Configuration Guide - Touch Plus for HDX Workflow Server ... · HDX devices, Polycom’s RealPresence Platform / Clariti solution, and Microsoft Exchange server. Note, this guide

Configuration Guide - Touch Plus for HDX Workflow Server Feature | Release 1.7.0 | Dec 2018 | 3725-85825-001A

1

Configuration Guide – Touch Plus for HDX

Workflow Server Feature


2

Copyright© 2018, Polycom, Inc. All rights reserved. No part of this document may be reproduced, translated into another language or format, or transmitted in any form or by any means, electronic or mechanical, for any purpose, without the express written permission of Polycom, Inc. 6001 America Center Drive San Jose, CA 95002 USA Trademarks Polycom®, the Polycom logo and the names and marks associated with Polycom products are trademarks and/or service marks of Polycom, Inc., and are registered and/or common law marks in the United States and various other countries.

All other trademarks are property of their respective owners. No portion hereof may be reproduced or transmitted in any form or by any means, for any purpose other than the recipient's personal use, without the express written permission of Polycom. Disclaimer While Polycom uses reasonable efforts to include accurate and up-to-date information in this document, Polycom makes no warranties or representations as to its accuracy. Polycom assumes no liability or responsibility for any typographical or other errors or omissions in the content of this document. Limitation of Liability Polycom and/or its respective suppliers make no representations about the suitability of the information contained in this document for any purpose. Information is provided "as is" without warranty of any kind and is subject to change without notice. The entire risk arising out of its use remains with the recipient. In no event shall Polycom and/or its respective suppliers be liable for any direct, consequential, incidental, special, punitive or other damages whatsoever (including without limitation, damages for loss of business profits, business interruption, or loss of business information), even if Polycom has been advised of the possibility of such damages. End User License Agreement BY USING THIS PRODUCT, YOU ARE AGREEING TO THE TERMS OF THE END USER LICENSE AGREEMENT (EULA) AT: http://documents.polycom.com/indexes/licenses. IF YOU DO NOT AGREE TO THE TERMS OF THE EULA, DO NOT USE THE PRODUCT, AND YOU MAY RETURN IT IN THE ORIGINAL PACKAGING TO THE SELLER FROM WHOM YOU PURCHASED THE PRODUCT. Patent Information The accompanying product may be protected by one or more U.S. and foreign patents and/or pending patent applications held by Polycom, Inc. Open Source Software Used in this Product This product may contain open source software. You may receive the open source software from Polycom up to three (3) years after the distribution date of the applicable product or software at a charge not greater than the cost to Polycom of shipping or distributing the software to you. To receive software information, as well as the open source software code used in this product, contact Polycom by email at [email protected]. Customer Feedback We are striving to improve our documentation quality and we appreciate your feedback. Email your opinions and comments to [email protected]. Polycom Support Visit the Polycom Support Center for End User License Agreements, software downloads, product documents, product licenses, troubleshooting tips, service requests, and more.


3

REVISION HISTORY ............................................................................................................................................ 4

INFORMATION ELEMENTS .................................................................................................................................. 4

TOUCH PLUS FEATURE OVERVIEW ....................................................................................................................... 5

ONE TOUCH DIAL FEATURE OVERVIEW ................................................................................................................ 7

REQUIRED SKILLS .............................................................................................................................................. 7

HARDWARE AND SOFTWARE DEPENDENCIES ......................................................................................................... 8

REQUIREMENTS ............................................................................................................................................... 8

MICROSOFT EXCHANGE ROOM RESOURCE MAILBOX REQUIREMENTS FOR HDXS ........................................................ 9

MICROSOFT EXCHANGE SERVICE MAILBOX REQUIREMENTS FOR ONE TOUCH DIAL FUNCTIONALITY ............................. 11

MICROSOFT WINDOWS SERVER 2016 INSTANCE REQUIREMENTS .......................................................................... 12

HDX CONFIGURATION REQUIREMENTS .............................................................................................................. 12

DNS REQUIREMENTS (OPTIONAL) ..................................................................................................................... 12

HTTP FORWARDING PROXY REQUIREMENTS (OPTIONAL) ..................................................................................... 13

FIREWALL REQUIREMENTS (OPTIONAL) .............................................................................................................. 13

OBTAINING THE POLYCOM WORKFLOW SERVER SOFTWARE .................................................................................. 14

INSTALLING POLYCOM WORKFLOW SERVER ........................................................................................................ 14

CONFIGURE WORKFLOW SERVER ONE TOUCH DIAL FEATURE ................................................................................ 15

CONFIGURE TOUCH PLUS FEATURE .................................................................................................................... 19

VALIDATING ONE TOUCH DIAL AND TOUCH PLUS CON FIGURATION ........................................................................ 22

DOWNGRADE REALPRESENCE TOUCH TO RELEASE 1.2.0.173 ............................................................................... 23

PAIRING THE REALPRESENCE TOUCH WITH TOUCH PLUS ....................................................................................... 24

TASK LIST ...................................................................................................................................................... 25

(OPTIONAL) ONE TOUCH DIAL HTTP FORWARDING PROXY CONFIGURATION ........................................................... 26

PRIVACY ....................................................................................................................................................... 27

(OPTIONAL) ADD A BACKGROUND IMAGE TO TOUCH PLUS .................................................................................... 30


4

REVISION HISTORY

Revision Date Author Details

Release 1.7.0

November 26, 2018 [email protected] 1.7.0 release

INFORMATION ELEMENTS

Polycom guides may contain the following icons to alert you to important information.

Name Icon Description

Note

The Note icon highlights information of interest or important information needed to be successful in accomplishing a procedure or to understand a concept.

User Tip

The User Tip icon highlights techniques, shortcuts, or productivity related tips for users.

Caution

The Caution icon highlights information you need to know to avoid a hazard that could potentially impact device performance, App functionality, or successful feature configuration.

Warning

The Warning icon highlights an action you must perform (or avoid) to prevent issues which may cause you to lose information or your configuration setup, and/or affect phone, video, or network performance.

Web Info

The Web Info icon highlights supplementary information available online such as documents or downloads on support.Polycom.com or other locations.

Troubleshooting

The Troubleshooting icon highlights information which may help you solve a relevant problem or to refer you to other relevant troubleshooting resources.

Settings/Decision Required

The Settings icon highlights settings you may need to choose for a specific behavior, to enable a specific feature, or to access customization options.

Polycom Best Practices

Polycom icon references recommendations for best practices.


5

TOUCH PLUS FEATURE OVERVIEW The Touch Plus app enables Polycom RealPresence Touch devices to be deployed as a user interface for Polycom HDXs. Touch Plus serves the Polycom Group Series Skype for Business user interface to the RealPresence Touch as web pages. Touch Plus may be configured to serve the default gray background or an uploaded custom image.

Polycom RealPresence Touch Workflow Server Touch Plus User Interface

RealPresence Touch devices pair with Touch Plus. Touch Plus emulates the Group Series pairing process, using the pairing credentials sent by the RealPresence Touch to identify the HDX to be controlled. Touch Plus interacts with HDXs via the Telnet and HTTP/HTTPS APIs.


6

Touch Plus enables the following functionality for HDX:

Dialing features • Dial from calendar/meeting reminder via

Join button • Dial from calendar for non-Join button

entry • Dial from dial pad. Enter a number or IPv4

address. Select camera icon for video, or telephone icon for PSTN

• Dial from new meeting. Enter a number, alias, URI or FQDN. Select camera icon for video, or telephone icon for PSTN

• Dial address book entry from new meeting. Enter text, select the search icon in the text bar

• Support for auto and manual call answer

In-call only features • Hang-up/disconnect • DTMF tones 0-9, * and # • Picture-in-Picture on/off, move and swap • Display Far-end name • Main far-end camera pan/tilt/zoom

controls

In or out of call features • Microphone mute toggle • Volume increase/decrease • Content start/stop for default content

input (PC input for HDX7000 models) • Local main camera pan/tilt/zoom • Eagle Eye Director auto-tracking camera

enable/disable

Information • Time (GMT offset derived from HDX) • HDX system name • HDX IPv4 address • HDX SIP address • RealPresence Touch IPv4 address • 5-minute meeting reminder

Warning. Touch Plus is not compatible with HDX based telepresence room solutions, such as RPX, TPX, OTX or ATX. Touch Plus is not compatible with HDX native Lync 2010/2013 integration.


7

ONE TOUCH DIAL FEATURE OVERVIEW

Touch Plus requires the Polycom One Touch Dial feature. One Touch Dial enables displaying of calendaring entries, with a join button for most popular conferencing services / providers platforms. Organizers simply schedule meetings, inviting attendees and the rooms, inserting their preferred conferencing provider details.

Example Microsoft Outlook with Skype for Business add-in

One Touch Dial retrieves the room calendar entries, identifies the join instructions, and sends the entries, instructions to display the join button and the associated dial string to the videoconferencing device.

Touch Plus feature works in conjunction with One Touch Dial to display calendar entries for the associated room, along with the join button.

REQUIRED SKILLS

Deploying Touch Plus requires planning and knowledge of H.323 and SIP videoconferencing technology, HDX devices, Polycom’s RealPresence Platform / Clariti solution, and Microsoft Exchange server. Note, this guide does not provide full administrative or maintenance procedures for Polycom devices or Microsoft Exchange email and calendaring, for full administrative procedures, consult the respective manufacturer’s documentation. This document assumes the reader has knowledge of the following:

• H.323 gatekeeper/SIP registrar call control, and Session Border Controller (SBC) solutions • Polycom HDX devices • Polycom RealPresence Platform / Clariti solution • Microsoft Exchange server


8

HARDWARE AND SOFTWARE DEPENDENCIES

Touch Plus has the following hardware and software dependencies: • Polycom Workflow Server App revision 1.7.0 or later • Windows Server 2016 to host the Polycom Workflow Server App

o 2 CPU’s or better o 8GB RAM or better o Google Chrome web browser for configuration of Touch Plus

• HDX devices with software release 3.1.12 or later • RealPresence Touch for each HDX equipped room • Microsoft Office 365 or on-premise Exchange Server • H.323/SIP call control platform, such as Polycom DMA • Polycom RealPresence Resource Manager (for centralized directory services) • Network Time Protocol (NTP services) for the Windows 2016 Server hosting the Polycom

Workflow Server App, and HDX devices REQUIREMENTS Deployment of Touch Plus requires the following:

• Exchange room resource mailbox for each room containing a HDX. DeleteComments attribute of Exchange calendar processing must be set to false for each room resource mailbox associated with a HDX

• Exchange user mailbox for One Touch Dial to perform calendar retrieval of room resource mailboxes. Account must be assigned Exchange Application Impersonation role

• Optional DNS A or CNAME record resolvable to the Windows 2016 Server hosting the Workflow Server App by Polycom RealPresence Touch and HDX devices

• Optional account for authenticating with HTTP forwarding proxy for deployments using a forwarding proxy for calendar retrieval from Office365 Exchange Online

• Network Access o Microsoft Remote Desktop (RDP) access to the Window Server hosting the Workflow

Server App for performing configuration tasks o HTTPS access to the Windows 2016 Server hosting the Workflow Server by Polycom

RealPresence Touch and HDX devices o HTTPS and Telnet (TCP/24) access to the Polycom HDX devices from the Windows 2016

Server hosting the Workflow Server App o HTTPS (or indirect via an HTTP forwarding proxy) access to Microsoft Exchange Web

Services (EWS) from the Windows 2016 Server hosting the Workflow Server o NTP access to a network time source from the Windows 2016 Server hosting the

Workflow Server App o DNS access from the Windows 2016 Server hosting the Workflow Server


9

MICROSOFT EXCHANGE ROOM RESOURCE MAILBOX REQUIREMENTS FOR HDXS

A room resource mailbox is required for each room containing a HDX. The room resource mailbox is created using the PowerShell cmdlet:

New-Mailbox -UserPrincipalName [email protected] -Alias room101 -Name "Meeting Room 101" -Room The Exchange mail tip feature may be used to educate users that the room is equipped with a videoconferencing device. For example, for deployments using the Polycom Clariti on-premise RealConnect feature, or Polycom Cloud RealConnect Interop Service for Skype for Business, the mail tip may be configured via the Exchange PowerShell cmdlet as follows:

Set-Mailbox -Identity room101 -MailTip "This room is equipped with a videoconferencing device. Please send a Skype for Business Online Meeting request”

A detailed explanation of mailbox creation and associated attributes is available via the Microsoft TechNet website.

For room and equipment resource mailboxes created using the PowerShell cmdlet, the Microsoft calendar attendant and resource booking attendant are enabled via PowerShell cmdlet. The calendar attendant default behavior is to delete the body (comments) of accepted meeting invitations, thereby removing the join instructions for many supported conferencing / service providers. This behavior is disabled via the PowerShell cmdlet.

Set-CalendarProcessing –identity room101 –AutomateProcessing AutoAccept –deleteComments $false

The calendar attendant by default replaces the meeting subject with the name of the meeting organizer. Though this does not impact operation of the solution, this behavior may also be disabled using the PowerShell cmdlet:


10

Set-CalendarProcessing –identity room101 –DeleteSubject $false –AddOrganizerToSubject $false

A detailed explanation of the Set-CalendarProcessing PowerShell cmdlet and associated attributes is available via the Microsoft TechNet website.

Microsoft Outlook 2010 introduced room finder functionality enabling users to locate an available room within a given location through the association of room resource mailboxes with distribution groups. In this example Meeting Room 101 will be assigned to distribution group Westminster VC Rooms using the PowerShell cmdlet:

Add-DistributionGroupMember –Identity “Videoconferencing Rooms” –Member room101

An overview of the room finder feature is available via the blog Get a Room! Enable Room Finder with Room List Distribution Groups posted on the Microsoft TechNet website.


11

MICROSOFT EXCHANGE SERVICE MAILBOX REQUIREMENTS FOR ONE TOUCH DIAL FUNCTIONALITY

One Touch Dial requires an Exchange user mailbox for retrieval calendar entries sent to the HDX equipped rooms. The service account and mailbox are created using the PowerShell cmdlet:

New-Mailbox -Alias workflow.server -Name "Workflow Server" -FirstName Workflow -LastName Server -DisplayName "Workflow Server" -UserPrincipalName [email protected] -Password (ConvertTo-SecureString -String Polycom12#$ -AsPlainText -Force)

A detailed explanation of Microsoft New-Mailbox PowerShell cmdlet and associated attributes is available via the Microsoft TechNet website.

The password of the service account it will be set to never expire using the AD PowerShell cmdlet: Set-AdUser –Identity workflow.server -PasswordNeverExpires $true

A detailed explanation of Microsoft Set-ADUser PowerShell cmdlet and associated attributes is available via the Microsoft TechNet website.

The Workflow Server utilizes the Exchange role-based access control (RBAC) Application Impersonation role for retrieval of the calendar items of the room resource mailboxes. The role is created and assigned to the Workflow Server using the PowerShell cmdlet:

New-ManagementRoleAssignment -name:WorkflowServerImpersonation -Role:ApplicationImpersonation -User:workflow.server

A detailed explanation of Microsoft Exchange Application Impersonal Role PowerShell cmdlet and associated attributes is available via the Office Dev Center website.


12

MICROSOFT WINDOWS SERVER 2016 INSTANCE REQUIREMENTS Touch Plus is a feature of Workflow Server, a Windows Server application. The Windows Server 2016 instance made available for hosting the application must be allocated at least the following resources:

• 2 vCPUs 4Ghz reservation or better • 8GB RAM or better • 40GB storage or better

Workflow Server requires installation of Google Chrome web browser for performing configuration tasks.

Touch Plus is configured to listen for HTTPS pairing and web page requests from the Polycom RealPresence Touch devices on TCP port 443. The app automatically assigns a TCP/443 exclusion to Windows Firewall.

Windows Server Internet Information Services (IIS) role is not a requirement for the Workflow Server. Installation of IIS may conflict with Touch Plus if it listens for HTTPS connections on TCP port 443.

HDX CONFIGURATION REQUIREMENTS

Touch Plus supports HDX software releases 3.1.12 and later. Touch Plus communicates with the HDX using HTTP or HTTPS, and the Telnet API interface on TCP port 24. The security profile must be set to medium, low or minimum (default), and the security mode checkbox must be unchecked.

Selecting the high or maximum-security profile options, forces selection of the security mode checkbox, which disables support for Telnet and is therefore not supported. For further information on security profiles and the security mode checkbox refer to the HDX Administrator’s Guide.

DNS REQUIREMENTS (OPTIONAL)

RealPresence Touch devices may be configured to use a fully qualified domain name (FQDN) for pairing with Touch Plus. A DNS ‘A’ or CNAME record resolving to the Windows Server instance hosting the Workflow Server app is required for deployments using DNS.

Touch Plus uses the HOST field of the HTTP header received from the RealPresence Touch devices to match the configured Workflow Server environment. If the environment is configured with an FQDN, and the RealPresence Touch devices are configured to pair using an IPv4 address, pairing will fail. The Workflow Server logs will display ‘404 error, environment not found’.


13

HTTP FORWARDING PROXY REQUIREMENTS (OPTIONAL)

One Touch Dial supports all Microsoft supported Exchange deployments. One Touch Dial may be configured to derive Internet connectivity via a HTTP forwarding proxy, for use in environments comprising of a forwarding proxy and Microsoft Office 365 Exchange Online hosted mailboxes. One Touch Dial supports configuration of the Proxy URL and TCP port or configuration via a proxy auto-config (PAC) file URL, configuration of authentication credentials or anonymous use.

For deployments requiring authentication with a HTTP forwarding proxy, Polycom recommends using the same AD account as used by the Workflow Server for calendar retrieval

FIREWALL REQUIREMENTS (OPTIONAL)

For deployments where the Windows Server hosting Workflow Server resides in a firewall DMZ, the following firewall rule set must be implemented:

• Routed Microsoft RDP (TCP/3389) access to the Window Server hosting Workflow Server from computers on the internal network. RDP is required for performing configuration tasks

• Routed HTTPS (TCP/443) access to the Windows Server hosting Workflow Server from the RealPresence Touch and HDX devices

• Routed HTTP (TCP/80), HTTPS (TCP/443) and Telnet (TCP/24) access to the Polycom HDX devices from the Windows Server hosting Workflow Server

• Routed HTTPS (TCP/443) access to Microsoft Exchange Web Services (EWS) from the Windows 2016 Server hosting Workflow Server. For Microsoft Office365 Exchange Online deployments, the server will require routed HTTPS access to the Internet or routed TCP access to a HTTP forwarding proxy on the appropriate port, and any associated server used for retrieval of the proxy auto-config (PAC) file

• Routed NTP (UDP/123) access to a network time source from the Windows Server hosting Workflow Server

• Routed DNS (TCP&UDP/53) access to DNS services from the Windows Server hosting Workflow Server


14

OBTAINING THE POLYCOM WORKFLOW SERVER SOFTWARE

Polycom distributes the Workflow Server application via support.polycom.com. https://support.polycom.com/content/support/north-america/usa/en/support/network/workflow-server/polycom-workflow-server.html

Installation of Workflow Server features is performed by Polycom Global Services.

Selecting the Workflow Server Software link, prompts the user to sign-in. Once signed in, the user is provided with links for the current and previous releases of Workflow Server software. Touch Plus feature requires Workflow Server software release 1.7.0 or later. The first time a user attempts to download the Workflow Server software they will be prompted to enter the download password. The

password can be obtained from the Polycom Global Services project team.

INSTALLING POLYCOM WORKFLOW SERVER

Workflow Server is made available by Polycom as a MSI file for installation on a Windows Server 2016 operating system. To install the application requires a logon to the server with Administrator privileges. The Workflow Server installation wizard guides the installer to select an installation folder. The application is installed and configured to run as a service, using the Local System account, and automatically start on startup.

Once installed, configuration of Workflow Server is performed with Google Chrome web browser, via the URL https://localhost/admin. To access the configuration interface login with the default username and password admin.

Admin UI sessions expire after 90 minutes of inactivity. Activity comprises of either selecting save or selecting a tab. Performing configuration without selecting save within 90 minutes will result in the configuration settings being lost, therefore select save frequently whilst performing configuration tasks.


15

CONFIGURE WORKFLOW SERVER ONE TOUCH DIAL FEATURE

Workflow Server Touch Plus feature leverages the Workflow Server One Touch Dial feature to display the room calendar and join button functionality for conferences. One Touch Dial is highly configurable, capable of enabling join button functionality for many conferencing solutions, supporting both Microsoft Exchange and Google G Suite Gmail calendaring solutions. The following sample configuration enables calendar retrieval from Microsoft Office365 Exchange Online, with click-to-join for Polycom RealConnect Cloud Interop Service for Microsoft Skype for Business and Teams. For other deployment examples refer to the Polycom support website.

Polycom Workflow Server One Touch Dial configuration guides are available via the support.polycom.com website.

One Touch Dial uses environments to define the processing of calendaring requests. To create an environment, select the environment tab, followed by + Add new. The service fully qualified domain name (FQDN) field defines the name of the Workflow Server environment. The environment may be defined as a FQDN or an IPv4 address.

Workflow Server uses the HOST field of the HTTP header received from Polycom RealPresence Touch devices to match the configured environment. If the Workflow Server environment is configured with an FQDN, and the RealPresence Touch devices are configured to pair using an IPv4 address, pairing will fail. The Workflow Server logs will display ‘404 error, environment not found’.


16

The settings properties drop down menu is used to define the attributes to be configured within the environment.

The Calendar Provider, Rules and Credentials attributes are used within this configuration example. Having selected the desired attributes reselect properties to hide the menu and continue with the configuration.

The Calendar Provider defaults to cloud calendar server.

For Office 365 Exchange Online deployments, select o365 from the drop-down list of providers.

Credentials define how entities requesting calendaring services authenticate with One Touch Dial, and the credentials used by One Touch Dial for performing the calendar retrieval.

A realm (Realm 1) must be added to the configuration.

Select properties for the realm and check the Realm or Domain, and Users options. Select properties a second time to minimize.


17

The realm field is configured to match the domain of the credentials sent by the entity requesting calendaring services.

Microsoft does not require an O365 subscription or Exchange Client Access License (CAL) for room/equipment resource mailboxes if the associated AD user object is disabled. Setting

the realm as local enables One Touch Dial to perform authentication without Active Directory.

The challenge user and challenge password fields of users are configured to match the credentials sent by the entity requesting calendaring services.

In this configuration example One Touch Dial will be configured to match any username, therefore the challenge user will be populated with asterisk. The password will be set to a common password such as Polycom12#$, to be used by all entities requesting calendaring services.

The credentials section of users is used to define the credentials used by One Touch Dial to perform calendar retrieval. Select properties and check the username, password and impersonation options. Select properties a second time to minimize.

The username field is configured with the user principle name (UPN) of the Office 365 Exchange Online account to be used by One Touch Dial for retrieval of the room resource calendar items. Populating the username as a UPN enables Office 365 to use the domain suffix of the username to determine the tenancy.

The password field is populated with the associated password of the username above.

Impersonation instructs One Touch Dial to use the Exchange Application Impersonation role via Exchange Web Services, for retrieval of calendar entries.


18

One Touch Dial match rules define the meeting invitation types to be enabled with a join button. The configuration example below uses the Polycom RealConnect cloud gateway service for Office365 Skype for Business and Teams.

The Polycom RealConnect cloud gateway service enables H.323 and SIP compatible videoconferencing/telepresence devices, to participate in Skype for Business or Teams Online Meetings. When the organizer schedules Skype for Business or Teams meetings, the gateway service automatically inserts into the invitation join instructions for videoconferencing and telepresence devices.

The One Touch Dial ‘Polycom® RealConnect™ for Office365’ match rule inspects the body of retrieved calendar entries for the additional text added by the Polycom RealConnect cloud gateway service. If found, the match rule instructs the entity making the calendar request to display the join button and the associated dial string for connecting to the service. The match rule is added by selecting +Rule.

Select properties for the rule and uncheck all options except match type. Select properties a second time to minimize.

Select ‘Polycom® RealConnect™ for Office 365’ as the match type from the associated drop down menu,.

The match rule configuration instructs the device join button to dial the using the devices default call protocol. The device may be configured to dial using H.323 or SIP by adding the protocol option to the match rule properties.

Select Save to save the configuration. This completes configuration of the One Touch Dial feature.


19

CONFIGURE TOUCH PLUS FEATURE The Touch Plus feature is enabled on Workflow Server via the System Services tab.

Within System Services, select the touchplus service. If enabled is reported within the text entry field as false, change the configuration value to true, and select save.

If upgrading from an earlier release of Workflow Server it may be necessary to manually add the ‘touchplus’ service.

Touch Plus Rooms define the locations equipped with a RealPresence Touch and HDX. The configuration of Rooms comprises of:

• The email address of the corresponding Exchange room resource mailbox calendar • IP address, username and password for the HDX • Username and password to be sent by the RealPresence Touch during pairing

To create a Room, select the Rooms tab, followed by + Add new.

The Room Settings properties drop down menu is used to define the attributes to be configured. Check all options, followed by properties a second time to minimize.

The Enabled checkbox is used to enable or disable the Touch Plus feature for a given Room and should be enabled. When disabled, a RealPresence Touch device will not be able to pair using the credentials for the room, Touch Plus will not use the One Touch Dial functionality to periodically poll for calendar updates for the room, and Touch Plus will not communicate with the associated HDX device.


20

The name and description fields are used to provide a friendly name and additional information related to the room.

The environment field defines the One Touch Dial environment to be used by the Touch Plus Room entry for retrieval and processing of calendar entries. The environment created in the One Touch Dial feature configuration section will be selected from the dropdown.

Mailbox properties set the attributes used to define the retrieval of calendar entries via the One Touch Dial environment.

From the Properties menu check all options except Auto Connect. Select Properties a second time to minimize the menu.

For each Room the mailbox settings are configured as follows.

The email field is used to define the primary SMTP email address for the room.

Domain, username and password define the credentials for authenticating with the One Touch Dial environment. The domain is configured as local to match the realm/domain setting defined during the One Touch Dial configuration. The username maybe set to any value, matching the asterisk (wildcard) defined during the One Touch Dial configuration. The password is set to Polycom12#$ to match the value defined during the One Touch Dial configuration.

Poll frequency defines the polling interval used by Touch Plus to check for calendar

updates of the subscribed room resource mailbox.


21

Subscription timeout defines in minutes the time to live sent to Exchange for the mailbox subscription. The attribute supports values of between 1 and 1440. The recommended value is 1440 (24 hours).

User credentials define the username and password sent by the RealPresence Touch when pairing with Touch Plus.

Each Touch Plus room must be defined with a unique username, as it is used by the application to associate a RealPresence Touch with a given room.

Devices define the HDX to be controlled for a given Touch Plus Room.

The name field is populated with a descriptive name for the HDX. The device type is set as HDX from the dropdown menu. Protocol defines the protocol used for sending API commands to the HDX and can be set as HTTP or HTTPS. IP defines the IPv4 address of the HDX. Username and password define the admin credentials of the HDX.

Touch plus uses the HDX Telnet API - TCP/24 to track the device state. In a later release all API commands will be sent using Telnet.

Device types other than HDX are currently not supported

Select Save to save the room configuration. Repeat as necessary for all rooms to be enabled with Touch Plus functionality. This completes configuration of the Touch Plus feature.


22

VALIDATING ONE TOUCH DIAL AND TOUCH PLUS CON FIGURATION The Workflow Server Status tab is used to validate the One Touch Dial and Touch Plus configuration.

Listed under the environment workflowserver.myrpp.cloud in the example shown, are the In and Locations folders.

The In (active) list reports successful calendar retrieval connections to Microsoft Exchange. If One Touch Dial is unable to perform the calendar retrieval for a given room it will be listed temporarily under In authenticated if the entity provided valid credentials or In unauthenticated if the credentials provided did not match the One Touch Dial challenge auth realm/domain,

username and password fields.

The locations tab lists each successfully authenticated rooms and the status of the corresponding HDX. If Touch Plus is unable to communicate with the HDX the status will be reported as Offline.

Touch Plus functionality can be testing in a Google Chrome web browser by browsing to https://<environmentFQDN>/touch/index.html. If configured correctly, Touch Plus will prompt the user for user credentials. Upon entering the pairing username and password, the browser will display the Touch Plus user interface for the corresponding room.

When viewing the Touch Plus user interface in a browser, the positioning of elements may appear incorrect. This is expected behavior as the layout has been optimized for display on a RealPresence Touch.


23

DOWNGRADE REALPRESENCE TOUCH TO RELEASE 1.2.0.173 Touch Plus requires the RealPresence Touch devices to use operating system release1.2.0. The steps to downgrade the RealPresence Touch are as follows are as follows:

1. Download the Polycom RealPresence Touch Software Version 1.2.0 2. Copy the .tar file to the root directory of a USB storage device and insert into the RealPresence

Touch USB port 3. Using a pin or paperclip, insert and hold in the factory reset button hole 4. Whilst continuing to press the factory reset button, press and hold the other reset button. After

3 seconds the panel screen will go blank, indicating the panel is rebooting. Continue to hold the factory reset button for a further 5 seconds, releasing after the RealPresence Touch displays the Polycom logo

5. After a few seconds the RealPresence Touch display will update and commence the factory restore software installation

6. Once the process is complete, the RealPresence Touch will revert to the Language selection page.

a. Select American English b. Select create new password and set the desired admin password for the RealPresence

Touch c. Configure the Network settings as appropriate for the installation

7. Enter the pairing information, to pair the RealPresence Touch with Touch Plus a. Device Address - enter the FQDN or IPv4 address as configured in the One Touch Dial

environment b. Admin ID – enter the unique username as defined under the Touch Plus > Rooms > User

Credentials for the associated location c. Password – enter the corresponding password associated with the username entered in

step b. d. Select Pair

3 Reset Button

2 Factory Reset Button

1 USB Drive


24

PAIRING THE REALPRESENCE TOUCH WITH TOUCH PLUS Touch Plus emulates Group Series pairing, enabling RealPresence Touch devices to pair. The process for pairing a RealPresence Touch is as follows:

1. Device Address - enter the FQDN or IPv4 address as configured in the One Touch Dial environment 2. Admin ID – enter the unique username as defined under the Touch Plus > Rooms > User

Credentials for the associated location 3. Password – enter the corresponding password 4. Select Pair

Upon successful pairing the RealPresence Touch will display the Group Series Skype for Business user Interface.


25

TASK LIST The following task list may be used tracking the activities required for successful deployment of Touch Plus.

Task Notes Windows Server Tasks

Creation of Windows Server 2016 instance with 2x CPUs, 8GB RAM and Google Chrome Web browser

Assign videoconferencing admin performing configuration admin/team rights for the host and remote desktop connectivity

Microsoft Exchange Tasks Creation of Microsoft Exchange room resource mailbox for each room equipped with a Polycom HDX videoconferencing device

Configuration of Microsoft Exchange Calendar Processing -DeleteComments attribute as false for all room resource mailboxes associated with a HDX

Creation of Microsoft AD user account, password set to never expire and Exchange user mailbox for Polycom One Touch Dial feature

Creation of Microsoft Exchange Application Impersonation role with default write scope. Assign One Touch Dial user account Application Impersonation role

Optional Network Services Tasks (Optional) Create a DNS record for Polycom Workflow Server resolving to the Windows Server 2016 host where the application will be installed

(Optional) Implement firewall rules as defined in the network requirements section, for deployments whereby workflow server is to be deployed within a firewall DMZ

(Optional) Provide HTTP proxy configuration details for deployments whereby workflow server is to retrieve calendar entries from Office365 Exchange Online and the organization uses an HTTP forwarding proxy

Videoconferencing Team Tasks Create a list of rooms equipped with HDXs, comprising of room name, primary SMTP address of room resource mailbox, HDX IPv4 address and admin password

Downgrade RealPresence Touch devices to software release 1.2.0.173 and deploy in HDX equipped meeting/conference rooms

Download Workflow Server software release 1.7.0 or later from support.polycom.com and copy to the Windows Server 2016


26

(OPTIONAL) ONE TOUCH DIAL HTTP FORWARDING PROXY CONFIGURATION For deployments whereby One Touch Dial is to retrieve calendar entries from Office365 Exchange Online and the organization uses an HTTP forwarding proxy, the proxy must be defined within the One Touch Dial configuration. Select the Environments tab, followed by the environment created during the One Touch Dial configuration. Select Settings Properties, check the Forward Proxy option and select properties a further time to minimize the properties options.

Select the Froward Proxy properties, to add the attributes required for the deployment.

The Proxy URL and port field is used/required for deployments where the proxy settings will not be configured using a proxy auto-config (PAC) file. For example, a Squid forwarding proxy could be defined as http://squid.myrpp.cloud:3129

The Proxy Auto-Config (PAC) field is used/required whereby the forwarding proxy settings are to be derived from a .pac file. The field defines the path to the file. For example, http://server.myrpp.cloud/proxy-auto-config.pac

The Proxy credentials are used to define the username and password for deployments whereby the host must authenticate with the

proxy. For example, the username may be defined as domain\user or as a UPN.

For deployments using a forward proxy, Workflow Server will attempt to route all HTTP packets to the forwarding proxy, unless the host is defined by a proxy exclusion rule within a PAC file. This includes HTTP packets to HDXs for Touch Plus functionality. It is therefore recommended to use a PAC file for all deployments including a forwarding proxy.


27

PRIVACY Polycom Workflow Server processes, displays and stores Personally Identifiable Information in delivery of it features. The information shown within the user interface and logs relates to the processing of calendar entries.

1. Privacy-related options

Option name in UI Available settings Location in UI Clear logs Yes Logs tab of admin UI access via https://localhost/admin

2. How Data Subject Rights are supported

Data Subject Right Method of support Right to be informed of the following:

Polycom Workflow Server accesses and may generate log files containing the following information:

• Information contained in calendar entries, such as organizer, attendees and room names and email addresses, information populated in the subject or body, conference URIs

• Domain account information for calendar retrieval or generation of calendar entries

• IP addresses of personal or room devices when performing calendar retrieval

The above personal data is used for retrieval and displaying calendar entries on videoconferencing devices via the Polycom OTD and Touch Plus features, Scheduling videoconferences via the Easy Schedule feature, and in managing conferences via the RealPresence Meeting Director feature. Personal data may be written to the Workflow Server logs or configuration files. The data can be accessed for review by downloading the logs from the Workflow Server Admin UI Logs tab, downloading the configuration from the Admin UI Tools tab, and browsing to the c:\programdata\polycom\workflow server folder. Information written to the app.log files comprises of 4 log files rotated when the server restarts, every 2 hours, when a file reaches 200 megabytes or when the combined file size of the 4 logs reaches 800 megabytes. Information written to the configuration and log files is not shared automatically. A user with access to the server may review the log files and configuration and may elect to download and share with Polycom or a partner for support purposes. Before doing so they should review and delete any personal information. Data Subjects have a right to be notified when their data has been processed without authorization. The product administrator is able to monitor and identify when security anomalies have occurred. See the "How an admin can be informed of any security anomalies (including data breach)" table in this guide. By using the Products and Services or providing Personal Information to us, you agree that we may communicate with you electronically regarding security, privacy, and administrative issues relating to your use of the Products and Services. If we learn of a security system’s breach, we may attempt to notify you electronically by posting a notice on the Services or sending an email to you. You may have a legal


28

right to receive this notice in writing. To receive free written notice of a security breach (or to withdraw your consent from receiving electronic notice), please notify us at [email protected].

Right to access (view and / or obtain a copy of all personal data for a specific data subject)

Personal data may be written to the Workflow Server logs or configuration files. The data can be accessed for review by downloading the logs from the Workflow Server Admin UI Logs tab, downloading the configuration from the Admin UI Tools tab, and browsing to the c:\programdata\polycom\workflow server folder.

Right to rectification (make corrections to inaccurate or incomplete personal data)

Personal data may be written to the Workflow Server logs. Typically, the personal information such as name and email address are received from the organizations Microsoft active directory and/or Microsoft Exchange environments. Corrections should be made by contacting your local IT support.

Right to erasure (remove all personal data)

Personal data may be written to the Workflow Server logs or configuration files. The data can be accessed for review by downloading the logs from the Workflow Server Admin UI Logs tab, downloading the configuration from the Admin UI Tools tab, and browsing to the c:\programdata\polycom\workflow server folder. Information may be deleted by deleting the Workflow Server logs and/or uninstalling the workflow server application using add/remove programs and after successfully uninstalled deleting the c:\programdata\polycom\workflow server folder.

Right to data portability (receive a copy of all personal data in a commonly used, machine-readable format)

Personal data may be written to the Workflow Server logs or configuration files. The data can be accessed for review by downloading the logs from the Workflow Server Admin UI Logs tab, downloading the configuration from the Admin UI Tools tab, and browsing to the c:\programdata\polycom\workflow server folder.

3. Purposes for processing personal data

Personal Data Category

Type of Personal Data

Purpose of Processing Interface type

Calendar entries

name email address

Displaying calendars on videoconferencing devices, scheduling of videoconferences

Web UI writing to log files for troubleshooting


29

4. How admin can be informed of any security anomalies (including data breach)

Security anomaly type

Where to check Recommended frequency to check

System crash OTD enabled Videoconferencing devices no longer display calendar, Users or Easy Schedule, RealPresence Meeting Director or Touch Plus report user interface no longer responding Error will appear in system log file

Upon report from user of an issue. Check log file just after reboot

5. How customer personal data is deleted

Data type Steps to delete Deletion method

User credentials If using Workflow Server local user accounts, delete credentials from c:\programdata\polycom\workflowserver\config\localusers.js

Deleting the file and saving overwrites the original

User calendar for display on videoconferencing device

If using a personal Cisco videoconferencing device, delete the agent from Workflow Server admin UI. If using a Polycom device, delete the user credentials from calendaring config page or remove calendar provisioning from RealPresence Resource Manager configuration

Deleting the agent overwrites the original agents.js file

Log files Personal data may be written to the Workflow Server logs. The logs can be deleted from the admin UI Logs tab

Files are rewritten as blank files


30

(OPTIONAL) ADD A BACKGROUND IMAGE TO TOUCH PLUS Touch Plus supports the use of a custom wallpaper file as a replacement for the dark gray background.

The custom wallpaper file should be a JPEG file 1920x1080 pixels and named wallpaper.jpg. Copy the file to the c:\programdata\polycom\workflowServer\touchplus\ folder of the Windows Server and repair the RealPresence Touch devices.

Touch Plus supports a single wallpaper file per Workflow Server deployment.

Documents

Configuration Guide - Touch Plus for HDX Workflow Server ... · HDX devices, Polycom’s RealPresence Platform / Clariti solution, and Microsoft Exchange server. Note, this guide