Specifications
Table Of Contents
- Table of Contents
- New Hardware - RMX 1500
- New Hardware - MPMx Media Card
- Version 7.5.0.J - New Security Features
- Version 7.5.0.J - Changes to Existing Security Features
- Version 7.5.0.J - New Features
- Version 7.5.0.J - Changes to Existing Features
- Version 7.5.0.J - Interoperability Tables
- Version 7.5.0.J - Upgrade Package Contents
- Version 7.5.0.J - Upgrade Procedure
- Detailed Description - RMX 1500
- Detailed Description - MPMx Media Card
- Detailed Description - New Security Features
- (PKI) Public Key Infrastructure
- Unique Certificates for all Networked Entities
- Offline Certificate Validation
- Installing and Using Certificates on the RMX
- Default Management Network
- Default IP Network Service
- Managing Certificates in the Certification Repository
- Trusted Certificates
- Personal Certificates (Management and Signaling Certificates)
- CRL (Certificate Revocation List)
- Machine Account
- Integration with Microsoft® Active Directory™
- Multiple Networks
- Antivirus
- Direct Connection to Polycom RMX™ Serial Gateway S4GW
- (PKI) Public Key Infrastructure
- Detailed Description - Changes to Existing Security Features
- Detailed Description - New Features
- Gathering Phase
- Auto Brightness
- Audio Clarity
- Packet Loss Concealment (PLC) for Audio
- Siren 22 and G.719 Audio Algorithm Support
- H.264 High Profile
- New Symmetric HD Resolutions in MPMx Mode
- Additional Call Rates
- H.239 / People+Content
- G.728 Audio Algorithm Support
- Permanent Conference
- Video Preview
- Message Overlay
- Content Broadcast Control
- Copy Cut and Paste Participant
- Copy and Paste Conference
- Resolution Configuration
- High Resolution Slide Enhancements
- Auto Redial when Endpoint Drops
- Multi-RMX Manager - Import/Export RMX Manager Configuration
- Automatic Password Generation
- IVR Provider Entry Queue (Shared Number Dialing)
- Detailed Description - Changes to Existing Features
- End User License Agreement For Polycom® Software
- Corrections and Known Limitations
Detailed Description - New Security Features
57
Machine Account
User names can be associated with servers (machines) to ensure that all users are
subject to the same account and password policies.
For enhanced security reasons it is necessary for the RMX to process user connection
requests in the same manner, whether they be from regular users accessing the RMX
via the RMX Web Browser / RMX Manager or from application-users representing
applications such as CMA and DMA.
Regular users can connect from any workstation having a valid certificate while
application-users representing applications can only connect from specific servers.
This policy ensures that a regular user cannot impersonate an application-user to gain
access to the RMX in order to initiate an attack that would result in a Denial of Service
(DoS) to the impersonated application.
A check box, Associate with a machine and a new field FQDN (Fully Qualified Domain
Name) have been added to the User Properties dialog box.
The connection process for an application-user connecting to the RMX is as follows:
1 The application-user sends a connection request, including its TLS certificate, to the
RMX.
2 The RMX searches its records to find the FQDN that is associated with the
application-user’s name.
3 If the FQDN in the received certificate matches that associated with
application-user, and the password is correct, the connection proceeds.
Guidelines
• Application-users are only supported when TLS security is enabled and Request peer
certificate is selected. TLS security cannot be disabled until all application-user
accounts have been deleted from the system.
•For Secure Communications, an administrator must set up on the RMX system a
machine account for the CMA system with which it interacts. This machine
account must include a fully-qualified domain name (FQDN) for the CMA system.
This FQDN field on the RMX system is case-sensitive, so it must match the name
in the CMA certificate (including case) exactly.
• Application-user names are the same as regular user names.
Example: the CMA application could have an application-user name of CMA1.
•The FQDN can be used to associate all user types: Administrator, Auditor, Operator
with the FQDN of a server.