Polycom RealPresence Collaboration Server (RMX) 1500/2000/4000 Administrator’s Guide
15-2 Polycom, Inc.
Chairperson
A Chairperson can only manage ongoing conferences and participants. The Chairperson
does not have access to the RMX configurations and utilities.
Auditor
An Auditor can only view Auditor Files and audit the system.
Machine Account
User names can be associated with servers (machines) to ensure that all users are subject to
the same account and password policies.
For enhanced security reasons it is necessary for the RMX to process user connection
requests in the same manner, whether they be from regular users accessing the RMX via the
RMX Web Browser / RMX Manager or from application-users representing applications such
as CMA and DMA.
Regular users can connect from any workstation having a valid certificate while application-
users representing applications can only connect from specific servers. This policy ensures
that a regular user cannot impersonate an application-user to gain access to the RMX in order
to initiate an attack that would result in a Denial of Service (DoS) to the impersonated
application.
The connection process for an application-user connecting to the RMX is as follows:
1 The application-user sends a connection request, including its TLS certificate, to the
RMX.
2 The RMX searches its records to find the FQDN that is associated with the application-
user’s name.
3 If the FQDN in the received certificate matches that associated with application-user, and
the password is correct, the connection proceeds.
Guidelines
• Application-users are only supported when TLS security is enabled and Request peer
certificate is selected. TLS security cannot be disabled until all application-user accounts
have been deleted from the system.
•For Secure Communications, an administrator must set up on the RMX system a machine
account for the CMA system with which it interacts. This machine account must include
a fully-qualified domain name (FQDN) for the CMA system.
• Application-user names are the same as regular user names.
Example: the CMA application could have an application-user name of CMA1.
•The FQDN can be used to associate all user types: Administrator, Operator with the
FQDN of a server.
•Multiple application-users can be configured the same FQDN name if multiple
applications are hosted on the same server
• If the system is downgraded the application-user’s FQDN information is not deleted
from the RMX’s user records.
•A System Flag, PASS_EXP_DAYS_MACHINE, enables the administrator to change the
password expiration period of application-user’s independently of regular users. The
default flag value is 365 days.