Page 1
® ™ Polycom 7000 System Operations Guide March 2011 3725-76302-001E1...
Page 2
Polycom, Inc. End User License Agreement Use of this software constitutes acceptance of the terms and conditions of the Polycom DMA 7000 system end-user license agreement (EULA). The EULA is included in the release notes document for your version, which is available on the Polycom Support page for the Polycom DMA 7000 system.
The Polycom DMA system’s ability to handle multiple MCUs as a single resource pool makes it highly scalable. To expand the system, you can add MCUs on the fly without impacting end users and without requiring re-provisioning.
Page 10
The H.323 network topology and choice of gatekeeper determine which server receives a call. When a Polycom CMA system is acting as the gatekeeper, it routes calls destined for the Polycom DMA system to the first server that it finds available.
Settings Dialog Box Polycom DMA System Management Interface Access The Polycom DMA system has three system user roles that provide access to the management and operations interface. The functions you can perform and parts of the interface you can access depend on your user role or roles:...
Page 12
DMA Operations Guide Working in the Polycom DMA System Menu/Icon Admin Provisioner Auditor • • • Home. Returns to the Dashboard. Operations > • • Users • Groups • Sessions • MCUs • Power Management • Backup and Restore •...
Page 13
• Settings. Displays Settings Dialog Box. • • • Log Out. Logs you out of the Polycom DMA system. • • • Help. Opens the online help topic for the page you’re viewing. a. Must be an enterprise user to see enterprise users. Provisioners can’t add or remove roles and can’t edit user accounts with explicitly assigned roles (Administrator, Provisioner, or...
Open Source Software Video Tour When you log into the Polycom DMA system, it offers to show an introductory video tour. You can access the Video Tour page at any time by selecting Help > Video Tour. The video begins playing immediately. Use the links on the left to jump to a specific section.
Page 15
License Information The following table contains license information for the open source software packages used in the Polycom DMA system. Note that the source code and the licenses for all the open-source software, including CentOS and its components, are included on the Polycom DMA system software DVD. This list is provided as a convenient reference.
Page 16
Sun Microsystems, http://www.java.com/en/download/license.jsp Binary Code license (BCL) JavaBeans Activation Sun license https://cds.sun.com/is-bin/INTERSHOP.enfinity/WFS/CDS-CDS_ Framework Developer-Site/en_US/-/USD/ViewLicense-Start?LicenseUUID= mtrACUFBzm4AAAEYkcI5AXh_&ProductUUID=zFnACUFBlVoA AAEYhxc5AXt.&cnum=&evsref=&sln= JavaMail Sun License https://cds.sun.com/is-bin/INTERSHOP.enfinity/WFS/CDS-CDS_ Developer-Site/en_US/-/USD/ViewLicense-Start?LicenseUUID= CgxIBe.odCIAAAElFCZzXgjJ&ProductUUID=r5dIBe.pitEAAAElU JJh6wjK&cnum=&evsref=&sln= JBOSS AS LGPLv2.1 http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html JCIFS LGPL v2.1 http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html LGPL v2.1 http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html libxml2 MIT License http://www.opensource.org/licenses/mit-license.html Polycom, Inc.
Page 17
OpenDS Common https://opends.dev.java.net/OpenDS.LICENSE Development and Distribution License (CDDL) OpenSSH OpenSSH v1.19 http://www.openssh.org/ OpenSSL OpenSSL http://www.openssl.org/source/license.html Python Python Software http://www.python.org/download/releases/2.6.2/license/ Foundation License Version 2 SNMP4j Apache License, http://ws.apache.org/LICENSE.txt Version 2 Sudo Sudo http://www.gratisoft.us/sudo/license.html Xerces2 Apache License, http://www.apache.org/licenses/LICENSE-2.0 Version 2.0 Polycom, Inc.
Page 18
DMA Operations Guide Open Source Software Polycom, Inc.
This chapter assumes you’ve completed the Getting Started Guide’s server configuration procedure, logged into the Polycom DMA system’s management interface, and verified that the Network Status section of the Dashboard shows (for a two-server configuration) two cluster members, with healthy enterprise and private network status for both.
97). Add DNS Records for Polycom DMA System In order to access your Polycom DMA system by its host name instead of by IP address, you must create an alias record (or A record) on your DNS server.
“Signaling Configuration” page 45. Set Up Security The first step in securing your Polycom DMA system is to locate it in a secure data center with controlled access, but that topic is beyond the scope of this document. Secure setup of the Polycom DMA system consists of the following high-level...
101. Log out and log back in using your enterprise user ID and password. Verify that the expected enterprise users are available in the Polycom DMA system and that conference room IDs were successfully created for them. If necessary, adjust enterprise integration settings and correct errors.
If you want to integrate with the enterprise directory to load user and group information into the Polycom DMA system, but don’t want to give all users the ability to host conferences, you can do so. Then you can manually add conference rooms for selected users.
DMA Operations Guide Set Up Conference Templates You can assign Polycom DMA system roles to an enterprise group, applying the roles to all members of the group and enabling them to log into the Polycom DMA system’s management interface with their standard network user names and passwords.
Page 25
Verify that conferencing works satisfactorily, that the system status is good, and that the Dashboard accurately presents the status. When you’re satisfied that the Polycom DMA system is configured and working properly, manually create a backup, download it, and store it in a safe place.
Page 26
DMA Operations Guide Test the System Polycom, Inc.
System Security ® This chapter describes the following Polycom Distributed Media Application™ (DMA™) 7000 system security topics: • Management and Security Overview • Certificate Procedures • Certificate Management • Certificate Information Dialog Box • Certificate Signing Request Dialog Box •...
Forms of Certificates Accepted by the Polycom DMA System X.509 certificates come in several forms (encoding and protocol). The following table shows the forms that can be installed in the Polycom DMA system. Protocol / Encoding...
If the Microsoft Active Directory is configured to require a client certificate (this is not the default), the Polycom DMA system offers the same SSL server certificate that it offers to browsers connecting to the system management interface.
A. X.509 certificates use public/private key pair technology. The public key is contained in your public certificate and is provided to any web browser that asks for it. The private key never leaves the Polycom DMA system. As part of software installation, the Polycom DMA system generates a new public/private key pair.
Certificate Signing Request in the Actions list (if a signing request has already been issued, you’re first asked whether to use the existing one or create a new one). The following table describes the fields in the dialog box. Polycom, Inc.
The Add Certificates dialog box appears when you click Add Certificates in the Actions list. It lets you install signed certificates or certificate chains. You can do so in two ways: • Upload a PFX, PEM, or P7B certificate file. Polycom, Inc.
Purpose and alias of the certificate. Issued To Information about the entity to which the certificate was issued and the certificate serial number. Issued By Information about the issuer. Validity Issue and expiration dates. Fingerprints SHA1 and MD5 fingerprints (checksums) for confirming certificate. Polycom, Inc.
Note If you’re configuring the Polycom DMA system to support Polycom’s solution for the Microsoft OCS environment, you can use the OCS Certificate Wizard to request and obtain a PFX file (a password-protected PKCS12 file containing a private key and public key for the system, and the CA’s certificate).
Page 35
Verify that the certificate appears in the list as a Trusted Root CA. Click Restart to Apply Saved Changes, and when asked to confirm that you want to restart the system so that certificate changes can take effect, click OK. Polycom, Inc.
Elect to generate a new one. In the Certificate Information dialog box, enter the identifying information for your Polycom DMA system (see “Certificate Information Dialog Box” on page 23) and click OK.
System Security When your certificate authority has processed your request, it sends you a signed public certificate for your Polycom DMA system. Some certificate authorities also send intermediate certificates and/or root certificates. Depending on the certificate authority, these certificates may arrive as email text, email attachments, or be available on a secure web page.
Server SSL certificate. Removing a signed certificate also removes the certificate of the Trusted Root CA that signed it, along with any intermediate certificates provided by that certificate authority. Polycom, Inc.
Page 39
A dialog box informs you that the system has reverted to a self-signed certificate. Click OK. Click Restart to Apply Saved Changes, and when asked to confirm that you want to restart the system so that certificate changes can take effect, click OK. Polycom, Inc.
The following table describes the options in the Security Configuration page. Table 3-5 Fields on the Security Configuration page Field Description High security Recommended setting for normal operation. Custom security Lets you enable one or more of the unsecured methods of network access listed below it. Polycom, Inc.
Page 41
Enable this option only when asked to do so by Polycom Global Services. Allow unencrypted Normally, the Polycom DMA system connects to an connections to the enterprise directory using SSL or TLS encryption. But if enterprise directory the Active Directory server or servers (including domain controllers if you import global groups) aren’t configured...
Page 42
Exchange server accepts in order for the HTTPS connection to work. If this option is selected, the Polycom DMA system does not require HTTPS for calendar notifications. We recommend installing a certificate trusted by the Exchange server and using an HTTPS URL for notifications rather than enabling this option.
Page 43
If this option is turned off, you can only connect to the Polycom DMA system if your browser presents a client certificate issued by a CA that the system trusts. Turn this option off only if: •...
Specify the number of simultaneous login sessions per user user ID (up to 80) or select Unlimited. Session timeout Specify the length of time after which the system (minutes) terminates a session for inactivity (up to 999 minutes) or select Unlimited. Polycom, Inc.
Password Complexity Allow username or its Turns off the protection against a password containing reverse form the user’s login name or its reverse. Lowercase letters Specify the number of lowercase letters (a-z) that a password must contain. Polycom, Inc.
Fields on the Local Account Configuration page Field Description Account Lockout Enable account lockout Turns on lockout feature and enables lockout configuration fields below. Failed login threshold Specify how many consecutive login failures cause the system to lock an account. Polycom, Inc.
They must acknowledge the message before they can log in. The Login Banner page lets you enable the banner and select or create the message it displays. The message may contain up to 1500 characters. The following table describes the fields on the Login Banner page. Polycom, Inc.
Page 48
“Management and Security Overview” on page 19 “Certificate Management” on page 23 “Certificate Procedures” on page 26 “Security Configuration” on page 32 “Session Configuration” on page 36 “Local Password Requirements” on page 37 “Local Account Configuration” on page 38 Polycom, Inc.
(host names and IP addresses) also requires you to update the certificate. (if the system is using a self-signed certificate, an updated one is automatically created.) You can’t change the system’s network settings while it’s integrated with a Polycom CMA system. The integration must first be terminated. See “CMA Integration”...
Page 50
Speed Duplex Show Link Details Click to see details about link settings and information. This information may be useful to Polycom Global Services when troubleshooting a network issue. General System The settings in this section apply to the entire system.
See the Getting Started Guide. Caution Changing time settings requires a system restart and terminates all active conferences. You can’t change the system’s time settings while it’s integrated with a Polycom CMA system. The integration must first be terminated. See “CMA Integration” page 49.
49 “System Configuration Procedures” on page 51 License The Polycom DMA system is licensed for the types and maximum number of MCUs it can use. The following table describes the fields on the License page. Table 4-3 Fields on the License page...
E.164 dial string prefix for calling the system. Required if registering with a gatekeeper. Must be unique among the gatekeeper’s devices and services. On Polycom gatekeepers, if the Simplified Dialing service is enabled and registers with a prefix of 9 (the default), you can’t use 90-99. The gatekeeper recognizes the 9 as a known prefix and ignores the second digit.
Page 54
Gatekeeper type Leave the default, Polycom, for a Polycom Converged Management Application™ (CMA™), PathNavigator™, or ReadiManager® SE200 gatekeeper. Select Other for a Cisco Multimedia Conference Manager (MCM), Tandberg Video Communications Server (VCS), or other gatekeeper.
Field Description Logging level Leave the default, Production, unless advised to change it by Polycom support. Debug is useful for troubleshooting. Verbose debug is not recommended for production systems. Rolling frequency If rolling the logs daily (the default) produces logs that are too large, shorten the interval.
See also: “Network” on page 41 “System Time” on page 43 “License” on page 44 “Signaling Configuration” on page 45 “Logging Configuration” on page 47 “CMA Integration” on page 49 “System Configuration Procedures” on page 51 Polycom, Inc.
MCUs that have H.323 signaling enabled. If you want to support cascading, but don’t have a Polycom CMA system, you must create site topology information on the Polycom DMA system. See “Site Topology Configuration”...
12. In addition, the DNS server(s) must be able to resolve Polycom CMA system’s FQDN to its IP address. This is necessary even if you specify the Polycom CMA system’s IP address when you join it. The following table describes the fields in the dialog box.
Enter the activation key codes into the system. The procedures below describe the process. To request a software activation key code for each server Log into the Polycom DMA system as an administrator and go to Configuration > System > License and Capabilities. Polycom, Inc.
Page 60
When the activation key for the first (or only) server appears, record it: Server A: __________-__________-_________-___________ 10 If you have a single-server Polycom DMA system, you’re finished with this procedure. Continue to the next procedure. 11 If you have a two-server cluster, repeat steps 6–8, this time entering the second license number you received and the second server’s serial...
On the Polycom DMA system, go to Configuration > System > Signaling Configuration. Enter the dialing prefix to be used to reach the Polycom DMA system. Users dial this prefix followed by the conference room (virtual meeting room) number. The Polycom DMA system uses this prefix for SIP as well as H.323 so that users dial the same number for a conference regardless of...
See also: “Signaling Configuration” on page 45 Configure Logging To configure logging Go to Configuration > System > Logging Configuration. Change Rolling frequency and Retention period as desired. If requested to do so by Polycom support, change Logging level. Polycom, Inc.
12. In addition, the DNS server(s) must be able to resolve Polycom CMA system’s FQDN to its IP address. This is necessary even if you specify the Polycom CMA system’s IP address when you join it. To integrate with a Polycom CMA system If this is a two-node system, make sure that both nodes are running and clustered.
Page 64
In the Actions list, select Join CMA. In the Join CMA dialog box, enter the host name or IP address of the Polycom CMA system and the credentials with which to log into it. Then click OK. When asked to confirm that you want to join, click Yes.
Page 65
System Configuration Procedures System Configuration See also: “CMA Integration” on page 49 “Join CMA Dialog Box” on page 50 Polycom, Inc.
Page 66
DMA Operations Guide System Configuration Procedures Polycom, Inc.
• MCU Pool Orders Note MCU pools were called MCU zones in earlier versions of the Polycom DMA system. The name was changed to avoid confusion with the concept of gatekeeper zones. MCUs The MCUs page shows the MCUs, or media servers, that the Polycom DMA system can use as conferencing resources.
Page 68
Polycom CMA system and therefore off-limits to the Polycom DMA system. Reserving a portion of an MCU’s capacity for the Polycom CMA system enables that portion to be used for scheduled conferences (where MCU resources are reserved in advance).
Page 69
View Details Opens the Device Details dialog box for the selected MCU. Opens the Add MCU dialog box, where you can add an MCU to the pool of devices that are available to the Polycom DMA system. Edit Opens the Edit MCU dialog box for the selected MCU, where you can change its information and settings.
“MCU Pool Orders” on page 70 Add MCU Dialog Box Lets you add an MCU to the pool of devices available to the Polycom DMA system. The following table describes the fields in the dialog box. Note This version of the Polycom DMA system supports the use of Tandberg Codian 4500 series MCUs as part of its conferencing resource pool, but their Media Port Reservation feature is not supported.
Host name of the MCU. Management IP IP address for logging into the MCU. Admin ID Administrative user ID with which the Polycom DMA system can log into the MCU. Password Password for the administrative user ID. Video ports reserved for...
Video ports reserved for The number of video ports on this MCU that are CMA system off-limits to the Polycom DMA system. Set this to the number of ports you want to reserve for or later scheduled conferences (requires RMX v6.0...
Page 73
The changes you made appear in the MCUs list. To delete an MCU Go to Configuration > MCU > MCUs. In the MCUs list, select the MCU you want to remove from the Polycom DMA system’s pool of available conferencing resources. In the Actions list, select Delete.
Page 74
In the Actions list, select Busy Out. When asked to confirm that you want to busy out the MCU, click Yes. The Polycom DMA system stops creating new conferences on that MCU, but it allows its existing conferences to continue and accepts new calls to those conferences.
MCUs based on location, capability, or some other factor. Note MCU pools were called MCU zones in earlier versions of the Polycom DMA system. The name was changed to avoid confusion with the concept of gatekeeper zones. Enterprise groups can be associated with an MCU pool order, which specifies the order of preference in which MCU pools are used.
MCUs that the pool contains. Available MCUs Lists the MCUs available to the Polycom DMA system. Selected MCUs Lists the MCUs included in the pool. The arrow buttons move MCUs from one list to the other.
When asked to confirm that you want to delete the selected MCU pool, click Yes. See also: “MCU Pools” on page 67 “Add MCU Pool Dialog Box” on page 68 “Edit MCU Pool Dialog Box” on page 68 Polycom, Inc.
Note MCU pools were called MCU zones in earlier versions of the Polycom DMA system. The name was changed to avoid confusion with the concept of gatekeeper zones. Enterprise groups can be associated with an MCU pool order. This lets you, for instance, ensure that all users in a specific domain are preferentially routed to conferencing resources in their geographic location.
Page 79
Move Down Decreases the priority ranking of the selected pool order. See also: “Add MCU Pool Order Dialog Box” on page 72 “Edit MCU Pool Order Dialog Box” on page 72 “MCU Pool Order Procedures” on page 73 Polycom, Inc.
Name of the MCU pool order. Description Brief description of the pool order. Available MCU pools Lists the MCU pools available to the Polycom DMA system. Selected MCU pools Lists the pools included in the pool order in their priority order.
In the MCU Pool Orders list, select the MCU you want to remove from the DMA system’s pool of available conferencing resources. In the Actions list, select Delete. When asked to confirm that you want to delete the selected MCU, click Yes. Polycom, Inc.
Page 82
DMA Operations Guide MCU Pool Orders See also: “MCU Pool Orders” on page 70 “Add MCU Pool Order Dialog Box” on page 72 “Edit MCU Pool Order Dialog Box” on page 72 Polycom, Inc.
(bit) rate and video display mode. Note This version of the Polycom DMA system supports the use of Tandberg Codian MCUs (see the release notes for specific model information), and conference templates can include Codian-specific settings.
Page 84
DMA Operations Guide Conference Templates Standalone Templates Standalone templates defined in the Polycom DMA system free you from having to ensure that the exact same RMX profiles exist on all the MCUs. You specify the desired conference properties directly in the template.
Conference Templates Conference Setup • If the system selected a Polycom RMX MCU, it falls back to its default conference template (see “Conference Settings” on page 96). If the default template happens to be linked to a profile that this MCU doesn’t have, the system falls back to its built-in conference properties settings.
Cascading does, however, impact the quality of the conference experience. Note Cascading is supported only for RMX MCUs and only in H.323. The Polycom DMA system must be configured to support H.323 signaling in order to enable cascading. For conferences with cascading enabled, the system selects only RMX MCUs that have H.323 signaling enabled.
On the Polycom DMA system, enable cascading in some or all of your conference templates. If you don’t have a Polycom CMA 5000 system, you must define your site topology in the Polycom DMA system instead of importing it. See “Site...
Page 88
(if it selected a Polycom RMX MCU). Cascaded conference Enables conferences using this template to span RMX MCUs. Cascading requires site topology information, which the Polycom DMA system can get from a Polycom CMA gatekeeper (see “CMA Integration” on page 49) or you can create (see “Site Topology Configuration”...
Page 89
RMX v7 MCUs with MPM+ or MPMx cards). Encryption Enables media encryption for conferences using this template. Enables Lost Packet Recovery for conferences using this template. LPR creates additional packets containing recovery information that can be used to reconstruct packets lost during transmission. Polycom, Inc.
Page 90
Available only on RMX MCUs with MPM+ or MPMx cards. Not available if Video switching is selected. Auto brightness Enables automatic balancing of brightness levels to compensate for an endpoint sending a dim image. Available only on RMX v7 MCUs. Polycom, Inc.
Page 91
Auto layout Lets the system select the video layout based on the number of participants in conference. Clear the check box to select a specific layout (below). Not available if Video switching is selected or Telepresence mode is Yes. Polycom, Inc.
Page 92
Room Switch — Tells the MLA to use Voice Activated Room Switching (VARS). The speaker’s site is the only one seen by others. Not available if Telepresence mode is No. See the Polycom Multipoint Layout Application User Guide for more information about layouts. RMX Audio Settings Echo suppression Enables the MCU to detect and suppress echo.
Page 93
If you do select this option, be sure the IVR service you select is appropriate for the users who will use this template. See your Polycom RMX documentation for information about conference IVR services.
Page 94
• Upon Request — Recording can be initiated manually by the chairperson or an operator. Conference recording requires a Polycom RSS recording system and an MCU that supports recording. Recording link Select a specific recording link or the MCU’s default.
RMX MCU that has this profile. If there are none, it selects the least-used MCU and either uses the Codian-specific settings (if it selected a Tandberg Codian MCU) or falls back to the default conference template (if it selected a Polycom RMX MCU). Polycom, Inc.
Page 96
Description Cascaded conference Enables conferences using this template to span RMX MCUs. Cascading requires site topology information, which the Polycom DMA system can get from a Polycom CMA gatekeeper (see “CMA Integration” on page 49) or you can create (see “Site Topology Configuration”...
Page 97
Enables a video enhancement process that improves clarity, edge sharpness, and contrast on streams with resolutions up to and including SD. Available only on RMX MCUs with MPM+ or MPMx cards. Not available if Video switching is selected. Polycom, Inc.
Page 98
Auto layout Lets the system select the video layout based on the number of participants in conference. Clear the check box to select a specific layout (below). Not available if Video switching is on or Telepresence mode is Yes. Polycom, Inc.
Page 99
Room Switch — Tells the MLA to use Voice Activated Room Switching (VARS). The speaker’s site is the only one seen by others. Not available if Telepresence mode is No. See the Polycom Multipoint Layout Application User Guide for more information about layouts. RMX Audio Settings Echo suppression Enables the MCU to detect and suppress echo.
Page 100
If you do select this option, be sure the IVR service you select is appropriate for the users who will use this template. See your Polycom RMX documentation for information about conference IVR services.
Page 101
• Upon Request — Recording can be initiated manually by the chairperson or an operator. Conference recording requires a Polycom RSS recording system and an MCU that supports recording. Recording link Select a specific recording link or the MCU’s default.
To select a video frames layout For a Polycom RMX MCU, choose a Frame count value to see the layouts available for that value, and then select the one you want. For a Tandberg Codian MCU, select the layout you want.
Page 103
Check Use existing profile and select the one you want from the RMX profile name list. The list contains the profiles available on the RMX MCUs that have been added to the Polycom DMA system. Click OK. The new template appears in the Conference Templates list.
“Edit Conference Template Dialog Box” on page 87 Conference Settings The conference settings define the default properties of all conferences using the Polycom DMA system. The table below describes them. Table 6-4 Fields on the Conference Settings page Field Description...
“Calendaring Service” on page 97 Calendaring Service On the Calendaring Service page, you can integrate the Polycom DMA system with your Microsoft Exchange server, enabling users who install the Polycom Conferencing Add-in for Microsoft Outlook to set up Polycom Conferencing meetings in Outlook.
Page 106
Codian MCUs don’t provide the “gathering phase” that RMX MCUs provide at the beginning of the conference. • Codian MCUs can’t receive and accept Outlook meeting invitations themselves, and can only be used if a DMA system is part of the Polycom Conferencing for Outlook solution. Polycom, Inc.
Page 107
Create a dedicated Polycom Conferencing mailbox that’s used specifically and exclusively for the purpose of receiving Polycom Conferencing meeting invitations. This is important because the Polycom DMA system will delete all messages from the Inbox when it checks this mailbox for meeting invitations.
Page 108
A dialog box informs you that the configuration has been updated. Click OK. 10 Install the Polycom Conferencing Add-in for Microsoft Outlook on your PC and create the configuration to be distributed to your users (see the online help for the Add-in). Optionally, customize the invitation template(s).
Additional services for supported third-party Unified Communications (UC) environments integrated with Polycom solutions are available from Polycom Global Services, and its certified Partners, to help customers successfully design, deploy, optimize, and manage Polycom visual communication within their third-party UC environments. UC Professional Services for Microsoft Integration is mandatory for Polycom Conferencing for Microsoft Outlook and Microsoft Office Communications Server integrations.
Page 110
Microsoft Active Directory. Connection Status <node name and icons> The Polycom DMA system node(s) and one or more of the following status icons for each: Warning – Appears only if an error has occurred. Hover over it to see a description of the problem or problems.
Page 111
If you must, enter the host name or IP address of a specific global catalog server, not the DNS domain name. The Polycom DMA system can only integrate with one forest. A special “Exchange forest” (in which all users are disabled) won’t work because the system doesn’t support conferencing for disabled users.
Page 112
See RFC 2254 for syntax information. Base DN Can be used to restrict the Polycom DMA system to work with a subset of the Active Directory (such as one tree of multiple trees, a subtree, or a domain). Leave the default setting, All Domains, initially.
Page 113
The default string includes \t, which represents the tab character. Use \\ to remove backslash characters. Maximum characters Desired length of conference room IDs. The Polycom used DMA system strips excess characters from the beginning, not the end. If you specify 7, the room IDs will contain the last 7 valid characters from the directory attribute being used.
“Users Procedures” on page 141. Log into the Polycom DMA system as the local user you created in step and go to Configuration > System > Enterprise Directory. Check Connect to the enterprise directory server and complete the information in the Enterprise Directory Connection section.
Page 115
LDAP filter expression unless you understand LDAP filter syntax (see RFC 2254) and know what changes to make. Specify the time each day that you want the Polycom DMA system to check the enterprise directory for changes. To generate conference room IDs for the enterprise users, complete the Enterprise Conference Room ID Generation section.
Page 116
DMA Operations Guide Enterprise Directory Integration Procedure To restrict the Polycom DMA system to work with a subset of the Active Directory (such as one tree of multiple trees, a subtree, or a domain), repeat steps 4-6, selecting the value you want from those now available in the Base DN list.
The Base DN field is where you can specify the distinguished name (DN) of a subset of the Active Directory hierarchy (a domain, subset of domains, or organizational unit) to which you want to restrict the Polycom DMA system. It acts like a filter.
Page 118
AD forest. If you want to restrict the system to a subset of the Active Directory (such as one tree of multiple trees, a subtree, a domain, or an organizational unit), select the corresponding base DN entry from the list. Polycom, Inc.
(see “Add Conference Template Dialog Box” page 79). If the Polycom DMA system is integrated with your enterprise directory, conference and chairperson passcodes for enterprise users can be maintained in the enterprise directory. You must determine which directory attributes to use for the purpose and provide a process for provisioning users with those passcodes.
Page 120
Either provision users with passcodes or establish a mechanism for letting users create and maintain their own passcodes. On the Polycom DMA system, go to Configuration > System > Enterprise Directory. Complete the Enterprise Chairperson and Conference Passcode Generation section.
About the System’s Directory Queries Enterprise Directory Integration About the System’s Directory Queries The Polycom DMA system uses the following subtree scope LDAP queries. In a standard AD configuration, all these queries use indexes. • User Search • Group Search •...
Page 122
“Understanding Base DN” on page 109. Filter: (&(objectClass=group)(groupType=-2147483646)) • Index used: idx_groupType:6664:N • The search used this index in our testing environment, using a standard AD configuration (no indexes added). Results may be different for a different configuration. Polycom, Inc.
Page 123
In that case, it uses this query to retrieve the data from each domain controller. Base: DC=dma,DC=eng,DC=local • The base variable depends on the domain name being queried. • Filter: same as in User Search Polycom, Inc.
Page 124
The first filter variable depends on the User LDAP filter setting. See “Enterprise Directory” on page 101. The second variable depends on the value entered in the Service account ID field on the Enterprise Directory page. See “Enterprise Directory” on page 101. • Index used: idx_objectCategory:32561:N Polycom, Inc.
Page 125
AD configuration (no indexes added). Results may be different for a different configuration, especially a different User LDAP filter setting. • Attributes returned: sAMAccountName, userAccountControl, givenName, sn See also: “Enterprise Directory” on page 101 “Enterprise Directory Integration Procedure” on page 106 “Understanding Base DN” on page 109 Polycom, Inc.
Page 126
DMA Operations Guide About the System’s Directory Queries Polycom, Inc.
Site-to-site exclusion — A site-to-site connection that the site topology doesn’t permit an audio or video call to use. The Polycom DMA system needs site topology information in order to support cascading of conferences. It can get it in one of two ways:...
Cascading always uses a hub-and-spoke configuration so that each cascaded MCU is only one link away from the “hub” MCU. RMX MCUs support cascade links only in H.323, so the bridges and Polycom DMA system must be configured to support H.323 signaling in order to enable cascading.
The subnet mask for the site. Edit Site Dialog Box Lets you edit a site in the Polycom DMA system’s site topology and add or edit a subnet associated with the site. The following table describes the fields in the dialog box.
Table 8-6 Edit Subnet dialog box Field Description IP address The IP address that defines the subnet. Subnet mask The subnet mask, such as 255.255.255.0. Note You can assign a subnet to only one site. Polycom, Inc.
Edit Site Link Dialog Box Lets you edit a site link in thePolycom DMA system’s site topology. A link can connect two sites, or it can connect a site to an MPLS network cloud (see “Network Clouds” on page 125). Polycom, Inc.
Go to Configuration > Site Topology > Site-to-Site Exclusions. In the Actions list, click Add. In Step 1 of the wizard, select the first site for the exclusion. Click Next. If the site you want isn’t displayed in the list, you can search by site name. Polycom, Inc.
Description Description of the cloud. Add MPLS Cloud Dialog Box Lets you define a new MPLS network cloud in the Polycom DMA system’s site topology. The following table describes the fields in the dialog box. Table 8-12 Add MPLS Cloud dialog box...
Go to Configuration > Site Topology > Site Links, and for each direct link between sites, do the following: In the Actions list, click Add. In the Add Site Link dialog box, define the link. See “Add Site Link Dialog Box” on page 123. Polycom, Inc.
Page 135
MCU (based on pools and pool orders) that has available capacity and to create the cascade links between MCUs. Note If in the future, you integrate this system with a Polycom CMA 5000 system, the site topology information from the Polycom CMA system will replace the information you entered.
Page 136
DMA Operations Guide Site Topology Configuration Procedures Polycom, Inc.
Users and Groups ® This chapter describes the following Polycom Distributed Media Application™ (DMA™) 7000 system management topics related to users and groups: • User Roles Overview • Adding Users Overview • Users • Add User Dialog Box • Edit User Dialog Box •...
User Roles Overview User Roles Overview The Polycom DMA system has four user roles, or classes of users, each with its own set of permissions. Every user account has one or more user roles (but only three of the four roles must be explicitly assigned).
You can add users to the system in two ways: • Add users manually to the Polycom DMA system. These are known as local users. When adding users manually, you must assign them conference rooms and any specific roles they should have.
ID generation, the enterprise users have a default conference room assigned to them automatically. Alternatively or in addition, enterprise users may have custom conference rooms manually assigned to them. Local users must be manually assigned a conference room or rooms. Polycom, Inc.
The following table describes the parts of the Add User dialog box, which lets you add local users to the system. Table 9-3 Add User dialog box Field Description General Info First name The local user’s first name. Last name The local user’s last name. Polycom, Inc.
Page 142
Client Certificates Disabled when adding a user. See also: “User Roles Overview” on page 130 “Adding Users Overview” on page 131 “Users” on page 132 “Users Procedures” on page 141 “Conference Rooms Procedures” on page 143 Polycom, Inc.
Lists the roles available for assignment to the user. All users automatically have the Conferencing User role; it’s not listed or explicitly assigned (but a conference room ID is required). See “User Roles Overview” page 130. Selected roles Lists the roles selected for assignment to the user. Polycom, Inc.
Page 144
You can’t delete an enterprise directory certificate. See also: “User Roles Overview” on page 130 “Adding Users Overview” on page 131 “Users” on page 132 “Users Procedures” on page 141 “Conference Rooms Procedures” on page 143 Polycom, Inc.
Calendared conference rooms created automatically when the user uses the Polycom Conferencing Add-in for Microsoft Outlook to set up Polycom Conference meetings in Outlook. You can modify some of the settings for these conference rooms, but not the ones set in the meeting invitation.
(or links to the RMX profile) used for its conferences. If not selected, the room uses the highest-priority template associated with any group to which the user belongs, or if none, the system’s default template. See “Conference Settings” on page 96. Polycom, Inc.
“Users Procedures” on page 141 “Conference Rooms Procedures” on page 143 Edit Conference Room Dialog Box Lets you view or modify a conference room’s details. The following table describes the parts of the Edit Conference Room dialog box. Polycom, Inc.
Page 148
Calendar Event This section appears only for calendared meeting conference rooms. It shows the following (read-only): • Start time and date (from meeting invitation). • Expiration date. The conference room is deleted from the system after this date. Polycom, Inc.
(*) as a wildcard. You can restrict the search to local users by selecting the check box. For more search options, click the down arrow to the right. Additional controls appear that let you search specific fields and use specific filters. Polycom, Inc.
Page 150
If necessary, filter the Users list to find the user to be deleted. You can only delete local users, not users added from the enterprise directory. Select the user and click Delete User. In the Delete User dialog box, click Yes. The user is deleted from the Polycom DMA system. Polycom, Inc.
Modify the settings you want to change. See “Edit Conference Room Dialog Box” on page 139. Click OK. To delete one of a user’s custom conference rooms Go to Operations > Users and select the user whose custom conference room you want to delete. Polycom, Inc.
• Import enterprise groups. • Specify Polycom DMA system roles to be assigned to members of a group. • Specify a conference template and MCU pool order to be used for a group. The following table describes the fields on the Groups page.
“Import Enterprise Groups Dialog Box” on page 145 “Edit Group Dialog Box” on page 147 “Enterprise Groups Procedures” on page 148 Import Enterprise Groups Dialog Box The following table describes the fields in the Import Enterprise Groups dialog box. Polycom, Inc.
Page 154
Lists the groups you’ve selected for import, using the arrows to move them from the Search results box. See also: “Users” on page 132 “Groups” on page 144 “Edit Group Dialog Box” on page 147 “Enterprise Groups Procedures” on page 148 Polycom, Inc.
See “Conference Settings” on page 96. Available roles Lists the Polycom DMA system roles available for automatic assignment to members of this group (all users automatically have the Conferencing User role; it’s not listed or explicitly assigned). See “User Roles Overview”...
DMA Operations Guide Groups Enterprise Groups Procedures The Polycom DMA system’s ability to import an enterprise group and assign it a conference template lets you customize the conferencing experience for all members of the group. The ability to assign defined DMA user roles to an enterprise group lets you manage administrative access to the Polycom DMA system in your enterprise directory.
Page 157
See “Edit Group Dialog Box” page 147. Click OK. See also: “Users” on page 132 “Groups” on page 144 “Import Enterprise Groups Dialog Box” on page 145 “Edit Group Dialog Box” on page 147 Polycom, Inc.
Page 158
DMA Operations Guide Groups Polycom, Inc.
• Shutting Down and Restarting Management and Maintenance Overview The Polycom DMA system requires relatively little ongoing maintenance beyond monitoring the status of the system and downloading backups and other data you want to archive. All system management and maintenance tasks can be performed in the management interface.
Using the system tools provided to aid with system and network diagnostics, monitoring, and troubleshooting. See “Tools” on page 161. Should the need arise, Polycom Global Services personnel may ask you to run these tools. • Upgrading the system when upgrades/patches are made available. See “Upgrading the Software”...
47. These settings affect the number and the contents of the log archives available for download from the system. See “System Log Files” on page 163. Polycom Global Services personnel may ask you to adjust the logging configuration and/or download and send them logs. •...
Page 162
— The disk space usage for each node is less than 90% and Total memory is greater than Free memory by at least 500 MB. If either is not true, contact Polycom Global Services. If disk usage is too high, reduce the number of days to retain log archives. See “Logging Configuration”...
Page 163
(again, an archived screen capture may be helpful for comparison). CDR export If you want to preserve detailed call and conference history data in spreadsheet form off the Polycom DMA system, periodically download the system’s CDR (call detail record) data to your PC. See “Export CDR Data”...
DMA Operations Guide Dashboard Dashboard When you log into the Polycom DMA system, the system Dashboard appears. You can return to the Dashboard from any other page by clicking the Dashboard (“home”) button to the left of the menus. Use the system Dashboard to view information about system health and activity levels.
Page 165
• The number of calendared meetings today. License Status Shows the number and type of MCUs for which the Polycom DMA system is licensed and the number of MCUs the system is using. User Login History Shows the time, date, and source (host name or IP address) of the last successful login (prior to your current session) by your user ID.
Page 166
Doesn’t support conference recording Warning Hover over an icon to see the associated status message. H.323 Signaling Status If the Polycom DMA system is configured for H.323 calls, displays the following: • The gatekeeper (GK) registration status, which can be one of the following: Processing configuration —...
Page 167
Public (enterprise) and (for a two-node system) Private network connection for each cluster member. CMA Integration Status Indicates whether the Polycom DMA system is integrated with a Polycom CMA system (see “CMA Integration” on page 49).
The user’s login name. Host Address The IP address from which the user logged in. Node Name The Polycom DMA system node on which the user logged in. Creation Time The time and date when the user logged in. To terminate a user’s login session In the Sessions list, select the login session you want to terminate.
Each command is run on each server in the cluster, and the results are displayed in a separate panel for each server. Ping Use Ping to verify that the Polycom DMA system’s servers can communicate with another node in the network. To run ping on each server Go to Tools >...
Page 170
Use SAR to see a system activity report for each server. To run sar on each server >> Go to Tools > SAR. The system displays results of the command for each server. See also: “Management and Maintenance Overview” on page 151 “Recommended Regular Maintenance” on page 153 Polycom, Inc.
In such a situation, your support representative may ask you to download log archives and send them to Polycom Global Services. You may be asked to manually roll logs in order to begin gathering data anew. After a certain amount of the activity of interest, you may be asked to download the active logs and send them to Polycom Global Services.
The system closes and archives the current log files and starts writing new ones. A dialog box informs you that logs have been rolled, and the new log archive appears in the System Log Files list. Click OK. Polycom, Inc.
In addition, the Polycom DMA USB Configuration Utility (on the USB stick used to initially configure the network and system parameters) can restore the Polycom DMA system from a backup file that you load onto the USB stick. Polycom, Inc.
SHA1 checksum for the backup file. You can use this to confirm that a downloaded file is an exact copy of one on the server. Backup and Restore Procedures Caution Restoring from a backup requires a system restart and terminates all active conferences. Polycom, Inc.
Page 175
System Operations Note You can’t restore the system while it’s integrated with a Polycom CMA system. The integration must first be terminated. If you try to restore while integrated with a Polycom CMA system, the system asks if you want to terminate the integration. If you agree to do so, the system logs you out, terminates the integration, and restarts.
Page 176
Click OK. The system logs you out and the server reboots (typically, this takes about five minutes). After it comes back up, in a two-node system, the second node syncs to it, thus being restored to the same state. Polycom, Inc.
Page 177
If autorun doesn’t work or is turned off, navigate to the USB memory stick using My Computer, Windows Explorer, or another file manager. Then start the Configuration Utility by double-clicking dma7000-usb-config.exe. In the DMA USB Configuration Utility window, click Copy a Backup to the USB Stick. Polycom, Inc.
Select the backup file from which you want to restore the system and click Open. The utility displays an error message if the file isn’t a valid Polycom DMA system backup. Otherwise, it confirms that the backup file is in place.
• You can’t upgrade or roll back the system while it’s integrated with a Polycom CMA system. The integration must first be terminated. If you try to upgrade or roll back while integrated with a Polycom CMA system, the system asks if you want to terminate the integration.
Page 180
“MCU Procedures” on page 64. 11 Call Polycom Global Services if: — After waiting significantly longer than the estimated install time, you’re still unable to log back in. — You can log in, but the Dashboard shows only one node for a two-node system.
Page 181
“MCU Procedures” on page 64. Call Polycom Global Services if: — After waiting significantly longer than the estimated install time, you’re still unable to log back in. — You can log in, but the Dashboard shows only one node for a two-node system.
Note You can’t add a server to the system while it’s integrated with a Polycom CMA system. The integration must first be terminated. If you try to add a server while integrated with a Polycom CMA system, the system asks if you want to terminate the integration.
To expand a patched single-server system into a two-node cluster Unpack, inspect, and physically install the second server as described in its Getting Started Guide. Mount it in the rack adjacent to the first Polycom DMA system server (or close enough to connect them with one of the provided crossover Ethernet cables).
Replacing a server is essentially the same process as adding a second server to a single-server system. As in that situation, you must make sure that both servers are running the same version of the Polycom DMA system software. The procedure assumes that you’ve gone through the RMA process and received the replacement server package, which includes the server, its accessories, and a new license activation key.
To replace a failed server in a two-node cluster If you haven’t already done so, power down, uncable, and remove the failed server. Log into your Polycom DMA system and determine the software version (including patch level) installed on the remaining server. Write it down for later reference.
Page 186
DMA Operations Guide Shutting Down and Restarting See also: “Management and Maintenance Overview” on page 151 “Recommended Regular Maintenance” on page 153 Polycom, Inc.
System Reports ® This chapter describes the following Polycom Distributed Media Application™ (DMA™) 7000 system reports topics: • Call History Report • Conference History Report • Export CDR Data • Enterprise Directory Integration Report • Orphaned Groups and Users Report •...
It appears when you click the Show Call Events command (in the Actions list). The following table describes the fields in the list. Table 11-3 Information in the Call Events list Column Description Name Name of the event. Polycom, Inc.
If there are more than 500, the first page lists the first 500, and the arrow buttons below the list let you view other pages. The following table describes the fields in the list. Polycom, Inc.
Associated Calls list. Conference Events The Conference Events list provides much more detail about the selected conference, listing every state change and call event in the course of the conference. The following table describes the fields in the list. Polycom, Inc.
179 “Export CDR Data” on page 183 Export CDR Data The Export CDR Data command lets you download a CSV (comma-separated values) file containing all the call detail records (CDRs) for the time period you specify. Polycom, Inc.
Page 192
The Conference CDR record Field Description CONF Labels this as a conference record. Unique identifier for the conference. logId Human-readable identifier useful for searching logs. start Time the conference began (first conference event). Time the conference ended (last conference event). Polycom, Inc.
Page 193
Time the call ended (session closed). source Endpoint from which the call came. destination Conference room being called. confId ID of the conference that the call joined. join Time the call joined the conference. leave Time the call left the conference. Polycom, Inc.
181 Enterprise Directory Integration Report If the Polycom DMA system is integrated with your enterprise directory, it reads the enterprise directory daily to refresh the information in its cache. It also rereads the directory whenever you update the directory integration settings (Configuration >...
Page 195
• Not required: no groups from that domain have been imported into the Polycom DMA system and all attributes needed were in the global catalog. • Partially loaded or Unable to load: see Error Message and the list of groups with incomplete information for more details.
The Orphaned Groups and Users page reports information about enterprise users and groups that are no longer in the enterprise directory or are no longer accessible to the Polycom DMA system, but for which the system has local data (typically, local conference rooms or customized enterprise conference rooms).
Page 197
The user’s last name. Domain Domain to which the user belonged. Roles Polycom DMA system user roles assigned to the user. Conference Rooms Polycom DMA system custom conference rooms assigned to the user. To remove orphaned groups from the system Go to Reports >...
DMA Operations Guide Conference Room Errors Report Conference Room Errors Report If the Polycom DMA system is integrated with your enterprise directory, it can create a conference room (virtual meeting room) for each enterprise user. See “Enterprise Directory” on page 101.
Page 199
ID. See also: “Export Conference Room Errors Report” on page 192 “Enterprise Directory” on page 101 “Enterprise Directory Integration Report” on page 186 “Orphaned Groups and Users Report” on page 188 “Enterprise Passcode Errors Report” on page 192 Polycom, Inc.
“Adding Passcodes for Enterprise Users” page 111. The Polycom DMA system reads the enterprise directory daily to refresh the information in its cache. It also rereads the directory whenever you update the directory integration settings (Configuration > System > Enterprise Directory).
Page 201
Information in the Enterprise Passcode Errors list Column Description Problem Indicates what the problem is: Chairperson, Conference, or Duplicate. User ID The login name or ID of the enterprise user with this passcode error. Domain The domain to which the enterprise user belongs. Polycom, Inc.
The File Download dialog shows the progress. When the download is complete, click Close. You can open the CSV file with Microsoft Excel or another spreadsheet application. The file contains the same data you see displayed on the Enterprise Passcode Errors page. Polycom, Inc.
Page 203
Export Enterprise Passcode Errors Report System Reports See also: “Enterprise Passcode Errors Report” on page 192 Polycom, Inc.
25 backup 165 information dialog 23 calendar 97 install CA 26 local user account 38 install dialog 24 logging 47 install signed 29 login sessions 36 management list 23 password requirements 37 overview 19 security 32 procedures 26 Polycom, Inc.
Page 206
190 Exchange server integration 97 invalid enterprise passcodes 192 expansion, system 174 iostat command 162 export CDR data 183 IVR service 78 enterprise passcode errors data 194 invalid conference rooms data 192 join CMA 50, 55 Polycom, Inc.
Page 207
69 See MCU pool orders procedures MCU zones site topology 126 See MCU pools system configuration 51 media servers 59 professional services 3 meeting appointments 97 profiles, RMX 75 monitoring the system 156 record retention, history 48 Polycom, Inc.
Page 208
13 templates settings edit dialog 87 conference 96 video frame layout 94 enterprise directory 101, 106 templates, conference history retention 48 about 75 logging 47 add dialog 79 network 41 assigning to enterprise groups 148 server 41 Polycom, Inc.
Page 209
Unicode 6 upgrading X.509 certificates 19 hardware 174 software 170 user groups 144, 148 zone orders, MCU user roles See pool orders, MCU and system access 3 assigning to enterprise groups 148 zones, MCU overview 130 See pools, MCU Polycom, Inc.