Polycom DMA 7000 System Operations Guide
Polycom DMA 7000 System Operations Guide
Polycom DMA 7000 System Operations Guide
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
<strong>DMA</strong> <strong>Operations</strong> <strong>Guide</strong><br />
Allow Unencrypted Connections to<br />
the Enterprise Directory<br />
Allow Unencrypted Connections to<br />
MCUs<br />
Table 9-5 Fields in the Security Configuration screen (continued)<br />
Column Description<br />
Normally, the <strong>DMA</strong> system connects to an enterprise directory using<br />
SSL or TLS encryption. But if the directory server hasn’t been<br />
configured to support encryption, the <strong>DMA</strong> system can only connect<br />
using an unencrypted protocol. This option allows such a connection<br />
if an encrypted connection can’t be established.<br />
This configuration causes an extreme security flaw: the unencrypted<br />
passwords of enterprise users are transmitted over the network,<br />
where they can be easily intercepted.<br />
Use this option only for diagnostic purposes. By toggling it, you can<br />
determine whether encryption is the cause of a failure to connect to<br />
an enterprise directory. If so, the solution is to correctly configure the<br />
directory, not to allow ongoing use of unencrypted connections.<br />
In maximum security mode, the <strong>Polycom</strong> <strong>DMA</strong> system uses only<br />
HTTPS for the conference control connection to RMX MCUs, and<br />
therefore can’t control an RMX MCU that accepts only HTTP (the<br />
default). This option enables the system to fall back to HTTP for RMX<br />
MCUs not configured for HTTPS.<br />
We recommend configuring your MCUs to accept encrypted<br />
connections rather than enabling this option. When unencrypted<br />
connections are used, the RMX login name and password are sent<br />
unencrypted over the network.<br />
To change the security configuration<br />
1 Go to <strong>System</strong> Setup > Management and Security > Security<br />
Configuration.<br />
2 To switch from a custom setting back to the recommended security mode,<br />
click Maximum Security.<br />
3 To switch from the recommended security mode to a custom setting:<br />
a Click Custom Security.<br />
b Check the unsecured network access method(s) that you want to<br />
enable.<br />
4 Click Update.<br />
A dialog box informs you that the configuration has been updated.<br />
5 Click OK.<br />
Temporarily enabling console (SSH) access is supported for the purpose of<br />
changing the root password. Contact <strong>Polycom</strong> Global Services for the default<br />
root password and then change that password immediately on both nodes as<br />
described below.<br />
9–10 <strong>Polycom</strong>, Inc.