Available Settings for a Network Provisioning Profile

The following table provides available settings for network provisioning profiles.

Field

For the endpoint systems being provisioned...

General Info

Profile Name

Specify a unique name for the profile

Provisioning Profile Type

Choose the profile type from the drop-down list.

Selectable Provisioning for Group Series

When you select this check box, you can manually select which settings within the provisioning profile are sent to a RealPresence Group Series system. Only the selected settings are provisioned to RealPresence Group Series systems.

For example, if a provisioning setting is blank but still checked, the blank value is still provisioned to the system.

By default, all settings are checked. If you don't want to provision the setting to the RealPresence Group Series system, you must uncheck the individual settings.
Note: If the RealPresence Resource Manager system doesn’t provision the H.323 or SIP settings of RealPresence Group Series, the system doesn’t monitor the H.323 or SIP dialing strings. Directory search of the dialing strings is not supported.

Date and Time Settings

Country

Specify the country code for their location.

Date Format

Specify the date display format.

Auto Adjust for Daylight Saving Time

Specify whether or not to adjust the endpoint's system clock for daylight savings time.

Time Format

Specify the time display format.

Time Server

Specify whether to connect to a time server for automatic system time settings.

Select Auto to require that the video endpoint system synchronize with an external time server that is identified by a network domain controller. Because it is identified by a network domain controller, you do not need to enter the IP address of the time server.

Select Manual to require that the video endpoint system synchronize with an external time server that may not be identified by a network domain controller. In this case, you must also enter the IP address of the time server in the Time Server Address field.

If Time Server is set to Off, or if the Time Server is set to Manual or Auto but the endpoint system cannot connect to the time server, the date and time must be manually reset at the endpoint.

Primary Time Server Address

Specify the address of the primary time server when Time Server is set to Manual.

Secondary Time Server Address

Specify the address of the secondary time server when Time Server is set to Manual.

Timezone

Specify the time difference between GMT (Greenwich Mean Time) and the endpoint system's location.

Firewall Settings

Use Fixed Ports

Specify whether to define the TCP and UDP ports.

  • If the firewall is H.323 compatible or the endpoint systems are not behind a firewall, disable this setting.
  • If the firewall is not H.323 compatible, enable this setting. The endpoint systems will assign a range of ports starting with the TCP and UDP ports you specify. The endpoint system defaults to a range beginning with port 3230 for both TCP and UDP.
Note: You must open the corresponding ports in the firewall. You must also open the firewall's TCP port 1720 to allow H.323 traffic.

Start TCP Port

Lets you specify the beginning value for the range of TCP ports used by the endpoint systems. The endpoint systems will automatically assign a range of ports starting with the port you specify.

Note: You must also open the firewall's TCP port 1720 to allow H.323 traffic.

Start UDP Port

Lets you specify the beginning value for the range of TCP ports used by the endpoint systems. The endpoint systems will automatically assign a range of ports starting with the port you specify.

Enable H.460 Firewall Traversal

Enables the endpoint system to use H.460-based firewall traversal. For more information, see the Administrator's Guide for Polycom HDX Systems.

NAT Configuration

Specify whether the endpoint systems should determine the NAT Public WAN Address automatically.

  • If the endpoint systems are behind a NAT that allows HTTP traffic, select Auto.
  • If the endpoint systems are behind a NAT that does not allow HTTP traffic, select Manual. Then specify a NAT Public (WAN) Address.
  • If the endpoint systems are not behind a NAT or are connected to the IP network through a virtual private network (VPN), select Off.

NAT Public (WAN) Address

When NAT Configuration is set to Manual, specify the address that callers from outside the LAN should use to call the endpoint systems.

NAT is H.323 Compatible

Specify that the endpoint systems are behind a NAT that is capable of translating H.323 traffic.

Address Displayed in Global Directory

Specify whether to include the endpoint system's information in the global directory

  • Select Private to exclude the endpoint from the global directory
  • Select Public to include the endpoint in the global directory

Enable SIP Keep Alives

When checked, SIP Keep Alive messages are enabled.

H323 Settings

Enable IP H.323

Specify whether to enable IP H.323 calls.

Use Gatekeeper

Select one of the following items:
  • Off: Do not use a gatekeeper.
  • Auto: The RealPresence Resource Manager system finds an available gatekeeper automatically.
  • Specify: Specify the gatekeeper IP address in the Gatekeeper Address field.

Gatekeeper Address

When Use Gatekeeper is set to Specify, enter the gatekeeper address.

Notes for endpoints that will use a RealPresence Access Director system or Polycom VBP

If this network provisioning profile is used for endpoints within a site that includes a RealPresence Access Director system or Polycom VBP system, the gatekeeper IP address should be the external or subscriber IP address of the RealPresence Access Director or Polycom VBP system.

Use Gatekeeper for Multipoint Calls

Specify whether multipoint calls use the endpoint system's internal multipoint capability or the Polycom MCU's Conference on Demand feature. This feature is available only if the system is registered with a PathNavigator.

SIP Settings

Enable SIP

Specify whether to enable SIP calls and enable the provisioning of SIP settings.

Automatically Discover SIP Servers

The RealPresence Resource Manager system sends provisioning info telling endpoints to auto discover SIP servers. The endpoint then performs a DNS query to locate the SIP server.

Proxy Server

Specify the IP address or FQDN of the SIP proxy server for the network. If you leave this field blank, the registrar server is used.

Notes for endpoints that will use a RealPresence Access Director system

If this network provisioning profile is used for endpoints within a site that includes a RealPresence Access Director system, the Proxy Server IP address should be the external or subscriber IP address of the RealPresence Access Director.

Registrar Server

Specify the IP address or FQDN of the SIP registrar server for the network.

  • In an Microsoft Office Communications Server 2007 or Microsoft Lync Server 2010 environment, specify the IP address or FQDN of the Office Communications Server or Lync Server server.
  • If registering a remote HDX system with an Office Communications Server Edge Server or Lync Server Edge Server, use the fully qualified domain name of the access edge server role.

Notes for endpoints that will use a RealPresence Access Director system

If this network provisioning profile is used for endpoints within a site that includes a RealPresence Access Director system, the Registrar Server address should be the external or subscriber IP address of the RealPresence Access Director.

Backup Proxy Server

Specify the IP address or FQDN of a backup SIP proxy server for the network.

Notes for endpoints that will use a RealPresence Access Director system

If this network provisioning profile is used for a endpoints within that includes a RealPresence Access Director system, the Backup Proxy Server IP address should be the IP address of the RealPresence Access Director.

Backup Registrar Server

Specify the IP address or FQDN of a backup SIP registrar server for the network.

Notes for endpoints that will use a RealPresence Access Director system

If this network provisioning profile is used for a site that includes a RealPresence Access Director system, the Backup Registrar Server IP address should be the IP address of the RealPresence Access Director.

Transport Protocol

Indicates the protocol the system uses for SIP signaling. The SIP network infrastructure determines which protocol is required.

  • Auto enables an automatic negotiation of protocols in the following order: TLS, TCP, UDP. This is the recommended setting for most environments.
  • TCP provides reliable transport via TCP for SIP signaling.
  • UDP provides best-effort transport via UDP for SIP signaling.
  • TLS provides secure communication of the SIP signaling. TLS is available only when the system is registered with a SIP server that supports TLS. When you choose this setting, the system ignores TCP/UDP port 5060.

Server Type

Specify the type of the SIP registrar server.

You can provision the following SIP registrar servers:
  • Standard (Polycom DMA system)
  • Polycom
  • BroadSoft (BroadWorks)
  • Cisco (Cisco Unified Communications Manager)
  • Avaya (Avaya Communications Manager)
  • Siemens (OpenScape UC Server)
  • Microsoft (Lync of Office Communications Server)

Verify Certificate

Enable this option when the endpoint system's certificate should be verified by the certificate authority.

Use Endpoint Provisioning Credentials

Enable this option when the endpoint system should use the credentials the user entered at the endpoint for authenticating when registering with a SIP registrar server.

Use Enterprise URI

Enable this option with the endpoint should use the SIP URI of the enterprise user (domain user).

Common SIP User Name

Specify the name to use for authentication when registering with a SIP registrar server, for example, msmith@company.com . If the SIP proxy requires authentication, this field and the password cannot be blank.

Common SIP credentials (username and password) can be used when the SIP server does not require unique user credentials.

Common SIP Password

Specify the password that authenticates the system to the registrar server.

Common SIP credentials (username and password) can be used when the SIP server does not require unique user credentials.

Provisioning Settings

Provisioning Polling Interval (minutes)

Specify the frequency at which the endpoint systems poll the RealPresence Resource Manager system for new provisioning information.

By default, this interval is 60 minutes. For performance reasons, the minimum positive value for this interval is 5 minutes. There is no maximum value enforced.

Software Update Polling Interval (minutes)

Specify the frequency at which the endpoint systems poll the RealPresence Resource Manager system for a new software update package.

By default, this interval is 60 minutes. For performance reasons, the minimum positive value for this interval is 5 minutes.

Enable Pano Updates via HTTP

Enable HTTP transfer for Pano software updates.

This option is disabled by default. If disable this option, HTTPS transfer will be used for Pano updates. In this case, you need to install an official certificate to allow HTTPS connection for Pano updates.

Quality of Service Settings

Video Type of Service Value

Specify the IP Precedence or Diffserv value for video packets.

Audio Type of Service Value

Specify the IP Precedence or Diffserv value for audio packets.

FECC Type of Service Value

Specify the IP Precedence or Diffserv value for Far End Camera Control packets.

Type of Service Field

Specify the service type and the priority of IP packets sent to the system for video, audio, and far-end camera control:
  • IP Precedence — Represents the priority of IP packets sent to the system. The value can be between 0 and 5.
  • DiffServ — Represents a priority level between 0 and 63. If this setting is selected, enter the value in the Type of Service Value field.

Maximum Transmission Unit Size (bytes)

Specify the Maximum Transmission Unit (MTU) size used in IP calls. If the video becomes blocky or network errors occur, packets may be too large; decrease the MTU. If the network is burdened with unnecessary overhead, packets may be too small; increase the MTU.

Enable PVEC

Enables the endpoint system to use PVEC (Polycom Video Error Concealment) if packet loss occurs. PVEC delivers smooth, clear video over IP networks by concealing the deteriorating effects of packet loss

Enable RSVP

Enables the endpoint system to use Resource Reservation Setup Protocol (RSVP) to request that routers reserve bandwidth along an IP connection path. Both the near site and far site must support RSVP in order for reservation requests to be made to routers on the connection path.

Enable Dynamic Bandwidth

Specify whether to let the endpoint system automatically find the optimum line speed for a call.

Maximum Transmit Bandwidth (Kbps)

Specify the maximum transmission line speed.

Maximum Receive Bandwidth (Kbps)

Specify the maximum reception line speed.

Operation and Management Type

Specifies the IP Precedence or Diffserv value for traffic not related to video, audio, or

FECC.

Security Settings

Security Profile

Read-only field. Displays the security level of the endpoint.

Enable Dynamic Provisioning for ID/Passwords

This check box must be marked if you want to provision IDs or passwords.

Enable Provisioning for Room Password

Enable or disable room password provisioning.

Use Room Password for Remote Access

Specify whether the local endpoint system password and remote access password are the same.

Room Password

Enter or change the local endpoint system password here.

When the local password is set, you must enter it to configure the system Admin Settings using the remote control. The local password must not contain spaces.

Administrator ID

Enter the administrative account that should be used to access the endpoint system remotely.

Remote Access Password

For endpoint systems, enter or change the remote access password here.

When the remote access password is set, you must enter it to upgrade the software or manage the endpoint systems from a computer. The remote access password cannot include spaces.

Meeting Password

Specify the password users must supply to join multipoint calls on this endpoint system if the call uses the internal multipoint option, rather than a bridge.

This field can also be used to store a password required by another endpoint system that this system calls. If a password is stored in this field, you do not need to enter it at the time of the call; the endpoint system supplies it to the system that requires it. The meeting password cannot include spaces.

Enable Secure Mode

Specify whether to operate in secure mode (also known as security mode), which uses TLS, HTTPS, AES, digital signatures, and other security protocols, algorithms, and mechanisms. These protocols encrypt management communication over IP, preventing access by unauthorized users.

When devices at a site are provisioned to operate in secure mode, the RealPresence Resource Manager system can only perform the dynamic management operations of automatic provisioning, automatic software update, and directory and presence services for the devices. The RealPresence Resource Manager system cannot perform monitoring or control operations for the devices.

For more information, see the Administrator's Guide for Polycom HDX Systems.

AES Encryption

Specify how to encrypt calls with other sites that support AES encryption.

  • Off—No encryption is used.
  • When Available—AES Encryption is used with any endpoint that supports it, even if the other endpoints in the call don't support it.
  • Required for Video Calls Only—AES Encryption is used for all video endpoints in the call. Analog phone and voice over ISDN connections are allowed. Video endpoints must support AES Encryption to participate in the call.
  • Required for All Calls—AES Encryption is used for all video endpoints in the call. Analog phone and voice over ISDN connections are not allowed. All endpoints must. support AES Encryption to participate in the call.

Enable Web Access

Specify whether to allow remote access to the endpoint system by the web.

Note: The endpoint systems will restart if the remote access settings are changed. This setting does not deactivate the associated port, only the application. Use the Web Access Port setting to disable the port.

Enable HTTPS only

Select this check box to allow the endpoint to connect only using HTTPS.

Enable Telnet Access

Specify whether to allow remote access to the system by Telnet.

Note: The endpoint systems will restart if the remote access settings are changed. This setting does not deactivate the associated port, only the application. Use the Web Access Port setting to disable the port.

Web Access Port

This port setting only works for HTTP port.

Specify the port to use when accessing the endpoint system's web interface.

If you change this from the default (port 80), specify a port number of 1025 or higher, and make sure the port is not already in use. You will need to include the port number with the IP address when you use the Polycom HDX web interface to access the system. This makes unauthorized access more difficult.

Note: The system restarts if you change the web access port.

Allow Video Display On Web

Specify whether to allow viewing of the room where the endpoint system is located, or video of calls in which the endpoint system participates, using the endpoint system's web interface.

Note: This feature activates both near site and far site video displays in Web Director.

NTLM Version

Specify the NTLM version the endpoint system should use to authenticate.

Security Settings 2

Idle Session Timeout in Minutes

When sessions are enabled, Specify the number of minutes your system can be idle before the session times out.

Lock Port after Failed Logins

Specify the number of failed login attempts allowed before the system locks the account. If set to Off, the system will not lock the user account due to failed login attempts.

This selection controls local and web interface login attempts. For example, if you select 3 here, a user who fails to log in properly twice on the web interface and twice on the local interface is locked out on the fourth attempt.

Failed Login Window in Hours

Specify the amount of time that the account remains locked due to failed login attempts.

Port Lock Duration in Minutes

Specify the amount of time that the port remains locked due to failed login attempts.

Maximum Peer Certificate Chain Depth

Specify how many links a certificate chain can have. The term peer certificate refers to any certificate sent by the far-end host to the HDX system when a network connection is being established between the two systems.

Verify Certificates for all Web Access

Specify whether the endpoint requires certificate validation to access the endpoint.

Enable NIDS

Enable Network Intrusion Detection messages.

FIPS 140 Mode

Support FIPS 140.

Enable Security Classification

Helps RealPresence Group system call participants remain conscious of the security classification when in a BroadWorks managed call.

Enable SCEP

Enable support for Simple Certificate Enrollment Protocol.

SCEP URL

Refer to the Polycom RealPresence Group Series Administrator Guide for information on these provisioning properties.

Challenge Password

Auto Renewal

Threshold Days

Threshold Percentage

Enroll Retry Interval

Renewal Attempts

CA Profile

Common Name

Organization Unit

Organization

City Or Locality

State Or Province

Country

SCEP Email

Select one of the followings from the drop-down list:
  • User Email: The email address of the endpoint's provisioned sign-in account used as the SCEP email.
  • None: RealPresence Resource Manager doesn't set the user email as the SCEP email. You can configure this setting on the endpoint.

Whitelist

Enable Whitelist of IPs

When a white list is enabled, enables access to an endpoint's web interface only by those systems with an IP address that matches a pattern using regular expression notation.

Enter all IPs allowed to Connect via the web

Specify (by IP addresses using regular expression notation) which systems can access an endpoint's web interface. Addresses are matched by pattern, which means that you could allow IP address that you did not mean to allow. For example, if you entered an IP address of 15.1.2.111, all of the following results would match:
  • 15.1.2.111
  • 15.182.1.11
  • 15.1.252.111

If you want to allow a range of IP addresses, use the * wildcard instead. For example, enter 10.11.*.* to allow all IP addresses that begin with 10.11.

General Settings

Heartbeat Posting Interval (minutes)

Specify the frequency at which the endpoint systems poll the RealPresence Resource Manager system for a heartbeat.

In Call Stats Posting Interval (minutes)

Specify the frequency at which the endpoint systems poll the RealPresence Resource Manager system for in call statistics.

Calendaring Settings

Automatically Discover Exchange Server

Specify that the RealPresence Resource Manager system should discover the Microsoft Exchange server for the site by searching DNS records.

If you have configured a Calendar Connector, you should use the Specify Exchange Server field instead.

Specify Exchange Server

Specify that the RealPresence Resource Manager system should use the Microsoft Exchange server specified in the Exchange Server Address field.

Exchange Server Address

Specify the IP address or FQDN of the Microsoft Exchange server for the site.

If you have configured a Calendar Connector, put the RealPresence Resource Manager system FQDN in this field.

Enterprise Directory Settings

Group Display Name

Specify whether the RealPresence Resource Manager system should identify groups by their common name (cn) or their DisplayName. These names are extracted from the Active Directory.

User Display Name

Specify whether the RealPresence Resource Manager system should identify users by their common name (cn) or their DisplayName. These names are extracted from the Active Directory.

Enterprise Directory Admin Group

Specify the Active Directory group whose members should have access to the Admin settings on the HDX system. This name must exactly match the name in the Active Directory server for authentication to succeed.

Enterprise Directory User Group

Specify the Active Directory group whose members should have access to the User settings on the HDX system. This name must exactly match the name in the Active Directory server for authentication to succeed.

Use Default Authentication Server

This check box is only available if you have marked the Enterprise Directory Admin Group or the Enterprise Directory User Group.

When checked, endpoints will use the RealPresence Resource Manager system's IP address as the IP for the authentication server.

If you have marked the Enterprise Directory Admin Group or the Enterprise Directory User Group and leave this check box unchecked, you must indicate an authentication server for provisioned endpoints.

Authentication Server

This check box is only available if you have marked the Enterprise Directory Admin Group or the Enterprise Directory User Group.

If you have marked the Enterprise Directory Admin Group or the Enterprise Directory User Group and have NOT marked the Use Default Authentication Server check box, you must indicate an authentication server for provisioned endpoints.

Directory Settings

Provision directory service for hardware endpoints

Specifies that directory services will be enabled for all endpoints, including hardware endpoints.

If unchecked, directory services are only provisioned to software endpoints.

Use Default Directory Server

Use the RealPresence Resource Manager system to provide the directory service.

Directory Server

When the Use Default Directory Server radio button is unchecked, you can use the Directory Server field enter the IP address of the directory server you wish to use.

Verify Certificate

Enable this option when the endpoint system's certificate should be verified by the certificate authority.

Presence Settings

Use Default Presence Server

Use the RealPresence Resource Manager system to provide the presence service.

Presence Server

When the Use Default Presence Server button is unchecked, you can use the Presence Server field enter the IP address of the presence server you wish to use.

Verify Certificate

Enable this option when the endpoint system's certificate should be verified by the certificate authority.

SNMP Settings

Enable SNMP Access

Specify whether to allow remote access to the system by SNMP.

The endpoint will restart if the remote access settings are changed. This setting does not deactivate the associated port, only the application.

SNMP Version1

Select to enable SNMP Version1.

SNMP Version2C

Select to enable SNMP Version2C.

SNMP Version3

Select to enable SNMP Version3.

Transport Protocol

Select TCP or UDP.

Listening Port

The default port is 161.

Read-only community

For SNMPv2c, specifies the context for the information, which is the SNMP

group to which the devices and management stations running SNMP belong.

The RealPresence RealPresence Resource Manager system has only one

valid context—by default, public—which is identified by this Community

name. The RealPresence RealPresence Resource Manager system will not

respond to requests

Contact Name

Specifies the name of the per son responsible for remote management of this system

Location Name

Specifies the location of the system.

User Name

Specifies the SNMPv3 User Security Model (USM) account name that will be used for SNMPv3 message transactions. The maximum length is 64 characters

Auth Algorithm

Specifies the type of SNMPv3 authentication algorithm used:
  • SHA
  • MD5

Auth Password

Specifies the SNMPv3 authentication password. The maximum length is 48 character

Privacy Algorithm

Specifies the type of SNMPv3 cryptography privacy algorithm used.

  • CFB-AES128
  • CBC-DES

Privacy Password

Specifies the SNMPv3 privacy (encryption) password. The maximum length is 48 characters.

Notification Receiver 1

Enter the following information:

Server Address

SNMP Version

Listening Port

Trap/Inform

Notification Receiver 2

Enter the following information:

Server Address

SNMP Version

Listening Port

Trap/Inform

Notification Receiver 3

Enter the following information:

Server Address

SNMP Version

Listening Port

Trap/Inform

Content Settings (for Polycom Pano System)

Enable Pairing PIN

Select this check box to enable paring PIN for content sharing using the Polycom Pano system. It is selected by default.

Enable Polycom Cloud Service

Enable this option to allow the Polycom Pano system to be provisioned by the Polcyom Cloud Service. It is not selected by default.

Enable Software Updates by Polycom Cloud Service

This option is available only after you select the Enable Polycom Cloud Service check box.

Enable this option to allow the Polycom Pano system software updates to be managed by the Polcyom Cloud Service.

Allow Content to be Saved from Primary Network

Allows meeting participants to save content snapshots using the Pano App.