Professional Documents
Culture Documents
Polycom Realpresence Clariti Advanced Solution Guide 9-23-2018
Polycom Realpresence Clariti Advanced Solution Guide 9-23-2018
Copyright © 2018, Polycom, Inc. All rights reserved. No part of this document may be reproduced, translated into
another language or format, or transmitted in any form or by any means, electronic or mechanical, for any purpose,
without the express written permission of Polycom, Inc
6001 America Center Drive
USA
Trademarks Polycom®, the Polycom logo and the names and marks associated with Polycom
products are trademarks and/or service marks of Polycom, Inc. and are registered and/or common law
marks in the United States and various other countries.
All other trademarks are property of their respective owners. No portion hereof may be reproduced or
transmitted in any form or by any means, for any purpose other than the recipient's personal use,
without the express written permission of Polycom.
End User License Agreement By installing, copying, or otherwise using this product, you
acknowledge that you have read, understand and agree to be bound by the terms and conditions of
the End User License Agreement for this product. The EULA for this product is available on the
Polycom Support page for the product.
Patent Information The accompanying product may be protected by one or more U.S. and foreign
patents and/or pending patent applications held by Polycom, Inc.
Open Source Software Used in this Product This product may contain open source software. You
may receive the open source software from Polycom up to three (3) years after the distribution date of
the applicable product or software at a charge not greater than the cost to Polycom of shipping or
distributing the software to you. To receive software information, as well as the open source software
code used in this product, contact Polycom by email at mailto:OpenSourceVideo@polycom.com (for
video products) or mailto:OpenSourceVoice@polycom.com (for voice products).
Disclaimer While Polycom uses reasonable efforts to include accurate and up-to-date information in
this document, Polycom makes no warranties or representations as to its accuracy. Polycom assumes
no liability or responsibility for any typographical or other errors or omissions in the content of this
document.
Customer Feedback We are striving to improve our documentation quality and we appreciate your
feedback. Email your opinions and comments to mailto:DocumentationFeedback@polycom.com.
Polycom Support Visit the Polycom Support Center for End User License Agreements, software
downloads, product documents, product licenses, troubleshooting tips, service requests, and more.
• Video, audio, and content bridging for H.323, SIP, and WebRTC calls up to 1080p
• An H.323/SIP video call control engine for simplified dial plans, automated VMR creation, bridge
visualization, and UC integrations
• A video firewall edge application providing H.323/SIP dialing and registration for remote workers
and business to business (B2B), and business to customer (B2C) user scenarios
• Video recording and streaming with a free trial of Polycom® RealPresence® Media Suite, which
transforms any workspace into a media studio
• Powerful analytics that monitor performance, capacity, and utilization to improve user
experiences, drive higher adoption, and empower decision making
• A standards-based solution with a rich set of SDKs, developer’s forum, and that Polycom
Sandbox for custom integrations
Related Topics
Related Topics
Related Topics
Related Topics
Connecting to Meetings
Depending on the deployed workflow model and the device from which a user is connecting, users can
connect to meetings by dialing a VMR from a remote control or Polycom Touch Control, clicking on a
SIP URI from a desktop client, or walking into a room to join a conference that was scheduled in
advance.
To better explain the options available to you when configuring how users connect to meetings, this
topic provides a sample company and a list of workflows they use.
Example Company A
Company A is configured with the following conditions and network configurations.
• Company A supports video conferencing participation from both internal and external users
using RealPresence Web Suite, which enables users to schedule meetings using the
RealPresence Web Suite Services Portal and enables anyone to join meetings over a web
browser.
• The help desk handles company-wide meetings or specific vendor events where they want the
events scheduled and dialed out. These are typically high-definition conferences that utilize a
mixture of devices and connection methods, including dial-in audio and RealPresence Web
Suite connections. These calls typically have a high level of attendance from all locations and
can span more than one RealPresence Collaboration Server.
Company A settles on three distinct workflows to enable all employees to collaborate simply and easily
without much user training or help desk support.
• Self-service conferencing
• Users connect to meetings from multiple types of devices, including room systems, desktop
clients, and mobile devices
From an IT perspective, video conferencing usage in Company A is about 90 % self-service once each
employee receives a personal VMR.
• The users are in the Headquarter and home office of the Company A or will connect to the VMR
from the Internet.
• All endpoints and clients are directly registered to the RealPresence DMA or RealPresence
Access Director of Company A.
• All users establish an audio or video call to the VMR using the Remote Control, Touch Control,
RealPresence Touch, Web UI, and Keypad.
• The VMR can be called by dialing the E.164 number, SIP/TEL URI or IP address + Dial String
(## or @) using manual dial, speed dial button and directory entry. All IVR services are
available.
• During the call, content can be sent from each user using VGA, HDMI, USB, UI, Web UI,
People&Content IP, Pano, and RealPresence Desktop. Content is received from all other users
Printed as
from Polycom,
dual streamInc. (http://documents.polycom.com)
(H.239/BFCP/HTML5) in the highest available resolution and frame rate.Page 12
• Automatic recording or manual recording is available. Transcoding of audio, video, and content
algorithm and speed is available.
• The highest available bandwidth for each call is based on the VMR profile setting.
Operator-Assisted Conferencing (Dial-Out)
In Company A’s dial-out model, users do not start or stop their own conferences. Instead, they use a
centralized reservation service that is managed either by an internal service desk or by an external
VNOC. This method of connecting to meetings is very popular with certain workgroups that schedule
meetings that take place in conference rooms. The video conference starts automatically according to
the schedule without any user interaction.
Multipoint meetings at Company A are usually scheduled in advance and initiated using operator
assisted services. The operator sets up the conference by dialing out to all participants so the user
does not need to launch the call locally.
This solution is adapted to help people who feel that using multiple button functions on the remote
control to connect to a conference causes confusion and frustration. This dialing method reduces the
functions of the remote control to just one—entering the conference ID (VMR number) whenever a
user clicks any button on the remote control.
• The users are in the Headquarters and home office of the Company A or will connect to the
VEQ through the Internet.
• All endpoints and clients are directly registered to the RealPresence DMA or RealPresence
Access Director of Company A.
• All users establish an audio or video call to the VEQ using the Remote Control, Touch Control,
RealPresence Touch, Web UI and Keypad.
• The VEQ can be called by dialing the E.164 number, SIP/TEL URI or IP address + Dial String
(## or @) using manual dial, speed dial button and directory entry. All IVR services are
available.
• During the call, content can be sent from each user using VGA, HDMI, USB, UI, Web UI,
People&Content IP, Pano, and RealPresence Desktop. Content is received from all other users
as dual stream (H.239/BFCP/HTML5) in the highest available resolution and frame rate.
The RealPresence DMA system provides endpoint registration, call processing, and call admission
control. Call control design considerations include the dial plan, endpoint addressing, call admission
control, external connectivity, and general trunking requirements.
• Call at any data rate or bandwidth with support for resolutions up to 1080p 60, fully transcoded
• Support for the latest technologies, including H.264 High Profile for optimal resource utilization
• Support for point-to-point calls with integrated dial-through gateway capabilities (ISDN, SIP, and
H.323)
• Ability to scale to 50,000 devices to manage H.323 and SIP supported endpoints, bridges, and
recording servers
• An API suite for direct integrations into your key applications and systems
• Scheduling options through the browser-based user interface or APIs for a application
• An application that combines remote and B2B calling scenarios with SIP, H.323, and HTTP
tunneling capabilities, enabling a seamless video collaboration experience within and beyond
the firewall
• Collaboration over video while on the go, in the office, or from home
• Support for up to 1000 simultaneous video calls securely without requiring additional client
hardware or software
• Leverage of existing investments in UC products and IT infrastructure, which enable you to build
towards a SIP-based future
• Easy, secure, and reliable extension of video collaboration to your mobile workforce
Through the RealPresence Web Suite Services Portal, users create and participate in online video
conference meetings. Users create meetings by logging in to the RealPresence Web Suite Services
Portal, selecting the type of meeting they want to create, setting the meeting parameters, and entering
a list of participants to invite. In RealPresence Web Suite Services Portal, administrators can create
and manage users and configure the components for online video conference meetings.
The RealPresence Media Suite solution can be used as a standalone solution to provide video content
management functions with built-in tools or integrate with third-party systems to support recording,
streaming, and various content editing and management functions.
The RealPresence Media Suite solution also introduces an easy-to-use User Portal where customers
can easily start recording, create live events, and share media files.
By leveraging RealPresence Media Suite solution with existing telepresence systems, video
conferencing endpoints and video infrastructure, or familiar unified communications (UC) tools, your
organization can easily convert real-time conferences and events into reusable multimedia assets.
• Room system: Polycom RealPresence Group Series, and Polycom® RealPresence Debut™
endpoints are an ideal fit for any type of collaborative environment, from huddle rooms to large
classrooms, and open workspaces.
Related Topics
Planning the RealPresence Clariti Solution
Assign IP Addresses
Allocate static IP addresses at the data center for different servers.
RealPresence Resource
rprm.mycompany.com 192.0.2.2
Manager
RealPresence DMA dma.mycompany.com 192.0.2.7
RealPresence Collaboration
rpcs.mycompany.com 192.0.2.3
Server
172.16.0.1
192.0.2.14 (management)
RealPresence Collaboration
-
Server 1800 192.0.2.15 (signalling and
media)
Polycom recommends configuring the following FQDNs as split-horizon DNS records on internal and
public DNS server.
Related Topics
This document assumes that administrators have knowledge of the following systems, that these
systems are already deployed:
• Components of the Polycom RealPresence Clariti solution. You can access Polycom product
documentation and software at Polycom Support.
Configuring Certificates
You must install a security certificate on the RealPresence Resource Manager.
Related Topics
Procedure
1 Go to Admin > Management and Security > Certificate Management.
3 In the Certificate Request Data dialog, enter the following information for your RealPresence
Resource Manager system.
Field Description
4 Click OK.
5 In the Create Certificate Signing Request dialog, click OK.
Related Topics
Configuring Certificates
Request a Certificate
You can request a certificate from a third-party Certificate Authority.
Procedure
1 Navigate to the Certificate Authority and click Request a Certificate.
Configuring Certificates
Related Topics
Configuring Certificate
Related Topics
Related Topics
Configuring Certificates
Related Topics
Configuring Certificates
Related Topics
Prerequisite
Before installing a certificate or certificate chain provided by the certificate authority, be sure that you
received the certificate or certificate chain in one of the following forms:
• A PFX, P7B, or single certificate file that you’ve saved on your computer.
• PEM-format encoded text that you received in an email or on a secure web page.
Installing or removing certificates requires a system restart. When you install a certificate, the change
is made to the certificate store immediately, but the system will not recognize or use the new certificate
until it restarts and reads the changed certificate store.
The RealPresence Resource Manager system must be running on an Internet Explorer browser in
order to upload a file.
Procedure
1 Go to Admin > Management and Security > Certificate Management.
2 Click Install Certificates.
3 Click Upload Certificate, and browse to the file or enter the path and file name.
Related Topics
Configuring Certificates
Related Topics
Procedure
1 On the Active Directory server, go to Start > Programs > Administrative Tools > Active
Directory Users and Computers to open Active Directory Users and Computers window.
2 Select the node for your domain.
3 Right-click the Organizational Unit (OU) folder in which to add the computer account, and select
New > Computer.
You have configured a machine account that you can use for RealPresence Resource Manager single
sign-on.
Related Topics
Procedure
1 Go to Admin > Directories > Enterprise Directory.
2 On the Enterprise Directory page, select Integrate with Enterprise Directory Server.
3 Enter the DNS Name for the enterprise directory server.
4 Enter Domain\Enterprise Directory User ID and Enterprise Directory User Password. Other
fields can be left as default or configure if you needed.
Procedure
1 Go to Network Device > Instances.
2 On the Instances page, select the RealPresence DMA that you want to integrate with the
RealPresence Resource Manager, click the button.
6 In the Instances page, check that the is added for RealPresence DMA status.
Related Topics
Procedure
1 Go to Admin > Server Settings > Email.
Related Topics
Site topology information describes your network and its interfaces to other networks, including the
following elements:
• Site: A local area network (LAN) that generally corresponds with a geographic location such as
an office or plant. A site contains one or more network subnets, so a device’s IP address
identifies the site to which it belongs.
• Network clouds: A Multiprotocol Label Switching (MPLS) network cloud defined in the site
topology. An MPLS network is a private network that links multiple locations and uses label
switching to tag packets with origin, destination, and Quality of Service (QoS) information.
Note MPLS clouds are not associated with an IP address range, so they can be used to
group multiple subnets. They could also represent a service provider.
While links to MPLS clouds have bandwidth and bit rate limitations, the cloud is infinite. In this
way, clouds reflect the way in which businesses control bandwidth and bit rate.
• Internet/VPN: An entity that represents your network’s connection to the public Internet.
• Site link: A network connection between two sites or between a site and an MPLS network
cloud.
• Territory: A grouping of one or more sites for which a RealPresence Resource Manager system
is responsible.
The site topology you create within the RealPresence Resource Manager system should reflect your
network design. Consider the following information and best practices when creating your site
topology:
• If possible, connect all sites to an MPLS cloud. MPLS clouds are like corporate networks, used
to connect multiple subnets in multiple sites, but all servicing a company.
• Avoid cross loops or multiple paths to a site; otherwise a call may have different paths to a
single destination. The more cross, circular, and multi paths you have, the higher the number of
calculations for a conference.
• Link sites that aren’t connected to an MPLS cloud directly to another site that is connected to an
MPLS cloud. Do not create orphan sites.
• Calls are routed through a bridge, so bandwidth and bit rate limits for the site and subnet apply
to all calls made using that bridge.
• Reserve the Internet/VPN “site” for IP addresses that fall outside your private or corporate
network (for example remote workers), because all calls routed to the Internet/VPN site will be
routed through the site on your private or corporate network that has Internet access.
Related Topics
Add a Site
RealPresence Resource Manager has default site Internet/VPN, and associates with registered
endpoint by default. Polycom recommends adding new site based on the needs of your network
topology. You can define a new site in the system’s site topology and specify which subnets are
associated with it.
You can define overlapping subnets within a site or between sites. Larger subnets can contain smaller
ones. When the system determines which subnets a given IP address belongs to, it chooses the
subnet with the longest IP match.
For example:
Subnet1 = 10.0.0.0/8
Subnet2 = 10.33.24.0/24
The IP address 10.33.24.70 belongs to subnet2, while the IP address 10.22.23.70 belongs to subnet1.
• To add a site in the Site Topology page, go to Site Actions > Add.
2 Complete the General Info. The minimum information required is Site Name, Description, and
Location.
SIP Routing
Allowed via SIP aware firewall Enables call routing through the Internet,
using an SIP-aware firewall.
Note
• Mask Length
Related Topics
A link can connect two sites, or it can connect a site to an MPLS network cloud.
Before you can create a site link, you must add two or more sites to the system.
Procedure
1 Go to Network Topology > Site-Links.
2 In the Site-Links page, click .
3 In the Add Site-Link dialog, enter a Name and Description for the link and select the starting
(From Site) and ending (To Site) sites.
4 Enter the Bandwidth and Max Bit Rate and click Save.
You can define any bandwidth limitations between the two sites.
The new link appears on the Site Links page.
The Network Clouds page contains a list of the MPLS (Multiprotocol Label Switching) network clouds
defined in the site topology.
Note MPLS clouds are not associated with an IP address range, so they can be used to group
multiple subnets and could also represent a connection to a service provider.
Procedure
1 Go to Network Topology > Network Clouds.
2 In the Network Clouds page, click Add .
3 In the Cloud Info section of the Add Network Cloud dialog, enter a unique and meaningful
Cloud Name and Description for the cloud.
4 Click Linked Sites to create a link between sites and the network cloud.
5 In the Search Sites field, enter all or part of the site name or location and click Search.
The list of sites containing the search phrase appear in the Search Results column.
6 Select one site to link with the network cloud and then click the down arrow to move it to the
Selected Sites column.
Linked Sites
Enter search string or leave blank to find all
Search Sites
sites.
7 The Add Site Link dialog appears to let you change the bandwidth limitation between this site
and the MPLS cloud. Change the bandwidth limitation between each site and the MPLS cloud.
You can define any bandwidth limitations between each Site and the MPLS Cloud. The following
images show the bandwidth values for each site link.
10 Click OK.
Add a Territory
The Territories page contains a list of the territories defined in the site topology. Territory is a set of one
or more sites for which a RealPresence DMA system is responsible. After RealPresence Resource
Manager integrates with RealPresence DMA, by default, there are two territories, one is named Default
RealPresence Resource Manager Territory and the other is named Default DMA Territory (DMA host
name), and the RealPresence DMA instance is the primary node of the two territories.
By default, the Default DMA Territory is used for communication. Polycom recommends adding new
territory based on the needs of your network topology, especially in DMA supercluster environment.
Procedure
1 Go to Network Topology > Territories.
Field Description
Territory Info
A meaningful name for the territory (up to
Territory Name
128 characters).
A brief description of the territory (up to 200
Description
characters).
Enter dma.mycompany.com
When integrating with a RealPresence DMA
system, enter the management FQDN or IP
Primary Cluster
address of the primary cluster that will
manage this territory. Do this step AFTER
you integrate with a RealPresence DMA
system.
4 Click OK.
Related Topics
When you dynamically manage endpoints (have the endpoint use the RealPresence Resource
Manager as its provisioning server), you can automatically configure them by using provisioning
profiles.
Related Topics
The RealPresence Resource Manager system comes with a default network provisioning profile
Default Network Provisioning Profile that can be edited to include information specific to your
environment. By default, endpoint uses this default provisioning profile for provisioning. You can edit
the Default Network Provisioning Profile or add new provisioning profile and new rule using for
specified site. Both of them will use the same settings introduced in this section. Polycom recommends
adding new provisioning profile based on the needs of your network topology.
Procedure
1 Go to Endpoint > Dynamic Management > Provisioning Profiles.
If you want to edit the default profile, select Default Network Provisioning Profile, and click
3 In the General Info page, set the Profile Name and select Network Provisioning Profile for
Provisioning Profile Type.
Related Topics
As soon as an endpoint is configured to use the RealPresence Resource Manager for its provisioning
server, it starts polling for provisioning profile updates. To ensure out-of-box usability, the
RealPresence Resource Manager system comes with a default Admin Config provisioning Profile. This
default profile cannot be customized with any rule. You need to create new Admin Config provisioning
profiles to customize endpoint configuration settings in your video environment.
Procedure
1 Go to Endpoint > Dynamic Management > Provisioning Profiles.
click .
3 In the Edit Profile dialog, select Call Settings.
4 Set 1920 to Maximum Speed for Receiving Calls(Kbps) and Preferred Speed for Placing
Calls(Kbps).
Related Topics
Procedure
1 Go to Endpoint > Dynamic Management > Provisioning Rules.
2 Click .
3 In the General Info page, enter a name for the new rule and check the Active check box.
4 Click to add new condition.
• Type: Site
• Attribute: Site
• Operator: =
• Value: the site you want to use this rule for endpoint provisioning
6 Click OK.
7 Check the Condition just has been added.
10 Click OK.
11 Check the rule result.
Related Topics
Procedure
1 Go to Endpoint > Dynamic Management > SIP URI.
2 Check the Auto-generate SIP URIs for all users and Use the user's email address as their
SIP URI check boxes.
The setting automatically populates the SIP URI field of each user and thus allow other
endpoints to dial someone by email address.
Related Topics
Procedure
• Optional: Define an E.164 Address Scheme. You can keep the default setting, or configure
according to your environment.
1 Select Use Phone Number for the Base Field, and choose the Maximum number of
digits to use.
Related Topics
Add a User
Add a local user for endpoint provision.
Procedure
Field Description
Related Topics
Provision Endpoint
Enable the provisioning from endpoint (take RealPresence Group Series as an example), and you can
manage the RealPresence Group Series from RealPresence Resource Manager.
Procedure
1 Connect the RealPresence Group Series Web UI.
2 Go to Admin Settings > Servers > Provisioning Service.
3 Check the Enable Provisioning and enter the information of the user who you create for
provisioning. You also can enter the enterprise user for provisioning.
11 You can click other action to manager the RealPresence Group Series from the RealPresence
Resource Manager.
Related Topics
Procedure
1 From the RealPresence Resource Manager user interface, go to Network Device > Instances.
Field Description
4 Select the Service Integration tab, and enter RealPresence Access Director internal signaling
and access proxy IP address in Provider-side Proxy IP Address.
Depends on your RealPresence Access Director network settings, the RealPresence Access
Director management address, and the internal signaling and access proxy address may be
different.
5 Click OK.
Related Topics
Procedure
1 From the RealPresence Resource Manager user interface, go to Network Topology > Sites.
2 Click Add .
3 Complete the General Info and Subnet. Leave the default settings for H.323 Routing and SIP
Routing.
The IP address of Subnet must be the internal signaling address of RealPresence Access
Director.
Field Description
General Info
A meaningful name for the site, this name
Site Name
can be 64 characters (ASCII only) long.
Description A brief description (ASCII only) of the site.
The country code for the country in which
Country Code
the site is located.
The city or area code for the site. Do not
Area Code include a leading zero. For example, the city
code for Paris is 01. Enter 1 in this field.
Choose the territory to which the site
Territory
belongs.
Click Specify Location and fill in the
Location country and city and the RealPresence
Resource Manager shows the location field.
Total Bandwidth (Mbps) The total bandwidth of the pipe at the site.
The maximum bandwidth that can be used
Call Max Bit Rate (kbps) for each intrasite call at the site. The default
and maximum value is 2000000 (2 GB).
Subnets
Subnet IP Address/Mask Specifies the subnets within the site. For
each subnet, include:
• IP Address range
• Mask Length
• Total Bandwidth
Related Topics
Procedure
1 From the RealPresence Resource Manager user interface, go to Endpoint > Dynamic
Management > RPAD Server Provisioning Profiles.
2 Click Add .
3 In the General Info, enter a name for the new provisioning profile.
4 Select Server Provisioning Profile from Provisioning Profile Type drop-down list.
7 Click OK.
Related Topics
Procedure
1 From the RealPresence Resource Manager user interface, go to Endpoint > Dynamic
Management > Provisioning Profiles.
2 Click Add .
3 Add a Profile Name, and set Provisioning Profile Type to Network Provisioning Profile.
Check the Enable H.460 Firewall Traversal and Enable SIP Keep Alives to provision external
endpoints.
• Enter the external Natted IP address in the Proxy Server and Registrar Server.
• Configure the Directory Server to the external natted address of RealPresence Access
Director.
• Configure the Presence Server to the external natted address of RealPresence Access
Director.
10 Click OK.
Related Topics
Configure Endpoints
Procedure
1 From the RealPresence Resource Manager user interface, go to Endpoint > Dynamic
Management > Provisioning Rules.
• Type: Site
• Attribute: Site
• Operator: =
7 Click OK.
8 Click Endpoint Provisioning Profile from the left panel.
Procedure
1 From the RealPresence Resource Manager user interface, go to Network Topology > Site-
Links.
2 In the Site-Links page, click Add .
3 Add a site link to connect the RealPresence Access Director system with the internet/VPN.
4 Click OK.
5 Follow the same steps to link RealPresence Access Director system to other Sites.
Related Topics
Configuring Certificate
You must install security certificate on the RealPresence DMA.
Related Topics
Procedure
1 Go to Admin > Server > Certificates.
2 In the Actions list, select Create Certificate Signing Request.
3 Enter the identifying information for your Polycom RealPresence DMA system as described in
the following table.
Depending on the certificate authority, your CSR may be submitted via email or by pasting into a
web page.
6 Click OK.
Related Topics
Configuring Certificate
Request a Certificate
You can request a certificate from a third-party Certificate Authority.
Procedure
1 Navigate to the Certificate Authority and click Request a Certificate.
Configuring Certificates
Related Topics
Configuring Certificate
Related Topics
Related Topics
Configuring Certificates
Related Topics
Configuring Certificates
Related Topics
Procedure
1 When you receive your certificates, return to Admin > Server > Certificates.
2 In the Actions list, select Add Certificates.
3 In the Add Certificates dialog, do one of the following:
• If you have a PFX, P7B, or single certificate file, click Upload certificate, enter the
password (if any) for the file, and browse to the file or enter the path and file name.
• If you have PEM-format text, copy the certificate text, click Paste certificate, and paste it
into the text box below. You can paste multiple PEM certificates one after the other.
4 Click OK.
5 Click Restart to Apply Saved Changes, and when asked to confirm that you want to restart the
system so that certificate changes can take effect, click OK.
Related Topics
Configuring Certificate
Procedure
1 In Windows Server, add the service account (read-only user account) that the RealPresence
DMA system will use to read the Active Directory. Configure this account as follows:
• User can only access services on the domain controllers and cannot log in anywhere.
• For Domain\Enterprise directory user ID, enter the domain and user ID of the account
you created in 1.
• For Enterprise directory user password, enter the password of the account you created
in 1.
If the value is telephoneNumber, make sure the Telephone number field is populated in
Active Directory for the user.
Procedure
1 Go to Integrations > MCU.
2 In the Actions list, click Add.
3 In the Add MCU dialog, complete the editable fields, described in the following table.
Field Description
Related Topics
Procedure
1 Go to Service Config > Conference Manager Settings > MCU Pools.
2 In the Actions list, click Add.
3 In the Add MCU Pool dialog, enter the following required information.
4 Click OK.
The new MCU pool appears in the MCU Pools list. The MCUs included in the pool is displayed.
Related Topics
Procedure
1 Go to Service Config > Conference Manager Settings > MCU Pool Orders.
2 In the Actions list, click Add.
3 In the Add MCU Pool dialog, complete the following fields. All are mandatory.
Field Description
4 Click OK.
Related Topics
When the RealPresence DMA system uses a standalone template for a conference, the system sends
the specific properties to the MCU instead of pointing to one of the MCU’s conference profiles.
Procedure
1 Go to Service Config > Conference Manager Settings > Conference Templates.
2 In the Actions list, click Add.
3 Specify the Common Settings based on the field descriptions in the following table:
Name Clariti-AVC-2048-HD
Advanced Settings
Encrypt when possible — Endpoints
Encryption supporting encryption join encrypted; others
join unencrypted.
Interval (seconds) 30
5 Specify the Polycom MCU Video Quality based on the field descriptions in the following table:
7 Specify the Polycom MCU Audio Settings based on the field descriptions in the following
table:
9 Specify the Polycom MCU Site Names based on the field descriptions in the following table.
Font size 12
Color White font on red background
Horizontal position 0
Vertical position 0
Background transparency 50
10 Optional: Specify the Polycom MCU Recording based on the field descriptions in the following
table. You can skip the step if no RealPresence Media Suite in your environment.
11 Specify the Polycom MCU Indications based on the field descriptions in the following table:
After you configure a conference template, the template is added to the conference templates
list.
Related Topics
Procedure
1 Go to Service Config > Conference Manager Settings > Conference Settings.
Field Description
Default conference room territory Select the territory, which is used most
frequently for VMR.
Default MCU pool order Default MCU pool order used by the system.
Default conference duration Set to unlimited.
Related Topics
Procedure
1 Navigate to User > Users.
2 Select a user from the list.
3 In the Actions list, click Manage Conference Rooms.
5 In the Add Conference Room dialog, edit the General Settings fields in the following table as
required. You can update the other fields or keep them in default.
6 Optional: In the Add Conference Room dialog, edit the Passcodes and Aliases fields in the
following table as required.
7 Click OK.
You can check the new VMR from the room list.
Related Topics
Configuring RealPresence DMA
The default value for Directory attribute is telephoneNumber, you can keep the value or
update it if you have other attribute for your Active Directory users.
2 Login RealPresence DMA using an enterprise user who has the Administrator role.
After RealPresence DMA integrated with Active Directory server, the user used for the
integration has administrator role.
3 Go to User > Users.
4 Click , and select one domain and click Search.
If the enterprise user has Telephone Numbers configured on Active Directory server, an
enterprise conference room number is listed in the Conference Rooms.
Related Topics
Configuring RealPresence DMA
Fields Description
Fields Description
Procedure
1 Go to Admin > Server > Signaling Settings.
2 Select Enable WebRTC signaling.
3 Click Update.
Related Topics
Procedure
1 From the RealPresence DMA user interface, go to Service Config > Call Server Settings.
2 Go to H.323 Settings.
3 Set Routed call mode to Gatekeeper call mode.
Related Topics
Collaboration Servers can be used as a standalone devices to run voice and video conferences or
used as part of a RealPresence Clariti solution provided by Polycom.
Procedure
1 Connect to RealPresence Collaboration Server through RMX Web Client/RMX Manager
application.
2 Go to RMX Management > Rarely Used > IP Network Services.
3 Double click the Default IP Service from the IP Network Services page.
Refresh Registration every __ seconds The frequency with which the system
informs the gatekeeper that it is active by re-
sending the IP address and aliases of the IP
Note
• It is recommended to use
default settings.
• This is a re-registration
and not a ‘keep alive’
operation – an alternate
gatekeeper address may
be returned.
Aliases
Related Topics
• First mandatory IP Network service is used for either a generic or a Microsoft service.
• Second optional IP Network service is used for the WebRTC service. The WebRTC service is
configured through RealPresence Collaboration Server, Virtual Edition, but all WebRTC
functions are processed on a modular MCU.
Procedure
1 In the RealPresence Collaboration Server (RMX) web browser, in the RealPresence
Collaboration Server Management pane, expand the Rarely Used list and click IP Network
Services.
2 In the IP Network Services pane, click New IP Service.
3 Set the IP configuration for WebRTC in IP tab.
• The STUN and TURN IPs are RealPresence Access Director external address.
• The TURN Server User Name and TURN Server Password must be the same as the
configuration in RealPresence Access Director.
Related Topics
4 Select IP Network Service for Network Service Name and CSR for Certificate Method.
5 Click Create Certificate Request.
Request a Certificate
You can request a certificate from a third-party Certificate Authority.
Procedure
1 Navigate to the Certificate Authority and click Request a Certificate.
Configuring Certificates
Related Topics
Configuring Certificate
Related Topics
Related Topics
Configuring Certificates
Related Topics
Configuring Certificates
Related Topics
Install Certificates
This section shows you how to install the chain certificates.
Procedure
1 Open the certificate file and copy the certificate content.
2 In the RMX web client, go to Setup > RMX Secured Communication > Certification
Repository > Personal Certificates.
Procedure
1 Go to Setup > System Configuration > System Configuration.
4 Click OK.
5 Set the value of NUM_OF_INITIATE_HELLO_MESSAGE_IN_CALL_ESTABLISHMENT
system flag to 3 for NAT Firewall deployment.
Related Topics
Procedure
Parameter Description
• H.323
Type
• SIP
If the recording link does not define the VRR, enter the RealPresence Media Suite E.164 that
registers to RealPresence DMA in the Alias Name. The default VRR is used for recording.
Related Topics
• Network Interface Card. TheRealPresence Access Director system must have four network
interface cards (NICs) defined on the virtual machine. Even if the RealPresence Access Director
system’s network interfaces are configured so that some NICs remain unused, the NICS should
NOT be removed.
Related Topics
Configuring RealPresence Access Director
Related Topics
Note If installing a Hyper-V version, you must use the Copy option.
Procedure
1 Refer to the documentation for your virtual environment tools for instructions on installing a
virtual instance.
2 Install an instance of the RealPresence® Resource Manager, Virtual Edition system.
3 Assign a static IP address to the instance using the console if your VM environment does not
use DHCP.
4 Add the instance to the RealPresence Platform Director system.
Related Topics
Note During installation and initial network configuration, you need to assign one static IP
address to the management interface (eth0). After installation is complete, you can
configure additional IP addresses for the other network interfaces from the RealPresence
Access Director web user interface.
Procedure
1 Power on the newly-installed VM.
2 Access the console.
3 Click in the console window and press Enter if necessary to see the login prompt.
• IP address
• Subnet Mask
• Default Gateway IP
Related Topics
For instructions on how to add a system instance in the RealPresence Resource Manager system, see
the RealPresence Resource Manager System Operations Guide.
Related Topics
• IPv4 Address: the static or DHCP-assigned IP address of the virtual instance of the
RealPresence® Resource Manager system.
◦ If you use a DHCP-assigned IP address, you must assign a static IP address when you
access the RealPresence® Resource Manager web user interface for the first time. After
you assign a static IP address, the DHCP IP address cannot be used.
• IPv4 Subnet Mask: the subnet mask for the RealPresence® Resource Manager system's static
IP address.
• IPv4 Default Gateway: the IP address of the gateway used to route network traffic outside the
subnet.
Procedure
1 In the RealPresence® Resource Manager user interface, go to Admin > Network Settings.
2 Click Configure Network Settings, then complete the following fields:
• If you assigned a static IP address when you installed your system, confirm the IPv4
Address is correct.
Settings Field
• External signaling IP
SIP/H.323 Settings
• Internal signaling IP
• External relay IP
Media Relay
• Internal relay IP
Related Topics
• Client date and time: In the upper right corner of the Time Settings window, next to your user
name, the system displays the date and time of your local machine. These values change only if
you revise the date and time on your local machine.
• Server time: Server Time (Refresh every 10 seconds) indicates the server time. If you change
the System time zone or Manually set the system time (not recommended), the Server Time
(Refresh every 10 seconds) field displays the correct server time.
Procedure
1 Go to Admin > Time Settings.
2 Complete the following fields as needed:
3 Click Update.
Related Topics
Configuring Certificates
The RealPresence Access Director system uses X.509 certificates in different ways.
• When you log into the RealPresence Access Director system's user interface from your browser,
the RealPresence Access Director system offers an X.509 certificate to identify itself to your
browser client.
• When a client sets up an HTTPS, LDAP, or XMPP connection with access proxy, the
RealPresence Access Director system offers an X.509 certificate to identify itself.
• When a client sends SIP messages with TLS transport, the RealPresence Access Director
system offers an X.509 certificate to identify itself.
• When the RealPresence Access Director system connects to another RealPresence Access
Director system or other session border controller (SBC) for a SIP enterprise-to-enterprise call,
the RealPresence Access Director system presents its certificate to the other system to identify
itself.
Procedure
1 Go to Admin > Certificates.
Request a Certificate
You can request a certificate from a third-party Certificate Authority.
Procedure
1 Navigate to the Certificate Authority and click Request a Certificate.
Configuring Certificates
Related Topics
Configuring Certificate
Related Topics
Related Topics
Configuring Certificates
Related Topics
Configuring Certificates
Related Topics
Procedure
1 Go to Admin > Certificates > Add Certificates.
2 Click Upload certificate and browse to the file.
Related Topics
Configuring Certificates
Required Ports
This section describes the specific ports or dynamic port ranges to configure on your RealPresence
Access Director system and correspondingly on your firewall. The port information is organized based
on the different functions, or services, that the RealPresence Access Director system supports.
The dynamic source and destination port ranges listed here specify the allowable port ranges for
communication between the RealPresence Access Director system and other systems and devices
inside or outside of your enterprise network. The actual port ranges for your system depend on the
number of calls on your license.
A port range for a specific function (for example, LAN-side SIP signaling) indicates the number of ports
for that function that must be available to accommodate the number of calls on your system license.
You can change the beginning port ranges (within certain parameters) if necessary. If you do so, the
Note The specific ports and port ranges configured in the RealPresence Access Director
system must match the ports configured on your firewall. If you change any port settings
within the system, you must also change them on your firewall.
Related Topics
Management Access
The RealPresence Access Director system provides a web-based user interface to access, configure,
and manage the system. Polycom suggests that you enable one interface as the management
interface, segregated from WAN-accessible traffic. For greater security, Polycom recommends that you
enable SSH and web access to the RealPresence Access Director system management interface only
from authorized network segments. We also recommend that you disable SSH and web access from
the WAN by creating explicit deny rules for these traffic types.
To support certain functions in the RealPresence Access Director system, connectivity is required
between the management interface and the following external systems (servers):
• Syslog
• DNS
• SNMP
The following table lists the required ports and transport protocols to access the system’s web-based
user interface and to establish connections between the RealPresence Access Director system and
external services. The table also lists access information to manage the RealPresence Access Director
system from the WAN, if desired.
Manager
system
RealPre
Connection from the
RealPrese sence
Ping Polycom RealPresence
nce Access
service Resource Manager
Resource Director
- (ICMP - system to the
Manager system
type: RealPresence Access
system IP manage
8,code:0) Director system instance
address ment IP
status monitoring.
address
IP address
RealPre
of the host
sence
sending
Access Connection from the LAN
an SNMP
UDP or Director SNMP server to the
request to >1023 161
TCP system RealPresence Access
the
manage Director system (for
RealPrese
ment IP monitoring)
nce
address
Access
RealPrese
IP
nce
address
Access Connection from the
of
Director RealPresence Access
123 UDP external 123
system Director system to the
NTP
managem public NTP server
server, if
ent IP
in use
address
RealPrese
IP
nce
address
Access Connection from the
of the
Director 60001– RealPresence Access
TCP OCSP 8080, 80
system 64000 Director system to the
respond
managem public OCSP responder
er, if in
ent IP
use
address
RealPrese
nce
IP
Access Connection from the
address
Director 60001– RealPresence Access
UDP of the 53
system 64000 Director system to the
DNS
managem DNS server
server
ent IP
address
IP StartTLS encrypted or
RealPrese address unencrypted (TCP)
nce of the connection from the
Access LAN- RealPresence Access
Director 60001– based Director system to the
TCP 389
system 64000 Microsoft LAN-based Microsoft
managem Active Active Directory server
ent IP Directory
address server, if This connection is
in use optional.
IP
RealPrese address Encrypted connection
nce of the from the RealPresence
Access LAN- Access Director system to
Director 60001– based the LAN-based Microsoft
TLS 636
system 64000 Microsoft Active Directory server
managem Active
ent IP Directory This connection is
address server, if optional.
in use
RealPrese
Connection from the
nce IP
RealPresence Access
Access address
Director system to the
Director 60001– UDP or of the
514, 10514 syslog server
system 64000 TCP syslog
managem server, if
This connection is
ent IP in use
optional.
address
IP address
of the
WAN-
based PC
RealPre HTTPS connection from a
using a
sence WAN-based PC to the
browser to
Access RealPresence Access
access the
Director Director system’s web
RealPrese
Any TCP system 8443 user interface used to
nce
public manage the system
Access
manage
Director
ment IP This connection is
system
address optional.
web
(managem
ent) user
interface
IP address
RealPre
of the host Access to the command
sence
managing line interface (CLI) of the
Access
the RealPresence Access
Director
RealPrese Director system using
Any TCP system 22
nce SSH
public
Access
manage
Director This connection is
ment IP
system optional.
address
using SSH
Related Topics
Required Ports
Note If your firewall has a SIP function that enables it to intercept and alter SIP messaging (for
example, SIP ALG), you must disable the service. If not disabled, the service may cause
call failures due to rewriting of port or IP address information.
Table 1. SIP Signaling Ports for the WAN and RealPresence Access Director System
remote user’s
SIP client
Table 2. SIP Signaling Ports for the LAN and RealPresence Access Director System
Connection
IP address of from the
RPAD the LAN- RPAD system
internal based SIP to the LAN-
5070 UDP 5060
signaling IP registrar based SIP
address (DMA registrar
system) (DMA
system)
SIP (TCP
5060) and
SIP TLS
IP address of (TCP 5061)
RPAD the LAN- connection
internal based SIP from the
13001–15000 TCP 5060–5061
signaling IP registrar RPAD system
address (DMA to the LAN-
system) based SIP
registrar
(DMA
system)
Connection
IP address of from the
RPAD
the LAN- LAN-based
system
based SIP SIP registrar
5060 UDP internal 5070
registrar (DMA
signaling IP
(DMA system) to
address
system) the RPAD
system
IP address of 36000-61000 TCP RPAD 5070–5071 SIP (TCP
the LAN- system 5070) and
based SIP internal SIP TLS
registrar signaling IP (TCP 5071)
(DMA address connection
system) from the
LAN-based
SIP registrar
(DMA
system) to
the RPAD
system
Related Topics
Required Ports
H.323 Signaling
H.323 signaling enables registration, calling, and neighboring functions for endpoints that use the H.
323 protocol. H.323 signaling can be used for remote, guest, and federated or neighbored B2B calls.
Note If your firewall has an H.323 function that enables it to intercept and alter H.323
messaging, for example, H.323 ALG, you must disable the service. If not disabled, the
service may cause call failures due to rewriting of port or IP address information.
Table 1. H.323 Signaling Ports for the WAN and RealPresence Access Director System
H.225
registration
RealPresenc request from
e Access a remote
IP address of
Director endpoint to
external H. >1023 UDP 1719
system public the
323 device
signaling IP RealPresenc
address e Access
Director
system
Inbound H.
225 Location
Public RealPresenc
ReQuest
signaling IP e Access
(LRQ) to the
address of Director
>1023 UDP 1719 RealPresenc
the other system public
e Access
enterprise signaling IP
Director
system address
system
(suggested)
H.225
RealPresenc connection
e Access from the
IP address of
Director WAN to the
external H. >1023 TCP 1720
system public RealPresenc
323 device
signaling IP e Access
address Director
system
H.245
RealPresenc connection
e Access from the
IP address of
Director WAN to the
external H. >1023 TCP 10001–13000
system public RealPresenc
323 device
signaling IP e Access
address Director
system
H.225
RealPresenc connection
e Access from the
IP address of
Director RealPresenc
10001–13000 TCP external H. 1720
external e Access
323 device
signaling IP Director
address system to the
WAN
H.245
RealPresenc connection
e Access from the
IP address of
Director RealPresenc
10001–13000 TCP external H. >1023
external e Access
323 device
signaling IP Director
address system to the
WAN
H.225
gatekeeper
neighboring
connection
RealPresenc Public
from the
e Access signaling IP
RealPresenc
Director address of
1719 UDP 1719 e Access
external the other
Director
signaling IP enterprise
system to the
address system
other
enterprise
system, if
needed
Table 2. H.323 Signaling Ports for the LAN and RealPresence Access Director System
H.225 RAS
connection
for H.323
remote user
registrations
IP address of
RealPresenc from the
LAN-based
e Access RealPresenc
H.323
Director e Access
1719 UDP gatekeeper 1719
internal Director
(RealPresenc
signaling IP system to the
e DMA
address LAN-based
system)
H.323
gatekeeper
(RealPresenc
e DMA
system)
H.225
gatekeeper
neighboring
connection
from the
IP address of
RealPresenc RealPresenc
LAN-based
e Access e Access
H.323
Director Director
1719 UDP gatekeeper 1719
internal system to the
(RealPresenc
signaling IP LAN-based
e DMA
address H.323
system)
gatekeeper
(RealPresenc
e DMA
system), if
needed
RealPresenc 10001–13000 TCP IP address of 1720 H.225
e Access LAN-based connection
Director H.323 from the
internal gatekeeper RealPresenc
signaling IP (RealPresenc e Access
address e DMA Director
system) system to the
LAN-based
H.323
gatekeeper
(RealPresenc
e DMA
system)
H.225
connection
from the
RealPresenc
e Access
Director
RealPresenc
system to the
e Access
IP address of LAN-based
Director
10001–13000 TCP LAN-based 1720 H.323 device
internal
H.323 device (with the
signaling IP
RealPresenc
address
e DMA
system in
Direct mode,
no need for
the Routed
mode.)
H.245
connection
from the
IP address of RealPresenc
RealPresenc
LAN-based e Access
e Access
H.323 Director
Director
10001–13000 TCP gatekeeper 36000–61000 system to the
internal
(RealPresenc LAN-based
signaling IP
e DMA H.323
address
system) gatekeeper
(RealPresenc
e DMA
system)
H.245
connection
from the
RealPresenc
e Access
Director
RealPresenc
system to a
e Access
IP address of LAN-based
Director
10001–13000 TCP LAN-based >1023 H.323 device
internal
H.323 device (with the
signaling IP
RealPresenc
address
e DMA
system in
Direct mode,
no need for
the Routed
mode)
IP address of RealPresenc H.225 RAS
1719 UDP 1719
the LAN- e Access connection
Related Topics
Required Ports
Access Proxy
The RealPresence Access Director system access proxy feature provides reverse proxy services for
external users. Based on your system configuration, when access proxy receives a request from an
external user, it accepts the request and sends a new request on behalf of the user to the appropriate
application server.
Access proxy routes communication requests based on the type of target application server:
• HTTPS_proxy: HTTPS servers that provide management services, such as provisioning for the
RealPresence Access Director system and endpoints (Polycom® RealPresence® Resource
Manager system), and web-based video conferencing services (RealPresence Web Suite).
• LDAP_proxy: LDAP servers that provide directory services for remote (authorized) users.
• XMPP_proxy: XMPP servers that provide message, presence, or other XMPP services for
remote (authorized) users.
• HTTP tunnel proxy: An HTTP tunnel proxy enables RealPresence Web Suite SIP guest users
to attend video conferences in an enterprise’s Web Suite Experience Portal. Due to restrictive
firewall rules, if a Web Suite client cannot establish a native SIP/RTP connection to a video
Table 1. Access Proxy Ports for the WAN and the RealPresence Access Director System
Public IP HTTPS
address of connection
the from the
RealPresenc WAN to the
IP address of
e Access RealPresenc
external >1023 TCP 443
Director e Access
client
system’s Director
external system to
access proxy sign in for
IP address provisioning
TLS-
Public IP encrypted or
address of unencrypted
the encrypted
RealPresenc (TCP) LDAP
IP address of
e Access connection
external >1023 TCP 389
Director from the
client
system’s WAN to the
external RealPresenc
access proxy e Access
IP address Director
system
Public IP
address of XMPP
the connection
RealPresenc from the
IP address of
e Access WAN to the
external >1023 TCP 5222
Director RealPresenc
client
system’s e Access
external Director
access proxy system
IP address
IP address of Public IP HTTPS web
external address of connection
RealPresenc >1023 TCP the 443 from the
e Web Suite RealPresenc WAN to the
browser e Access RealPresenc
the internal
systems.
Table 2. Access Proxy Ports for the LAN and the RealPresence Access Director System
HTTPS
connection
from the
RealPresenc
IP address of e Access
the LAN- Director
based system to the
RealPresenc
provisioning LAN-based
e Access
server that provisioning
Director
60001–64000 TCP provisions 443 server that
internal
the provisions
access proxy
RealPresenc the
IP address
e Access RealPresenc
Director e Access
system Director
system
This
connection is
optional.
HTTPS
connection
from the
IP address of
RealPresenc RealPresenc
the LAN-
e Access e Access
based
Director Director
30001–60000 TCP management 443
internal system to the
server that
access proxy LAN-based
provisions
IP address provisioning
the endpoints
server that
provisions
the endpoints
LDAP
RealPresenc IP address of
connection
e Access the LAN-
30001–60000 TCP 389 from the
Director based LDAP
RealPresenc
internal server
e Access
Related Topics
Required Ports
Media
The RealPresence Access Director system enables media traffic (audio, video, and content) to
traverse the firewall during video conferencing calls.
Table 1. Media Ports for the WAN and the RealPresence Access Director System
Table 2. Media Ports for the LAN and the RealPresence Access Director System
Inbound
media traffic
RealPresenc
from the
e Access Any LAN-
RealPresenc
Director based video
40002–50001 UDP >1023 e Access
internal conferencing
Director
media IP device
system to the
address
LAN-based
video device
Outbound
media traffic
RealPresenc from the
IP address of e Access LAN-based
the LAN- Director video
based video >1023 UDP system 40002–50001 conferencing
conferencing internal device to the
device media IP RealPresenc
address e Access
Director
system
Inbound
RealPresenc IP address of
BFCP
e Access LAN-based
16001–17000 TCP >1023 content from
Director RealPresenc
the
internal e
RealPresenc
Related Topics
Required Ports
TURN Server
The RealPresence Access Director system can act as a TURN server to enable firewall and NAT
traversal of UDP media traffic between WebRTC-enabled clients.
Table 1. TURN Ports for WAN and LAN-based WebRTC Endpoints and the TURN Server
The port is
used only to
establish a
TURN
session.
Note
T
h
e
R
e
a
l
P
r
e
s
e
n
c
e
A
c
c
e
s
s
D
i
r
e
c
t
o
r
s
y
s
t
e
m
p
u
b
l
i
c
s
i
g
n
a
l
i
n
g
I
P
a
Printed from Polycom, Inc. (http://documents.polycom.com) Page 165d
d
r
e
s
s
SRC IP SRC Port Protocol DST IP DST Port Description
Allocation
response
from the
RealPresenc
TURN server
e Access IP address of
65370-65379 to an external
Director external
UDP >1023 WebRTC
system public WebRTC
Default: 3478 client. The
signaling IP client
response
address
establishes
the TURN
session.
Allocation
response
RealPresenc from the
e Access TURN server
IP address of
Director 65370-65379 to an internal
internal
system UDP >1023 WebRTC
WebRTC
external Default: 3478 client. The
client
signaling IP response
address establishes
the TURN
session.
Inbound
RealPresenc 32768–65535
media traffic
IP address of e Access
from an
external Director (Default
>1023 UDP external
WebRTC system public range:
WebRTC
client signaling IP 49152-65535
client to the
address )
TURN server.
RealPresenc Inbound
32768–65535
e Access media traffic
IP address of
Director from an
internal (Default
>1023 UDP system internal
WebRTC range:
external WebRTC
client 49152-65535
signaling IP client to the
)
address TURN server.
Outbound
RealPresenc 32768–65535
media traffic
e Access IP address of
relay from the
Director (Default external
UDP >1023 TURN server
system public range: WebRTC
to an external
signaling IP 49152-65535 client
WebRTC
address )
client
RealPresenc Outbound
e Access media traffic
UDP IP address of >1023
Director 32768–65535 relay from the
internal
system TURN server
Related Topics
Required Ports
Provisioning of the RealPresence Access Director system is optional. If not provisioned, you must
manually configure all system settings.
Related Topics
The RealPresence Access Director system is configured with three default reverse proxies that route
communication requests based on the type of target application server:
In addition to the default proxies, the RealPresence Access Director system supports the following
proxy configurations:
• HTTP tunnel proxy–An HTTP tunnel proxy enables SIP guest users to attend web-based video
conferences hosted by an enterprise’s RealPresence Web Suite. Due to restrictive firewall rules,
if a SIP guest client cannot establish a native SIP/RTP connection to a Web Suite video
conference, the RealPresence Access Director system can act as a web proxy to tunnel the SIP
call on port 443. Once the SIP guest client is connected to a meeting, the RealPresence Access
Director system continues to tunnel TCP traffic, including SIP signaling, media, and Binary Floor
Control Protocol (BFCP) content.
The default proxies may be edited or you can add new proxies for various internal application servers.
When you configure the proxies, you must specify an external IP address and an external listening port
for access proxy. Based on the network settings you configured, you may have external access proxy
services assigned to more than one network interface. You can reuse an external IP address but the
port, in most cases, must be unique for each proxy configuration that uses the same external IP
address. For example, if you create two proxy configurations for LDAP directory services, the
combined external IP address for access proxy and the external listening port cannot be the same for
both LDAP proxy configurations.
If you create an HTTP tunnel proxy, both the HTTP tunnel proxy and the default HTTPS_proxy can use
port 443 on the same external access proxy IP address.
The following examples show some possible external IP address and port combinations.
Table 1. Example 1
Table 2. Example 2
If a RealPresence Resource Manager system and RealPresence Web Suite integrate with the
RealPresence Access Director, the HTTPS proxy must be configured for the RealPresence Resource
Manager system and RealPresence Web Suite. LDAP proxy and XMPP proxy must be configured for
the RealPresence Resource Manager system.
Procedure
1 Go to Configuration > Access Proxy Settings.
2 Under Actions, click Add.
3 In the Step 1 of 2: Protocol Selection window, select the Protocol for the new proxy and click
Next.
4 In the Step 2 of 2: Detailed Settings window, configure the settings for the specific protocol of
the proxy, as described in the following sections:
Related Topics
When the RealPresence Access Director system is integrated with a RealPresence Resource Manager
system, access proxy enables remote endpoints to be provisioned and managed by the RealPresence
Resource Manager system. When the RealPresence Access Director system receives a login and
provisioning request from an external endpoint, it sends the request to the HTTPS provisioning server
configured within the RealPresence Resource Manager system.
When you configure the HTTPS Proxy settings, you can add multiple HTTPS next hops. For each next
hop, you must apply a filter that’s based on the HTTPS request message header received from the
endpoint. The RealPresence Access Director system uses the filter and other settings to send the
connection request to the correct internal HTTPS application server. Two filters are available:
• Request-URI–The next hop is based on the Request-URI in the message header received from
the endpoint. Use the Request-URI filter only when adding a next hop to a RealPresence
Resource Manager system.
• Host header–The next hop filter is based on the host information in the message header
received from the endpoint. Use a host header filter when creating the next hop for various
HTTPS application servers, including the RealPresence Web Suite Services Portal and
Experience Portal.
Procedure
1 Go to Configuration > Access Proxy Settings.
2 Under Actions, click Add.
3 In the Step 1 of 2: Protocol Selection window, select HTTPS from the Protocol list and click
Next.
Setting Description
Require client certificate from the remote When selected, access proxy requests and
endpoint verifies the client certificate from the remote
endpoint.
Setting Description
Type Request-URI
Name The unique name of this next hop
Related Topics
Procedure
1 Go to Configuration > Access Proxy Settings.
2 Under Actions, click Add.
3 In the Step 1 of 2: Protocol Selection window, select LDAP from the Protocol list and click
Next.
Setting Description
Related Topics
Procedure
1 Go to Configuration > Access Proxy Settings.
2 Under Actions, click Add.
3 In the Step 1 of 2: Protocol Selection window, select XMPP from the Protocol list and click
Next.
Setting Description
5 Click Done, and then click OK to confirm the configuration settings and restart the access proxy.
Related Topics
Note After you connect to a Polycom RealPresence Resource Manager system for
provisioning, you cannot update the provisioned information manually in the
RealPresence Access Director system until you disconnect.
Procedure
1 From the RealPresence Access Director user interface, go to Admin > Polycom Management
System.
2 Enter the Login Name, Password, and RealPresence Resource Manager IP address for the
RealPresence Access Director system user account for provisioning. Uncheck the Verify
certificate from internal server, and click Connect.
The login user is a local user that is created on RealPresence Resource Manager.
Note No certificates have been exchanged between the two servers so the verify
certificate from internal server box must be unchecked unless the certificate
exchange step has been completed in advance. Exchanging certificates provides
enhanced security and can be configured at any time in the future.
When connected, the RealPresence Resource Manager system automatically provisions the
RealPresence Access Director system.
Related Topics
Related Topics
Procedure
1 From the RealPresence Access Director user interface, go to Configuration > SIP Settings.
2 Select Enable SIP signaling.
3 Enter the RealPresence DMA FQDN or IP address in the SIP registrar (Next hop) address.
Related Topics
Prerequisite
The CIDR notations include the IP address and subnet of local network H.323 devices (for example,
the RealPresence DMA system gatekeeper, endpoints, and bridges).
Procedure
1 Go to Configuration > H.323 Settings.
2 Configure CIDR.
• If the Gatekeeper (Next hop) address is not specified by the RealPresence DMA
Supercluster FQDN, leave the CIDR empty.
• If the Gatekeeper (Next hop) address is specified by the RealPresence DMA Supercluster
FQDN, enter every IP address in the RealPresence DMA Supercluster in the CIDR.
Note The RealPresence DMA Gatekeeper call mode must be routed call mode.
Related Topics
Prerequisite
The HTTPS proxy is configured.
Add two next hops for RealPresence Web Suite Services Portal and Experience Portal.
Procedure
1 Go to Configuration > Access Proxy Settings.
2 Select HTTPS Proxy.
3 Under Actions, click Edit.
4 Under Next hops, click Add.
5 Configure the settings as described in the following table:
Setting Description
Related Topics
The HTTP tunnel proxy uses auto-discovery to ensure that a RealPresence Web Suite SIP guest call is
routed through the HTTP tunnel proxy when necessary. When a RealPresence Web Suite SIP guest
user attempts to join a meeting, auto-discovery determines if standard SIP and media ports are
available for the call. If not, the call is routed through the HTTP tunnel proxy.
You can configure both the default HTTPS_proxy and an HTTP tunnel proxy to use the same external
IP address and standard port 443. If you configure a port other than 443 as the external listening port
for HTTP tunnel proxy calls, these calls may fail if the network from which the SIP guest client calls
blocks outgoing traffic to other ports.
• The RealPresence Access Director system supports a maximum of 50 concurrent HTTP tunnel
calls. After a call ends, the system recycles the port allocation.
• Use of an HTTP tunnel proxy is not supported with two RealPresence Access Director systems
deployed in a tunnel configuration.
Procedure
1 Go to Configuration > Access Proxy Settings.
2 Under Actions, click Add.
3 In the Step 1 of 2: Protocol Selection window, select HTTP Tunnel from the Protocol list and
click Next.
Setting Description
Related Topics
The number of dynamic ports you specify for TURN media relay doesn’t necessarily map to the
number of calls that can be supported. The number of ports required to support all WebRTC calls
varies depending on whether the conference uses mesh mode or bridge mode. The allowable port
range is designed to accommodate a large number of licensed calls.
Polycom recommends that you use the default port range listed in the TURN Settings since the
number of allocations can vary for calls, but you can choose any port range within the allowable range.
The port range you configure must be configured on your firewall.
Note When you enable the TURN server for the first time, you must add at least one TURN
user in order for the TURN server to allow requests. If you disable the TURN server, all
TURN users are saved and will be available if you later re-enable the TURN server.
The TURN server is disabled by default for new installations of the RealPresence Access
Director system.
3 Use the information in the following table to configure the settings for your system. An asterisk
(*) indicates a required field.
Settings Field
Settings Field
Related Topics
Configure WebRTC
Configure Endpoints
You need to configure external endpoints with the following settings to receive SIP and H.323 calls if
they are not provisioned by RealPresence Resource Manager.
Procedure
• Enable H.460 traversal option for external endpoints receive H.323 call.
For Non-provisioned hard endpoints RealPresence Group Series, check the Enable H.460
Firewall Traversal checkbox from endpoint configuration UI.
Create Network Provisioning Profile for Endpoints That Connect to RealPresence Access Director
Configuring Certificates
The RealPresence Media Suite system supports using X.509 certificates (version 3 or earlier) for
authenticating the network connections.
Related Topics
Procedure
1 Log into RealPresence Media Suite Admin Portal.
2 Go to Configuration > Certificate Management.
Related Topics
Configuring Certificates
Request a Certificate
You can request a certificate from a third-party Certificate Authority.
Procedure
1 Navigate to the Certificate Authority and click Request a Certificate.
Configuring Certificates
Related Topics
Configuring Certificate
Related Topics
Related Topics
Configuring Certificates
Related Topics
Configuring Certificates
Related Topics
Procedure
1 Go to Configuration > Certificate Management.
2 Select Install Certificates.
3 Click Upload Certificate and click Add to browse to the certificate. Upload the selected
certificate, and enter your password if necessary.
Configuring Certificates
Prerequisite
Make sure the RealPresence Media Suite OVA file has been deployed successfully
You can according to the media storage capacity usage to plan your media storage.
Each 60-minute 512k call to RealPresence Media Suite requires about 450M storage (the 512k call
raw + the default mp4 VoD). For 1024k, the storage space is approximately double, which is 900M.
You cannot calculate an accurate ratio because the size also depends on the video quality.
Procedure
1 Add a hard disk in VMware vShpere.
a. Right click the virtual machine which you want to add hard disk to, and select Edit Settings.
2 Access the RealPresence Media Suite Admin Portal by its IP address or FQDN from a
compatible browser.
3 Go to Device > Device Manager.
• NFS Storage Folder: specify the folder path to the NFS storage.
Related Topics
Procedure
1 In the Web browser, enter the system's IP address in this format: http://<system IP
address>/admin or http://<FQDN>/admin.
2 Go to Configuration > Signaling Settings > H.323.
3 Select Register To Gatekeeper.
4 Configure the following settings.
System Prefix / E.164 Specify the E.164 number for the system.
System H.323 Alias Specify the H.323 alias for the system.
• If you need to configure both the H.323 Gatekeeper parameters and SIP
parameters at the same time, click OK after you finish the configuration of
both parameters.
Example
Procedure
1 Call the VMR from the endpoint to start a conference.
2 Connect to RealPresence Collaboration Server through RMX Web Client/RMX Manager
application.
3 In the Conferences pane, select the conference and click to start the recording.
Note You also can use DTMF code to start a recording from the endpoint.
When RealPresence Web Suite attendees join non-WebRTC meetings in the RealPresence Web Suite
Experience Portal, the system automatically downloads the Launcher.exe to attendees’ computers.
• If attendees don’t have the RealPresence Desktop software installed on their computers, the
attendees can allow the system to run the launcher. RealPresence Desktop software version
3.9.0 installs and launches to connect the attendees to the meeting.
• If attendees have the RealPresence Desktop software version 3.9.0 installed on the computer,
the attendees can allow the system to run the launcher. RealPresence Desktop software
launches to connect the attendees to the meeting.
• If attendees have a previous version (3.8.x and below) of RealPresence Desktop software
installed on their computers, the attendees must uninstall the previous version of RealPresence
Desktop software, then join the meeting from the web portal and install the latest RealPresence
Desktop software.
After the meeting connects, attendees can control meetings in the RealPresence Desktop software as
the RealPresence Web Suite soft client.
To establish secure, encrypted communication with users and verify the identity of the portal, you must
upload the following certificates:
• The signed public key certificate for the portal provided by the CA in response to the CSR. If the
CSR was created using a third-party tool, you must first upload the associated private key.
• Any root and intermediate certificates provided by the CA to establish the chain of trust.
For servers that require secure communication, such as the Enterprise Directory server, SMTP server,
and the RealPresence DMA system, upload that server public key certificate as a trust certificate.
Procedure
1 Log in to each portal with super admin credentials.
2 Navigate to Platform Settings > Certificate > Generate CSR/Certificate.
3 Enter the following information:
Field Description
Enter the name of your organization unit or the DBA name of your
Organizational Unit
organization.
Enter the two-letter ISO code for the country where your
Country
organization is located.
4 Click Generate.
5 Restart the portals.
Note Restarting web services will log out all users. The system remains inaccessible
until you restart the web services. Restart only during a maintenance window
when there is no activity on the system.
Related Topics
Procedure
1 Log in to the RealPresence Web Suite Services Portal or the RealPresence Web Suite
Experience Portal administration interface with super admin credentials.
2 Go to Platform Settings > Certificate > Certificate list.
3 Select webserver-csr and click View.
4 Copy the CSR starting from BEGIN CERTIFICATE REQUEST through END CERTIFICATE
REQUEST (include the leading and trailing dashes).
Related Topics
Configuring Certificates for RealPresence Web Suite
Request a Certificate
You can request a certificate from a third-party Certificate Authority.
Procedure
1 Navigate to the Certificate Authority and click Request a Certificate.
Configuring Certificates
Related Topics
Configuring Certificate
Related Topics
Related Topics
Configuring Certificates
Related Topics
Configuring Certificates
Related Topics
Procedure
1 Navigate to the Certificate Authority and click Download a CA certificate, certificate chain, or
CRL.
Procedure
1 Log in to the RealPresence Web Suite Services Portal with super admin credentials.
2 Go to Platform Settings > Certificate > Upload Certificate.
3 From the Type list, select the WebServer Own.
4 Click Browse to select the certificate for the service portal.
5 Click Upload.
Related Topics
Procedure
1 Log in to the RealPresence Web Suite Experience Portal with super admin credentials.
2 Go to Platform Settings > Certificate > Upload Certificate.
3 From the Type list, select the server certificate.
4 Click Browse to select the certificate for experience portal.
5 Click Upload.
Related Topics
The portals retrieve the default time for the instances from the host server, so if the host server time is
wrong, then the RealPresence Web Suite Services Portal scheduler can go out of sync.
Procedure
1 Log in to the RealPresence Web Suite Services Portal and RealPresence Web Suite
Experience Portal using super admin credentials.
2 Go to Platform Settings > Date Time.
3 In the Time Zone list, select the appropriate time zone for the system.
Related Topics
Related Topics
Before you add an Enterprise Directory user, confirm that the proper LDAP server is configured with
the correct values.
With LDAP authentication enabled, all users in the Enterprise Directory are granted access to the
RealPresence Web Suite Services Portal.
Fields Description
4 Click Update.
Related Topics
• When the users scheduled a meeting or have been invited to is updated or canceled
Procedure
1 Log in to the RealPresence Web Suite Services Portal using super admin credentials.
2 Go to Settings > Core Settings > SMTP.
3 Enter the following configuration settings.
Fields Description
Before configuring the portal settings, configure the web addresses of both portals using the
RealPresence Web Suite Services Portal.
Procedure
1 Log in to the RealPresence Web Suite Services Portal using super admin credentials.
2 Go to Settings > Core Settings > Server Settings.
3 Enter the FQDNs assigned to the IP address of the two portals.
Related Topics
Procedure
1 Log in to the RealPresence Web Suite Services Portal using super admin credentials.
2 Go to Settings > DMA Config.
3 Click +Another DMA and configure the following DMA Configuration settings:
Setting Description
Port The TCP port number used to communicate with the RealPresence
DMA system.
Admin Password The password for the RealPresence DMA admin user.
Select the check box to enter the starting and ending numbers of the
Generate VMR range to use for auto-generating random conference IDs (temporary
From Range RealPresence Web Suite VMRs).
For better security, specify a wide range such as 100000 to 999999.
Note When you restart both the RealPresence Web Suite portals and/or the
RealPresence DMA system, you must restart the RealPresence DMA system and
the RealPresence Web Suite Services Portal before you restart the RealPresence
Web Suite Experience Portal. Due to the way the RealPresence Web Suite
Experience Portal obtains its licensing information, if you start the RealPresence
Web Suite Experience Portal first, your RealPresence Web Suite system stops
working correctly.
Related Topics
Clients or endpoints connect to conferences through an access point. Add access points in the order
that you want the RealPresence Web Suite Services Portal to use them. For example, enter internal
access points first.
Procedure
1 Log in to the RealPresence Web Suite Services Portal using super admin credentials.
2 Go to Settings > DMA Config.
3 Click +Add Access Point and configure the following settings:
A name for this access point that describes its location or other
Location properties that distinguish it from other access points (such as transport
and authentication).
The transport protocol associated with the access point (SIP, TUNNEL,
Transport
H323, ISDN, or PSTN).
The dial string that an endpoint uses to dial this access point. The string
must be appropriate for the specified transport type.
Dial string For instance, for a SIP access point for callers outside the network,
enter the public FQDN used to access the system using the
RealPresence Access Director system.
Shared Access point is shared by all users. Use this option if SIP device
Auth Mode
authentication is not enabled on the RealPresence DMA system.
Related Topics
Procedure
1 Log in to the RealPresence Web Suite Services Portal using super admin credentials.
2 Navigate to Settings > DMA Config.
You can specify an existing pool order from down drop list.
5 Select the Conference Template you want to use from the drop-down list.
Related Topics
Related Topics
Procedure
1 In the RealPresence Web Suite Experience Portal administration interface, go to Conference >
General Settings.
When the administrator enables the Mute on Entry function, all attendees (except Chairperson)
when joining meetings from RealPresence Desktop will be muted by default.
6 Set secure and non-secure web addresses for RealPresence Web Suite Experience Portal.
Note that the terms external and internal for these settings do not see outside or inside the
network.
• Internal addresses Enables the RealPresence Web Suite Services Portal and
RealPresence Web Suite Experience Portal to communicate with each other on the
network.
Fields Description
Related Topics
Procedure
1 Set conference authentication rules.
a. Log in to the RealPresence Web Suite Experience Portal administration interface using
super admin credentials.
b. Go to Conference > Authentication.
c. Click and configure the following settings in the Match, Property, and Realm columns:
Fields Description
Property
b. SSOUsername Match the provided
regular expression against the
address of the RealPresence Web
Suite Services Portal.
The RealPresence Web Suite Experience Portal queries the RealPresence Web Suite Services
Portal to authenticate users logging in to it to join a conference.
Configure the settings for the authentication agent in the RealPresence Web Suite Experience
Portal to enable it to communicate with the RealPresence Web Suite Services Portal.
a. Expand Agents > Service Portal Authentication and configure the following settings:
Fields Description
Related Topics
Procedure
1 Log in to the RealPresence Web Suite Experience Portal administration interface using super
admin credentials.
2 Go to Conference > Conference.
3 Expand Agents > RealPresence DMA and configure the following settings:
Fields Description
Fields Description
d. Expand External Conference Template and specify the settings for each access point in
the RealPresence Web Suite environment.
These settings must match the settings for each access point set up in the RealPresence
Web Suite Services Portal.
Two sets of access point fields containing sample values are present by default. Edit those
for the first two access points.
Fields Description
e. To add another access point, click Add below Authentication Mode and complete the new
set of access point fields.
5 Click Apply.
Related Topics
To enable the sharing of content between HTML5 clients and standards-based clients, RealPresence
Web Suite Pro uses the Standards Connector function. The Standards Connector provides a gateway
function so that video-based content users can view enhanced content and vice-versa.
Procedure
1 Log in to the RealPresence Web Suite Experience Portal administration interface using super
admin credentials.
2 Go to Enhanced Content > Standards Connector.
3 Enter the correct password (the default password is ecsparticipant) for the ecsparticipant
system user.
Related Topics
Configure WebRTC
Prerequisite
Before enabling the RealPresence Web Suite Experience Portal for WebRTC support, ensure that you
have completed the following:
• Basic configuration of the RealPresence Web Suite portals is complete, including Enhanced
Content.
Procedure
1 Log in to the RealPresence Web Suite Experience Portal using super admin credentials.
2 Go to Conference > Conference.
3 Expand Agents > WebRTC > Settings and configure the following settings:
Polycom strives to support any system that is standards-compliant and investigates reports of Polycom
systems that are not interoperable with other vendor systems. Note that the following list is not a
complete inventory of compatible equipment, but the products that have been tested with this release.
Note Polycom recommends that you upgrade all of your Polycom systems with the latest
software versions. Any compatibility issues may already have been addressed by
software updates. Refer to Polycom Service Policies at http://support.polycom.com/
content/support/service_policies.html to see the Current Polycom Interoperability Matrix.
recording indication
switches back and
forth between
Recording started.
and Recording
stopped. on the client.
After joining a VMR
conference,
RealPresence
Desktop as the
RealPresence Web
Suite soft client on the
Microsoft Surface
Manually mute the
RealPresence Book may display
EN-42819 RealPresence
Desktop Unmute icon while
Desktop.
Mute on Entry
enabled is selected
on the RealPresence
Web Suite
Experienced Portal
administration
interface.
Sometimes, some
participants may be
RealPresence Web missing from the No workaround for
CAXIS-14079
Suite roster list of this issue.
RealPresence Web
Suite client.
Sometimes, when
external
RealPresence
Desktop as the
RealPresence Web
RealPresence Web No workaround for
CAXIS-14263 Suite soft client joins
Suite this issue.
a VMR conference via
VEQ, the roster and
content button of
RealPresence
Desktop are inactive.