Guidelines - Polycom RMX 1500 Administrator's Manual
Multipoint control unit
Hide thumbs
Also See for RMX 1500:
- Administrator's manual (1118 pages) ,
- Getting started manual (192 pages) ,
- Hardware manual (34 pages)
Table of Contents
Advertisement
Polycom RMX 1500/2000/4000 Administrator's Guide
For enhanced security reasons it is necessary for the RMX to process user connection
requests in the same manner, whether they be from regular users accessing the RMX via
the RMX Web Browser / RMX Manager or from application-users representing applications
such as CMA and DMA.
Regular users can connect from any workstation having a valid certificate while application-
users representing applications can only connect from specific servers. This policy ensures
that a regular user cannot impersonate an application-user to gain access to the RMX in order
to initiate an attack that would result in a Denial of Service (DoS) to the impersonated
application.
The connection process for an application-user connecting to the RMX is as follows:
1
2
3
Guidelines
•
•
•
•
•
•
•
•
•
13-2
The application-user sends a connection request, including its TLS certificate, to the
RMX.
The RMX searches its records to find the FQDN that is associated with the application-
user's name.
If the FQDN in the received certificate matches that associated with application-user, and
the password is correct, the connection proceeds.
Application-users are only supported when TLS security is enabled and Request peer
certificate is selected. TLS security cannot be disabled until all application-user accounts
have been deleted from the system.
For Secure Communications, an administrator must set up on the RMX system a machine
account for the CMA system with which it interacts. This machine account must include
a fully-qualified domain name (FQDN) for the CMA system. This FQDN field on the
RMX system is case-sensitive, so it must match the name in the CMA certificate
(including case) exactly.
Application-user names are the same as regular user names.
Example: the CMA application could have an application-user name of CMA1.
The FQDN can be used to associate all user types: Administrator, Operator with the
FQDN of a server.
Multiple application-users can be configured the same FQDN name if multiple
applications are hosted on the same server
If the system is downgraded the application-user's FQDN information is not deleted
from the RMX's user records.
A System Flag, PASS_EXP_DAYS_MACHINE, enables the administrator to change the
password expiration period of application-user's independently of regular users. The
default flag value is 365 days.
The server hosting an application-user whose password is about to expire will receive a
login response stating the number of days until the application-user's password expires.
This is determined by the value of the
PASSWORD_EXPIRATION_WARNING_DAYS System Flag. The earliest warning
can be displayed 14 days before the password is due to expire and the latest warning
can be displayed 7 days before passwords are due to expire. An Active Alarm is created
stating the number of days before the password is due to expire.
The MIN_PWD_CHANGE_FREQUENCY_IN_DAYS System Flag does not effect
application-user accounts. Applications typically manage their own password change
frequency.
Polycom, Inc.
Advertisement
Table of Contents
Troubleshooting
Need help?
Do you have a question about the RMX 1500 and is the answer not in the manual?
Questions and answers