Represents a single security cipher and its configuration (enabled, disabled, allowed for FIPS, etc.).
Security settings switch between enhanced security mode and a custom security mode in which one or more insecure capabilities are allowed. Content-Type: application/vnd.plcm.plcm-security-settings-v3+xml All attributes are used in ETag calculation except for entity-tag and atom-links.
| Name | Type | Description | Attributes |
|---|---|---|---|
| atomLinkList | Array of Link | See Definition of Link | |
| signalingCiphers | Array of PlcmCipher | ||
| managementCiphers | Array of PlcmCipher | ||
| securityMode | SecurityMode | ENHANCED security mode is the recommended setting for normal operation. CUSTOM security mode enables one or more of the unsecured methods of network access listed below in leaf nodes. | Mandatory |
| allowConsoleAccess | boolean | Enables an authorized system user to log into the system using the system console. This low-level direct access is not required for normal daily operation, routine maintenance, or even standard troubleshooting, all of which can be done through the administrative GUI. In certain situations, enabling this option may assist Polycom Global Services personnel in more fully understanding the state of a troubled system or correcting problems. You may wish to enable this option only when asked to do so by Polycom Global Services. Note: If this field remains null then it will automatically be set to the default value (True for Core or Edge configuration). Action required for the change to take effect: None. | |
| allowSshAccess | boolean | Enables an authorized system user to log into the system using an SSH connection. This low-level direct access is not required for normal daily operation, routine maintenance, or even standard troubleshooting, all of which can be done through the administrative GUI. In certain situations, enabling this option may assist Polycom Global Services personnel in more fully understanding the state of a troubled system or correcting problems. You may wish to enable this option only when asked to do so by Polycom Global Services. Note: If this field remains null then it will automatically be set to the default value (True for Core configuration; False for Edge configuration). Action required for the change to take effect: None. | |
| allowSshRootAccess | boolean | Enables an authorized system root user to log into the system using an SSH connection. This low-level direct access is not required for normal daily operation, routine maintenance, or even standard troubleshooting, all of which can be done through the administrative GUI. In certain situations, enabling this option may assist Polycom Global Services personnel in more fully understanding the state of a troubled system or correcting problems. You may wish to enable this option only when asked to do so by Polycom Global Services. Note: If this field remains null then it will automatically be set to the default value (True for Core configuration; False for Edge configuration). Action required for the change to take effect: None. | |
| sshIdleTimeout | int | Number of seconds before an idle SSH connection will be closed. The value must be greater than zero if provided or else a default will be chosen by the system. It is up to the server whether the provided value will be adheared to or not, and/or how strictly, and no warning/error/status will be provided. | |
| unencryptedEnterpriseDirectoryAccessAllowed | boolean | The Polycom RealPresence DMA system uses SSL or TLS encryption when connecting to an Active Directory server, and will fail to connect to an Active Directory server (including domain controllers if you import global groups) that is not configured to support encryption. If this option is enabled, the Polycom RealPresence DMA system will be able to attempt to connect using an unencrypted protocol if an encrypted connection cannot be established. In normal daily operation, this option should only be used for diagnostic purposes. By toggling it on, you can determine whether encryption is the cause of a failure to connect to Active Directory or to load group data. It is recommended that you correctly configure the relevant servers rather than enabling this option for normal daily operation. Note: If this field remains null then it will automatically be set to the default value (False). Action required for the change to take effect: None. | |
| unencryptedMcuAccessAllowed | boolean | The Polycom RealPresence DMA system uses only HTTPS for the conference control connection to RealPresence Collaboration Server or RMX MCUs, and therefore can't control an MCU that accepts only HTTP (the default). This option enables the system to fall back to HTTP for MCUs not configured for HTTPS. It is recommended that you configure your MCUs to accept encrypted connections rather than enabling this option. When unencrypted connections are used, the RealPresence Collaboration Server or RMX login name and password are sent unencrypted over the network. Note: If this field remains null then it will automatically be set to the default value (True). Action required for the change to take effect: None. | |
| httpCalendarNotificationsAllowed | boolean | If calendaring is enabled, the Polycom RealPresence DMA system gives the Microsoft Exchange server an HTTPS URL to which the Exchange server can deliver calendar notifications. In that case, the Polycom RealPresence DMA system must have a certificate that the Exchange server accepts in order for the HTTPS connection to work. If this option is enabled, the Polycom RealPresence DMA system does not require HTTPS for calendar notifications. It is recommended that you install a certificate trusted by the Exchange server to allow using an HTTPS URL for notifications rather than enabling this option. Note: If this field remains null then it will automatically be set to the default value (False). Action required for the change to take effect: None. | |
| basicCalendarAuthAllowed | boolean | If calendaring is enabled, the Polycom RealPresence DMA system authenticates itself with the Exchange server using NTLM authentication. If this option is selected, the Polycom RealPresence DMA system still attempts to use NTLM first; however, if that fails or isn't enabled on the Exchange server, then the RealPresence DMA system falls back to HTTP Basic authentication (username and password). It is recommended that you use NTLM authentication r |