System Security
Polycom, Inc. 52
Allow unencrypted connections to
the Active Directory
Normally, the Polycom RealPresence DMA system connects to Active
Directory using SSL or TLS encryption. But if the Active Directory server or
servers (including domain controllers if you import global groups) aren’t
configured to support encryption, the Polycom RealPresence DMA system
can only connect using an unencrypted protocol. This option allows such
connections if an encrypted connection can’t be established.
This configuration causes an extreme security flaw: the unencrypted
passwords of enterprise users are transmitted over the network, where they
can easily be intercepted.
Use this option only for diagnostic purposes. By toggling it, you can determine
whether encryption is the cause of a failure to connect to Active Directory or to
load group data. If so, the solution is to correctly configure the relevant
servers, not to allow ongoing use of unencrypted connections.
Allow unencrypted connections to
MCUs
Normally, the Polycom RealPresence DMA system uses only HTTPS for the
conference control connection to RealPresence Collaboration Server or RMX
MCUs, and therefore can’t control an MCU that accepts only HTTP (the
default). This option enables the system to fall back to HTTP for MCUs not
configured for HTTPS.
We recommend configuring your MCUs to accept encrypted connections
rather than enabling this option. When unencrypted connections are used, the
RealPresence Collaboration Server or RMX login name and password are
sent unencrypted over the network.
Allow unencrypted calendar
notifications from Exchange
server
Normally, if calendaring is enabled, the Polycom RealPresence DMA system
gives the Microsoft Exchange server an HTTPS URL to which the Exchange
server can deliver calendar notifications. In that case, the Polycom
RealPresence DMA system must have a certificate that the Exchange server
accepts in order for the HTTPS connection to work.
If this option is selected, the Polycom RealPresence DMA system does not
require HTTPS for calendar notifications.
We recommend installing a certificate trusted by the Exchange server and
using an HTTPS URL for notifications rather than enabling this option.
Allow basic authentication to
Exchange server
Normally, if calendaring is enabled, the Polycom RealPresence DMA system
authenticates itself with the Exchange server using NTLM authentication.
If this option is selected, the Polycom RealPresence DMA system still
attempts to use NTLM first. But if that fails or isn’t enabled on the Exchange
server, then the RealPresence DMA system falls back to HTTP Basic
authentication (user name and password).
We recommend using NTLM authentication rather than enabling this option.
In order for either NTLM or HTTP Basic authentication to work, they must be
enabled on the Exchange server.
Field Description