<!DOCTYPE html
PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html xmlns:jxb="http://java.sun.com/xml/ns/jaxb" xmlns:none="http://none"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><title>PlcmSecuritySettingsV2.json</title><meta http-equiv="X-UA-Compatible" content="IE=7"><style type="text/css"><!--@import url("https://staged.poly.com/clariti2/apidocs/3.8.0/representations/book_conversion_apr2012.css");--></style><link rel="stylesheet" type="text/css" href="../css/plcm-wadl-xsd.css"><!--
[if IE]>
<STYLE type="text/css">.altova-rotate-left-textbox{filter: progid:DXImageTransform.Microsoft.BasicImage(rotation=3)} .altova-rotate-right-textbox{filter: progid:DXImageTransform.Microsoft.BasicImage(rotation=1)} </STYLE>
<![endif]
--><!--[if !IE]><!--><style type="text/css">.altova-rotate-left-textbox{-webkit-transform: rotate(-90deg) translate(-100%, 0%); -webkit-transform-origin: 0% 0%;-moz-transform: rotate(-90deg) translate(-100%, 0%); -moz-transform-origin: 0% 0%;-ms-transform: rotate(-90deg) translate(-100%, 0%); -ms-transform-origin: 0% 0%;}.altova-rotate-right-textbox{-webkit-transform: rotate(90deg) translate(0%, -100%); -webkit-transform-origin: 0% 0%;-moz-transform: rotate(90deg) translate(0%, -100%); -moz-transform-origin: 0% 0%;-ms-transform: rotate(90deg) translate(0%, -100%); -ms-transform-origin: 0% 0%;}</style><!--<![endif]--><style type="text/css">@page { margin-left:0.60in; margin-right:0.60in; margin-top:0.79in; margin-bottom:0.79in } @media print { br.altova-page-break { page-break-before: always; } }</style></head><body><h1><span>PlcmSecuritySettingsV2</span></h1><dl style="margin-left: 18.000pt;"><dt><span><a name="plcm-cipher" href="plcm-security-settings-v2.json.htm#PlcmCipher">PlcmCipher</a></span></dt><dd><p>
Represents a single security cipher and its configuration (enabled, disabled, allowed for FIPS, etc...).
</p></dd><dt><span><a name="plcm-security-settings-v2" href="plcm-security-settings-v2.json.htm#PlcmSecuritySettingsV2">PlcmSecuritySettingsV2</a></span></dt><dd><p>
Security settings switch between enhanced security mode and a custom security mode in
which one or more insecure capabilities are allowed.
Content-Type: application/vnd.plcm.plcm-security-settings-v2+xml.
All attributes are used in ETag calculation except for entity-tag and atom-links.
</p></dd></dl><hr><h4><a name="PlcmSecuritySettingsV2"><span>PlcmSecuritySettingsV2 Fields</span></a></h4><table style="border-collapse:collapse; border-color:black; border-style:solid; border-width:1px; " rules="all"><thead style="background-color:#ccc; "><tr bgcolor="#d2d2d2"><th style="border-collapse:collapse; border-color:black; border-style:solid; border-width:1px; width:2.50in; "><span>Name</span></th><th style="border-collapse:collapse; border-color:black; border-style:solid; border-width:1px; width:3in; "><span>Type</span></th><th style="border-collapse:collapse; border-color:black; border-style:solid; border-width:1px; width:4.50in; "><span>Description</span></th><th style="border-color:black; border-style:solid; border-width:1 px; width:4.50in; "><span>Attributes</span></th></tr></thead><tbody><tr style="top:auto; vertical-align:top; "><td style="border-collapse:collapse; border-color:black; border-style:solid; border-width:1px; width:2.50in; "><span>atomLinkList </span></td><td style="border-collapse:collapse; border-color:black; border-style:solid; border-width:1px; width:3in; "><span>Array of </span><a href="https://staged.poly.com/clariti2/apidocs/3.8.0/representations/atom.json.htm#link">Link</a></td><td style="border-collapse:collapse; border-color:black; border-style:solid; border-width:1px; width:4.50in; "><span>See Definition of </span><span>Link</span></td><td style="border-color:black; border-style:solid; border-width:1 px; width:4.50in; "></td></tr><tr style="top:auto; vertical-align:top; "><td style="border-collapse:collapse; border-color:black; border-style:solid; border-width:1px; width:2.50in; "><span>signalingCiphers</span></td><td style="border-collapse:collapse; border-color:black; border-style:solid; border-width:1px; width:3in; "><span>Array of </span><a href="plcm-security-settings-v2.json.htm#PlcmCipher">PlcmCipher</a></td><td style="border-collapse:collapse; border-color:black; border-style:solid; border-width:1px; width:4.50in; "></td><td style="border-color:black; border-style:solid; border-width:1 px; width:4.50in; "></td></tr><tr style="top:auto; vertical-align:top; "><td style="border-collapse:collapse; border-color:black; border-style:solid; border-width:1px; width:2.50in; "><span>managementCiphers</span></td><td style="border-collapse:collapse; border-color:black; border-style:solid; border-width:1px; width:3in; "><span>Array of </span><a href="plcm-security-settings-v2.json.htm#PlcmCipher">PlcmCipher</a></td><td style="border-collapse:collapse; border-color:black; border-style:solid; border-width:1px; width:4.50in; "></td><td style="border-color:black; border-style:solid; border-width:1 px; width:4.50in; "></td></tr><tr style="top:auto; vertical-align:top; "><td style="border-collapse:collapse; border-color:black; border-style:solid; border-width:1px; width:2.50in; "><span>securityMode</span></td><td style="border-collapse:collapse; border-color:black; border-style:solid; border-width:1px; width:3in; "><a href="plcm-security-settings-v2.json.htm#SecurityMode">SecurityMode</a></td><td style="border-collapse:collapse; border-color:black; border-style:solid; border-width:1px; width:4.50in; ">
ENHANCED security mode is the recommended setting for normal operation.
CUSTOM security mode enables one or more of the unsecured methods of network access allow secure protocol tlsv11s
listed below in leaf nodes.
</td><td style="border-color:black; border-style:solid; border-width:1 px; width:4.50in; "><span>Mandatory</span></td></tr><tr style="top:auto; vertical-align:top; "><td style="border-collapse:collapse; border-color:black; border-style:solid; border-width:1px; width:2.50in; "><span>allowLinuxConsoleAccess</span></td><td style="border-collapse:collapse; border-color:black; border-style:solid; border-width:1px; width:3in; "><span>boolean</span></td><td style="border-collapse:collapse; border-color:black; border-style:solid; border-width:1px; width:4.50in; ">
Enables the Linux remote user account to log into the system using SSH. This direct
Linux access isn’t needed for normal operation, routine maintenance, or even
troubleshooting, all of which can be done through the administrative GUI.
In extreme circumstances, this option might enable expert Polycom Global
Services personnel to more fully understand the state of a troubled system or
correct problems. Enable this option only when asked to do so by Polycom
Global Services.
Note :- If this field remains null then it will automatically set to default value i.e. True.
Action required for the change to take effect :- none.
</td><td style="border-color:black; border-style:solid; border-width:1 px; width:4.50in; "></td></tr><tr style="top:auto; vertical-align:top; "><td style="border-collapse:collapse; border-color:black; border-style:solid; border-width:1px; width:2.50in; "><span>allowSshRootAccess</span></td><td style="border-collapse:collapse; border-color:black; border-style:solid; border-width:1px; width:3in; "><span>boolean</span></td><td style="border-collapse:collapse; border-color:black; border-style:solid; border-width:1px; width:4.50in; ">
Enables an authorized system root user to log into the system using an SSH connection. This low-level
direct access is not required for normal daily operation, routine maintenance, or even standard
troubleshooting, all of which can be done through the administrative GUI.
In certain situations, enabling this option may assist Polycom Global Services personnel in more
fully understanding the state of a troubled system or correcting problems.
You may wish to enable this option only when asked to do so by Polycom Global Services.
Note: If this field remains null then it will automatically be set to the default value (True for
Core configuration; False for Edge configuration).
Action required for the change to take effect: None.
</td><td style="border-color:black; border-style:solid; border-width:1 px; width:4.50in; "></td></tr><tr style="top:auto; vertical-align:top; "><td style="border-collapse:collapse; border-color:black; border-style:solid; border-width:1px; width:2.50in; "><span>sshIdleTimeout</span></td><td style="border-collapse:collapse; border-color:black; border-style:solid; border-width:1px; width:3in; "><span>int</span></td><td style="border-collapse:collapse; border-color:black; border-style:solid; border-width:1px; width:4.50in; ">
Number of seconds before an idle SSH connection will be closed.
The value must be greater than zero if provided or else a default will be chosen by the system.
It is up to the server whether the provided value will be adheared to or not, and/or how strictly, and
no warning/error/status will be provided.
</td><td style="border-color:black; border-style:solid; border-width:1 px; width:4.50in; "></td></tr><tr style="top:auto; vertical-align:top; "><td style="border-collapse:collapse; border-color:black; border-style:solid; border-width:1px; width:2.50in; "><span>unencryptedEnterpriseDirectoryAccessAllowed</span></td><td style="border-collapse:collapse; border-color:black; border-style:solid; border-width:1px; width:3in; "><span>boolean</span></td><td style="border-collapse:collapse; border-color:black; border-style:solid; border-width:1px; width:4.50in; ">
Select to specify that endpoints whose status is Inactive (that is, their
registrations have expired) are deleted from the system after the specified
number of days.Some dial rule actions, such as Resolve to registered endpoint, can route
calls to endpoints with an inactive registration. Deleting the registration record
is the only way to prevent resolution to an inactive endpoint.
Note :- If this field remains null then it will automatically set to default value i.e. False.
Action required for the change to take effect :- none.
</td><td style="border-color:black; border-style:solid; border-width:1 px; width:4.50in; "></td></tr><tr style="top:auto; vertical-align:top; "><td style="border-collapse:collapse; border-color:black; border-style:solid; border-width:1px; width:2.50in; "><span>unencryptedMcuAccessAllowed</span></td><td style="border-collapse:collapse; border-color:black; border-style:solid; border-width:1px; width:3in; "><span>boolean</span></td><td style="border-collapse:collapse; border-color:black; border-style:solid; border-width:1px; width:4.50in; ">
The Polycom RealPresence DMA system uses only HTTPS for the
conference control connection to RealPresence Collaboration Server or RMX
MCUs, and therefore can’t control an MCU that accepts only HTTP (the
default). This option enables the system to fall back to HTTP for MCUs not
configured for HTTPS.Recommend configuring your MCUs to accept encrypted connections
rather than enabling this option. When unencrypted connections are used, the
RealPresence Collaboration Server or RMX login name and password are
sent unencrypted over the network.
Note :- If this field remains null then it will automatically set to default value i.e. True.
Action required for the change to take effect :- none.
</td><td style="border-color:black; border-style:solid; border-width:1 px; width:4.50in; "></td></tr><tr style="top:auto; vertical-align:top; "><td style="border-collapse:collapse; border-color:black; border-style:solid; border-width:1px; width:2.50in; "><span>httpCalendarNotificationsAllowed</span></td><td style="border-collapse:collapse; border-color:black; border-style:solid; border-width:1px; width:3in; "><span>boolean</span></td><td style="border-collapse:collapse; border-color:black; border-style:solid; border-width:1px; width:4.50in; ">
If calendaring is enabled, the Polycom RealPresence DMA system
gives the Microsoft Exchange server an HTTPS URL to which the Exchange
server can deliver calendar notifications. In that case, the Polycom
RealPresence DMA system must have a certificate that the Exchange server
accepts in order for the HTTPS connection to work.allow secure protocol tlsv11
If this option is selected, the Polycom RealPresence DMA system does not
require HTTPS for calendar notifications.
Recommend installing a certificate trusted by the Exchange server and
using an HTTPS URL for notifications rather than enabling this option.
Note :- If this field remains null then it will automatically set to default value i.e. False
Action required for the change to take effect :- none.
</td><td style="border-color:black; border-style:solid; border-width:1 px; width:4.50in; "></td></tr><tr style="top:auto; vertical-align:top; "><td style="border-collapse:collapse; border-color:black; border-style:solid; border-width:1px; width:2.50in; "><span>basicCalendarAuthAllowed</span></td><td style="border-collapse:collapse; border-color:black; border-style:solid; border-width:1px; width:3in; "><span>boolean</span></td><td style="border-collapse:collapse; border-color:black; border-style:solid; border-width:1px; width:4.50in; ">
If calendaring is enabled, the Polycom RealPresence DMA system
authenticates itself with the Exchange server using NTLM authentication.
If this option is selected, the Polycom RealPresence DMA system still
attempts to use NTLM first. But if that fails or isn’t enabled on the Exchange
server, then the RealPresence DMA system falls back to HTTP Basic
authentication (user name and password).
We recommend using NTLM authentication rather than enabling this option.
In order for either NTLM or HTTP Basic authentication to work, they must be
enabled on the Exchange server.
Note :- If this field remains null then it will automatically set to default value i.e. False.
Action required for the change to take effect :- none.
</td><td style="border-color:black; border-style:solid; border-width:1 px; width:4.50in; "></td></tr><tr style="top:auto; vertical-align:top; "><td style="border-collapse:collapse; border-color:black; border-style:solid; border-width:1px; width:2.50in; "><span>nonFipsCipherAllowed</span></td><td style="border-collapse:collapse; border-color:black; border-style:solid; border-width:1px; width:3in; "><span>boolean</span></td><td style="border-collapse:collapse; border-color:black; border-style:solid; border-width:1px; width:4.50in; ">
When true, non-FIPS ciphers are allowed.
Non-FIPS ciphers are not allowed when false.
Note :- If this field remains null then it will automatically set to default value, which is true.
Action required for the change to take effect :- application restart.
</td><td style="border-color:black; border-style:solid; border-width:1 px; width:4.50in; "></td></tr><tr style="top:auto; vertical-align:top; "><td style="border-collapse:collapse; border-color:black; border-style:solid; border-width:1px; width:2.50in; "><span>skipServerCertValidation</span></td><td style="border-collapse:collapse; border-color:black; border-style:solid; border-width:1px; width:3in; "><span>boolean</span></td><td style="border-collapse:collapse; border-color:black; border-style:solid; border-width:1px; width:4.50in; ">
When the Polycom RealPresence DMA system connects to a
server, it validates that server’s certificate.
This option configures the system to accept any certificate presented to it
without validating it.allow secure protocol tlsv11
Recommend using valid certificates for all servers that the system may
need to contact rather than enabling this option. Depending on system
configuration, this may include:
MCUs
Active Directory
Exchange
RealPresence Resource Manager or CMA system
Other RealPresence DMA systems
Endpoints
Note: Either the Common Name (CN) or Subject Alternate Name (SAN) field
of the server’s certificate must contain the address or host name specified for
the server in the Polycom RealPresence DMA system.
Polycom MCUs don't include their management IP address in the SAN field of
the CSR (Certificate Signing Request), so their certificates identify them only
by the CN. Therefore, in the Polycom RealPresence DMA system, a Polycom
MCU's management interface must be identified by the name specified in the
CN field (usually the FQDN), not by IP address.
Similarly, an Active Directory server certificate often specifies only the FQDN.
So in the Polycom RealPresence DMA system, identify the enterprise
directory by FQDN, not by IP address.
Note :- If this field remains null then it will automatically set to default value i.e. True.
Action required for the change to take effect :- none.
</td><td style="border-color:black; border-style:solid; border-width:1 px; width:4.50in; "></td></tr><tr style="top:auto; vertical-align:top; "><td style="border-collapse:collapse; border-color:black; border-style:solid; border-width:1px; width:2.50in; "><span>skipCallSignalingCert</span></td><td style="border-collapse:collapse; border-color:black; border-style:solid; border-width:1px; width:3in; "><span>boolean</span></td><td style="border-collapse:collapse; border-color:black; border-style:solid; border-width:1px; width:4.50in; ">
During encrypted call signaling (SIP over TLS), the Polycom
RealPresence DMA system requires the remote party (endpoint or MCU) to
present a valid certificate. This is known as mTLS or two-way TLS.allow secure protocol tlsv11
This option configures the system to accept any certificate (or none).
Recommend installing valid certificates on your endpoints and MCUs
rather than enabling this option.
Note :- If this field remains null then it will automatically set to default value i.e. True.
Action required for the change to take effect :- none.
</td><td style="border-color:black; border-style:solid; border-width:1 px; width:4.50in; "></td></tr><tr style="top:auto; vertical-align:top; "><td style="border-collapse:collapse; border-color:black; border-style:solid; border-width:1px; width:2.50in; "><span>allowANonEvents</span></td><td style="border-collapse:collapse; border-color:black; border-style:solid; border-width:1px; width:3in; "><span>boolean</span></td><td style="border-collapse:collapse; border-color:black; border-style:solid; border-width:1px; width:4.50in; ">
The SIP SUBSCRIBE/NOTIFY conference notification service (as described
in RFCs 3265 and 4575), allows SIP devices to subscribe to a conference and
receive conference rosters and notifications of conference events. Normally,
the subscribing endpoints are conference participants.
This option configures the system to let devices subscribe to a conference
without being participants in the conference.
Note: A subscription to a conference by a non-participant consumes a call
license. Call history doesn’t include data for non-participant subscriptions.
Note :- If this field remains null then it will automatically set to default value i.e. True.
Action required for the change to take effect :- none.
</td><td style="border-color:black; border-style:solid; border-width:1 px; width:4.50in; "></td></tr><tr style="top:auto; vertical-align:top; "><td style="border-collapse:collapse; border-color:black; border-style:solid; border-width:1px; width:2.50in; "><span>skipLoginCert</span></td><td style="border-collapse:collapse; border-color:black; border-style:solid; border-width:1px; width:3in; "><span>boolean</span></td><td style="border-collapse:collapse; border-color:black; border-style:solid; border-width:1px; width:4.50in; ">
This option may be configured in any security mode.
If this option is turned off, you can only connect to the Polycom RealPresence
DMA system if your browser presents a client certificate issued by a CA that
the system trusts (this is known as mTLS for administrative connections).
Turn this option off only if:
You’ve implemented a complete public key infrastructure (PKI) system,
including a CA server, client software (and optionally hardware, tokens, or
smartcards), and the appropriate operational procedures.
The CA’s public certificate is installed in the Polycom RealPresence DMA
system so that it trusts the CA.
All authorized users, including yourself, have a client certificate signed by
the CA that authenticates them to the Polycom RealPresence DMA system.
Note :- If this field remains null then it will automatically set to default value i.e. True.
Action required for the change to take effect :- none.
</td><td style="border-color:black; border-style:solid; border-width:1 px; width:4.50in; "></td></tr><tr style="top:auto; vertical-align:top; "><td style="border-collapse:collapse; border-color:black; border-style:solid; border-width:1px; width:2.50in; "><span>ipv6DstUnreachable</span></td><td style="border-collapse:collapse; border-color:black; border-style:solid; border-width:1px; width:3in; "><span>boolean</span></td><td style="border-collapse:collapse; border-color:black; border-style:solid; border-width:1px; width:4.50in; ">
This option may be configured in any security mode.
If this option is off, the Polycom RealPresence DMA system has an internal
firewall rule that blocks outbound dallow secure protocol tlsv11estination unreachable messages.
If this option is on, that firewall rule is disabled.
Note: The Polycom RealPresence DMA system currently doesn’t send such
messages, regardless of this setting.
Note :- If this field remains null then it will automatically set to default value i.e. True.
Action required for the change to take effect :- none.
</td><td style="border-color:black; border-style:solid; border-width:1 px; width:4.50in; "></td></tr><tr style="top:auto; vertical-align:top; "><td style="border-collapse:collapse; border-color:black; border-style:solid; border-width:1px; width:2.50in; "><span>ipv6EchoReply</span></td><td style="border-collapse:collapse; border-color:black; border-style:solid; border-width:1px; width:3in; "><span>boolean</span></td><td style="border-collapse:collapse; border-color:black; border-style:solid; border-width:1px; width:4.50in; ">
This option may be configured in any security mode.
If this option is off, the Polycom RealPresence DMA system doesn't reply to
echo request messages sent to multicast addresses (multicast pings).
If this option is on, the system responds to multicast pings.
Note :- If this field remains null then it will automatically set to default value i.e. True.
Action required for the change to take effect :- none.
</td><td style="border-color:black; border-style:solid; border-width:1 px; width:4.50in; "></td></tr><tr style="top:auto; vertical-align:top; "><td style="border-collapse:collapse; border-color:black; border-style:solid; border-width:1px; width:2.50in; "><span>ignoreSipPrivacyHeader</span></td><td style="border-collapse:collapse; border-color:black; border-style:solid; border-width:1px; width:3in; "><span>boolean</span></td><td style="border-collapse:collapse; border-color:black; border-style:solid; border-width:1px; width:4.50in; ">
This option may be configured to ignore sip privacy header.
Note :- If this field remains null then it will automatically set to default value i.e. False.
Action required for the change to take effect :- none.
</td><td style="border-color:black; border-style:solid; border-width:1 px; width:4.50in; "></td></tr><tr style="top:auto; vertical-align:top; "><td style="border-collapse:collapse; border-color:black; border-style:solid; border-width:1px; width:2.50in; "><span>preventSipPrivacyCriticalFlagPropagation</span></td><td style="border-collapse:collapse; border-color:black; border-style:solid; border-width:1px; width:3in; "><span>boolean</span></td><td style="border-collapse:collapse; border-color:black; border-style:solid; border-width:1px; width:4.50in; ">
This option may be configured to prevent sip privacy critical flag propagation.
Note :- If this field remains null then it will automatically set to default value i.e. False.
Action required for the change to take effect :- none.
</td><td style="border-color:black; border-style:solid; border-width:1 px; width:4.50in; "></td></tr><tr style="top:auto; vertical-align:top; "><td style="border-collapse:collapse; border-color:black; border-style:solid; border-width:1px; width:2.50in; "><span>allowSecureProtocolSslv3</span></td><td style="border-collapse:collapse; border-color:black; border-style:solid; border-width:1px; width:3in; "><span>boolean</span></td><td style="border-collapse:collapse; border-color:black; border-style:solid; border-width:1px; width:4.50in; ">
This option may be configured to allow secure protocol sslv3.
Note :- If this field remains null then it will automatically set to default value i.e. False.
Action required for the change to take effect :- application restart.
</td><td style="border-color:black; border-style:solid; border-width:1 px; width:4.50in; "></td></tr><tr style="top:auto; vertical-align:top; "><td style="border-collapse:collapse; border-color:black; border-style:solid; border-width:1px; width:2.50in; "><span>allowSecureProtocolTlsv10</span></td><td style="border-collapse:collapse; border-color:black; border-style:solid; border-width:1px; width:3in; "><span>boolean</span></td><td style="border-collapse:collapse; border-color:black; border-style:solid; border-width:1px; width:4.50in; ">
This option may be configured to allow secure protocol tlsv10.
Note :- If this field remains null then it will automatically set to default value i.e. True.
Action required for the change to take effect :- application restart.
</td><td style="border-color:black; border-style:solid; border-width:1 px; width:4.50in; "></td></tr><tr style="top:auto; vertical-align:top; "><td style="border-collapse:collapse; border-color:black; border-style:solid; border-width:1px; width:2.50in; "><span>allowSecureProtocolTlsv11</span></td><td style="border-collapse:collapse; border-color:black; border-style:solid; border-width:1px; width:3in; "><span>boolean</span></td><td style="border-collapse:collapse; border-color:black; border-style:solid; border-width:1px; width:4.50in; ">
This option may be configured to allow secure protocol tlsv11.
Note :- If this field remains null then it will automatically set to default value i.e. True.
Action required for the change to take effect :- application restart.
</td><td style="border-color:black; border-style:solid; border-width:1 px; width:4.50in; "></td></tr><tr style="top:auto; vertical-align:top; "><td style="border-collapse:collapse; border-color:black; border-style:solid; border-width:1px; width:2.50in; "><span>allowSecureProtocolTlsv12</span></td><td style="border-collapse:collapse; border-color:black; border-style:solid; border-width:1px; width:3in; "><span>boolean</span></td><td style="border-collapse:collapse; border-color:black; border-style:solid; border-width:1px; width:4.50in; ">
This option may be configured to allow secure protocol tlsv12.
Note :- If this field remains null then it will automatically set to default value i.e. True
Action required for the change to take effect :- application restart.
</td><td style="border-color:black; border-style:solid; border-width:1 px; width:4.50in; "></td></tr><tr style="top:auto; vertical-align:top; "><td style="border-collapse:collapse; border-color:black; border-style:solid; border-width:1px; width:2.50in; "><span>enforceTlsForLdap</span></td><td style="border-collapse:collapse; border-color:black; border-style:solid; border-width:1px; width:3in; "><span>boolean</span></td><td style="border-collapse:collapse; border-color:black; border-style:solid; border-width:1px; width:4.50in; ">
This option is used to enforce TLS for LDAP
</td><td style="border-color:black; border-style:solid; border-width:1 px; width:4.50in; "></td></tr><tr style="top:auto; vertical-align:top; "><td style="border-collapse:collapse; border-color:black; border-style:solid; border-width:1px; width:2.50in; "><span>enableAccessProxyWhitelistAuth</span></td><td style="border-collapse:collapse; border-color:black; border-style:solid; border-width:1px; width:3in; "><span>boolean</span></td><td style="border-collapse:collapse; border-color:black; border-style:solid; border-width:1px; width:4.50in; ">
This option is used to enable access proxy white list authentication for LDAP and XMPP access
</td><td style="border-color:black; border-style:solid; border-width:1 px; width:4.50in; "></td></tr><tr style="top:auto; vertical-align:top; "><td style="border-collapse:collapse; border-color:black; border-style:solid; border-width:1px; width:2.50in; "><span>allowBootingFromUsbOrOpticalDrive</span></td><td style="border-collapse:collapse; border-color:black; border-style:solid; border-width:1px; width:3in; "><span>boolean</span></td><td style="border-collapse:collapse; border-color:black; border-style:solid; border-width:1px; width:4.50in; ">
This option may be configured to allow booting from the optical drive or a USB device.
Note :- If this field remains null then it will automatically set to default value i.e. True.
Note :- This setting does not apply to DMA Virtual Edition.
Action required for the change to take effect :- system reboot.
</td><td style="border-color:black; border-style:solid; border-width:1 px; width:4.50in; "></td></tr><tr style="top:auto; vertical-align:top; "><td style="border-collapse:collapse; border-color:black; border-style:solid; border-width:1px; width:2.50in; "><span>lastModifiedBy</span></td><td style="border-collapse:collapse; border-color:black; border-style:solid; border-width:1px; width:3in; "><span>string</span></td><td style="border-collapse:collapse; border-color:black; border-style:solid; border-width:1px; width:4.50in; ">
This option will keep track of last user to modify security settings, this is
read-only parameter.
</td><td style="border-color:black; border-style:solid; border-width:1 px; width:4.50in; "></td></tr><tr style="top:auto; vertical-align:top; "><td style="border-collapse:collapse; border-color:black; border-style:solid; border-width:1px; width:2.50in; "><span>minDheKeySizeInbound</span></td><td style="border-collapse:collapse; border-color:black; border-style:solid; border-width:1px; width:3in; "><span>short</span></td><td style="border-collapse:collapse; border-color:black; border-style:solid; border-width:1px; width:4.50in; ">
The minimum Diffie-Helman Ephemeral key size to accept from clients and other servers when
negotiating TLS connections. Clients and other servers that use DHE keys smaller than this
size will fail to connect.
</td><td style="border-color:black; border-style:solid; border-width:1 px; width:4.50in; "></td></tr><tr style="top:auto; vertical-align:top; "><td style="border-collapse:collapse; border-color:black; border-style:solid; border-width:1px; width:2.50in; "><span>dheKeySizeOutbound</span></td><td style="border-collapse:collapse; border-color:black; border-style:solid; border-width:1px; width:3in; "><span>short</span></td><td style="border-collapse:collapse; border-color:black; border-style:solid; border-width:1px; width:4.50in; ">
The Diffie-Helman Ephemeral key size that the local server will use when negotiating TLS
connections to other servers.
</td><td style="border-color:black; border-style:solid; border-width:1 px; width:4.50in; "></td></tr><tr style="top:auto; vertical-align:top; "><td style="border-collapse:collapse; border-color:black; border-style:solid; border-width:1px; width:2.50in; "><span>entityTag</span></td><td style="border-collapse:collapse; border-color:black; border-style:solid; border-width:1px; width:3in; "><a href="plcm-security-settings-v2.json.htm#EntityTag">EntityTag</a></td><td style="border-collapse:collapse; border-color:black; border-style:solid; border-width:1px; width:4.50in; ">
The unique value generated from the server object instance. This value is the same value
that MUST be applied to the HTTP Entity Tag (ETag) header for a single instance of this object.
Client modification of this field is not allowed for this instance.
</td><td style="border-color:black; border-style:solid; border-width:1 px; width:4.50in; "></td></tr></tbody></table><br><h4><a name="PlcmCipher"><span>PlcmCipher Fields</span></a></h4><table style="border-collapse:collapse; border-color:black; border-style:solid; border-width:1px; " rules="all"><thead style="background-color:#ccc; "><tr bgcolor="#d2d2d2"><th style="border-collapse:collapse; border-color:black; border-style:solid; border-width:1px; width:2.50in; "><span>Name</span></th><th style="border-collapse:collapse; border-color:black; border-style:solid; border-width:1px; width:3in; "><span>Type</span></th><th style="border-collapse:collapse; border-color:black; border-style:solid; border-width:1px; width:4.50in; "><span>Description</span></th><th style="border-color:black; border-style:solid; border-width:1 px; width:4.50in; "><span>Attributes</span></th></tr></thead><tbody><tr style="top:auto; vertical-align:top; "><td style="border-collapse:collapse; border-color:black; border-style:solid; border-width:1px; width:2.50in; "><span>forProtocols</span></td><td style="border-collapse:collapse; border-color:black; border-style:solid; border-width:1px; width:3in; "><span>Array of </span><a href="plcm-security-settings-v2.json.htm#SecureProtocols">SecureProtocols</a></td><td style="border-collapse:collapse; border-color:black; border-style:solid; border-width:1px; width:4.50in; "></td><td style="border-color:black; border-style:solid; border-width:1 px; width:4.50in; "></td></tr><tr style="top:auto; vertical-align:top; "><td style="border-collapse:collapse; border-color:black; border-style:solid; border-width:1px; width:2.50in; "><span>name</span></td><td style="border-collapse:collapse; border-color:black; border-style:solid; border-width:1px; width:3in; "><span>string</span></td><td style="border-collapse:collapse; border-color:black; border-style:solid; border-width:1px; width:4.50in; ">
Textual name of the cipher suitable for display and/or labeling.
</td><td style="border-color:black; border-style:solid; border-width:1 px; width:4.50in; "><span>Mandatory</span></td></tr><tr style="top:auto; vertical-align:top; "><td style="border-collapse:collapse; border-color:black; border-style:solid; border-width:1px; width:2.50in; "><span>idName</span></td><td style="border-collapse:collapse; border-color:black; border-style:solid; border-width:1px; width:3in; "><span>string</span></td><td style="border-collapse:collapse; border-color:black; border-style:solid; border-width:1px; width:4.50in; ">
Programatic identifier for the cipher that may or may not be the same as the name.
</td><td style="border-color:black; border-style:solid; border-width:1 px; width:4.50in; "><span>Mandatory</span></td></tr><tr style="top:auto; vertical-align:top; "><td style="border-collapse:collapse; border-color:black; border-style:solid; border-width:1px; width:2.50in; "><span>classes</span></td><td style="border-collapse:collapse; border-color:black; border-style:solid; border-width:1px; width:3in; "><span>Array of </span><span>string</span></td><td style="border-collapse:collapse; border-color:black; border-style:solid; border-width:1px; width:4.50in; ">
Values (optional) that can be used to group similar ciphers (i.e. 3DES, RC4, AES, ECDH, ...).
</td><td style="border-color:black; border-style:solid; border-width:1 px; width:4.50in; "></td></tr><tr style="top:auto; vertical-align:top; "><td style="border-collapse:collapse; border-color:black; border-style:solid; border-width:1px; width:2.50in; "><span>enabled</span></td><td style="border-collapse:collapse; border-color:black; border-style:solid; border-width:1px; width:3in; "><span>boolean</span></td><td style="border-collapse:collapse; border-color:black; border-style:solid; border-width:1px; width:4.50in; ">
States the particular cipher is enabled or disabled
</td><td style="border-color:black; border-style:solid; border-width:1 px; width:4.50in; "><span>Mandatory</span></td></tr><tr style="top:auto; vertical-align:top; "><td style="border-collapse:collapse; border-color:black; border-style:solid; border-width:1px; width:2.50in; "><span>isADefault</span></td><td style="border-collapse:collapse; border-color:black; border-style:solid; border-width:1px; width:3in; "><span>boolean</span></td><td style="border-collapse:collapse; border-color:black; border-style:solid; border-width:1px; width:4.50in; ">
Is the cipher enabled in the default cipher set or not.
</td><td style="border-color:black; border-style:solid; border-width:1 px; width:4.50in; "></td></tr><tr style="top:auto; vertical-align:top; "><td style="border-collapse:collapse; border-color:black; border-style:solid; border-width:1px; width:2.50in; "><span>validForFips</span></td><td style="border-collapse:collapse; border-color:black; border-style:solid; border-width:1px; width:3in; "><span>boolean</span></td><td style="border-collapse:collapse; border-color:black; border-style:solid; border-width:1px; width:4.50in; ">
Is the cipher valid for a FIPS configuration or not.
</td><td style="border-color:black; border-style:solid; border-width:1 px; width:4.50in; "></td></tr></tbody></table><br><hr><h3><span>Nested Types/Restrictions</span></h3><br><table style="border-collapse:collapse; border-color:black; border-style:solid; border-width:1px; " rules="all"><thead><tr bgcolor="#d2d2d2"><th style="border-collapse:collapse; border-color:black; border-style:solid; border-width:1px; width:2.50in; "><span>Name</span></th><th style="border-collapse:collapse; border-color:black; border-style:solid; border-width:1px; width:3in; "><span>Type</span></th><th style="border-collapse:collapse; border-color:black; border-style:solid; border-width:1px; width:4.50in; "><span>Restrictions</span></th></tr></thead><tbody><tr style="top:auto; vertical-align:top; "><td style="border-collapse:collapse; border-color:black; border-style:solid; border-width:1px; width:2.50in; "><a name="SecureProtocols"><span>SecureProtocols</span></a></td><td style="border-collapse:collapse; border-color:black; border-style:solid; border-width:1px; width:3in; "><span>string</span></td><td style="border-collapse:collapse; border-color:black; border-style:solid; border-width:1px; width:4.50in; "><br><span>Value must be one of:</span><ul><li><span style="top:auto; vertical-align:top;">TLS_1_3</span></li><li><span style="top:auto; vertical-align:top;">TLS_1_2</span></li><li><span style="top:auto; vertical-align:top;">TLS_1_1</span></li><li><span style="top:auto; vertical-align:top;">TLS_1_0</span></li><li><span style="top:auto; vertical-align:top;">SSL_V3</span></li></ul></td></tr><tr style="top:auto; vertical-align:top; "><td style="border-collapse:collapse; border-color:black; border-style:solid; border-width:1px; width:2.50in; "><a name="EntityTag"><span>EntityTag</span></a></td><td style="border-collapse:collapse; border-color:black; border-style:solid; border-width:1px; width:3in; "><span>string</span></td><td style="border-collapse:collapse; border-color:black; border-style:solid; border-width:1px; width:4.50in; "><br><span>Length of value must be >=</span><span>1</span><br><span>Length of value must be <=</span><span>64</span></td></tr><tr style="top:auto; vertical-align:top; "><td style="border-collapse:collapse; border-color:black; border-style:solid; border-width:1px; width:2.50in; "><a name="SecurityMode"><span>SecurityMode</span></a></td><td style="border-collapse:collapse; border-color:black; border-style:solid; border-width:1px; width:3in; "><span>string</span></td><td style="border-collapse:collapse; border-color:black; border-style:solid; border-width:1px; width:4.50in; "><br><span>Value must be one of:</span><ul><li><span style="top:auto; vertical-align:top;">ENHANCED</span></li><li><span style="top:auto; vertical-align:top;">CUSTOM</span></li><li><span style="top:auto; vertical-align:top;">UNKNOWN</span></li></ul></td></tr></tbody></table></body></html>