary) Security-Related Settings.........................................101Integrate with Active Directory........................................................................................ 102Add Polycom MCUs to the System................................................................................. 103Verify System Functionality............................................................................................. 103Enable User Certificate Validation...................................................................................103

First Time Installation RealPresence Collaboration Server....................... 105Workstation Requirements for RMX Web Client and RMX Manager..............................105

Windows 7™ Security Settings.............................................................................106Virtual Edition Installation................................................................................................107Installing the RMX Manager Software.............................................................................108

Download and Install the RMX Manager through Polycom Support.................... 108Download and Install RMX Manager from the System Web Interface................. 108

Fast Configuration Wizard...............................................................................................108Configure the Default IP Network Service............................................................109Configure Security Settings.................................................................................. 118Configure the ISDN/PSTN Network Service........................................................ 120Set the RMX Time................................................................................................ 129Configure System Settings...................................................................................130Reset the System................................................................................................. 133Change IP Network Server from IPv4 to IPv6...................................................... 134

Licensing Your System with an Activation Key................................................................135

Contents

Polycom, Inc. 3

Obtain the Activation Key..................................................................................... 135

Security Deployment Procedures RealPresence Collaboration Server....136Configure Soft MCU for WebRTC................................................................................... 136Configuring Certificates on the RealPresence Collaboration Server.............................. 138

Generate a Certificate Request............................................................................138Request a Certificate............................................................................................140Install Certificates................................................................................................. 142

Configure System Flag....................................................................................................143Define Recording Links from RealPresence Collaboration Server................................. 147

Certificates......................................................................................................151RealPresence Clariti License.......................................................................................... 151

Contents

Polycom, Inc. 4

Before You BeginTopics:

▪ Document Change History

▪ Conditions Of Fielding

Document Change HistoryThis information is required for listing on the US Department of Defence (DoD) Department of DefenseInformation Network (DoDIN) Approved Products List (APL):

Doc Version Build Number Release Date Description

1.0 8.1.4J January 2014 Initial Certification

2.0 8.3.0J May, 2015 Vulnerability fixes

3.0 8.4.2J July, 2015 Vulnerability fixes, andimproved interoperability

4.0 8.6 August, 2015 Adds RealPresenceCollaboration Server(RMX) 1800, MRMRxmedia cards, andimproved interoperability

5.0 8.8.0 June, 2019 Rebrand Product toRealPresence Clariti, addVirtual Platforms ofproducts, Vulnerabilityfixes, and improvedinteroperability

Conditions Of FieldingThe 39 findings shown below were fully mitigated by RAE and other noted Conditions of Fielding. Whenthe system is deployed into an operational environment, the following security measures (at a minimum)must be implemented to ensure an acceptable level of risk for the sites’ Designated Approving Authority:

1. The system must be incorporated in the site’s PKI. If PKI is not incorporated, the following findingswill be included in the site’s architecture:

▪ APP3305, CAT I (x5), RPCS Rel. 8.8.0 (RPCS 1500, RPCS 1800, RPCS 2000, RPCS 4000)and DMA Rel. 6.4.1 (DMA 7000)

▪ APP3280, CAT II (x5), RPCS Rel. 8.8.0 (RPCS 1500, RPCS 1800, RPCS 2000, RPCS4000) and DMA Rel. 6.4.1 (DMA 7000)

Polycom, Inc. 5



▪ DSN13.17, CAT II (x4), RPCS 1500, RPCS 1800, RPCS 2000, and RPCS 4000▪ NET0445, CAT II (x5), RPCS 1500, RPCS 1800, RPCS 2000, RPCS 4000 and DMA 7000

2. The system must be integrated into the site’s AD environment for authentication and authorizationrequirements.

▪ APP3390, CAT I (x5), RPCS Rel. 8.8.0 (RPCS 1500, RPCS 1800, RPCS 2000, RPCS 4000)and DMA Rel. 6.4.1 (DMA 7000)


3. The site must use a STIG-compliant, PK-enabled workstation for management of the solution.

4. The configuration must be in compliance with the Polycom Clariti Rel. Various military-uniquefeatures deployment guide.

5. The site must register the system in the Systems Networks Approval Process Database <https://snap.dod.mil/index.cfm> as directed by the DoD Security Accreditation Working Group andProgram Management Office.

Before You Begin

Polycom, Inc. 6

Polycom® RealPresence Clariti™ SolutionOverviewTopics:

▪ RealPresence Clariti Solution Architecture

▪ RealPresence Clariti Solution Components

▪ Preparing for System Installation

Polycom® RealPresence Clariti™ is a complete infrastructure solution that you can install, license, anddeploy with ease. From standard video conferencing and collaboration components to add-ons likeadvanced analytics and video content management, the RealPresence Clariti solution provides you theflexibility to select implementation options based on your needs.

RealPresence Clariti includes:

▪ Desktop and mobile clients and soft endpoint management▪ Content sharing and real-time collaboration accessible through a web browser▪ Video, audio, and content bridging for H.323, SIP, and WebRTC calls up to 1080p▪ An H.323/SIP video call control engine for simplified dial plans, automated VMR creation, bridge

visualization, and UC integrations▪ A video firewall edge application providing H.323/SIP dialing and registration for remote workers

and business to business (B2B), and business to customer (B2C) user scenarios▪ Automated scheduling, provisioning, and monitoring of software, and hardware-based video

conferencing and Polycom voice solutions▪ Video recording and streaming with a free trial of Polycom® RealPresence® Media Suite, which

transforms any workspace into a media studio▪ Powerful analytics that monitor performance, capacity, and utilization to improve user experiences,

drive higher adoption, and empower decision making▪ Traditional video conferencing network integration with the Microsoft Skype for Business

environment, which enables users to join a meeting directly from their Skype for Business client

RealPresence Clariti Solution ArchitectureThe RealPresence Clariti solution incorporates a full suite of endpoints, infrastructure components, andcentralized management tools. The following figures show the RealPresence Clariti solution referencearchitecture.

Polycom, Inc. 7

Figure 1: RealPresence Clariti Advanced Architecture

RealPresence Clariti Solution ComponentsThis section describes the system components that are used in the RealPresence Clariti solution.

Polycom® RealPresence® DMAThe Polycom® RealPresence® DMA system is a network-based application that manages and distributesmultipoint video calls within an organization and intelligently distributes multipoint calls across networkedconference platforms. The RealPresence DMA system provides call control for SIP and H.323 devicesand serves as an H.323 Gatekeeper/SIP Registrar for up to 75,000 devices and 64 bridges based on yourlicense.

The RealPresence DMA system provides endpoint registration, call processing, and call admissioncontrol. Call control design considerations include the dial plan, endpoint addressing, call admissioncontrol, external connectivity, and general trunking requirements.

Polycom® RealPresence Clariti™ Solution Overview

Polycom, Inc. 8

Polycom® RealPresence® Collaboration ServerThe Polycom® RealPresence® Collaboration Server solution delivers a multiprotocol hardware- orsoftware-based MCU that runs on an industry-standard (x86-type) server.

The RealPresence Collaboration Server solution provides the following features:

▪ Universal bridging capabilities for seamless connectivity regardless of device, or protocol▪ Call at any data rate or bandwidth with support for resolutions up to 1080p 60, fully transcoded▪ Support for the latest technologies, including H.264 High Profile for optimal resource utilization▪ Support for point-to-point calls with integrated dial-through gateway capabilities (ISDN, SIP, and H.

323)

Polycom® RealPresence® Resource ManagerThe Polycom® RealPresence® Resource Manager system is an integrated scheduling and managementplatform for endpoints and video conferencing infrastructure management. In particular, it functions as themanagement and licensing platform for Polycom® RealPresence Clariti™. It also includes a rich suite ofAPIs for customized integration into the video network. With a Linux operating system, multitenantpartitioning, and the ability to scale to 50,000 managed mobile, desktop, and Polycom® RealPresence®

Group Series video devices, you can confidently deploy and manage your video network withRealPresence Resource Manager applications.

The RealPresence Resource Manager system provides the following features:

▪ Ability to scale to 50,000 devices to manage H.323 and SIP supported endpoints, bridges, andrecording servers

▪ Easy administration through comprehensive device monitoring, provisioning, management, andsoftware revision control

▪ Directories and presence engines that provide simplified dialing▪ An API suite for direct integrations into your key applications and systems▪ Multitenant support for cloud-based hosting▪ Scheduling options through the browser-based user interface or APIs for a application

Polycom® RealPresence® DMA EdgeThe Polycom® RealPresence® DMA Edge system provides secure video collaboration from anywhere,supporting SIP and H.323 devices. Users can connect their devices and mobile clients simply and easily,reducing the cost to support the growing number of video-enabled workers in your organization withoutcompromising network security.

The RealPresence DMA Edge system provides the following features:

▪ An application that combines remote and B2B calling scenarios with SIP, H.323, and HTTPtunneling capabilities, enabling a seamless video collaboration experience within and beyond thefirewall

▪ Collaboration over video while on the go, in the office, or from home▪ Support for up to 1000 simultaneous video calls securely without requiring additional client

hardware or software▪ Leverage of existing investments in UC products and IT infrastructure, which enable you to build

towards a SIP-based future▪ Easy, secure, and reliable extension of video collaboration to your mobile workforce


Polycom, Inc. 9

Components of Polycom Video ArchitectureThe RealPresence Clariti solution includes the following components:

The RealPresence Clariti Solution Components

Module Component Description

Call Control RealPresence DMA Provides endpoint registration, callprocessing, and media resourcemanagement

Conferencing RealPresence Collaboration Server Provides audio and videoconferencing resources

Management Applications RealPresence Resource Manager Manages client and serverapplication

Recording HARMAN Media Suite Provides Recording, Playback, andStreaming capabilities

Collaboration Edge RealPresence DMA Edge

RealPresence Web Suite

Enables firewall traversal

Enables B2B/B2C collaboration viabrowser or standard-basedendpoints

Content Sharing Soft Blade

Polycom ContentConnect

Soft Blade provides content sharingfunction in DMA VMR calls

Polycom ContentConnect enhancesthe conferencing experiencebetween Microsoft Skype forBusiness and video endpoints thatreceive content from RealPresenceCollaboration Server (RMX)

Endpoints RealPresence Mobile andRealPresence Desktop

Desktop and mobile endpoints

Endpoints RealPresence Group Series,Polycom HDX, Polycom Trio, andRealPresence Debut

Room endpoints

Endpoints Polycom VVX and Polycom TrioVisual+

Desktop phone

Preparing for System InstallationComplete the following tasks to ensure a smooth installation.

Assign IP AddressesAllocate static IP addresses at the data center for different servers.


Polycom, Inc. 10

IP and Hostname for Each Component in DNSThe following is an example of the network plan for the RealPresence Clariti Solution:

Product FQDN Internal IP Address

RealPresence Resource Manager rprm.mycompany.com 192.0.2.2

RealPresence DMA dma.mycompany.com 192.0.2.7

RealPresence Collaboration Server rpcs.mycompany.com 192.0.2.3

RealPresence DMA Edge dmaedge.mycompany.com 172.16.0.1

External IP: 172.16.0.6

Public IP: 1.2.3.4

DNS dns.mycompany.com 192.0.2.1

Gateway - 192.0.2.254

NFS - 192.0.2.12

NTP time.google.com -


Polycom, Inc. 11

First-Time Setup WorksheetsTopics:

▪ Complete the First Time Setup Worksheet

• Complete the First-Time Setup Worksheet

• Complete the First-Time Setup Worksheet

Complete the First Time Setup WorksheetBefore you begin install and system setup, fill out the My System Values column of this worksheet.

ItemMy SystemValues

Factory-SetDefault Values Description

System Network Settings (from Admin > Server Settings > Network)

System Name PLCM_RPRM System name of the system.

Can be up to 32 characters long; dashesand underscores are valid characters.

DSCP Marker Allows the administrator to configure theQuality of Service level of the

Set the level between 0 - 63.

IPv6 Address IPv6 global address.

IPv6 Prefix length Within IPv6 networks, the prefix length isthe equivalent of the subnet mask in IPv4networks. Should be 1-128.

IPv6 Default Gateway The IPv6 address of the gateway server/router. For IPv6 networks only.

IPv6 Link Local Address Read-only field. The system generates avalue for this field when IPv6 is enabled.

IPv4 Address 192.168.200.11 Static, physical IP address for the systemserver on an IPv4 network.

192.168.200.11 is the default value thatneeds to be changed according to yourown network.

IPv4 Subnet Mask 255.255.255.0 Network subnet mask of the systemserver. For IPv4 networks only.

Polycom, Inc. 12

ItemMy SystemValues


IPv4 Default Gateway 192.168.200.1 IP address of the gateway server/router.For IPv4 networks only.

192.168.200.1 is the default value. Youneed to change this to match the gatewayIP for your network.

DNS Domain This is the DNS domain name suffix forthe network in which the domain nameserver and the system server reside. Forexample polycom.com, not the fullyqualified path of<hostname>.polycom.com.

Preferred DNS Server IP address of the domain name server.

Alternate DNS Server IP address of an alternate domain nameserver. The alternate IP address can doesnot have to match the network type of thepreferred server. For example, thepreferred DNS server can be IPv4, whilethe alternate DNS server can be IPv6.

Enable 802.1.x

Disabled Enable 802.1.x if your network requiresthis type of authentication. 802.1.x iscommonly required in maximum securityenvironments.

User Name The user name for the 802.1.x account.

Password The password for the 802.1.x account

Confirm Password Confirm the password for the 802.1 xaccount.

Key Management Protocol Select the appropriate Key ManagementProtocol for your environment.

EAP Method Select the appropriate EAP Method foryour environment.

Phase2 Protocol Select the appropriate Phase2 Protocolfor your environment.

System Time Information (from Admin > Server Settings > System Time)

System Time Zone

Current Date

Current Time

First-Time Setup Worksheets

Polycom, Inc. 13

ItemMy SystemValues


External NTP Server For Appliance Editions, IP address ofexternal NTP time server (optional).

For Virtual Editions, the value for NTPserver is inherited from the RealPresencePlatform Director system.

Information Required for Polycom Customer Support (from Admin > Server Settings > Licenses)

Serial number

License number

Complete the First-Time Setup WorksheetThe first-time setup wizard helps you set up the initial configuration of your RealPresence CollaborationServer (RMX).

Before you begin installation and system setup, fill out the My System Values column of this worksheet.

Item

MySystemValues

Factory-SetDefault Values

Description

ControlUnit IPAddress

192.168.1.254 Enables communication between the RealPresence CollaborationServer and the RMX Web Client, and is used to manage the MCU.

DHCP is not supported for the Control Unit IP Address.

ShelfManagement IPAddress

192.168.1.252 This is not applicable to RealPresence Collaboration Server 1800.

SignalingHost IPaddress

Configures and manages communications between theRealPresence Collaboration Server and conferencing devices.

The IP is configured through Fast Configuration Wizard.

This is required for RealPresence Collaboration Server 2000/4000systems only.

For RealPresence Collaboration Server 1800, this IP is the same asthe Media Card IP Address and defined by the Media Card IPaddress.

MediaCard 1 IPAddress

This is mandatory for RealPresence Collaboration Server 1800systems.

This is optional for RealPresence Collaboration Server 2000/4000systems.


Polycom, Inc. 14

Item

MySystemValues

Factory-SetDefault Values

Description


This is optional to RealPresence Collaboration Server 2000/4000systems.

This is not applicable for RealPresence Collaboration Server 1800system.


This is optional to RealPresence Collaboration Server 4000 systems.

This is not applicable for RealPresence Collaboration Server1800/2000 systems.


This is optional to RealPresence Collaboration Server 4000 systems.

This is not applicable for RealPresence Collaboration Server1800/2000 systems.

ControlUnitSubnetMask

255.255.255.0

DefaultRouter IPAddress

192.168.1.1

Gatekeeper IPaddress

This is optional for all RealPresence Collaboration Servers.

DNS IPaddress


SIPServer IPaddress


Complete the First-Time Setup WorksheetBefore you begin system setup, fill out the applicable fields in the My System Values column of thefollowing worksheet.

Network configuration of an appliance (hardware-based) system involves options and settings notrelevant in a virtual deployment, including dual-server configuration and split management and signalingnetworks. Although those settings are present in the Network Settings page of the system's web-baseduser interface, they must not be used in a virtual deployment. They are clearly identified in the followingworksheet.


Polycom, Inc. 15

First-Time Setup Worksheet

ConfigurationInformation My System Values Description

System IP type Specify whether the system should support IPv4,IPv6, or both. If both, complete all the IP addressinformation below. If only IPv4 or IPv6, completeonly the corresponding fields below.

System serverconfiguration

Specify whether you are installing a single-server system or a two-server system. For asingle-server system, the Server 2 section belowis not used.

If you received two servers, determine whetheryou're setting up a co-located two-server clusteror two separate single-server systems.

System split networksetting

Specify whether to combine or split the system'smanagement and signaling interfaces. If thesame network will be used for both management(administrative access) and signaling, thesignaling IP addresses and Shared SignalingNetwork Settings section below are not used.

Caution: Choose split networking only if you need to restrict access to themanagement interface and SNMP to users on an isolated non-public network separatefrom the enterprise network. Typically, this is the case only in high-securityenvironments.

In most network environments, users accessing the management interface are on thesame enterprise network as endpoints and other devices communicating with thesystem, and they use the same physical and virtual IP addresses and the same networkinterface.

To split the network configuration, you must use different gateways and subnets formanagement and signaling, and separate physical connections for the managementand signaling networks.

If management and signaling traffic are combined on the same network (subnet), bothuse the same physical and virtual IP addresses and the same network interface.

If you are not sure whether split networking is appropriate, possible, or necessary forthis installation, consult the appropriate IT staff or network administrator for yourorganization.

Server 1


Polycom, Inc. 16


Management hostname

Local host name of the server's managementinterface.

Host names may contain only letters, numbers,and internal dashes (hyphens), and may notinclude a domain.

The host name is combined with the domainname specified under General System NetworkSettings to form the fully qualified domain name(FQDN).

Management IPv4 Static, physical IP address(es) for the first (oronly) server's management (or combined)interface.Management IPv6

Signaling IPv4 Static, physical IP address(es) for the first (oronly) server's signaling interface (if networking issplit).Signaling IPv6

Server 2

Host name Local host name of the second server'smanagement (or combined) interface.



IPv4 Static, physical IP address(es) for the secondserver's management (or combined) interface.

IPv6

Signaling IPv4 Static, physical IP address(es) for the secondserver's signaling interface (if networking issplit).Signaling IPv6

Shared Management Network Settings In the combined network configuration, usersaccessing the management interface are on thesame network as endpoints and other devicescommunicating with the system, and thesesettings are used for both management andsignaling.


Polycom, Inc. 17


Virtual host name For a two-server system or a single-serversystem in IPv6-only mode, the local host nameof the virtual management host. Not used for asingle-server system with IPv4 enabled.



Virtual IPv4 For a single-server system in IPv6 only mode,the IP address(es) of the virtual managementhost. Not used for a single-server system withIPv4 enabled.

Virtual IPv6

IPv4 prefix length IPv4 network mask that defines the subnetworkof the system's management interface.

IPv6 prefix length IPv6 CIDR (Classless Inter-Domain Routing)prefix size value (the number of leading 1 bits inthe routing prefix mask) that defines thesubnetwork of the system's managementinterface.

IPv4 gateway IP address of the gateway server used to routenetwork traffic outside the subnet.

Management Link The name of the network interface that will beused for management access.

Signaling Link The name of the network interface that will beused for signaling access.

Auto-negotiation Yes or no. If no, indicate speed and full or halfduplex.

Note: Auto-negotiation is required if yournetwork is 1000Base-T.

LAN Security Settings These settings are not used for Virtual Editiondeployments.

Caution: In a network that requires 802.1xauthentication for servers (this is rarely thecase), incorrect settings in this section and, ifapplicable, lack of the proper certificate(s) canmake the system unreachable. Recovering fromthis situation requires connecting a laptop to thesystem using a crossover cable in order toaccess it.


Polycom, Inc. 18


Enable 802.1x Enables the system to authenticate this networkinterface to the LAN. Depending on theauthentication method, the access credentialsrequired may be either a user name andpassword (specified below) or a securitycertificate.

If you are deploying a Virtual Edition system, donot select Enable 802.1x.

User name The user name with which the system mayauthenticate this interface.

Password

Confirm password

The password for the user name entered above.

EAP Method The Extensible Authentication Protocol methodused to establish trust with the authenticationserver (this is also known as the outerauthentication protocol).

Protocol When a TLS tunnel is established with theauthentication server, the protocol used withinthe tunnel (this is also known as the innerauthentication protocol).

Shared Signaling Network Settings The settings in this section are enabled only ifmanagement and signaling traffic are onseparate networks. If so, they apply to the entiresystem (both servers in two-serverconfiguration).

For a one-server configuration, the virtual hostname and IP fields are disabled.

General System Network Settings

DNS search domains One or more fully qualified domain names,separated by commas or spaces. The systemdomain you enter below is added automatically,so you need not enter it.


Polycom, Inc. 19


DNS 1 IPaddresses of up to three domain nameservers. At least one DNS server is required.

Your system must be accessible by its hostname(s), not just its IP address(es), so you (oryour DNS administrator) must create A and/orAAAA records for IPv4 and IPv6, respectively, aswell as the corresponding PTR records, on yourDNS server(s). A/AAAA records and PTRrecords that map each physical host name to thecorresponding physical IP address and eachvirtual host name to the corresponding virtual IPaddress are mandatory, as are thecorresponding PTR records that allow reverseDNS resolution of the system's physical or virtualhost name(s).

DNS 2

DNS 3

Domain The domain for the system. This is combinedwith the host name to form the fully qualifieddomain name (FQDN). For instance:

Host name: dma1Domain: callservers.example.comFQDN: dma1.callservers.example.com

Signaling DSCP The Differentiated Services Code Point value (0- 63) to put in the DS field of IP packet headerson outbound packets associated with signalingtraffic.

The DSCP value is used to classify packets forquality of service (QoS) purposes. If you're notsure what value to use, leave the default of 0.

Management DSCP The Differentiated Services Code Point value (0- 63) to put in the DS field of IP packet headerson outbound packets associated withmanagement traffic.

The DSCP value is used to classify packets forquality of service (QoS) purposes. If you're notsure what value to use, leave the default of 0.

Default IPv6 gateway The IPv6 gateway's address, specified as:

<IPv6_address>

Default IPv4 gateway The IPv4 gateway address.

System Time

In Virtual Edition deployments, some of theSystem Time settings are automaticallyconfigured as part of the installation process.


Polycom, Inc. 20


Time zone Time zone in which the system is located. Westrongly recommend selecting the time zone of aspecific geographic location (such as America/Denver), not one of the generic GMT offsets(such as GMT+7).

If you do use a generic GMT offset (for instance,to prevent automatic daylight saving timeadjustments), note that they use the Linux/Posixconvention of specifying how many hours aheadof or behind local time GMT is. Thus, the genericequivalent of America/Denver (UTC-07:00) isGMT+07, not GMT-07.

NTP server #1 IP address of the primary NTP time server. Useof time servers is strongly recommended. All thedevices in your video conferencing deploymentshould use the same time servers to avoidpotential problems caused by time differencesamong devices.

NTP server #2 IP address of a second NTP time server(optional, but strongly recommended).

NTP server #3 IP address of a third NTP time server (optional,but strongly recommended).

Routing Configuration Special routing rules are generally not needed.

If a static network route is needed, enter thevalues for the following fields.

If you are not sure if you need a static networkroute, consult the appropriate IT staff or networkadministrator for your organization.

Host/network The IP address of the destination network hostor segment.

Prefix length The CIDR (Classless Inter-Domain Routing)value that, together with the destination host/network address, defines the subnet for thisroute.

For IPv4, a prefix length of 24 is equivalent tospecifying a subnet mask of 255.255.255.0. Aprefix length of 16 is equivalent to specifying asubnet mask of 255.255.0.0.

Interface Specify the interface for this route.

Via IP address of the next hop.


Polycom, Inc. 21

RealPresence Clariti Solution SoftwareInstallation and Network Configuration

Before configuring the RealPresence Clariti solution, make sure that you complete the softwareinstallation, license allocation, and network configuration for all RealPresence Clariti components andproperly deploy Skype for Business.

This guide does not provide full administration or maintenance procedures for Skype for Business. For fulladministrative procedures, see Skype for Business Server 2015 on Microsoft TechNet.

This document assumes that administrators have knowledge of the following systems, that these systemsare already deployed, and that Microsoft administrators are available to assist administrators of thePolycom UC solution:

▪ Microsoft Active Directory▪ Microsoft Exchange Server▪ Domain name servers▪ Microsoft Domain accounts▪ Skype for Business Server components and Skype for Business Server 2015 Management Shell.▪ Components of the Polycom RealPresence Clariti solution. You can access Polycom product

documentation and software at Polycom Support.

Polycom, Inc. 22

https://technet.microsoft.com/en-us/library/gg398616.aspx

https://technet.microsoft.com/en-us/library/gg398474.aspx

http://support.polycom.com/PolycomService/home/home.htm

First Time Installation ResourceManagerTopics:

• Preparing for System Installation

▪ Virtual Edition Installation

• Initial Configuration

Preparing for System InstallationComplete certain preparation tasks before you install and configure a system.

Set up DNS Host and Service RecordsBefore installing a system, you should consider configuring your DNS servers to:

• Resolve queries for the system by host name.

DNS Host RecordTo allow your DNS servers to resolve queries for the system by host name, you must enter a DNS hostrecord in your DNS file. The format of this record depends on the format of your network addressing.

• If you use IPv4 addressing, enter a DNS A record in the required format.• If you use IPv6 addressing, enter a DNS AAAA record in the required format.

To allow your DNS servers to resolve queries for the system by reverse lookup, you must enter a DNSpointer (PTR) record in your DNS file.

Request CertificatesIf you are using certificates, you should use the same certificates that you used for the initial installation ofthe system. If that information is not available, use the information below to set them up.

Certificates and certificate chains are a security technology that allows networked computers to determinewhether to trust each other.

By default, to support encrypted communications and establish a minimal level of trust, the systemincludes a default key and self-signed certificate. However, to implement a full certificate chain to a rootcertificate authority (CA), the system requires a root CA certificate, an identity server certificate signed bythe root signing CA and a Sub CA certificate. Therefore, at some time you must request these certificatesfrom your CA.

You can install the root CA and intermediate certificates during first time setup or return to this task at alater time. However, with regard to the identity server certificate you have two options:

• The system First Time Setup Wizard supports the function of creating a certificate signing request(CSR). Therefore, you may choose to create the CSR for the identity server certificate during firsttime setup and suspend the process while you wait for your CA to provide the certificate.

Polycom, Inc. 23

• You can also request the identity server certificate in advance of first time setup, but to do this youmust have extensive knowledge of certificates, certificate templates, and CSR structures.

Pre-stage a Computer AccountTo enable the Use Single Signon option, which allows endpoint users who are included in the ActiveDirectory to securely log into their dynamically- managed endpoints without typing in credentials, anActive Directory administrator must first pre-stage an Active Directory computer account for the system.

This procedure can be done at any time before running first time setup.

Procedure1. On the Active Directory system, use the Microsoft Active Directory Users and Computers MMC

snap-in to create a computer account for the system.

Create the computer account in any desired organizational unit (OU). The computer accountobject must have Reset Password and Write Account Restrictions permissions.

For more information on the Active Directory Users and Computers MMC snap-in, seeMicrosoft Technet.

2. From a command window on the Domain Controller, type:net user <computer account name>$ <Password>/domainWhere computer account name is the name of the computer account created in step 1,Password>is the desired password, and /domain is literally /domain (i.e., do not substitute with adomain name). For more information on the net user command, see the Microsoft KnowledgeBase.

You have now created a computer account that you can use for integrated Windowsauthentication.

Prepare Client SystemsTo log into the system, you need a client system running Microsoft® Windows® with the following hardwareand software:

• Hardware◦ 1024x768 (SXGA) minimum display resolution; 1400x1080 (WSXGA+) or greater

recommended◦ USB and Ethernet ports (Appliance Edition only)

• Software◦ Browser: Microsoft Internet Explorer® version 11 or higher, or Google Chrome™

◦ If you will be using the USB Configuration Utility, please ensure that your Windows client hasJRE 1.8 or higher installed

Virtual Edition InstallationBefore you install the system in your environment, review the and ensure that your host machine has thecapacity for your planned Virtual Edition deployment. In addition, ensure that it meets the host guidelinesrecommended by Polycom.

First Time Installation Resource Manager

Polycom, Inc. 24

Host Installation Guidelines for Virtual EditionsBefore deploying your Polycom RealPresence Virtual Edition software, review the following planningguidelines for your deployment. Unless otherwise noted, use these guidelines for all Polycom VirtualEditions.

Polycom recommends that a virtual environment administrator install the Virtual Edition software. After theinstallation of a Virtual Edition, additional configuration should be completed by someone whounderstands video conferencing.

CPU Allocation▪ Leave 2 cores unallocated, regardless of the number of cores present, how many licenses are

purchased, and what other virtual machines will be present.▪ For VMware, do not allocate CPU core 0. Host operating system performance may be affected if

this core is assigned to the virtual machine.▪ When possible, allocate cores on one CPU. This will enhance performance by reducing CPU-to-

CPU communication times.▪ Do not use processor oversubscription; maintain a 2:1 ratio of virtual CPU to physical CPU. For

example, a system with 8 physical cores can support up to 16 virtual processors divided up into anycombination among the virtual machines running on that host.

▪ When you are using Hyper-V, Polycom recommends disabling the Virtual Machine Queue of theNetwork Interface Card (NIC). For more information, see https://support.microsoft.com/en-us/kb/2902166

Note: CPU reservations can only be done after shutting down the virtual machine.

Memory AllocationIn a Microsoft Hyper-V environment, you must not overprovision memory at the hypervisor layer. Dynamicmemory for virtual machines is not supported.

DiskHypervisors add overhead to disk operations. For best performance, ensure that the virtual machine isable to achieve the recommended IOPS listed in the following table.

Disk Requirements

Lab Environment Production Environment

Disk Performance 170 Random IOPS (write) 170Random IOPS (read)

230 Random IOPS (write) 450Random IOPS (read)

Network 1GB Shared 1GB Dedicated 10GB Shared

Capacity information such as storage space and memory varies according to Virtual Edition. Please seerelease notes for your RealPresence Virtual Edition software for the minimum capacity requirements foryour product.

Install the Virtual Edition SoftwareInstall the , Virtual Edition, using your virtual environment tools.


Polycom, Inc. 25

Note: If installing a Hyper-V version, you must use the Copy option.

Procedure1. Refer to the documentation for your virtual environment tools for instructions on installing a virtual

instance.2. Install an instance of the , Virtual Edition.

Assign a Static IP AddressThe system requires a static IP address for your system’s instance. If your VM environment is not usingDHCP, you must assign a static IP with the console before continuing to configure your system. If yourVM environment has a DHCP server, it will assign an IP address to the instance. You can then assign astatic IP using the console or assign the static IP from the system’s web interface during initialconfiguration.

Procedure1. Power on the newly-installed VM.2. Access the console.3. Click in the console window, press Enter if necessary to see the login prompt, and log in with user

ID polycom and password polycom.

A shell interface appears that enables you to configure the network.4. Choose the network option and follow the prompts to configure the initial network settings.

The system reboots.5. Press CTRL + ALT to release the cursor from the console.

Then close the console window.

Log In to the System, Virtual EditionYou need to log on to your to the , Virtual Edition system to continue system setup.

Procedure1. Be sure the system is powered on and running.2. Open a browser and enter the system IP address in the address bar.

https://<staticipaddress>:8443/index.html3. When the system login screen appears, if necessary select a different Language.4. Enter the administrator Username and Password.

The factory default is admin/Polycom12#$.5. Continue to Complete the First-time Setup Wizard on page 27.

Initial ConfigurationWhen you log into a system that has not been configured, the First Time Setup Wizard automaticallysteps you through a series of ordered configuration pages. You cannot use the system until you'vecompleted the steps in the first time setup.


Polycom, Inc. 26

Note: Appliance Edition Network Connectivity

You perform the first time setup of the, Appliance Edition, system when it is not yet on thecorporate network. This means you need to manually verify that the network addresses youare using for services such as an NTP, DNS, or OCSP are correct.

The system cannot check these addresses until placed on the network. If these networksettings are entered incorrectly, the system may not start properly or be unreachable.

Note that changing configuration settings on some pages of the First Time Setup Wizard, such as theSystem Information page, will cause the system to reboot. When you log into a system after one ofthese reboots, the next page in the ordered configuration pages appears.

Complete the First-time Setup WizardThe first-time setup wizard helps you set up the initial configuration of your system. For otherconfigurations you may need, see the Polycom RealPresence Resource Manager Operations Guide.

Procedure1. Navigate to the URL of the system:

https://<ipaddress>:8443/index.html2. When the system login screen appears, select a different Languageif necessary .3. Enter the administrator Username and Password.

The factory default is admin/Polycom12#$.4. Click Login.

Because the system has not previously been configured, the Licensing page of the setup wizardappears.

5. Read the end-user license agreement (EULA).

Please note that the EULA includes important definitions and usage limitations that will apply toyour installation.

6. To accept the EULA terms and conditions, click Accept.7. When the Change Administrator Password page appears, enter the Old Password.8. For the New Password, enter a new password with a length of at least 10 characters.9. Confirm the New Password and click Next.

You are logged off.10. Log in again with the password you set in 8 on page 27.11. Choose the Network Settings page and enter the information recorded in Complete the First

Time Setup Worksheet on page 12.The system reboots and you need to log in again.

12. Configure these settings on the System Time page, as necessary.

Field Description

System Time Zone The time zone in which the system server resides.


Polycom, Inc. 27

Field Description

Use Current Time Select this check box to input the current date and time.

Even if you plan to use an NTP server, you should set the proper time during the first-timesetup to ensure certificate creation works reliably.

Current Date The system date for the system.

Current Time The system time for the system.

Use External NTPServer TimeSynchronization

(Recommended) Select this check box to synchronize the system date and time with anexternal NTP server.

Do this ONLY after you have first manually set the local system time.

IP address or DNSresolved namesseparated byspaces

The IP address or FQDN (ASCII only) of the NTP servers.

Note: If you set the system to use an external NTP server without first setting the currentdate and time, the system time may be wrong until the system’s first synchronization.

13. If you have changed the RealPresence Resource Manager system name, you can generate a newself-signed certificate.

14. Integrate the system with an enterprise Active Directory server so that users can includeenterprise groups, users, and rooms in their conferences.

a. On the Enterprise Directory page, select Integrate with Enterprise Directory Server.

b. To have the system auto-discover the server by querying DNS, enable Auto-discover inthe Enterprise Directory Server DNS Name section; otherwise, enter the DNS Name forthe enterprise directory server.

15. As needed, configure the following settings:

Setting Description

Domain\EnterpriseDirectory User ID

Domain and enterprise directory user ID for an account that the system can use to accessthe enterprise directory server and retrieve group, user, and room information. This is theaccount created when you completed Pre-stage a Computer Account on page 24.

This user ID must have read permissions so it can search the entire forest on theenterprise directory server.

This user ID is automatically associated with the system administrator role—by default it isthe ONLY enterprise directory user ID with this role.

Enterprise DirectoryUser Password

The password for the enterprise directory user account


Polycom, Inc. 28

Setting Description

Security Level The level of security on the connection between the RealPresence Resource Managersystem and the enterprise directory server. Possible values include:

• Plain—No security on the connection.

• LDAPS—The connection is secured over outbound port 3269 using LDAP-S in amanner similar to https.

If the Domain Controller: LDAP Server signing requirements setting on the ActiveDirectory server is set to Require Signing, then you must use LDAPS to secure theconnection.

• StartTLS—The connection is secured over outbound port 3268 (the same port asPlain), but it then negotiates security once the socket is opened. Some LDAP serversreject any unsecured transactions, so the first command is the StartTLS negotiationcommand.

Ignore DisabledEnterprise DirectoryUsers

Enable the check box to have the system ignore disabled enterprise users in its queries.

Enterprise DirectoryExclusion Filter

If necessary and you understand the filter syntax, specify other types of user accounts toexclude. Don’t edit these expressions unless you understand LDAP filter syntax.

Enterprise DirectorySearch BaseDN

If necessary and you understand the filter syntax, specify the top level of the enterprisedirectory tree (referred to as the base DN) to search. Don’t edit these expressions unlessyou understand the filter syntax.

16. Integrate the system with an Active Directory domain controller for single sign-on (SSO)authentication:

a. On the Enterprise Directory page, select Allow Delegated Authentication to EnterpriseDirectory Server.The system can automatically discover the closest logical domain controller and ActiveDirectory servers, but to do so the network DNS server must have a DNS SRV record forthese servers.

b. If your network DNS server has a DNS SRV record for the domain controller, in theDomain controller name section enable Auto-discover; otherwise, enter the FullyQualified Host Name of the domain controller (for example, dc1.mydomain.com).

The prestaged computer account must be within this domain as well.

c. In the Computer Account Credentials section, enter the Domain\Computer Name andPassword for the prestaged computer account created in step Pre-stage a ComputerAccount on page 24.

17. On the Directory Setup page, complete the following tasks:

a. To allow non-LDAP directory protocols, enable the Allow non-LDAP directoryprotocolscheck box.

b. To exclude users with dynamically managed endpoints from Global Address Book, clearthe Include dynamically-managed devices in the Global Address Book check box.

c. To exclude guest book entries from the enterprise directory, clear the Show Guestbookentries in the Directory check box.


Polycom, Inc. 29

d. To allow local user directories to include endpoint directory information, enable the Allowendpoint directories for local users to include enterprise directory user and groupinformation check box.

You can allow local users to access enterprise directory entries when the RealPresenceResource Manager system is integrated with an enterprise directory.

e. If your video network includes LifeSize endpoints, enable the Modify directory listings forLifeSize® endpoint support check box.

18. Click Next.The system displays the message that you have completed the first time setup. You have theoption of logging out of the system or being redirected to the system Dashboard.

19. Click Next to go to the system Dashboard.

Enabling the License Server for Licenses for the RealPresence® Clariti™ systems must be activated and validated before you can use tomanage your RealPresence® Clariti™ products (including the system).

Create a License Server in the Polycom Licensing CenterWhen your organization purchased licensing for , Polycom sent an email containing a URL and logincredentials for the Polycom Licensing Center. Use that information to log into the Polycom LicensingCenter, set up as a license server, and manage your Polycom RealPresence licenses.

Note: If your instance does not have direct access to the internet, you can log into the PolycomLicensing Center from a computer that does have internet access and then use the offlineprocess to activate the license. With the offline process, you can download a license file fromthe Licensing Center and then upload it to you system.

Procedure1. In the system, go to License Management > Setup.

A message indicates that the system is not licensed or the license has expired on the LicenseSetup page.

2. Write the System Identifier number down or leave this page open. You will need the SystemIdentifier number to activate your licenses.

3. In a different browser window, log into the Polycom Licensing Center using the URL andcredentials sent to you.

A successful login opens the Polycom Licensing Center page.


Polycom, Inc. 30

4. On the Polycom Licensing Center page, click Create Server to open the Create Server page.5. Enter information as outlined in the following table to create a license server for your

RealPresence products.

Field Value Description

License Server ID Copy and paste the System Identifier number from the License Setuppage.

Backup Device Currently not supported. Leave this field blank.

ID Type Select PUBLISHER_DEFINED.Note: This is a change from previousversions, which required an ID Type of VM_UUID.

Alias (Optional) A unique name for your license server. If your organizationdeploys more than one, aliases make it easier to identify each specificinstance.

Site Name (Optional) A descriptive name for your Polycom RealPresence licensemanagement site.

6. Click Create.

After the license server is successfully created, the View Server page displays your valid LicenseServer ID, ID Type, and Site Name.

Next, you map and generate available licenses to your RealPresence systems. See Activate theAvailable Licenses on page 31.

Activate the Available LicensesAfter setting up as your license server, you must activate the available licenses. You can manage licensesfor individual components of your RealPresence systems after those components have been added to thesystem.

Note: Before activating your license, ensure that you select the correct time zone and that yoursystem time is the standard time in your time zone. Otherwise, the system cannot activatethe license. Go to Admin > Server Settings > System Time to configure your system time.

Procedure1. On the Polycom Licensing Center View Server page, click Map Add-Ons to show a list of

available units for features your organization has purchased, as shown next.

2. In the Qty to Add column for the available licenses, enter the number to allocate to the instance.3. Click Map Add-Ons to allocate the licenses.


Polycom, Inc. 31

The View Server page returns, displaying a list of the server's licenses. The status for newly-allocated licenses is License not generated. A license must be generated (activated on thecomponent) to allow the corresponding system component to operate within your RealPresenceenvironment.

4. If you allocated too many license add-on units to this instance and want to remove some, clickRemove Add-Ons.

The Remove Add-Ons page lists the license add-ons available on this instance.5. In the Quantity to Remove field of the add-ons you want to change, enter the number of units to

remove and click Remove Add-Ons.

The View Server page returns, displaying a list of the server's licenses. The status for licenseswith newly-removed units is Copies decreasing. The removed licenses must be deactivated withinyour system.

6. If your instance does not have access to the internet, click Download Capability Response todownload a local copy of the license file.

This download allows you to manage your licenses offline. Note the location of the license filewhen you download it to your local computer. You will upload this file to the system to activate thelicensing.

If your system has access to the internet, you must use the online method to license the systemand its components. The offline method for managing licenses is not an option when internetaccess is available.

7. Return to the RealPresence Resource Manager License Setup page, and do one of thefollowing:

• Click Online if your virtual environment has access to the Internet and can use the onlinemethod for managing licenses.

• Click Offline if your virtual environment does not have access to the Internet and thereforerequires use of the offline, file-based method for managing licenses. Prompts guide youthrough the offline update process using the license file you previously downloaded from thePolycom Licensing Center.

Note: If you work in Hyper-V environment offline mode, before activating the license,you need to disable the time synchronization between the Hyper-V guest andthe Hyper-V host to ensure successfully license activation.

8. Click Update to complete the license activation process.

A successful activation produces an active license notation. After you click Update, it may take upto 30 minutes to activate the license, and you may need to refresh the browser window.

After you have successfully activated your license, the full menu and dashboard become availablefor managing the system and its components.


Polycom, Inc. 32

After properly activating the license, you must configure your system so that it can begin managing andmonitoring instances of supported RealPresence component products.

License Your System with a License FileIf you are not a RealPresence Clariti customer, you need to license your system using a license file andactivation key code. See the for instructions.

Additional ConfigurationAdditional configuration tasks are discussed in Chapter 2 of the . For example:

• Configure the system for device management of your RealPresence Clariti video infrastructure• Configure your system for redundancy, if applicable.• Set up your site topology.• As needed for conference scheduling:

◦ Integrate with a RealPresence DMA system for gatekeeper, SIP registrar, and virtual meetingroom services.

◦ Integrate the system with a Microsoft Active Directory.◦ Configure Areas. (Area functionality is a separately licensed feature.)◦ Add MCUs that you want the prod_name_short to manage.

• As needed for administration:

◦ Associate users with roles. You will need at least one user with the device administrator rolewho will be able to create machine accounts for devices. You will also need at least one userassigned to the role of operator or scheduler/advanced schedule so conferences can bescheduled.

• As needed for endpoint management:

◦ Associate users with endpoints.◦ Create provisioning profiles and rules for dynamically managed endpoints and phones.


Polycom, Inc. 33

Security Deployment ProceduresResource ManagerTopics:

▪ Configuring Certificates

▪ Integrating with an Enterprise Directory

▪ Integrate with RealPresence DMA

▪ Configure the Mail Server

▪ Site Topology Setup

▪ Working with Provisioning Profiles

▪ Add a Provisioning Rule

▪ Auto-Generate SIP URI

▪ Configure E.164 Numbering

▪ Add a User

▪ Provisioning Endpoints

▪ Configuration for Polycom DMA Edge Integration

Configuring CertificatesYou must install a security certificate on the RealPresence Resource Manager so that Skype for BusinessServer trusts it so that Microsoft Teams trusts it.

Create a Certificate Signing RequestThe RealPresence Resource Manager needs a CA signed certificate from the Microsoft CertificateServices.Procedure

1. Go to Admin > Management and Security > Certificate Management.

Polycom, Inc. 34

2. Click Create Certificate Signing Request.

3. In the Certificate Request Data dialog, enter the following information for your RealPresenceResource Manager system.

Field Description

Signature Algorithm SHA256

Country Name Two-letter (ASCII only) ISO 3166 country code inwhich the server is located.

State or Province Name Full state or province name (ASCII only) in whichthe server is located.

Security Deployment Procedures Resource Manager

Polycom, Inc. 35

Field Description

Locality Name City name (ASCII only) in which the server islocated.

Organization Name Enterprise name (ASCII only) at which the server islocated.

Organizational Unit Name Optional: Subdivision (ASCII only) of the enterpriseat which the server is located.

Multiple values are permitted, one per line.

Common Name The FQDN (fully qualified domain name) of thesystem (read-only), as defined in the networksettings.

4. Click OK.


Polycom, Inc. 36

5. In the Create Certificate Signing Request dialog, click OK.6. In the Save As dialog, enter a unique name for the file, browse to the location to which to save the

file, and click Save.7. Open the CSR file using Notepad and copy the content.

Request a CertificateYou can request a certificate from a third-party Certificate Authority.

Procedure1. Navigate to the Certificate Authority and click Request a certificate.

2. Click the advanced certificate request.

3. Paste the CSR into the saved request field.4. Under Certificate Template, choose Web Server with client EKU.

A certificate template with serverAuth EKU is required. If you want PKI authentication throughoutthe solution you will need a template that also includes clientAuth EKU.

5. Click the Submit button.


Polycom, Inc. 37

6. Choose Base 64 encoded, and click Download certificate.

Install the CertificateBefore installing a certificate or certificate chain provided by the certificate authority, be sure that youreceived the certificate or certificate chain in one of the following forms:

▪ A PFX, P7B, or single certificate file that you’ve saved on your computer.▪ PEM-format encoded text that you received in an email or on a secure web page.


Polycom, Inc. 38

Installing or removing certificates requires a system restart. When you install a certificate, the change ismade to the certificate store immediately, but the system will not recognize or use the new certificate untilit restarts and reads the changed certificate store.

The RealPresence Resource Manager system must be running on an Internet Explorer browser in orderto upload a file.

Procedure1. Go to Admin > Management and Security > Certificate Management.2. Click Install Certificates.3. Click Upload Certificate, and browse to the file or enter the path and file name.

4. Click OK.

Integrating with an Enterprise DirectoryIn a large organization, integrating your RealPresence Resource Manager system with Microsoft ActiveDirectory greatly simplifies the task of managing conference system security.


Polycom, Inc. 39

Prestage Machine Account for RealPresence Resource ManagerTo enable the single sign-on option, an Active Directory administrator must first prestage an ActiveDirectory machine account for RealPresence Resource Manager. The single sign-on allows endpointusers who are included in the Active Directory to securely log in to their dynamically managed endpointwithout typing in credentials.Procedure

1. On the Active Directory server, go to Start > Programs > Administrative Tools > ActiveDirectory Users and Computers to open Active Directory Users and Computers window.

2. Select the node for your domain.3. Right-click the Organizational Unit (OU) folder in which to add the computer account, and select

New > Computer.

4. Enter the Computer name, and click OK.


Polycom, Inc. 40

5. Open PowerShell/Command Prompt window, enter the following command to create passwordfor your computer.

net user <machine name>$ <password> /domain

▪ machine name: the computer name you just configured before.▪ password: the desired temporary password to be used during integration. The RealPresence

Resource Manager will change the password immediately upon successful integration.

You have configured a machine account that you can use for RealPresence Resource Manager singlesign-on.

Integrate with the Enterprise Directory ServerEnabling the Integrate with Enterprise Directory Server option enables RealPresence ResourceManager system users who are included in the Active Directory to log in to the RealPresence ResourceManager system interface using their network credentials.

Procedure1. Go to Admin > Directories > Enterprise Directory.


Polycom, Inc. 41

2. On the Enterprise Directory page, select Integrate with Enterprise Directory Server.3. Enter the DNS Name for the enterprise directory server.4. Enter Domain\Enterprise Directory User ID and Enterprise Directory User Password. Other

fields can be left as default or configure if needed.

5. Select Allow delegated authentication to enterprise directory server.6. Enter the Fully Qualified Host Name of the domain controller.7. Enter the Username (Domain\<Computer Name>) and Password and click Update.


Polycom, Inc. 42

Integrate with RealPresence DMAYou can integrate your RealPresence Resource Manager system with a single RealPresence DMAsystem to take advantage of the RealPresence DMA system’s two main functions: the ConferenceManager function and the call server (gatekeeper and SIP proxy/registrar) function.

Procedure1. Go to Network Device > Instances.2. On the Instances page, select the RealPresence DMA that you want to integrate with the

RealPresence Resource Manager, click the button.

3. Select Service Integration tab.4. Select Integrate the RealPresence DMA system’s conference manager and call server

services with RealPresence Resource Manager system’s conferencing and endpointservices, Conference Manager(MCU Pool Orders), and Call server.

5. Click OK.6. In the Instances page, check that the is added for RealPresence DMA status.

Configure the Mail ServerYou can set up the email account from which the RealPresence Resource Manager system will sendconference notification emails and system alerts.

Procedure1. Go to Admin > Server Settings > E-mail.


Polycom, Inc. 43

2. Select Allow confirmation emails for scheduled conferences.3. In the From Address text box, enter the email account (ASCII only) from which the RealPresence

Resource Manager system will send conference notification emails and system alerts.4. In the SMTP Server text box, specify the IP address of the SMTP server from which the

RealPresence Resource Manager system will send conference notification emails and systemalerts.

5. Click Update.

Site Topology SetupThe Site Topology feature of RealPresence Resource Manager provides a global view of the videoconferencing network, showing how it is organized within groupings called Territories and direct Site Linksindicating cumulative bandwidth capacity and utilization for all subnets within a Site.

Site topology information describes your network and its interfaces to other networks, including thefollowing elements:


Polycom, Inc. 44

▪ Site: A local area network (LAN) that generally corresponds with a geographic location such as anoffice or plant. A site contains one or more network subnets, so a device’s IP address identifies thesite to which it belongs.

▪ Network clouds: A Multiprotocol Label Switching (MPLS) network cloud defined in the site topology.An MPLS network is a private network that links multiple locations and uses label switching to tagpackets with origin, destination, and Quality of Service (QoS) information.

Note: MPLS clouds are not associated with an IP address range, so they can be used togroup multiple subnets. They could also represent a service provider.

While links to MPLS clouds have bandwidth and bit rate limitations, the cloud is infinite. In this way,clouds reflect the way in which businesses control bandwidth and bit rate.

▪ Internet/VPN: An entity that represents your network’s connection to the public Internet.▪ Site link: A network connection between two sites or between a site and an MPLS network cloud.▪ Site-to-site exclusion: A site-to-site connection that the site topology doesn’t permit an audio or

video call to use.▪ Territory: A grouping of one or more sites for which a RealPresence Resource Manager system is

responsible.

The site topology you create within the RealPresence Resource Manager system should reflect yournetwork design. Consider the following information and best practices when creating your site topology:

▪ If possible, connect all sites to an MPLS cloud. MPLS clouds are like corporate networks, used toconnect multiple subnets in multiple sites, but all servicing a company.

▪ Avoid cross loops or multiple paths to a site; otherwise a call may have different paths to a singledestination. The more cross, circular, and multi paths you have, the higher the number ofcalculations for a conference.

▪ Link sites that aren’t connected to an MPLS cloud directly to another site that is connected to anMPLS cloud. Do not create orphan sites.

▪ Calls are routed through a bridge, so bandwidth and bit rate limits for the site and subnet apply to allcalls made using that bridge.

▪ Reserve the Internet/VPN “site” for IP addresses that fall outside your private or corporate network(for example remote workers), because all calls routed to the Internet/VPN site will be routedthrough the site on your private or corporate network that has Internet access.

Add a SiteRealPresence Resource Manager has default site Internet/VPN, and associates with registeredendpoint by default. Polycom recommends adding new site based on the needs of your network topology.You can define a new site in the system’s site topology and specify which subnets are associated with it.

You can define overlapping subnets within a site or between sites. Larger subnets can contain smallerones. When the system determines which subnets a given IP address belongs to, it chooses the subnetwith the longest IP match.

For example:

Subnet1 = 10.0.0.0/8

Subnet2 = 10.33.24.0/24

The IP address 10.33.24.70 belongs to subnet2, while the IP address 10.22.23.70 belongs to subnet1.

Procedure1. Go to Network Topology > Sites or Network Topology > Site Topology.


Polycom, Inc. 45

▪ To add a site in the Sites page, click .

▪ To add a site in the Site Topology page, go to Site Actions > Add.2. Complete the General Info. The minimum information required is Site Name, Description, and

Location.

General Info Field Description

Site Name A meaningful name for the site, this name can be64 characters (ASCII only) long.

Description A brief description (ASCII only) of the site.

Territory Assigns the site to a territory, and thus to aRealPresence Resource Manager system.

Location Specify the geographic location of the site either bylongitude + latitude or country + city.

3. Complete the H.323 Routing dialog.

H.323 Routing Field Description

Allowed via H.323 aware firewall Enables call routing through the Internet, using anH.323-aware firewall.

▪ For an outbound call to the Internet, you mustenter the firewall gateway service (for example,a Polycom RealPresence DMA Edge appliance)code before the IP address in the dial string.

▪ If you select Allowed via H.323 aware firewall,you must create a site link between this site andthe Internet/VPN site.


Polycom, Inc. 46


Allowed via H.323 aware SBC or ALG Enables call routing via the Internet, using an H.323-aware SBC (Session Border Control) or ALG(Application Level Gateway) server.

Note: For an outbound call to the Internet,you must enter the firewall gatewayservice (for example, a PolycomRealPresence Edge appliance)code before the IP address in thedial string.

4. Complete the H.323 Routing dialog for RealPresence Clariti for Teams.


Allowed via H.323 aware SBC or ALG Enables call routing via the Internet, using an H.323-aware SBC (Session Border Control) or ALG(Application Level Gateway) server.

Note: For an outbound call to the Internet,you must enter the firewall gatewayservice (for example, a PolycomRealPresence Edge appliance)code before the IP address in thedial string.


Polycom, Inc. 47

5. Complete the SIP Routing dialog.

SIP Routing Field Description

SIP Routing

Allowed via SIP aware firewall Enables call routing through the Internet, using anSIP-aware firewall.

Note: ▪ For an outbound call to theInternet, you must enter thefirewall gateway service (e.g. aPolycom RealPresence DMAEdge appliance) code before theIP address in the dial string.

▪ If you select Allowed via SIPaware firewall, you must createa site link between this site andthe Internet/VPN site.

6. Go to Subnets and click to add a new subnet.7. Complete the Subnet dialog.


Polycom, Inc. 48

Subnet Field Description

Subnet IP Address/Mask Specifies the subnets within the site. For eachsubnet, include:

▪ IP Address range

▪ Mask Length

8. Click OK.9. Check the new subnet information and click OK.


Polycom, Inc. 49

Add a Site LinkWhen you add a site link, you enter the starting and ending sites of the link and the maximum bandwidthand bit rates available for calls (audio and video) that use the link. Links are bidirectional. After you havecreated a link from Site A to Site B, you automatically have a bidirectional link from Site B to Site A,although the link appears as unidirectional.

A link can connect two sites, or it can connect a site to an MPLS cloud network.

Before you can create a site link, you must add two or more sites to the system.

Procedure1. Go to Network Topology > Site-Links.2. In the Site-Links page, click .3. In the Add Site-Link dialog, enter a Name and Description for the link and select the starting

(From Site) and ending (To Site) sites.


Polycom, Inc. 50

4. Enter the Bandwidth and Max Bit Rate and click OK.

You can define any bandwidth limitations between the two sites.

The new link appears on the Site Links page.

Add a Network CloudTo simplify the network topology, define network clouds to represents a hub with many sites connected toeach other such as a private network or VPN.

The Network Clouds page contains a list of the MPLS (Multiprotocol Label Switching) network cloudsdefined in the site topology.

Note: MPLS clouds are not associated with an IP address range, so they can be used to groupmultiple subnets and could also represent a connection to a service provider.

Procedure1. Go to Network Topology > Network Clouds.2. In the Network Clouds page, click Add .3. In the Cloud Info section of the Add Network Cloud dialog, enter a unique and meaningful

Cloud Name and Description for the cloud.


Polycom, Inc. 51

4. Click Linked Sites to create a link between sites and the network cloud.5. In the Search Sites field, enter all or part of the site name or location and click Search.

The list of sites containing the search phrase appear in the Search Results column.

6. Select one site to link with the network cloud and then click the down arrow to move it to theSelected Sites column.

Field Description

Linked Sites

Search Sites Enter search string or leave blank to find all sites.

Search Result Lists sites show the territory, if any, to which eachbelongs.

Select a site and click the right arrow to open theAdd Site Link dialog.

Add Site Link Lists sites linked to the cloud and shows theterritory, if any, to which each belongs.


Polycom, Inc. 52

7. The Add Site Link dialog appears to let you change the bandwidth limitation between this site andthe MPLS cloud. Change the bandwidth limitation between each site and the MPLS cloud.

You can define any bandwidth limitations between each Site and the MPLS Cloud. The followingimages show the bandwidth values for each site link.


Polycom, Inc. 53

8. Click OK.9. Repeat the step 5 on page 52 to step 8 on page 54 to add all sites to the network cloud.

10. Click OK.


Polycom, Inc. 54

Add a TerritoryThe Territories page contains a list of the territories defined in the site topology. Territory is a set of oneor more sites for which a RealPresence DMA system is responsible. After RealPresence ResourceManager integrates with RealPresence DMA, by default, there are two territories, one is named DefaultRealPresence Resource Manager Territory and the other is named Default DMA Territory (DMA hostname), and the RealPresence DMA instance is the primary node of the two territories.

By default, the Default DMA Territory is used for communication. Polycom recommends adding anew territory based on the needs of your network topology, especially in DMA supercluster environment.

Procedure1. Go to Network Topology > Territories.

2. In the Territories page, click Add .3. Complete the Territory Info sections of the Add Territories dialog.

Field Description

Territory Info

Territory Name A meaningful name for the territory (up to 128characters).

Description A brief description of the territory (up to 200characters).

Primary Cluster Enter dma.mycompany.comWhen integrating with a RealPresence DMAsystem, enter the management FQDN or IPaddress of the primary cluster that will manage thisterritory. Do this step AFTER you integrate with aRealPresence DMA system.

Backup Cluster The second node, if any, of the RealPresenceResource Manager system responsible for thisterritory.


Polycom, Inc. 55

Field Description

Host Conference Rooms In This Territory Enables this territory to be used for hostingconference rooms (VMRs, or virtual meetingrooms).

The territory’s primary and backup clusters mustboth be enabled for conference room hosting. Nomore than three territories may have this capabilityenabled.

4. Click OK.

Working with Provisioning ProfilesThe Polycom RealPresence Resource Manager system enables you to use provisioning profiles andprovisioning rules as a way to dynamically manage endpoint settings.

When you dynamically manage endpoints (have the endpoint use the RealPresence Resource Manageras its provisioning server), you can automatically configure them by using provisioning profiles.

Configure Network Provisioning ProfileProvisioning profiles contain configuration information that administrators use to remotely manageendpoints with network settings such as security, Quality of Service, gatekeeper address, SIP serveraddress, and so on. For example, as soon as an endpoint is configured to use the RealPresenceResource Manager system for its provisioning server, it starts polling for provisioning profile updates. Withnetwork provisioning profiles, you can ensure that all dynamically managed endpoints have the optimaland correct settings respective to their network location.

The RealPresence Resource Manager system comes with a default network provisioning profile DefaultNetwork Provisioning Profile that can be edited to include information specific to yourenvironment. By default, endpoint uses this default provisioning profile for provisioning. You can edit theDefault Network Provisioning Profile or add new provisioning profile and new rule forspecified site. Both of them will use the same settings introduced in this section. Polycom recommendsadding new provisioning profile based on the needs of your network topology.

Procedure1. Go to Endpoint > Dynamic Management > Provisioning Profiles.


Polycom, Inc. 56

2. In the Provisioning Profiles page, click .

If you want to edit the default profile, select Default Network Provisioning Profile, and click .

3. In the General Info page, set the Profile Name and select Network Provisioning Profile forProvisioning Profile Type.


Polycom, Inc. 57

4. Select Date and Time Settings, set Country, Date Format, Time Format, and Time ServerTimezone for the endpoints, which will use the profile for provisioning.

5. Select H.323 Settings, and edit the following fields:▪ Check the Enable IP H.323 check box.▪ Enter the RealPresence DMA IP address in the Gatekeeper Address.▪ Select Dynamic in the Use Gatekeeper for Multipoint Calls.

6. Select SIP Settings, and edit the following fields:▪ Check the Enable SIP check box.▪ Enter the DMA IP address in the Proxy Server.▪ Enter the DMA IP address in the Registrar Server.▪ Select Auto in the Transport Protocol.▪ Select Standard in the Server Type.


Polycom, Inc. 58

7. Select Security Settings, and edit the following fields:▪ Check the Enable Dynamic Provisioning for IDs check box.▪ Select When Available in the AES Encryption.▪ Check the Enable HTTPS Only check box.▪ Enter 443 in the Web Access Port.

8. Select Calendaring Settings, and set Exchange Server Address.

Calendaring settings are configured based on the respective Clariti Solution. For RealPresenceClariti for Microsoft Teams, the Exchange Server Address can be the online OTD (otd.plcm.vc)address or workflow server (otd.mycompany.com) address.


Polycom, Inc. 59

9. Click OK to save the Default Network Provisioning Profile.

Configure Admin Config Provisioning ProfileAdmin Config provisioning profiles, allow you to create provisioning profiles that include maximum andpreferred call speeds, calendaring settings, Microsoft Lync settings, and so on.

As soon as an endpoint is configured to use the RealPresence Resource Manager for its provisioningserver, it starts polling for provisioning profile updates. To ensure out-of-box usability, the RealPresenceResource Manager system comes with a default Admin Config provisioning Profile. This default profilecannot be customized with any rule. You need to create new Admin Config provisioning profiles tocustomize endpoint configuration settings in your video environment.

Procedure1. Go to Endpoint > Dynamic Management > Provisioning Profiles.


Polycom, Inc. 60

2. In the Provisioning Profiles page, click .

If you want to edit the default profile, select Default Admin Config Provisioning Profile, andclick .

3. In the Edit Profile dialog, select Call Settings.4. Set 1920 to Maximum Speed for Receiving Calls (Kbps) and Preferred Speed for Placing

Calls (Kbps).

5. Select Calendaring Settings, and configure the settings.


Polycom, Inc. 61

6. Click OK.

Configuring Polycom Trio Phone ProvisioningConfigure Polycom Trio device settings so as to configure basic device settings and install phonesoftware updates.

Configure Profile for Polycom TrioConfigure profile for Polycom Trio.Procedure

1. Go to Endpoint > UC Management > Configuration Profiles.2. Select Polycom Phone for the Software: option.3. In the General Info page, set the Profile Name and enter a description.

4. Configure attributes. Configuration Attributes are configured according to Clariti Solution.


Polycom, Inc. 62

In the Configuration Attributes page, set the Standard Fields tab, search for device.set,device.baseProfile, and device.baseProfile.set respectively and enter the following:

Figure 2: The Configuration Attributes for RealPresence Clariti Advanced


Polycom, Inc. 63

Figure 3: The Configuration Attributes for RealPresence Clariti for Microsoft Teams

▪ Check device.set check box to enable device settings.▪ Enter Lync for the device.baseProfile option. This sets the Lync profile as its base profile.


Polycom, Inc. 64

▪ Enter Generic for the device.baseProfile option. This sets the Generic profile as its baseprofile.

▪ Check device.base Profile.set check box to enable device base profile.▪ (For RealPresence Clariti for Microsoft Teams) Enter the Microsoft Exchange Server URL in

the exchange.server.url.▪ (For RealPresence Clariti for Microsoft Teams) Check feature.exchangeCalendar.enabled

check box.▪ (For RealPresence Clariti for Microsoft Teams) Configure the line information and Microsoft

Exchange meeting information.5. Select Save.

Deploy Profile on Polycom TrioDeploy the configured profile on Polycom Trio.Procedure

1. Go to Endpoint > UC Management > Profiles Deployment.2. Select Configuration Profile Association tab.3. Select the Trio profile from drop-down menu, and click Add.

4. Click Save and Apply.

Add a Provisioning RuleBy default, endpoint will be associated with default site Internet/VPN and using Default NetworkProvisioning Profile and Default Admin Configure Provisioning for provisioning. No rule needs to beconfigured. If you have added a new site and a new provisioning profile, you need to add rule forprovisioning.Procedure

1. Go to Endpoint > Dynamic Management > Provisioning Rules.


Polycom, Inc. 65

2. Click .3. In the General Info page, enter a name for the new rule and check the Active check box.4. Click to add new condition.

5. In the Add New Condition dialog, select the following:▪ Type: Site▪ Attribute: Site▪ Operator: =▪ Value: the site you want to use this rule for endpoint provisioning


Polycom, Inc. 66

6. Click OK.7. Check the Condition has just been added.

8. Select Endpoint Provisioning Profile page.9. Click the network profile you just created from the Available list and move it to Selected profile list

using the arrow button.


Polycom, Inc. 67

10. Click OK.11. Check the rule result.

Auto-Generate SIP URIYou can automatically generate a SIP URI for each dynamically managed endpoint according to a namingscheme you define. When you define a custom SIP URI from Active Directory fields, you can choose oneof the default fields or a different Active Directory attribute.

Procedure1. Go to Endpoint > Dynamic Management > SIP URI.

2. Check the Auto-generate SIP URIs for all users and Use the user's email address as theirSIP URI check boxes.The setting automatically populates the SIP URI field of each user and thus allows other endpointsto dial someone by email address.


Polycom, Inc. 68

3. Click Update.

Configure E.164 NumberingYou can define an E.164 address scheme that will be used when provisioning E.164 addresses to alldynamically managed endpoints.

Procedure1. Go to Endpoint > Dynamic Management > E.164 Numbering.2. Optional: Define an E.164 Address Scheme. You can keep the default setting, or configure

according to your environment.

a. Select Use Phone Number for the Base Field, and choose the Maximum number ofdigits to use.

b. Click Update.


Polycom, Inc. 69

Add a UserAdd a local user for endpoint provision.Procedure

1. Go to User > Users and click .2. Configure the general information of the user in the Add New User dialog.

Field Description

First Name The user’s first name

Last Name The user’s last name

User ID The user’s unique login name. This user ID mustbe unique across all rooms and users and acrossall domains.

Password The user’s assigned password. This passwordmust be a minimum of eight characters in length.

Email Address The user’s email address. (The email address is anASCII-only field.)

3. Click OK.


Polycom, Inc. 70

Provisioning EndpointsEnable the provisioning from endpoints, and you can manage the endpoints from RealPresenceResource Manager.

Provision RealPresence Group SeriesEnable the provisioning from RealPresence Group Series to manage them from RealPresence ResourceManager.Procedure

1. Connect the RealPresence Group Series Web UI.2. Go to Admin Settings > Servers > Provisioning Service.3. Check the Enable Provisioning and enter the information of the user you create for provisioning.

You also can enter the enterprise user for provisioning.

4. Click Save. The Registration Status changes to Registered after the RealPresence GroupSeries is provisioned successfully.

5. Go to Diagnostics > System > System Status, and check the status of Provisioning Service,Gatekeeper, SIP Registrar Server, LDAP Server, and Presence Service.


Polycom, Inc. 71

6. Log in the RealPresence Resource Manager Web UI.7. Go to Endpoint > Monitor View.8. Check the Status (green status), and click View Details for more information.

9. Check the Device Status on the right panel.

10. Check other fields for the RealPresence Group Series.

11. You can click other actions to manager the RealPresence Group Series from the RealPresenceResource Manager.


Polycom, Inc. 72

Provision Polycom TrioEnable the provisioning from Polycom Trio, and you can manage the Trio system from RealPresenceResource Manager.Procedure

1. Log in to Polycom Trio Web UI.2. Go to Settings > Provisioning Server and configure the following:

▪ Select HTTPS for Server Type.▪ Enter rprm.mycompany.com/phoneservice/configfiles for Server Address.

▪ Enter your administrator credentials: Server User and Server Password.▪ Set 3 for File Transmit Tries.

▪ Set 1 for Retry Wait (s).▪ Set Disable for SN to UA.

Configuration for Polycom DMA Edge IntegrationIf you deploy your Polycom DMA Edge system with a RealPresence Resource Manager system, theRealPresence Resource Manager system can provision some DMA Edge system settings anddynamically manage (provision, upgrade, and manage) select remote endpoints.


Polycom, Inc. 73

Add RealPresence DMA Edge to the RealPresence Resource ManagerNetwork Device ListSince RealPresence Resource Manager identifies the endpoints coming through a RealPresence DMAEdge system by IP address, you must add the RealPresence DMA Edge system into RealPresenceResource Manager network device list with the internal signaling and access proxy IP address ofRealPresence DMA Edge.Procedure

1. From the RealPresence Resource Manager user interface, go to Network Device > Instances.

2. Click to add a new RealPresence DMA Edge.3. Configure the values.

Field Description

Device Type RealPresence DMA

Add By IP or FQDN Address

Device Name A unique name for the DMA Edge system.

Version The version of the DMA Edge system.

Management Address 172.16.0.1

Admin User and Admin Password Use a RealPresence DMA Edge user that isreserved only for integration with the RealPresenceResource Manager system. The user must havethe Administrator role.

4. Select the Service Integration tab, and enter RealPresence DMA Edge internal signaling andaccess proxy IP address in Provider-side Proxy IP Address.

Depends on your RealPresence DMA Edge network settings, the RealPresence DMA Edgemanagement address, and the internal signaling and access proxy address may be different.


Polycom, Inc. 74

5. Click OK.

Define a New Site in the RealPresence Resource ManagerThe RealPresence DMA Edge system can be configured using the RealPresence Resource Managersystem’s provisioning service by extending the Site Topology to include the RealPresence DMA Edgesystem. In this section, you can create a new site and specify a network segment or subnet that isenabled for the RealPresence DMA Edge system.Procedure

1. From the RealPresence Resource Manager user interface, go to Network Topology > Sites.2. Click Add .3. Complete the General Info and Subnet. Leave the default settings for H.323 Routing and SIP

Routing.

The IP address of Subnet must be the internal signaling address of RealPresence DMA Edge.

Field Description

General Info

Site Name A meaningful name for the site, this name can be64 characters (ASCII only) long.

Description A brief description (ASCII only) of the site.

Country Code The country code for the country in which the site islocated.

Area Code The city or area code for the site. Do not include aleading zero. For example, the city code for Paris is01. Enter 1 in this field.

Territory Choose the territory to which the site belongs.


Polycom, Inc. 75

Field Description

Location Click Specify Location and fill in the country andcity and the RealPresence Resource Managershows the location field.

Total Bandwidth (Mbps) The total bandwidth of the pipe at the site.

Call Max Bit Rate (Kbps) The maximum bandwidth that can be used for eachintrasite call at the site. The default and maximumvalue is 2000000 (2 GB).

Subnets

Subnet IP Address/Mask Specifies the subnets within the site. For eachsubnet, include:

▪ IP Address range

▪ Mask Length

▪ Total Bandwidth

If this site is used for a site that includes aRealPresence DMA Edge system, be sure toinclude the subnet where the RealPresence DMAEdge system resides.


Polycom, Inc. 76

4. Click OK.

Create Network Provisioning Profile for Endpoints that Connect toRealPresence DMA EdgeYou can define the connection information for the endpoints that connect to the RealPresence DMA Edgesystem.Procedure

1. From the RealPresence Resource Manager user interface, go to Endpoint > DynamicManagement > Provisioning Profiles.

2. Click Add .3. Add a Profile Name, and set Provisioning Profile Type to Network Provisioning Profile.


Polycom, Inc. 77

4. Click the Firewall Settings tab.

Check the Enable H.460 Firewall Traversal and Enable SIP Keep Alives to provision externalendpoints.

5. Click the H.323 Settings tab.▪ Check the Enable IP H.323 check box.▪ Enter the external Natted IP address in the Gatekeeper Address.

The managed endpoints that connect to the RealPresence DMA Edge system must beprovisioned with the RealPresence DMA Edge system external natted IP address for all


Polycom, Inc. 78

network settings. Enter the external natted IP address of the RealPresence DMA Edgesystem for the gatekeeper and SIP Server settings.

▪ Select Dynamic for Use Gatekeeper for Multipoint Calls.

6. Click the SIP Settings tab.▪ Check the Enable SIP check box.▪ Enter the external Natted IP address in the Proxy Server and Registrar Server.

7. Select Security Settings, and edit the following fields:▪ Check the Enable Dynamic Provisioning for IDs/Passwords check box.


Polycom, Inc. 79

▪ Select When Available in the AES Encryption.▪ Check the Enable HTTPS Only check box.▪ Enter 443 in the Web Access Port.

8. Select Calendaring Settings.

Calendaring settings are configured based on the respective RealPresence Clariti solution. ForRealPresence Clariti for Microsoft Teams, set Exchange Server Address. The Exchange ServerAddress can be the online OTD (otd.plcm.vc) address or workflow server (otd.mycompany.com)address.

9. Select Directory Settings, and edit the following fields:▪ Unselect the Use Default Directory Server.▪ Configure the Directory Server to the external natted address of RealPresence DMA Edge.


Polycom, Inc. 80

10. Select Presence Settings, and edit the following fields:▪ Unselect the Use Default Presence Server.▪ Configure the Presence Server to the external natted address of RealPresence DMA Edge.

11. Click OK.

Create Provisioning RuleSo far we added RealPresence DMA Edge into RealPresence Resource Manager network device list, anew Site for the RealPresence DMA Edge system, a new RealPresence DMA Edge Server ProvisioningProfile defining the RealPresence DMA Edge system connection information to the RealPresence DMAsystem and a Network Provisioning Profile for endpoints connecting to the RealPresence DMA Edgesystem. However, the new Site for the RealPresence DMA Edge hasn’t been linked to the endpointProvisioning Profile. In the section, you can create a new Provision Rule that will link the RealPresenceDMA Edge site to the endpoint Provisioning Profile.Procedure


Polycom, Inc. 81

1. From the RealPresence Resource Manager user interface, go to Endpoint > DynamicManagement > Provisioning Rules.

2. Click Add .3. In the General Info area, enter a name for the new rule.4. Check the Active check box.

5. Click Add on the upper right corner.6. Add new conditions.

▪ Type: Site▪ Attribute: Site▪ Operator: =▪ Value: RealPresence DMA Edge site name

7. Click OK.8. Click Endpoint Provisioning Profile from the left panel.9. Move the RealPresence DMA Edge endpoint profile to Selected Profile using the arrow and click

OK.


Polycom, Inc. 82

10. Select OK.

Configure Site Links to Connect RealPresence DMA Edge Site withExisting TopologyYou must create a site link that allows connections between the internal Sites and the RealPresence DMAEdge Site.Procedure

1. From the RealPresence Resource Manager user interface, go to Network Topology > Site-Links.2. In the Site-Links page, click Add .3. Add a site link to connect the RealPresence DMA Edge system with the internet/VPN.


Polycom, Inc. 83

4. Click OK.5. Follow the same steps to link RealPresence DMA Edge system to other Sites.

Note: If other sites already have a site link with the Internet/VPN site, do not add site linksbetween the RealPresence DMA Edge site and other sites. If the sites have a site linkto the same site, the sites link to each other automatically.


Polycom, Inc. 84

First Time Installation DMATopics:

▪ Collect the Necessary Materials

▪ Shipment Contents

▪ Unpack and Install the Hardware

• Configure Initial Settings Without the USB Flash Drive

▪ Secure the Polycom RealPresence DMA SystemServers

▪ Add DNS Records for the Polycom RealPresence DMA System

▪ Create Local System Administrator Account

▪ License the System

▪ Configure Signaling

Collect the Necessary MaterialsBefore you install a Polycom RealPresence DMA system, Appliance Edition, collect these materials:

▪ Polycom RealPresence DMA 7000 System Release Notes▪ Polycom RealPresence DMA system server shipment▪ Completed First-Time Setup Worksheet▪ PC running Microsoft® Windows® (XP Pro or later) with:

◦ 1280x1024 (SXGA) minimum display resolution; 1680x1050 (WSXGA+) or greaterrecommended

◦ USB and Ethernet ports◦ Microsoft Internet Explorer® 7 or newer, Mozilla Firefox®, or Google Chrome◦ Adobe® Flash® Player (latest version)

Note: The Polycom RealPresence DMA system’s Flex-based management interfacerequires Adobe Flash Player. For stability and security reasons, we recommendalways using the latest version of Flash Player.

Even so, be aware that your browser’s Flash plugin may hang or crash from timeto time. Your browser should alert you when this happens and enable you toreload the plugin. In some cases, you may need to close and restart yourbrowser.

In the Google Chrome browser, use the Adobe Flash plugin, not the built-in Flashsupport.

Polycom, Inc. 85

Shipment ContentsPolycom Rack Server shipments include the server and other contents. You should verify the type ofserver and other contents of your shipment when you unpack the system.

The following table describes shipment contents based on the type of server you purchased. Note thatlicensing information and other items may be shipped separately.

Item R620 R630 R640 R220/R230

1 Polycom RackServer

X X X X

1 system DVD X

(May be shippedseparately)

1 blank USB flashdrive

X

(RealPresenceResource Managerappliances do notinclude a blank USBflash drive)

X X X

1 USB flash drivelabeled Diagnosticsthat contains serverdiagnostics utilities.Use these utilitiesonly under thedirection of PolycomGlobal Services.

X X X X

Power cord(s) May be shippedseparately

May be shippedseparately



Rail kit Slide rails withcable managementarm

Slide rails withcable managementarm

Slide rails withcable managementarm

Static rails

Bezel with Polycombadge

X X X X

Polycom warrantyletter

X X X X

First Time Installation DMA

Polycom, Inc. 86

Item R620 R630 R640 R220/R230

Product InformationGuide for R620,R630, R220

Enterprise ProductsSafety,Environmental, andRegulatoryInformation forR230, R640

X X X X

Unpack and Install the HardwareThe system, Appliance Edition, can be installed on the following servers:

▪ Polycom Rack Server 640 (R640)▪ Polycom Rack Server 630 (R630)▪ Polycom Rack Server 620 (R620)▪ Polycom Rack Server 230 (R230)▪ Polycom Rack Server 220 (R220)

You should verify the type of server and other contents of your shipment when you unpack the system.

Procedure1. Examine the shipping container for damage.

If you find damage, file a claim with the delivery carrier. Polycom is not responsible for damagesustained during shipment of this product.

2. Open and review the container packing slips.3. Open the container and examine the contents for damage.

If you find damage, file a claim with the delivery carrier. Keep all shipping materials in case youneed them later.

4. Unpack your system and identify each item.

A single-server system shipment includes the items listed in Shipment Contents on page 86.5. Assemble the rails and install the server in the rack.

To rack-mount a server, see the following instructions:

▪ Polycom Rack Server 640 (R640) server:

http://www.dell.com/support/home/us/en/04/product-support/product/poweredge-r640/manuals






Polycom, Inc. 87








http://www.dell.com/support/home/sg/en/sgbsdt1/product-support/product/poweredge-r230/manuals



6. Connect the server's power cable(s) to the server and connect a VGA cable from the server to theconsole monitor.

7. Connect all power cables into a grounded electrical outlet or separate power source, such as anuninterrupted power supply (UPS) or power distribution unit (PDU).

8. Connect a keyboard to the server.9. Press the power button on the server and on the monitor.

The power indicators should light.10. Create one access password for the system BIOS.11. Set the correct system time in the system BIOS.12. Install the bezel (optional).13. Connect the Ethernet port associated with eth0 to the enterprise network.

On Polycom R630 and R620 servers, the Ethernet port labeled GB 1 is the eth0 network interface.

On Polycom R640 servers, the port that's the furthest on the left of the four consecutive Ethernetports is the eth0 network interface.

On Polycom R220 servers, the Ethernet port labeled Port 0 is the eth0 network interface.

On Polycom R230 servers, the Ethernet port labeled Port 0 is typically the eth0 or eth2 networkinterface. To determine which network interface is associated with Port 0, go to the BIOS setupmenu and view the device settings. Then connect the port associated with eth0 to your enterprisenetwork.

Figure 4: Port 0 Location for Polycom Rack Server 220

Figure 5: Port 0 Location for Polycom Rack Server 230

Caution: Do not power off a Polycom Rack Server R630 or R620 by unplugging it or otherwiseremoving power, especially if the system will remain turned off for some time. If aserver loses power without being properly shut down, the battery is eventuallydepleted. If this happens, the server cannot be restarted without user input, requiring akeyboard and monitor.


Polycom, Inc. 88





Configure Initial Settings Without the USB Flash DriveIf you do not use the Network Configuration Utility on the USB flash drive, you can use the followingprocedure to complete the initial setup using a laptop PC and an Ethernet cable.

The system servers are shipped with the following default network settings that you can use to connect tothe system:

IP address: 192.168.200.10Subnet mask: 255.255.255.0Default gateway: 192.168.200.1Procedure

1. Ensure that the server is NOT connected to the enterprise network.2. Configure the network settings on your laptop to connect it to the same network segment as the

system server.Example settings:

• IP address: 192.168.200.20• Subnet mask: 255.255.255.0• Default gateway: 192.168.200.1

3. Do one of the following:

a. If you are using a Polycom Rack Server R630 or R620 system, connect an Ethernet cablebetween your laptop and the GB 1 interface of the server.

b. If you are using a Polycom Rack Server R230 or R220 system, connect an Ethernet cablebetween your laptop and the Port 0 interface of the server.

4. Power on the server.The server starts, which takes several minutes. If you are using a Polycom Rack Server R630 orR620 system, after the server starts, DMA Installed displays on the front panel LCD. Thisindicates that the system software is installed but its network and time settings are not configured.

Caution: If you are using a Polycom Rack Server R630 or R620 and DMA Installed does notdisplay on the LCD, stop. Contact Polycom Global Services for assistance.

5. On the laptop, point your browser to http://192.168.200.10 (ignore any security certificate warningthat may appear).

6. Log in with username admin and password Polycom12#$.

The End User License Agreement (EULA) displays with a check box to accept or decline theAgreement. You can also agree or disagree to send usage data to Polycom to help improve theproduct. See the for more information about automatic data collection.

7. Select Automatically send usage data.This step is optional but highly recommended.

8. Select I accept the terms of this license agreement and click Accept.9. Select Core Configuration or Edge Configuration.

The dashboard of the system's user interface displays. Using its menus, you can complete yoursystem setup.

10. Go to Admin > Server > Network Settings.11. Enter the Host name, Domain, DNS Search domains, and DNS 1.


Polycom, Inc. 89

12. If you need to set up a special network routing rule or rules, click Routing Configuration, createthe rule(s), and click OK.

13. Click Update.14. When asked to confirm restarting the system, click Yes.15. While the server is restarting, do the following:

a. Disconnect the Ethernet cable from the laptop.

b. If you are using a Polycom Rack Server R630 or R620, connect the server's GB 1 Ethernetport to the enterprise network to be used for management or combined traffic.

c. If you are using a Polycom Rack Server R230 or R220, connect the server's Port 0Ethernet port to the enterprise network to be used for management or combined traffic.

The restart process takes several minutes. If you are using a Polycom Rack Server R630 or R620,after the server starts, DMA Ready displays on the front panel LCD.

16. From a PC with network access to the system, point your browser to your system's host name orIP address.

17. Log in with username admin and password Polycom12#$.18. Go to Admin > Server > Time Settings and select the correct System time zone for your

location.Polycom recommends selecting the best location-specific setting, not one of the generic GMToffset settings.

19. Under NTP servers, enter the IP addresses or domain names for the time servers.Polycom recommends specifying at least one and preferably three time servers. At least one timeserver must be specified before creating or joining a supercluster.

20. Click Update.The system restarts.

Note: If you are using a Polycom Rack Server R630 or R620, after the server starts, DMAReady displays on the front panel LCD.

21. When asked to confirm restarting the system, click Yes.22. Log back into the system from your browser and complete your system setup.

Secure the Polycom RealPresence DMASystemServersWhen you switch to maximum security mode, the servers’ BIOS settings are changed to prevent themfrom being booted from the DVD drive or a USB device. In addition, a BIOS password is set (if notalready present) to prevent unauthorized persons from reversing these BIOS changes.

But occasionally, a BIOS change fails to be implemented on reboot. To make absolutely certain that theservers are secure, we strongly recommend manually securing them by performing the procedure belowon each server.

To secure a Polycom RealPresence DMA system serverProcedure

1. Attach a USB keyboard and monitor to the server and start it.2. During the boot sequence, press F2 to enter the System Setup menu.


Polycom, Inc. 90

The system displays an Entering Setup message.

Note: To view the System Setup help file, press <F1> .

For most of the options, the changes that you make are recorded but don’t take effectuntil you restart the system.

3. Use the arrow keys to navigate to the Boot Settings sub-menu and press ENTER to select it.Then navigate to Boot Sequence and press ENTER.

4. Disable the SATA Optical Drive and Embedded NIC 1.5. Return to the main System Setup menu, select Integrated Devices, and make the following

changes:▪ Set User Accessible USB Ports to All Ports Off.▪ Set Internal USB Port to Off.

6. Return to the main System Setup menu, select System Security, and make the followingchanges:

▪ Set System Password to Not Enabled.▪ Select Setup Password and enter and confirm a system setup password that meets your

site password requirements.▪ Set Password Status to Locked.

7. Return to the main System Setup menu, select Serial Communication, and set SerialCommunication to Off.

8. Exit and save the changes.The server reboots.

9. Turn the server off.

Add DNS Records for the Polycom RealPresence DMASystemIn order to access your Polycom RealPresence DMA system by its host names instead of by IPaddresses, you must create A (alias) records (for IPv4) and/or AAAA records (for IPv6), as well as thecorresponding PTR records, on your DNS server. A/AAAA records that map each physical host name tothe corresponding physical IP address and each virtual host name to the corresponding virtual IP addressare mandatory, as are the corresponding PTR records that allow reverse DNS resolution of the system’sphysical or virtual host name(s).

A two-server system has three host names and IP addresses (one virtual and two physical) for themanagement or combined interface, and in a split network configuration, three more for the signalinginterface. See “Add Required DNS Records for the Polycom DMA System” in the online help or PolycomRealPresence DMA 7000 Operations Guide.

Create Local System Administrator AccountIn maximum security mode, if the Polycom RealPresence DMA system is integrated with Active Directory,only one local user is permitted, and that user must have the Administrator role. If you’re configuring thesystem in this manner, presumably this local administrator login will serve only as a safety mechanism,and you have procedures for securing the credentials for that user.


Polycom, Inc. 91

Whether that’s the case or not, perform the procedure below as soon as possible after installing yoursystem to eliminate a serious security risk.

To remove the default admin account and create a more secure local account with administrativeprivilegesProcedure

1. Log in as admin and go to User → Users.The Users page appears.

2. Create a local user account with the Administrator role. See “Users Procedures” in the online helpor Polycom RealPresence DMA 7000 Operations Guide.

3. Log out and log back in using the new local account.4. Go to User → Users and delete the default admin account. See “Users Procedures” in the online

help or Polycom RealPresence DMA 7000 Operations Guide.

License the SystemThe procedure for licensing your system differs depending on which edition you have.

If you have a Virtual Edition system, you will need to ensure the RealPresence Platform Director systemcan communicate with your Virtual Edition so it can be licensed and monitored.

▪ If you used the RealPresence Platform Director system to deploy your system, this is doneautomatically.

▪ If you used your virtual environment tools to install the system, you need to add your systeminstance to the RealPresence Platform Director if you have not done so already.

For complete instruction on how to use the RealPresence Platform Director system, see theRealPresence Platform Director System Administrator Guide.

Perform the following procedure to license an Appliance Edition system.Procedure

1. Go to Admin → Local Cluster → Licenses.The Licenses page appears.

2. Follow the procedures for requesting software activation key codes and entering them, describedin “Add Licenses” in the online help or Polycom RealPresence DMA 7000 Operations Guide.

Configure SignalingTo configure signalingProcedure

1. Go to Admin → Local Cluster → Signaling Settings.The Signaling Settings page appears.

2. Enable H.323, WebRTC, and/or SIP signaling, following the procedure described in “ConfigureSignaling” in the online help or Polycom RealPresence DMA 7000 Operations Guide. Optionally,doany of the following:

▪ Configure H.323 device authentication, SIP digest authentication, or both.▪ If SIP signaling is enabled, turn on ANAT support if AS-SIP is in use, require certificate

validation for TLS, and/or configure untrusted call handling.


Polycom, Inc. 92

Note: If H.323 is enabled, Polycom strongly recommends putting the RealPresenceDMA system into routed mode (especially if the RealPresence DMA system isbeing neighbored with another H.323 gatekeeper) so that it proxies all H.323signaling messages. Go to Admin → Call Server → Call Server Settings andunder H.323 Settings, change Gatekeeper call mode to Routed call mode.


Polycom, Inc. 93

Security Deployment Procedures DMATopics:

▪ The Consequences of Enabling Maximum Security Mode

▪ Intrusion Detection Systems

▪ Install Security Certificates and Enable OCSP

▪ Configure Secure SIP or AS-SIP Connections

▪ Set Security Configuration to Maximum Security

▪ Review and Modify (If Necessary) Security-Related Settings

▪ Integrate with Active Directory

▪ Add Polycom MCUs to the System

▪ Verify System Functionality

▪ Enable User Certificate Validation

The Consequences of Enabling Maximum SecurityModeEnabling the Maximum security setting is irreversible and has the following significant consequences:

▪ All unencrypted protocols and unsecured access methods are disabled.▪ The boot order is changed so that the servers can’t be booted from the optical drive or a USB

device.▪ A BIOS password is set.▪ The port 443 redirect is removed, and the system can only be accessed by the full URL

(https://<IP>:8443/dma7000, where <IP> is one of the system’s management IP addressesor a host name that resolves to one of those IP addresses).

▪ For all server-to-server connections, the system requires the remote party to present a valid X.509certificate. Either the Common Name (CN) or Subject Alternate Name (SAN) field of that certificatemust contain the address or host name specified for the server in the Polycom RealPresence DMAsystem.

Polycom RealPresence® Collaboration Server and RMX MCUs don’t include their management IPaddress in the SAN field of the CSR (Certificate Signing Request), so their certificates identify themonly by the CN. Therefore, in the Polycom DMA system, a Polycom MCU’s management interfacemust be identified by the FQDN specified in the CN field, not by IP address.

Similarly, an Active Directory server certificate often specifies only the FQDN. Therefore, in thePolycom RealPresence DMA system, the enterprise directory must be identified by FQDN, not byIP address.

▪ Superclustering is not supported.▪ Juniper SRC integration is not supported.

Polycom, Inc. 94

▪ Calendaring service can’t be enabled, and the Polycom RealPresence DMA system doesn’tsupport virtual meeting rooms (VMRs) created by the Polycom Conferencing Add-in for MicrosoftOutlook.

▪ Integration to a Polycom RealPresence Resource Manager or CMA system is not supported.

Note: A Polycom RealPresence Resource Manager system can be integrated to theRealPresence DMA system, providing it with access to the RealPresence DMA APIand the ability to use the RealPresence DMA system’s pool of MCUs for schedulingand “Anytime” conferences. But the reverse connection, integrating the RealPresenceDMA system to the RealPresence Resource Manager or CMA system for the purposeof obtaining site topology and user-to-device association data, is not supported.

▪ On the Banner page, Enable login banner is selected and can’t be disabled.▪ On the Login Sessions page, the Terminate Session action is not available.▪ On the Troubleshooting Utilities menu, Top is removed.▪ In the Add User and Edit User dialog boxes, conference and chairperson passwords are obscured.▪ After Maximum security is enabled, users must change their passwords.▪ If the system is integrated with an enterprise directory, only one local user can have the

Administrator role, and no local users can have the Provisioner or Auditor role.

If there are multiple local administrators when you enable Maximum security, the system promptsyou to choose one local user to retain the Administrator role. All other local users, if any, becomeconferencing users only and can’t log into the management interface.

▪ If the system is not integrated with an enterprise directory, each local user can have only oneassigned role (Administrator, Provisioner, or Auditor).

If some local users have multiple roles when you enable Maximum security, they retain only thehighest-ranking role (Administrator > Auditor > Provisioner).

▪ Local user passwords have stricter limits and constraints (each is set to the noted default if belowthat level when you enable Maximum security):

◦ Minimum length is 15-30 characters (default is 15).◦ Must contain 1 or 2 (default is 2) of each character type: uppercase alpha, lowercase alpha,

numeric, and non-alphanumeric (special).◦ Must contain 1 or 2 (default is 2) of each character type: uppercase alpha, lowercase alpha,

numeric, and non-alphanumeric (special).◦ Number of previous passwords that a user may not re-use is 8-16 (default is 10).◦ Minimum number of characters that must be changed from the previous password is 1-4

(default is 4).◦ Password may not contain the user name or its reverse.◦ Maximum password age is 30-180 days (default is 60).◦ Minimum password age is 1-30 days (default is 1).

▪ Other configuration settings have stricter limits and constraints (each is set to the noted default ifbelow that level when you enable Maximum security):

◦ Session configuration limits:◦ Local account configuration limits:

▪ Software build information is not displayed anywhere in the interface.▪ You can’t restore a backup made before Maximum security was enabled.

Security Deployment Procedures DMA

Polycom, Inc. 95

▪ File uploads may fail when using the Mozilla Firefox browser unless the proper steps have beentaken. See below.

Enabling File Uploads in Maximum Security with Mozilla FirefoxThe Mozilla Firefox browser uses its own certificate database instead of the certificate database of theOS. If you use only that browser to access the Polycom RealPresence DMA system, the certificate(s)needed to securely connect to the system may be only in the Firefox certificate database and not in theWindows certificate store. This causes a problem for file uploads.

File upload via the Polycom RealPresence DMA system’s Flash-based interface bypasses the browserand creates the TLS/SSL connection itself. Because of that, it uses the Windows certificate store, not theFirefox certificate database. If the certificate(s) establishing trust aren’t there, the file upload silently fails.

To avoid this problem, after the Polycom RealPresence DMA system’s certificates are installed, you mustimport the needed certificates into Internet Explorer (and thus into the Windows certificate store). And,when accessing the system with Firefox, you must use its fully qualified host name.

First, start Internet Explorer and point it to the Polycom RealPresence DMA system. If you don’t receive asecurity warning, the needed certificates are already in the Windows certificate store.

If you receive a warning, import the needed certificates. The details for doing so depend on the version ofInternet Explorer and on your enterprise’s implementation of certificates. In Internet Explorer 8, elect tocontinue to the site. Then click Certificate Error to the right of the address bar and click ViewCertificates to open the Certificate dialog box. From there, you can access the Certificate ImportWizard.

The entire trust chain must be imported (the system’s signed certificate, intermediate certificates, if any,and the root CA’s certificate). When importing a certificate, let Internet Explorer automatically select acertificate store.

Intrusion Detection SystemsThe Polycom RealPresence DMA system has both HIDS (Host Intrusion Detection System) and NIDS(Network Intrusion Detection System) enabled at all times, regardless of security settings.

HIDSThe Polycom RealPresence DMA system uses the Linux kernel’s iNotify file/directory change notificationsystem to monitor the enire file system for change events, with the exclusion of a short list of files anddirectories that are expected to change (logs, temporary files, etc.).

Any change to one of the monitored files or directories (including attribute change, write, delete, move,and create) is recorded in /var/logs/nids.log.

NIDSThe Polycom RealPresence DMA system uses iptables for access control. For each different kind ofpacket processing, there is a table containing chained rules for the treatment of packets. Every networkpacket arriving at or leaving from the computer must pass the rules applicable to it.

Depending on the nature of the suspect packets, the rules may reject, drop, or limit their arrival rate

(dropping the rest)..


Polycom, Inc. 96

The system adds a hosts.deny file when Linux console access is disallowed (as is the case whenMaximum security is enabled).

Details of each blocked access attempt are recorded in /var/logs/nids.log.

Install Security Certificates and Enable OCSPThe steps for installing the necessary security certificate(s) depend on the certificate procedures used atyour organization. For instance, if your certificate authority (CA) doesn’t provide a full certificate chain inresponse to a certificate signing request (CSR), you need to install the CA’s certificate(s) into the PolycomRealPresence DMA system prior to adding the system’s signed certificate.

If you’re installing the Polycom RealPresence DMA system into a highly secure environment, presumablyyou’re knowledgeable about X.509 certificates and their use (or have access to someone who is).Nevertheless, we suggest that you review “Management and Security Overview” in the online help orPolycom RealPresence DMA Operations Guide to familiarize yourself with the forms of certificates thatcan be installed in the Polycom RealPresence DMA system and how the system uses certificates.

See “Certificate Procedures” in the online help or Polycom RealPresence DMA 7000 Operations Guidefor step-by-step instructions for the following tasks:

▪ Install your CA’s public certificate (and any intermediate certificates).▪ Create a CSR to submit to the CA.▪ Install the public certificate signed by the CA that identifies the Polycom RealPresence DMA

system.

Note: The CSR generated by the system automatically includes all the host names and IPaddresses (virtual and physical) by which the system can be accessed, using theSubject Alternate Name (SAN) field. If your organization’s procedure for creating acertificate doesn’t use the system-generated CSR, be sure to specify the SAN entriesso that the certificate is valid regardless of which address is used to access the system.

See “Certificate Management” in the online help or Polycom RealPresence DMA 7000 Operations Guidefor information about enabling the Online Certificate Status Protocol (OCSP). Typically, you only need toselect Enable OCSP (on the Certificate Management page) and click Store OCSP configuration.

If your organization uses a specific OCSP responder instead of the responder in the certificate’sAuthorityInfoAccess (AIA) field, specify that responder in the OCSP responder URL field. OCSPcertificate lets you select a certificate to be used to authenticate the response messages.

With OCSP enabled, the Polycom RealPresence DMA system attempts to verify the status of allcertificates presented to it. If it’s unable to connect to the OCSP responder or doesn’t receive a responseindicating that the certificate is good, the system rejects the certificate and refuses the connection.

Configure Secure SIP or AS-SIP ConnectionsIf you are deploying the RealPresence DMA system in a secure SIP or AS-SIP environment, you canconfigure the system to take advantage of encrypted SIP or AS-SIP communication paths as described inthis topic.


Polycom, Inc. 97

Integrate the DMA System With a Local Session Controller (LSC)If necessary in your environment, enable secure outbound connections to a Local Session Controller fromRealPresence DMA system VMRs. For more information and instructions for individual steps below, referto the online help or the Polycom RealPresence DMA 7000 Operations Guide.

To integrate the RealPresence DMA system with the LSCProcedure

1. Go to Network → External SIP Peers.2. Click Add.3. Enter the following information:

▪ Name for the LSC▪ Description for the LSC▪ IP address of the LSC as the Next hop address▪ Port of 5061

4. If the LSC requires the DMA system to provide SIP digest authentication, add the credentials inthe Authentication tab.

5. Ensure that the Transport type field is set to TLS.The RealPresence DMA system must trust the LSC security certificate. If necessary, import theLSC certificate into the RealPresence DMA system’s certificate repository, or ensure that theRealPresence DMA system’s certificate and the LSC certificate are signed by the same CertificateAuthority. See the “Certificate Procedures” topic in the online help or Polycom RealPresence DMA7000 Operations Guide for more information about working with certificates.

6. Go to Admin → Call Server → Dial Rules.7. Click Add to create a new dial rule for authorized calls that will route calls to the newly defined SIP

peer.8. Enter a Description for the rule.9. Choose an Action of Resolve to external SIP peer.

10. In the list of Available SIP peers, select the SIP peer you defined earlier and use the right arrowbutton to move it to the list of Selected SIP peers.

11. When finished, click OK.12. Select the new rule in the list and use Move Up and Move Down to order the rule after any rules

that route calls to local resources, such as VMRs, Virtual Entry Queues (VEQs), direct dial VEQs,and registered H.323 endpoints.Ensure that the rule is ordered after any rules that route to external devices (such as neighboredH.323 gatekeepers or H.323 -> ISDN gateways) that should be applied before routing a call to theexternal SIP call server.

13. If H.323 is enabled on the RealPresence DMA system, add the following preliminary script to eachH.323-only dial rule. The preliminary script will ensure that the dial rule is skipped if the dial stringbegins with “sip” or “sips”:

if (DIAL_STRING.match(/^sip/i)){return NEXT_RULE;}


Polycom, Inc. 98

Configure Default AS-SIP Resource Priority Values for Dial-OutConferencingIf you are deploying the RealPresence DMA system on an AS-SIP network and will be using VMR dial-outfunctionality, you need to configure the default resource priority values to use when placing these calls. Ifyou won’t be using the VMR dial-out feature, it’s not necessary to configure these settings.

To configure default AS-SIP resource priority values for dial-out conferencingProcedure

1. Go to Admin → Conference Manager → Conference Settings.2. Set the Default resource priority namespace and Default resource priority value fields to

appropriate values for your environment.See the online help or the Polycom RealPresence DMA 7000 Operations Guide for moreinformation about these settings.

3. Click Update.

Configure Encryption for Conference TemplatesTo configure encryption for conference templatesProcedure

1. Go to Admin → Conference Manager → Conference Templates.2. Click Add to add a new conference template, or select an existing conference template from the

list and click Edit.3. Select the Polycom MCU General Settings tab.4. Under Advanced Settings, ensure the Encryption field is set to Encrypt all.

To ensure a secure connection with endpoints, the MCU conference profile you use must haveAES encryption enabled, as must any endpoints joining calls on this system.

5. If you are deploying the DMA system in an AS-SIP environment:▪ Select the Polycom MCU Video Quality tab.▪ Ensure that the AS SIP content check box is selected.

6. Click OK.

Enable Secure Inbound SIP or AS-SIP VMR ConnectionsTo enable secure inbound SIP or AS-SIP connections to a VMRProcedure

1. Go to Admin → Call Server → Device Authentication.2. Click the Shared Outbound Authentication tab.3. Click Add.

If the external call server requires the DMA system to provide authentication credentials whenconnecting, you need to configure the credentials that the RealPresence DMA system will provide.

4. Add any required authentication credentials for authenticating the DMA system with the externalcall server as described in the “Device Authentication” topic of the online help or the PolycomRealPresence DMA 7000 Operations Guide.

5. Add an MCU to the RealPresence DMA system if none have been added, or ensure the existingMCUs have a secure connection to the RealPresence DMA system.

6. Add the MCU to a pool, and the pool to a pool order. See “Add Polycom MCUs to the System”


Polycom, Inc. 99

7. If necessary, create a secure SIP trunk or routing rule on the external call server to route inboundVMR calls to the RealPresence DMA system. Refer to the external call server’s documentation formore information.

Configure VMRs for UsersOnce you’ve configured the system to use secure connections for SIP and AS-SIP calls, you canconfigure virtual meeting rooms (VMRs) to take advantage of this configuration.

To configure VMRs for usersProcedure

1. Go to User → Users.2. Select a user from the list.3. Click Manage Conf Rooms.4. Click Add to create a RealPresence DMA VMR for the selected user.5. Configure the VMR to use the conference template you created or modified in “Configure

Encryption for Conference Templates” and the MCU pool order that you configured in “EnableSecure Inbound SIP or AS-SIP VMR Connections”.See the online help or the Polycom RealPresence DMA 7000 Operations Guide for moreinformation on creating VMRs and working with MCU pools and pool orders.

6. If necessary, change the resource priority values for this VMR.

Note: When you deploy the RealPresence DMAsystem in an AS-SIP environment, you canconfigure each VMR to use specific, non-default resource priority values for outboundcalls. For example, some users may require all outbound calls to be placed with ahigher priority than the system-wide default.

When creating VMRs for users, configure the resource priority values for those VMRsif required in your environment. Refer to the online help or Polycom RealPresenceDMA 7000 Operations Guide for more information.

7. Click OK.8. Repeat steps 4 through 7 to add more VMRs.

Set Security Configuration to Maximum SecurityOnce certificates are in place (and assuming that all devices with which the Polycom RealPresence DMAsystem communicates also have valid certificates signed by a CA that the Polycom RealPresence DMAsystem trusts), you’re ready to switch the system into maximum security mode.

Note: Enabling Maximum security is irreversible and has significant consequences (see “TheConsequences of Enabling Maximum Security Mode” on page 2). Don’t choose this settingunless you’re certain that you’re ready to proceed. You may wish to “test drive” securecommunications first by switching to High security, which is reversible. In that mode, you canconfirm that all server connections work and that there are no certificate or communicationsprotocol problems before performing the irreversible procedure below.

To Switch to Maximum Security Mode


Polycom, Inc. 100

Procedure1. Go to Admin→Local Cluster→Security Settings.2. Click Maximum security.

Polycom recommends leaving Skip validation of certificates for inbound connections enabledfor now. If your environment requires user certificates, this setting can be turned off later, afterverifying the functionality of the system.

3. Click Update.A dialog box informs you that only one local administrator is permitted in maximum security modeand prompts you to confirm. Another dialog box informs you that the change is irreversible, listssome of the consequences, and prompts you to confirm again.

4. Confirm at both prompts.The system reboots, which takes several minutes. When you log back in, you’re prompted tochange your password.

5. Change your login password.If you performed the recommended procedure to manually secure the servers, a BIOS passwordalready exists, and it remains unchanged.

Note: Occasionally, a BIOS change fails to be implemented on reboot. That’s why, to makeabsolutely certain that the servers are secure, we recommend manually securingthem by refering to Secure the Polycom RealPresence DMA System Servers.

Otherwise when the system enters maximum security mode, it attempts to set a default BIOSpassword (B105pa55w0rd). In that case, follow the procedure below to change the default BIOSpassword to something more secure.

To Manually Change the BIOS Password on a Polycom RealPresenceDMA Server

Procedure1. Attach a USB keyboard and monitor to the server and restart it.2. During the boot sequence, press F2 to enter the System Setup menu.3. If prompted to Enter Setup Password, enter your current BIOS password (if you don’t remember

it, contact Polycom Global Services for instructions on how to access the System Setup menu).4. Use the arrow keys to navigate to the System Security sub-menu and press ENTER. Then

navigate to Setup Password and press ENTER.5. Enter the same value in the Enter Password and Confirm Password fields (to remove the BIOS

password, press ENTER without typing a new password value for both fields).6. Save your changes and exit BIOS setup.

The system reboots.

Review and Modify (If Necessary) Security-RelatedSettingsReview the settings on the following pages and make any necessary changes (see the online help orPolycom RealPresence DMA 7000 Operations Guide topic for each page for details about the settings):


Polycom, Inc. 101

▪ Admin → Login Policy Settings → Local Password▪ Admin → Login Policy Settings → Local User Account▪ Admin → Login Policy Settings → Session▪ Admin → Login Policy Settings → Banner▪ Admin → Login Policy Settings → Access Policy Settings

Note: The Access Policy Settings page lets you restrict management access to a whitelistof authorized IP addresses or address ranges. If you choose to do so, make sure thatyou’ve correctly added the IP address of the workstation from which you logged intothe system and all other IP addresses or address ranges authorized for managementaccess.

The settings after switching to maximum security mode are the defaults for that mode, unless youpreviously chose a more stringent setting.

Integrate with Active DirectoryReview the information in the “Connect to an Enterprise Directory” topic of the online help or PolycomRealPresence DMA 7000 Operations Guide, and then integrate the system with your Active Directory asdescribed in “Active Directory Integration Procedure.”

Note: Polycom strongly recommends using the auto-discover option during the Active Directoryintegration procedure.

At the end of the integration procedure, you should have completed the following:▪ Successfully connected the system to your Active Directory and retrieved directory data.▪ Successfully generated conference room IDs (virtual meeting rooms, or VMRs) for the enterprise

users, if you elected to do so.▪ Given Administrator privileges to your named enterprise account.▪ Secured the service account.▪ Verified that the results of the integration are satisfactory.

At this time, you can give access to the Polycom RealPresence DMA system’s management andoperations interface (via the Administrator, Auditor, or Provisioner role) to the appropriate enterpriseaccounts. See “Users” and its subtopics in the online help or Polycom RealPresence DMA 7000Operations Guide.

You may wish to use enterprise groups to manage these role assignments. For instance, you can create a“Polycom RealPresence DMA Administrators” group in Active Directory, which automatically confers theAdministrator role on its members. See “Groups” and its subtopics in the online help or PolycomRealPresence DMA 7000 Operations Guide.

Note: In maximum security mode, a user may only have one of the three roles. Thus, a group youcreate for this purpose can only have one role. If an enterprise user is a member of morethan one group conferring a role, only the lowest-ranking role (Administrator > Auditor >Provisioner) applies.


Polycom, Inc. 102

Add Polycom MCUs to the SystemIf you haven’t already done so, deploy your Polycom MCUs as described in the documentation for themodel you purchased.

Note: A Polycom MCU doesn’t include its management IP address in the SAN field of its CSR, sothe Polycom RealPresence DMA system can only connect to it using the FQDN specified inthe CN field of the MCU’s certificate.

For a maximum security environment, the administrative user ID with which the PolycomRealPresence DMA system can log into the MCU must be a machine account created on theMCU. When the connection between the RealPresence DMA system and the MCU isencrypted, the “Connected securely” lock icon will

appear next to the MCU name in the list of MCUs.

Note that Polycom MCUs use case-sensitive machine names (and thus FQDNs) whencreating machine accounts.

Verify System FunctionalitySee “Test the System” in the online help or Polycom RealPresence DMA 7000 Operations Guide forsuggestions on verifying that the system is correctly configured and functioning properly. In particular,check that:

▪ All communications to and from the system are working and there are no certificate problems orother security issues either on the Polycom RealPresence DMA system or on the systems to whichit connects.

▪ Calls can reach the Polycom RealPresence DMA system’s physical signaling interface address(es).▪ You can log into the management interface using any of the management interface addresses —

physical or virtual, IPs or FQDNs.

Note: If you receive a security warning from your browser, you need to install into your OS and/orbrowser certificate database the public certificate of the CA that signed the PolycomRealPresence DMA system’s certificate. If you use only the Mozilla Firefox browser, be sureto read “Enabling File Uploads in Maximum Security with Mozilla Firefox”

Enable User Certificate ValidationIf your environment requires user certificates for accessing the management interface, enable certificatevalidation for user login sessions.

To enable user certificate validationProcedure

1. Go to Admin → Local Cluster → Security Settings.2. Clear the Skip validation of certificates for inbound connections check box and click Update.

A dialog box notifies you that if you don’t log back in within five minutes, the setting will beautomatically turned back on.


Polycom, Inc. 103

3. Click Yes.The system logs you out and restarts, which takes a minute or so.

4. Log back into the system with a valid user certificate signed by a CA that the system trusts.If you can’t log back in, there is a problem with the certificate your browser is presenting. After fiveminutes, the system turns Skip validation of certificates for inbound connections back on.Resolve the problem and repeat this procedure.


Polycom, Inc. 104

First Time Installation RealPresenceCollaboration ServerTopics:

▪ Workstation Requirements for RMX Web Client and RMX Manager

▪ Virtual Edition Installation

▪ Installing the RMX Manager Software

▪ Fast Configuration Wizard

• Licensing Your System with an Activation Key

Workstation Requirements for RMX Web Client andRMX ManagerThe RMX Web Client and RMX Manager applications can be installed in an environment that meets thefollowing requirements:

Minimum Hardware▪ Intel® Pentium® III, 1 GHz or higher, 1024 MB RAM, 500 MB free disk space.▪ Network Card–10/100/1000 Mbps.

Workstation Operating SystemMicrosoft® Windows® XP, Windows® 7, and Windows® 8.

The following table lists the Web Browsers and Operating Systems with which the RMX Web Client wastested.

Web Browser Operating System

Internet Explorer 7 Windows Vista™

Windows 7

Internet Explorer 8 Windows 7

Internet Explorer 9 Windows 7 and Windows 8

Internet Explorer 10 Windows 7 and Windows 8

Only RMX Manager can be used with Windows 10, and following preview features are not supportedthrough RMX Manager:

▪ View Participant Sent Video (AVC Only)▪ Preview and add Motion slide to IVR services

Polycom, Inc. 105

ResolutionRMX Web client and RMX Manager are optimized for display at a resolution of 1280x800 pixels and amagnification of 100%

Microsoft .Net Framework▪ RealPresence Collaboration Servers (RMX) 1800/2000/4000-.Net Framework 3.5 SP1 or above is

required and installed automatically. Internet Explorer must be enabled to allow the running ofSigned ActiveX

▪ RealPresence Collaboration Servers Virtual Edition-.Net Framework 2.0 SP1 or above is requiredand installed automatically. Internet Explorer must be enabled to allow the running of SignedActiveX. If ActiveX installation is blocked, see ActiveX Bypass in RealPresence CollaborationServer 1800/2000/40000/Virtual Edition Administrator Guide.

Windows 7™ Security Settings

Before running the Collaboration Server Web Client or RMX Manager applications in Window 7 operationsystem or in other operation systems, following system factors need to be considered:

• Internet Explorer 10 has been tested on the RealPresence Collaboration Server (RMX) 1800. If forany reason it fails to run, right-click the Internet Explorer icon and select Run As Admin.

• In Windows 8, it is recommended to run Internet Explorer as an administrator by holding the shiftkey and right-clicking on the IE icon, and then select Run as Administrator.

• .Net Framework 2.0 is required and installed automatically.• If ActiveX installation is blocked, see ActiveX Bypass in the Polycom RealPresence Collaboration

Server 1800/2000/4000 Administrator Guide.• The RMX Web Client does not support larger Windows text or font sizes. It is recommended to set

the text size to 100% (default) or normal, otherwise, some dialog boxes may not appear properly.To change the text size, click Control Panel > Display.

◦ Windows XP: Click the Appearance tab, select Normal for the Font size and click OK.◦ Windows 7: click the Smaller - 100% option and click OK.

• When installing the RMX Web Client, Windows Internet Explorer Security Settings > InternetOptions > Security Settings must be set to Medium or less.

• It is not recommended to run Collaboration Server Web Client and Polycom Resource Managerapplications simultaneously on the same workstation.

• If Windows 7 is installed on the workstation, protected mode must be disabled before downloadingthe software to the workstation.

Disable Protected Mode for Windows 7If Windows 7 is installed on the workstation, protected mode must be disabled before downloading thesoftware to the workstation.

Procedure1. In the Internet Options dialog box, click the Security tab.2. Clear the Enable Protected Mode check box for each of the following tabs:

• Internet• Local Intranet• Trusted sites

First Time Installation RealPresence Collaboration Server

Polycom, Inc. 106

3. After successful connection to Collaboration Server, the Enable Protected Mode check boxescan be selected to enable Protected Mode for the following tabs:

• Internet• Local Intranet

Virtual Edition InstallationBefore you install the system in your environment, review the and ensure that your host machine has thecapacity for your planned Virtual Edition deployment. In addition, ensure that it meets the host guidelinesrecommended by Polycom.


Polycom, Inc. 107

Installing the RMX Manager SoftwareYou can download and install the RMX Manager software from Polycom Support or through theRealPresence Collaboration Server system web interface.

Download and Install the RMX Manager through Polycom SupportYou can download the RMX Manager software from Polycom Support and install it on your local computersystem.

Polycom recommends using Microsoft Internet Explorer to download the RMX Manager software.Procedure

1. Go to the Collaboration & Conferencing Platforms page at Polycom Support.2. Click the link for your RealPresence Collaboration Server (RMX) version’s support page..3. Select the appropriate software version of the Local Web Client (RMX Manager) in the Current

Releases tab.4. Accept the End User License Agreement and the Export Restrictions Agreement.5. Click Open to launch the .zip file after it downloads.6. Go to RMX_x-x-x-xxx_LocalWebClient_RMXManager\RmxManagerInstallerMsi and

launch setup.exe.7. Follow the directions in the install wizard to complete the software installation.

Download and Install RMX Manager from the System Web InterfaceYou can download and install the RMX Manager using the system web interface.

You must use Internet Explorer to download the software through the system web interface.Procedure

1. Open Internet Explorer and go to http://<Collaboration Server IP Address>/RMXManager.html.

The RMX Manager installation page displays.2. Click Install.

The installer verifies the application’s requirements on the workstation.The application launches after your system completes the installation.

Fast Configuration WizardThe Fast Configuration Wizard assists you in configuring the initial or default settings for yourRealPresence Collaboration Server (RMX).

The Fast Configuration Wizard automatically starts if the system doesn’t find a default IP network service.The system triggers the wizard in the following situations:

▪ You power up the RealPresence Collaboration Server (RMX) for the first time.▪ You delete IP Network Service and restart the RealPresence Collaboration Server (RMX).▪ You select Restore Factory Default and restart the RealPresence Collaboration Server (RMX).


Polycom, Inc. 108

https://support.polycom.com/content/support/north-america/usa/en/support/network/collaboration-conferencing-platforms.html

Some things to note about configuring your RealPresence Collaboration Server (RMX) using the FastConfiguration Wizard:

▪ The system enables the IP Management Service tab in the Fast Configuration Wizard only if youdidn’t modify the factory default management IP addresses.

▪ IPv4 is the default protocol for setting the network service in the Fast Configuration Wizard. If yourdeployment requires IPv6, you can modify the settings after you complete the initial configuration.

▪ To set the RealPresence Collaboration Server (RMX) to Secured Communication, first complete theFast Configuration Wizard and reset the system. You can then open the RMX Manager, install theCertificate, and enable Secured Communication Mode.

Configure the Default IP Network ServiceConfigure the RealPresence Collaboration Server (RMX) network settings to create the default IP networkservice.

You must install media cards in the RealPresence Collaboration Server (RMX) to create and configure theIP network service using the Fast Configuration Wizard.

The Fast Configuration Wizard configures the default IP network service with common parameters. Youcan configure specific or additional settings (for example, ICE or Secured Mode) once you complete theinitial configuration. For more information on the IP network services, see the Polycom RealPresenceCollaboration Server (RMX) 1800/2000/4000/Virtual Edition Administrator Guide.

Note: RealPresence Collaboration Server (RMX) supports the following protocols:▪ TLS 1.0▪ SSL 2.0▪ SSL 3.0

Procedure1. In the IP Signaling dialog box, enter the required IP information.


Polycom, Inc. 109


Polycom, Inc. 110

Field Description

Network Service Name The name for the default IP network service.

The default is IP Network Service.

Note: This field displays in all IP signalling dialogboxes and can contain character sets that useUnicode encoding.

Signaling Host IP Address ▪ The address IP endpoints use when dialing into the MCU.

▪ The RealPresence Collaboration Server (RMX)initiates dial-out calls from this address.

▪ A gatekeeper or SIP proxy server uses thisaddress to register the RealPresenceCollaboration Server (RMX).

Note: The system disables this field inRealPresence Collaboration Server (RMX) 1800because it uses only the Media Card 1 IP Addressfor both the signaling host and media card.

Media Card 1-4 IP Addresses The IP address of the media cards (MPMx/MPMRx1 and MPMx/MPMRx 2-4, if installed) provided byyour network administrator. Endpoints connect toconferences and transmit call media (video, voice,and content) via these addresses.

Note: RealPresence Collaboration Server (RMX)1800 uses only the Media Card 1 IP Address forboth the signaling host and media card.

Subnet Mask The subnet mask of the MCU.

The default value is 255.255.255.0.

2. Click Next.3. In the Routers dialog box, enter the Default Router IP Address.


Polycom, Inc. 111

Field Description

Default Router IP Address The IP address of the default router.

Note: Make sure to define the IP address of therouter and IP addresses of the RealPresenceCollaboration Server (RMX) in the defined networksubnet.

4. Click Next.5. In the DNS dialog box, enter the required DNS information.


Polycom, Inc. 112

Field Description

MCU Host Name The name of the MCU on the network. The defaultname is Polycom MCU.

DNS ▪ Select Specify to enter the IP addresses of theDNS servers.

▪ Select Off if your network doesn’t use DNSservers.

Register Host Names Automatically to DNS Server Select this option to automatically register the MCUSignaling Host and Shelf Management with theDNS server.

Local Domain Name The name of the domain where the MCU isinstalled.

Primary DNS Server IP Address The static IP address of the primary DNS server.

6. Click Next.7. In the Network Type dialog box, select one of the following IP Network Types:

▪ H.323


Polycom, Inc. 113

▪ SIP▪ H.323 & SIP

The RealPresence Collaboration Server (RMX) supports SVC-based conferencing, which is basedon the SIP protocol. If your organization requires SVC-based conferencing, select SIP as your IPNetwork Type.

8. Click Next.If you selected SIP only in step 7, you don’t need to configure gatekeeper settings. Instead, go tostep 11.

9. In the Gatekeeper dialog box, enter the required gatekeeper information.


Polycom, Inc. 114

Field Description

Gatekeeper ▪ Select Specify to enable gatekeeper IPaddress configuration.

▪ If you select Off, the system disables allgatekeeper options.

Primary Gatekeeper

Field Description

IP Address or Name The gatekeeper’s host name (if you use a DNSServer) or IP address.

MCU Prefix in Gatekeeper The string the MCU uses to register itself with thegatekeeper.

▪ The gatekeeper uses this string to identify theMCU when forwarding calls to it.

▪ H.323 endpoints use this number as the firstpart of their dial-in string when dialing the MCU.


Polycom, Inc. 115

Aliases

Field Description

Alias The alias that identifies the RealPresenceCollaboration Server signaling host within thenetwork. You can define up to five aliases for eachRealPresence Collaboration Server.

Note: When you specify a gatekeeper, you mustenter at least one alias in the table. You can alsoenter additional aliases or prefixes.

Type The format the system uses to send the card’salias to the gatekeeper. Each alias can be of adifferent type:

▪ H.323 ID (alphanumeric ID)

▪ E.164 (digits 0-9, * and #)

▪ Email ID (email address format, for example,[email protected])

▪ Participant number (digits 0-9, * and #)

Note: Although RealPresence Collaboration Serversupports all types of aliases, the type of alias youmust use depends on the gatekeeper’s capabilities.

10. Click Next.If you selected H.323 only in step 7, you don’t need to configure SIP server settings. Instead, go toConfigure Security Settings.

11. In the SIP Server dialog box, enter the required SIP server information.


Polycom, Inc. 116

Field Description

SIP Server ▪ Select Specify to configure SIP servers.

▪ Select Off if your network doesn’t use SIPservers.

Server IP Address or Name The IP address of the preferred SIP server or itshost name (if your network uses DNS servers).

Server Domain Name The name of the SIP domain.


Polycom, Inc. 117

Field Description

Transport Type The transport type and protocol to use for signalingbetween the MCU and the SIP server or theendpoints according to the protocol supported bythe SIP server:

▪ UDP – Select this option to use UDP forsignaling.

▪ TCP – Select this option to use TCP forsignaling.

▪ TLS – The Signaling Host listens on securedport 5061 only, and the system establishes alloutgoing connections on secured connections.The system rejects calls from SIP clients orservers to nonsecured ports.

12. Click Next.You must configure the Security settings before the system creates the default IP network service. Go toConfigure Security Settings.

Configure Security SettingsConfigure the RealPresence Collaboration Server (RMX) security authentication information.

Before you configure security settings, you must first define the credentials used to authenticate the MCU.▪ Define credentials in the SIP proxy to configure SIP authentication information. Each field can

contain up to 20 ASCII characters.▪ Define credentials in the gatekeeper to configure H.323 authentication information. Each field can

contain up to 64 ASCII characters.

Configuring the security settings in the Security dialog box is the last step in creating the default IPnetwork service. You can configure SIP authentication, H.323 authentication, or both.


Polycom, Inc. 118

Figure 6: Fast Configuration Wizard Security dialog box

Procedure1. Configure the SIP Authentication information.

a. Select the SIP authentication check box to enable authentication on the SIP proxy.Leave this check box clear if you disabled the authentication option on the SIP proxy.

b. Enter the SIP proxy User Name and Password credentials used to authenticate the MCU.2. Configure the H.323 Authentication information.

a. Select the H.323 authentication check box to enable authentication on the gatekeeper.Leave this check box clear if you disabled the authentication option on the gatekeeper.

b. Enter the gatekeeper User Name and Password credentials used to authenticate theMCU.

3. Click Save & Continue.


Polycom, Inc. 119

The system creates the IP Network Service.4. Click OK.

If there is no RTM ISDN card in the RealPresence Collaboration Server (RMX) or if you don’t wantto define an ISDN/PSTN network service, go to Set the RMX Time.

Configure the ISDN/PSTN Network ServiceYou can configure the RealPresence Collaboration Server (RMX) ISDN/PSTN network service if yourdeployment supports it.

During the initial RealPresence Collaboration Server (RMX) setup, you must install an RTM ISDN card ormodule for RealPresence Collaboration Server (RMX) 1800 for the system to activate the ISDN/PSTN tabin the Fast Configuration Wizard.

If you don’t install an RTM ISDN or embedded module for RealPresence Collaboration Server (RMX)1800, you must instead define a new ISDN/PSTN network service by configuring ISDN/PSTN NetworkService > New ISDN/PSTN Service in the RMX Web Client.

If you can’t or don’t want to define an ISDN/PSTN network service through the Fast Configuration Wizard,skip this section and go to Set the RMX Time.

Procedure1. In the ISDN/PSTN dialog box, enter the ISDN/PSTN service information.


Polycom, Inc. 120

Field Description

Network Service Name The service provider’s (carrier) name or any othername you choose, using up to 20 characters. TheNetwork Service Name identifies the ISDN/PSTNService to the system. The default name is ISDN/PSTN Service.

Note: This field displays in all ISDN/PSTN networkproperties tabs and can contain character sets thatuse Unicode encoding.


Polycom, Inc. 121

Field Description

Span Type The type of span (ISDN/PSTN) lines, supplied byyour service provider, that connect to theRealPresence Collaboration Server (RMX). Youcan define each span as a separate networkservice, or you can define all the spans from thesame carrier as part of the same network service.

▪ T1 (U.S.–23 B channels + 1 D channel)

▪ E1 (Europe–30 B channels + 1 D channel)

The default is T1.

Note: You can only define one Span Type (E1 orT1) on the RealPresence Collaboration Server(RMX). For example, if you define the first span astype E1, all other spans that you may later definemust also be type E1.

Service Type The MCU supports only the PRI service type.

2. Click Next.3. In the PRI Settings dialog box, configure the PRI settings.


Polycom, Inc. 122

Field Description

Default Num Type The Num Type defines how the system handles thedialing digits. For example, if you type eight dialingdigits, the Num Type defines whether this numberis national or international.

If the PRI lines connect to the RealPresenceCollaboration Server (RMX) via a network switch,the system uses the Num Type to route the call to aspecific PRI line. If you want the network tointerpret the dialing digits for routing the call, selectUnknown.

The default is Unknown.

Note: For E1 spans, the system sets thisparameter.


Polycom, Inc. 123

Field Description

Num Plan The type of signaling (Number Plan) according toinformation provided by the service provider.

The default is ISDN.

Note: For E1 spans, the system sets thisparameter.

Net Specific The appropriate service program if your serviceprovider (carrier) uses one. Some service providersmay have several service programs that you canuse.

The default is None.

Dial-out Prefix The prefix that the PBX requires to dial out. Youcan leave this field empty (blank) or enter anumeric value 0–9999. Leave this field blank ifyour system doesn’t require a dial-out prefix.

The default is blank.

4. Click Next.5. In the Span Definition dialog box, define the span information.


Polycom, Inc. 124

Field Description

Framing The Framing format used by the carrier for thenetwork interface.

▪ For T1 spans, the default is SFSF

▪ For E1 spans, the default is FEBE

Note: For T1 configurations in Taiwan, you must setFraming to ESF.

Side The side options.

▪ User side (default)

▪ Network side

▪ Symmetric side

Note: If you configure the PBX on the network side,then you must configure the RealPresenceCollaboration Server (RMX) unit as the user sideand vice versa, or you must configure bothsymmetrically.

Line Coding The PRI line coding method.

▪ For T1 spans, the default is B8ZS

▪ For E1 spans, the default is HDB3

Note: For T1 configurations in Taiwan, you must setLine Coding to B8ZS.

Switch Type The brand and revision level of switch equipmentinstalled in the service provider’s central office.

▪ For T1 spans, the default is AT&T 4ESS

▪ For E1 spans, the default is EURO ISDN

6. Click Next.7. In the Phones dialog box, configure the phone number information.


Polycom, Inc. 125

a. Click Add to define dial-in number ranges.

The Add Phone Number dialog box opens.

b. Enter the phone number range information. A range must include at least two dial-innumbers but not exceed 1000 numbers.

▪ First Phone Number – The first number in the phone number range.▪ Last Phone Number – The last number in the phone number range.

c. Click OK.The system adds the new range to the Dial-in Phone Numbers table.


Polycom, Inc. 126

d. (Optional) Define additional dial-in ranges as needed.

e. In the Phones dialog box, enter the MCU CLI (Calling Line Identification).With dial-in connections, the MCU CLI indicates the number of the MCU dialed by theparticipant. With dial-out connections, the MCU CLI indicates the number as seen by theparticipant.

8. Click Save & Continue.

Important: Once you click Save & Continue, you can’t click Back to return toprevious configuration dialog boxes.

The system creates the ISDN/PSTN Network Service and adds it to the ISDN/PSTN NetworkServices list.

9. Click OK.The Spans dialog box opens.

10. In the Spans dialog box, attach spans to the network service in the Spans Table (all fields butAttached are read-only).


Polycom, Inc. 127

Note: When using the Fast Configuration Wizard, you are defining the first ISDN/PSTNnetwork service in the system. You can attach spans only to this service in the FastConfiguration Wizard.

After you finish the Fast Configuration Wizard, you can define additional ISDN/PSTNnetwork services in ISDN/PSTN Network Service > New ISDN/PSTN Service in theRMX Web Client. Once you do so, you can attach spans to or move spans betweenISDN network services in the ISDN/PSTN Network Services > ISDN Properties >Spans tab in the RMX Web Client.

Field Description

ID The connector on the RTM ISDN card (PRI1 toPRI12).

Slot The MPMx/MPMRx card that the RTM ISDN orRTM ISDN 1500 card connects to.

▪ RealPresence Collaboration Server (RMX)2000: MPM 1/MPM2

▪ RealPresence Collaboration Server (RMX)4000: MPM1/MPM2/MPM3/MPM4

Service The ISDN/PSTN network service to which the spanis assigned.

Clock Source Indicates if ISDN signaling synchronization issupplied by the primary or secondary clock source.The first span to synchronize becomes the primaryclock source.

State The system alert level of the span (Major orMinor). If there are no span-related alerts, thiscolumn contains no entries.

Attached The check boxes to attach spans (E1 or T1 PRIlines) to the network service named in the NetworkService Name field.

▪ RealPresence Collaboration Server (RMX)2000/4000: Each ISDN RTM card can supporteither seven E1 or nine T1 PRI lines.

▪ RealPresence Collaboration Server (RMX)1800: Supports either four E1 or four T1 PRIlines.

▪ You can’t use E1 and T1 connectionssimultaneously.

The Spans Table displays the configuration of all spans and all ISDN network services in thesystem.

11. Click Next.


Polycom, Inc. 128

Set the RMX TimeSet the RealPresence Collaboration Server (RMX) time.

If you didn’t configure an ISDN/PSTN network service using the Fast Configuration Wizard, click RMXTime in the left sidebar.

You can configure the RMX time using one of three options: set the time manually, retrieve the client time,or configure an NTP server.Procedure

1. In the RMX Time dialog box, configure the MCU time settings.

Field Description

GMT Date The date in Greenwich, UK.

Local Time The MCU’s local time settings, calculated from theGMT Time and the GMT Offset.

GMT Time Displays the MCU’s current GMT Time settings.

GMT Offset The time zone difference between Greenwich andthe MCU’s physical location.


Polycom, Inc. 129

Field Description

Retrieve Client Time Updates the MCU’s time to match the workstation.

Use NTP Server Updates the MCU’s time by synchronizing withexternal NTP servers via REST API.

▪ When you select this option, the systemdisables the manual GMT Date and GMT Timesetting options. The GMT Offset fields remainactive.

▪ The Status fields in Setup > RMX Time in theRMX Manager indicate whether time retrievalfrom the NTP server(s) succeeded or failed.

2. Option 1: Manually set the RealPresence Collaboration Server (RMX) time.

a. Use the up or down arrows to manually change the GMT Time and the GMT Offsetvalues.

3. Option 2: Automatically set the MCU time.

a. Click Retrieve Client Time to automatically update the MCU's GMT Date, GMT Time, andGMT Offset values to match the workstation’s settings.

4. Option 3: Set the MCU time by synchronizing with external NTP servers via REST API.

a. Select this check box to synchronize the time with up to three external NTP servers. Onceyou select this option, you must enter the IP address of at least one external NTP server toimplement this mode.

b. Enter the IP addresses of the required NTP servers in order of precedence.5. Click Next.

Configure System SettingsConfigure the RealPresence Collaboration Server (RMX) system settings to complete the FastConfiguration Wizard.Procedure

1. In the Administrator User dialog box, update the administrator account with a New User Nameand New Password.


Polycom, Inc. 130

2. Click Next.3. In the System Flags dialog box, configure the default conference information.


Polycom, Inc. 131

Field Description

Conference ID Length (MCU) The number of digits in the Conference IDassigned by the MCU.

Range: 2–16 (the default is 5).

Note: Selecting two digits limits the number ofsimultaneous ongoing conferences to 99.

Minimum Conference ID Length (User) The minimum number of digits that the user mustenter when manually assigning a numeric ID to aconference.




Polycom, Inc. 132

Field Description

Maximum Conference ID Length (User) The maximum number of digits that the user canenter when manually assigning a numeric ID to aconference.



MCU Display Name The MCU name that displays on the endpointscreen.

The default is RealPresence CollaborationServer (RMX) [model number].

Terminate Conference when Chairperson Exits ▪ Yes (default) – The conference ends when thechairperson exits, even if there are otherparticipants connected.

▪ No – The conference automatically ends at thepredefined end time or when all the participantsdisconnect from the conference.

Auto Extend Conferences ▪ Yes (default) – The system allows conferencesrunning on the RealPresence CollaborationServer (RMX) to automatically extend as longas participants are still connected and there areavailable resources.

▪ No – The system doesn’t allow conferencesrunning on the RealPresence CollaborationServer (RMX) to automatically extend.

The maximum extension time allowed by the MCUis 30 minutes.

Note: You can modify these flags later in Setup > System Configuration > SystemConfiguration in the RMX Manager. For more information, see the PolycomRealPresence Collaboration Server (RMX) 1800/2000/4000/Virtual EditionAdministrator Guide.

4. Click Save & Close.The system confirms successful configuration.

5. In the Success Message dialog box, click OK.

Once you successfully configure the RealPresence Collaboration Server (RMX) with the FastConfiguration Wizard, you must reset the system.

Reset the SystemAfter you finish configuring the RealPresence Collaboration Server (RMX) settings using the FastConfiguration Wizard, you must reset the system for the changes to take effect.

You must receive a successful configuration message before resetting your system.


Polycom, Inc. 133

Procedure1. In the Reset Confirmation dialog box, click Yes.

2. In the Please wait for system reset message box, click OK.System restart may take up to five minutes.

3. Refresh the browser periodically until the login screen displays.4. When the login screen displays, enter your Username and Password and click Login. If you’re

powering up the system for the first time or if you’re restoring the system to factory defaults, enterthe default user name and password: POLYCOM\POLYCOM.

Note: For system security reasons, you can’t fully configure the system until you delete thedefault user (POLYCOM).

In the RMX Web Client main screen, an MCU State indicator displays a Progress Indicatorshowing the time remaining until the system start-up completes.

Once the system successfully restarts, system configuration is complete. If there are no systemerrors, the green READY/RDY LED turns ON and the ERROR/ERR LED is OFF.

Change IP Network Server from IPv4 to IPv6You can update your network addressing protocol after you complete the system configuration in the FastConfiguration Wizard.

Complete the Fast Configuration Wizard using the IPv4 addressing protocol.

IPv4 is the default protocol for setting the network service in the Fast Configuration Wizard. If yourdeployment requires IPv6, you can modify the settings in the RMX Manager after you complete the initialconfiguration. For more information on IP network services, see the Polycom RealPresence CollaborationServer (RMX) 1800/2000/4000/Virtual Edition Administrator Guide.Procedure

1. In the RMX Manager, go to RMX Management > IP Network Services.2. Right-click Management Network and select Properties.3. In the IP Version drop-down menu, select one of the following options:

▪ IPv6▪ IPv4 & IPv6

4. Enter the IP information in the Control Unit IP Address > IPv6 field.5. Click OK.


Polycom, Inc. 134

Licensing Your System with an Activation KeyBefore you can use RealPresence Collaboration Server (RMX), you must register the product, register thevarious software licenses, and obtain an activation key.

Note: Although RealPresence Collaboration Server (RMX) 1800 is available as part ofRealPresence Clariti, it still follows the same licensing procedures described in this section.

Obtain the Activation KeyDuring first-time power-up, you must enter an activation key that you get from Polycom Support.Procedure

1. Access the Service & Support page of the Polycom website at http://support.polycom.com.2. Do one of the following:

• Log in with your email address and password.• Register as a new user.

3. Select Product Registration.4. Follow the onscreen instructions for product registration and product activation.

The MCU serial number on the product sticker on the back of the unit. For more information, referto the RealPresence Collaboration Server Software License document you received with yourshipment.

Register all Polycom Software Licenses that you purchased when obtaining the activation key. Forexample, ISDN, encryption, and multiple networks each have different Polycom software licenses.

From Version 8.1 onwards, the system requires a license for SVC conferencing.5. When the site displays the product activation key, write it down or copy it so you can paste into the

Activation Key field of the Product Activation dialog box.


Polycom, Inc. 135

http://support.polycom.com

Security Deployment ProceduresRealPresence Collaboration ServerTopics:

▪ Configure Soft MCU for WebRTC

▪ Configuring Certificates on the RealPresence Collaboration Server

▪ Configure System Flag

▪ Define Recording Links from RealPresence Collaboration Server

Configure Soft MCU for WebRTCThe RealPresence Collaboration Server, Virtual Edition, supports configuring up to two IP Networkservices:

▪ First mandatory IP Network service is used for either a generic or a Microsoft service.▪ Second optional IP Network service is used for the WebRTC service. The WebRTC service is

configured through RealPresence Collaboration Server, Virtual Edition, but all WebRTC functionsare processed on a modular MCU.

Procedure1. In the RealPresence Collaboration Server (RMX) web browser, in the RealPresence

Collaboration Server Management pane, expand the Rarely Used list and click IP NetworkServices.

2. In the IP Network Services pane, click New IP Service.3. Set the IP configuration for WebRTC in IP tab.

Select SIP for WebRTC network service.

Polycom, Inc. 136

4. Select the Ports tab to configure the port information.5. Select the SIP Servers tab.

Configure the following parameters:

▪ SIP Server: Specify▪ SIP Server Type: WebRTC

6. Select the SIP Advanced tab.

Configure the following STUN and TURN server settings:

▪ The STUN and TURN IPs are RealPresence DMA Edge external address.▪ The TURN Server User Name and TURN Server Password must be the same as the

configuration in RealPresence DMA Edge.

Security Deployment Procedures RealPresence Collaboration Server

Polycom, Inc. 137

Configuring Certificates on the RealPresenceCollaboration ServerYou must install a security certificate on the RealPresence Collaboration Server solution so that Skype forBusiness Server trusts it.

Generate a Certificate RequestCreate a management and signaling certificates.Procedure

1. In the RMX web client, go to Setup > RMX Secured Communication > CertificationRepository > Personal Certificates.

2. Select IP Network Service.3. Click Add.


Polycom, Inc. 138

4. Select IP Network Service for Network Service Name and CSR for Certificate Method.5. Click Create Certificate Request.

6. Enter the CSR value, and click Copy Request.


Polycom, Inc. 139

Request a CertificateYou can request a certificate from a third-party Certificate Authority.

Procedure1. Navigate to the Certificate Authority and click Request a certificate.

2. Click the advanced certificate request.


Polycom, Inc. 140

3. Paste the CSR into the saved request field.4. Under Certificate Template, choose Web Server with client EKU.

A certificate template with serverAuth EKU is required. If you want PKI authentication throughoutthe solution you will need a template that also includes clientAuth EKU.

5. Click the Submit button.

6. Choose Base 64 encoded, and click Download certificate.


Polycom, Inc. 141

Install CertificatesThis section shows you how to install the chain certificates.

Procedure1. Open the certificate file and copy the certificate content.2. In the RMX web client, go to Setup > RMX Secured Communication > Certification

Repository > Personal Certificates.

3. Click Paste Certificate.4. Click Send Certificate.


Polycom, Inc. 142

Configure System FlagIn a cascading conference, Polycom recommends setting the system flag for enabling the content snatchamong endpoints which are in different MCUs.Procedure

1. Go to Setup > System Configuration > System Configuration.

The System Flags dialog opens.

2. In MCMS_PARAMETERS_USER page, click New Flag.3. Set the value of the ENABLE_CONTENT_SNATCH_OVER_CASCADE system flag to YES.


Polycom, Inc. 143

4. Click OK.5. Set the value of the MS_ENVIRONMENT system flag to Yes.

6. Click New Flag.7. Create a new flag SIP_CONTACT_OVERRIDE_STR.

The flag value is the service GRUU information you obtained without the prefix sip:. For example,[email protected];gruu;opaque=srvr:rmx01host.ad-domain.com:eC_2d23c9lm7OYEfIvsOZwAA.


Polycom, Inc. 144

8. Set the value of ENABLE_POLYCOM_EPS_IN_LYNC_ROSTER system flag toENABLE_CONSIDER_ORGANIZER for roster functionality.

9. Set the value of ENABLE_MODULAR_MCU system flag.

For RealPresence Collaboration Server 1800, set ENABLE_MODULAR_MCU=YES.


Polycom, Inc. 145

For SoftMCU, set ENABLE_MODULAR_MCU=MIX.

10. Set the value of NUM_OF_INITIATE_HELLO_MESSAGE_IN_CALL_ESTABLISHMENT systemflag to 3 for NAT Firewall deployment.

Check the new flag has been added to the system.


Polycom, Inc. 146

Define Recording Links from RealPresenceCollaboration ServerRealPresence Collaboration Server can dial out to the HARMAN Media Suite for a conference recording.Recording conferences is enabled through a dial-out Recording Link, which is a dial-out connection fromthe conference to the HARMAN Media Suite.

Procedure1. In the RealPresence Collaboration Server Management pane, click Recording Links ( ).2. In the Recording Links list, click New Recording Link ( ).

The New Recording Link dialog is displayed.3. Define the New Recording Link parameters.

Parameter Description

Name Displays the default name that is assigned to theRecording Link.

If multiple Recording Links are defined, it isrecommended to use a descriptive name to beindicated the VRR to which to associate it

Default: Recording Link

Type Select the network environment:

▪ H.323

▪ SIP

Polycom recommends selecting H.323.

IP Address ▪ If no gatekeeper is configured, enter the IPAddress of the HARMAN Media Suite.

▪ If a gatekeeper is configured, you can eitherenter the IP address or an alias (see the aliasdescription).

▪ If SIP server is configured, enter the IP addressof the SIP server instead of the IP address ofHARMAN Media Suite.


Polycom, Inc. 147

Parameter Description

Alias Name If using the endpoint’s alias instead of IP address,first select the alias type and then enter theendpoint’s alias.

If you are associating this recording link to a VRRon the HARMAN Media Suite, define the alias asfollows:

▪ If you are using the HARMAN Media Suite IPaddress, enter the VRR number in the Aliasfield. For example, if the VRR number is 5555,enter 5555.

▪ If the Alias Type is set to H.323 ID, enter theHARMAN Media Suite IP address and the VRRnumber in the format:

<Media Suite IP Address>##<VRRnumber>For example: If the HARMAN Media Suite IP is173.26.120.2 and the VRR number is 5555,enter 173.26.120.2##5555

▪ If the Alias Type is set to E.164, enter theHARMAN Media Suite E.164 followed by VRRnumber:

<Media Suite E.164><VRR number>For example: If the HARMAN Media Suite E.164 is 123456 and the VRR number is 5555,enter 1234565555

The name should be the same as HARMAN MediaSuite registration information.

Alias Type Depending on the format used to enter theinformation in the IP address and Alias fields,select H.323 ID or E.164 (for multiple Recordinglinks). E-mail ID and Participant Number are alsoavailable.

The type should be the same as HARMAN MediaSuite registration information.

If the recording link does not define the VRR, enter the HARMAN Media Suite E.164 that registersto RealPresence DMA in the Alias Name. The default VRR is used for recording.


Polycom, Inc. 148

If the recording link defines the VRR, enter the HARMAN Media Suite E.164 +VRR in the AliasName.


Polycom, Inc. 149

4. Click OK.


Polycom, Inc. 150

CertificatesTopics:

▪ RealPresence Clariti License

RealPresence Clariti LicenseWhen licensed as part of Polycom® RealPresence Clariti™, the RealPresence Collaboration Serverversion 8.8 and above will only work with the RealPresence DMA system version 10.0 and above, and itwill block incoming and outgoing SIP and H.323 calls that are not routed through the RealPresence DMAsystem with the following exceptions:

▪ Dial-in and Dial-out participant PSTN/ISDN calls▪ RealConnect calls▪ Cascading link calls▪ Recording link calls▪ Calls involving MMCU (SoftBlade)

This means the following types of calls will fail in a RealPresence Clariti licensing environment:▪ Calls routed directly to RMX will be rejected with error code 6060▪ Inbound calls from alternate SIP registrar▪ Direct meeting room calls and entry queues (EQ)/meeting room (MR) calls▪ MCU prefix-based calls▪ RMX SIP Trunk call

This list identifies some examples only; it is not all inclusive.

Note that Virtual Entry Queues (VEQ) hosted on the RMX are allowed while in Clariti licensing mode.

Polycom, Inc. 151

polycom realpresence clariti military unique deployment ... · video, audio, and content bridging...

Documents