Polycom DMA 7000 System Operations Guide

More documents

Recommendations

Info

DMA Operations Guide • When a client connects to a server, the server shows its signed public certificate to the client. Trust is established because the certificate has been signed by the certificate authority, and the client has been pre-configured to trust the certificate authority. How Certificates Are Used by the DMA System Frequently Asked Questions The Polycom DMA system uses X.509 certificates in three different ways: 1 When a user logs into the Polycom DMA system’s browser-based management interface, the Polycom DMA system (server) offers an X.509 certificate to identify itself to the browser (client). The Polycom DMA system’s certificate must have been signed by a certificate authority (see “Certificate Configuration Procedures” on page 9-3). The browser must be configured to trust that certificate authority (beyond the scope of this documentation). If trust can’t be established, most browsers allow connection anyway, but display a ‘nag’ dialog to the user, requesting permission. 2 When the Polycom DMA system connects to a Microsoft Active Directory server, X.509 certificates may be used to identify the Polycom DMA system (client) to the MS Active Directory server. If the MS Active Directory is configured to require a client certificate (this is not the default), the Polycom DMA system offers the same certificate that it offers to browsers connecting to the system management interface. The MS Active Directory must be configured to trust the certificate authority, or it rejects the certificate and the connection fails. The Polycom DMA system currently doesn’t check the certificate offered by the MS Active Directory. 3 When the Polycom DMA system connects to an RMX MCU configured for secure communications (this is not the default), an X.509 certificate may be used to identify the RMX MCU (server) to the Polycom DMA system (client). The Polycom DMA system currently doesn’t check the certificate offered by the RMX MCU. Q. Is it secure to send my certificate request through e-mail? A. Yes. The certificate request, signed certificate, intermediate certificates, and authority certificates that are sent through e-mail don’t contain any secret information. There is no security risk in letting untrusted third parties see their contents. For maximum security, verify the certificate 9–2 Polycom, Inc.
Certificate Configuration Procedures System Security fingerprints (which can be found in the Certificate Details popup) with the certificate authority via telephone. This ensures that a malicious third party didn’t substitute a fake e-mail message with fake certificates. Q. Why doesn't the information on the Certificate Details popup match the information that I filled out in the signing request form? A. Commercial certificate authorities routinely replace the organizational information in the certificate with their own slightly different description of your organization. Q. I re-installed the Polycom DMA system software. Why can't I re-install my signed public certificate? A. X.509 certificates use public/private key pair technology. The public key is contained in your public certificate and is provided to any web browser that asks for it. The private key never leaves the Polycom DMA system. As part of software installation, the Polycom DMA system generates a new public/private key pair. The public key from your old key pair can’t be used with the new private key. To re-use your signed public certificate, try restoring from backup. Both the public and private keys are saved as part of a backup file. Certificate configuration consists of two parts: • Install your chosen certificate authority’s public certificate so that the DMA system trusts that certificate authority. • Install a public certificate signed by your certificate authority that identifies the DMA system. Install or Verify a Trusted Certificate Authority This procedure is generally not necessary for the Polycom DMA system, which is pre-configured to trust many commercial certificate authorities (Trusted Root CAs). Installing your signed public certificate may also install the signing certificate authority’s certificate if necessary. But this procedure lets you verify your trusted certificate authority or use an in-house certificate authority. Polycom, Inc. 9–3
Page 1 and 2:
Polycom ® DMA 7000 System Operati
Page 3 and 4:
Contents 1 Polycom ® DMA 7000 Sys
Page 5 and 6:
8 Server Settings 9 System Security
Page 7 and 8:
Polycom ® DMA 7000 System Overvie
Page 9 and 10:
Polycom DMA System Management Inter
Page 11 and 12:
Software Name License Legal Contrac
Page 13 and 14:
Polycom ® DMA System Configuratio
Page 15 and 16:
Set Up MCUs Polycom ® DMA System
Page 17 and 18:
Set Up Conference Templates Test th
Page 19 and 20:
System Management This chapter desc
Page 21 and 22:
Recommended Regular Maintenance Sys
Page 23 and 24:
Dashboard System Management When yo
Page 25 and 26:
To run ping on each server 1 Go to
Page 27 and 28:
Table 3-2 Information in the Backup
Page 29 and 30:
System Management Note If autorun d
Page 31 and 32: Upgrade Procedures System Managemen
Page 33 and 34: Shutting Down and Restarting System
Page 35 and 36: Conference Templates and Settings T
Page 37 and 38: Table 4-3 Edit Conference Template
Page 39 and 40: Conference Settings Conference Temp
Page 41 and 42: User Management This chapter descri
Page 43 and 44: Users Screen User Management • In
Page 45 and 46: See also: Edit User Dialog Box Tabl
Page 47 and 48: Add Conference Room Dialog Box User
Page 49 and 50: User Management To find a user or u
Page 51 and 52: Groups To delete one of a user’s
Page 53 and 54: Table 5-10 Fields in the Edit Group
Page 55 and 56: System Reports System Logs This cha
Page 57 and 58: Audit Data Calls Data System Report
Page 59 and 60: Export CDR Data Table 6-6 Informati
Page 61 and 62: Call CDR Records Conference Room Er
Page 63 and 64: Table 6-10 Information in the Enter
Page 65 and 66: Device Management MCU List This cha
Page 67 and 68: See also: Add MCU Dialog Box “MCU
Page 69 and 70: Device Management To terminate exis
Page 71 and 72: Server Settings Network This chapte
Page 73 and 74: Enterprise Directory Server Setting
Page 75 and 76: Server Settings d Specify the direc
Page 77 and 78: Signaling Configuration Server Sett
Page 79 and 80: Licenses The following table descri
Page 81: System Security This chapter descri
Page 85 and 86: 3 In the Commands list, select Issu
Page 87 and 88: See also: “Management and Securit
Page 89 and 90: Security Configuration System Secur
Page 91 and 92: System Security To change the defau
Page 93 and 94: Index A access, system interface 1-
Page 95 and 96: logging 8-8 network 8-1 server 8-1
show all

Polycom DMA 7000 System Operations Guide

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?