Polycom Realpresence Clariti Advanced Solution Guide 9-23-2018

Polycom Documentation
Copyright © 2018, Polycom, Inc. All rights reserved. No part of this document may be reproduced, translated into
another language or format, or transmitted in any form or by any means, electronic or mechanical, for any purpose,
without the express written permission of Polycom, Inc
6001 America Center Drive
San Jose, CA 95002
USA
Printed from Polycom, Inc. (http://documents.polycom.com)

1. Copyright and Trademark. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
2. Polycom RealPresence Clariti Solution Overview. . . . . . . . . . . . . . . . . . . . . . . . . 8
3. Planning the RealPresence Clariti Solution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
RealPresence Clariti Solution Architecture. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
RealPresence Clariti Solution Use Case. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
Company Network Introduction. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
Scheduling a Meeting. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
Connecting to Meetings. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
RealPresence Clariti Solution Components. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
Preparing for System Installation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
4. RealPresence Clariti Solution Software Installation and Network Configuration.
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
5. Configuring RealPresence Resource Manager. . . . . . . . . . . . . . . . . . . . . . . . . . 22
Configuring Certificates. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
Create a Certificate Signing Request. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
Request a Certificate. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
Install the Certificate. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
Integrating with an Enterprise Directory. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28
Prestage Machine Account for RealPresence Resource Manager. . . . . . . . . . . . . . . . . 29
Integrate with the Enterprise Directory Server. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
Integrate with RealPresence DMA. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
Configure the Mail Server. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
Site Topology Setup. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34
Add a Site. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
Add a Site Link. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40
Add a Network Cloud. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
Add a Territory. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45
Working with Provisioning Profiles. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47
Configure Network Provisioning Profile. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47
Configure Admin Config Provisioning Profile. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51
Add a Provisioning Rule. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52
Auto-Generate SIP URI. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55
Configure E.164 Numbering. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56
Add a User. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57
Provision Endpoint. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58
Configuration for RealPresence Access Director Integration. . . . . . . . . . . . . . . . . 61
Add RealPresence Access Director to the RealPresence Resource Manager Network
Device List. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61
Define a New Site in the RealPresence Resource Manager. . . . . . . . . . . . . . . . . . . . . . 63
Printed from Polycom, Inc. (http://documents.polycom.com) Page 2
Create RealPresence Access Director Provisioning Profiles. . . . . . . . . . . . 65
Create Network Provisioning Profile for Endpoints That Connect to
RealPresence Access Director. . . . . . . . . . . . . . . . . . . . . . . . . . . . 68
Create Provisioning Rule. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72
Configure Site Links to Connect RealPresence Access Director Site with
Existing Topology. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75
6. Configuring RealPresence DMA. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77
Configuring Certificate. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77
Create a Certificate Signing Request. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77
Request a Certificate. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78
Install the Certificate. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81
Integrate with the Microsoft Active Directory. . . . . . . . . . . . . . . . . . . . 82
Integrate with MCU. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85
Add an MCU Pool. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 86
Add an MCU Pool Order. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88
Configure Conference Template with 2048 kbps Line Rate. . . . . . . . . 89
Configure Conference Settings. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97
Add Conference Rooms. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99
Edit Personal VMR. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 102
Create Virtual Entry Queue. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 104
Enable WebRTC Signaling. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 107
Configure the RealPresence DMA Gatekeeper Call Mode. . . . . . . . . 107
7. Configuring RealPresence Collaboration Server. . . . . . . . . . . . . . . 109
Configure Gatekeeper and SIP Server. . . . . . . . . . . . . . . . . . . . . . . . 109
Configure Soft MCU for WebRTC. . . . . . . . . . . . . . . . . . . . . . . . . . . . 113
Configuring Certificates on the RealPresence Collaboration Server. 115
Generate a Certificate Request. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 115
Request a Certificate. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 117
Install Certificates. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 120
Configure System Flag. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 121
Define Recording Links from RealPresence Collaboration Server. . . 123
8. Configuring RealPresence Access Director. . . . . . . . . . . . . . . . . . . 127
RealPresence Access Director Considerations. . . . . . . . . . . . . . . . . 127
RealPresence Access Director Installation and Network Configuration.
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 127
Install the RealPresence Resource Manager System Software Using Your
Virtual Environment Tools. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 128
Assign a Static IP Address. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 128

License Your System with RealPresence Resource Manager. . . . . . . . . . 130
Virtual Edition Initial Configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 131
Configure Time Settings. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 135
Configuring Certificates. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 137
Create a Certificate Signing Request. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 138
Install the Certificate. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 144
Required Ports. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 145
Management Access. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 146
SIP Signaling. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 150
H.323 Signaling. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 152
Access Proxy. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 157
Media. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 161
TURN Server. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 163
RealPresence Access Director and RealPresence Resource Manager
Integration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 167
Configuring Access Proxy Settings. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 167
Provision the RealPresence Access Director System. . . . . . . . . . . . . . . . . 181
RealPresence Access Director and RealPresence DMA Integration. 182
Configure SIP and H.323 Settings. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 182
Configure the Classless Inter-Domain Routing. . . . . . . . . . . . . . . . . . . . . . 183
RealPresence Access Director and RealPresence Web Suite Integration
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 184
Add the Next Hop Based on the Host Header Filter. . . . . . . . . . . . . . . . . . 184
Configure HTTP Tunnel Settings. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 186
Configure TURN Settings for WebRTC. . . . . . . . . . . . . . . . . . . . . . . . . . . . 188
Configure Endpoints. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 191
9. Configuring RealPresence Media Suite. . . . . . . . . . . . . . . . . . . . . . 193
Configuring Certificates. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 193
Create a Certificate Signing Request. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 193
Install the Certificate. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 198
Configure Media Storage. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 200
Set up the Gatekeeper. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 208
Validate the Recording. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 211
10. Configuring RealPresence Web Suite. . . . . . . . . . . . . . . . . . . . . . . 213
Configuring Certificates for RealPresence Web Suite. . . . . . . . . . . . 213
Generate a Certificate Signing Request. . . . . . . . . . . . . . . . . . . . . . . . . . . 214

Copy a Certificate Signing Request. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 215
Download the CA Root Certificate. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 219
Upload a Certificate to the RealPresence Web Suite Services Portal. . . . 220
Upload a Certificate to the RealPresence Web Suite Experience Portal. . 222
Set the RealPresence Web Suite Date and Time. . . . . . . . . . . . . . . . 223
RealPresence Web Suite Services Portal Server Settings. . . . . . . . . 224
Configure the RealPresence Web Suite Services Portal Using LDAP. . . . 224
Enable Email Notifications for Users. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 226
Set Web Addresses for the Portals. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 227
Add a RealPresence DMA System. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 228
Add Access Points. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 230
Configure the MCU Pool Order and Conference Template. . . . . . . . . . . . . 232
RealPresence Web Suite Experience Portal Conference Settings. . . 232
Configure Conference General Settings. . . . . . . . . . . . . . . . . . . . . . . . . . . 232
Configure the Portal Authentication Agent. . . . . . . . . . . . . . . . . . . . . . . . . 234
Configure the Conference Agent. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 237
Enable Enhanced Content Sharing. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 241
Configure WebRTC. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 241
11. Products Tested with this Release. . . . . . . . . . . . . . . . . . . . . . . . . 244
12. Known Issues. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 245

Copyright and Trademark
Copyright© 2018, Polycom, Inc. All rights reserved. No part of this document may be reproduced,
translated into another language or format, or transmitted in any form or by any means, electronic or
mechanical, for any purpose, without the express written permission of Polycom, Inc.
6001 America Center Drive

San Jose, CA 95002
USA
Trademarks Polycom®, the Polycom logo and the names and marks associated with Polycom
products are trademarks and/or service marks of Polycom, Inc. and are registered and/or common law
marks in the United States and various other countries.
All other trademarks are property of their respective owners. No portion hereof may be reproduced or
transmitted in any form or by any means, for any purpose other than the recipient's personal use,
without the express written permission of Polycom.
End User License Agreement By installing, copying, or otherwise using this product, you
acknowledge that you have read, understand and agree to be bound by the terms and conditions of
the End User License Agreement for this product. The EULA for this product is available on the
Polycom Support page for the product.
Patent Information The accompanying product may be protected by one or more U.S. and foreign
patents and/or pending patent applications held by Polycom, Inc.
Open Source Software Used in this Product This product may contain open source software. You
may receive the open source software from Polycom up to three (3) years after the distribution date of
the applicable product or software at a charge not greater than the cost to Polycom of shipping or
distributing the software to you. To receive software information, as well as the open source software
code used in this product, contact Polycom by email at mailto:OpenSourceVideo@polycom.com (for
video products) or mailto:OpenSourceVoice@polycom.com (for voice products).
Disclaimer While Polycom uses reasonable efforts to include accurate and up-to-date information in
this document, Polycom makes no warranties or representations as to its accuracy. Polycom assumes
no liability or responsibility for any typographical or other errors or omissions in the content of this
document.

Limitation of Liability Polycom and/or its respective suppliers make no representations about the
suitability of the information contained in this document for any purpose. Information is provided "as is"
without warranty of any kind and is subject to change without notice. The entire risk arising out of its
use remains with the recipient. In no event shall Polycom and/or its respective suppliers be liable for
any direct, consequential, incidental, special, punitive or other damages whatsoever (including without
limitation, damages for loss of business profits, business interruption, or loss of business information),
even if Polycom has been advised of the possibility of such damages.
Customer Feedback We are striving to improve our documentation quality and we appreciate your
feedback. Email your opinions and comments to mailto:DocumentationFeedback@polycom.com.
Polycom Support Visit the Polycom Support Center for End User License Agreements, software
downloads, product documents, product licenses, troubleshooting tips, service requests, and more.

Polycom RealPresence Clariti Solution
Overview
Polycom® RealPresence Clariti™ is a complete infrastructure solution that you can install, license, and
deploy with ease. From standard video conferencing and collaboration components to add-ons like
advanced analytics and video content management, the RealPresence Clariti solution provides you the
flexibility to select implementation options based on your needs.
RealPresence Clariti includes:
• Desktop and mobile clients and soft endpoint management
• Content sharing and real-time collaboration accessible through a web browser
• Video, audio, and content bridging for H.323, SIP, and WebRTC calls up to 1080p
• An H.323/SIP video call control engine for simplified dial plans, automated VMR creation, bridge
visualization, and UC integrations
• A video firewall edge application providing H.323/SIP dialing and registration for remote workers
and business to business (B2B), and business to customer (B2C) user scenarios
• Automated scheduling, provisioning, and monitoring of software, and hardware-based video

conferencing and Polycom voice solutions
• Video recording and streaming with a free trial of Polycom® RealPresence® Media Suite, which
transforms any workspace into a media studio
• Powerful analytics that monitor performance, capacity, and utilization to improve user
experiences, drive higher adoption, and empower decision making
• A standards-based solution with a rich set of SDKs, developer’s forum, and that Polycom
Sandbox for custom integrations

Planning the RealPresence Clariti
Solution
Before installing and configuring the RealPresence Clariti solution , you must plan your RealPresence
Clariti solution according to the meeting requirements and company network.
RealPresence Clariti Solution Architecture

The RealPresence Clariti solution incorporates a full suite of endpoints, infrastructure components, and
centralized management tools. The following figures show the RealPresence Clariti solution reference
architecture.
Figure 1. RealPresence Clariti Advanced Architecture
Related Topics
Planning the RealPresence Clariti Solution

RealPresence Clariti Solution Use Case
This section introduces a typical RealPresence Clariti Solution use case which includes company
network design and RealPresence Clariti Solution workflow in the company environment.
Related Topics
Company Network Introduction

Company A is a global firm and has deployed the entire RealPresence Clariti solution in the
headquarters’ data center. Polycom provides flexible modes for company network design.
Figure 1. RealPresence Clariti Advanced Network
Related Topics

Scheduling a Meeting
The organizer decides to contact others and plan a time, location, and media resources for an
upcoming video call. The call can be either informal or ad-hoc model, or follows a more formal
scheduling process such as from company exchange server.
Related Topics
Connecting to Meetings
Depending on the deployed workflow model and the device from which a user is connecting, users can
connect to meetings by dialing a VMR from a remote control or Polycom Touch Control, clicking on a
SIP URI from a desktop client, or walking into a room to join a conference that was scheduled in
advance.
To better explain the options available to you when configuring how users connect to meetings, this
topic provides a sample company and a list of workflows they use.
Example Company A
Company A is configured with the following conditions and network configurations.
• Employee meeting rooms are high-definition meeting rooms limited to 2 Mbps.
• Company A supports video conferencing participation from both internal and external users
using RealPresence Web Suite, which enables users to schedule meetings using the
RealPresence Web Suite Services Portal and enables anyone to join meetings over a web
browser.
• On average, Company A sees approximately 70 % utilization of the core infrastructure. Most

meetings include 5–10 participants along with a mixture of different endpoint types and
locations. Some meetings are highly collaborative where many users share content while
discussing the material; others consist of a group meeting or staff meeting lead primarily by one
speaker or location at a time. For the most part, the company has adopted a “meet on the
bridge” strategy, but some users still call point-to-point.
• The help desk handles company-wide meetings or specific vendor events where they want the
events scheduled and dialed out. These are typically high-definition conferences that utilize a
mixture of devices and connection methods, including dial-in audio and RealPresence Web
Suite connections. These calls typically have a high level of attendance from all locations and
can span more than one RealPresence Collaboration Server.
Company A settles on three distinct workflows to enable all employees to collaborate simply and easily
without much user training or help desk support.

Dialing in by Personal VMR
In Company A’s dial-in model, users are assigned a persistent personal VMR through Active Directory
integration, which enables users to dial into their own VMR whenever they wish. No operator or Video
Network Operations Center (VNOC) is required to monitor or schedule conferences.
The advantages of this model are as follows:
• Self-service conferencing
• Low conference admin overhead
• Users connect to meetings from multiple types of devices, including room systems, desktop
clients, and mobile devices
From an IT perspective, video conferencing usage in Company A is about 90 % self-service once each
employee receives a personal VMR.
• The users are in the Headquarter and home office of the Company A or will connect to the VMR
from the Internet.
• All endpoints and clients are directly registered to the RealPresence DMA or RealPresence
Access Director of Company A.
• All users establish an audio or video call to the VMR using the Remote Control, Touch Control,
RealPresence Touch, Web UI, and Keypad.
• The VMR can be called by dialing the E.164 number, SIP/TEL URI or IP address + Dial String
(## or @) using manual dial, speed dial button and directory entry. All IVR services are
available.
• During the call, content can be sent from each user using VGA, HDMI, USB, UI, Web UI,
People&Content IP, Pano, and RealPresence Desktop. Content is received from all other users
Printed as
from Polycom,
dual streamInc. (http://documents.polycom.com)
(H.239/BFCP/HTML5) in the highest available resolution and frame rate.Page 12
• Automatic recording or manual recording is available. Transcoding of audio, video, and content
algorithm and speed is available.
• The highest available bandwidth for each call is based on the VMR profile setting.
Operator-Assisted Conferencing (Dial-Out)
In Company A’s dial-out model, users do not start or stop their own conferences. Instead, they use a
centralized reservation service that is managed either by an internal service desk or by an external
VNOC. This method of connecting to meetings is very popular with certain workgroups that schedule
meetings that take place in conference rooms. The video conference starts automatically according to
the schedule without any user interaction.
Multipoint meetings at Company A are usually scheduled in advance and initiated using operator
assisted services. The operator sets up the conference by dialing out to all participants so the user
does not need to launch the call locally.

Speed-Dial to Virtual Entry Queue
Users within the Company A video environment can also connect using the Speed-Dial to Virtual Entry
Queue (VEQ) workflow model. This method enables video attendees and voice callers to easily dial
into a VMR by using DTMF codes to enter the conference ID, where all participants can join the
conference bridge. In this case, audio users dial the Company A headquarters using the toll free
number and enter a VEQ where the IVR service asks for the conference ID. Internally, all video users
can dial 771000 to call into the VEQ.
This solution is adapted to help people who feel that using multiple button functions on the remote
control to connect to a conference causes confusion and frustration. This dialing method reduces the
functions of the remote control to just one—entering the conference ID (VMR number) whenever a
user clicks any button on the remote control.
• The users are in the Headquarters and home office of the Company A or will connect to the
VEQ through the Internet.
• All endpoints and clients are directly registered to the RealPresence DMA or RealPresence
Access Director of Company A.
• All users establish an audio or video call to the VEQ using the Remote Control, Touch Control,
RealPresence Touch, Web UI and Keypad.
• The VEQ can be called by dialing the E.164 number, SIP/TEL URI or IP address + Dial String
(## or @) using manual dial, speed dial button and directory entry. All IVR services are
available.
• During the call, content can be sent from each user using VGA, HDMI, USB, UI, Web UI,
People&Content IP, Pano, and RealPresence Desktop. Content is received from all other users
as dual stream (H.239/BFCP/HTML5) in the highest available resolution and frame rate.
• Automatic recording or manual recording is available.

• The
Printed
highest available bandwidth for each call is based on the VMR profile setting.
from Polycom, Inc. (http://documents.polycom.com) Page 14
Related Topics
RealPresence Clariti Solution Components

This section describes the system components that are used in the RealPresence Clariti solution.
Polycom® RealPresence® DMA

The Polycom® RealPresence® DMA system is a network-based application that manages and
distributes multipoint video calls within an organization and intelligently distributes multipoint calls
across networked conference platforms. The RealPresence DMA system provides call control for SIP
and H.323 devices and serves as an H.323 Gatekeeper/SIP Registrar for up to 75,000 devices and 64
bridges based on your license.
The RealPresence DMA system provides endpoint registration, call processing, and call admission
control. Call control design considerations include the dial plan, endpoint addressing, call admission
control, external connectivity, and general trunking requirements.
Polycom® RealPresence® Collaboration Server

The Polycom® RealPresence® Collaboration Server solution delivers a multiprotocol hardware- or
software-based MCU that runs on an industry-standard (x86-type) server.
The RealPresence Collaboration Server solution provides the following features:
• Universal bridging capabilities for seamless connectivity regardless of device, or protocol
• Call at any data rate or bandwidth with support for resolutions up to 1080p 60, fully transcoded
• Support for the latest technologies, including H.264 High Profile for optimal resource utilization
• Support for point-to-point calls with integrated dial-through gateway capabilities (ISDN, SIP, and
H.323)

Polycom® RealPresence® Resource Manager
The Polycom® RealPresence® Resource Manager system is an integrated scheduling and
management platform for endpoints and video conferencing infrastructure management. In particular, it
functions as the management and licensing platform for Polycom® RealPresence Clariti™. It also
includes a rich suite of APIs for customized integration into the video network. With a Linux operating
system, multitenant partitioning, and the ability to scale to 50,000 managed mobile, desktop, and
Polycom® RealPresence® Group Series video devices, you can confidently deploy and manage your
video network with RealPresence Resource Manager applications.
The RealPresence Resource Manager system provides the following features:
• Ability to scale to 50,000 devices to manage H.323 and SIP supported endpoints, bridges, and
recording servers
• Easy administration through comprehensive device monitoring, provisioning, management, and

software revision control
• Directories and presence engines that provide simplified dialing
• An API suite for direct integrations into your key applications and systems
• Multitenant support for cloud-based hosting
• Scheduling options through the browser-based user interface or APIs for a application
Polycom® RealPresence® Access Director

The Polycom® RealPresence® Access Director system provides secure video collaboration from
anywhere, supporting SIP and H.323 devices. Users can connect their devices and mobile clients
simply and easily, reducing the cost to support the growing number of video-enabled workers in your
organization without compromising network security.
The RealPresence Access Director system provides the following features:
• An application that combines remote and B2B calling scenarios with SIP, H.323, and HTTP
tunneling capabilities, enabling a seamless video collaboration experience within and beyond
the firewall
• Collaboration over video while on the go, in the office, or from home
• Support for up to 1000 simultaneous video calls securely without requiring additional client
hardware or software
• Leverage of existing investments in UC products and IT infrastructure, which enable you to build
towards a SIP-based future
• Easy, secure, and reliable extension of video collaboration to your mobile workforce

Polycom® RealPresence® Web Suite
Polycom® RealPresence® Web Suite leverages core capabilities of the enterprise-grade video
infrastructure provided by RealPresence Clariti, enabling universal access to enterprise-grade video
collaboration to any business (B2B) or consumer (B2C) at the highest quality, interoperability, reliability,
and security.
Through the RealPresence Web Suite Services Portal, users create and participate in online video
conference meetings. Users create meetings by logging in to the RealPresence Web Suite Services
Portal, selecting the type of meeting they want to create, setting the meeting parameters, and entering
a list of participants to invite. In RealPresence Web Suite Services Portal, administrators can create
and manage users and configure the components for online video conference meetings.
Polycom® RealPresence® Media Suite

Polycom® RealPresence® Media Suite is a video content management solution that integrates with
standards-based and telepresence video conferencing systems. As a native part of the Polycom®
RealPresence Clariti™ solution, the RealPresence Media Suite product can record or live stream
meetings, manage archives, and play back recordings on a variety of client devices including tablets,
smartphones, desktop and laptop computers, and standards-based video endpoints.
The RealPresence Media Suite solution can be used as a standalone solution to provide video content
management functions with built-in tools or integrate with third-party systems to support recording,
streaming, and various content editing and management functions.
The RealPresence Media Suite solution also introduces an easy-to-use User Portal where customers
can easily start recording, create live events, and share media files.
By leveraging RealPresence Media Suite solution with existing telepresence systems, video
conferencing endpoints and video infrastructure, or familiar unified communications (UC) tools, your
organization can easily convert real-time conferences and events into reusable multimedia assets.
Polycom Video and Telepresence Endpoints

Polycom video endpoints provide IP video telephony features and functions similar to IP voice
telephony, enabling users to make point-to-point and multipoint video calls. Polycom video endpoints
are classified into families based on the features they support, hardware screen size, and environment
where the endpoint is deployed.
• Room system: Polycom RealPresence Group Series, and Polycom® RealPresence Debut™
endpoints are an ideal fit for any type of collaborative environment, from huddle rooms to large
classrooms, and open workspaces.

Components of Polycom Video Architecture
The RealPresence Clariti solution includes the following components:
Table 1. The RealPresence Clariti Solution Components
Module Component Description
Provides endpoint registration,

Call Control RealPresence DMA call processing, and media
resource management
RealPresence Collaboration Provides audio and video
Conferencing
Server conferencing resources
RealPresence Resource Manages client and server
Management Applications
Manager application
Provides Recording, Playback,
Recording RealPresence Media Suite
and Streaming capabilities
Enables firewall traversal

RealPresence Access Director
Collaboration Edge Enables B2B/B2C
RealPresence Web Suite collaboration via browser or
standard-based endpoints
RealPresence Group Series,

Endpoints and Polycom RealPresence Room endpoints
Debut
Related Topics
Preparing for System Installation

Complete the following tasks to ensure a smooth installation.
Assign IP Addresses
Allocate static IP addresses at the data center for different servers.

IP and Hostname for Each Component in DNS
The following is an example of the network plan for the RealPresence Clariti Solution:
Product FQDN Internal IP Address
RealPresence Resource
rprm.mycompany.com 192.0.2.2
Manager
RealPresence DMA dma.mycompany.com 192.0.2.7
RealPresence Collaboration
rpcs.mycompany.com 192.0.2.3
Server
172.16.0.1
RealPresence Access Director rpad.mycompany.com External IP: 172.16.0.6
Public IP: 1.2.3.4
RealPresence Media Suite

rpms.mycompany.com 192.0.2.6
(VMware® only)
RealPresence Web Suite
rpwsep.mycompany.com 192.0.2.5
Experience Portal
RealPresence Web Suite
rpwssp.mycompany.com 192.0.2.4
Services Portal
RealPresence Group Series gs01.mycompany.com 192.0.2.11
DNS dns.mycompany.com 192.0.2.1
Gateway - 192.0.2.254
NFS - 192.0.2.12
NTP time.google.com -
Hyper-V Host - 192.0.2.13
Mail server mail.mycompany.com -
Active Directory dc.mycompany.com 192.0.2.1
192.0.2.14 (management)
RealPresence Collaboration
-
Server 1800 192.0.2.15 (signalling and
media)

Split-horizon DNS
By using split-horizon DNS, you can resolve the same FQDN differently for clients inside and outside
the organization.
Polycom recommends configuring the following FQDNs as split-horizon DNS records on internal and
public DNS server.
Resolve From Internal Resolve From Public

FQDN Description
Network Network
For internal and

rprm.mycompany.com 192.0.2.2 1.2.3.4 external endpoint
provisioning
For internal and
dma.mycompany.com 192.0.2.7 1.2.3.4 external web client
joining the conference
For internal and
external WebRTC
rpad.mycompany.com 172.16.0.6 1.2.3.4
client joining the
conference
Related Topics

RealPresence Clariti Solution Software
Installation and Network Configuration
Before configuring the RealPresence Clariti solution, make sure that you complete the software
installation, license allocation, and network configuration for all RealPresence Clariti components.
This document assumes that administrators have knowledge of the following systems, that these
systems are already deployed:
• Microsoft Active Directory
• Domain name servers
• Components of the Polycom RealPresence Clariti solution. You can access Polycom product
documentation and software at Polycom Support.

Configuring RealPresence Resource
Manager
The RealPresence Resource Manager is a key component of the RealPresence Clariti solution. It
monitors, manages, and provisions thousands of video endpoints and provides directory, scheduling,
and reporting services. It also manages the bandwidth controls and allows administrators to monitor
and manage the entire video collaboration network. In particular, it functions as the management and
licensing platform for Polycom RealPresence Clariti.
Configuring Certificates
You must install a security certificate on the RealPresence Resource Manager.
Related Topics
Configuring RealPresence Resource Manager
Create a Certificate Signing Request

The RealPresence Resource Manager needs a CA signed certificate from the Microsoft Certificate
Services.
Procedure
1 Go to Admin > Management and Security > Certificate Management.

2 Click Create Certificate Signing Request.
3 In the Certificate Request Data dialog, enter the following information for your RealPresence
Resource Manager system.
Field Description
Signature Algorithm SHA256

Two-letter (ASCII only) ISO 3166 country
Country Name
code in which the server is located.
Full state or province name (ASCII only) in
State and Province Name
which the server is located.

Field Description
City name (ASCII only) in which the server is

Locality Name
located.
Enterprise name (ASCII only) at which the
Organization Name
server is located.
Optional: Subdivision (ASCII only) of the

Organizational Unit Name enterprise at which the server is located.
Multiple values are permitted, one per line.
The FQDN (fully qualified domain name) of
Common Name the system (read-only), as defined in the
network settings.
4 Click OK.
5 In the Create Certificate Signing Request dialog, click OK.

6 In the Save As dialog, enter a unique name for the file, browse to the location to which to save
the file, and click Save.
7 Open the CSR file using Notepad and copy the content.
Related Topics
Request a Certificate
You can request a certificate from a third-party Certificate Authority.
Procedure
1 Navigate to the Certificate Authority and click Request a Certificate.
2 Click the advanced certificate request.
3 Paste the CSR into the saved request field.

4 Under Certificate Template, choose Web Server with client EKU.
5 Click the Submit button.

6 Choose Base 64 encoded, and click Download certificate.

Related Topics
Related Topics
Configuring Certificate
Related Topics
Configuring Certificates on the RealPresence Collaboration Server
Related Topics
Related Topics
Related Topics
Configuring Certificates for RealPresence Web Suite
Install the Certificate
Prerequisite
Before installing a certificate or certificate chain provided by the certificate authority, be sure that you
received the certificate or certificate chain in one of the following forms:
• A PFX, P7B, or single certificate file that you’ve saved on your computer.
• PEM-format encoded text that you received in an email or on a secure web page.
Installing or removing certificates requires a system restart. When you install a certificate, the change
is made to the certificate store immediately, but the system will not recognize or use the new certificate
until it restarts and reads the changed certificate store.
The RealPresence Resource Manager system must be running on an Internet Explorer browser in
order to upload a file.
Procedure
1 Go to Admin > Management and Security > Certificate Management.
2 Click Install Certificates.
3 Click Upload Certificate, and browse to the file or enter the path and file name.

4 Click OK.
Related Topics
Integrating with an Enterprise Directory

In a large organization, integrating your RealPresence Resource Manager system with Microsoft Active
Directory greatly simplifies the task of managing conference system security.
Related Topics

Prestage Machine Account for RealPresence Resource Manager
To enable the single sign-on option, an Active Directory administrator must first prestage an Active
Directory machine account for RealPresence Resource Manager. The single sign-on allows endpoint
users who are included in the Active Directory to securely log in to their dynamically managed endpoint
without typing in credentials.
Procedure
1 On the Active Directory server, go to Start > Programs > Administrative Tools > Active
Directory Users and Computers to open Active Directory Users and Computers window.
2 Select the node for your domain.
3 Right-click the Organizational Unit (OU) folder in which to add the computer account, and select
New > Computer.
4 Enter the Computer name, and click OK.

5 Open PowerShell/Command Prompt window, enter the following command to create
password for your computer.
net user <machine name>$ <password> /domain
• machine name: the computer name you just configured before.
• password: the desired temporary password to be used during integration. The

RealPresence Resource Manager will change the password immediately upon successful
integration.
You have configured a machine account that you can use for RealPresence Resource Manager single
sign-on.
Related Topics

Integrate with the Enterprise Directory Server
Enabling the Integrate with Enterprise Directory Server option enables RealPresence Resource
Manager system users who are included in the Active Directory to log in to the RealPresence
Resource Manager system interface using their network credentials.
Procedure
1 Go to Admin > Directories > Enterprise Directory.
2 On the Enterprise Directory page, select Integrate with Enterprise Directory Server.
3 Enter the DNS Name for the enterprise directory server.
4 Enter Domain\Enterprise Directory User ID and Enterprise Directory User Password. Other
fields can be left as default or configure if you needed.
5 Select Allow delegated authentication to enterprise directory server.

6 Enter the Fully Qualified Host Name of the domain controller.
7 Enter the Username (Domain\<Computer Name>) and Password and click Update.

Related Topics
Integrate with RealPresence DMA

You can integrate your RealPresence Resource Manager system with a single RealPresence DMA
system to take advantage of the RealPresence DMA system’s two main functions: the Conference
Manager function and the call server (gatekeeper and SIP proxy/registrar) function.
Procedure
1 Go to Network Device > Instances.
2 On the Instances page, select the RealPresence DMA that you want to integrate with the
RealPresence Resource Manager, click the button.
3 Select Service Integration tab.

4 Select Integrate the RealPresence DMA system’s conference manager and call server
services with RealPresence Resource Manager system’s conferencing and endpoint
services, Conference Manager(MCU Pool Orders), and Call server.

5 Click OK.
6 In the Instances page, check that the is added for RealPresence DMA status.
Related Topics
Configure the Mail Server

You can set up the email account from which the RealPresence Resource Manager system will send
conference notification emails and system alerts.
Procedure
1 Go to Admin > Server Settings > Email.
2 Select Allow confirmation emails for scheduled conferences.

3 In the From Address text box, enter the email account (ASCII only) from which the
RealPresence Resource Manager system will send conference notification emails and system
alerts.
4 In the SMTP Server text box, specify the IP address of the SMTP server from which the
RealPresence Resource Manager system will send conference notification emails and system
alerts.

5 Click Update.
Related Topics
Site Topology Setup

The Site Topology feature of RealPresence Resource Manager provides a global view of the video
conferencing network, showing how it is organized within groupings called Territories and direct Site
Links indicating cumulative bandwidth capacity and utilization for all subnets within a Site.
Site topology information describes your network and its interfaces to other networks, including the
following elements:
• Site: A local area network (LAN) that generally corresponds with a geographic location such as
an office or plant. A site contains one or more network subnets, so a device’s IP address
identifies the site to which it belongs.
• Network clouds: A Multiprotocol Label Switching (MPLS) network cloud defined in the site
topology. An MPLS network is a private network that links multiple locations and uses label
switching to tag packets with origin, destination, and Quality of Service (QoS) information.
Note MPLS clouds are not associated with an IP address range, so they can be used to
group multiple subnets. They could also represent a service provider.
While links to MPLS clouds have bandwidth and bit rate limitations, the cloud is infinite. In this
way, clouds reflect the way in which businesses control bandwidth and bit rate.
• Internet/VPN: An entity that represents your network’s connection to the public Internet.
• Site link: A network connection between two sites or between a site and an MPLS network
cloud.

• Site-to-site exclusion: A site-to-site connection that the site topology doesn’t permit an audio or
video call to use.
• Territory: A grouping of one or more sites for which a RealPresence Resource Manager system
is responsible.
The site topology you create within the RealPresence Resource Manager system should reflect your
network design. Consider the following information and best practices when creating your site
topology:
• If possible, connect all sites to an MPLS cloud. MPLS clouds are like corporate networks, used
to connect multiple subnets in multiple sites, but all servicing a company.
• Avoid cross loops or multiple paths to a site; otherwise a call may have different paths to a
single destination. The more cross, circular, and multi paths you have, the higher the number of
calculations for a conference.
• Link sites that aren’t connected to an MPLS cloud directly to another site that is connected to an
MPLS cloud. Do not create orphan sites.
• Calls are routed through a bridge, so bandwidth and bit rate limits for the site and subnet apply
to all calls made using that bridge.
• Reserve the Internet/VPN “site” for IP addresses that fall outside your private or corporate
network (for example remote workers), because all calls routed to the Internet/VPN site will be
routed through the site on your private or corporate network that has Internet access.
Related Topics
Add a Site
RealPresence Resource Manager has default site Internet/VPN, and associates with registered
endpoint by default. Polycom recommends adding new site based on the needs of your network
topology. You can define a new site in the system’s site topology and specify which subnets are
associated with it.
You can define overlapping subnets within a site or between sites. Larger subnets can contain smaller
ones. When the system determines which subnets a given IP address belongs to, it chooses the
subnet with the longest IP match.
For example:
Subnet1 = 10.0.0.0/8
Subnet2 = 10.33.24.0/24
The IP address 10.33.24.70 belongs to subnet2, while the IP address 10.22.23.70 belongs to subnet1.

Procedure
1 Go to Network Topology > Sites or Network Topology > Site Topology.
• To add a site in the Sites page, click .
• To add a site in the Site Topology page, go to Site Actions > Add.
2 Complete the General Info. The minimum information required is Site Name, Description, and
Location.
General Info Field Description
A meaningful name for the site, this name

Site Name
can be 64 characters (ASCII only) long.
Description A brief description (ASCII only) of the site.
Assigns the site to a territory, and thus to a
Territory
RealPresence Resource Manager system.
Specify the geographic location of the site
Location either by longitude + latitude or country +
city.
3 Complete the H.323 Routing dialog.

H.323 Routing Field Description
Enables call routing through the Internet,

using an H.323-aware firewall.
• For an outbound call to the Internet, you

must enter the firewall gateway service
(e.g. a Polycom RealPresence Access
Director appliance) code before the IP
Allowed via H.323 aware firewall
address in the dial string.
• If you select Allowed via H.323 aware

firewall, you must create a site link
between this site and the Internet/VPN
site.
4 Complete the SIP Routing dialog.
SIP Routing Field Description
SIP Routing
Allowed via SIP aware firewall Enables call routing through the Internet,
using an SIP-aware firewall.

SIP Routing Field Description
Note
• For an outbound call to

the Internet, you must
enter the firewall gateway
service (e.g. a Polycom
RealPresence Access
Director appliance) code
before the IP address in
the dial string.
• If you select Allowed via

SIP aware firewall, you
must create a site link
between this site and the
Internet/VPN site.
5 Go to Subnets and click to add a new subnet.

6 Complete the Subnet dialog.
Subnet Field Description
Specifies the subnets within the site. For

each subnet, include:
Subnet IP Address/Mask • IP Address range
• Mask Length

7 Click OK.
8 Check the new subnet information and click OK.
Related Topics
Site Topology Setup

Add a Site Link
When you add a site link, you enter the starting and ending sites of the link and the maximum
bandwidth and bit rates available for calls (audio and video) that use the link. Links are bidirectional.
After you have created a link from Site A to Site B, you automatically have a bidirectional link from Site
B to Site A, although the link appears as unidirectional.
A link can connect two sites, or it can connect a site to an MPLS network cloud.
Before you can create a site link, you must add two or more sites to the system.
Procedure
1 Go to Network Topology > Site-Links.
2 In the Site-Links page, click .
3 In the Add Site-Link dialog, enter a Name and Description for the link and select the starting
(From Site) and ending (To Site) sites.
4 Enter the Bandwidth and Max Bit Rate and click Save.
You can define any bandwidth limitations between the two sites.
The new link appears on the Site Links page.

Related Topics
Site Topology Setup
Add a Network Cloud

To simplify the network topology, define network clouds to represents a hub with many sites connected
to each other such as a private network or VPN.
The Network Clouds page contains a list of the MPLS (Multiprotocol Label Switching) network clouds
defined in the site topology.
Note MPLS clouds are not associated with an IP address range, so they can be used to group
multiple subnets and could also represent a connection to a service provider.
Procedure
1 Go to Network Topology > Network Clouds.
2 In the Network Clouds page, click Add .
3 In the Cloud Info section of the Add Network Cloud dialog, enter a unique and meaningful
Cloud Name and Description for the cloud.
4 Click Linked Sites to create a link between sites and the network cloud.
5 In the Search Sites field, enter all or part of the site name or location and click Search.
The list of sites containing the search phrase appear in the Search Results column.
6 Select one site to link with the network cloud and then click the down arrow to move it to the
Selected Sites column.

Field Description
Linked Sites
Enter search string or leave blank to find all
Search Sites
sites.
Lists sites show the territory, if any, to which

each belongs.
Search Result
Select a site and click the right arrow to
open the Add Site Link dialog.
Lists sites linked to the cloud and shows the
Add Site Link
territory, if any, to which each belongs.
7 The Add Site Link dialog appears to let you change the bandwidth limitation between this site
and the MPLS cloud. Change the bandwidth limitation between each site and the MPLS cloud.
You can define any bandwidth limitations between each Site and the MPLS Cloud. The following
images show the bandwidth values for each site link.

8 Click OK.
9 Repeat the step 5 to step 8 to add all sites to the network cloud.
10 Click OK.

Related Topics
Site Topology Setup
Add a Territory
The Territories page contains a list of the territories defined in the site topology. Territory is a set of one
or more sites for which a RealPresence DMA system is responsible. After RealPresence Resource
Manager integrates with RealPresence DMA, by default, there are two territories, one is named Default
RealPresence Resource Manager Territory and the other is named Default DMA Territory (DMA host
name), and the RealPresence DMA instance is the primary node of the two territories.
By default, the Default DMA Territory is used for communication. Polycom recommends adding new
territory based on the needs of your network topology, especially in DMA supercluster environment.
Procedure
1 Go to Network Topology > Territories.

2 In the Territories page, click Add .
3 Complete the Territory Info sections of the Add Territories dialog.
Field Description
Territory Info
A meaningful name for the territory (up to
Territory Name
128 characters).
A brief description of the territory (up to 200
Description
characters).
Enter dma.mycompany.com
When integrating with a RealPresence DMA
system, enter the management FQDN or IP
Primary Cluster
address of the primary cluster that will
manage this territory. Do this step AFTER
you integrate with a RealPresence DMA
system.
The second node, if any, of the

Backup Cluster RealPresence Resource Manager system
responsible for this territory.
Enables this territory to be used for hosting

conference rooms (VMRs, or virtual meeting
rooms).
Host Conference Rooms In This Territory The territory’s primary and backup clusters
must both be enabled for conference room
hosting. No more than three territories may
have this capability enabled.
4 Click OK.
Related Topics
Site Topology Setup

Working with Provisioning Profiles
The Polycom RealPresence Resource Manager system enables you to use provisioning profiles and
provisioning rules as a way to dynamically manage endpoint settings.
When you dynamically manage endpoints (have the endpoint use the RealPresence Resource
Manager as its provisioning server), you can automatically configure them by using provisioning
profiles.
Related Topics
Configure Network Provisioning Profile

Provisioning profiles contain configuration information that administrators use to remotely manage
endpoints with network settings such as security, Quality of Service, gatekeeper address, SIP server
address, and so on. For example, as soon as an endpoint is configured to use the RealPresence
Resource Manager system for its provisioning server, it starts polling for provisioning profile updates.
With network provisioning profiles, you can ensure that all dynamically managed endpoints have the
optimal and correct settings respective to their network location.
The RealPresence Resource Manager system comes with a default network provisioning profile
Default Network Provisioning Profile that can be edited to include information specific to your
environment. By default, endpoint uses this default provisioning profile for provisioning. You can edit
the Default Network Provisioning Profile or add new provisioning profile and new rule using for
specified site. Both of them will use the same settings introduced in this section. Polycom recommends
adding new provisioning profile based on the needs of your network topology.
Procedure
1 Go to Endpoint > Dynamic Management > Provisioning Profiles.

2 In the Provisioning Profiles page, click .
If you want to edit the default profile, select Default Network Provisioning Profile, and click
3 In the General Info page, set the Profile Name and select Network Provisioning Profile for
Provisioning Profile Type.

4 Select Date and Time Settings, set Country, Date Format, Time Format, andTime Server
Timezone for the endpoints, which will use the profile for provisioning.
5 Select H.323 Settings, and edit the following fields:
• Check the Enable IP H.323 check box.
• Enter the RealPresence DMA IP address in the Gatekeeper Address.
• Select Dynamic in the User Gatekeeper for Multipoint Calls.
6 Select SIP Settings, and edit the following fields:
• Check the Enable SIP check box.
• Enter the DMA IP address in the Proxy Server.
• Enter the DMA IP address in the Registrar Server.
• Select Auto in the Transport Protocol.
• Select Standard in the Server Type.

7 Select Security Settings, and edit the following fields:
• Check the Enable Dynamic Provisioning for IDs check box.
• Select When Available in the AES Encryption.
• Check the Enable HTTPS Only check box.
• Enter 443 in the Web Access Port.
8 Click OK to save the Default Network Provisioning Profile.
Related Topics

Configure Admin Config Provisioning Profile
Admin Config provisioning profiles, allow you to create provisioning profiles that include maximum and
preferred call speeds, calendaring settings, and so on.
As soon as an endpoint is configured to use the RealPresence Resource Manager for its provisioning
server, it starts polling for provisioning profile updates. To ensure out-of-box usability, the
RealPresence Resource Manager system comes with a default Admin Config provisioning Profile. This
default profile cannot be customized with any rule. You need to create new Admin Config provisioning
profiles to customize endpoint configuration settings in your video environment.
Procedure
1 Go to Endpoint > Dynamic Management > Provisioning Profiles.
2 In the Provisioning Profiles page, click .

If you want to edit the default profile, select Default Admin Config Provisioning Profile, and
click .
3 In the Edit Profile dialog, select Call Settings.
4 Set 1920 to Maximum Speed for Receiving Calls(Kbps) and Preferred Speed for Placing
Calls(Kbps).

5 Click OK.
Related Topics
Add a Provisioning Rule

By default, endpoint will be associated with default site Internet/VPN and using Default Network
Provisioning Profile and Default Admin Configure Provisioning for provisioning. No rule needs to be
configured. If you have added new site and new provisioning profile, you need to add rule for the
provisioning.
Procedure
1 Go to Endpoint > Dynamic Management > Provisioning Rules.
2 Click .
3 In the General Info page, enter a name for the new rule and check the Active check box.
4 Click to add new condition.

5 In the Add New Condition dialog, select the following:
• Type: Site
• Attribute: Site
• Operator: =
• Value: the site you want to use this rule for endpoint provisioning
6 Click OK.
7 Check the Condition just has been added.

8 Select Endpoint Provisioning Profile page.
9 Click the network profile you just created from Available list and move it to Selected profile list
using the arrow button.
10 Click OK.
11 Check the rule result.
Related Topics

Auto-Generate SIP URI
You can automatically generate a SIP URI for each dynamically managed endpoint according to a
naming scheme you define. When you define a custom SIP URI from Active Directory fields, you can
choose one of the default fields or a different Active Directory attribute.
Procedure
1 Go to Endpoint > Dynamic Management > SIP URI.
2 Check the Auto-generate SIP URIs for all users and Use the user's email address as their
SIP URI check boxes.
The setting automatically populates the SIP URI field of each user and thus allow other
endpoints to dial someone by email address.

3 Click Update.
Related Topics
Configure E.164 Numbering

You can define an E.164 address scheme that will be used when provisioning E.164 addresses to all
dynamically managed endpoints.
Procedure
• Optional: Define an E.164 Address Scheme. You can keep the default setting, or configure
according to your environment.
1 Select Use Phone Number for the Base Field, and choose the Maximum number of
digits to use.

2 Click Update.
Related Topics
Add a User
Add a local user for endpoint provision.
Procedure
1 Go to User > Users and click .

2 Configure the general information of the user in the Add New User dialog.
Field Description
First Name The user’s first name

Last Name The user’s last name
The user’s unique login name. This user ID
User ID must be unique across all rooms and users
and across all domains.
The user’s assigned password. This
Password password must be a minimum of eight
characters in length.
The user’s email address. (The email
Email Address
address is an ASCII-only field.)

3 Click OK.
Related Topics
Provision Endpoint
Enable the provisioning from endpoint (take RealPresence Group Series as an example), and you can
manage the RealPresence Group Series from RealPresence Resource Manager.
Procedure
1 Connect the RealPresence Group Series Web UI.
2 Go to Admin Settings > Servers > Provisioning Service.
3 Check the Enable Provisioning and enter the information of the user who you create for
provisioning. You also can enter the enterprise user for provisioning.

4 Click Save. The Registration Status changes to Registered after the RealPresence Group
Series is provisioned successfully.
5 Go to Diagnostics > System > System Status, and check the status of Provisioning Service,
Gatekeeper, SIP Registrar Server, LDAP Server, and Presence Service.
6 Log in the RealPresence Resource Manager Web UI.

7 Go to Endpoint > Monitor View.
8 Check the Status (in green status), and click View Details for more information.

9 Check the Device Status on the right panel.
10 Check other fields for the RealPresence Group Series.
11 You can click other action to manager the RealPresence Group Series from the RealPresence
Resource Manager.

Related Topics
Configuration for RealPresence Access Director

Integration
If you deploy your RealPresence Access Director system with a RealPresence Resource Manager
system, the RealPresence Resource Manager system can provision some RealPresence Access
Director system settings and dynamically manage (provision, upgrade, and manage) select remote
endpoints.
Related Topics
Add RealPresence Access Director to the RealPresence Resource

Manager Network Device List
For RealPresence Resource Manager identifies the endpoints coming through a RealPresence Access
Director system by IP address, you must add the RealPresence Access Director system into
RealPresence Resource Manager network device list with the internal signaling and access proxy IP
address of RealPresence Access Director.
Procedure
1 From the RealPresence Resource Manager user interface, go to Network Device > Instances.
2 Click to add a new RealPresence Access Director.

3 Configure the Device Type values.
Field Description
Device Type RealPresence Access Director

Add By IP or FQDN Address
A unique name for the RealPresence
Device Name
Access Director system.
The version of the RealPresence Access
Version
Director system.
Management Address 172.16.0.1
Admin User and Admin Password Use a RealPresence Access Director user
that is reserved only for integration with the

Field Description

The user must have the Administrator role.
4 Select the Service Integration tab, and enter RealPresence Access Director internal signaling
and access proxy IP address in Provider-side Proxy IP Address.
Depends on your RealPresence Access Director network settings, the RealPresence Access
Director management address, and the internal signaling and access proxy address may be
different.
5 Click OK.
Related Topics
Configuration for RealPresence Access Director Integration

Define a New Site in the RealPresence Resource Manager
The RealPresence Access Director system can be configured using the RealPresence Resource
Manager system’s provisioning service by extending the Site Topology to include the RealPresence
Access Director system. In this section, you can create a new site and specify a network segment or
subnet that is enabled for the RealPresence Access Director system.
Procedure
1 From the RealPresence Resource Manager user interface, go to Network Topology > Sites.
2 Click Add .
3 Complete the General Info and Subnet. Leave the default settings for H.323 Routing and SIP
Routing.
The IP address of Subnet must be the internal signaling address of RealPresence Access
Director.
Field Description
General Info
A meaningful name for the site, this name
Site Name
can be 64 characters (ASCII only) long.
Description A brief description (ASCII only) of the site.
The country code for the country in which
Country Code
the site is located.
The city or area code for the site. Do not
Area Code include a leading zero. For example, the city
code for Paris is 01. Enter 1 in this field.
Choose the territory to which the site
Territory
belongs.
Click Specify Location and fill in the
Location country and city and the RealPresence
Resource Manager shows the location field.
Total Bandwidth (Mbps) The total bandwidth of the pipe at the site.
The maximum bandwidth that can be used
Call Max Bit Rate (kbps) for each intrasite call at the site. The default
and maximum value is 2000000 (2 GB).
Subnets
Subnet IP Address/Mask Specifies the subnets within the site. For
each subnet, include:
• IP Address range
• Mask Length

Field Description
• Total Bandwidth
If this site is used for a site that includes a

RealPresence Access Director system, be
sure to include the subnet where the
RealPresence Access Director system
resides.

4 Click OK.
Related Topics
Create RealPresence Access Director Provisioning Profiles

The RealPresence Resource Manager system provisions the configuration settings for the
RealPresence Access Director system through a custom RealPresence Access Director Server
Provisioning Profile. In this section, you can create the RealPresence Access Director Server
Provisioning Profile that contains the IP Address information for the RealPresence DMA and
Procedure
1 From the RealPresence Resource Manager user interface, go to Endpoint > Dynamic
Management > RPAD Server Provisioning Profiles.
2 Click Add .
3 In the General Info, enter a name for the new provisioning profile.
4 Select Server Provisioning Profile from Provisioning Profile Type drop-down list.

5 Click RPAD Settings 2 tab, and configure the following server provisioning details.
For the RealPresence Access Director system

Field
being provisioned...
Enable IP H.323 Check box to enable H.323 calls.

Enter the IP Address or FQDN of
Gatekeeper Address
RealPresence DMA system.
Enable SIP Check box to enable SIP calls
Proxy Server
Registrar Server
Transport Protocol Select TLS or Auto.
Use Default Directory Server Check box to use default directory server.
Check box to use default presence directory
Use Default Presence Directory Server
server.

6 Configure the RPAD Settings values.
7 Click OK.
Related Topics

Create Network Provisioning Profile for Endpoints That Connect to
You can define the connection information for the endpoints that connect to the RealPresence Access
Director system.
Procedure
Management > Provisioning Profiles.
2 Click Add .
3 Add a Profile Name, and set Provisioning Profile Type to Network Provisioning Profile.
4 Click the Firewall Settings tab.
Check the Enable H.460 Firewall Traversal and Enable SIP Keep Alives to provision external
endpoints.

5 Click the H.323 Settings tab.
• Check the Enable IP H.323 check box.
• Enter the external Natted IP address in the Gatekeeper Address.

The managed endpoints that connect to the RealPresence Access Director system must be
provisioned with the RealPresence Access Director system external natted IP address for
all network settings. Enter the external natted IP address of the RealPresence Access
Director system for the gatekeeper and SIP Server settings.
• Select Dynamic for Use Gatekeeper for Multipoint Calls.

6 Click the SIP Settings tab.
• Check the Enable SIP check box.
• Enter the external Natted IP address in the Proxy Server and Registrar Server.
7 Select Security Settings, and edit the following fields:
• Check the Enable Dynamic Provisioning for IDs check box.

• Select When Available in the AES Encryption.
• Check the Enable HTTPS Only check box.
• Enter 443 in the Web Access Port.
8 Select Directory Settings, and edit the following fields:
• Disable the Use Default Directory Server.
• Configure the Directory Server to the external natted address of RealPresence Access
Director.

9 Select Presence Settings, and edit the following fields:
• Disable the Use Default Presence Server.
• Configure the Presence Server to the external natted address of RealPresence Access
Director.
10 Click OK.
Related Topics
Configure Endpoints
Create Provisioning Rule

So far we added RealPresence Access Director into RealPresence Resource Manager network device
list, a new Site for the RealPresence Access Director system, a new RealPresence Access Director
Server Provisioning Profile defining the RealPresence Access Director system connection information
to the RealPresence DMA system and a Network Provisioning Profile for endpoints connecting to the
RealPresence Access Director system. However, the new Site for the RealPresence Access Director
hasn’t been linked to the endpoint Provisioning Profile. In the section, you can create a new Provision
Rule that will link the RealPresence Access Director site to the endpoint Provisioning Profile.
Procedure
Management > Provisioning Rules.

2 Click Add .
3 In the General Info area, enter a name for the new rule.
4 Check the Active check box.
5 Click Add on the upper right corner.

6 Add new conditions.
• Type: Site
• Attribute: Site
• Operator: =
• Value: RealPresence Access Director site name
7 Click OK.
8 Click Endpoint Provisioning Profile from the left panel.

9 Move the RealPresence Access Director endpoint profile to Selected Profile using the arrow
and click OK.
10 Click Server Provisioning Profile from the left panel.

11 Move the RealPresence Access Director profile to Selected Profile using the arrow and click
OK.

Related Topics
Configure Site Links to Connect RealPresence Access Director Site

with Existing Topology
You must create a site link that allows connections between the internal Sites and the RealPresence
Access Director Site.
Procedure
1 From the RealPresence Resource Manager user interface, go to Network Topology > Site-
Links.
2 In the Site-Links page, click Add .
3 Add a site link to connect the RealPresence Access Director system with the internet/VPN.
4 Click OK.
5 Follow the same steps to link RealPresence Access Director system to other Sites.

Note If other sites already have a site link with the Internet/VPN site, do not add site
links between the RealPresence Access Director site and other sites. Because if
the sites have a site link to the same site, the sites link to each other automatically.
Related Topics

Configuring RealPresence DMA
The RealPresence DMA provides redundancy, reliability, and efficiency of video services by distributing
multipoint video calls across conference platforms.
You must install security certificate on the RealPresence DMA.
Related Topics

When you create a certificate signing request (CSR) from the Admin > Server > Certificates page,
the system populates the CSR with the data that you enter in the Certificate Information dialog,
including Subject Alternative Name (SAN) extensions. The default system-generated SAN extensions,
which may vary depending on your configuration, are shown in the Value list. You can change these
values or add more extensions if needed. Polycom strongly recommends that you not delete the
default SAN extensions; this may cause the resulting certificate to not work with your configuration.
Procedure
1 Go to Admin > Server > Certificates.
2 In the Actions list, select Create Certificate Signing Request.
3 Enter the identifying information for your Polycom RealPresence DMA system as described in
the following table.

4 Click OK to generate the CSR.
The Certificate Signing Request dialog displays the encoded request.

5 Copy the entire contents of the Encoded Request box (including the text -----BEGIN NEW
CERTIFICATE REQUEST----- and -----END NEW CERTIFICATE REQUEST-----) and
submit it to your certificate authority.
Depending on the certificate authority, your CSR may be submitted via email or by pasting into a
web page.
6 Click OK.
Related Topics
Procedure




Related Topics
Related Topics
Related Topics
Related Topics
Related Topics
Related Topics

The following procedure installs the certificate or certificate chain provided by the certificate authority. It
assumes that you’ve received the certificate or certificate chain.
Procedure
1 When you receive your certificates, return to Admin > Server > Certificates.
2 In the Actions list, select Add Certificates.
3 In the Add Certificates dialog, do one of the following:
• If you have a PFX, P7B, or single certificate file, click Upload certificate, enter the
password (if any) for the file, and browse to the file or enter the path and file name.
• If you have PEM-format text, copy the certificate text, click Paste certificate, and paste it
into the text box below. You can paste multiple PEM certificates one after the other.
4 Click OK.
5 Click Restart to Apply Saved Changes, and when asked to confirm that you want to restart the
system so that certificate changes can take effect, click OK.
Related Topics

Integrate with the Microsoft Active Directory
You can enable integration with Active Directory.
Procedure
1 In Windows Server, add the service account (read-only user account) that the RealPresence
DMA system will use to read the Active Directory. Configure this account as follows:
• User can’t change password.
• Password never expires.
• User can only access services on the domain controllers and cannot log in anywhere.
2 Log in to the RealPresence DMA system.

3 Go to Integrations > Microsoft Active Directory.
4 Check Integrate with Enterprise Directory Server.
5 Complete the information in the General Integration Settings section.
• For IP Address or FQDN, enter the IP or FQDN of domain controller.
• For Domain\Enterprise directory user ID, enter the domain and user ID of the account
you created in 1.
• For Enterprise directory user password, enter the password of the account you created
in 1.

6 To generate conference room IDs for the enterprise users, complete the Enterprise
Conference Room ID Generation section.
a. For Directory attribute, the default value is telephoneNumber. You can keep the value or
update it if you have other attribute for your Active Directory users.
If the value is telephoneNumber, make sure the Telephone number field is populated in
Active Directory for the user.

b. If necessary, edit the contents of the Characters to remove field.
c. Specify the number of characters to use. After the system strips out characters to remove, it
removes characters in excess of this number from the beginning of the string.

Related Topics
Integrate with MCU

You can add an MCU, gateway, or combination of the two to the pool of devices available to the
Polycom RealPresence DMA system.
Procedure
1 Go to Integrations > MCU.
2 In the Actions list, click Add.
3 In the Add MCU dialog, complete the editable fields, described in the following table.
Field Description
Name for the MCU (up to 32 characters;

Name must not include any of the following:
, " ; ? : = *).
Type Polycom MCU
Integrate with conference manager Enabled

Field Description
Host name or IP address for logging in to the

Management IP address
MCU
Administrative user ID with which the
Admin user ID Polycom RealPresence DMA system can log
in to the MCU.
Password Password for the administrative user ID.
Related Topics
Add an MCU Pool

You can create more MCU pool if you have planed more VMRs for conference. Every conference room
(VMR) is associated with an MCU pool order (either by direct assignment, via the user’s enterprise
group membership, or from the system default). The pool to which an MCU belongs, and the pool
order to which a pool belongs, are used to determine which MCU is used to host a conference.
Procedure
1 Go to Service Config > Conference Manager Settings > MCU Pools.
3 In the Add MCU Pool dialog, enter the following required information.

Field Description
Name Name of the MCU pool.

Description of the pool. This should be
something meaningful, such as the
Description
geographic location of the MCUs that the
pool contains.
Lists the MCUs available to the Polycom
Available MCUs
Lists the MCUs included in the pool. The
Selected MCUs arrow buttons move MCUs from one list to
the other.
4 Click OK.
The new MCU pool appears in the MCU Pools list. The MCUs included in the pool is displayed.
Related Topics

Add an MCU Pool Order
A pool order contains one or more MCU pools and specifies the order of preference in which the pools
are used.
Procedure
1 Go to Service Config > Conference Manager Settings > MCU Pool Orders.
3 In the Add MCU Pool dialog, complete the following fields. All are mandatory.
Field Description
Name Name of the MCU pool order.

Description Brief description of the pool order.
Available MCU pools Lists the MCU pools available to the system.
Lists the pools included in the pool order in
their priority order. The left/right arrow
Selected MCU pools buttons move pools in and out of the list.
The up/down arrow buttons change the
priority rankings of the pools.
Indicates whether this pool order is set to fall
Fall back to any available MCU back to any available MCU if there are no
available MCUs in its pools.
4 Click OK.

The new MCU pool order appears in the MCU Pool Orders list. The MCU pools included in the
pool order is displayed.
Related Topics
Configure Conference Template with 2048 kbps Line

Rate
You can add a standalone conference template and specify conference properties directly in the
template. The Common Settings section applies to all MCUs. The Cisco Codian settings apply only if a
Codian MCU is selected for a conference. The other sections apply only if a Polycom MCU is selected
for a conference.
When the RealPresence DMA system uses a standalone template for a conference, the system sends
the specific properties to the MCU instead of pointing to one of the MCU’s conference profiles.
Procedure
1 Go to Service Config > Conference Manager Settings > Conference Templates.
3 Specify the Common Settings based on the field descriptions in the following table:
Common Settings Field Description
Name Clariti-AVC-2048-HD
A brief description of the conference

Description
template (up to 50 characters).
WebRTC with MCUs only — Conferences

using this template accept WebRTC, SIP,
and H.323 participants, and the system
WebRTC
promotes these conferences to a WebRTC-
capable MCU as soon as the first participant
connects.

4 Specify the Polycom MCU General Settings based on the field descriptions in the following
table:
Polycom MCU General Settings Field Description
AVC only — Standard video conferencing

mode supporting the H.264 Advanced Video
Coding (AVC) compression standard. In an
Conference mode AVC conference, the MCU transcodes the
video stream to each device in the
conference to provide an optimal
experience, based on its capabilities.
Enables conferences using this template to

span Polycom MCUs to achieve conference
Cascade for size
sizes larger than a single MCU can
accommodate.
Line rate 2048 kbps
Advanced Settings
Encrypt when possible — Endpoints
Encryption supporting encryption join encrypted; others
join unencrypted.
Packet loss compensation (LPR and DBA) Enabled.
Enable FECC Enabled
FW NAT keep alive Enabled
Interval (seconds) 30
TIP compatibility None
Enable MS panoramic layout Disabled

Polycom MCU General Settings Field Description
Allows you to specify the font type for text

displayed to participants in a conference. If
using Default the system will display Heiti if
a Chinese language is configured.
Font for text over video (MPMx or newer) Note This property only applies
when the MCU is configured
for multilingual operation with
Chinese (Simplified or
Traditional) selected.
5 Specify the Polycom MCU Video Quality based on the field descriptions in the following table:

Polycom MCU Video Quality Field Description
Video quality Sharpness — higher resolution
Max resolution Auto (the default) imposes no limit.
Content Video Definition
High-resolution graphics — higher bit rate

Content settings
for better graphics resolution
Content protocol Use H.264 cascade and SVC optimized.

Enable with transcode to H.264 and H.264
Multiple content resolution cascade.
Enable with transcode to H.264 and H.264
Transcode to
cascade
Enables the H.264 High Profile set of

capabilities for the content channel, which
H.264 high profile enables additional compression efficiency
and allows for higher resolutions to use the
same bandwidth.
Enables endpoints that don’t support H.239

Send content to legacy endpoints (MPM+ or
to receive the Content channel over the
newer)
video (People) channel.

6 Specify the Polycom MCU Video Settings based on the field descriptions in the following table:
Polycom MCU Video Settings Field Description
Lets the system select the video layout

Auto layout based on the number of participants in
conference.
7 Specify the Polycom MCU Audio Settings based on the field descriptions in the following
table:
Polycom MCU Audio Settings Field Description
Enables the MCU to detect and suppress

echo.
Echo suppression
Available only on MCUs with MPM+ or
MPMx cards.
Improves the voice quality in conference of a

PSTN endpoint.
Audio clarity
Available only on version 7 and newer
Polycom MCUs.
Enables the MCU to automatically detect

and mute endpoints that have a noisy audio
NoiseBlock™ (MPMx or newer) channel.
Not available on MCUs with an MPM+ card.
Select Auto.
Speaker change threshold
The default Auto setting is 3 seconds.

8 Specify the Polycom MCU Skins based on the field descriptions in the following table:
Polycom MCU Skins Field Description
Lets you choose the display appearance

(skin) for conferences using this template.
Polycom MCU Skins
Not available if Telepresence mode is Yes
or Video switching is enabled.
9 Specify the Polycom MCU Site Names based on the field descriptions in the following table.

Polycom MCU Site Names Field Description
Display mode On — Always display site names.
Font size 12
Color White font on red background
Text Color White font
Display position Top left
Horizontal position 0
Vertical position 0
Background transparency 50
10 Optional: Specify the Polycom MCU Recording based on the field descriptions in the following
table. You can skip the step if no RealPresence Media Suite in your environment.
Polycom MCU Recording Field Description
Upon Request — Recording can be initiated

Record conference
manually by the chairperson or an operator.
Select the recording link which is created by

Dial out recording link
RealPresence Collaboration Server.
Enable to displays a red dot recording

Indication of recording indicator in the upper left corner of the video
layout.

Polycom MCU Recording Field Description
Enable for available with version 8.4 or

Play recording message (V8.4 or newer) newer RealPresence Collaboration Server
MCUs.
11 Specify the Polycom MCU Indications based on the field descriptions in the following table:
Polycom MCU Indications Field Description
Use the drop-down menu to set the display

Position
position of the indication icons group.
Enables the Recording icon, which is

Recordings
displayed if a recording is in progress.

12 Click OK.
After you configure a conference template, the template is added to the conference templates
list.
Related Topics
Define Recording Links from RealPresence Collaboration Server
Configure Conference Settings

Conference settings define the default conference properties for the RealPresence DMA system. You
can update as your requirement or just leave it as default settings.
Procedure
1 Go to Service Config > Conference Manager Settings > Conference Settings.

2 Complete the fields described in the following table as needed.
Field Description
Dialing Prefix Set to 25.
Select the template that is used most

Default conference template
frequently for VMR.
Default class of service Bronze
Default maximum bit rate (kbps) Set to UNLIMITED.
Default minimum downspeed bit rate (kbps) Set to 384.
Default conference room territory Select the territory, which is used most
frequently for VMR.
Default MCU pool order Default MCU pool order used by the system.
Default conference duration Set to unlimited.

3 Click Update to save the settings.
Related Topics
Add Conference Rooms
Add Conference Rooms

You can create custom conference rooms (for a local or enterprise user) in order to offer the user a
different conferencing experience (template) or just an alternate (perhaps simpler) room ID and dial-in
number.
Procedure
1 Navigate to User > Users.
2 Select a user from the list.
3 In the Actions list, click Manage Conference Rooms.

4 In the Conference Rooms dialog, click Add.
5 In the Add Conference Room dialog, edit the General Settings fields in the following table as
required. You can update the other fields or keep them in default.
General Settings Field Description
The unique ID of the conference room. Click

Generate to let the system pick a random
available ID.
If using alphanumeric conference room IDs,
Room ID don’t include multiple consecutive spaces or
the following characters:
()&%#@|"':;,
If the ID includes any other punctuation
characters, it must start with an

General Settings Field Description
alphanumeric character and end with an

alphanumeric character.
Conference template Use the setting configured in Conference

Settings. You can check the item for update.
Territory Use the setting configured in Conference

MCU pool order Use the setting configured in Conference

6 Optional: In the Add Conference Room dialog, edit the Passcodes and Aliases fields in the
following table as required.
Passcodes and Aliases Field Description
Chairperson passcode The numeric passcode that identifies

chairperson in this room’s conferences. If

Passcodes and Aliases Field Description
none, the room’s conferences don’t include

the chairperson feature.
The numeric passcode that participants

Conference passcode must enter to join this room’s conferences. If
none, the room’s conferences don’t require a
passcode.
7 Click OK.
You can check the new VMR from the room list.
Related Topics
Configure Conference Settings
Edit Personal VMR

You cannot delete the conference room, but can edit the enterprise conference room.

Procedure
1 Go to Integrations > Microsoft Active Directory for checking or updating the settings.
The default value for Directory attribute is telephoneNumber, you can keep the value or
update it if you have other attribute for your Active Directory users.
2 Login RealPresence DMA using an enterprise user who has the Administrator role.
After RealPresence DMA integrated with Active Directory server, the user used for the
integration has administrator role.
3 Go to User > Users.
4 Click , and select one domain and click Search.
If the enterprise user has Telephone Numbers configured on Active Directory server, an
enterprise conference room number is listed in the Conference Rooms.
5 Select the enterprise user and click Manage Conference Rooms.

6 Select the enterprise room and click Edit.
The indicates that it is an enterprise conference room.

7 Update the conference room settings or keep the settings in default.
Related Topics
Create Virtual Entry Queue

You can create a Virtual Entry Queue (VEQ) for RealPresence DMA.

Procedure
1 Defining a New Entry Queue on RealPresence Collaboration Server.
a. In the RMX Management pane, in the Rarely Used menu, click Entry Queues.
b. In the Entry Queues list pane, click .

c. Define the parameters for new entry queue.
Fields Description
The Display Name is the conferencing

entity name in native language character
Display Name
sets to be displayed in the Collaboration
Server Web Client.
Select the Profile to be used by the Entry
Profile
Queue.
Enter a unique number identifying this
ID conferencing entity for dial-in. Default
string length is 4 digits.
Entry Queue Mode Select IVR only Service Provider.

2 Log in to the RealPresence DMA system.
3 Go to Service Config > > Conference Manager Setting > Shared Number Dialing.
4 Click + Add Virtual Entry Queue.
5 Define the parameters for VEQ.
Fields Description
Should be the same as Entry Queue ID that

Virtual entry queue number is configured by RealPresence Collaboration
Server.
Select the Entry Queue that is just created
Polycom MCU entry queue
by RealPresence Collaboration Server.

Related Topics
Enable WebRTC Signaling

You can enable WebRTC signaling if you have WebRTC clients on your network.
Procedure
1 Go to Admin > Server > Signaling Settings.
2 Select Enable WebRTC signaling.
3 Click Update.
Related Topics
Configure the RealPresence DMA Gatekeeper Call

Mode
If RealPresence Access Director is integrated with RealPresence DMA, Polycom recommends
configuring the gatekeeper call mode with Route call mode.
Procedure
1 From the RealPresence DMA user interface, go to Service Config > Call Server Settings.
2 Go to H.323 Settings.
3 Set Routed call mode to Gatekeeper call mode.

4 Click Update.
Related Topics
Configure SIP and H.323 Settings
Configure the Classless Inter-Domain Routing

Configuring RealPresence
Collaboration Server
Collaboration Servers are high performance, scalable MCUs that provide feature-rich, easy-to-use,
multipoint, voice and video conferencing.
Collaboration Servers can be used as a standalone devices to run voice and video conferences or
used as part of a RealPresence Clariti solution provided by Polycom.
Configure Gatekeeper and SIP Server

For the best practice, Polycom recommends configuring gatekeeper and SIP server.
Procedure
1 Connect to RealPresence Collaboration Server through RMX Web Client/RMX Manager
application.
2 Go to RMX Management > Rarely Used > IP Network Services.
3 Double click the Default IP Service from the IP Network Services page.
4 Go to Gatekeeper and complete the fields.

Gatekeeper Field Description
Select Specify to enable configuration of the

gatekeeper IP address.
Gatekeeper
When Off is selected, all gatekeeper options
are disabled.
Enter either the gatekeeper’s host name as
Primary Gatekeeper IP Address or Name
registered in the DNS or IP address.
Enter the DNS host name or IP address of

the gatekeeper used as a fallback
gatekeeper used when the primary
gatekeeper is not functioning properly.
Alternate Gatekeeper IP Address or Name
Note When in IPv4&IPv6 or in IPv6
mode, it is easier to use
Names instead of IP
Addresses.
Enter the DNS host name or IP address of

the gatekeeper used as a fallback
gatekeeper used when the primary
gatekeeper is not functioning properly.
Alternate Gatekeeper IP Address or Name
Note When in IPv4&IPv6 or in IPv6
mode, it is easier to use
Names instead of IP
Addresses.
Enter the number with which this Network

Service registers in the gatekeeper.
This number is used by H.323 endpoints as
MCU Prefix in Gatekeeper the first part of their dial-in string when
dialing the MCU.
When another gatekeeper is used, this prefix
must also be defined in the gatekeeper.
Select this check box if the RealPresence

Collaboration Server is to be seen as a
gateway, for example, when using a Cisco
gatekeeper.
Register as Gateway
Note Do not select this check box
when using Polycom
ReadiManager or a Radvision
gatekeeper.
Refresh Registration every __ seconds The frequency with which the system
informs the gatekeeper that it is active by re-
sending the IP address and aliases of the IP

Gatekeeper Field Description
cards to the gatekeeper. If the IP card does

not register within the defined time interval,
the gatekeeper will not refer calls to this IP
card until it re-registers. If set to 0, re-
registration is disabled.
Note
• It is recommended to use
default settings.
• This is a re-registration
and not a ‘keep alive’
operation – an alternate
gatekeeper address may
be returned.
Aliases
The alias that identifies the Collaboration

Server’s Signaling Host within the network.
Up to five aliases can be defined for each
Collaboration Server.
Alias Note When a gatekeeper is

specified, at least one alias
must be entered in the table.
Additional aliases or prefixes
may also be entered.
The type defines the format in which the

card’s alias is sent to the gatekeeper. Each
alias can be of a different type:
• H.323 ID (alphanumeric ID)
• E.164 (digits 0-9)
Type • Email ID (email address format, e.g.

abc@example.com)
• Participant Number (digits 0-9, * and #)
Note Although all types are

supported, the type of alias to
be used depends on the
gatekeeper’s capabilities.

5 Click OK.
Related Topics
Configuring RealPresence Collaboration Server

Configure Soft MCU for WebRTC
The RealPresence Collaboration Server, Virtual Edition, supports configuring up to two IP Network
services:
• First mandatory IP Network service is used for either a generic or a Microsoft service.
• Second optional IP Network service is used for the WebRTC service. The WebRTC service is
configured through RealPresence Collaboration Server, Virtual Edition, but all WebRTC
functions are processed on a modular MCU.
Procedure
1 In the RealPresence Collaboration Server (RMX) web browser, in the RealPresence
Collaboration Server Management pane, expand the Rarely Used list and click IP Network
Services.
2 In the IP Network Services pane, click New IP Service.
3 Set the IP configuration for WebRTC in IP tab.
Select SIP for WebRTC network service.

4 Select the Ports tab to configure the port information.
5 Select the SIP Servers tab.
Configure the following parameters:
• SIP Server: Specify
• SIP Server Type: WebRTC

6 Select the SIP Advanced tab.
Configure the following STUN and TURN server settings:
• The STUN and TURN IPs are RealPresence Access Director external address.
• The TURN Server User Name and TURN Server Password must be the same as the
configuration in RealPresence Access Director.

Related Topics
Configure TURN Settings for WebRTC
Configuring Certificates on the RealPresence

You must install a security certificate on the RealPresence Collaboration Server solution.
Related Topics
Generate a Certificate Request

Create a management and signaling certificates.

Procedure
1 In the RMX web client, go to Setup > RMX Secured Communication > Certification
Repository > Personal Certificates.
2 Select IP Network Service.
3 Click Add.
4 Select IP Network Service for Network Service Name and CSR for Certificate Method.
5 Click Create Certificate Request.
6 Enter the CSR value, and click Copy Request.

Related Topics
Procedure




Related Topics
Related Topics
Related Topics
Related Topics
Related Topics
Related Topics
Install Certificates
This section shows you how to install the chain certificates.
Procedure
1 Open the certificate file and copy the certificate content.
2 In the RMX web client, go to Setup > RMX Secured Communication > Certification
Repository > Personal Certificates.
3 Click Paste Certificate.

4 Click Send Certificate.

Related Topics
Configure System Flag

In cascading conference, Polycom recommends setting the system flag for enabling the content snatch
among endpoints which are in different MCUs.
Procedure
1 Go to Setup > System Configuration > System Configuration.
The System Flags dialog opens.

2 In MCMS_PARAMETERS_USER page, click New Flag.
3 Set the value of the ENABLE_CONTENT_SNATCH_OVER_CASCADE system flag to YES.
4 Click OK.
5 Set the value of NUM_OF_INITIATE_HELLO_MESSAGE_IN_CALL_ESTABLISHMENT
system flag to 3 for NAT Firewall deployment.
Check the new flag has been added to the system.
Related Topics

Define Recording Links from RealPresence
RealPresence Collaboration Server can dial out to the RealPresence Media Suite for a conference
recording. Recording conferences is enabled through a dial-out Recording Link, which is a dial-out
connection from the conference to the RealPresence Media Suite.
Procedure
1 In the RealPresence Collaboration Server Management pane, click Recording Links ( ).
2 In the Recording Links list, click New Recording Link ( ).
The New Recording Link dialog is displayed.

3 Define the New Recording Link parameters.
Parameter Description
Displays the default name that is assigned to

the Recording Link.
Name If multiple Recording Links are defined, it is

recommended to use a descriptive name to
be indicated the VRR to which to associate it
Default: Recording Link
Select the network environment:
• H.323
Type
• SIP
Polycom recommends selecting H.323.
• If no gatekeeper is configured, enter the

IP Address of the RealPresence Media
Suite.
• If a gatekeeper is configured, you can

either enter the IP address or an alias
IP Address
(see the alias description).
• If SIP server is configured, enter the IP

address of the SIP server instead of the
IP address of RealPresence Media
Suite.

If using the endpoint’s alias instead of IP

address, first select the alias type and then
enter the endpoint’s alias.
If you are associating this recording link to a
VRR on the RealPresence Media Suite,
define the alias as follows:
• If you are using the RealPresence

Media Suite IP address, enter the VRR
number in the Alias field. For example,
if the VRR number is 5555, enter 5555.
• If the Alias Type is set to H.323 ID,

enter the RealPresence Media Suite IP
address and the VRR number in the
format:
<Media Suite IP
Address>##<VRR number>
Alias Name
For example: If the RealPresence
Media Suite IP is 173.26.120.2 and the
VRR number is 5555, enter
173.26.120.2##5555
• If the Alias Type is set to E.164, enter

the RealPresence Media Suite E.164
followed by VRR number:
<Media Suite E.164><VRR
number>
For example: If the RealPresence
Media Suite E.164 is 123456 and the
VRR number is 5555, enter
1234565555
The name should be the same as

RealPresence Media Suite registration
information.
Depending on the format used to enter the

information in the IP address and Alias
fields, select H.323 ID or E.164 (for multiple
Recording links). E-mail ID and Participant
Alias Type
Number are also available.
The type should be the same as
RealPresence Media Suite registration
information.
If the recording link does not define the VRR, enter the RealPresence Media Suite E.164 that
registers to RealPresence DMA in the Alias Name. The default VRR is used for recording.

If the recording link defines the VRR, enter the RealPresence Media Suite E.164 +VRR in the
Alias Name.

4 Click OK.
Related Topics
Configure Conference Template with 2048 kbps Line Rate
Set up the Gatekeeper

Configuring RealPresence Access
Director
The RealPresence Access Director system enables users within and beyond your firewall to securely
access voice, video, and multimedia sessions across IP network borders. The system securely routes
communication, management, and content traffic through firewalls without requiring special dialing
methods or additional client hardware or software. Specifically, the RealPresence Access Director
system supports SIP and H.323 video calls (including H.460 firewall/NAT traversal) from registered
users, guests, and federated enterprises or divisions.
RealPresence Access Director Considerations

TheRealPresence Access Director system is Polycom’s firewall traversal solution for both SIP and H.
323 environments. It has the following specific requirements:
• Network Location. It must be connected to the DMZ.
• Network Interface Card. TheRealPresence Access Director system must have four network
interface cards (NICs) defined on the virtual machine. Even if the RealPresence Access Director
system’s network interfaces are configured so that some NICs remain unused, the NICS should
NOT be removed.
Related Topics
Configuring RealPresence Access Director
RealPresence Access Director Installation and

Network Configuration
The Polycom video infrastructure integrates with the RealPresence Access Director system to provide
video conferencing management for remote, guest, federated, and unfederated users with secure
firewall traversal for all of the required connections.
Related Topics

Install the RealPresence Resource Manager System Software Using
Your Virtual Environment Tools
If you install the RealPresence® Resource Manager, Virtual Edition, using your virtual environment
tools, you will still need to use the RealPresence Resource Manager system to manage licensing of
your Polycom software.
Note If installing a Hyper-V version, you must use the Copy option.
Procedure
1 Refer to the documentation for your virtual environment tools for instructions on installing a
virtual instance.
2 Install an instance of the RealPresence® Resource Manager, Virtual Edition system.
3 Assign a static IP address to the instance using the console if your VM environment does not
use DHCP.
4 Add the instance to the RealPresence Platform Director system.
Related Topics
RealPresence Access Director Installation and Network Configuration
Assign a Static IP Address

The RealPresence Access Director system requires a static IP address for your system’s instance. If
your VM environment is not using DHCP, you must assign a static IP with the console before
continuing to configure your system. If your VM environment has a DHCP server, it will assign an IP
address to the instance. You can then assign a static IP using the console or assign the static IP from
the RealPresence Access Director system’s web interface during initial configuration.
Note During installation and initial network configuration, you need to assign one static IP
address to the management interface (eth0). After installation is complete, you can
configure additional IP addresses for the other network interfaces from the RealPresence
Access Director web user interface.
Procedure
1 Power on the newly-installed VM.
2 Access the console.
3 Click in the console window and press Enter if necessary to see the login prompt.
A shell interface appears that enables you to configure the network.

4 Log in with user ID polycom and password polycom.

5 Choose option 3 and follow the prompts to configure the following initial network settings:
• IP address
• Subnet Mask
• Default Gateway IP
The system reboots.

6 Press CTRL + ALT to release the cursor from the console, then close the console window.
Related Topics
License Your System with RealPresence Resource Manager

The RealPresence Resource Manager system must be able to communicate with your RealPresence®
Resource Manager system so it can be licensed and monitored. After you install your RealPresence
Access Director system instance, you need to add the instance to the RealPresence Resource
Manager system to establish communication.
For instructions on how to add a system instance in the RealPresence Resource Manager system, see
the RealPresence Resource Manager System Operations Guide.
Related Topics

Virtual Edition Initial Configuration
When you install an instance of the RealPresence® Resource Manager, Virtual Edition system, you
need to provide the following network settings during the installation process:
• IPv4 Address: the static or DHCP-assigned IP address of the virtual instance of the
RealPresence® Resource Manager system.
◦ If you use a DHCP-assigned IP address, you must assign a static IP address when you
access the RealPresence® Resource Manager web user interface for the first time. After
you assign a static IP address, the DHCP IP address cannot be used.
• IPv4 Subnet Mask: the subnet mask for the RealPresence® Resource Manager system's static
IP address.
• IPv4 Default Gateway: the IP address of the gateway used to route network traffic outside the
subnet.
Procedure
1 In the RealPresence® Resource Manager user interface, go to Admin > Network Settings.
2 Click Configure Network Settings, then complete the following fields:
• Hostname: Enter the hostname of the RealPresence® Resource Manager system.
• Primary DNS: Enter the IP address of the DNS server.

3 Click Next.
4 In the Step 2 of 3: Advanced Network Settings window, do one of the following:
• If you assigned a static IP address when you installed your system, confirm the IPv4
Address is correct.
• If you used a DHCP-assigned IP address, enter a static IPv4 Address.
5 Confirm the following system values are correct:
• IPv4 Subnet Mask
• IPv4 Default Gateway
6 Confirm the eth1 values.

7 Click Next.
8 In the Step 3 of 3: Service Network Settings window, select the static IP address of the eth0
interface for each type of traffic, as shown in the following table:
Settings Field
• External signaling IP
SIP/H.323 Settings
• Internal signaling IP
• External relay IP
Media Relay
• Internal relay IP
Management IP Settings • Management IP
Access Proxy Settings

• External Access Proxy IP
◦ If the eth0 IP address is not

already listed, select it from the

Settings Field
Available IP address list and click

the right arrow to move the IP
address to the External Access
Proxy IP list.
• Internal Access Proxy IP

9 Click Done, then click Commit and Reboot Now.
The system reboots and applies your network settings.
Related Topics
Configure Time Settings

The RealPresence Access Director system displays two different time settings:
• Client date and time: In the upper right corner of the Time Settings window, next to your user
name, the system displays the date and time of your local machine. These values change only if
you revise the date and time on your local machine.
• Server time: Server Time (Refresh every 10 seconds) indicates the server time. If you change
the System time zone or Manually set the system time (not recommended), the Server Time
(Refresh every 10 seconds) field displays the correct server time.
Procedure
1 Go to Admin > Time Settings.
2 Complete the following fields as needed:

Field Description
The time zone in which your RealPresence

Access Director system is located.
Note After initial installation of the

System time zone system, the default time zone
is GMT (UTC). You must
select the time zone of your
geographic location
immediately after installing the
system.
Automatically determined in accordance with

the system time zone. If the system time
zone you select observes Daylight Saving
Auto adjust for Daylight Saving Time Time, this setting is enabled.
Note The administrator cannot

change this setting.
Polycom strongly recommends that you do

not set the time and date manually. Manually
setting system time removes Network Time
Manually set system time Protocol (NTP) server information and sets
the manually entered time for the selected
time zone instead of for the current system
UTC offset.
NTP servers The IP addresses or FQDNs of the NTP
servers.
• For Appliance Editions, the NTP server

IP addresses may be provisioned by
the RealPresence Resource Manager
system or you can enter them manually.
• For Virtual Editions, you can configure

up to three NTP servers when you
create an instance of the RealPresence
Access Director system from the
RealPresence Resource Manager
system. You can later edit these server
addresses as needed.

Field Description
Note Polycom recommends that you

specify at least two NTP
servers for synchronizing
system time.
3 Click Update.
Related Topics
The RealPresence Access Director system uses X.509 certificates in different ways.
• When you log into the RealPresence Access Director system's user interface from your browser,
the RealPresence Access Director system offers an X.509 certificate to identify itself to your
browser client.
• When a client sets up an HTTPS, LDAP, or XMPP connection with access proxy, the
RealPresence Access Director system offers an X.509 certificate to identify itself.
• When a client sends SIP messages with TLS transport, the RealPresence Access Director
system offers an X.509 certificate to identify itself.
• When the RealPresence Access Director system connects to a RealPresence Resource

Manager system, the RealPresence Access Director system may present a certificate to the
RealPresence Resource Manager system to identify itself.
• When the RealPresence Access Director system connects to another RealPresence Access
Director system or other session border controller (SBC) for a SIP enterprise-to-enterprise call,
the RealPresence Access Director system presents its certificate to the other system to identify
itself.

Related Topics

After initial installation, the RealPresence Access Director system is configured to use a self-signed
certificate with a key length of 2048 bits. You can create a certificate signing request (CSR) to apply for
a signed certificate from a certificate authority to replace the self-signed certificate. The signed
certificate identifies the RealPresence Access Director system as a trusted entity.
Procedure
1 Go to Admin > Certificates.
2 Click Create Certificate Signing Request.

3 Enter the certificate information and click OK.

4 Copy the CSR text content, and click OK.

Related Topics
Procedure




Related Topics
Related Topics
Related Topics
Related Topics
Related Topics
Related Topics

Use this procedure to add a trusted certificate authority, either an in-house or commercial CA.
Procedure
1 Go to Admin > Certificates > Add Certificates.
2 Click Upload certificate and browse to the file.

3 Click OK.
Related Topics
Required Ports
This section describes the specific ports or dynamic port ranges to configure on your RealPresence
Access Director system and correspondingly on your firewall. The port information is organized based
on the different functions, or services, that the RealPresence Access Director system supports.
The dynamic source and destination port ranges listed here specify the allowable port ranges for
communication between the RealPresence Access Director system and other systems and devices
inside or outside of your enterprise network. The actual port ranges for your system depend on the
number of calls on your license.
A port range for a specific function (for example, LAN-side SIP signaling) indicates the number of ports
for that function that must be available to accommodate the number of calls on your system license.
You can change the beginning port ranges (within certain parameters) if necessary. If you do so, the

RealPresence Access Director system automatically calculates the end ranges based on the number
of calls on your license.
Note The specific ports and port ranges configured in the RealPresence Access Director
system must match the ports configured on your firewall. If you change any port settings
within the system, you must also change them on your firewall.
Related Topics
Management Access
The RealPresence Access Director system provides a web-based user interface to access, configure,
and manage the system. Polycom suggests that you enable one interface as the management
interface, segregated from WAN-accessible traffic. For greater security, Polycom recommends that you
enable SSH and web access to the RealPresence Access Director system management interface only
from authorized network segments. We also recommend that you disable SSH and web access from
the WAN by creating explicit deny rules for these traffic types.
To support certain functions in the RealPresence Access Director system, connectivity is required
between the management interface and the following external systems (servers):
• Network Time Protocol (NTP)
• Syslog
• DNS
• Microsoft Active Directory
• SNMP
• Online Certificate Status Protocol (OCSP)
The following table lists the required ports and transport protocols to access the system’s web-based
user interface and to establish connections between the RealPresence Access Director system and
external services. The table also lists access information to manage the RealPresence Access Director
system from the WAN, if desired.
Table 1. Management Access Ports
SRC IP SRC Port Protocol DST IP DST Port Description
RealPrese Connection from the

IP
nce RealPresence Access
address
Access Director system to the
of the
Director 60001– 3333 and RealPresence Resource
TCP RealPre
system 64000 9333 Manager system for
sence
managem RealPresence Access
Resourc
ent IP Director system license
e
address communication

Manager
system
RealPre Connection from the

RealPrese sence Polycom RealPresence
nce Access Resource Manager
Resource Director system to the
>1023 TCP 8443
Manager system RealPresence Access
system IP manage Director system for
address ment IP Polycom API
address communication
RealPre
Connection from the
RealPrese sence
Ping Polycom RealPresence
nce Access
service Resource Manager
Resource Director
- (ICMP - system to the
Manager system
type: RealPresence Access
system IP manage
8,code:0) Director system instance
address ment IP
status monitoring.
address
Connection from the

RealPresence Access
Director system to the
SNMP server (for sending
Trap messages)
RealPrese
nce Note The SNMP
Access IP protocol and
Director 60001– UDP or address DST port
162
system 64000 TCP of SNMP depend on
managem server the SNMP
ent IP settings you
address configure in
the
RealPresen
ce Access
Director
system user
interface.
IP address
RealPre
of the host
sence
sending
Access Connection from the LAN
an SNMP
UDP or Director SNMP server to the
request to >1023 161
TCP system RealPresence Access
the
manage Director system (for
RealPrese
ment IP monitoring)
nce
address
Access

Note The SNMP

protocol and
DST port
depend on
the SNMP
settings you
Director
configure in
system
the
RealPresen
ce Access
Director
system user
interface.
RealPrese
IP
nce
address
Access Connection from the
of
Director RealPresence Access
123 UDP external 123
system Director system to the
NTP
managem public NTP server
server, if
ent IP
in use
address
RealPrese
IP
nce
address
of the
Director 60001– RealPresence Access
TCP OCSP 8080, 80
system 64000 Director system to the
respond
managem public OCSP responder
er, if in
ent IP
use
address
RealPrese
nce
IP
address
Director 60001– RealPresence Access
UDP of the 53
system 64000 Director system to the
DNS
managem DNS server
server
ent IP
address
IP StartTLS encrypted or
RealPrese address unencrypted (TCP)
nce of the connection from the
Access LAN- RealPresence Access
Director 60001– based Director system to the
TCP 389
system 64000 Microsoft LAN-based Microsoft
managem Active Active Directory server
ent IP Directory
address server, if This connection is
in use optional.

IP
RealPrese address Encrypted connection
nce of the from the RealPresence
Access LAN- Access Director system to
Director 60001– based the LAN-based Microsoft
TLS 636
system 64000 Microsoft Active Directory server
managem Active
ent IP Directory This connection is
address server, if optional.
in use
RealPrese
Connection from the
nce IP
RealPresence Access
Access address
Director system to the
Director 60001– UDP or of the
514, 10514 syslog server
system 64000 TCP syslog
managem server, if
This connection is
ent IP in use
optional.
address
IP address
of the
WAN-
based PC
RealPre HTTPS connection from a
using a
sence WAN-based PC to the
browser to
Access RealPresence Access
access the
Director Director system’s web
RealPrese
Any TCP system 8443 user interface used to
nce
public manage the system
Access
manage
Director
ment IP This connection is
system
address optional.
web
(managem
ent) user
interface
IP address
RealPre
of the host Access to the command
sence
managing line interface (CLI) of the
Access
the RealPresence Access
Director
RealPrese Director system using
Any TCP system 22
nce SSH
public
Access
manage
Director This connection is
ment IP
system optional.
address
using SSH
Related Topics
Required Ports

SIP Signaling
The RealPresence Access Director system serves as a SIP back-to-back user agent (B2BUA) and
operates between endpoints that use the SIP protocol. When a SIP video call takes place, the
RealPresence Access Director system divides the communication channel into two call legs and
mediates all SIP signaling between the endpoints, from call establishment to termination. SIP signaling
can be used for remote, guest, B2B, and open-SIP calls.
Note If your firewall has a SIP function that enables it to intercept and alter SIP messaging (for
example, SIP ALG), you must disable the service. If not disabled, the service may cause
call failures due to rewriting of port or IP address information.
SIP WAN Ports

The following table lists the required ports and protocols for bidirectional SIP signaling between the
WAN and the RealPresence Access Director system.
Table 1. SIP Signaling Ports for the WAN and RealPresence Access Director System
RealPresenc SIP (TCP

e Access 5060)
IP address of
Director connection
external SIP >1023 TCP 5060
system public from the
client
signaling IP WAN to the
address RPAD system
RealPresenc
SIP
e Access
IP address of connection
Director
external SIP >1023 UDP 5060 from the
system public
client WAN to the
signaling IP
RPAD system
address
RealPresenc SIP TLS
e Access (TCP 5061)
IP address of
Director connection
external SIP >1023 TCP 5061
system public from the
client
signaling IP WAN to the
address RPAD system
Outbound
Public
RPAD SIP call from
signaling IP
external the RPAD
13001–15000 TCP address of >1023
signaling IP system to
the other SIP
address another
system
system
RPAD 5060 UDP IP address of >1023 Outbound
external remote user SIP call from
signaling IP SIP client the RPAD
address system to the

remote user’s
SIP client
SIP LAN Ports

The following table lists the required ports and protocols for bidirectional SIP signaling between the
LAN and the RealPresence Access Director system.
Table 2. SIP Signaling Ports for the LAN and RealPresence Access Director System
Connection
IP address of from the
RPAD the LAN- RPAD system
internal based SIP to the LAN-
5070 UDP 5060
signaling IP registrar based SIP
address (DMA registrar
system) (DMA
system)
SIP (TCP
5060) and
SIP TLS
IP address of (TCP 5061)
RPAD the LAN- connection
internal based SIP from the
13001–15000 TCP 5060–5061
signaling IP registrar RPAD system
address (DMA to the LAN-
system) based SIP
registrar
(DMA
system)
Connection
IP address of from the
RPAD
the LAN- LAN-based
system
based SIP SIP registrar
5060 UDP internal 5070
registrar (DMA
signaling IP
(DMA system) to
address
system) the RPAD
system
IP address of 36000-61000 TCP RPAD 5070–5071 SIP (TCP
the LAN- system 5070) and
based SIP internal SIP TLS
registrar signaling IP (TCP 5071)
(DMA address connection
system) from the
LAN-based
SIP registrar
(DMA

system) to
the RPAD
system
Related Topics
Required Ports
H.323 Signaling
H.323 signaling enables registration, calling, and neighboring functions for endpoints that use the H.
323 protocol. H.323 signaling can be used for remote, guest, and federated or neighbored B2B calls.
Note If your firewall has an H.323 function that enables it to intercept and alter H.323
messaging, for example, H.323 ALG, you must disable the service. If not disabled, the
service may cause call failures due to rewriting of port or IP address information.
H.323 WAN Ports

The following table lists the required ports and protocols for H.323 signaling between the WAN and the
RealPresence Access Director system.
Table 1. H.323 Signaling Ports for the WAN and RealPresence Access Director System
H.225
registration
RealPresenc request from
e Access a remote
IP address of
Director endpoint to
external H. >1023 UDP 1719
system public the
323 device
signaling IP RealPresenc
address e Access
Director
system
Inbound H.
225 Location
Public RealPresenc
ReQuest
signaling IP e Access
(LRQ) to the
address of Director
>1023 UDP 1719 RealPresenc
the other system public
e Access
enterprise signaling IP
Director
system address
system
(suggested)

H.225
RealPresenc connection
e Access from the
IP address of
Director WAN to the
external H. >1023 TCP 1720
system public RealPresenc
323 device
address Director
system
H.245
e Access from the
IP address of
Director WAN to the
external H. >1023 TCP 10001–13000
system public RealPresenc
323 device
address Director
system
H.225
e Access from the
IP address of
Director RealPresenc
10001–13000 TCP external H. 1720
external e Access
323 device
signaling IP Director
WAN
H.245
e Access from the
IP address of
10001–13000 TCP external H. >1023
external e Access
323 device
signaling IP Director
WAN
H.225
gatekeeper
neighboring
connection
RealPresenc Public
from the
e Access signaling IP
RealPresenc
Director address of
1719 UDP 1719 e Access
external the other
Director
signaling IP enterprise
system to the
address system
other
enterprise
system, if
needed

H.323 LAN Ports
The following table lists the required ports and protocols for H.323 signaling between the LAN and the
Table 2. H.323 Signaling Ports for the LAN and RealPresence Access Director System
H.225 RAS
connection
for H.323
remote user
registrations
IP address of
RealPresenc from the
LAN-based
e Access RealPresenc
H.323
Director e Access
1719 UDP gatekeeper 1719
internal Director
(RealPresenc
signaling IP system to the
e DMA
address LAN-based
system)
H.323
gatekeeper
(RealPresenc
e DMA
system)
H.225
gatekeeper
neighboring
connection
from the
IP address of
RealPresenc RealPresenc
LAN-based
e Access e Access
H.323
Director Director
1719 UDP gatekeeper 1719
internal system to the
(RealPresenc
signaling IP LAN-based
e DMA
address H.323
system)
gatekeeper
(RealPresenc
e DMA
system), if
needed
RealPresenc 10001–13000 TCP IP address of 1720 H.225
e Access LAN-based connection
Director H.323 from the
internal gatekeeper RealPresenc
signaling IP (RealPresenc e Access
address e DMA Director
system) system to the
LAN-based
H.323
gatekeeper
(RealPresenc

e DMA
system)
H.225
connection
from the
RealPresenc
e Access
Director
RealPresenc
system to the
e Access
IP address of LAN-based
Director
10001–13000 TCP LAN-based 1720 H.323 device
internal
H.323 device (with the
signaling IP
RealPresenc
address
e DMA
system in
Direct mode,
no need for
the Routed
mode.)
H.245
connection
from the
IP address of RealPresenc
RealPresenc
LAN-based e Access
e Access
H.323 Director
Director
10001–13000 TCP gatekeeper 36000–61000 system to the
internal
(RealPresenc LAN-based
signaling IP
e DMA H.323
address
system) gatekeeper
(RealPresenc
e DMA
system)
H.245
connection
from the
RealPresenc
e Access
Director
RealPresenc
system to a
e Access
IP address of LAN-based
Director
10001–13000 TCP LAN-based >1023 H.323 device
internal
H.323 device (with the
signaling IP
RealPresenc
address
e DMA
system in
Direct mode,
no need for
the Routed
mode)
IP address of RealPresenc H.225 RAS
1719 UDP 1719
the LAN- e Access connection

from the
LAN-based
H.323
gatekeeper
based H.323 Director
(RealPresenc
gatekeeper system
e DMA
(RealPresenc internal
system) to
e DMA signaling IP
the
system) address
RealPresenc
e Access
Director
system
H.225
connection
from the
LAN-based
H.323 device
to the
RealPresenc
RealPresenc
e Access
IP address of e Access
Director
the LAN- Director
>1023 TCP system 1720
based H.323 system (with
internal
device the
signaling IP
RealPresenc
address
e DMA
system in
Direct mode,
no need for
the Routed
mode)
H.245
connection
from the
LAN-based
H.323 device
RealPresenc (with the
IP address of
Director e DMA
the LAN-
>1023 TCP system 10001–13000 system in
based H.323
internal Direct mode,
device
signaling IP no need for
address the Routed
mode) to the
RealPresenc
e Access
Director
system
IP address of RealPresenc H.225
the LAN- e Access connection
36000–61000 TCP 1720
based H.323 Director from the
gatekeeper system LAN-based

H.323
gatekeeper
(RealPresenc
e DMA
(RealPresenc internal system in
e DMA signaling IP Routed
system) address mode) to the
RealPresenc
e Access
Director
system
H.245
connection
from the
LAN-based
IP address of RealPresenc H.323
the LAN- e Access gatekeeper
based H.323 Director (RealPresenc
gatekeeper 36000–61000 TCP system 10001–13000 e DMA
(RealPresenc internal system in
e DMA signaling IP Routed
system) address mode) to the
RealPresenc
e Access
Director
system
Related Topics
Required Ports
Access Proxy
The RealPresence Access Director system access proxy feature provides reverse proxy services for
external users. Based on your system configuration, when access proxy receives a request from an
external user, it accepts the request and sends a new request on behalf of the user to the appropriate
application server.
Access proxy routes communication requests based on the type of target application server:
• HTTPS_proxy: HTTPS servers that provide management services, such as provisioning for the
RealPresence Access Director system and endpoints (Polycom® RealPresence® Resource
Manager system), and web-based video conferencing services (RealPresence Web Suite).
• LDAP_proxy: LDAP servers that provide directory services for remote (authorized) users.
• XMPP_proxy: XMPP servers that provide message, presence, or other XMPP services for
remote (authorized) users.
• HTTP tunnel proxy: An HTTP tunnel proxy enables RealPresence Web Suite SIP guest users
to attend video conferences in an enterprise’s Web Suite Experience Portal. Due to restrictive
firewall rules, if a Web Suite client cannot establish a native SIP/RTP connection to a video

conference, the RealPresence Access Director system can act as a web proxy to tunnel the SIP
guest call on port 443. Once the SIP guest is connected to a meeting, the RealPresence Access
Director system continues to tunnel TCP traffic, including SIP signaling, media, and Binary Floor
Control Protocol (BFCP) content.
Access Proxy WAN Ports

The following table lists the ports and protocols for access proxy traffic between the WAN and the
Table 1. Access Proxy Ports for the WAN and the RealPresence Access Director System
Public IP HTTPS
address of connection
the from the
RealPresenc WAN to the
IP address of
external >1023 TCP 443
Director e Access
client
system’s Director
external system to
access proxy sign in for
IP address provisioning
TLS-
Public IP encrypted or
address of unencrypted
the encrypted
RealPresenc (TCP) LDAP
IP address of
e Access connection
Director from the
client
system’s WAN to the
external RealPresenc
access proxy e Access
IP address Director
system
Public IP
address of XMPP
the connection
IP address of
e Access WAN to the
client
system’s e Access
external Director
access proxy system
IP address
IP address of Public IP HTTPS web
external address of connection
RealPresenc >1023 TCP the 443 from the
e Web Suite RealPresenc WAN to the
browser e Access RealPresenc

e Access
Director
system. The
RealPresenc
client that e Access
signs into the Director Director
Web Suite system’s system can
Experience external proxy to both
Portal and/or access proxy the
the Services IP address RealPresenc
Portal e Web Suite
Experience
Portal and
Services
Portal
HTTP tunnel
proxy
connection
from the
WAN to the
Public IP
RealPresenc
address of
e Access
IP address of the
Director
system. The
e Web Suite e Access
>1023 TCP 443 RealPresenc
client using Director
e Access
an HTTP system’s
Director
tunnel proxy. external
system
access proxy
terminates
IP address
the tunnel
and proxies
the traffic to
the internal
systems.
IP address of >1023 TCP Public IP 443 HTTPS
RealPresenc address of tunnel proxy
e Mobile the connection
client using RealPresenc from the
an HTTP e Access WAN to the
tunnel proxy Director RealPresenc
system’s e Access
external Director
access proxy system. The
IP address RealPresenc
e Access
Director
system
terminates
the tunnel
and proxies
the traffic to

the internal
systems.
Access Proxy LAN Ports

The following table lists the ports and protocols for bidirectional access proxy traffic between the
RealPresence Access Director system and the LAN.
Table 2. Access Proxy Ports for the LAN and the RealPresence Access Director System
SRC IP SRC IP Protocol DST IP DST Port Description
HTTPS
connection
from the
RealPresenc
the LAN- Director
based system to the
RealPresenc
provisioning LAN-based
e Access
server that provisioning
Director
60001–64000 TCP provisions 443 server that
internal
the provisions
access proxy
RealPresenc the
IP address
Director e Access
system Director
system
This
connection is
optional.
HTTPS
connection
from the
IP address of
the LAN-
e Access e Access
based
Director Director
30001–60000 TCP management 443
internal system to the
server that
access proxy LAN-based
provisions
IP address provisioning
the endpoints
server that
provisions
the endpoints
LDAP
RealPresenc IP address of
connection
e Access the LAN-
30001–60000 TCP 389 from the
Director based LDAP
RealPresenc
internal server
e Access

SRC IP SRC IP Protocol DST IP DST Port Description
Director
access proxy system to the
IP address LAN-based
LDAP server
XMPP
connection
RealPresenc
from the
e Access IP address of
RealPresenc
Director the LAN-
30001–60000 TCP 5222 e Access
internal based XMPP
Director
access proxy server
system to the
IP address
LAN-based
XMPP server
HTTPS
connection
from the
IP address of
RealPresenc
RealPresenc the
e Access
Director
Director e Web Suite
30001–60000 TCP 443 system to the
internal Services
RealPresenc
access proxy Portal and/or
e Web Suite
IP address Experience
Experience
Portal
Portal and/or
Services
Portal
Related Topics
Required Ports
Media
The RealPresence Access Director system enables media traffic (audio, video, and content) to
traverse the firewall during video conferencing calls.
Media WAN Ports

The following table lists the ports and protocols for bidirectional media relay between the WAN and the
Table 1. Media Ports for the WAN and the RealPresence Access Director System
IP address of RealPresenc Inbound

external >1023 UDP e Access 20002–30001 media (RTP)
device Director traffic from

the WAN to
the
system public
RealPresenc
media IP
e Access
address
Director
system
Outbound
RealPresenc media traffic
e Access from the
IP address of
20002–30001 UDP external >1023
system public e Access
device
media IP Director
WAN
Media LAN Ports

The following table lists the ports and protocols for bidirectional media traffic between the LAN and the
Table 2. Media Ports for the LAN and the RealPresence Access Director System
Inbound
media traffic
RealPresenc
from the
e Access Any LAN-
RealPresenc
Director based video
40002–50001 UDP >1023 e Access
internal conferencing
Director
media IP device
system to the
address
LAN-based
video device
Outbound
media traffic
IP address of e Access LAN-based
the LAN- Director video
based video >1023 UDP system 40002–50001 conferencing
conferencing internal device to the
device media IP RealPresenc
address e Access
Director
system
Inbound
RealPresenc IP address of
BFCP
e Access LAN-based
16001–17000 TCP >1023 content from
the
internal e
RealPresenc

e Access
Director
system to the
media IP Collaboration LAN-based
address Server (RMX) RealPresenc
e
Collaboration
Server (RMX)
Outbound
BFCP
content from
the LAN-
IP address of RealPresenc based
LAN-based e Access RealPresenc
RealPresenc Director e
>1023 TCP 16001–17000
e internal Collaboration
Collaboration media IP Server (RMX)
Server (RMX) address to the
RealPresenc
e Access
Director
system
Related Topics
Required Ports
TURN Server
The RealPresence Access Director system can act as a TURN server to enable firewall and NAT
traversal of UDP media traffic between WebRTC-enabled clients.
TURN Relay Ports

The following table lists the ports and protocols for bidirectional media relay between WAN and LAN
WebRTC-enabled clients and the RealPresence Access Director system TURN server.
Table 1. TURN Ports for WAN and LAN-based WebRTC Endpoints and the TURN Server
IP address of >1023 UDP RealPresenc

external e Access 65370-65379 TURN
WebRTC Director allocation
client system public Default: 3478 requests from
signaling IP an external
address WebRTC
client to the
TURN server.

The port is
used only to
establish a
TURN
session.

Note
T
h
e
R
e
a
l
P
r
e
s
e
n
c
e
A
c
c
e
s
s
D
i
r
e
c
t
o
r
s
y
s
t
e
m
p
u
b
l
i
c
s
i
g
n
a
l
i
n
g
I
P
a
Printed from Polycom, Inc. (http://documents.polycom.com) Page 165d
d
r
e
s
s
Allocation
response
from the
RealPresenc
TURN server
65370-65379 to an external
Director external
UDP >1023 WebRTC
system public WebRTC
Default: 3478 client. The
signaling IP client
response
address
establishes
the TURN
session.
Allocation
response
e Access TURN server
IP address of
Director 65370-65379 to an internal
internal
system UDP >1023 WebRTC
WebRTC
external Default: 3478 client. The
client
signaling IP response
address establishes
the TURN
session.
Inbound
RealPresenc 32768–65535
media traffic
from an
external Director (Default
>1023 UDP external
WebRTC system public range:
WebRTC
client signaling IP 49152-65535
client to the
address )
TURN server.
RealPresenc Inbound
32768–65535
e Access media traffic
IP address of
Director from an
internal (Default
>1023 UDP system internal
WebRTC range:
external WebRTC
client 49152-65535
signaling IP client to the
)
address TURN server.
Outbound
RealPresenc 32768–65535
media traffic
relay from the
Director (Default external
UDP >1023 TURN server
system public range: WebRTC
to an external
signaling IP 49152-65535 client
WebRTC
address )
client
RealPresenc Outbound
e Access media traffic
UDP IP address of >1023
Director 32768–65535 relay from the
internal
system TURN server

(Default
external to an internal
range: WebRTC
signaling IP WebRTC
49152-65535 client
address client
)
Related Topics
Required Ports
RealPresence Access Director and RealPresence

Resource Manager Integration
If you deploy your RealPresence Access Director system with a RealPresence Resource Manager
system, the RealPresence Resource Manager system can provision some RealPresence Access
Director system settings and dynamically manage (provision, upgrade, and manage) select remote
endpoints.
Provisioning of the RealPresence Access Director system is optional. If not provisioned, you must
manually configure all system settings.
Related Topics
Configuring Access Proxy Settings

The access proxy feature in the RealPresence Access Director system provides reverse proxy services
for external devices. You can configure access proxy settings to enable firewall/NAT traversal for login,
registration, and call requests. When the RealPresence Access Director system receives a request
from a remote user, the system accepts or denies the request, based on your basic Access Control List
(ACL) settings. If the request is accepted, the RealPresence Access Director system sends a new
request on behalf of the remote user to the appropriate application server.
The RealPresence Access Director system is configured with three default reverse proxies that route
communication requests based on the type of target application server:
• HTTPS_proxy–HTTPS servers that provide management services (RealPresence Resource

Manager system), and web-based video conferencing services (RealPresence Web Suite)
• LDAP_proxy–LDAP servers that provide directory services
• XMPP_proxy–XMPP servers that provide message, presence, or other XMPP services
In addition to the default proxies, the RealPresence Access Director system supports the following
proxy configurations:
• PassThrough_proxy–A passthrough reverse proxy configuration provides transparent relay of

communication requests through the RealPresence Access Director system to internal

application servers. PassThrough_proxy is used primarily for backward compatibility with the
TCP reverse proxy feature. Note that if you upgrade your system to a new version,
PassThrough_proxy will not display on the main Access Proxy Settings page if you did not
configure a TCP reverse proxy in a previous version of the RealPresence Access Director
system.
• HTTP tunnel proxy–An HTTP tunnel proxy enables SIP guest users to attend web-based video
conferences hosted by an enterprise’s RealPresence Web Suite. Due to restrictive firewall rules,
if a SIP guest client cannot establish a native SIP/RTP connection to a Web Suite video
conference, the RealPresence Access Director system can act as a web proxy to tunnel the SIP
call on port 443. Once the SIP guest client is connected to a meeting, the RealPresence Access
Director system continues to tunnel TCP traffic, including SIP signaling, media, and Binary Floor
Control Protocol (BFCP) content.
The default proxies may be edited or you can add new proxies for various internal application servers.
When you configure the proxies, you must specify an external IP address and an external listening port
for access proxy. Based on the network settings you configured, you may have external access proxy
services assigned to more than one network interface. You can reuse an external IP address but the
port, in most cases, must be unique for each proxy configuration that uses the same external IP
address. For example, if you create two proxy configurations for LDAP directory services, the
combined external IP address for access proxy and the external listening port cannot be the same for
both LDAP proxy configurations.
If you create an HTTP tunnel proxy, both the HTTP tunnel proxy and the default HTTPS_proxy can use
port 443 on the same external access proxy IP address.
The following examples show some possible external IP address and port combinations.
Table 1. Example 1
External IP Address for Access

Name of Proxy External Listening Port
Proxy
LDAP_proxy_1 172.16.0.6 389

LDAP_proxy_2 172.16.0.6 9980
HTTPS_proxy 172.16.0.6 443
HTTP tunnel proxy 172.16.0.6 443
Table 2. Example 2
External IP Address for Access

Name of Proxy External Listening Port
Proxy
LDAP_proxy_1 172.16.0.6 389

LDAP_proxy_2 172.16.0.7 389
If a RealPresence Resource Manager system and RealPresence Web Suite integrate with the
RealPresence Access Director, the HTTPS proxy must be configured for the RealPresence Resource
Manager system and RealPresence Web Suite. LDAP proxy and XMPP proxy must be configured for
the RealPresence Resource Manager system.

Related Topics
RealPresence Access Director and RealPresence Resource Manager Integration
Add a New Proxy Configuration

Adding a new proxy configuration consists of selecting the protocol for the proxy and configuring the
detailed settings.
Procedure
1 Go to Configuration > Access Proxy Settings.
2 Under Actions, click Add.
3 In the Step 1 of 2: Protocol Selection window, select the Protocol for the new proxy and click
Next.
4 In the Step 2 of 2: Detailed Settings window, configure the settings for the specific protocol of
the proxy, as described in the following sections:

• Configure HTTPS Proxy
• Configure LDAP Proxy Settings
• Configure XMPP Proxy Settings
• Configure HTTP Tunnel Settings
Related Topics

Configure HTTPS Proxy
The access proxy feature enables external users to access different internal HTTPS servers. The
RealPresence Access Director system accepts a request from a remote user, then sends a new
request on behalf of the user to the correct application server based on the HTTPS reverse proxy
settings you configure.
When the RealPresence Access Director system is integrated with a RealPresence Resource Manager
system, access proxy enables remote endpoints to be provisioned and managed by the RealPresence
Resource Manager system. When the RealPresence Access Director system receives a login and
provisioning request from an external endpoint, it sends the request to the HTTPS provisioning server
configured within the RealPresence Resource Manager system.
When you configure the HTTPS Proxy settings, you can add multiple HTTPS next hops. For each next
hop, you must apply a filter that’s based on the HTTPS request message header received from the
endpoint. The RealPresence Access Director system uses the filter and other settings to send the
connection request to the correct internal HTTPS application server. Two filters are available:
• Request-URI–The next hop is based on the Request-URI in the message header received from
the endpoint. Use the Request-URI filter only when adding a next hop to a RealPresence
Resource Manager system.
• Host header–The next hop filter is based on the host information in the message header
received from the endpoint. Use a host header filter when creating the next hop for various
HTTPS application servers, including the RealPresence Web Suite Services Portal and
Experience Portal.
Procedure
3 In the Step 1 of 2: Protocol Selection window, select HTTPS from the Protocol list and click
Next.

4 In the Step 2 of 2: Detailed Settings window, complete the fields according to the following
table:
Setting Description
The unique name of this HTTPS proxy

Name
configuration
The external IP address of the

External IP address RealPresence Access Director system
network interface that receives access proxy
traffic.
External listening port The external port at which the RealPresence
Access Director system listens for HTTPS
proxy traffic.
Default port: 443
Port range: 9980–9999

Setting Description
Note The RealPresence Access

Director system automatically
redirects inbound access
proxy traffic on ports 443 and
389 to the internal ports
65100–65130 reserved on the
system's loopback interface
private IP address. The
CentOS operating system
does not allow processes
without root ownership to listen
on ports <1024. Redirecting
access proxy traffic on ports
<1024 to the internal ports
65100–65130 enables the
access proxy process to
function correctly.
The internal access proxy IP address of the

Internal IP address (specified when you configure network
settings). The system forwards HTTPS
requests from this IP address to the
requested application server.
Require client certificate from the remote When selected, access proxy requests and
endpoint verifies the client certificate from the remote
endpoint.
When selected, access proxy verifies the

Verify certificate from internal server certificate from the internal HTTPS server
(the RealPresence Resource Manager
system, or RealPresence Web Suite).
5 Under Next hops, click Add.

6 Configure the settings as described in the following table:
Setting Description
Type Request-URI
Name The unique name of this next hop
Polycom Management System
Note Add a separate Request-URI

System next hop if you need to
configure HTTPS settings for
both systems.
The internal IP address of the target HTTPS

server. After accepting the HTTPS request
from the external endpoint, the
Address
sends a new HTTPS request to this IP
address.
The listening port of the internal HTTPS
Port
server.

7 Click OK to save the configuration.
Related Topics
Add the Next Hop Based on the Host Header Filter
Configure LDAP Proxy Settings

LDAP reverse proxy configurations can be added to access different LDAP directory servers, such as
the RealPresence Resource Manager system LDAP server or an Active Directory server. If you
configure a new LDAP proxy with the same external IP address as the system’s default LDAP_proxy,
you must assign a port other than 389 to one of the proxies. The following instructions list the alternate
port range.
Procedure
3 In the Step 1 of 2: Protocol Selection window, select LDAP from the Protocol list and click
Next.

table:
Setting Description
The unique name of this LDAP proxy

Name
configuration
External IP address
traffic.
External listening port The external port at which the RealPresence
Access Director system listens for LDAP
traffic.
Default port: 389

Setting Description
Note The RealPresence Access

Director system automatically
redirects inbound access
proxy traffic on ports 443 and
389 to the internal ports
65100–65130 reserved on the
system's loopback interface
private IP address. The
CentOS operating system
does not allow processes
without root ownership to listen
on ports <1024. Redirecting
access proxy traffic on ports
<1024 to the internal ports
65100–65130 enables the
access proxy process to
function correctly.

(specified when you configure network
Internal IP address
settings). The system forwards LDAP
The internal IP address of the target LDAP
server. The RealPresence Access Director
Next hop address
system sends a new request to the next hop
IP address on behalf of the external user.
The port at which the internal LDAP

Next hop port application server listens.
Default LDAP port: 389
When selected, access proxy verifies the
Verify certificate from internal server
certificate from the internal LDAP server.

5 Click Done, and then click OK to confirm the configuration settings and restart the access proxy.
Related Topics
Configure XMPP Proxy Settings

XMPP reverse proxy configurations can be added to access different XMPP servers, such as the
XMPP server configured in the RealPresence Resource Manager system or a different network server
that provides message, presence or other XMPP services.
Procedure
3 In the Step 1 of 2: Protocol Selection window, select XMPP from the Protocol list and click
Next.

table:
Setting Description
The unique name of this XMPP proxy

Name
configuration
External IP address
traffic.
The external port at which the RealPresence

Access Director system listens for XMPP
External listening port traffic.
Default port: 5222
(specified when you configure network
Internal IP address
settings). The system forwards XMPP
Next hop address The internal IP address of the target XMPP
server. The RealPresence Access Director

Setting Description
system sends a new request to the next hop

IP address on behalf of the external user.
The port at which the internal XMPP

Next hop port application server listens.
Default XMPP port: 5222
Related Topics

Provision the RealPresence Access Director System
Configuring your RealPresence Access Director system to be provisioned by a RealPresence
Resource Manager system is optional. If you choose to have your system provisioned, you must
connect to the RealPresence Resource Manager system from the RealPresence Access Director user
interface. Once connected, your system will be automatically provisioned with the information you
configured in the RealPresence Resource Manager system.
Note After you connect to a Polycom RealPresence Resource Manager system for
provisioning, you cannot update the provisioned information manually in the
RealPresence Access Director system until you disconnect.
Procedure
1 From the RealPresence Access Director user interface, go to Admin > Polycom Management
System.
2 Enter the Login Name, Password, and RealPresence Resource Manager IP address for the
RealPresence Access Director system user account for provisioning. Uncheck the Verify
certificate from internal server, and click Connect.
The login user is a local user that is created on RealPresence Resource Manager.
Note No certificates have been exchanged between the two servers so the verify
certificate from internal server box must be unchecked unless the certificate
exchange step has been completed in advance. Exchanging certificates provides
enhanced security and can be configured at any time in the future.
When connected, the RealPresence Resource Manager system automatically provisions the
Related Topics
RealPresence Access Director and RealPresence Resource Manager Integration

DMA Integration
Specify the RealPresence Access Director configuration to integrate the RealPresence DMA system.
Related Topics

Configure SIP and H.323 settings to integrate the RealPresence Access Director system with the
RealPresence DMA system if RealPresence Access Director has not integrated with RealPresence
Resource Manager.
Procedure
1 From the RealPresence Access Director user interface, go to Configuration > SIP Settings.
2 Select Enable SIP signaling.
3 Enter the RealPresence DMA FQDN or IP address in the SIP registrar (Next hop) address.
4 Go to Configuration > H.323 Settings.

5 Enter the RealPresence DMA FQDN or IP address in the Gatekeeper (Next hop) address.
Related Topics
RealPresence Access Director and RealPresence DMA Integration
Configure the RealPresence DMA Gatekeeper Call Mode

Prerequisite
Make sure the Gatekeeper call mode is Routed call mode.
The CIDR notations include the IP address and subnet of local network H.323 devices (for example,
the RealPresence DMA system gatekeeper, endpoints, and bridges).
Procedure
1 Go to Configuration > H.323 Settings.
2 Configure CIDR.
• If the Gatekeeper (Next hop) address is not specified by the RealPresence DMA
Supercluster FQDN, leave the CIDR empty.
• If the Gatekeeper (Next hop) address is specified by the RealPresence DMA Supercluster
FQDN, enter every IP address in the RealPresence DMA Supercluster in the CIDR.
Note The RealPresence DMA Gatekeeper call mode must be routed call mode.

Related Topics
RealPresence Access Director and RealPresence DMA Integration
Configure the RealPresence DMA Gatekeeper Call Mode

Web Suite Integration
Specify the RealPresence Access Director configuration to integrate the RealPresence Web Suite
system.
Related Topics
Add the Next Hop Based on the Host Header Filter
Prerequisite
The HTTPS proxy is configured.
Add two next hops for RealPresence Web Suite Services Portal and Experience Portal.
Procedure
2 Select HTTPS Proxy.
3 Under Actions, click Edit.
4 Under Next hops, click Add.
5 Configure the settings as described in the following table:
Setting Description
Type Host header

Name The unique name of this next hop
The host name in the request message
Host value
header
Address The internal IP address of the target HTTPS
server. After accepting the HTTPS request

Setting Description
from the external endpoint, the

sends a new HTTPS request to this IP
address.
The listening port of the internal HTTPS
Port
server.

7 Click Add to add a next hop for RealPresence Web Suite Experience Portal.
Related Topics
Configure HTTPS Proxy

Configure HTTP Tunnel Settings
An HTTP tunnel enables SIP guest users to attend video conferences hosted by RealPresence Web
Suite. Some restrictive networks block outgoing UDP-based traffic and can limit outgoing TCP traffic to
ports 80 and 443. In these situations, if a SIP guest client cannot establish a native SIP/RTP
connection to a RealPresence Web Suite video conference, the RealPresence Access Director system
can act as a web proxy to tunnel the SIP guest call on port 443. Once the SIP client is connected to a
meeting, the RealPresence Access Director system continues to tunnel TCP traffic, including SIP
signaling, media, and BFCP content.
The HTTP tunnel proxy uses auto-discovery to ensure that a RealPresence Web Suite SIP guest call is
routed through the HTTP tunnel proxy when necessary. When a RealPresence Web Suite SIP guest
user attempts to join a meeting, auto-discovery determines if standard SIP and media ports are
available for the call. If not, the call is routed through the HTTP tunnel proxy.
You can configure both the default HTTPS_proxy and an HTTP tunnel proxy to use the same external
IP address and standard port 443. If you configure a port other than 443 as the external listening port
for HTTP tunnel proxy calls, these calls may fail if the network from which the SIP guest client calls
blocks outgoing traffic to other ports.
The following conditions apply to the HTTP tunnel proxy:
• Only one HTTP tunnel proxy can be configured.
• The RealPresence Access Director system supports a maximum of 50 concurrent HTTP tunnel
calls. After a call ends, the system recycles the port allocation.
• Use of an HTTP tunnel proxy is not supported with two RealPresence Access Director systems
deployed in a tunnel configuration.
Procedure
3 In the Step 1 of 2: Protocol Selection window, select HTTP Tunnel from the Protocol list and
click Next.

table:
Setting Description
The name of the HTTP tunnel proxy

Name
configuration
External IP address
traffic.
The external port at which the RealPresence

Access Director system listens for HTTP
External listening port tunnel requests.
Recommended HTTP tunnel port: 443
Range: 80, 9980-9999

Related Topics

When you configure TURN settings, Polycom recommends that you assign TURN services to the
network interface assigned to external signaling. The external IP address (private) of this interface
must be mapped to the public IP address on your firewall.
The number of dynamic ports you specify for TURN media relay doesn’t necessarily map to the
number of calls that can be supported. The number of ports required to support all WebRTC calls
varies depending on whether the conference uses mesh mode or bridge mode. The allowable port
range is designed to accommodate a large number of licensed calls.
Polycom recommends that you use the default port range listed in the TURN Settings since the
number of allocations can vary for calls, but you can choose any port range within the allowable range.
The port range you configure must be configured on your firewall.
Note When you enable the TURN server for the first time, you must add at least one TURN
user in order for the TURN server to allow requests. If you disable the TURN server, all
TURN users are saved and will be available if you later re-enable the TURN server.

Procedure
1 Go to Configuration > TURN Settings.
2 Select Enable TURN server.
The TURN server is disabled by default for new installations of the RealPresence Access
Director system.
3 Use the information in the following table to configure the settings for your system. An asterisk
(*) indicates a required field.
Settings Field
The list includes the IP addresses of all

Listening IPs–Available IPs network interfaces configured on your
system.
The list displays the IP address of the

network interface you assign to provide
TURN services. You should select the
network interface assigned to external
signaling and map the externaI IP address
(private) to the public IP address on your
Listening IPs–Selected IPs firewall, specified in External IP Address of
NAT.
Select the IP address from the Available
IPs list, then click the right arrow to move
the IP address to the Selected IPs list.
Assign TURN services to only one network
interface.
The listening port the RealPresence Access

Director system uses to receive TURN
allocation requests from internal or external
TURN port (UDP) clients.
Default UDP port: 3478
Allowable port range: 65370-65379
Relay port range (UDP) The port range used to relay media directly
between WebRTC clients in a mesh call or
between WebRTC clients and an MCU in a
bridge call.
Default port range: 49152–65535
Allowable relay port range: 32768–65535
Polycom recommends that you use the
default port range, but you can choose any
port range within the allowable range that is
not already in use. Each allocation requires
one port, so if your port range is small, only

Settings Field
a small number of allocations can be

supported at one time.
The realm is typically a domain name and is

part of the required authentication
credentials for a TURN user. If a WebRTC
Default authentication realm client provides only a username and
password when requesting TURN services,
the TURN server automatically assigns the
default authentication realm.
4 Next to the list of TURN Users, click Add.
Complete the following required fields:
Settings Field
The username that a WebRTC client uses to

Username authenticate requests to the TURN server.
Maximum of 20 characters.
The realm value is typically a domain name
and is specific to the TURN server. When
you configure one user for RealPresence
Web Suite Pro WebRTC and MCU clients,
the realm value should be the same as the
Realm Default Authentication Realm you
configured in TURN Settings. The realm
value uniquely identifies the username and
password combination that a WebRTC client
must use to authenticate its TURN requests.
Maximum of 20 characters.
Password The password that a WebRTC client uses in
combination with the username to

Settings Field
authenticate its TURN requests. Maximum

of 20 characters.
Verify Password
5 Click OK to add the TURN user.

6 Click Update to save the TURN Settings.
Related Topics
Configure Soft MCU for WebRTC
Configure WebRTC
Configure Endpoints
You need to configure external endpoints with the following settings to receive SIP and H.323 calls if
they are not provisioned by RealPresence Resource Manager.
Procedure
• Enable H.460 traversal option for external endpoints receive H.323 call.
For Non-provisioned hard endpoints RealPresence Group Series, check the Enable H.460
Firewall Traversal checkbox from endpoint configuration UI.
• Enable SIP keep-alive for external SIP endpoints.

For Non-provisioned hard endpoints RealPresence Group Series, check the Enable SIP Keep-
Alive Messages checkbox from the endpoint configuration UI.
Figure 1. Configuration for Non-provisioned RealPresence Group Series

Related Topics
Create Network Provisioning Profile for Endpoints That Connect to RealPresence Access Director

Configuring RealPresence Media Suite
The RealPresence Media Suite product is a video content management solution that integrates with
standards-based and telepresence video conferencing systems. As a native part of the Polycom®
RealPresence® Clariti™ solution, the RealPresence Media Suite product can record or live stream
meetings, manage archives, and play back recordings on a variety of client devices including tablets,
smartphones, desktop and laptop computers, and standards-based video endpoints.
The RealPresence Media Suite system supports using X.509 certificates (version 3 or earlier) for
authenticating the network connections.
Related Topics

You can creates a Certificate Signing Request (CSR) to submit to your chosen certificate authority.
Procedure
1 Log into RealPresence Media Suite Admin Portal.
2 Go to Configuration > Certificate Management.
3 Select Issue Signing Request.

4 Enter the certificate information and click OK.
5 Copy the entire contents of the Encoded Request box.

6 Click OK.
Related Topics
Procedure




Related Topics
Related Topics
Related Topics
Related Topics
Related Topics
Related Topics

You must install a CA's certificate if you don't obtain a certificate chain that includes a signed certificate
for the RealPresence Media Suite system, your CA's public certificate, and any intermediate
certificates.
Procedure
1 Go to Configuration > Certificate Management.
2 Select Install Certificates.
3 Click Upload Certificate and click Add to browse to the certificate. Upload the selected
certificate, and enter your password if necessary.

4 Click OK.
5 Click Upload and OK to finish the certificate installation.

Related Topics
Configure Media Storage
Prerequisite
Make sure the RealPresence Media Suite OVA file has been deployed successfully

RealPresence Media Suite, Virtual Edition, supports local storage as its media storage. You can use
local storage or NFS as media storage. Polycom recommends to use local storage for better disk I/O
performance.
You can according to the media storage capacity usage to plan your media storage.
Table 1. Media Storage Usage
Storage Space Storage Space

Solution Primary Rate Call Duration
(WMV) (MP4)
1024 kbps (MP4)

1*1080p 60 minutes ~1.4 GB ~870 MB
1728 kbps
(WMV)
1*1080p 4096 kbps 60 minutes ~3.2 GB ~3.5 GB

1*720p 4096 kbps 60 minutes ~3.2 GB ~3.5 GB
1*720p 1024 kbps 60 minutes ~862 MB ~860 MB
1*4CIF 512 kbps 60 minutes ~458 MB ~459 MB
1*CIF 128 kbps 60 minutes ~100 MB ~103 MB
Each 60-minute 512k call to RealPresence Media Suite requires about 450M storage (the 512k call
raw + the default mp4 VoD). For 1024k, the storage space is approximately double, which is 900M.
You cannot calculate an accurate ratio because the size also depends on the video quality.
Procedure
1 Add a hard disk in VMware vShpere.
a. Right click the virtual machine which you want to add hard disk to, and select Edit Settings.
b. Click Add to add a new hard disk.

c. Select Hard Disk as the device type, and click Next.

d. Select Create a new virtual disk to create a new disk, and click Next.

e. Set the Disk Size.
f. Set the Disk Provisioning, and Location for the new disk, and click Next.
g. Configure Virtual Device Node.

h. Check the hard disk options, and click Finish to add the hardware.

i. Check the new hard disk from Virtual Machine settings.
2 Access the RealPresence Media Suite Admin Portal by its IP address or FQDN from a
compatible browser.
3 Go to Device > Device Manager.
4 Select a specific device, then click Edit.

5 Select Media Storage tab.
6 Optional: If select the local disk as the media storage, specify the following fields:
• Media Storage Policy: Local Storage Only
• Local Disk: select one local disk as the media storage.

7 Optional: If select the network storage as the media storage, specify the following fields:
• Media Storage Policy: Network Storage Only
• NFS Server Address: enter an address of the NFS server.
• NFS Storage Folder: specify the folder path to the NFS storage.

8 Click Save.
Related Topics
Set up the Gatekeeper

For H.323, if a gatekeeper is configured on your network, you can register RealPresence Media Suite
to the gatekeeper to simplify calling. A gatekeeper manages functions such as bandwidth control and
admission control. A gatekeeper also handles address translation, which allows you to make calls
using static aliases instead of IP addresses that may change each day.
Procedure
1 In the Web browser, enter the system's IP address in this format: http://<system IP
address>/admin or http://<FQDN>/admin.
2 Go to Configuration > Signaling Settings > H.323.
3 Select Register To Gatekeeper.
4 Configure the following settings.
After you finish the configuration, click OK.

Gatekeeper Type Choose between Polycom and Cisco VCS.
Indicates if the system is registered to the

Primary Gatekeeper
primary gatekeeper.
The IP address for the gatekeeper.

Gatekeeper Address Note: Never enter the IP address of
RealPresence Media Suite.
The port number for the gatekeeper; the

Gatekeeper Port
default value is 1719.
Specifies whether to register the system to a

Polycom Gatekeeper server for H.235.0
authentication.
Register User Information for Gatekeeper When H.235.0 authentication is enabled, the
gatekeeper ensures that only trusted
endpoints are allowed to access the
gatekeeper.
The user name for registration with the

Gatekeeper User
Polycom Gatekeeper server.
The password for registration with the

Gatekeeper Password
Polycom Gatekeeper server.
Indicates if the system is registered to the

alternate gatekeeper.
Alternate Gatekeeper Note The alternate gatekeeper is
used only when the primary
gatekeeper is not available.
System Prefix / E.164 Specify the E.164 number for the system.
System H.323 Alias Specify the H.323 alias for the system.
Specify the name to be displayed to the far

end.
Note If you set the remote display

name with double-bytes
Remote Display Name characters like Chinese, you
will not see the characters on
the far end endpoints in a H.
323 call between endpoints
and the RealPresence Media
Suite system.

Note Find information on RealPresence DMA
• If you need to configure both the H.323 Gatekeeper parameters and SIP
parameters at the same time, click OK after you finish the configuration of
both parameters.
• If the RealPresence Media Suite is registered to RealPresence DMA as the

SIP server, you can find RealPresence Media Suite information on the
RealPresence DMA portal under Network > Endpoints.
Example

Related Topics
Define Recording Links from RealPresence Collaboration Server
Validate the Recording

Validate the recording function from the RealPresence Collaboration Server.
Procedure
1 Call the VMR from the endpoint to start a conference.
2 Connect to RealPresence Collaboration Server through RMX Web Client/RMX Manager
application.
3 In the Conferences pane, select the conference and click to start the recording.
Note You also can use DTMF code to start a recording from the endpoint.
4 Check the recording status.
When recording has started, Recording shows as a conference participant.

Related Topics

Configuring RealPresence Web Suite
RealPresence Web Suite is a collaboration solution that provides content sharing capabilities and
enterprise-grade voice and video options. As a native part of the Polycom® RealPresence® Clariti™
solution, the RealPresence Web Suite product can schedule and join meetings, participate in web
video conferencing meetings, and share content with meeting attendees. Depending on your
organization policy, you can also invite social media contacts to join the meetings.
When RealPresence Web Suite attendees join non-WebRTC meetings in the RealPresence Web Suite
Experience Portal, the system automatically downloads the Launcher.exe to attendees’ computers.
RealPresence Web Suite attendees can do as follows:
• If attendees don’t have the RealPresence Desktop software installed on their computers, the
attendees can allow the system to run the launcher. RealPresence Desktop software version
3.9.0 installs and launches to connect the attendees to the meeting.
• If attendees have the RealPresence Desktop software version 3.9.0 installed on the computer,
the attendees can allow the system to run the launcher. RealPresence Desktop software
launches to connect the attendees to the meeting.
• If attendees have a previous version (3.8.x and below) of RealPresence Desktop software
installed on their computers, the attendees must uninstall the previous version of RealPresence
Desktop software, then join the meeting from the web portal and install the latest RealPresence
Desktop software.
After the meeting connects, attendees can control meetings in the RealPresence Desktop software as
the RealPresence Web Suite soft client.

You must upload certificates to both the RealPresence Web Suite Services Portal and RealPresence
Web Suite Experience Portal.
To establish secure, encrypted communication with users and verify the identity of the portal, you must
upload the following certificates:
• The signed public key certificate for the portal provided by the CA in response to the CSR. If the
CSR was created using a third-party tool, you must first upload the associated private key.
• Any root and intermediate certificates provided by the CA to establish the chain of trust.
For servers that require secure communication, such as the Enterprise Directory server, SMTP server,
and the RealPresence DMA system, upload that server public key certificate as a trust certificate.

Related Topics
Generate a Certificate Signing Request

You must generate a self-signed certificate or CSR in each of the portals.
Procedure
1 Log in to each portal with super admin credentials.
2 Navigate to Platform Settings > Certificate > Generate CSR/Certificate.
3 Enter the following information:
Table 1. Field Values for a CSR
Field Description
In the RealPresence Web Suite Services Portal, select one of the

following:
• CSR: Generates a CSR to send to a third-party CA in order to

obtain a digitally signed public key certificate.
Operation Type
• Certificate: Generates a self-signed certificate (not applicable

for the RealPresence Web Suite Experience Portal).
Type This field is set to WebServer and cannot be modified.
This field is the Subject CN field. It defaults to the FQDN of the

portal. If this field is blank, the CSR or self-signed certificate will not
include a CN.
Note: The CN field has been deprecated by the CA/Browser Forum,
Common Name (CN)
but is still required by some products, notably Microsoft® Server.
If generating a CSR to send to a public CA, this field must not
contain an internal server name or reserved (non-routable) IP
address.
Organization Enter the legally-registered name of your organization.
Enter the name of your organization unit or the DBA name of your
Organizational Unit
organization.
Enter the two-letter ISO code for the country where your
Country
organization is located.
Enter the full name of the state, province, or other political

State
subdivision where your organization is located.

Field Description
Location Enter the city or locality where your organization is located.
This is the SAN field. For a CSR, enter a comma-separated list of

names that the signed certificate must include. Because the CN
Sub Alternate Name
field is deprecated, it is recommended to include the portal FQDN in
the SAN field, even if the CN field contains the FQDN.
4 Click Generate.
5 Restart the portals.
Note Restarting web services will log out all users. The system remains inaccessible
until you restart the web services. Restart only during a maintenance window
when there is no activity on the system.
Related Topics
Copy a Certificate Signing Request

After you generate a CSR in the RealPresence Web Suite Services Portal or RealPresence Web Suite
Experience Portal, you must copy it and forward it to your preferred trusted certificate authority.
Procedure
1 Log in to the RealPresence Web Suite Services Portal or the RealPresence Web Suite
Experience Portal administration interface with super admin credentials.
2 Go to Platform Settings > Certificate > Certificate list.
3 Select webserver-csr and click View.
4 Copy the CSR starting from BEGIN CERTIFICATE REQUEST through END CERTIFICATE
REQUEST (include the leading and trailing dashes).

5 Paste the text into a text editor.
6 Save the file with the .csr extension.
Related Topics
Procedure




Related Topics
Related Topics
Related Topics
Related Topics
Related Topics
Related Topics
Download the CA Root Certificate

You can download CA root certificate for the RealPresence Web Suite Services Portal and
RealPresence Web Suite Experience Portal.
Procedure
1 Navigate to the Certificate Authority and click Download a CA certificate, certificate chain, or
CRL.
2 Choose Base 64 encoded, and click Download CA certificate chain.

Related Topics
Upload a Certificate to the RealPresence Web Suite Services Portal

You can upload the certificate file to the RealPresence Web Suite Services Portal.
Procedure
1 Log in to the RealPresence Web Suite Services Portal with super admin credentials.
2 Go to Platform Settings > Certificate > Upload Certificate.
3 From the Type list, select the WebServer Own.
4 Click Browse to select the certificate for the service portal.
5 Click Upload.

6 Select Upload Certificate.
7 From the Type list, select the WebServer Trust.
8 Click Browse to select the CA server's root certificate.
9 Click Upload.
10 Restart the rpp-tomcat and nginx services.

11 Go to Platform Settings > Certificate > Certificate list, and make sure the certificates appear.
Related Topics

Upload a Certificate to the RealPresence Web Suite Experience
Portal
You can upload the certificate file to the RealPresence Web Suite Experience Portal.
Procedure
1 Log in to the RealPresence Web Suite Experience Portal with super admin credentials.
2 Go to Platform Settings > Certificate > Upload Certificate.
3 From the Type list, select the server certificate.
4 Click Browse to select the certificate for experience portal.
5 Click Upload.
6 From the Type list, select the ca certificate.

7 Click Browse to select the CA root certificate.
8 Click Upload.

9 Restart the web services or reboot the server.
10 Go to Platform Settings > Certificate > Certificate list, and make sure the certificates appear.
Related Topics
Set the RealPresence Web Suite Date and Time

For meetings and recordings to work properly, the RealPresence Web Suite Services Portal and the
RealPresence Web Suite Experience Portal must reference the same time zone and NTP servers.
The portals retrieve the default time for the instances from the host server, so if the host server time is
wrong, then the RealPresence Web Suite Services Portal scheduler can go out of sync.
Procedure
1 Log in to the RealPresence Web Suite Services Portal and RealPresence Web Suite
Experience Portal using super admin credentials.
2 Go to Platform Settings > Date Time.
3 In the Time Zone list, select the appropriate time zone for the system.

4 Click Update.
5 Restart the portals using your virtual environment tools.
Related Topics
RealPresence Web Suite Services Portal Server

Settings
This section describes a number of required settings and optional customizations available in the
RealPresence Web Suite Services Portal.
Related Topics
Configure the RealPresence Web Suite Services Portal Using LDAP

The RealPresence Web Suite Services Portal handles user authentication.
Before you add an Enterprise Directory user, confirm that the proper LDAP server is configured with
the correct values.
With LDAP authentication enabled, all users in the Enterprise Directory are granted access to the

Procedure
1 Log in to the RealPresence Web Suite Services Portal using super admin credentials.
2 Go to Settings > Core Settings > LDAP.
3 Enter the following configuration settings.
Fields Description
The forest root domain name for the

Forest Root Domain
enterprise.
The port number through which LDAP

communicates.
Port
Port 636 is a Secure Port and Port 389 is a
Non-secure Port.
The user ID for the LDAP services account
Username that has system access to the Enterprise
Directory.
The password for the LDAP services
Password
account user ID.
Use default domain for authentication Enabled
The name of the default domain where users
Default Domain are authenticated when a user ID is provided
without a domain name.
4 Click Update.
Related Topics
RealPresence Web Suite Services Portal Server Settings

Enable Email Notifications for Users
Using your organizational Simple Mail Transport Protocol (SMTP) server, the RealPresence Web Suite
Services Portal sends email notifications to users in the following situations:
• When the accounts are created
• When the account details are updated
• When the participants are invited to a meeting
• When the users scheduled a meeting or have been invited to is updated or canceled
Procedure
2 Go to Settings > Core Settings > SMTP.
3 Enter the following configuration settings.
Fields Description
Server SMTP server FQDN or IP address.

The service account user ID for the SMTP
Login ID service. This ID is not required for an
insecure connection.
The password for the service account user
Password ID. This password is not required for an
insecure connection.
The RealPresence Web Suite system email

address, which is included in the From
header of all email notifications other than
meeting invitations and updates. This must
Sender Mail Id be a no-reply address, such as
NoReply@example.com.
If the SMTP server requires authentication
for sending emails, this email address must
be white-listed on the SMTP server.

Related Topics
Set Web Addresses for the Portals

Each server defines a specific purpose in the RealPresence Web Suite environment.
Before configuring the portal settings, configure the web addresses of both portals using the
Procedure
2 Go to Settings > Core Settings > Server Settings.
3 Enter the FQDNs assigned to the IP address of the two portals.

4 Click Update.
5 Confirm that both portals are available and accessible by entering their FQDN into a web
browser and logging in with super admin credentials.
Related Topics
Add a RealPresence DMA System

You can configure RealPresence Web Suite to use one or more RealPresence DMA systems, each
configured with multiple access points, for its meetings. The system prioritizes access points in the
order in which they were added.
Procedure
2 Go to Settings > DMA Config.
3 Click +Another DMA and configure the following DMA Configuration settings:
Setting Description
A possible name for the RealPresence DMA system connection to

Name identify it in the RealPresence Web Suite Services Portal
configuration.
Host The FQDN or IP address of the RealPresence DMA system.
Port The TCP port number used to communicate with the RealPresence
DMA system.

Setting Description
Port 8443 is the standard port.
The VMR prefix that corresponds to this RealPresence DMA system.

Virtual Meeting
Room (VMR) Prefix The VMR prefix must match the prefix specified on the RealPresence
DMA system.
If SIP device authentication is enabled on the RealPresence DMA

system (the recommended configuration), specify the SIP device
Common SIP authentication credentials.
Username The RealPresence Web Suite Services Portal provides these details
to devices that authenticate with it so that they can connect to the
RealPresence DMA system as authorized.
The password credentials must be in the RealPresence DMA system

list of inbound device authentication entries. Callers are trusted by
Common SIP the RealPresence DMA system and processed by its regular dial
Password plan.
If Enhanced Content is enabled, these credentials are provided to the
Standards Connector.
The user ID of an admin user on the RealPresence DMA system.

If the RealPresence DMA system is integrated with Enterprise
Default Admin Directory, this must be an Enterprise Directory user with access to all
domains (not a local user defined on the RealPresence DMA system)
to be able to search the VMRs of all users.
Admin Password The password for the RealPresence DMA admin user.
• The domain of the user account assigned to create meetings in

the RealPresence DMA system.
Owner Domain
• For a local user (not in Enterprise Directory), enter LOCAL.
The user ID of the user account assigned to create meetings in the

Owner Username
Select the check box to enter the starting and ending numbers of the
Generate VMR range to use for auto-generating random conference IDs (temporary
From Range RealPresence Web Suite VMRs).
For better security, specify a wide range such as 100000 to 999999.

4 Click Configure.
5 Restart RealPresence Web Suite to apply the configuration settings.
Note When you restart both the RealPresence Web Suite portals and/or the
RealPresence DMA system, you must restart the RealPresence DMA system and
the RealPresence Web Suite Services Portal before you restart the RealPresence
Web Suite Experience Portal. Due to the way the RealPresence Web Suite
Experience Portal obtains its licensing information, if you start the RealPresence
Web Suite Experience Portal first, your RealPresence Web Suite system stops
working correctly.
Related Topics
Add Access Points

An access point is a network location that is routed directly or indirectly to the RealPresence DMA
system.
Clients or endpoints connect to conferences through an access point. Add access points in the order
that you want the RealPresence Web Suite Services Portal to use them. For example, enter internal
access points first.
Procedure
2 Go to Settings > DMA Config.
3 Click +Add Access Point and configure the following settings:

Setting Description
A name for this access point that describes its location or other
Location properties that distinguish it from other access points (such as transport
and authentication).
The transport protocol associated with the access point (SIP, TUNNEL,
Transport
H323, ISDN, or PSTN).
The dial string that an endpoint uses to dial this access point. The string
must be appropriate for the specified transport type.
Dial string For instance, for a SIP access point for callers outside the network,
enter the public FQDN used to access the system using the
Shared Access point is shared by all users. Use this option if SIP device
Auth Mode
authentication is not enabled on the RealPresence DMA system.
4 Click + Add Access Point to enter additional access points as needed.

5 When you have added all required and optional access points, click Configure.
6 Restart the RealPresence Web Suite Experience Portal to apply the changes.
Related Topics

Configure the MCU Pool Order and Conference Template
After you add a RealPresence DMA system and its access points, the RealPresence Web Suite
Services Portal connects and retrieves the list of available MCU pool orders and conference templates.
You can then configure these settings.
Procedure
2 Navigate to Settings > DMA Config.
3 Click Expand under the entry you want to use.

4 Select the MCU Pool Order you create from RealPresence DMA.
You can specify an existing pool order from down drop list.
5 Select the Conference Template you want to use from the drop-down list.
You can specify an existing template from down drop list.

6 Make any other changes to the connection settings and the required access points.
7 Click Configure.
Related Topics
RealPresence Web Suite Experience Portal

Conference Settings
This section provides information on configuring certain general platform settings for the RealPresence
Web Suite Experience Portal.
Related Topics
Configure Conference General Settings

You can enable or disable some general conference settings.
Procedure
1 In the RealPresence Web Suite Experience Portal administration interface, go to Conference >
General Settings.

2 Select RealPresence Web Suite Experience Portal enabled.
3 Select Enhanced Content enabled.
4 Select Select Group Chat enabled to enable the group chat only for attendees joining
meetings using the web browser.
5 Select Mute on Entry enabled.
When the administrator enables the Mute on Entry function, all attendees (except Chairperson)
when joining meetings from RealPresence Desktop will be muted by default.
6 Set secure and non-secure web addresses for RealPresence Web Suite Experience Portal.
Note that the terms external and internal for these settings do not see outside or inside the
network.
• External addresses Enables human users to access the portal.
• Internal addresses Enables the RealPresence Web Suite Services Portal and
RealPresence Web Suite Experience Portal to communicate with each other on the
network.
Configure the following Web Addresses settings:
Fields Description
The HTTPS address that the users use to

Secure External Address connect to the RealPresence Web Suite
Experience Portal.
The HTTP address that the users use to

connect to the RealPresence Web Suite
External Address (non-secure) Experience Portal.
By default, it re-routes to the secure external
address.
The address used for inter-agent

communication between the servers (not for
users).
Secure Internal Address This address includes the port number
through which the portals connect to the
Apache Tomcat server. By default, this is
port 8443.
The non-secure address used for the inter-

agent communication between the servers
Internal Address (non-secure) (not for users).
By default, it re-routes to the secure internal
address.

7 Click APPLY to save the general settings.
Related Topics
RealPresence Web Suite Experience Portal Conference Settings
Configure the Portal Authentication Agent

The authentication settings in the RealPresence Web Suite Experience Portal include the rules used to
authenticate users and guests to enable them to host or attend meetings and the authentication agent
configurations.
Procedure
1 Set conference authentication rules.
a. Log in to the RealPresence Web Suite Experience Portal administration interface using
super admin credentials.
b. Go to Conference > Authentication.
c. Click and configure the following settings in the Match, Property, and Realm columns:
Fields Description
Match A regular expression that reflects the way

you want the property to match for
authentication. This value can reflect a
host, domain host, or e-mail domain.
For example, to authenticate only users
with a polycom.com email address, enter

Fields Description
the following regular expression to match

against the UserAddressDomain property:
:+@(polycom.+)$
This is the data type to which you want to

apply the Match regular expression. Based
on the user information entered, at least
one rule is required for each property:
a. SSOSource Match the provided

regular expression against the source
of authentication for single sign-on
users.
Property
b. SSOUsername Match the provided
regular expression against the
address of the RealPresence Web
Suite Services Portal.
c. UserAddressDomain Match the

provided regular expression against
the email domain for users.
d. Host Match the provided regular

expression against the host URL to
set the realm.
The target authentication realm is the

FQDN of the RealPresence Web Suite
Services Portal server that you want to
authenticate users against.
Realm UserAddressDomain and SSOSource can
point to realms in the RealPresence Web
Suite Services Portal authentication agent
realm list using $#, with $1 referencing the
first element in the list, and so on.

2 Configure the portal authentication agent.
The RealPresence Web Suite Experience Portal queries the RealPresence Web Suite Services
Portal to authenticate users logging in to it to join a conference.
Configure the settings for the authentication agent in the RealPresence Web Suite Experience
Portal to enable it to communicate with the RealPresence Web Suite Services Portal.
a. Expand Agents > Service Portal Authentication and configure the following settings:
Fields Description
The FQDN of the RealPresence Web Suite

Target URL
Services Portal (https:// included).
Read only. The name of the internal
Username system user responsible for authentication,
meaauth.
Click [!] to enter the password for the
meaauth user. The default is meaauth,
Password
which must be changed for security
reasons.
Enter the RealPresence Web Suite
Services Portal FQDN and the domains
Realms that the authentication rules can
authenticate users against, separated by
commas.
Select Enterprise (the default). The
RealPresence Web Suite Experience
Default Login Method (experimental)
Portal login page requests user enterprise
login credentials.

b. Click Apply.
Related Topics
Configure the Conference Agent

You can configure both the scheduled and static conference agent settings and RealPresence DMA
agent in the RealPresence Web Suite Experience Portal.
Procedure
1 Log in to the RealPresence Web Suite Experience Portal administration interface using super
admin credentials.
2 Go to Conference > Conference.
3 Expand Agents > RealPresence DMA and configure the following settings:
Fields Description
The FQDN or IP address of the

RealPresence DMA server, using this
Target URL syntax:
https:// <IP address or FQDN of
RealPresence DMA> :8443/api/rest
Username The user ID of an admin user on the
RealPresence DMA system. This must be
the same as the admin user entered in the

Fields Description
DMA Configuration section of the

RealPresence Web Suite Services Portal. If
the RealPresence DMA system is integrated
with Enterprise Directory, this must be an
Enterprise Directory user.
The password for the RealPresence DMA
Password
admin user.
This field includes the conference routes
specified in the conference lobby rules,
Routes scheduled.cloudaxis.local and
adhoc.cloudaxis.local. Do not make any
changes.
Enter the dialing prefix if any, for the
Prefix
4 Configure the conference agent.

a. Expand Agents > Conference Settings.
b. Select Allow scheduled and static meetings for the Type.
c. Expand Scheduled Conference Settings and configure the following settings:
Fields Description
The complete URL of the RealPresence

Target URL Web Suite Services Portal server
(including https://).
Read only. The name of the internal
Username system user responsible for conferences,
meaconf.

Fields Description
Click [!] to enter the password for the

meaconf user.
Password
The default password is meaconf, which
must be changed for security reasons.
This field includes the conference routes
specified in the conference lobby rules,
Routes scheduled.cloudaxis.local and
adhoc.cloudaxis.local. Do not make any
changes.
d. Expand External Conference Template and specify the settings for each access point in
the RealPresence Web Suite environment.
These settings must match the settings for each access point set up in the RealPresence
Web Suite Services Portal.
Two sets of access point fields containing sample values are present by default. Edit those
for the first two access points.
Fields Description
The dial string that an endpoint uses to dial

this access point.
The string must be appropriate for the
Dial String specified access point transport type (for
example, sip: for SIP).
Do not remove or change the conference
ID placeholder, {{ LobbyCode|getvmr }} ,

Fields Description
but precede it with the appropriate dial

prefix for this access point, if any.
Specifies a name for this access point that

describes its location or other properties
that distinguish it from other access points
Location (such as transport and authentication).
Use the same name specified in the
RealPresence Web Suite Services Portal
for this access point.
POP Address Enter the RealPresence Access Director

FQDN.
The transport protocol for this access
Transport
point.
Select SHARED. Access point is shared
by all users. Use this if SIP device
Authentication Mode
authentication is not enabled on the
e. To add another access point, click Add below Authentication Mode and complete the new
set of access point fields.
Repeat the steps if necessary.
5 Click Apply.
Related Topics

Enable Enhanced Content Sharing
You can enable the Enhanced Content feature in the RealPresence Web Suite Experience Portal
administration interface.
To enable the sharing of content between HTML5 clients and standards-based clients, RealPresence
Web Suite Pro uses the Standards Connector function. The Standards Connector provides a gateway
function so that video-based content users can view enhanced content and vice-versa.
Procedure
1 Log in to the RealPresence Web Suite Experience Portal administration interface using super
admin credentials.
2 Go to Enhanced Content > Standards Connector.
3 Enter the correct password (the default password is ecsparticipant) for the ecsparticipant
system user.
Related Topics
Configure WebRTC
Prerequisite
Before enabling the RealPresence Web Suite Experience Portal for WebRTC support, ensure that you
have completed the following:

• The RealPresence DMA system and the rest of your RealPresence Clariti solution have been
provisioned appropriately to support WebRTC.
• Basic configuration of the RealPresence Web Suite portals is complete, including Enhanced
Content.
Procedure
1 Log in to the RealPresence Web Suite Experience Portal using super admin credentials.
2 Go to Conference > Conference.
3 Expand Agents > WebRTC > Settings and configure the following settings:
Field Name Description
Enabled Select to enable WebRTC support.

Call Rate Settings Specify the maximum call rates used for WebRTC.
Specify one or more STUN servers by IP address or FQDN. The

default port number (3478) is used unless you specify a different one.
STUN Settings
The RealPresence Access Director TURN server provides both STUN
and TURN services.
Specify one or more TURN servers by IP address or FQDN. The

default port number (3478) is used unless you specify a different one.
Provide the TURN user credentials for each TURN server (the
TURN Settings credentials you defined on your RealPresence Access Director).
The RealPresence Web Suite Experience Portal Experience Portal
provides these credentials to WebRTC clients so that they can connect
to the TURN servers.

Related Topics

Products Tested with this Release
Polycom products are tested extensively with a wide range of products. You can view a list of the
products that have been tested for compatibility with this release.
Polycom strives to support any system that is standards-compliant and investigates reports of Polycom
systems that are not interoperable with other vendor systems. Note that the following list is not a
complete inventory of compatible equipment, but the products that have been tested with this release.
Note Polycom recommends that you upgrade all of your Polycom systems with the latest
software versions. Any compatibility issues may already have been addressed by
software updates. Refer to Polycom Service Policies at http://support.polycom.com/
content/support/service_policies.html to see the Current Polycom Interoperability Matrix.
Table 1. Products Tested with this Release
Product Tested Versions
Polycom RealPresence DMA 9.0.0.2

Polycom RealPresence Collaboration Server 8.7.4
Polycom RealPresence Resource Manager 10.2.0
Polycom RealPresence Access Director 4.2.5
Polycom RealPresence Web Suite 2.2
Polycom RealPresence Media Suite 2.8.2
Polycom RealPresence Mobile 3.9.0
Polycom RealPresence Desktop 3.9.0
Polycom RealPresence Debut 1.3.0
Polycom RealPresence Group Series 6.1.2
Polycom RealPresence Centro 6.1.2
Polycom RealPresence Touch 2.1.2
Polycom Pano 1.0.0
Polycom Pano App 1.0.1
Polycom VVX 5.6.0
Polycom Touch Control 1.17.0
Polycom HDX 3.1.11
Polycom Trio Visual+ 5.5.2
VMware vSphere Platform 6.0

Known Issues
The following table lists known issues in all releases of the RealPresence Clariti solution.
Table 1. Known Issues
Category Issue ID Description Workaround
Sometimes, after the

RealPresence
Desktop software
makes an H.323 512
kbps call in the
RealPresence DMA
RealPresence VMR that is No workaround for
EN-69410
Collaboration Server configured with 2048 this issue.
kbps line rate, the
RealPresence
Desktop software fails
to share content and
receives legacy
content.
The RealPresence
manager and the
RealPresence RealPresence Use other supported
BRIDGE-24690
Collaboration Server Collaboration Server Operation Systems.
web are not available
on Windows 10
operating system.
Sometimes, video
cells and site names
RealPresence in participant layout No workaround for
EN-70048
Collaboration Server are missing during a this issue.
RealPresence DMA
VMR conference.
In RealPresence
Collaboration Servers
cascaded
conferences, when
the RealPresence
Web Suite client
No workaround for
RealPresence DMA EN-58546 connects to the
this issue.
subordinate
RealPresence
and starts recording,
no recording icon
displays and

Category Issue ID Description Workaround
recording indication
switches back and
forth between
Recording started.
and Recording
stopped. on the client.
After joining a VMR
conference,
RealPresence
Desktop as the
RealPresence Web
Suite soft client on the
Microsoft Surface
Manually mute the
RealPresence Book may display
EN-42819 RealPresence
Desktop Unmute icon while
Desktop.
Mute on Entry
enabled is selected
on the RealPresence
Web Suite
Experienced Portal
administration
interface.
Sometimes, some
participants may be
RealPresence Web missing from the No workaround for
CAXIS-14079
Suite roster list of this issue.
RealPresence Web
Suite client.
Sometimes, when
external
RealPresence
Desktop as the
RealPresence Web
RealPresence Web No workaround for
CAXIS-14263 Suite soft client joins
Suite this issue.
a VMR conference via
VEQ, the roster and
content button of
RealPresence
Desktop are inactive.

Polycom Realpresence Clariti Advanced Solution Guide 9-23-2018

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Polycom Realpresence Clariti Advanced Solution Guide 9-23-2018

Uploaded by

Copyright:

Available Formats

Polycom Documentation

San Jose, CA 95002

Printed from Polycom, Inc. (http://documents.polycom.com)

Printed from Polycom, Inc. (http://documents.polycom.com) Page 3

Printed from Polycom, Inc. (http://documents.polycom.com) Page 4

Printed from Polycom, Inc. (http://documents.polycom.com) Page 5

6001 America Center Drive

Printed from Polycom, Inc. (http://documents.polycom.com) Page 6

Printed from Polycom, Inc. (http://documents.polycom.com) Page 7

RealPresence Clariti includes:

• Desktop and mobile clients and soft endpoint management

• Content sharing and real-time collaboration accessible through a web browser

• Automated scheduling, provisioning, and monitoring of software, and hardware-based video

Printed from Polycom, Inc. (http://documents.polycom.com) Page 8

RealPresence Clariti Solution Architecture

Figure 1. RealPresence Clariti Advanced Architecture

Planning the RealPresence Clariti Solution

Printed from Polycom, Inc. (http://documents.polycom.com) Page 9

Planning the RealPresence Clariti Solution

Company Network Introduction

Figure 1. RealPresence Clariti Advanced Network

RealPresence Clariti Solution Use Case

Printed from Polycom, Inc. (http://documents.polycom.com) Page 10

RealPresence Clariti Solution Use Case

• Employee meeting rooms are high-definition meeting rooms limited to 2 Mbps.

• On average, Company A sees approximately 70 % utilization of the core infrastructure. Most

Printed from Polycom, Inc. (http://documents.polycom.com) Page 11

The advantages of this model are as follows:

• Low conference admin overhead

Printed from Polycom, Inc. (http://documents.polycom.com) Page 13

• Automatic recording or manual recording is available.

RealPresence Clariti Solution Use Case

RealPresence Clariti Solution Components

Polycom® RealPresence® DMA

Polycom® RealPresence® Collaboration Server

The RealPresence Collaboration Server solution provides the following features:

• Universal bridging capabilities for seamless connectivity regardless of device, or protocol

Printed from Polycom, Inc. (http://documents.polycom.com) Page 15

The RealPresence Resource Manager system provides the following features:

• Easy administration through comprehensive device monitoring, provisioning, management, and

• Directories and presence engines that provide simplified dialing

• Multitenant support for cloud-based hosting

Polycom® RealPresence® Access Director

The RealPresence Access Director system provides the following features:

Printed from Polycom, Inc. (http://documents.polycom.com) Page 16

Polycom® RealPresence® Media Suite

Polycom Video and Telepresence Endpoints

Printed from Polycom, Inc. (http://documents.polycom.com) Page 17

Table 1. The RealPresence Clariti Solution Components

Module Component Description

Provides endpoint registration,

Enables firewall traversal

RealPresence Group Series,

Preparing for System Installation

Printed from Polycom, Inc. (http://documents.polycom.com) Page 18

Product FQDN Internal IP Address

RealPresence Access Director rpad.mycompany.com External IP: 172.16.0.6

Public IP: 1.2.3.4

RealPresence Media Suite

Printed from Polycom, Inc. (http://documents.polycom.com) Page 19

Resolve From Internal Resolve From Public

For internal and

Planning the RealPresence Clariti Solution

Printed from Polycom, Inc. (http://documents.polycom.com) Page 20