RealPresence CloudAXIS™ Suite - Polycom...(including without limitation, damages for loss of business profits, business interruption, or loss of business information), even if Polycom

Polycom, Inc. 1

ADMINISTRATOR’S GUIDE

RealPresence® CloudAXIS™ Suite

Software 1.5.0 | May 2014 | 3725-03273-005 Rev. B

RealPresence® CloudAXIS™ Suite Administrator’s Guide Release 1.5.0

Polycom, Inc. 2

Copyright ©2014, Polycom, Inc. All rights reserved. No part of this document may be reproduced, translated into another language or format, or transmitted in any form or by any means, electronic or mechanical, for any purpose, without the express written permission of Polycom, Inc.

6001 America Center Drive

San Jose, CA 95002

USA

Trademarks

Polycom®, the Polycom logo and the names and marks associated with Polycom products are trademarks and/or service marks of Polycom, Inc. and are registered and/or common law marks in the United States and various other countries. All other trademarks are property of their respective owners. No portion hereof may be reproduced or transmitted in any form or by any means, for any purpose other than the recipient's personal use, without the express written permission of Polycom.

End User License Agreement

By installing, copying, or otherwise using this product, you acknowledge that you have read, understand and agree to be bound by the terms and conditions of the End User License Agreement for this product.

Patent Information

The accompanying product may be protected by one or more U.S. and foreign patents and/or pending patent applications held by Polycom, Inc.

Open Source Software Used in this Product

This product may contain open source software. You may receive the open source software from Polycom up to three (3) years after the distribution date of the applicable product or software at a charge not greater than the cost to Polycom of shipping or distributing the software to you. To receive software information, as well as the open source software code used in this product, contact Polycom by e-mail at [email protected].

Disclaimer

While Polycom uses reasonable efforts to include accurate and up-to-date information in this document, Polycom makes no warranties or representations as to its accuracy. Polycom assumes no liability or responsibility for any typographical or other errors or omissions in the content of this document.

Limitation of Liability

Polycom and/or its respective suppliers make no representations about the suitability of the information contained in this document for any purpose. Information is provided “as is” without warranty of any kind and is subject to change without notice. The entire risk arising out of its use remains with the recipient. In no event shall Polycom and/or its respective suppliers be liable for any direct, consequential, incidental, special, punitive, or other damages whatsoever (including without limitation, damages for loss of business profits, business interruption, or loss of business information), even if Polycom has been advised of the possibility of such damages.

Customer Feedback

We are striving to improve our documentation quality and we appreciate your feedback. E-mail your opinions and comments to [email protected].

Visit the Polycom Support Center for End User License Agreements, software downloads, product documents, product licenses, troubleshooting tips, service requests, and more.

Polycom, Inc. 3

Contents

About This Guide ...................................................................................................... 6

Conventions Used in this Guide ...................................................................................... 6

Terms and Writing Conventions ...................................................................................... 6

Information Elements ........................................................................................................ 7

Typographic Conventions ................................................................................................ 7

Get Started ................................................................................................................. 9 CloudAXIS Services and Experience Portals .................................................................................. 9

The RealPresence Platform .............................................................................................. 9 CloudAXIS Components ................................................................................................................ 10 RealPresence Platform Components ............................................................................................. 10

System Requirements ..................................................................................................... 12 Minimum Requirements ................................................................................................................. 12 Server Requirements ..................................................................................................................... 14 Ports and Protocols ........................................................................................................................ 14

Setup Worksheets ........................................................................................................... 16

Help and Support Resources ......................................................................................... 22

Set Up the Portals ................................................................................................... 23 Deploy, Start, and Configure the Portals ....................................................................................... 23

Deploy the *.OVA Packages ........................................................................................... 24

Open the Services Portal ................................................................................................ 25

Open the Experience Portal ............................................................................................ 25

Configure the Services Portal ........................................................................................ 26 Configure Portal Settings ............................................................................................................... 26 Import Settings from an Existing CloudAXIS Environment ............................................................ 26 Synchronize the Time .................................................................................................................... 27 Configure a Connection to an LDAP Server .................................................................................. 27 Set up Single Sign-On (SSO) ........................................................................................................ 29 Set Web Locations for the Services and Experience Portals ........................................................ 32 Set a Connection to the SMTP Server ........................................................................................... 33 Connect CloudAXIS Instances to an Existing Polycom DMA System and RPAD Server ............. 34 Set the Date and Time ................................................................................................................... 38

Update Services Portal Software ................................................................................... 38 Apply a New Software Version to an Existing Services Portal ...................................................... 39 Migrate Current Settings to the New Services Portal .................................................................... 39 Configure HTTP Forward Proxy Settings ....................................................................................... 40

Configure the Experience Portal .................................................................................... 41 Set the Portal Web Addresses ....................................................................................................... 42 Set Authentication Rules ................................................................................................................ 43 Set Up Authentication with the Service Portal ............................................................................... 44 Set Conference Lobby Rules ......................................................................................................... 45 Add a DMA Agent .......................................................................................................................... 46


Polycom, Inc. 4

Configure Conference Settings ...................................................................................................... 47 Set the Server Date and Time ....................................................................................................... 51 Assign an IP Address ..................................................................................................................... 51

Apply Experience Portal Settings .................................................................................. 52

Update Experience Portal Software ............................................................................... 52 Import Settings from an Existing Experience Portal Instance ........................................................ 52 Export Current Experience Portal Settings .................................................................................... 53

Administer the Services Portal .............................................................................. 54

Manage Trust Certificates ............................................................................................... 54 Generate Certificates and CSRs in the Services Portal ................................................................ 54 Work with Logs ............................................................................................................................... 58

Activate CloudAXIS Licenses ......................................................................................... 59

Customize E-mail Templates .......................................................................................... 66 HTML Variables Used in E-mail Templates ................................................................................... 68 Reset an E-mail Template ............................................................................................................. 70

Enable or Disable Social Policies .................................................................................. 71

Add Language Packs to the Services Portal ................................................................ 72

Administer the Experience Portal .......................................................................... 73

Manage Trust Certificates and CSRs ............................................................................. 73 Generate a Certificate Signing Request (CSR) on the Experience Portal ..................................... 73 Upload a Certificate on the Experience Portal ............................................................................... 74 Download a CSR for Signing ......................................................................................................... 75 View, Download, and Delete Certificates in the Experience Portal ............................................... 75

Add Language Packs to the Experience Portal ............................................................ 76

Manage Experience Portal Log Files ............................................................................. 77 Set the Log Level ........................................................................................................................... 77 Download and View Log Files ........................................................................................................ 77

Manage User Accounts .......................................................................................... 78

Account Roles ................................................................................................................. 78 Change System Administrator Settings ......................................................................................... 79 Create Accounts ............................................................................................................................. 79 Add Active Directory Users ............................................................................................................ 80 Add Local Users ............................................................................................................................. 80

Edit User Accounts ......................................................................................................... 81 Edit an Account Imported from the Active Directory ...................................................................... 81 Edit a Locally Created User Account ............................................................................................. 81

Delete a User Account .................................................................................................... 82

Change Your Password .................................................................................................. 82

Reset a User Password ................................................................................................... 83

Provide Secure Access for Guest and Remote Users ......................................... 84

Secure Web Access ........................................................................................................ 84

Tunnel Access for Remote Users .................................................................................. 84

Secure SIP Access for Guests ....................................................................................... 85 Edge Proxy Access for Guests ...................................................................................................... 86


Polycom, Inc. 5

Additional Recommendations to Increase Security ....................................................................... 86

Services Portal Cookies .................................................................................................. 87

Experience Portal Cookies ............................................................................................. 87

Troubleshoot the Services Portal .......................................................................... 89

Enable Social Media Contacts ............................................................................... 92

Create a Google Talk App ............................................................................................... 92

Create a Facebook App ................................................................................................... 95

Get Help ................................................................................................................... 99 Polycom and Partner Resources ................................................................................................... 99 The Polycom Community ............................................................................................................... 99

DMA Factory Conference Settings Impact .......................................................... 100

Restricted Shell ..................................................................................................... 103

Use Cases ...................................................................................................................... 103 Use Case - Change system hostname ........................................................................................ 104 Use Case - Log collection ............................................................................................................ 104 Use Case - Copying the generated logs to a different server ...................................................... 104 Use Case - Access log files ......................................................................................................... 105 Use Case - Change the password of the caxis user .................................................................... 105 Use Case - Configure system NTP settings ................................................................................ 105 Use Case - Quick sync system date-time with a specific NTP server ......................................... 106 Use Case - Show product version ............................................................................................... 106 Use Case – Regenerate certificates ............................................................................................ 106 Use Case - Change system timezone ......................................................................................... 107 Use Case - Restart services ........................................................................................................ 108 Use Case - Set system date time ................................................................................................ 108 Use Case - View system network information ............................................................................. 109 Use Case - System network configuration is already set to use DHCP ...................................... 109 Use Case - Enable DHCP in a machine where DHCP is not enabled ........................................ 110 Use Case - Configure static IP address in a system where DHCP is in an enabled state .......... 110 Use Case - Configure static IP address in a system where DHCP is in a disabled state ........... 112 Use Case - Configure static IP address in a system where DHCP is in a disabled state with the currently assigned IP address ...................................................................................................... 114 Use Case - Attempt to configure manual DNS settings while DHCP is enabled in the system .. 116 Use Case - Use invalid network values ....................................................................................... 117 Use Case - Use an IP that is already assigned to a machine in the same network .................... 118 Use Case - Reboot system .......................................................................................................... 119 Use Case - Exit restricted shell .................................................................................................... 119 Use Case - Login timeout ............................................................................................................ 119

Third-Party Software ............................................................................................. 120

Polycom, Inc. 6

About This Guide

This guide uses a number of conventions that can help you to understand information and perform tasks.

Conventions Used in this Guide This guide contains terms, graphical elements, and typographic conventions. Familiarizing yourself with these terms, elements, and conventions will help you successfully perform tasks.

Terms and Writing Conventions As you read this guide, you will notice some terms and conventions used repeatedly. Familiarize yourself with these terms and conventions so you understand how to perform administration tasks.

Terms Used in this guide

Term Definition

Apache Tomcat An open-source web server and application container that runs the Services Portal application.

Experience Portal The meeting conference interface. It is referred to in the user interface as the MEA (Meeting Experience Application).

FQDN The acronym for Fully Qualified Domain Name. An example of an FQDN is dma.example.com.

Network Time Protocol Server (NTP)

The NTP server sets the time and date settings for the Services Portal.

Nginx An HTTP server used to render static content and delegate requests to Apache Tomcat.

Services Portal The back-end, web server component of CloudAXIS™ that handles scheduling meetings, adding users, and adding contacts. It is referred to in the user interface as the WSP (Web Services Portal).

Virtual Edition Designates that a CloudAXIS Suite component is a software-based virtual machine.

Virtual meeting room (VMR)

A virtual meeting space that users and endpoints can join to participate in a multi-party videoconference. VMRs are identified and addressed by numeric IDs. A VMR may be personal or temporary. A personal VMR (also known as a persistent VMR) remains in existence indefinitely and can be used for different individual meeting events over time. A temporary VMR is created for a specific meeting or time period and is deleted once the meeting or time period has ended. See the Polycom DMA

7000 System Operations Guide.


Polycom, Inc. 7

Term Definition

VMR prefix Specifying a VMR prefix value allows the Services Portal and the Experience Portal to know where to direct requests concerning a particular VMR ID. For example, if DMA-1 had the dialing prefix specified as 1, and DMA-2 had no dialing prefix specified, all portal requests concerning VMRs with ID 1xxxx would be directed to DMA-1, and requests concerning any other VMR ID would be directed to DMA-2.

Information Elements This guide may include any of the following icons to alert you to important information.

Icons Used in this Guide

Name Icon Description

Note

The Note icon highlights information of interest or important information needed to be successful in accomplishing a procedure or to understand a concept.

Administrator Tip

The Administrator Tip icon highlights techniques, shortcuts, or productivity related tips.

Caution

The Caution icon highlights information you need to know to avoid a hazard that could potentially impact device performance, application functionality, or successful feature configuration.

Web Info

The Web Info icon highlights supplementary information available online such as documents or downloads on support.polycom.com or other locations.

Troubleshooting

The Troubleshooting icon highlights information that may help you solve a relevant problem or refer you to other relevant troubleshooting resources.

Settings

The Settings icon highlights settings you may need to choose for a specific behavior, to enable a specific feature, or to access customization options.

Typographic Conventions A few typographic conventions, listed next, are used in this guide to distinguish types of in-text information.

Typographic Conventions

Convention Description

Bold Highlights interface items such as menus, menu selections, window and dialog names, soft keys, file names, and directory names when they are involved in a procedure or user action. Also used to highlight text to be entered or typed.


Polycom, Inc. 8

Convention Description

Italics Used to emphasize text, to show example values or inputs (in this form: <example>), and to show titles of reference documents available from the Polycom Support Web site and other reference sites.

Blue Text Used for cross references to other sections within this document and for hyperlinks to external sites and documents.

Courier Used for code fragments and parameter names.

Polycom, Inc. 9

Get Started

The CloudAXIS Suite enhances the Polycom® RealPresence® Platform by providing access to a shared meeting and collaboration experience that can include users from the hosting organization and guests from outside the organization. The suite includes two virtualized server components: the Services Portal and the Experience Portal. This guide shows you how to deploy, configure, and manage both portal packages and create and manage user accounts.

Web Info: Access the online version of this document

An online version of this document is available on the Polycom Technet web site at http://support.polycom.com/PolycomService/home/home.htm.

CloudAXIS Services and Experience Portals Through the Services Portal, users create and participate in online video conference meetings. Users create meetings by logging into the Services Portal, selecting the type of meeting they want to create, setting the meeting parameters, and entering a list of participants to invite. In Services Portal, administrators can create and manage users and configure the components for online video conference meetings.

In the Experience Portal, users attend meetings and interact with features such as content sharing, group chat, and privacy settings.

The RealPresence Platform This section describes the RealPresence Platform, lists the deployment requirements, and provides worksheets that help you deploy and configure the Services Portal and Experience Portal. When you have completed the worksheets and are ready to deploy and configure the Services Portal, see Set Up the Portals.

This section is organized as follows:

The RealPresence Platform

System Requirements

● Ports and Protocols

● Setup Worksheets

● Help and Support Resources

The Polycom RealPresence Platform product suite enables standards-based videoconference collaboration between hardware and software endpoints from Polycom and other optional vendors. This implementation may include one or more of the components listed in the following table.


Polycom, Inc. 10

RealPresence Platform Components

Required or Optional

Polycom Platform Component Purpose

Required RealPresence Distributed Media Application, Virtual Edition Signaling, call control, and bridge virtualization

Required RealPresence Collaboration Server™, Virtual Edition MCU for hosting conferences

Optional RealPresence Resource Manager Provisioning and managing endpoints

Optional RealPresence Access Director™ solution* Firewall traversal

Optional RSS™ recording and streaming server Media recording

*An Acme Packet Net-Net Enterprise Session Director may also be used to secure firewall traversal.

CloudAXIS Components The Services and Experience Portals interoperate with RealPresence platform components, along with the following standard IT infrastructure elements provided by the deploying organization. The component list that follows is also illustrated in the accompanying figure.

Primary components of a CloudAXIS environment include are listed in the following table.

CloudAXIS Components

Component Description

Dynamic Host Configuration Protocol (DHCP) server

Assigns IP addresses to portal components and devices.

Domain Name System (DNS) server Allows the portals and other RealPresence Platform components to be found and referenced using domain names rather than IP addresses.

Lightweight Directory Access Protocol (LDAP) server

Allows the portals to be integrated with an LDAP-compatible directory (for example, a Microsoft Active Directory server) to facilitate user management and authentication.

Simple Mail Transport Protocol (SMTP) server

Enables the sending of meeting invitations and other user notifications, including login information and password resets and updates, via e-mail.

HTTP Reverse Proxy Server Allows web access to the CloudAXIS portals from outside the organizational firewall. For more information, see Provide Secure Web Access.

RealPresence Platform Components The following diagram shows the components required for the CloudAXIS Services and Experience Portals in the Real Presence platform. The diagram is color-coded as follows:


Polycom, Inc. 11

● CloudAXIS components Identified by light blue.

● Third-Party components Identified by orange.

● RealPresence components Identified by bright red.

● Endpoints Identified by dark red.

Polycom RealPresence Platform Components

Real Presence Platform Components and CloudAXIS

RealPresence Platform components work with the CloudAXIS Suite to enable users to create and participate in video conference meetings using a web browser or other hardware and software video endpoints, including mobile devices running the Polycom RealPresence Mobile application.

If a Polycom RSS server has been configured for the environment that is hosting the meeting, the creator of the meeting can record it, including all video streams, audio streams, and shared content.

The CloudAXIS Services Portal and Experience Portal

Meetings are scheduled in the Services Portal and attended through the Experience Portal. The Services Portal and Experience Portal run on one or more VMware ESXi 5.x hosts. Scheduling a meeting in the Services Portal requires user or administrative account access (see Understand Account Roles). Participating in meetings requires access only to the Experience Portal using a downloaded plug-in and a URL link sent in an e-mail or instant message.


Polycom, Inc. 12

CloudAXIS Users

Users can be added to the Services Portal locally or through integration with an enterprise Lightweight Directory Access Protocol (LDAP) server. With LDAP enabled, enterprise users can attend and host meetings on the Services Portal and to log into the Experience Portal using their domain network credentials.

CloudAXIS Meetings

Users log in to the Services Portal, select the Schedule option, choose meeting options, select the participants they want to invite, and then schedule a meeting. The Services Portal then contacts the DMA system to create a virtual meeting room (VMR) on a multipoint control unit (MCU) where all participants can join. Finally, via the configured SMTP server, the DMA sends out e-mail notifications to each invited participant. The invitation contains a URL link to the meeting and can include information for how to access meetings using Session Initiation Protocol (SIP), H.323, or ISDN. When the meeting takes place, the DMA system validates the VMR and routes the call to the destination RealPresence Collaboration Server so that users can join. When a user creates a meeting that starts immediately (ad hoc), an Experience Portal session opens and prompts the user to begin inviting participants.

CloudAXIS Meeting Contacts

Participants can be invited from an aggregated list of the meeting creator’s Facebook or Google Talk contacts if the Services Portal administrator has enabled and provisioned app-user credentials on the relevant service. If social media contacts are enabled, a user can invite Google or Facebook contacts to meetings that occur on the Experience Portal by downloading and installing plug-ins to enable integration with social-networking contacts.

All of the meeting creator’s online contacts populate the contacts list in the Experience Portal. When a contact is selected, a URL is sent to the contact on that social messaging service. The invited participants click the URL or paste it in to their browser to gain access to the meeting.

CloudAXIS System Deployment

The Services Portal and the Experience Portal are each packaged in *.OVA files that must be deployed on VMware ESXi hosts using vSphere tools (for example, VMware vCenter using the vSphere client).

System Requirements Before deploying the Services Portal and the Experience Portal, complete the setup worksheets and verify that your system meets the requirements outlined in the Minimum Requirements table that follows.

For help completing the worksheets, see Setup Worksheets.

Minimum Requirements The following table outlines minimum general requirements for servers and computers running the CloudAXIS platform


Polycom, Inc. 13

CloudAXIS Minimum System Requirements


RealPresence Platform Functioning RealPresence Platform with DMA and sufficient MCU capacity to meet the requirements of your user environment. For more information, see The RealPresence Platform.

Web browsers The following web browsers are supported:

Microsoft Internet Explorer v8.0 or higher

Mozilla Firefox v14.0 or higher

Google Chrome v11.0 or higher

Apple Safari v5.0.6 or higher

*.OVA file Latest Experience Portal *.OVA file, downloaded to your local machine and from the Polycom support site.

Latest Services Portal *.OVA file, downloaded to your local machine from the Polycom support site.

One or more ESXi hosts Must be version 5.0 or higher and support 64-bit VM installations.

Using a vSphere client, you must be able to access and administer VMware ESXi hosts either directly or via a vCenter host controller.

VMware vSphere vCenter controller

(Optional) A component of VMware’s cloud computing virtualization operating system.

Dynamic Host Configuration Protocol (DHCP)

Allows the portals to obtain IP addresses.

LDAP Server (Optional) Enables Enterprise authentication with users’ network credentials. At this time, the Services Portal supports integration only with Microsoft Active Directory.

This feature also enables administrators to import users from an enterprise LDAP server. The administrator can edit user roles or set user status as inactive. For information on user roles, see Understand Account Roles. For information on changing imported user accounts, see Edit an Account Imported from the Active Directory.

SMTP Server Enables the Services Portal to deliver e-mail meeting invites and other notifications such as user onboarding.

Edge Proxy If external guests will access the system across a firewall, a functioning firewall/Network Address Translation (NAT) traversal element such as RealPresence Access Director or Acme Packet Net-Net Enterprise Session Director is required. See The RealPresence Platform. This element must be provisioned to allow SIP guest access and, if desired, H.323 access to your DMA and MCUs.


Polycom, Inc. 14


HTTP Reverse Proxy If external guests will access the system across a firewall, an HTTP reverse proxy or a NAT server is required. It should be provisioned to allow HTTPS and web socket access to the Experience Portal and, if desired, HTTPS access to the Services Portal. For more information, see Provide Secure Web Access.

RPAD 3.0 or higher can also be configured as a Reverse Proxy for the Experience Portal.

RPAD 3.1 or higher can also be configured as a Reverse Proxy for both the Experience Portal and Service Portal.

End User License Agreement (EULA)

Access the EULA for your product at http://support.polycom.com/PolycomService/home/home.htm.

Server Requirements The Services Portal and Experience Portal are each deployed as a separate virtual machine instance. Each instance must be installed on a server that meets the requirements listed in the following table.

Minimum Server Requirements per VM Instance


CPU Each instance must be hosted on a physical CPU with the following clock-speed characteristics:

>=2.0 GHz (Intel Xeon E5 Series or better CPU)

>=2.5 GHz (Intel Xeon 5500 Series or better CPU)

Each instance must also support a 64-bit installation.

Virtual cores Each instance must have four virtual cores.

RAM 4 GB

Accessible storage 100 GB

Ports and Protocols This section illustrates and describes the ports and protocols that ensure successful network traversal for the Services Portal. Inbound and outbound port usage depends on the communications protocol and the specific port being used to initiate communications.

The following graphic shows how various ports and communications protocols interact in a sample CloudAXIS network.


Polycom, Inc. 15

Ports and Protocols Used in the CloudAXIS Services Portal

The following table describes the inbound and outbound ports and protocols that handle communications between the CloudAXIS Services Portal and other Polycom RealPresence system components.

Inbound and Outbound Protocols and Ports

Protocol/Function Communication Inbound Ports

HTTP/HTTPS

From web clients to the Services and Experience Portals

TCP 443. Port 80 is also enabled, but it redirects to 443.

Provides web browser access to the User Interface (UI) and REST APIs.

HTTPS (Tunneling) From web clients to RealPresence Access Director (version 3.1 is required to set up tunneling in a CloudAXIS environment)

TCP 443. Port 80 is also enabled, but it redirects to 443.

Media is communicated through RealPresence Access Director.

SMTP Between the Services Portal and the organization’s SMTP server

TCP 25 for non-secure (SMTP).

TCP 587/465 for secure (SMTP-S).

LDAP Between the Services Portal and the organization’s LDAP server

TCP 389 for non-secure (LDAP).

TCP 636 for secure (LDAP-S).


Polycom, Inc. 16

Protocol/Function Communication Inbound Ports

XMPP (Extensible Messaging and Presence Protocol)

Between web clients and external social media services

TCP 5222.

The CloudAXIS Social Plug-in running on a host-user's PC uses this port to communicate with Google Talk and Facebook services to get contact presence information and deliver instant message invites.

SIP (Session Initiation Protocol)

Between client endpoints and DMA or the intermediate Edge Proxy (RealPresence Access Director [RPAD] or Acme)

5060 (UDP/TCP) /5061 (TLS).

443 (TCP) for HTTPS Tunneling.

SIP is the signaling protocol used by the CloudAXIS web client, RealPresence Mobile, and other SIP endpoints.

RTP/RTCP/SRTP/SRTCP

(Real-time Transport Protocol/Real-time Control Protocol/Secure Real-time Transport Protocol/Secure Real-time Control Protocol)

Between client endpoints and the MCU or the intermediate Edge Proxy (RPAD or Acme)

CloudAXIS web client: UDP ports 3230–3237.

443 TCP port for HTTPS Tunneling.

For the RTP/RTCP/SRTP/SRTCP port range used by other Polycom and third-party products, see the appropriate product documentation.

RTP and SRTP are used to carry visual and audio media between web-based clients and the RMX.

RTCP and SRTCP provide out-of-band statistics and control information for an associated RTP or SRTP flow.

BFCP (Binary Floor Control Protocol)

Between client endpoints and the MCU or the intermediate Edge Proxy (RPAD or Acme)

3238 (UDP/TCP)

BFCP is the signaling protocol used by SIP clients to negotiate content sharing.

Setup Worksheets Before you begin the Services Portal deployment, complete the fields in the My System Values column of each of the Setup Worksheets that follow. use the information in these worksheets to help you configure the Services Portal.

Setup Worksheet for the LDAP Server Configuration

LDAP Options My System Values Description

Server The FQDN or IP address of the LDAP server.


Polycom, Inc. 17

LDAP Options My System Values Description

Secure Establishes a secure connection to the LDAP server.

Note: If Secure is selected, upload the trust certificate of the LDAP server in the Services Portal. See Upload Certificates or Certificate Chain.

Port The numerical value of the port through which LDAP communicates. Commonly used values include

389 for non-secure (LDAP)

636 for secure (LDAP-S)

Base DN Specify the distinguished name (DN) of a subset of the Active Directory hierarchy. This determines the set of users that can schedule meetings via the Services Portal.

Username The LDAP service account user ID.

Password The login password for the service account user ID.

Forest Root Domain The forest root domain name for the company, for example polycom.com or Microsoft.com.

Default Domain The name of the default domain name where users will be authenticated when a user name is provided without a domain name.

Setup Worksheet for the SMTP Server Configuration

Server Settings My System Values Description

Server Enter the FQDN or IP address of the SMTP server.

Secure Select to establish a secure connection to the SMTP server.

Port After deployment, enter the port to use to connect to the SMTP server. Here are typical values:

25 for non-secure (SMTP)

587/465 for secure (SMTP-S)

Login ID After deployment, enter the SMTP service account user ID.

Password Enter the login password for the service account user ID.


Polycom, Inc. 18

Server Settings My System Values Description

Sender Mail ID Enter the e-mail ID to be used as the return address for notifications sent by the Services Portal. This will typically be configured as a null or no reply address.

Setup Worksheet for the Server Settings

SMTP Options My System Values Description

Experience Portal (MEA) Server

https:// Enter the URL, including the FQDN assigned to the IP address of the Experience Portal. See Open the Services Portal and Open the Experience Portal.

This information is used to construct the meeting links. Make sure that this domain name is accessible to all users of the solution, including any users that may be located outside of the organization.

Services Portal (WSP) Server

https:// Enter the URL including the FQDN assigned to the IP address of the Services Portal. See Open the Services Portal.

This domain name is used in constructing the login link to Services Portal. Make sure that this domain name is accessible to all users who will access the Services Portal.

Setup Worksheet for the DMA Configuration

System Configuration Information

My System Values Description

Name Enter a nickname to assign to the DMA system to distinguish it in the Services Portal configuration.

Host Enter the FQDN or IP address of an individual DMA or the FQDN of the supercluster’s virtual address if the DMA is part of a supercluster.

Port Enter the TCP port number to use when communicating with the DMA system.

The commonly used port is 8443, which corresponds to the HTTPS REST [representational state transfer] API for the DMA system.


Polycom, Inc. 19



VMR Prefix Enter the VMR prefix that corresponds to this DMA system. This is optional and for use in environments where dialing plans are used to assign different VMR IDs to be handled by a peered set of DMA systems. Specifying this value allows the portals to know where to direct API requests concerning a particular VMR ID. For example, if DMA-1 had the dialing prefix specified as 1 and DMA-2 had no dialing prefix specified, all portal requests for VMRs with ID 1xxxx would be directed to DMA-1 and requests concerning any other VMR ID would be directed to DMA-2.

Note that the VMR prefix must match what is on the DMA. To set up this value, see the Polycom

DMA 7000 System Operations Guide.

Default Admin Enter a user account name with an administrative role that exists on the DMA system.

Note that if the DMA system is configured to have multiple domains, make sure that the admin user account has access to all the domains and hence can search the VMRs of all users. This typically requires a domain account rather than a local DMA account.

See the Polycom DMA 7000 System Operations Guide for more detail on adding MCU pool orders.

Admin Password Enter the password value defined on the DMA system for the Default Admin account.

Owner Domain Enter the domain of the user account assigned for creating meetings in the DMA system. For local domains, enter LOCAL.

Common SIP Username

(Optional) Enter a username to use to authenticate SIP sessions for users who have authenticated with the Services Portal.

Common SIP Password

(Optional) Enter a password to use in conjunction with the Common SIP Username to authenticate SIP sessions for users who have authenticated with the Services Portal.


Polycom, Inc. 20



Owner Username Enter the username assigned for creating meetings in the DMA system. The username must match the name of a user account defined on the DMA system. The user does not need to be an administrator.

For information on how to create a username for the DMA system, see the Polycom DMA 7000

System Operations Guide.

Generate VMR From Range

Selecting the checkbox displays two text boxes for entering a range.

This option is used by administrators to allow the Service Portal to generate VMR IDs on the DMA randomly within a specified range. This allows administrators to separate the temporary VMRs created specifically for CloudAXIS meetings from other VMRs on same DMA.

Note that the range must be all positive numbers with a 10-digit maximum. The first text box is for the lowest number of the range and the second text box is for the highest. For example, if entering a range of 123 to 1234, the Services Portal will generate VMRs between 123 and 1234.

Setup Worksheet for the DMA Server Access Point Configuration



Location Enter the location name assigned in the Services Portal to identify a particular access point available for dialing. A single location may have multiple transport protocols configured for it.

Note that an access point is a network location that is routed directly or indirectly to the DMA from where clients or endpoints can connect to participate in a conference.


Polycom, Inc. 21



Transport Select the transport protocol associated with the location and dialstring. Select from SIP, H.323, TUNNEL, ISDN, and PSTN.

For information on provisioning endpoints for SIP, see the Polycom RealPresence Resource Manager Operations Guide.

For information on enabling SIP calls for mobile apps, see the help files on the Polycom

RealPresence Mobile support page.

Note: It is mandatory that the Experience Portal have at least one SIP AP configured.

Dialstring Dialstrings (SIP URI, Tunnel URI, H.323 E.164 enum, PSTN phone number) are used by a video or audio endpoint to join a conference hosted by the DMA. Typically for SIP, TUNNEL, and H.323 callers, this string includes the address or domain name (preferred) of the edge traversal device (RPAD or Acme) provisioned to allow external access to this DMA.

Auth Mode Options for this drop-down box include AUTH, NoAUTH, and SHARED.

For an access point that may be used by endpoints without access to SIP credentials, select NoAUTH.

For an access point that will be used by endpoints that have access to SIP credentials (for example, authenticated web and RPM client users when the DMA settings have been configured with the Common SIP Username and Password as described), select AUTH.

For an access point that may be used by either class of endpoints, select SHARED.

Dial Prefix Use this optional field to specify a prefix to add to dialing information used when dialing this access point. This prefix can be used by the access point to route the call or to distinguish between authenticated callers and unauthenticated guests.


Polycom, Inc. 22

Setup Worksheet for the Date Time Configuration



NTP Server Enter the Network Time Protocol server FQDN or IP address. The Services Portal synchronizes time and date settings from this server. Entering the NTP will automatically populate the Date and Time fields. Note that the portals are configured to the UTC time zone, and this is not configurable.

Help and Support Resources This guide includes a Get Help section with links to Polycom product and support sites and partner sites. You can also find information about The Polycom Community, which includes discussion forums where you can discuss hardware, software, and partner solution topics with your colleagues. To register with the Polycom Community, you will need to create a Polycom online account.

The Polycom Community includes access to Polycom support personnel, as well as hardware, software, and partner solutions topics posted by other Polycom product users. You can view top blog posts and participate in threads on any number of recent topics.

Polycom, Inc. 23

Set Up the Portals

The Services Portal and Experience Portal require deployment on a VMware EXSi host using a vSphere Client administrative GUI. We recommend deploying the Services Portal first and the Experience Portal second.

Note: Activate the trial license

Your 30-day trial of the service and licenses can be activated at any time during the trial. To activate the license, see Activate CloudAXIS Licenses.

After both Portals have been deployed, log in to the Services Portal with the default Super Admin credentials and configure the Services Portal settings. Then configure the Experience Portal. When the configurations are complete, you can begin adding and managing users in the Services Portal.

Authorized users can create meetings and add contacts in the Service portal and set up conference interactions in the Experience Portal. RealPresence CloudAXIS Suite User Guide shows users how to complete those tasks.

Note: Log in as the Super Admin user to complete all configuration steps

All configuration steps on both the Services Portal and Experience Portal must be completed while logged in with Super Admin credentials. Login the first time using admin/admin as the username and password. Then immediately change the password. For information on the account roles, see Account Roles.

Deploy, Start, and Configure the Portals This section shows you how to deploy, start, and configure both portals. Before you begin, complete the Setup Worksheets and confirm that your system meets all requirements and includes all prerequisites. Complete the set up in the following order.

● Deploy the *.OVA Packages

● Open the Services Portal

● Open the Experience Portal

● Configure the Services Portal

● Configure the Experience Portal

After you have configured both portals, follow the instructions to upload trust certificates and manage licenses as necessary to begin allowing users on both portals. See the information in the following sections to complete those tasks:

● Generate Certificates and CSRs in the Services Portal


Polycom, Inc. 24

● Activate CloudAXIS Licenses

Deploy the *.OVA Packages The Services Portal and Experience Portal installation packages are delivered as VMWare Open Virtual Appliance (OVA) files to be deployed following VMWare deployment procedures.

To deploy the *.OVA packages in your VMWare environment:

1 Confirm that your system includes the prerequisites and meets the requirements listed in Get Started.

2 Download the appropriate *.OVA files from the Polycom support site.

3 Using the vSphere client on your vSphere EXSi host server, deploy the *.OVA files for the Services and Experience Portals into your VMWare environment. For help, visit the VMWare web site.

4 Allocate IP addresses for both portals.

When the portal instances boot up, they attempt to obtain IP addresses using DHCP. You can use the vSphere client to view the IP and MAC addresses that your DHCP server has allocated for each instance. Make note of the addresses allocated for both portals.

Polycom recommends that you assign permanent IP addresses to the Service Portal and Experience Portal instances, rather than allowing them to obtain IP addresses through DHCP. Modify the configuration in your DHCP server to map the instance IP address to the corresponding MAC address.

To assign an IP address using the vSphere console:

a Connect to the vSphere console using an SSH client.

b Log in using caxis as both your username and password to open the Portal console.

c Enter show_network_info to view the current network settings.

d Enter change_network_settings to modify the current network settings.

See more information on configuring TCP/IP and DHCP settings at Use Case - Configure Static IP Address in a system where DHCP is in a Disabled state.

5 Modify your DNS server settings to include DNS names for the Services Portal and Experience Portal within your organization’s domain.

We recommend that you modify your DNS server settings to assign a fully qualified domain name (FQDN) to each instance within your domain and associate it with the permanent IP address you have selected.

6 From an SSH client command prompt, restart the web services components for each portal, as follows:

services nginx restart

services tomcat6 restart


Polycom, Inc. 25

Open the Services Portal After you have deployed both portals and completed the IP and DNS configuration, you can open the portals using the IP addresses and/or DNS names you assigned to them.

Before you configure the Services Portal, you must obtain the fully qualified domain name (FQDN) assigned to the Services Portal and enter it into the address bar in your web browser.

To open the administrative and provisioning interface Services Portal:

1 Obtain the Services Portal FQDN provisioned by your DNS server. Use the Services Portal FQDN you noted in the Setup Worksheet for the Server Settings.

2 Open a browser and enter the FQDN in the address bar to open the Services Portal login screen.

3 Log in to the Services Portal as a Super Admin user. You can now configure the Services Portal for use.

For the first Services Portal login, enter admin for both the Username and Password, and then click Login. Click Agree to accept the End User License Agreement (EULA) and proceed with the configuration.

After accepting the EULA, enter a new password for the default administrator account. For information on changing passwords, see Change Your Password.

Open the Experience Portal The Experience Portal provides a meeting interface that includes such features as content sharing, group chat, and privacy settings. All users who attend meetings require access to the Experience Portal.

To open the administrative and provisioning interface on the Experience Portal:

1 Obtain the Experience Portal FQDN provisioned through your DNS server.

2 Using a Chrome or Firefox browser, enter the Experience Portal FQDN in the address bar to open the administrative Experience Portal Login dialog. Include the port 9445 connection in the server URL, as follows:

https://<Server FQDN>:9445

3 Log in to the Experience Portal as a Super Admin user.

If this is the first Super Admin login, type admin for both the Username and Password, and then click Login. A second Login screen prompts you to change from the default settings. Enter new values for Username and Password, and retype the new password as indicated.

4 Click Save to open the Experience Portal interface.

Note: Access to the Experience Portal for end users

To access the Experience Portal directly as an end user, enter the URL in the following format: https://<Server FQDN>

No additional port number is required for end user access.


Polycom, Inc. 26

After you have confirmed that the Services Portal and Experience Portal are both available and accessible using a web browser, you can begin configuring both portals.

Configure the Services Portal The Services Portal provides a platform where users schedule, host, and attend meetings and manage their contacts. Administrators manage the CloudAXIS environment primarily from the Services Portal.

Configure Portal Settings After you have deployed the Services Portal as described in See Deploy, Start, and Configure the Portals, you can begin configuring the settings required for it to run in your Polycom RealPresence environment. You can complete the steps in any order. Set up the Services Portal First, and then set up the Experiences Portal.

Import Settings from an Existing CloudAXIS Environment If you are upgrading to a new software version in an existing CloudAXIS environment, you can export settings from your current environment and import them into the new instances for the Services Portal and the Experience Portal. To preserve and reuse configuration settings, follow the instructions in the section Update Services Portal Software and the following steps.

To launch the Experience Portal Administration application:

» When the Experience Portal server is online, type the following URL in your default browser to open the administrator URL, where you configure the Experience Portal server.

https://<Experience Portal FQDN>:9445

Note: Use the Server Settings Setup Worksheet to configure the settings

These configuration instructions refer to information in the Setup Worksheet for the Server Settings. Complete the worksheet in advance, and use it as a reference during the configuration process to obtain information about values required for each field.

Steps for a first-time setup are as follows:

1 Synchronize the Time

2 Configure a Connection to an LDAP Server

3 Set up Single Sign-On (SSO)

4 Set a Connection to the SMTP Server

5 Set Web Locations for the Services and Experience Portals

6 Connect CloudAXIS Instances to an Existing Polycom DMA System and RPAD Server

7 Set the Date and Time


Polycom, Inc. 27

Admin Tip: For increased security, create at least one additional Super Admin account

To ensure secure administrator access to the Services Portal, after configuration is completed, we recommend that you create another account with Super Admin credentials to manage the Services Portal going forward. See Create Accounts for more information. Login with the new Super Admin credentials, and then delete the default Super Admin account.

Synchronize the Time For CloudAXIS meetings to occur and for calls and recordings to work properly, both the Services Portal and the Experience Portal must reference the same time zone and NTP server.

Note: Verify the NTP date and time zone in both portals

Confirm that the Network Time Protocol (NTP) date and time zone of your EXSi host matches the time on the Services and Experience Portals. The default time for Instances is taken from EXSi. If that time is wrong, the Services Portal scheduler can go out of sync. The Services Portal time settings should also match those on the associated DMA.

First, you must set the time zone on the Network Time Protocol (NTP) server.

To set the time zone on the Services Portal and NTP server:

1 Open the Command Line Interface (CLI) (see Restricted Shell) on either the Services Portal or the Experience Portal. Type caxis for both your Username and Password.

2 Select your time zone by using the CLI command change_timezone. For details on how to use the CLI command, see Use Case - Set System Date Time in Appendix D.

3 Type ntpdate at the command line to synchronize your server with the NTP server. See Use Case - Quick Sync System date-time with a Specific NTP server for details.

4 Repeat steps 1–3 on the other portal.

After configuring the time, verify the time settings in the Services Portal interface.

To verify time settings:

1 Log in to the Services Portal as a Super Admin user.

2 Verify that the NTP Server and Time Zone settings match those that you set in the Command Line Interface.

3 If the settings do not match, click UPDATE to synchronize the date and time.

Configure a Connection to an LDAP Server This section shows you how to configure a connection to the LDAP server in your organization so that CloudAXIS RealPresence users can be authenticated with their LDAP-enabled accounts. With LDAP enabled, administrators of the Services Portal can perform the following tasks:


Polycom, Inc. 28

● Import external user accounts from an enterprise

● Edit external user account default roles

● Set external user accounts as active or inactive

Note: Follow these instructions if the Services Portal DNS server does not point to the Active Directory DNS Server

Add the SRV records of the Active Directory domain controller service in Service Portal domain DNS server before updating the LDAP settings configuration. Create the SRV record in the Services Portal DNS server with the following details:

RR Type: SRV

SRV record format: _ldap._tcp.dc._msdcs.<AD_DOMAIN_NAME>.TTL class SRV priority weight port <Canonical_hostname_of_Domain_Controller>

For example: If the Active Directory domain controller hosting the service for domain example.com is ad_dc1.example.com, then its SRV record would be as follows: SRV RR: _ldap._tcp.dc._msdcs.example.com. 86400 IN SRV 0 100 389 ad_dc1.example.com

To configure the connection to the LDAP server:

1 Log in to the Services Portal with Super Admin credentials.

2 Choose Settings > Core Settings > LDAP to display the LDAP SETTINGS screen.

3 Enter information from the descriptions in the following table:

LDAP Settings

Setting Value or Description

Forest Root Domain Enter the forest root domain name for the company, for example polycom.com or Microsoft.com.

Secure Select to establish a secure connection to the LDAP server. This field is optional but recommended.

Port Enter the numerical value of the port through which LDAP communicates. The standard port for LDAP is 389.

Username Enter the user ID for the LDAP services account that has system access to the Active Directory.

Password Enter the login password for the LDAP services account user ID.

Enable sub-domain search

Select if your organization has a root domain and sub (child) domain structure so that sub-domains can be searched. If this value is not selected, user searches will occur only in the forest root domain.

User default domain for authentication

If enabled, the Default Domain will be used as an authentication prefix.


Polycom, Inc. 29

Setting Value or Description

Default Domain Enter the name of the default domain name where users will be authenticated when a user name is provided without a domain name.

4 Click UPDATE to save the LDAP configuration settings.

Set up Single Sign-On (SSO) CloudAXIS applications can authenticate Windows and Mac OS X users internally using credentials entered when logging into the associated Active Directory domain. With SSO enabled, users need not re-enter Active Directory credentials on CloudAXIS portals if they are already logged into the domain.

Note: Android and iOS devices are not supported for single sign-on in this release

The SPNEGO version of SSO used in this release works only with Windows and Mac OS X devices logged into the Active Directory Domain. Android and iOS devices revert to LDAP upon login to the Real Presence Cloud AXIS Suite, and users must enter credentials to log in to CloudAXIS.

The instructions that follow show you how to configure your CloudAXIS environment to support single sign-on using an Active Directory domain.

Note: Client devices and the AD server must belong to the same enterprise domain

Client devices accessing the Services Portal and the Active Directory server must be members of the same enterprise domain for single sign-on to work correctly.

Upload Trust Certificates

Follow instructions for setting up trust certificates in Manage Trust Certificates. Set up trust certificates in your server environment to support the single sign-on workflow, as follows:

● Configure both the Services Portal (WSP) and Experience Portal (MEA) with signed CA certificates issued by any trusted CA authority. See Manage Trust Certificates.

● Configure internet browsers using SSO to trust the CA certificates.

Note: Only signed certificates supported with Single Sign-On

Trusted, signed certificates must be used with single sign-on. Self-signed certificates are not supported with CloudAXIS.


Polycom, Inc. 30

Create a Services Portal (WSP) User Account in Active Directory

To enable the Services Portal to recognize your Active Directory domain and authenticate users with single sign-on, you must create a user for the Services Portal in your Active Directory domain.

To create a Services Portal user in Active Directory:

1 Log in to the appropriate Windows Active Directory domain with Administrator credentials.

2 Go to START > Administrative Tools > Active Directory Users and Computers.

3 Create a user account for the Services Portal service.

Polycom recommends, though it is not required, that the user account name be the same as the DNS host name of the Services Portal (WSP) server.

4 Set a password for the Services Portal user account. Note the password, as it will be required in a later instruction.

Set the admin password to conform with the following guidelines: a minimum of eight characters with at least one uppercase letter, one lowercase letter, and one number.

Set a Service Principal Name for the WSP User Account in Active Directory

After creating the Active Directory user account for the Services portal, you must add a servicePrincipalName value in the user properties settings. The Service Principal Name (SPN) uniquely identifies the service instance for the Services Portal (WSP) user account.

To set a Service Principal Name for the WSP user account:

1 In the Windows Active Directory domain server, go to START > Administrative Tools > ADSI Edit.

2 Find the Services Portal user you created. Open the user properties, and update the servicePrincipalName with the following value:

HTTP/<WSP host name>.<AD domain name>@<AD DOMAIN NAME>

For example, where the WSP host name is wsp-sso and the Active Directory domain is cloudax.is, the servicePrincipalName would be as follows:

HTTP/[email protected]

We recommend that the Services Portal server and Active Directory server be located on the same Active Directory domain; however, if your network setup requires that they be located on different domains, SSO can be configured with the servicePrincipalName as follows:

HTTP/<wsp_server_fqdn>@<AD_DOMAIN>

If the Services Portal server is part of domain1.com and AD domain is domain2.com, the servicePrincipalName format would be as follows:

HTTP/<wsp-sso.domain1.com>@<DOMAIN2.COM>

Use the syntax and case exactly as they appear in the examples.

3 Save the updated user settings.


Polycom, Inc. 31

Generate a Keytab File

A keytab file contains principals and encrypted keys that allow users and scripts to authenticate with an enterprise domain without entering credentials. You must generate a keytab file on the Active Directory server for the WSP service and then reference it in the WSP configuration settings. This file is used in the following procedures to enable single sign-on for the Services Portal.

Caution: Follow appropriate security precautions when handling the keytab file

Because the keytab file contains highly secure information, keep the file protected using very strict file-based access control to ensure that only designated administrators can read the file.

To generate a keytab file for the WSP user:

1 Log in to the Windows Active Directory domain as a domain administrator.

2 Open a command prompt, and execute the following command:

ktpass /out c:\[ WSP host name].[ domain name].keytab /mapuser [WSP host name]@[domain name] /princ HTTP/[WSP host name].[domain name]@[ DOMAIN NAME] /pass [WSP User Password] /ptype KRB5_NT_PRINCIPAL /kvno 0 /crypto all

For example, where the WSP host name is wsp-sso, the user password is Polycom123, and the Active Directory domain is cloudax.is, the command would be as follows:

ktpass /out c:\wsp-sso.cloudax.is.keytab /mapuser [email protected] /princ HTTP/[email protected] / pass Polycom123 /ptype KRB5_NT_PRINCIPAL /kvno 0 /crypto all

Use the syntax and case exactly as they appear in the example.

3 Verify that the keytab file ([WSP host name].[AD domain name].keytab) was created at the server root directory (c:\).

Using the preceding example, the keytab file name would be as follows:

c:\wsp-sso.cloudax.is.keytab

Configure the Services Portal for Single Sign-On (SSO)

After the keytab file has been created for the WSP domain user, you can configure the SSO authentication method by updating the Service Principal Name and the corresponding keytab file as outlined below. If the SSO configuration is completed successfully, it will attempt the Single Sign-on authentication silently while accessing the WSP service.

To configure the Services Portal for Single Sign-On:


2 Go to SETTINGS > AUTHENTICATION, and then choose SSO (Single Sign On).

3 In the Service Principal Name field, type the Service Principal Name for the WSP domain user, as follows:


Polycom, Inc. 32

HTTP/[WSP host name].[domain name]@[ DOMAIN NAME]

For example, where the WSP host name is wsp-sso and the Active Directory domain is cloudax.is, the servicePrincipalName would be as follows:

HTTP/[email protected]

Use the syntax and case exactly as they appear in the example.

4 In the Kerberos Keytab File field, enter the path and file name of the location of the keytab file created at the root directory (c:\).

Using the preceding example, the keytab file name would be as follows:

c:\wsp-sso.cloudax.is.keytab

5 In the Fall back to LDAP Authentication field, enter true to allow authentication to fall back to LDAP if SSO is not available.

6 Save the SSO settings.

7 Restart the Apache Tomcat server to apply the settings. From an SSH client command prompt, enter the command


Configure Internet Browsers to Use SSO

For users to be properly authenticated using Kerberos single sign-on (SSO), their browsers must be configured to recognize the URL of the trusted Services Portal (WSP) site. This is standard configuration for setting up trusted sites in a web browser.

In addition, for Internet Explorer users, verify that Windows Integrated Authentication is enabled. This is usually set by default in Internet Explorer.

Domain administrators can push the settings to all client computers belonging to the Active Directory domain.

Set Web Locations for the Services and Experience Portals This section describes how to set up web locations (URLs) for the Services Portal and Experience Portal servers. Each server has a specific purpose in the CloudAXIS environment, described as follows:

Web Services Portal (WSP) Server Services Portal URL where users create meetings.

Meeting Experience Application (MEA) Server Experience Portal URL where all users join meetings.

To configure locations for the Services Portal and Experience Portal:


2 Choose SETTINGS > CORE SETTINGS > Server Settings to open the SETTINGS screen.

3 Enter configuration information as shown in the next table.


Polycom, Inc. 33

CloudAXIS Server Location Settings

Setting Value/Definition

MEA Server The URL, including the FQDN assigned to the IP address of the Experience Portal. See Open the Experience Portal.

WSP Server The URL, including the FQDN assigned to the IP address of the Services Portal. See Open the Services Portal.

4 Do one of the following:

Click UPDATE to apply the settings.

click RESET to populate the fields with the most recently updated Server Settings information.

Set a Connection to the SMTP Server The SMTP server enables the Services Portal to send e-mail notifications to users in the following situations:

● When their accounts are created

● When their account details are updated

● When they are invited to a meeting

● When a meeting they created or have been invited to is updated or cancelled.

This section shows you the steps for configuring the connection to the SMTP server that forwards e-mails in your organization.

Note: Refer to documentation for your email server for specific requirements

Mail servers may have specific requirements for configuring calendar invite e-mails. For example, Lotus Notes requires the following flag to be set to allow hosts to receive calendar e-mail invitations properly:

CSAllowExternalIcalInviteToChair=1 For more information on Lotus Notes, refer to the following IBM Technote: http://www-01.ibm.com/support/docview.wss?uid=swg21260593. Refer to your e-mail documentation to review requirements for e-mail forwarding.

This section specifically refers to information entered in the setup worksheets provided earlier in the guide. Complete the worksheet in advance and use it as a reference to obtain information about each field and use during the configuration process.

To configure a connection to an SMTP server:


2 Select SETTINGS > CORE SETTINGS > SMTP to open the SMTP SETTINGS screen.

3 Enter values in the text boxes as outlined in the table shown next.


Polycom, Inc. 34

SMTP Settings

SMTP Settings Values/Definition

Server SMTP FQDN or IP address

Secure Select the check box to establish a secure SMTP-S/SSL connection. This is optional but recommended if the SMTP server supports secure connection.

Port Enter the SMTP port number. Port 25 is commonly used for unsecure SMTP and 587 or 465 for SMTP-S.

Login ID The account user ID for the SMTP service. This ID is not required for an unsecure connection.

Password The password for the service account user ID login. This password is not required for an unsecure connection.

Sender Mail ID The e-mail ID used to send notifications.

Connect CloudAXIS Instances to an Existing Polycom DMA System and RPAD Server This section explains how to configure CloudAXIS to work with your existing Polycom DMA and RealPresence Access Director (RPAD) systems and other Polycom access points.

An access point is a network location that is routed directly or indirectly to the DMA. Clients or endpoints connect to conferences through an access point. The client or endpoint could be the CloudAXIS Experience Portal, a separate soft client such as Polycom RealPresence Mobile, a hardware appliance such as Polycom Group Series, or a telephone. DMA systems enable the Services Portal to launch online video conference meetings. RPADs are external links to the DMA that enable firewall traversal. Points of presence enable you to route either directly or indirectly to the DMA.

Access points are configurable as follows:

● Direct connection to DMA

● External connection to access the DMA via H.323 video border proxy

● External route via a SIP Session Board Controller (SBC), including Polycom Real Presence Access Director (RPAD), or any third-party session boarder controller

● ISDN

● Audio dial-in via Public Switch Telephony Network (PSTN)

● External route from HTTPS Tunnel through RPAD

For example, an access point can be configured with an FQDN that points to the RPAD externally and to the DMA from within the network to enable the Services Portal to communicate with the DMA from either side of a firewall.

Use the information you completed in the Setup Worksheet for the DMA Configuration to configure the DMA settings.


Polycom, Inc. 35

Note: At least one SIP access point is required in the DMA setup.

The Services Portal must include at least one Session Initiation Protocol (SIP) access point.

To configure a connection to the DMA system:


2 Select SETTINGS > DMA CONFIG to display the SETTINGS screen.


Configure a new DMA connection

Change an existing DMA connection

To configure a new DMA connection:

1 Click +ANOTHER DMA to open the DMA CONFIGURATION screen.

2 Enter the appropriate data for from your Setup Worksheet for the DMA Server Access Point Configuration in the Setup Worksheet for the Server Settings.

DMA Configuration Settings

Setting Value

Name A nickname to assign to the DMA system to distinguish it in the Services Portal configuration.

Host The FQDN or IP address of an the DMA or the FQDN of the supercluster’s virtual address if the DMA is part of a supercluster.

Port The TCP port number used to communicate with the DMA system. Port 8443 is standard.

VMR Prefix The VMR prefix that corresponds to this DMA system. The VMR prefix must match the prefix specified on the DMA. To set up this value, see the Polycom

DMA 7000 System Operations Guide on the Polycom Support site.

Common SIP Username

(Optional) A username to authenticate SIP sessions for users who have authenticated with the Services Portal.

Common SIP Password

(Optional) A password for the Common SIP Username to authenticate SIP sessions for users who have authenticated with the Services Portal.

Default Admin A user name with system administrator privileges on the DMA system.

Admin Password The password for the Default Admin user.

Owner Domain The domain of the user account assigned for creating meetings in the DMA system. For local domains, enter LOCAL.

Owner Username The user name of the owner who creates meetings.


Polycom, Inc. 36

Setting Value

Generate VMR From Range

Select the checkbox to enter a range of numbers allowed for generating VMRs.

3 Click + ADD ACCESS POINT to open the ACCESS POINT screen, as shown.

4 Add new access points in the order that you want the Services Portal to use them. For example, enter internal Access Points first. The system requires at least one SIP Access Point.

Configure access points using the information from your Setup Worksheet for the DMA Server Access Point Configuration, as shown in the following table.

Access Point Configuration

Field Enter values

Location A name for this access point that describes its geographic location or some other

property that distinguishes it from other access points.

Transport From the drop-down menu, select the protocol associated with the access point (SIP, TUNNEL, H323, ISDN, or PSTN). CloudAXIS requires that you configure at least one SIP access point.

Dialstring The dial string that an endpoint should use to dial the access point. Your string should be appropriate for the specified access point transport type (for example, an ENUM for H.323).

Auth Mode Select one of the following options:

AUTH An access point used by endpoints that have access to SIP credentials, for example, such as authenticated web and RPM client users when the DMA settings have been configured with the Common SIP Username and Password described above.

NoAUTH For an access point used by endpoints without access to SIP credentials.

SHARED In an environment where all the CloudAXIS clients will be considered as guests or where all will require authentication.

An AUTH mode access point requires a corresponding NoAUTH mode access point; conversely, a NoAUTH mode access point requires a corresponding AUTH mode access point.


Polycom, Inc. 37

Field Enter values

Dial Prefix (Optional) Specify a prefix to add to dialing information when dialing this access point. This prefix can be used by the access point to route the call or to distinguish between callers who are able to authenticate themselves from those that require unauthenticated guest access.

5 Click +ADD ACCESS POINT to enter another access point as needed.

6 When all required DMA Configuration fields are completed, click CONFIGURE.

To change an existing DMA connection:

1 Click the icon of the DMA host you want to configure to open the DMA CONFIG SETTINGS screen for that host. This screen contains the fields and data that you supplied when you first configured a DMA connection, with the following additional fields.

MCU Pool Order From the drop-down menu, select from the list of MCU pool orders available on DMA. This feature is used by the users hosting or joining meetings using CloudAXIS.

Conference Template From the drop-down menu, select from the list of conference templates available on DMA. This feature is applied to all scheduled and ad hoc meetings created on this DMA using CloudAXIS.

2 Verify the settings, and then click CONFIGURE.

Set Conference Preferences

In the Conference Settings screen, you can set and control how various meeting features appear to users creating and attending meetings.

To set conference preferences:

1 Select SETTINGS > CONFERENCE SETTINGS to open the CONFERENCE SETTINGS screen.

2 Enter values in the text boxes as outlined in the table shown next.

Conference Settings

Field Values/Description

Passcode mandatory Select the checkbox to require an attendee passcode to be set for all meetings before they are started.

AdHoc meeting duration Enter the duration, in minutes, for Meet Now meetings. The default value is 120; the minimum duration is 15 minutes.

Buffer time before meeting starts

Specify how many minutes a meeting becomes active before its scheduled start time. The default buffer time is 10 minutes; the minimum is 1 minute.

Buffer time after meeting ends

Specify how long a meeting remains active after the scheduled end time. This setting has no default value; the minimum time is 0 minutes.


Polycom, Inc. 38


Allow use of PersonalVmr Select the check box to allow the use of personal Virtual Meeting Rooms (VMR). When selected, the Use Personal VMR text and check box appears on the Schedule a Meeting screen.

Allow use of JoinBridge Select this check box to allow the display and use of the Join Bridge button. When selected, the Join Bridge button is visible on the Schedule a Meeting screen. If not selected, the Join Bridge button is not displayed.

Enable Calendar Invite Select the check box to send calendar invites when a meeting is scheduled, created or updated. If unchecked, an e-mail is sent with a calendar invite (*.ics) as an attachment.

3 Click SET to save the settings.

Set the Date and Time The Services Portal uses a Network Time Protocol (NTP) Server for basic clock synchronization. You can set the date and time for the Services Portal.

Use the information you entered in the Setup Worksheet for the Date Time Configuration to complete the settings.

To set the date and time on the Services Portal:

1 Select PLATFORM SETTINGS > DATE TIME to display the DATE TIME screen.

2 In the NTP Server text box, enter the IP address or fully qualified domain name (FQDN) of the Service Portal server. This value must match the data supplied to the Experience Portal.

The Time Zone and Date & Time fields automatically display the time zone, date, and time in the next text boxes.

3. Click UPDATE to save the settings.

Note: Synchronize the time when you restart the Services Portal

When the Services Portal is restarted or when data is migrated from an old server, click UPDATE to synchronize the time between the NTP server and the Portal. The time must be synchronized among the DMA, Services Portal, Experience Portal, and ESXi machines hosting the portals.

Update Services Portal Software If you are currently running CloudAXIS, you can upgrade your Services Portal software while retaining the current configuration settings.


Polycom, Inc. 39

Apply a New Software Version to an Existing Services Portal Before migrating the configuration settings, obtain the software for the new version you want to install, and deploy on your VMWare host server.

To apply a new software version to an existing Services Portal:

1 Obtain the new Services Portal software *.OVA file from the Polycom Support Site.

2 Deploy the file using the instructions in Deploy the *.OVA Packages.

3 Use the instructions that follow to migrate the provisioning and state information from the existing server running to the one running the new instance.

Migrate Current Settings to the New Services Portal Before you begin the upgrade process, verify that you have already loaded the correct certificates on the virtual machine (VM)—that is, the new Services Portal—to which you want to migrate the settings. Deactivate the software licenses on old servers before you begin the upgrade process.

To migrate current Services Portal settings to a new Services Portal instance:

1 In the Services Portal, select PLATFORM SETTINGS > MIGRATE, as shown.

2 Enter your admin credentials. To validate the user rights, enter the Username and Password of the administrator for the new Services Portal.

3 Read the final disclaimer in the next screen. Click YES when you are ready to begin the migration.

4 In the Remote system details screen, enter the Hostname (FQDN), Admin Username, and Password of the Services Portal from which you want to migrate the settings and database. Then click MIGRATE.

5 Wait for the user interface to indicate that the information from the old Services Portal has been successfully imported. After the data has been imported, additional configuration runs in the background before the Services Portal reboots. During these processes, the following screen is displayed.

6 After the Services Portal VM has restarted, log in to the new Services Portal with the admin credentials from the old Services Portal, and verify that the settings are correct.


Polycom, Inc. 40

Note: Verify the DNS records for the new Services Portal

After the data has been successfully migrated, verify that the DNS records are updated to point to the new Services Portal.

Configure HTTP Forward Proxy Settings In some network environments, direct access to the public Internet is blocked, and devices inside the organizational firewall must access external web sites and services through a proxy server. If the CloudAXIS Services Portal is deployed in such an environment, it must be configured with the necessary information about the local proxy server to fulfill the following functions that require it to access the public Internet.

● Online activation of the CloudAXIS product license requires contacting the central Polycom licensing server. For more information, see Activate Licenses.

● Enabling end user access to Google Talk and Facebook contacts from the Experience Portal requires that the Web Scheduling Portal communicate with online services hosted by Google and Facebook, respectively. It also requires that a client PC being used to access contacts communicate directly with the appropriate online service.

Note: Only forward proxy is supported in this release

CloudAXIS supports only the use of an HTTP forward proxy; reverse proxy is not supported.

Enable Proxy Settings

Setting up a forward proxy server allows users to traverse a firewall to use CloudAXIS from within the organization.

To configure forward proxy settings in the Services Portal:


2 Choose PLATFORM SETTINGS > PROXY.

3 In the Proxy Settings screen shown next, enter the proxy Server IP address and Port information.


Polycom, Inc. 41


Check No if the proxy does not require authentication.

Check Yes if the proxy requires authentication. Then, in the User Id and Password fields, enter the credentials required by the proxy.

5 Click UPDATE to save the new proxy settings.

Disable a Proxy

If your environment does not have or require a proxy, you can disable the proxy setting.

To disable the use of a proxy:

1. In the Proxy Settings screen, select the No check box for Authentication Proxy.

2. Delete the entries in the Server and Port fields.

3. Click UPDATE.

Note: Proxy settings for user PCs

The CloudAXIS client-side social connector automatically uses the system-wide proxy settings configured in the user’s web browser. If the proxy requires credentials, users will be prompted to enter them at the time they access their social contacts. For more information, see the section “Inviting Participants from Your Social Connector Contact Lists” in the RealPresence CloudAXIS Suite User Guide.

Configure the Experience Portal The following information help you configure the settings required to enable the Experience Portal to communicate with the Services Portal and other components in the CloudAXIS environment and host meetings through the Experience Portal.

Before configuring the Experience Portal, do the following:

● Obtain the address for the DMA/conference provider.

● Deploy the Services Portal.


Polycom, Inc. 42

● Deploy the Experience Portal. See Deploy the *.OVA Packages.

After you have completed the previous tasks, you can begin configuring settings in the Experience Portal Administration application.

Experience Portal settings that you configure are saved in the settings.json file, which you can export and save as a backup or import to another Experience Portal server.

Note: If you are updating from a previous version of Experience Portal software

You can save and export settings from a current Experience Portal installation and import them into a new Experience Portal server. Follow the instructions outlined in the section entitled Update Experience Portal Software.

The following sections explain how to configure the Experience Portal using the Experience Portal Administration tool:

● Set the Portal Web Addresses

● Set Authentication Rules

● Set Up Authentication with the Service Portal

● Set Conference Lobby Rules

● Add a DMA Agent

● Configure Conference Settings

● Set the Server Date and Time

● Assign an IP Address

To launch the Experience Portal Administration application:

» When the Experience Portal server is online, type the URL in your default browser, as follows:

https://<Experience Portal FQDN>:9445

This opens the administrator URL, where you configure the Experience Portal server.

Note: Save changes in each settings page before moving to the next menu.

As you work through the settings and complete changes on a page, click APPLY to save changes before moving to another settings page. If you open a new page without saving changes, the settings revert to the previously saved changes.

Set the Portal Web Addresses First, you must set the secure and non-secure, internal and external web addresses for the Experience Portal. External addresses allow users to access the portal, and internal addresses allow the Services Portal and Experience Portal to communicate with each other on the network.

Addresses in these settings are expressed in the form of a fully qualified domain name (FQDN).


Polycom, Inc. 43

To configure Web Address settings for the Experience Portal:

1 Log in to the Experience Portal (MEA) with Super Admin credentials.

2 Select CONFERENCE > GENERAL SETTINGS.

3 Select the Enabled check box to enable the web addresses for this environment.

4 Enter the Web Addresses settings as shown in the following table.

Web Addresses Settings

Field Name Value/Description

Secure External Address The HTTPS address that external users use to connect to the Experience Portal.

External Address (non-secure) The HTTP public web address that is exposed to users of the Experience Portal. By default, it reroutes to the secure external address.

Secure Internal Address The address that internal users will be forwarded to when connecting to the Experience Portal. This address includes the port number through which the portals connect to the Apache Tomcat server, by default, port 8443.

Internal Address (non-secure) The private, fully qualified web address (HTTP reverse proxy) that internal users use when connecting to the Experience Portal from within the organization. By default, it reroutes to the secure internal address.

5 Click APPLY.

Set Authentication Rules The authentication rules in the Experience Portal determine which user accounts can authenticate against the Services Portal and access the Experience Portal either to host or attend meetings. You can also set rules that determine how users and guests are authenticated with the server.

Authorization rules comprise three fields: Match, Property, and Realm.

To set authentication rules for the Experience Portal:

1 Log in to the Experience Portal (MEA) as a Super Admin user.

2 Select CONFERENCE > AUTHENTICATION to open the Authentication Rules screen.

3 Complete the fields in the Match, Property, and Realm columns according the value descriptions in the table that follows.


Polycom, Inc. 44

Authentication Rules Settings


Match Enter a regular expression that reflects the way you want the property to match for authentication. This value can reflect a host, domain host, or e-mail domain.

For example, if you want to authenticate only users with a Polycom.com e-mail address, enter the regular expression :[email protected]$

Property This is the data type to which you want to apply the Match regular expression. Based on the user information entered, at least one rule is required for each property:

UserAddress A regular expression for the allowed e-mail domains to be checked for authentication

SSOSource The source of authentication for single sign-on users

SSOUsername The address of the Service Portal

UserAddressDomain A regular expression for the e-mail domain for SSO users

Host Match the provided regular expression against the host’s URL to set the realm.

AccessibleImage Match the provided regular expression against an image hosted by the authentication provider. If the image is accessible from the Experience Portal client location, then use the configured realm.

Realm The target authentication realm is the FQDN of the Services Portal server that you want to authenticate the rule against.

UserAddress and SSOSource can point to the WSPAuth realm list using the $#, with $1 referencing the first element in the list, and so on.

4 Use the up and down arrows to specify the priority of the rules you have entered.

Authentication matching starts at the first priority, moves down the list, and stops when the user’s authentication method matches a listed rule.

5 Click the plus key to add a new rule; click the minus key to delete an existing rule.

6 Click APPLY to save the settings.

Set Up Authentication with the Service Portal The Experience Portal must authenticate with the Services Portal to allow users to create scheduled meetings and invite other users to attend. These instructions show you how to configure settings in the Experience Portal to enable it to communicate with the Services Portal in your CloudAXIS environment.

To configure authentication to the Services portal:


2 Select CONFERENCE > AUTHENTICATION to open the Authentication Rules page.

3 Under the Agents heading, expand the Service Portal Authentication dialog to complete the rules for service portal authentication according to the value descriptions in the following table.


Polycom, Inc. 45

Service Portal Authentication Settings


Target URL The fully qualified domain name of the Services portal in your CloudAXIS environment. (HTTPS included)

Username This field is populated with the name of the Services Portal authentication user, meaauth.

Password Click [!] to enter login credentials for the meaauth user.

Enforce Certificate Validation Select the checkbox to enforce certificate validation.

This is another level of SSL security that Polycom recommends using in a production environment, particularly if the Experience Portal (MEA) is located near the internet in your network configuration.

Realms Enter the FQDN for your Service Portal. Add the list of domains and user addresses that you configured in the match rules, separated by commas.

Allow users to bypass authentication and use guest login

Select the checkbox to allow authorized users to join a meeting as a guest rather than an authorized user.


Set Conference Lobby Rules Lobby rules define which of the three agents handles inbound meeting requests. Use the value descriptions for each field listed in the table that follows to determine the values to enter in the Lobby Rules fields. You can set multiple lobby rules.

To set the Lobby Rules settings for the Experience Portal:


2 Select CONFERENCE > CONFERENCE to open the Lobby Rules screen.

3 Complete the fields in the Match, Property, and Route columns according the value descriptions in the table that follows.

Lobby Rules Configuration

Field Name Value

Match A regular expression for the matching VMRs that you want to access this lobby. For ad hoc meeting, for example, those started with the Join Bridge function, use a catch-all expression similar to ^[0-9]+ to allow any VMR number to work.

Property What you want to apply the rule to; it can be either the lobby code or the host.


Polycom, Inc. 46

Field Name Value

Route The internal route for the lobby code match. Unless there is an explicit reason, this route should not be modified.

The standard settings are

adhoc.cloudaxis.local for ad-hoc meetings

scheduled.cloudaxis.local for scheduled meetings

4 Use the up and down arrows to set the priority of the rules you have entered.

5 Click the plus key to add a new rule; click the minus key to delete an existing rule.


Add a DMA Agent All conference room requests get routed through the DMA, which also manages the meeting roster and controls recordings. The DMA Agent on the Experience Portal communicates with the DMA to manage and obtain meeting rosters and conference recordings.

To add a DMA Agent:


2 Select CONFERENCE > CONFERENCE to open the Lobby Rules screen.

3 Under the Agents heading, expand the DMA menu to complete the settings for DMA agents according to the value descriptions in the following table.

DMA Agent Settings


Target URL The IP address or hostname of the DMA server, using this syntax:

https://<IP address or URL of the DMA>:8443/api/rest

Username The name of the default or configured admin user on the DMA system. This user can be a local or Active Directory admin user on the DMA.

Password Click [!] to enter the password of the DMA admin user.

Enforce Certificate Validation

Select the check box to require that the DMA present a valid certificate for authentication to take place.

Routes This field is automatically populated with the information configured in the Lobby Rules settings. It should match the routes configured in those settings. Default routes are as follows:

scheduled.cloudaxis.local

adhoc.cloudaxis.local


Polycom, Inc. 47


Prefixes Enter the dialing prefixes exactly as they appear on the DMA conference settings page.

Configure Conference Settings For CloudAXIS to host meetings, you must configure routes, meeting settings, and external conference templates that determine the structure for meetings that occur in the virtual rooms. A route confirms that the right agent is handling meeting requests.

The Experience Portal Conference Agent handles meetings that are entered in one of three ways:

● Through the Experience Portal (MEA) URL

● By clicking the Join Bridge function

● Using a Virtual Meeting Room (VMR) within a URL to enter a meeting

These ad hoc meetings are handled by the local route adhoc.caxis.local.

The Service Portal Conference Agent handles the following types of meeting requests:

● Those scheduled in the Service Portal

● Those entered using the Meet Now function

These scheduled meetings are handled by the local route scheduled.caxis.local.

Add a VMR Route

Settings for Virtual Meeting Rooms should match those in the Lobby Rules. The settings that follow provide information that routes users to VMRs where their meetings are scheduled.

To add a VMR route:


2 Select CONFERENCE > CONFERENCE to open the general Lobby Rules screen.

3 Under the Agents heading, expand the VMR menu to show the Routes dialog.

Confirm that the setting reflects the default route to the VMR agent: adhoc.cloudaxis.local

Next, configure the settings that determine the behavior of virtual meetings that meeting attendees join from the Experience Portal. Most of these settings are populated by default, based on settings that have been configured elsewhere.

To configure Virtual Meeting Room (VMR) settings:

1 Within the VMR menu, expand the Settings submenu to open the meeting settings selection.

2 Enter values in the Settings fields as outlined in the following table.


Polycom, Inc. 48

VMR Settings


Allow Anonymous Participants Select the check box to allow participants who have not been authenticated against the Service Portal (WSP). If the check box is not selected, unauthenticated guest users will be blocked from attending meetings.

Authenticated user role matching organizer domain

Select one of the following options from the drop-down menu:

Presenter

Attendee

Lobby

Share Content Check boxes to determine whether Presenters, Attendees, neither, or both are allowed to share content.

Authenticated user role NOT matching organizer domain

Select one of the following options from the drop-down menu:

Presenter

Attendee

Lobby

Help URL http://support.polycom.com (auto)

Recording available Select the check box to make available an option for a presenter to record meetings.

Allow all Presenters to end meeting

Select the check box to allow anyone designated as a Presenter to end a meeting.

Require Display Name User is prompted to enter a name so that other users can see who is in attendance.

Always show PIN prompt Select this setting if your environment requires passcodes to enter meetings.

When a user joins a meeting with URL with VMR, after e-mail is entered, they are prompted to enter a name and a participant PIN. If the option is not checked, the user is presented with a display name.


Polycom, Inc. 49


Media Preferences Default values are assigned in these settings. You can adjust them based on available bandwidth in your network. We recommend that these settings match the settings in the DMA’s conference template.

Set the bandwidth allocated for each call by increasing or decreasing the default numbers for the following settings:

Max SVC Call Rate The initial call rate at which the client attempts to connect for an SVC call

Max AVC Call Rate The initial call rate at which the client attempts to connect for an AVC call

Max AVC Tunnel Call Rate The initial call rate at which the client attempts to connect for an SVC call in HTTP tunneled mode

After configuring the Virtual Meeting Room (VMR) settings, you can configure the External Conference Template. These settings route CloudAXIS plug-ins to their appropriate meeting rooms. The settings should match the access point settings configured in the Services Portal.

Configure the External Conference Template

The External Conference Template determines how various users enter your CloudAXIS environment through their allowed access points. At a minimum, access points should be set up for each type of user that will access your CloudAXIS environment, as follows:

● Users from outside your network firewall (external)

● Users from within your network firewall

● Users accessing through an HTTP tunnel, for far-end firewalls that do not allow outgoing SIP traffic

To configure the External Conference Template:

1 Within the VMR menu, expand the External Conference Template submenu.

2 Enter values in the fields in the External Conference Template for each access point in your CloudAXIS environment, as outlined in the following table. These settings should match the settings for each access point set up in the Services Portal.

External Conference Template Settings


Dial String This value reflects the SIP dialstring pointed to the fully qualified domain name (FQDN) of the Polycom Real Presence Access Director (RPAD), as follows:

sip:{{LobbyCode|getvmr}}@[ExternalRPAD FQDN.domain.com]

Location Enter the city or office location of the POP server.


Polycom, Inc. 50


POP Address Enter the FQDN or IP address of the access point being configured. This matches the value entered after the @ sign in the Dial String setting above.

Transport Select an option from the drop-down menu to reflect the transport protocol used to connect calls in your CloudAXIS environment. CloudAXIS requires at least one SIP.

sip

h323

ptsn

isdn

tunnel

Authentication Mode Select one of the following options from the drop-down menu:

SHARED Access points shared by all users

AUTH Access points for those with enterprise credentials and who authenticate against the Service Portal (WSP)

NOAUTH For guest users who do not authenticate against the Service Portal

3 Click the plus key to add another access point, or click the minus key to remove an access point.

4 In the Conference ID dialog, confirm that the ID matches the Conference ID set up in the Lobby Rules settings, in the following format: {{LobbyCode|getvmr}}

5 Next, configure the Service Portal Conference settings that determine how conferences authenticate and route through the Services Portal.

Configure Service Portal Conference Settings

The Service Portal Conference Settings determine how the Experience portal connects to the Services portal to validate information for meetings scheduled through the Services Portal.

To configure the Service Portal Conference settings:

1 Go to CONFERENCE > CONFERENCE, and then expand the Service Portal Conference menu.

2 Complete the settings as outlined in the following table.

Service Portal Conference Settings


Target URL Enter the IP address or hostname of the DMA server, using the syntax that follows:

https://[IP address or URL of the DMA]:8443/api/rest


Polycom, Inc. 51


Username Enter the name of the default or configured admin user on the MEA system. This user can be a local or Active Directory admin user on the MEA. The default user is meaconf.

Password Click [!] to enter the password of the meaconf user.

Enforce Certificate Validation

Select the check box to require that the MEA present a valid certificate for authentication to take place.

Routes This field is automatically populated with the information configured in the Lobby Rules settings. It should match the routes configured in those settings. The Default route for Services Portal conferences is scheduled.cloudaxis.local.

3 Confirm the fields in the Settings menu. They should match the settings as outlined in the VMR Settings.


Set the Server Date and Time The server date and time must be in sync with the date and time on the Service Portal. To ensure that dates and times remain synchronized among the various RealPresence components, a Network Time Protocol (NTP) is used.

To set the server date and time:


2 Select PLATFORM SETTINGS > DATE TIME to open the Date and Time screen.

3 Complete the settings in the configurable dialog boxes, as shown in the following table.

Date and Time Settings


NTP Server Enter the address of the NTP server.

Time Zone Select a time zone from the drop-down menu.

After the NTP Server and Time Zone have been set, the Date and Time in the next dialog is updated automatically.

4 Click UPDATE to save the settings.

Assign an IP Address You can use DHCP to obtain a server IP address, or you can set a static IP address for it. The default configuration is set to use DHCP to obtain an initial address; however, we recommend setting a static IP address for the Experience Portal server to use after the initial configuration.


Polycom, Inc. 52

To assign an IP address to the Experience Portal:

1 Go to PLATFORM SETTINGS > IP CONFIGURATION to open the Internet Protocol Version 4 (TCP/IPv4) Properties window.


Select the Obtain an IP address automatically check box if the Experience Portal server will obtain an IP address automatically using DHCP.

Remove the check mark in the Obtain an IP address automatically check box if you want to assign a static IP address to the Experience Portal server. Then complete the fields for the IP address and DNS server settings that you have assigned to the server instance.

3 Click UPDATE to apply the new settings.

Apply Experience Portal Settings You must restart the Experience Portal services to apply new configuration settings. The Administration tool offers the option of either restarting the MEA services or rebooting the server to apply the settings.

To restart the Experience Portal:

» Go to PLATFORM SETTINGS > RESTART, and do one of the following:

Click RESTART SERVICES to apply the changes and restart the Experience Portal and the Administrator user interface.

Click REBOOT SERVER to shut down the server and restart the operating system.

Update Experience Portal Software Update your Experience Portal software when a new software release version is available.

To deploy an updated version of Experience Portal software:

1 Obtain the new Experience Portal software *.OVA file

2 Deploy the *.OVA file using the instructions in Deploy the *.OVA Packages.

3 Use the instructions in the following sections to migrate the provisioning and state information from the existing server to this new Experience Portal instance.

Import Settings from an Existing Experience Portal Instance The settings.json file contains all of the configuration settings for the Experience Portal. You can import a settings.json file from a previous Experience Portal instance to a newly deployed Experience Portal server.

To import the Experience Portal settings:


2 Choose PLATFORM SETTINGS > MIGRATE to open the Import/Export Configuration settings.


Polycom, Inc. 53

3 When prompted, enter a valid Super Admin user name and password.

4 In the Import Configuration dialog, click Choose File. With Windows Explorer, browse to the settings.json file you want to import, and then click OPEN.

5 Click IMPORT to upload the new settings and refresh the page.

6 Go to PLATFORM SETTINGS > RESTART, and then click RESTART SERVICES to apply the changes and restart the Experience Portal and the Administrator user interface.

Export Current Experience Portal Settings Configuration settings are saved in the Experience Portal’s settings.json file. This file can be exported from the Experience Portal server to be imported into another Experience Portal server or saved as a backup. The file is downloaded locally and saved to the Downloads directory specified in your browser settings.

To export the Experience Portal configuration file:

1 Choose PLATFORM SETTINGS > MIGRATE to open the Import/Export Configuration settings.

2 When prompted, enter a valid Super Admin user name and password.

3 Click EXPORT to download the settings.json configuration file into the default downloads directory set for your web browser.

Note: Configuration application

After the configuration is imported, apply the configuration or restart the server to apply the configuration. Note that the license will be deactivated if two different instances on the Experience Portal are registered to the same Services Portal server.

Polycom, Inc. 54

Administer the Services Portal

In addition to performing the configuration steps required to set up communications on the portal, Administrators can perform an array of administrative tasks on the Services Portal. These tasks include managing trust certificates, work with log files to uncover and resolve problems, managing licenses, and updating standard email templates that are sent to CloudAXIS users.

The instructions in the following sections help you perform these administrative tasks.

Manage Trust Certificates The Services Portal requires a secure connection from any browser connecting to it. When a secure connection is established, the browser receives a trusted certificate verifying the identity of the Services Portal.

This section describes how to do the following:

● Generate Certificates and CSRs in the Services Portal

● View, Download, and Delete Certificates in the Services Portal

● Upload Certificates or a Certificate Chain

● Manage Logs

Note: Upload separate certificates to each RealPresence server component

The certificates created from CSRs generated by the Services Portal authenticate the user connection only to the Services Portal. A separate CSR must be externally generated for the other RealPresence components.

Generate Certificates and CSRs in the Services Portal To generate certificates and certificate sign requests (CSRs), you must send the CSRs to a third-party Certificate Authority for a digital signature and then upload the signed certificate. To upload certificates, see Upload Certificates or Certificate Chain.

Note: File extensions on certificate requests and certificates

When you generate a certificate request to be sent to a trusted authority, save the file with a *.csr extension. The file extension for a certificate is *.cer.

The certificates created from CSRs generated by the Services Portal authenticate the user connection only to the Services Portal. A separate CSR must be externally generated for the Experience Portal and RealPresence components. Send the externally generated CSR to a Certificate Authority; then upload the


Polycom, Inc. 55

signed certificate and key to the components and Services Portal. For uploading to the Services Portal, see the following procedure.

Caution: Overwrite warning

Before following this procedure, be sure the Services Portal requires a new certificate or CSR. Generating a new certificate or CSR overwrites the previous one. To check, see View, Download, and Delete Certificates.

To generate certificates and CSRs in the Services Portal:


2 Select PLATFORM SETTINGS > CERTIFICATE to open the Generate CSR/Certificate tab.

3 Enter values in the text boxes as shown in the next table.

Generate CSR/Certificate


Operation Type In the drop-down box, choose one of the following:

CSR Generates a Certificate Signing Request (CSR). Send the CSR to a third-party Certificate Authority for a digital signature then upload the signed certificate to the server. For instructions on how to upload the certificate, see Upload Certificates or Certificate Chain.

Certificate Generates a self-signed certificate.

Type From the drop-down box, select WebServer.

Organization Enter the name of your organization.

Organizational Unit Enter the name of your organization unit.

Country Enter the two-letter ISO code for the country where your organization is located.

State Enter the full name the state where your organization is located.

Location Enter the city or location of your organization.

Sub Alternate name Enter the list of host names protected by this certificate, separated by commas.

4 Click GENERATE.

5 Restart the Services Portal Server and the tomcat6 and nginx servers.

To restart the Tomcat6 and nginx servers:

1 Using an SSH client, open the Services Portal restricted shell using its assigned FQDN.

2 Log in as a privileged administrator using caxis for both your username and password.


Polycom, Inc. 56

3 Restart the web-related servers using the following commands:



View, Download, and Delete Certificates in the Services Portal

Super admins use the certificate list to confirm whether a certificate is needed and to delete obsolete certificates. This section outlines how to view, download, and delete certificates in the Services Portal.

To view, download, or delete certificates and CSRs:

1 Select PLATFORM SETTINGS > CERTIFICATE, and open the Certificate list tab to display existing certificates.


Click View to view and/or download the certificate. Then follow these steps:

Copy the entire hash from ----- BEGIN CERTIFICATE to ----- END CERTIFICATE.

Paste the text into a text editor.

Rename the file extension *.cer. If the file is a CSR, you can now send the file to a third-party CA for signing.

Click DELETE to delete the certificate.

This option is available only to WebApp-trust certificates. Webserver certificates can be regenerated or uploaded only as a Certificate Authority–signed certificate. To generate a WebApp certificate, see Generate Certificates and CSRs.

Caution: Avoid deleting valid trust certificates

Deleting valid trust certificates can result in the issuance of invalid certificates and disrupt access to critical services in an organization.

Upload Certificates or a Certificate Chain

In the Services Portal, Super Admin users can upload the following two types of required certificates:


Polycom, Inc. 57

● Third-party certificates signed by a Certificate Authority

● Trust certificates

Note: Browser requirements for uploading certificates

Internet Explorer supports uploading certificates only in version 10 or higher. If you have Internet Explorer 8 or 9, download version 10 or use another browser, such as Chrome or Firefox, to upload certificates.

This section shows you how to upload signed third-party and trust certificates to the Services Portal.

Upload a third-party, signed certificate to establish a secure communication with users and verify the identity information of Services Portal servers.

To upload a third-party signed certificate to the Services Portal:


2 Go to PLATFORM SETTINGS > CERTIFICATE and click the Upload Certificate tab, as shown next.

3 From the Type drop-down menu, select WebServer Own.

4 Click Choose File.

5 Navigate to the certificate or certificate chain, and click Open to select the file.

6 Click UPLOAD.

7 From an SSH command prompt, restart the nginx and Apache Tomcat servers using the following commands:



Upload a trust certificate for servers that require secure communication, such as the Active Directory server, SMTP server, and DMA system.

To upload a trust certificate to the Services Portal:


2 Go to PLATFORM SETTINGS > CERTIFICATE and click on the Upload Certificate tab.

3 From the Type drop-down menu, select WebServer Trust.


Polycom, Inc. 58

4 Click Choose File.

5 Navigate to the certificate, and click Open.

6 Click UPLOAD.

7 From an SSH command prompt, restart the Apache Tomcat server using the following command:


Use Wild Card Certificates in the RealPresence CloudAXIS Suite

You can generate an external CSR that includes both the Experience Portal and Services Portal FQDNs in the SAN field. This CSR can be signed by a third-party Certificate Authority and uploaded to the portals. Upload the private key and signed public key to both the Services Portal and the Experience Portal.

Configure Certificates for Reverse Proxy

To configure the RealPresence CloudAXIS Suite solution with Reverse Proxy, upload the signed public certificate of the Services Portal and the Experience Portal as trust certificates to the Reverse Proxy server.

Work with Logs The Services Portal log levels are listed in a drop-down menu in order of greatest to least detail. When you select a log level, the Services Portal begins producing logs at the specified level of information. When you are ready to view log files, you can download log files for viewing.

This section explains each log level, shows you how to select a log level to print, and shows you how to download the log file.

Note: For day-to-day operations, set the log level to INFO

In a production environment, we recommend setting logging to INFO or below. Set to more detailed levels when you’re troubleshooting an issue, and then return the setting to INFO or below for day-to-day operations.

To select a log level or download the log file:

1 Select PLATFORM SETTINGS > LOGS to open the following screen.


Polycom, Inc. 59

2 Click the Level drop-down menu to display all log level options, in hierarchical order, as shown next.

Choose the type of logging you need:


ALL Turns on all logging.

TRACE Logs more detail than a Debug log. These logs are also helpful for debugging.

DEBUG Logs fine-grained information that is helpful for debugging.

INFO Logs messages that highlight the progress of the application at a coarse-grained level.

WARN Logs conditions that can be potentially harmful to the server environment.

ERROR Logs errors that might still allow the Services Portal to keep running.

OFF Turns off the logging.


Click UPDATE to begin logging from the selected level.

Click DOWNLOAD to download the selected log file.

Note: Log Level Hierarchy

When a log level is selected, all levels of logging beneath the selected level are included in the information. For example, if you choose INFO in step 2, the DEBUG and TRACE levels will also appear in your downloaded logs.

Activate CloudAXIS Licenses You activate the licenses for the Services Portal and the Experience Portal through the Services Portal.

Activate both types of licenses in either an online or an offline mode:

● Online mode License information is sent directly to the Flexera license server for activation; the Services Portal must have Internet access for the activation to be completed.

● Offline mode A file is prepared and sent to Polycom so that the Flexera license server can activate the license and send back an activation file.

Online and offline license deactivation are also available.


Polycom, Inc. 60

You must activate the Services Portal license, which is your CloudAXIS product license, before you can configure the Services Portal.

To activate the Services Portal license in online mode:

1 Open your Services Portal and log in using Super Admin credentials.

2 Select PLATFORM SETTINGS > LICENSE to open the default Online Activation screen.

3 Activate your Services Portal license by entering your three activation keys in the appropriate Activation Key fields.

These activation keys will have been sent to you in an e-mail after your purchase of a CloudAXIS product. For example, you will receive your activation key information in the following format in an e-mail.

4 Click ACTIVATE at the bottom left of the screen.

The screen refreshes, as shown next. A message indicates the license activation was successful, and a list of activated licenses is displayed.


Polycom, Inc. 61

5 Click + ACTIVATE MORE USERS to activate an additional 100 users.

Each listed activation key includes a Deactivate option next to the license number. To reuse a license on a new instance, you must first deactivate it on the old instance.

To deactivate a Services Portal license in online mode:

1 On the Platform License Settings page, click the Deactivate option to deactivate an active license.

2 Call Polycom Support to generate another activation key with another device ID.

To activate a Services Portal license in offline mode:

1 Select PLATFORM SETTINGS > LICENSE.

2 From the Mode drop-down box, choose Offline Activation.

3 Enter the three activation keys that were sent to you in an e-mail after you purchased your CloudAXIS product on the next screen, as shown. Copy the Services Portal Activation Key (the last key in the e-mail), and paste it into the Service Portal Activation Key field, as shown.


Polycom, Inc. 62

4 Click the Download Activation Request File link for the Services Portal. A *.bin file is sent to your computer, and this activation request file downloads.

5 Open a supported web browser and find the *.bin file from the RealPresence CloudAXIS Suite Licensing Center.

6 Log in to the Licensing Center with your credentials.

7 Select the Upload Capability Request option from the left side of the screen, as shown next.


Polycom, Inc. 63

8 In the Upload Capability Request screen, browse to the file that was downloaded in step 4, and then click SEND. The Flexera system responds by sending back the response.bin file.

9 Save the *.bin file to your local PC.

10 Under Upload Activation Response File, click Choose File (shown next) to select and upload your activation response file.

11 Select ACTIVATE to activate the Services Portal license. A message will appear stating that the license has been activated.

You must also activate the Experience Portal license, which lets you determine the number of CloudAXIS product users.

Caution: Configure the Experience Portal license URL first

The Experience Portal license URL must be configured before setting Experience Portal licenses on the Services Portal.


Polycom, Inc. 64

To activate the Experience Portal connection to the Services Portal:


2 Go to PLATFORM SETTINGS > LICENSE to open the License screen, as shown next.

3 In the License Server URL field, enter the URL of the Services Portal being used to procure your licensing information.

4 In the License Server Credentials fields, enter the Username and Password being used to access the License Server.

5 Click APPLY to apply the new settings.

To view the license information in the Experience Portal:


2 Go to PLATFORM SETTINGS > LICENSE, and then click DISPLAY LICENSE INFO to display information regarding Experience Portal Licenses.

To activate the Experience Portal license from the online mode:

» Repeat steps 3 to 11 from the Services Portal online procedure to activate the Experience Portal.

To deactivate the Services Portal license from the offline mode:

1 Call Polycom Support to receive a Deactivation Response File.

2 Access this file from the RealPresence CloudAXIS Suite Licensing Center.

3 On the left toolbar under Devices, select Search Devices, as shown next.


Polycom, Inc. 65

4 Look for the device ID of the system that you are deactivating. Select that device ID to open the View Device screen, shown next.

5 Click Remove Add-Ons to open the Remove Add-Ons screen, as shown.

6 In the Quantity to Remove box, enter 1; then click REMOVE ADD-ONS.

7 On the View Device screen, click Download Capability Response. This will provide you with a response file.

8 Open the Services Portal license page and select Deactivation to open the dialog shown here.


Polycom, Inc. 66

9 In the Upload Deactivation Response File drop-down box, select the response file that you acquired in step 7.

10 Click YES. A message indicates that deactivation was successful.

To deactivate the Experience Portal and Concurrent Users licenses:

» Repeat the preceding 10 steps for the Services Portal to deactivate the Experience Portal and Concurrent Users licenses.

Customize E-mail Templates You can customize the e-mail templates used to create and send meeting and user account management announcements. You can also view, download and edit, or replace any of the packaged e-mail templates. Only users with Super Admin privileges can edit e-mail templates.

Caution: Edit E-Mail templates only if you understand HTML syntax

Edit e-mail templates only if you are familiar with HTML and understand how to edit HTML templates. If you intend to modify references or directives in the templates, you should be familiar with Apache Velocity (http://velocity.apache.org). Before editing any template, review HTML Variables Used in E-mail Templates to understand how the WSP e-mail templates are structured.

To view an e-mail template:

1 Select SETTINGS > EMAIL to display the SETTINGS Customize e-mail templates screen, shown next.


Polycom, Inc. 67

2 Click View to open a View Template screen for any of the existing e-mail templates.

3 From the View Template screen, click CLOSE to return to the Customize e-mail templates screen.

To download and customize an e-mail template:

1 Click Download to begin downloading an HTML file to your browser’s Downloads directory.

2 Click Save if required to complete the download.

3 Edit the template using your preferred text or HTML editor.

Note: Template editing tools and tips

Edit templates using the HTML Editor Sublime at http://www.sublimetext.com/. Use valid HTML Syntax. See HTML Variables Used in E-mail Templates for information on how packaged CloudAXIS e-mail templates are structured.

To replace an existing e-mail template:

1 Click Replace Template to update an existing template with an edited template. The following options appear on your screen:

2 Click Select Template, to open a browser window and select from the local drive the edited HTML file you want to upload.

3 Click Preview and Upload to view the template, and then click Upload to activate it.

Note: Template file size

File size is limited to 1MB per template. To keep file size below 1MB, use URL links to add images to HTML templates, and ensure that users receiving the e-mail messages have access to the URL containing the images.


Polycom, Inc. 68

HTML Variables Used in E-mail Templates Variables, methods, and conditional statements are referred to in Apache Tomcat as references and directives, which start with a $ or # tag (for example, $Username, #if, #end). The e-mail templates contain references and directives that are used to specify per-instance information that can be included in an e-mail generated from a template. These references and directives are dynamically replaced with information specific to the meeting or user management operation being reported.

Template files include both standard HTML instructions and references or directives that the Services Portal substitutes with instance-specific details when an individual e-mail is generated. References and directives can be added, moved, or removed, but only when they are defined as being valid for the type of e-mail message being used.

Commonly Used Directives

The following references or directives are used in e-mails concerning user and password management.

Directives for e-mail and password management

Reference/directive Description

$FIRSTNAME First name of the user for which the account was created or the password modified.

$WSP_URL URL of the Services Portal on which the account was created or the password modified.

$USERNAME The username the user can use to log into the Services Portal.

$PASSWORD The password the user can use to log into the Services Portal.

The following references or directives in the following table are used in e-mails concerning meeting invitations and cancellations.

Directives for meeting invitations and cancellations


$EVENT_STATUS_HEADING Set either to Invitation or Update, depending on whether the e-mail is being sent to announce a new scheduled meeting or one whose details have been modified, respectively.

$EVENT_STATUS_BODY Set either to created or updated, depending on whether the e-mail is being sent to announce a new scheduled meeting or one whose details have been modified, respectively.

$CREATED_BY_NAME The name of the user who has scheduled the meeting.

$CREATED_BY_MAIL The e-mail address of the user who has scheduled the meeting.

$EVENT_NAME The name of the meeting as it was defined in the Services Portal.


Polycom, Inc. 69


$EVENT_TIME_GMT The scheduled start time of the meeting expressed relative to Greenwich Mean Time.

$EVENT_DURATION The scheduled duration of the meeting.

$EVENT_DESCRIPTION The agenda of the meeting as defined in the Services Portal.

$VMR The VMR number for the meeting.

$HTTPS The secure web URL for joining the meeting.

$MEETING_PASSCODE The passcode required to join the meeting.

$TOKEN Encoded string which is hidden (by changing the text color to the background color) and which is read by HDX/GS to populate the meeting details in the calendar section of the respective device. It is present at the bottom of the page (just above the copyright).

It is in the following format.

DO NOT EDIT BELOW THIS LINE

--=BEGIN POLYCOM VMR ENCODED TOKEN=--

Directives Associated with Endpoints

The following example construct in the template encloses an iterative loop that is walked so that all of the applicable access points (each endpoint in the script) can be listed in the invitation.

#set( $geo = "null") #foreach( $endpoint in $endpoints ) #if($geo != $endpoint.getGeoZone()) #set( $geo = $endpoint.getGeoZone()) )#end #end

Use any of the following directives in the preceding loop to include appropriate endpoints in an invitation.

$endpoint.getGeoZone() The location string associated with the current access point

$endpoint.getTransport() The transport type (SIP, H.323, PSTN, and so on) associated

with the current access point

$endpoint.getUrl() The dialstring associated with the current access point.

Sample Directives

Following are two sample template images that point to various references or directives.


Polycom, Inc. 70

$FIRSTNAME reference/directive

$EVENT_STATUS_HEADING reference/directive

Reset an E-mail Template If you have customized an e-mail template but no longer want to keep the changes, you can reset the template to the default that was shipped during installation.

Any template that has been edited includes a Reset button among its options in the Customize e-mail templates page.


Polycom, Inc. 71

To reset a template to the factory setting:

» Click Reset to revert to the factory template.

Enable or Disable Social Policies With social networking contacts enabled, users can send conference invitations in an instant message to online contacts listed in their Facebook or Google Talk accounts. Before users can access their social networking contacts, you must create apps that allow access to contact lists. See Create a Google Talk App and Create a Facebook App. These apps share only the names in the contact lists. Other personal information is kept private.

Note: Download the CloudAXIS Social Plug-in

Using any of the social connectors also requires that users download the CloudAXIS Social Plug-in by clicking on the Contacts option in the Experience Portal. For more information, see the RealPresence® CloudAXIS™ Suite User Guide.

After you have created apps for Google Talk and/or Facebook, you must enable the social policy settings for each app in the Services Portal.

To enable access to social networking contacts:


2 Select SETTINGS > SOCIAL POLICY to open the Social Policy SETTINGS screen.

3 Select the check boxes for Google Talk or Facebook to enable social policy options for that application and allow contact lists to be accessed from the Experience Portal.

Selecting Google Talk and/or Facebook displays the App ID and App Secret text boxes.

4 Add the App ID and App Secret information for the social networking application you are enabling.

5 Click UPDATE.


Polycom, Inc. 72

To disable access to social networking contacts in the Service Portal:

» Remove the checkmark from the app you want to disable, and then click UPDATE.

Add Language Packs to the Services Portal Localize your Services Portal by uploading a language pack made available by Polycom.

To upload a language pack:

1 Go to SETTINGS > LANGUAGE to open the SETTINGS screen for language packs, shown next.

2 Click the View Supported languages link to see a list of the languages that are supported and available on your Services Portal.

3 Click CLOSE to return to the SETTINGS LANGUAGE PACK screen.

4 To upload a new language pack, click Choose File to browse network or local drives and select a language pack file to be uploaded, and then click UPGRADE.

You can return to an earlier version of a Language Pack by clicking REVERT TO THIS VERSION.


Polycom, Inc. 73

Administer the Experience Portal

While most CloudAXIS administrative tasks are completed on the Services Portal, a few administrative tasks must be completed on the Experience Portal, including managing trust certificates, viewing and downloading logs, and uploading language packs for localization. The following sections show you how to perform those tasks.

Manage Trust Certificates and CSRs Because of the secure nature of communications occurring between the CloudAXIS portals, trust certificates are required to manage encryption. Refer to Use Wild Card Certificates for RealPresence CloudAXIS Suite to generate a wild card certificate.

Note: Upload separate certificates to each RealPresence Server component

The certificates created from CSRs generated by the Experience Portal authenticate the user connection only to the Experience Portal. A separate CSR must be externally generated for the other RealPresence components.

Generate a Certificate Signing Request (CSR) on the Experience Portal To obtain certificates, you must generate a CSR and send it to a Certificate Authority. From your certificate authority, obtain both a certificate for your server and intermediate and root certificates necessary for the certificate chain to have a complete path to the Certificate Authority’s root certificate, with all certificates in Base 64 format. After you have obtained the certificates, upload them to your experience portal.

Send the externally generated CSR to a Certificate Authority; then upload the signed certificate and key to the components and Services Portal. For uploading to the Services Portal, see Upload Certificates or Certificate Chain.

Note that you must log in as a Super Admin to create certificates and CSRs. To determine your account type, see Account Roles.

Caution: Overwrite Warning

Before following this procedure, be sure that new certificates or CSRs are required before generating new certificates. Generating a new certificate or CSR overwrites the previous one. To check, see View, Download, and Delete Certificates in the Experience Portal.

To generate a certificate signing request (CSR):



Polycom, Inc. 74

2 Go to PLATFORM SETTINGS > CERTIFICATE > Generate CSR/Certificate.

3 Enter values in the text boxes as shown in the table.

Values for Generating CSR/Certificate Tab


Operation Type In the drop-down box, choose one of the following:

CSR Generates a Certificate Signing Request (CSR). Send the CSR to a third-party Certificate Authority for a digital signature then upload the signed certificate to the server. For instructions on how to upload the certificate, see Upload Certificates or Certificate Chain.

Certificate Generates a self-signed certificate.

Type From the drop-down box, select WebServer.

Organization Enter the name of your organization.

Organizational Unit Enter the name of your organization unit.

Country Enter the two-letter ISO code for the country where your organization is located.

State Enter the full name the state where your organization is located.

Location Enter the city or location of your organization.

Sub Alternate name Enter the list of host names protected by this certificate, separated by commas.

4 Click GENERATE.

Upload a Certificate on the Experience Portal The Experience Portal certificates separate from those uploaded to the Services Portal.

To upload a trust certificate:


2 Go to PLATFORM SETTINGS > CERTIFICATE > Upload Certificate.

3 From the Type drop-down menu, select a certificate type, as described in the following table:

Certificate Types


Server Certificate A certificate generated by a trusted server.

Server Key A private key certificate. It should match the Server Certificate.

CA Certificate A certificate chain provided by the Certificate Authority.

4 Click Choose File to navigate to and open the certificate or certificate chain you want to upload.

5 Click UPLOAD.


Polycom, Inc. 75

6 After uploading all three certificates, restart the MEA services.

Download a CSR for Signing To have a certificate signed by a certificate authority, you must download it from the Experience Portal and forward it to your preferred trusted authority.

To download a certificate for signing, follow these steps:


2 Go to PLATFORM SETTINGS > CERTIFICATE, and then open the Certificate List tab to display existing certificates.

3 On the line designated for csr, click VIEW.

In the certificate screen, copy the entire hash, from ----- BEGIN CERTIFICATE to ----- END CERTIFICATE.

4 Paste the text into a text editor.

5 Save the file, and rename the file extension *.csr.

6 Send the file to a third-party Certificate Authority for signing.

View, Download, and Delete Certificates in the Experience Portal Super admins can use the certificate list to confirm whether a certificate is needed and to delete obsolete certificates. This section outlines how to view, download, and delete certificates in the Experience Portal.

To view, download, or delete certificates and CSRs in the Experience Portal:


2 Go to PLATFORM SETTINGS > CERTIFICATE, and then open the Certificate List tab to display existing certificates.


Polycom, Inc. 76


Click View to view and/or download a certificate. Then follow these steps:

a Copy the entire hash from ----- BEGIN CERTIFICATE to ----- END CERTIFICATE.

b Paste the text into a text editor.

c Rename the file extension *.cer. If the file is a CSR, you can now send the file to a third-party CA for signing.

Click DELETE to delete the certificate.

This option is available only to WebApp-trust certificates. Webserver certificates can be regenerated or uploaded only as a Certificate Authority–signed certificate. To generate a WebApp certificate, see Generate Certificates and CSRs.

Add Language Packs to the Experience Portal You can configure the Experience portal to display in one of several languages other than English. The language settings in the Experience Portal should match those set in the Services Portal.

Localization capabilities include the following:

● Uploading a language pack

● Removing a language pack

Note: Experience Portal localization supported for the portal

Experience Portal localization is currently supported only for the user Experience Portal, not for the admin portal.

To upload a language pack:



Polycom, Inc. 77

2 Select LANGUAGE to open the Upload Language Pack screen.

3 Click Choose File to select a specific language pack.

4 Browse to the location of the desired language pack, and then click UPGRADE to upload the language pack.

Manage Experience Portal Log Files Log files can help you troubleshoot problems in your CloudAXIS environment. The following sections show you how to manage and download log files.

Set the Log Level The portal produces logs at the level you have specified in the log settings. The level of detail is greatest in DEBUG mode and least in ERROR mode.

To set the log level on the Experience Portal:


2 Go to PLATFORM SETTINGS > LOGS to open the Log Settings screen.

3 In the Level drop-down menu, select ERROR, INFO, or DEBUG to set the level of detail you want to include in your logs

4 Click UPDATE for the system to begin producing logs at the level you have selected.

Download and View Log Files After the Experience Portal has logged information to help you troubleshoot problems, you can download copies of the log files to be viewed by a Polycom Support representative.

To download log files:


2 Go to PLATFORM SETTINGS > LOGS to open the Log Settings screen.


If logging is currently set to the level of log you want to work with, click DOWNLOAD to download a *.zip file containing a set of system logs to your browser.

If logging is not set to the level you want to work with, follow the preceding instructions to set the log level. Then let the system run long enough to generate enough log information to help you solve any issues that may be occurring. Return to the Log Settings screen, and click DOWNLOAD to download a *.zip file containing a set of system logs to your browser.

4 Open the individual log files within the *.zip file as needed.

Polycom, Inc. 78

Manage User Accounts

After you have successfully deployed and configured your Services Portal, you can create user accounts locally or add users through the Active Directory domain. The Experience Portal references users set up in the Service Portal. The account types you create depend on your account role. See Account Roles for an explanation of each account role.

In this section, you will learn how to manage user accounts, including information on how to do the following:

● Account Roles

● Create Accounts

● Edit User Accounts

● Delete a User Account

● Change Your Password

● Reset a User Password

Account Roles Except for the Super Admin user account used to configure settings in the Experience Portal, user accounts for the CloudAXIS environment are managed in the Services Portal. The application supports three account roles, each of which determines your account type and a different set of capabilities:

Super Admin This role manages the Services Portal settings and creates and edits other Super Admin, admin, and user accounts. The Super Admin user cannot schedule meetings. A separate Super Admin account manages the Experience portal.

Admin This role creates and manages admin accounts, user accounts, and online video conference meetings. This administrator role cannot change server settings.

User This role creates, manages and attends online video conference meetings

Note: Identifying your role

Logging in to the Services Portal and comparing your available tabs with the preceding figures is a good way to confirm the role you are signed in with.

When logging into the Services Portal, each type of user sees a different menu, reflecting the types of tasks each user is allowed to perform. Options on each menu include:

● Super Admin User Management, Settings, and Platform Settings.

● Admin Schedule, Calendar, Address Book, and User Management.

● Users Schedule, Calendar, and Address Book.

Polycom, Inc. 79

Change System Administrator Settings You can change the System Administrator password at any time using the Administrator Settings menu at the top right-hand corner of the main Administrator screen.

To change the System Administrator application password:


2 Click the settings gear in the upper right-hand corner of the Administrator user interface.

3 From the ADMINISTRATORS list, click [!] next to the name of the user whose password you want to change.

4 Follow the prompts to enter a new password.

5 Click CHANGE to change the password.

Create Accounts Super admin and admin users can create accounts from the Active Directory or locally from the Services Portal. This section shows you how to add active directory users and how to create local accounts.

Caution: Set secure passwords for default required accounts

Change the passwords for these default accounts as soon as possible. Failure to change them could allow any user to log in to the Services Portal with Super Administrator credentials.

The following required accounts are shipped with the software. They cannot be deleted.

Required CloudAXIS user accounts


admin Use to access the Services Portal (Username/Password = admin/admin)

meaconf Use for conference communication with the Experience Portal. (Username/Password = meaconf/meaconf)

meaauth Use for authentication communication with the Experience Portal. (Username/Password = meaauth/meaauth)

measys Use for license communications with the Experience Portal. (Username/Password = measys/measys


Polycom, Inc. 80

Add Active Directory Users The LDAP server configuration grants access to the Services Portal for all the users in the Active Directory without requiring the administrator to create each Services Portal account explicitly. By default, the Services Portal assigns user roles to all the Active Directory accounts.

You can import Active Directory users into the Services Portal. These imported users are automatically enabled and remain enabled until their accounts have been explicitly disabled. Confirmation e-mails are not sent when an Active Directory user is imported.

Add a user from the Active Directory only if you need to change the default user role or block a user. To change the default user role, see Edit Accounts Imported from the Active Directory.

To add Active Directory users:

1 Log in to the Services Portal as an Admin or Super Admin.

2 Select the USER MANAGEMENT tab to display the USERS screen, as shown.

3 Click + LDAP USER.

4 In the Import Active Directory Users search box, enter the name of the user you want to add, and press Enter.

5 Select the check box next to each user you want to add.

6 Click ADD.

Note: Active Directory default user roles

Users added from the Active Directory are assigned the user role by default. To change the role type, see Edit Accounts.

Add Local Users In the Services Portal, Super Admin and admin users can add other local users. This section shows you how to create local accounts.

To add local users in the Service Portal:

1 Log in to the Services Portal as an Admin or Super Admin user.

2 Select the USER MANAGEMENT tab.

3 In the USERS screen, click + User.


Polycom, Inc. 81

4 Type the relevant user information in the text boxes provided.

5 Select a user type in the User Role drop-down. For more information on user types, see Account Roles.

6 Click Add. An e-mail is sent to the newly created user containing his or her username, password, and URL.

You can edit and delete the accounts you create in the Services Portal. For more information, see the following sections..

Edit User Accounts The Services Portal enables admin and Super Admin users to edit accounts imported from the Active Directory or created locally. You can edit all fields for a local account, but you can access only two fields—role type and enable/lock—in an account imported from the Active Directory. This section shows you how to edit both Active Directory and local accounts.

Edit an Account Imported from the Active Directory This section shows you how to edit an account created from Active Directory. You can only edit the role type and enable/lock options in accounts imported from Active Directory. Only a Super Admin user can change a role type to Super Admin.

To edit a user account imported from the Active Directory:


2 Select the USER MANAGEMENT tab.

3 In the USERS screen, type the user’s name in the search box. Then press Enter on your keyboard or use the scroll bar to look for the user’s name.

4 Click the next to the account name to edit that account.

5 From the Edit User screen, select a role type in the User Role drop-down box.


To activate the user’s account, check the Enable User check box

To remove and disable the user’s account, clear the Enable User check box.

7 Click SAVE.

Edit a Locally Created User Account Super Admin users can change all of the fields in a locally created account. Admin users can change all of the fields in a locally created account except for the role in a Super Admin account. To determine your account type, see Account Roles.

This section shows you how to edit a locally created user account.


Polycom, Inc. 82

To edit a local user account:


2 Select the USER MANAGEMENT tab to display the USERS screen.

3 Locate the account by entering the user’s name in the search box and pressing Enter on your keyboard, or by finding that account in the NAME column.

4 Click the user account’s icon to edit any of the fields for that account in the Edit User screen.


To activate the user’s account, check the Enable User check box

To remove and disable the user’s account, clear the Enable User check box.

6 Click Save. An e-mail containing the username, password, and URL is automatically sent to the owner of the edited user account.

Delete a User Account Users with Super Admin accounts can delete other Super Admin, admin, and user accounts. Users with admin accounts can only delete other admin and user accounts. To determine your account type, see Account Roles.

This section shows you how to delete a user account.

To delete a user account:


2 Select the USER MANAGEMENT tab to open the Users screen.

3 Locate the account by entering the user’s name in the search box and pressing Enter. The user’s name, username, e-mail address, type, role, and status are shown in the USERS search screen.

4 Click the next to the account name.

5 In the Delete this User? dialog, click Delete to remove the user.

Change Your Password This section explains how to change your password.

To change your password:

1 Log in to the Services Portal. Your name appears in the top right corner of the screen.


Polycom, Inc. 83

2 Click the icon to the left of your name, as shown, to open the Change Password dialog.

3 Enter your current password and new password, and confirm the new password, as prompted.

4 Click CHANGE to change your password.

Reset a User Password An Admin or a Super Admin can reset a user’s password. This provides greater organizational security as it will prevent former or unauthenticated members of your organization from being able to log in to the Services Portal.

Caution: Reset passwords only for users with valid e-mail addresses

Passwords should be reset only for accounts with valid e-mail addresses. Resetting a password for an account with an inactive e-mail address will lock out the user.

To reset a password:


2 Click USER MANAGEMENT to display the USERS screen.

3 Locate the user in the NAME column, type the user’s name from the USERNAME column into the search box, and press Enter on your keypad.

4 Click the icon next to the account name to open the Change Password dialog.

5 In the Change this user’s password? dialog, enter a new password in the Password field, and then click Change. The Services Portal sends the user an e-mail containing the new password.

Polycom, Inc. 84

Provide Secure Access for Guest and Remote Users

The following section helps you provide invited guests and remote users with controlled access to your organization’s unified communications infrastructure while preventing unwelcome intrusion.

Secure Web Access Conferences take place in the Experience Portal. To provide conference access to guest users joining from outside your organization’s firewall, they must be able to access the Experience Portal from the public Internet. Access to the Services Portal, however, is required only for users who create and host conferences, who are typically members of your organization. Providing direct external access to the Services Portal component is left to the administrator’s discretion.

At least two different options can be used to provide access from external networks:

● Configure NAT functionality in your organizational firewall, or another edge device, to map HTTPS port 443 from the external IP address assigned for the Experience Portal to its internal IP address. Do the same for the Services Portal (if desired).

● Use a reverse proxy product to provide external HTTPS access to the Experience Portal. Do the same for the Services Portal (if desired).

The proxy selected should support the following features:

Forwarding of the Web Sockets protocol (RFC 6455)

Traffic routing based on HTTP host headers. This is required only when you want to route a single external IP address to multiple internal web applications. In this case, multiple DNS records (such as meet.contoso.com and schedule.contoso.com) can be configured to point to the same IP address; the reverse proxy forwards web traffic to the appropriate IP address based on the host name in the HTTP request header.

The Polycom RealPresence Access Director (RPAD) product versions 3.0 and higher can be configured to perform this function. For more information, see the Working with Access Proxy Settings section of the Polycom RealPresence Access Director System Administrator’s Guide at www.support.polycom.com.

Tunnel Access for Remote Users Restrictive firewall policies on remote networks may block egress for UDP-based traffic, limit TCP egress to ports 80 and 443, and in some cases require that those ports be forwarded by a local proxy. To enable guest access for clients joining from such a restrictive network, you can enable the HTTPS Tunneling feature on RealPresence Access Director and define a TUNNEL access point in Connect CloudAXIS Instances to an Existing Polycom DMA System and RPAD Server. If remote endpoints cannot establish a native SIP/RTP connection to the edge proxy (by accessing UDP port 5060), the signaling and media can


Polycom, Inc. 85

be tunneled through HTTPS to the edge proxy. The result is that video and audio connectivity can be established from very restrictive remote network environments.

Limitations associated with tunneling:

● Tunneling requires that Real Presence Access Director version 3.1 or later be used as the TUNNEL access point. Third-party edge proxy products such as Acme Packet cannot serve this function.

● Upon joining a meeting in tunneled mode, RealPresence CloudAXIS Suite clients receive an indication that they attending the meeting in “Limited Experience Mode”. Currently, in a tunneled call, users cannot send or receive shared content.

If the RealPresence CloudAXIS Suite client determines that network bandwidth or quality is insufficient to allow for high-quality video to be sent across the tunnel, the connection will automatically fall back to an audio-only conference mode. This may occur immediately when a user joins the conference or while the conference is in progress.

For more information, refer to “Working with Access Proxy Settings” in the latest release version of Polycom RealPresence Access Director System Administrator’s Guide.

Note: Certificates for HTTPS Proxy with the Experience Portal

If you add host header next hops, you must specify the host FQDNs as Subject Alternative Names (SANs) in the Certificate Signing Request for the RealPresence Access Director system.

Secure SIP Access for Guests Enabling SIP guest access is the most convenient way to allow video and audio access from organizations and individuals that are not federated with your organization. For this reason, the CloudAXIS web client functions by default in a guest mode; it neither registers nor authenticates itself with your organization’s SIP gatekeeper, which is typically a Polycom DMA device. This may be true even if the DMA device is used by individuals who belong to your organization and/or connect from within your organizational firewall.

Similarly, the RealPresence Mobile software endpoint for mobile devices, with SIP registration and authentication capabilities, does not register or authenticate with the target SIP gatekeeper when it joins a conference in response to the user clicking on the Join Now button from the CloudAXIS Experience Portal.

You can enable authenticated SIP access for verified members of your organization by configuring the SIP username and password information in the Services Portal DMA settings. When authenticated SIP access is enabled, these credentials are automatically and securely provided to supported endpoints for the members of your organization who have authenticated to the Services Portal web interface. Supported endpoints include the CloudAXIS web client and Polycom RealPresence Mobile v3.1 and above, which attempt to authenticate to the SIP gatekeeper, if challenged, using the supplied credentials. Users benefit from authenticated dialing, which may include access to a less restrictive dial plan, as recommended in a following section.


Polycom, Inc. 86

Guest users who have not authenticated to the Services Portal web interface but are supplied an external e-mail address when attempting to join a meeting will not be provided the SIP credentials and will always dial as unauthenticated SIP callers subject to the dialing rules for unauthenticated endpoints.

Because the CloudAXIS web client typically functions in guest mode, the CloudAXIS solution requires SIP guest access for external users wanting to join meetings via the Web Client and Experience Portal. You can also provide H.323 guest access at your discretion to facilitate access from other types of endpoints.

Edge Proxy Access for Guests To enable guest access across your organization’s edge proxy device, refer to one of the following Polycom publications. Follow the recommendation for enabling endpoint authentication on the applicable DMA device as described in these guides.

See “Deploying the Basic RealPresence Access Director System Solution to Support Remote and Guest Users” in Deploying Polycom Unified Communications in RealPresence Access Director™ System Environments at http://support.polycom.com/PolycomService/support/us/support/network/security_firewall_traversal/realpresence_access_director.html.

See “Deploying the Polycom—Acme Packet Solution to Support Remote and Guest Users” in Deploying Polycom Unified Communications in an Acme Packet Environment.

Note that edge proxies, including the RealPresence Access Director, may require that authenticating and non-authenticating callers distinguish themselves by sending SIP requests to a different port or by using a special dialing prefix. To facilitate this, specify the correct Auth Mode when configuring access points in the Services Portal configuration (see Connect CloudAXIS Instances to an Existing Polycom DMA System and RPAD Server). It may be necessary or desirable to specify two different access points corresponding to the same edge device, one for AUTH users and one for NoAUTH users, with each access point entry specifying a different port number and/or dial prefix to use for the corresponding access case.

Additional Recommendations to Increase Security Follow these recommendations to secure the privacy of your conferences and to prevent misuse of your videoconferencing infrastructure:

Use temporary rather than persistent (personal) VMRs when creating meetings that include untrusted guests. This is the default Services Portal behavior used whenever the Use Personal VMR has not been checked on the Schedule a Meeting screen, as shown next. Using temporary VMRs helps ensure that guests will be able to access only the particular conference session you are inviting them to.

See the Polycom RealPresence CloudAXIS User Guide for additional information.

Select the Require Authentication check box on the Schedule a Meeting screen to provide an additional level of access control.

Select the Generate VMR From Range checkbox on the Services Portal DMA CONFIG tab to generate temporary conferencing IDs in a wide, random range. This action makes the IDs more difficult to access by random dialing. See Connect CloudAXIS Instances to an Existing Polycom DMA System and RPAD Server.


Polycom, Inc. 87

Restrict guest users to a subset of your dialing plan. By provisioning a dialing rule for unauthorized calls on your DMA device, you can limit guests to particular dial identifiers or ranges for which you prefer to provide access. For example, the following preliminary script restricts guest users to the dial ID range of 100,000 to 999,999, which could be configured to be the same auto-generation range used by the Services Portal to create temporary VMRs:

// These values should correspond to the min and max room ID settings

// specified in the Services Portal DMA Config Option "Generate VMR

// From Range"

var maxGeneratedRoomId = 100000;

var maxGeneratedRoomId = 999999;

var number = parseInt(DIAL_STRING.replace(/^sip:([^@]*)@?(.*)/i,"$1"));

if (NaN != number && number > minGeneratedRoomId && number < maxGeneratedRoomId){

return;

}

return NEXT_RULE;

Web Info: Configuring dialing scripts on DMA 7000

For more instructions on how to configure preliminary dialing scripts on the DMA device, see the DMA Operations Guide on the Polycom Support web site.

Services Portal Cookies The Services Portal uses the following cookies:

● WSP Application Uses the userToken=0B8A4F41-AF5A-8809-6D34-F583AB7B5D06 and loginUser=admin cookies for requesting secure backend API calls.

● userRole=ROLE_SUPER_ADMIN, ROLE_ADMIN, ROLE_USER Based on the user role, the Services Portal shows different customized user interfaces. For example, only an Admin can see admin-related settings and other details.

● i18next – en-US i18Next library sets this cookie to handle Internalization for the WSP portal.

Experience Portal Cookies The Experience Portal uses the following cookies:

● ManualLogin This session cookie is a Boolean value used by the Experience Portal to determine if a login session was initiated by a user login or by an application integration or single sign-on.


Polycom, Inc. 88

● DisplayName This cookie is the name entered by a user when joining a meeting as an anonymous user, if the Remember Me function is enabled and the user checked the box during login. This cookie lasts for 14 days.

● Address This cookie is the e-mail address entered by a user when joining a meeting as an anonymous user, if the Remember Me function is enabled and the user checked the box during login. This cookie lasts for 14 days.

● Tags This cookie is reserved for future use.

● SSOData This cookie is a base64 encoded blob containing a session token and a username used to permit an enterprise user to re-login if the feature is enabled and the user checked the box at login. This cookie lasts for 14 days. Note that the session token itself will expire independently as dictated by the rules of the system that issued it.

.

Polycom, Inc. 89

Troubleshoot the Services Portal

This section shows you how to resolve issues experienced by end users and how to access your log files for troubleshooting miscellaneous issues.

Portal URL (FQDN) is Unresponsive

Operating the Services Portal requires active nginx and Apache Tomcat services on the server. If the Services Portal URL does not respond when you attempt to open it in a web browser, open the Services Portal login screen and confirm that the nginx server and the Apache server are running.

To confirm that nginx and Apache server are running:

1 Using the vSphere console or by connecting via an SSH client to the Services Portal FQDN, open the Services Portal console.

2 Log in using caxis for both your username and password.

3 View the status by entering one of the following commands:

Enter service nginx status for the nginx status.

Enter services tomcat6 status for the Apache status.

Enter service –status-all for the status on all servers.

4 Start servers if they are not running, and restart them if they are running but you are still having problems with the link:

Start servers:

services nginx start

services tomcat6 start

Restart servers:



User Cannot Create Meetings

If users are unable to create a meeting, confirm the following:

● At least one DMA system is made primary.

● The DMA owner’s user name entered in the Services Portal also exists in the DMA system. For information on how to create a user name for the DMA system, see the Polycom DMA 7000 System Operations Guide on the Polycom Support site.

● The DMA system status is up.

User Cannot Launch the Welcome Screen

The welcome screen displays video options for entering the meeting. If users can create a meeting but cannot launch the welcome screen, confirm that the correct port numbers and DMA system FQDN have


Polycom, Inc. 90

been configured in the Experience Portal. See Connect CloudAXIS Instances to an Existing Polycom DMA System and RPAD Server.

Configured Components Are Not Responding

If all components are correctly configured but not working, reboot the Services Portal server.

Super Admins and Admins Cannot Add an Active Directory User

If Services Portal Admins and Super Admins are unable to add an Active Directory user, confirm that the proper LDAP server is configured with the correct values listed in Configure the Connection to the LDAP Server.

Both the Services Portal and the Experience Portal must be configured to the same time zone and NTP server in order for CloudAXIS Recording to work properly.

To configure the same time zone and NTP server:

1 Access the CLI (see Restricted Shell) on either of the two portals, using caxis as both the Username and Password.

2 Select your time zone by entering the CLI command change_timezone. (See Use Case - Set system date time for details.)

3 Sync your server with the NTP server by entering the CLI command ntpdate. (See Use Case - Quick sync system date-time with a specific NTP server for details.)

4 Repeat steps 1–3 on the other portal.

If the problem persists, contact your IT administrator to confirm that the values are correct.

User Cannot Send E-mail Notifications

If users are unable to send e-mail notifications, confirm that the proper SMTP server is configured with the correct port numbers listed in Set a Connection to the SMTP Server. If the problem persists, contact your IT administrator to confirm that the values are correct.

User Receives “Unable to Create a Conference with a Personal VMR” Message

Confirm that the virtual meeting room exists on the configured DMA system. If it exists, contact Polycom Support.

Also, check the Services Portal configuration to confirm that the administrator username and password account set up for the DMA is authorized as an Active Directory administrator on the DMA. A local administrator cannot see Active Directory users.

User Receives “External Server Not Set” Message

If the user receives the “External Server Not Set” message after selecting Meet Now, confirm that the correct FQDN is entered in the MEA Server text box located on Services Portal’s Server Settings screen. See Configure Portal Settings.

User Receives “Video Resources Are Not Available” Message

This error message appears if the license trial period has ended or when the concurrent license limit is exceeded. Contact your Polycom representative to purchase a license to activate your CloudAXIS Suite or to increase your user capacity.


Polycom, Inc. 91

Obtain Services Portal Log Files

Obtain your Services Portal log files to troubleshoot any issues you might experience. To configure your log level and download your logs, see Manage Logs.

Administrator Cannot Download Logs with Internet Explorer

If an administrator user cannot download logs using Internet Explorer, follow the steps provided on the user interface, and then retry loading the logs.

User Cannot See All the Participants in Roster

If a user cannot see all the participants in the roster, verify that the dial prefixes for the DMA are the same on the Services Portal and Experience Portal.

Polycom, Inc. 92

Enable Social Media Contacts

An administrator can set up the CloudAXIS environment so that users can invite meeting participants from their personal Google Talk and Facebook accounts. Before setting up social policies to accommodate these social media contacts, you must create customized apps for Google Talk and/or Facebook that connect the contacts with the CloudAXIS user environment.

Instructions for creating Google Talk and Facebook apps follow.

Create a Google Talk App To enable access to Google Talk contacts from the Experience Portal, you must create a Google Talk app, select the Google Talk check box in the Services Portal’s Social Connector configuration screen, and enter the app’s Client ID and Client Secret in the respective Social Connector configuration screen text boxes. To access the Services Portal social connector configuration screen, see Enable or Disable Social Policies. To get the Client ID and Client Secret, see step 10 of the following instructions.

Before you begin, set up a neutral account with credentials that can be shared among different persons in your team. Do not use your personal account to create the app. This helps to avoid dependencies on a single person. In case a person currently in charge of the application maintenance leaves the company, the common account credentials can be passed on to the team.

In addition, always maintain one-to-one mapping between the Services Portal server and the application being used.

As you create your Google app, use the Google Developers page as a reference.

Note: IP address change

A change in the server’s IP address does not require that you create a new application, as long as the FQDN points to the changed IP.

To create a Google Talk app:

1 Log into the shared Google account.

2 Open the Google APIs Console page, and select Create Project. The Google APIs page opens with menu options displayed on the left, as shown.

RealPresence® CloudAXIS™ Suite Administrators’ Guide Release 1.5.0

Polycom, Inc. 93

3 From the API Project drop-down menu, choose Create, as shown next.

4 In the Create project dialog, enter a name in the Enter the name for your project text box, and click Create project.

The Google APIs page drop-down menu name should change to the name of your project, as shown next. If the name does not automatically display, click the drop-down arrow and select the name from the Recent Projects list.

5 Click API Access from the list on the left.

6 Click Create an OAuth 2.0 Client ID. The Create Client ID screen displays.

7 Enter the following information:

Product name Enter your product name. Naming with the prefix CloudAXIS_ is recommended.


Polycom, Inc. 94

Product logo Enter the URL to your product logo.

Home Page URL Enter the URL to your home page.

8 Click Next. The Client ID Settings options display.

9 Under Application type, select Web application.

10 In the Your Site or Hostname section, enter the Services Portal’s FQDN.

11 Click Create client ID. The Authorized API Access screen displays, as shown.


Polycom, Inc. 95

Notice the Client ID and Client secret fields; these are both needed for the policy configuration. Note, also, that your client secret is always kept secret.

12 In the Authorized API Access area, click the Edit settings link to display the Edit client settings screen.

13 In the Authorized Redirect URIs text box, enter https://<ServicesPortalFQDN>/wsp/oauth/callback-google

Then click Update.

You are now ready to configure the Google Talk policy on the server. (See Enable or Disable Social Policies.)

Create a Facebook App To enable access to Facebook contacts from the Experience Portal, you must create a Facebook app, select the Facebook check box in the Services Portal’s Social Connector configuration screen, and enter the App ID and App Secret in the respective Social Connector configuration screen text boxes. To access the Services Portal social connector configuration screen, see Enable or Disable Social Policies.

To get the App ID and App Secret, see step 4 in the following instructions.

Before you begin, set up a neutral Facebook developer account with credentials that can be shared among different persons in your team. This helps to avoid dependencies on a single person. If a person currently in charge of the application maintenance leaves the job, the common account credentials can then be passed on to the team.

Do not use your personal Facebook account to create the app. To verify whether your account is a developer account, see the Facebook help page.

Finally, always maintain one-to-one mapping between the Services Portal server and the application being used.

As you create your app, you can use the Facebook Developers page as reference.

Note: IP address change

A change in the server’s IP does not require that you create a new application, as long as the FQDN points to the changed IP.


Polycom, Inc. 96

To create a Facebook app:

1 Log into the shared Facebook account.

2 Open the Facebook Developers page. From the menu at the top of this page, click Apps.

If your Facebook account is not already registered as a developer, you will see an option for Register as a Developer. Select Register as a Developer, complete the registration process, and continue.

3 Select Create New App to open the Create New App dialog.

4 Enter a suitable name in the App Name text box (naming with the prefix CloudAXIS_ is recommended), select an App Category from the drop-down box, and click Continue. A Security Check screen displays.

5 Enter the security text, and click Continue. The App Name box at the top of the next screen displays with the App ID and App Secret, as shown next. Make a note of these for configuring the Services Portal policy.

6 Select Website with Facebook Login, as shown.


Polycom, Inc. 97

7 In the Site URL text box, enter https://<ServicesPortalFQDN>/.

8 Select App on Facebook.

9 Enter the following in the App on Facebook screen:

Canvas URL Enter http://<ServicesPortalFQDN>/

Secure Canvas URL Enter https://<ServicesPortalFQDN>/


Polycom, Inc. 98

10 In the Basic Info options section (shown next), enter the Services Portal FQDN in the App Domains field.

You are now ready to configure the Facebook policy on the server. (See Enable or Disable Social Policies.)

Polycom, Inc. 99

Get Help

Polycom and Partner Resources For more information about installing, configuring, and administering Polycom products, refer to Documents and Downloads at Polycom Support.

To find all Polycom partner solutions, see Polycom Strategic Global Partner Solutions.

For more information on solutions with a specific Polycom partner, see the Strategic Partner Solutions site at Polycom Strategic Global Partner Solutions.

The Polycom Community The Polycom Community gives you access to the latest developer and support information. Participate in discussion forums to share ideas and solve problems with your colleagues. To register with the Polycom Community, simply create a Polycom online account. When logged in, you can access Polycom support personnel and participate in developer and support forums to find the latest information on hardware, software, and partner solutions topics.

Polycom, Inc. 100

DMA Factory Conference Settings Impact

The RealPresence DMA system uses conference templates and global conference settings to manage conference behavior. The following table describes the impact of the DMA system’s factory conference template settings on the CloudAXIS web client operations. For information on setting up a DMA system conference template, see the Polycom DMA 7000 System Operations Guide.

Conference Template Settings Impact

Feature Subfeature Subfeature Description Web Client Behavior

General settings Profile settings Use existing profile N/A

RMX profile name N/A

Conference settings

Conference mode Both AVC and SVC are supported. If AVC only is selected, the CloudAXIS web client operates in AVC (transcoded media) mode.

If SVC only or Mixed AVC and SVC is selected, the CloudAXIS web client will operate in SVC (relayed media) mode.

Cascade for bandwidth Works as documented

Video switching Works as documented

H.264 high profile Works as documented

Resolution Works as documented

Line rate Fixed rate in web client

Audio only Not tested

Advanced settings Encryption Tied to the URL scheme: OFF for http, ON for https

LRP Works as documented

Video quality People video definition Video quality Works as documented

Max resolution Works as documented

Video clarity Works as documented


Polycom, Inc. 101


Auto brightness Works as documented

Content video definition Content settings Works as documented

Content protocol Works as documented

Video settings Presentation mode Works as documented

Send content to legacy endpoints

No Impact

Same layout Works as documented

Lecture view switching Works as documented

Auto layout Works as documented

Layout Works as documented

Telepresence mode Works as documented

Telepresence layout mode

Works as documented

Audio settings Echo suppression Works as documented

Keyboard noise suppression

Works as documented

Audio clarity Works as documented

Skins Works as documented

Conference IVR Override default service Advanced—see the DMA guide

Conference IVR service May require use of DTMF pad in menu

Conference requires chairperson

Users wait in the lobby until the chairperson joins the conference.

Recording Record conference Must be set to Immediately or Upon Request to enable recording

Recording link Must be configured to enable recording

Audio only Works as documented.


Polycom, Inc. 102


Indication of recording Works as documented. Note: If enabled, a recording indication will appear in both the video feed and in the web client GUI.

Polycom, Inc. 103

Restricted Shell

The Polycom CloudAXIS Restricted Shell provides a means for you to log in to CloudAXIS products from either a console or an SSH connection and perform the following operations:

● Execute a limited set of restricted commands

● View log files

● Collect log files as a .tar.gz package

● Change hostname

● Change the caxis password for the user

● Change the time zone of the system

● Change NTP settings

● Regenerate certificates

● Restart services

● View product information (such as version number)

● SCP files (restricted access) to other machines

Use Cases Sample use cases of restrictedshell are described here for reference.

Use Case - Login as caxis via Console or via a SSH Connection

Admin Tip: CLI login

Log in to the CLI using caxis as both your username and password.

Welcome to the Polycom RealPresence CloudAXIS Command Line Interface (CLI).

Type '?' for help

[email protected]: ?

The following commands are supported in the Services Portal and the Experience Portal:

● Cat

● Find

● Grep

● Pwd

● Vi

● regenerate_certificates (supported only in the Services Portal.)


Polycom, Inc. 104

● change_hostname

● collect_logs

● change_network_settings

● change_ntp

● show_network_info

● change_password

● show_product_info

● change_timezone

● ifconfig

● reboot

● service

● scp

● tail

● ntpdate

● cd

● echo

● exit

Use Case - Change system hostname [email protected]: change_hostname

Current System Hostname: localhost.localdomain

Do you want to change the system hostname? [y/n]: y

New System Hostname: polycom-cloudaxis

Hostname changed successfully.

[email protected]:

Use Case - Log collection caxis@polycom-cloudaxis: collect_logs

Log collection completed successfully.

Location of log file: /home/caxis/log/plcm_caxis_logs_2013_03_26_16_59_50.tar.gz

Use Case - Copying the generated logs to a different server caxis@polycom-cloudaxis: scp/home/caxis/log/plcm_caxis_logs_2013_03_26_16_59_50.tar.gz [email protected]:/var/log/cloudaxis_logs

The authenticity of host '10.250.92.60 (10.250.92.60)' can't be established.

RSA key fingerprint is fd:fd:94:17:62:87:37:5f:59:7b:f8:ad:c2:4a:47:40.


Polycom, Inc. 105

Are you sure you want to continue connecting (yes/no)? yes

Warning: Permanently added '10.250.92.60' (RSA) to the list of known hosts.

[email protected]'s password:

plcm_caxis_logs_2013_03_26_16_59_50.tar.gz 100% 155KB 154.7KB/s 00:00

Use Case - Access log files caxis@polycom-cloudaxis: ls -Rm /var/log/

/var/log/:

ActivateSecurity.sh.log, ConsoleKit, K99vm_network_fix.log, S02vm_network_fix.log, anaconda.ifcfg.log, anaconda.log, anaconda.program.log, anaconda.storage.log, anaconda.syslog, anaconda.yum.log, audit,

boot.log, btmp, caxis-edge-service-portal-db-config.pg.log, caxis-edge-service-portal-fts.log, caxis-restricted-shell, caxis-restricted-shell-fts.log, cron, cups, dmesg, dmesg.old, dracut.log, exim, lastlog,

maillog, messages, nginx, ntpstats, pgsql, secure, spooler, tallylog, tomcat6, wtmp

/var/log/caxis-restricted-shell:

caxis-2013_03_26_15_29_01.log, caxis-2013_03_26_16_41_50.log, caxis-2013_03_26_16_55_27.log

/var/log/cups:

/bin/ls: cannot open directory /var/log/exim: Permission denied

/var/log/nginx:

access.log, error.log

/var/log/ntpstats:

/var/log/tomcat6:

catalina.2013-03-26.log, catalina.out, cloudaxis_wsp.log, host-manager.2013-03-26.log, localhost.2013-03-26.log, manager.2013-03-26.log, migration.log, tomcat6-initd.log

Use Case - Change the password of the caxis user caxis@polycom-cloudaxis: change_password

Do you want to change the password for the 'caxis' user? [y/n]: y

New Password (not dispalyed on screen for security):

Changing password for user caxis.

passwd: all authentication tokens updated successfully.

Password for the 'caxis' changed successfully.

Use Case - Configure system NTP settings caxis@polycom-cloudaxis: change_ntp


Polycom, Inc. 106

List of NTP servers configured in the system:

0.centos.pool.ntp.org



Do you want to change the list of NTP servers? [y/n]: y

Specify a space separated list of new NTP servers after the prompt below. Please wait ...

List of new NTP servers: 0.north-america.pool.ntp.org 1.north-america.pool.ntp.org 2.north-america.pool.ntp.org 3.north-america.pool.ntp.org

Checking if the new NTP servers are reachable ...

0.north-america.pool.ntp.org: reachable.




Do you want to continue updating the system NTP configuration? [y/n]: y

Verifying NTP datetime sync with the server in the new list ...

0.north-america.pool.ntp.org: successful.




System NTP configuration updated successfully.

Use Case - Quick sync system date-time with a specific NTP server caxis@polycom-cloudaxis: ntpdate -u 1.oceania.pool.ntp.org

26 Mar 12:47:56 ntpdate[12378]: adjust time server 27.54.95.11 offset 0.020587 sec

Use Case - Show product version caxis@polycom-cloudaxis: show_product_info

Product Version: 1.1.0.46-112007

Use Case – Regenerate certificates caxis@polycom-cloudaxis: regenerate_certificates


Polycom, Inc. 107

Certificate regenerated successfully.

Webserver and associated services should be restarted for the certificates to take effect.

Do you want to restart the webserver? [y/n]: y

Restarting the Webserver. Please wait ...

Stopping tomcat6: [ OK ]

Starting tomcat6: [ OK ]

Stopping nginx: [ OK ]

Starting nginx: [ OK ]

Certificate regenerated and restarted the required services successfully.

Use Case - Change system timezone caxis@polycom-cloudaxis: change_timezone

Current System Timezone: America/Denver

Do you want to change the system timezone? [y/n]: y

Select a timezone from the list below and specify the number listed within the [].

Press the Return key to display the list ..

Pressing the return key will display a sorted list of time-zones (paginated) to choose from.

[1]: Africa

[2]: Africa/Abidjan

[3]: Africa/Accra

[4]: Africa/Addis_Ababa

[5]: Africa/Algiers

[6]: Africa/Asmara

[7]: Africa/Asmera

[8]: Africa/Bamako

[9]: Africa/Bangui

[10]: Africa/Banjul

[11]: Africa/Bissau

[12]: Africa/Blantyre

--More--

[..truncated to conserve space on the wiki page..]

--More--

[590]: US/Central

[591]: US/Eastern

[592]: US/East-Indiana

[593]: US/Hawaii

[594]: US/Indiana-Starke


Polycom, Inc. 108

[595]: US/Michigan

[596]: US/Mountain

[597]: US/Pacific

[598]: US/Samoa

[599]: UTC

[600]: WET

[601]: W-SU

[602]: Zulu

Choose a timezone (specify the number within []): 590

Timezone updated successfully.

Use Case - Restart services caxis@polycom-cloudaxis: service tomcat6 restart

Stopping tomcat6: [ OK ]

Starting tomcat6: [ OK ]

Use Case - Set system date time caxis@localhost: change_system_datetime

Current System Date and Time: Mon Jun 24 20:27:27 UTC 2013

Do you want to change the system Date and Time? [y/n]: y

Note: Timezone of the system will not be changed. Use 'change_timezone' command to change the system timezone.

New System Date Time (format: Mon Jun 24 20:27:30 UTC 2013): Mon Jun 17 20:27:27 UTC 2013

System date and time set to '' successfully.

caxis@localhost: change_system_datetime


Do you want to change the system Date and Time? [y/n]: n

caxis@localhost: change_system_datetime


Do you want to change the system Date and Time? [y/n]: y

Note: Timezone of the system will not be changed. Use 'change_timezone' command to change the system timezone.

New System Date Time (format: Mon Jun 17 20:27:47 UTC 2013):

Cannot apply empty date and time value.

Please specify new system date and time using the format: Mon Jun 17 20:27:47 UTC 2013 and try again.

caxis@localhost:


Polycom, Inc. 109

Use Case - View system network information [email protected]: show_network_info

System Network Settings:

DHCP Status="Enabled"

HOSTNAME="localhost.localdomain"

IPv4="10.250.88.117"

SUBNET_MASK="255.255.252.0"

DEFAULT_GATEWAY="10.250.88.1"

DEVICE="eth0"

BOOTPROTO="dhcp"

NM_CONTROLLED="yes"

ONBOOT="yes"

TYPE="Ethernet"

DNS Information:

DOMAIN="polycom.com"

DNS Servers:

172.21.6.161

172.21.5.204

Use Case - System network configuration is already set to use DHCP caxis@polycom-cloudaxis: change_network_settings



HOSTNAME="polycom-cloudaxis"

IPv4="10.250.88.107"

SUBNET_MASK="255.255.252.0"


DEVICE="eth0"

BOOTPROTO="dhcp"

NM_CONTROLLED="yes"

ONBOOT="yes"

TYPE="Ethernet"

DNS Information:


DNS Servers:


Polycom, Inc. 110

172.21.6.161

172.21.5.204

Do you want to disable DHCP and configure static network settings? [y/n]: n

Do you want to change the DNS settings of the system? [y/n]: n

Use Case - Enable DHCP in a machine where DHCP is not enabled [email protected]: change_network_settings


DHCP Status="Not Enabled"


IPv4="10.250.88.109"

SUBNET_MASK="255.255.255.0"


DEVICE="eth0"

BOOTPROTO="static"

NM_CONTROLLED="yes"

ONBOOT="yes"

TYPE="Ethernet"

IPADDR=10.250.88.109

NETMASK=255.255.255.0

DNS Information:


DNS Servers:

172.21.6.161

172.21.5.204

Do you want to enable DHCP? [y/n]: y

DHCP enabled successfully.

Do you want to change the DNS settings of the system? [y/n]: n

Do you want to restart network for the network settings changes to take effect? [y/n]: n

Use Case - Configure static IP address in a system where DHCP is in an enabled state [email protected]: change_network_settings


Polycom, Inc. 111




IPv4="10.250.88.109"

SUBNET_MASK="255.255.255.0"


DEVICE="eth0"

BOOTPROTO="dhcp"

NM_CONTROLLED="yes"

ONBOOT="yes"

TYPE="Ethernet"

DNS Information:

DOMAIN=""

DNS Servers:

Do you want to disable DHCP and configure static network settings? [y/n]: y

Static IP Address: 10.250.88.107

Static Subnet Mask Address: 255.255.255.0

Gateway Address: 10.250.88.1

DHCP is disabled and static network settings configured successfully.

Do you want to change the DNS settings of the system? [y/n]: y

Search Domain: polycom.com

Primary DNS Address: 172.21.6.161

Secondary DNS Address: 172.21.5.204

Do you prefer to configure the Tertiary DNS Address? [y/n]: n

Updating the DNS setting in the system. Please wait ...

DNS configuration updated successfully.

Do you want to restart network for the network settings changes to take effect? [y/n]: y

Note: You may lose connectivity if you are logged in via a SSH connection and if the IP address of the system changes as part of network restart.

Restarting network interface for the DHCP changes to take effect.

You may experience intermittent connectivity failure while the system network interface is being restarted ...

Shutting down interface eth0:

-- Network Connectivity to 10.250.88.109 is lost here as the new IP address would have come to effect --


Polycom, Inc. 112

-- Connecting to new IP - 10.250.88.107 - via a SSH connection --

ssh 10.250.88.107 -l caxis



Welcome to the Polycom RealPresence CloudAxis Command Line Interface

Type '?' for help

[email protected]: show_network_info



IPv4="10.250.88.107"

SUBNET_MASK="255.255.255.0"


DEVICE="eth0"

BOOTPROTO="static"

NM_CONTROLLED="yes"

ONBOOT="yes"

TYPE="Ethernet"

IPADDR=10.250.88.107

NETMASK=255.255.255.0

DNS Information:


DNS Servers:

172.21.6.161

172.21.5.204

Use Case - Configure static IP address in a system where DHCP is in a disabled state [email protected]: change_network_settings




IPv4="10.250.88.109"

SUBNET_MASK="255.255.255.0"



Polycom, Inc. 113

DEVICE="eth0"

BOOTPROTO="static"

NM_CONTROLLED="yes"

ONBOOT="yes"

TYPE="Ethernet"

DNS Information:

DOMAIN=""

DNS Servers:

Do you want to enable DHCP? [y/n]: n

Do you want to update the static network settings? [y/n]: y



















ssh 10.250.88.107 -l caxis




Polycom, Inc. 114


Type '?' for help




IPv4="10.250.88.107"

SUBNET_MASK="255.255.255.0"


DEVICE="eth0"

BOOTPROTO="static"

NM_CONTROLLED="yes"

ONBOOT="yes"

TYPE="Ethernet"

IPADDR=10.250.88.107

NETMASK=255.255.255.0

DNS Information:


DNS Servers:

172.21.6.161

172.21.5.204

Use Case - Configure static IP address in a system where DHCP is in a disabled state with the currently assigned IP address [email protected]: change_network_settings




IPv4="10.250.88.109"

SUBNET_MASK="255.255.255.0"


DEVICE="eth0"

BOOTPROTO="static"

NM_CONTROLLED="yes"

ONBOOT="yes"


Polycom, Inc. 115

TYPE="Ethernet"

DNS Information:

DOMAIN=""

DNS Servers:

Do you want to enable DHCP? [y/n]: n

Do you want to update the static network settings? [y/n]: y


10.250.88.109 is pingable. Not recommended for use as it may cause a conflict.

Do you still prefer to use the same IP? [y/n]: n

Please use an unused IP. Network settings are partially configured. Please try again.


10.250.88.109 is pingable. Not recommended for use as it may cause a conflict.

Do you still prefer to use the same IP? [y/n]: y


















Polycom, Inc. 116


ssh 10.250.88.109 -l caxis




Type '?' for help




IPv4="10.250.88.109"

SUBNET_MASK="255.255.255.0"


DEVICE="eth0"

BOOTPROTO="static"

NM_CONTROLLED="yes"

ONBOOT="yes"

TYPE="Ethernet"

IPADDR=10.250.88.107

NETMASK=255.255.255.0

DNS Information:


DNS Servers:

172.21.6.161

172.21.5.204

Use Case - Attempt to configure manual DNS settings while DHCP is enabled in the system caxis@polycom-cloudaxis: change_network_settings




IPv4="10.250.88.107"

SUBNET_MASK="255.255.252.0"


DEVICE="eth0"


Polycom, Inc. 117

BOOTPROTO="dhcp"

NM_CONTROLLED="yes"

ONBOOT="yes"

TYPE="Ethernet"

DNS Information:


DNS Servers:

172.21.6.161

172.21.5.204

Do you want to disable DHCP and configure static network settings? [y/n]: n


Found that DHCP is enabled in the system. The DHCP client may overwrite your changes during network restart or system reboot.

Changing system DNS configuration change is not supported in this stage. Please 'disable' DHCP and try again.

Use Case - Use invalid network values [root@polycom-cloudaxis caxis]# bash /opt/polycom/caxis/restrictedshell/utils/network/change_network_settings --logfile /tmp/log




IPv4="10.250.88.107"

SUBNET_MASK="255.255.252.0"


DEVICE="eth0"

BOOTPROTO="dhcp"

NM_CONTROLLED="yes"

ONBOOT="yes"

TYPE="Ethernet"

DNS Information:


DNS Servers:

172.21.6.161

172.21.5.204


Polycom, Inc. 118



Invalid IP address - 1234.5.6.7. Please specify a valid one.



Invalid Subnet Mask Address - 700.800.900.0. Please specify a valid one.





You may experience intermittent connectivity failure while the system network inteface is being restarted ...


-- Connectivity will be lost here if you are using the machine via a SSH connection as the IP address would have changed --

Use Case - Use an IP that is already assigned to a machine in the same network [email protected]: change_network_settings




IPv4="10.250.88.117"

SUBNET_MASK="255.255.252.0"


DEVICE="eth0"

BOOTPROTO="dhcp"

NM_CONTROLLED="yes"

ONBOOT="yes"

TYPE="Ethernet"

DNS Information:


DNS Servers:

172.21.6.161

172.21.5.204


Polycom, Inc. 119



10.250.88.117 is pingable. Cannot use it as it would may cause conflicts. Please use a non-used IP. Network settings are partially configured. Please try again.


....

Use Case - Reboot system caxis@polycom-cloudaxis: reboot

Broadcast message from root@polycom-cloudaxis

(/dev/pts/0) at 12:50 ...

The system is going down for reboot NOW!

Use Case - Exit restricted shell caxis@polycom-cloudaxis: exit

Use Case - Login timeout [email protected]:

Timeout. Logging off user.

Polycom, Inc. 120

Third-Party Software

Following are the copyright statements for third-party software products that have been incorporated into the Polycom RealPresence CloudAXIS Suite application distribution.

The following licenses are displayed in this section.

● CentOS (www.centos.org)

● nginx

● Node js

CentOS

GNU GENERAL PUBLIC LICENSE

Version 2, June 1991

Copyright (C) 1989, 1991 Free Software Foundation, Inc.

51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA

Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed.

Preamble

The licenses for most software are designed to take away your freedom to share and change it. By contrast, the GNU General Public License is intended to guarantee your freedom to share and change free software--to make sure the software is free for all its users. This General Public License applies to most of the Free Software Foundation's software and to any other program whose authors commit to using it. (Some other Free Software Foundation software is covered by the GNU Lesser General Public License instead.) You can apply it to your programs, too.

When we speak of free software, we are referring to freedom, not price. Our General Public Licenses are designed to make sure that you have the freedom to distribute copies of free software (and charge for this service if you wish), that you receive source code or can get it if you want it, that you can change the software or use pieces of it in new free programs; and that you know you can do these things.

To protect your rights, we need to make restrictions that forbid anyone to deny you these rights or to ask you to surrender the rights. These restrictions translate to certain responsibilities for you if you distribute copies of the software, or if you modify it.

For example, if you distribute copies of such a program, whether gratis or for a fee, you must give the recipients all the rights that you have. You must make sure that they, too, receive or can get the source code. And you must show them these terms so they know their rights.

We protect your rights with two steps: (1) copyright the software, and (2) offer you this license which gives you legal permission to copy, distribute and/or modify the software.

Also, for each author's protection and ours, we want to make certain that everyone understands that there is no warranty for this free software. If the software is modified by someone else and passed on, we want its recipients to know that what they have is not the original, so that any problems introduced by others will not reflect on the original authors' reputations.

Finally, any free program is threatened constantly by software patents. We wish to avoid the danger that redistributors of a free program will individually obtain patent licenses, in effect making the program proprietary. To prevent this, we have made it clear that any patent must be licensed for everyone's free use or not licensed at all.

The precise terms and conditions for copying, distribution and modification follow.

TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION

0. This License applies to any program or other work which contains a notice placed by the copyright holder saying it may be distributed under the terms of this General Public License. The "Program", below, refers to any such program or work, and a "work based on the Program" means either the Program or any derivative work under copyright law: that is to say, a work containing the Program or a portion of it, either verbatim or with modifications and/or translated into another language. (Hereinafter, translation is included without limitation in the term "modification".) Each licensee is addressed as "you".

Activities other than copying, distribution and modification are not covered by this License; they are outside its scope. The act of running the Program is not restricted, and the output from the Program is covered only if its contents


Polycom, Inc. 121

constitute a work based on the Program (independent of having been made by running the Program). Whether that is true depends on what the Program does.

1. You may copy and distribute verbatim copies of the Program's source code as you receive it, in any medium, provided that you conspicuously and appropriately publish on each copy an appropriate copyright notice and disclaimer of warranty; keep intact all the notices that refer to this License and to the absence of any warranty; and give any other recipients of the Program a copy of this License along with the Program.

You may charge a fee for the physical act of transferring a copy, and you may at your option offer warranty protection in exchange for a fee.

2. You may modify your copy or copies of the Program or any portion of it, thus forming a work based on the Program, and copy and distribute such modifications or work under the terms of Section 1 above, provided that you also meet all of these conditions:

a) You must cause the modified files to carry prominent notices stating that you changed the files and the date of any change.

b) You must cause any work that you distribute or publish, that in whole or in part contains or is derived from the Program or any part thereof, to be licensed as a whole at no charge to all third parties under the terms of this License.

c) If the modified program normally reads commands interactively when run, you must cause it, when started running for such interactive use in the most ordinary way, to print or display an announcement including an appropriate copyright notice and a notice that there is no warranty (or else, saying that you provide a warranty) and that users may redistribute the program under these conditions, and telling the user how to view a copy of this License. (Exception: if the Program itself is interactive but does not normally print such an announcement, your work based on the Program is not required to print an announcement.)

These requirements apply to the modified work as a whole. If identifiable sections of that work are not derived from the Program, and can be reasonably considered independent and separate works in themselves, then this License, and its terms, do not apply to those sections when you distribute them as separate works. But when you distribute the same sections as part of a whole which is a work based on the Program, the distribution of the whole must be on the terms of this License, whose permissions for other licensees extend to the entire whole, and thus to each and every part regardless of who wrote it.

Thus, it is not the intent of this section to claim rights or contest your rights to work written entirely by you; rather, the intent is to exercise the right to control the distribution of derivative or collective works based on the Program.

In addition, mere aggregation of another work not based on the Program with the Program (or with a work based on the Program) on a volume of a storage or distribution medium does not bring the other work under the scope of this License.

3. You may copy and distribute the Program (or a work based on it, under Section 2) in object code or executable form under the terms of Sections 1 and 2 above provided that you also do one of the following:

a) Accompany it with the complete corresponding machine-readable source code, which must be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange; or,

b) Accompany it with a written offer, valid for at least three years, to give any third party, for a charge no more than your cost of physically performing source distribution, a complete machine-readable copy of the corresponding source code, to be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange; or,

c) Accompany it with the information you received as to the offer to distribute corresponding source code. (This alternative is allowed only for noncommercial distribution and only if you received the program in object code or executable form with such an offer, in accord with Subsection b above.)

The source code for a work means the preferred form of the work for making modifications to it. For an executable work, complete source code means all the source code for all modules it contains, plus any associated interface definition files, plus the scripts used to control compilation and installation of the executable. However, as a special exception, the source code distributed need not include anything that is normally distributed (in either source or binary form) with the major components (compiler, kernel, and so on) of the operating system on which the executable runs, unless that component itself accompanies the executable.

If distribution of executable or object code is made by offering access to copy from a designated place, then offering equivalent access to copy the source code from the same place counts as distribution of the source code, even though third parties are not compelled to copy the source along with the object code.

4. You may not copy, modify, sublicense, or distribute the Program except as expressly provided under this License. Any attempt otherwise to copy, modify, sublicense or distribute the Program is void, and will automatically terminate your rights under this License. However, parties who have received copies, or rights, from you under this License will not have their licenses terminated so long as such parties remain in full compliance.


Polycom, Inc. 122

5. You are not required to accept this License, since you have not signed it. However, nothing else grants you permission to modify or distribute the Program or its derivative works. These actions are prohibited by law if you do not accept this License. Therefore, by modifying or distributing the Program (or any work based on the Program), you indicate your acceptance of this License to do so, and all its terms and conditions for copying, distributing or modifying the Program or works based on it.

6. Each time you redistribute the Program (or any work based on the Program), the recipient automatically receives a license from the original licensor to copy, distribute or modify the Program subject to these terms and conditions. You may not impose any further restrictions on the recipients' exercise of the rights granted herein. You are not responsible for enforcing compliance by third parties to this License.

7. If, as a consequence of a court judgment or allegation of patent infringement or for any other reason (not limited to patent issues), conditions are imposed on you (whether by court order, agreement or otherwise) that contradict the conditions of this License, they do not excuse you from the conditions of this License. If you cannot distribute so as to satisfy simultaneously your obligations under this License and any other pertinent obligations, then as a consequence you may not distribute the Program at all. For example, if a patent license would not permit royalty-free redistribution of the Program by all those who receive copies directly or indirectly through you, then the only way you could satisfy both it and this License would be to refrain entirely from distribution of the Program.

If any portion of this section is held invalid or unenforceable under any particular circumstance, the balance of the section is intended to apply and the section as a whole is intended to apply in other circumstances.

It is not the purpose of this section to induce you to infringe any patents or other property right claims or to contest validity of any such claims; this section has the sole purpose of protecting the integrity of the free software distribution system, which is implemented by public license practices. Many people have made generous contributions to the wide range of software distributed through that system in reliance on consistent application of that system; it is up to the author/donor to decide if he or she is willing to distribute software through any other system and a licensee cannot impose that choice.

This section is intended to make thoroughly clear what is believed to be a consequence of the rest of this License.

8. If the distribution and/or use of the Program is restricted in certain countries either by patents or by copyrighted interfaces, the original copyright holder who places the Program under this License may add an explicit geographical distribution limitation excluding those countries, so that distribution is permitted only in or among countries not thus excluded. In such case, this License incorporates the limitation as if written in the body of this License.

9. The Free Software Foundation may publish revised and/or new versions of the General Public License from time to time. Such new versions will be similar in spirit to the present version, but may differ in detail to address new problems or concerns.

Each version is given a distinguishing version number. If the Program specifies a version number of this License which applies to it and "any later version", you have the option of following the terms and conditions either of that version or of any later version published by the Free Software Foundation. If the Program does not specify a version number of this License, you may choose any version ever published by the Free Software Foundation.

10. If you wish to incorporate parts of the Program into other free programs whose distribution conditions are different, write to the author to ask for permission. For software which is copyrighted by the Free Software Foundation, write to the Free Software Foundation; we sometimes make exceptions for this. Our decision will be guided by the two goals of preserving the free status of all derivatives of our free software and of promoting the sharing and reuse of software generally.

NO WARRANTY

11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION.

12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

END OF TERMS AND CONDITIONS


Polycom, Inc. 123

How to Apply These Terms to Your New Programs

If you develop a new program, and you want it to be of the greatest possible use to the public, the best way to achieve this is to make it free software which everyone can redistribute and change under these terms.

To do so, attach the following notices to the program. It is safest to attach them to the start of each source file to most effectively convey the exclusion of warranty; and each file should have at least the "copyright" line and a pointer to where the full notice is found.

One line to give the program's name and an idea of what it does.

Copyright (C) yyyy name of author

This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.

This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.

You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.

Also add information on how to contact you by electronic and paper mail. If the program is interactive, make it output a short notice like this when it starts in an interactive mode:

Gnomovision version 69, Copyright (C) year name of author

Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'. This is free software, and you are welcome to redistribute it under certain conditions; type `show c' for details.

The hypothetical commands `show w' and `show c' should show the appropriate parts of the General Public License. Of course, the commands you use may be called something other than `show w' and `show c'; they could even be mouse-clicks or menu items--whatever suits your program.

You should also get your employer (if you work as a programmer) or your school, if any, to sign a "copyright disclaimer" for the program, if necessary. Here is a sample; alter the names:

Yoyodyne, Inc., hereby disclaims all copyright interest in the program Gnomovision (which makes passes at compilers) written by James Hacker.

signature of Ty Coon, 1 April 1989

Ty Coon, President of Vice

This General Public License does not permit incorporating your program into proprietary programs. If your program is a subroutine library, you may consider it more useful to permit linking proprietary applications with the library. If this is what you want to do, use the GNU Lesser General Public License instead of this License.

nginx

Copyright Joyent, Inc. and other Node contributors. All rights reserved.

Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:

The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.

THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

====

This license applies to all parts of Node that are not externally maintained libraries. The externally maintained libraries used by Node are:

- V8, located at deps/v8. V8's license follows:

This license applies to all parts of V8 that are not externally maintained libraries. The externally maintained libraries used by V8 are:


Polycom, Inc. 124

- PCRE test suite, located in test/mjsunit/third_party/regexp-pcre.js. This is based on the test suite from PCRE-7.3, which is copyrighted by the University of Cambridge and Google, Inc. The copyright notice and license are embedded in regexp-pcre.js.

- Layout tests, located in test/mjsunit/third_party. These are based on layout tests from webkit.org which are copyrighted by Apple Computer, Inc. and released under a 3-clause BSD license.

- Strongtalk assembler, the basis of the files assembler-arm-inl.h, assembler-arm.cc, assembler-arm.h, assembler-ia32-inl.h, assembler-ia32.cc, assembler-ia32.h, assembler-x64-inl.h, assembler-x64.cc, assembler-x64.h, assembler-mips-inl.h, assembler-mips.cc, assembler-mips.h, assembler.cc and assembler.h.

This code is copyrighted by Sun Microsystems Inc. and released under a 3-clause BSD license.

- Valgrind client API header, located at third_party/valgrind/valgrind.h

This is release under the BSD license.

These libraries have their own licenses; we recommend you read them, as their terms may differ from the terms below.

Copyright 2006-2012, the V8 project authors. All rights reserved.

Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:

* Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.

* Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.

* Neither the name of Google Inc. nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission.

THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

- C-Ares, an asynchronous DNS client, located at deps/cares. C-Ares license follows:

Copyright 1998 by the Massachusetts Institute of Technology.

Permission to use, copy, modify, and distribute this software and its documentation for any purpose and without fee is hereby granted, provided that the above copyright notice appear in all copies and that both that copyright notice and this permission notice appear in supporting documentation, and that the name of M.I.T. not be used in advertising or publicity pertaining to distribution of the software without specific, written prior permission.

M.I.T. makes no representations about the suitability of this software for any purpose. It is provided "as is "without express or implied warranty.

- OpenSSL located at deps/openssl. OpenSSL is cryptographic software writtenby Eric Young ([email protected]) to provide SSL/TLS encryption. OpenSSL's license follows:

====================================================================

Copyright (c) 1998-2011 The OpenSSL Project. All rights reserved.


1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.

2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.


Polycom, Inc. 125

3. All advertising materials mentioning features or use of this software must display the following acknowledgment: This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit. (http://www.openssl.org/)"

4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to endorse or promote products derived from this software without prior written permission. For written permission, please contact [email protected].

5. Products derived from this software may not be called "OpenSSL" nor may "OpenSSL" appear in their names without prior written permission of the OpenSSL Project.

6. Redistributions of any form whatsoever must retain the following acknowledgment:

This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://www.openssl.org/)"

THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT `ÀS IS'' AND ANY EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

====================================================================

This product includes cryptographic software written by Eric Young ([email protected]).

This product includes software written by Tim Hudson ([email protected]).

HTTP Parser, located at deps/http_parser. HTTP Parser's license follows:

http_parser.c is based on src/http/ngx_http_parse.c from NGINX copyright Igor Sysoev.

Additional changes are licensed under the same terms as NGINX and copyright Joyent, Inc. and other Node contributors. All rights reserved. Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:



- Closure Linter is located at tools/closure_linter. Closure's license follows:

Copyright (c) 2007, Google Inc.

All rights reserved.





THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY


Polycom, Inc. 126

DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

- tools/cpplint.py is a C++ linter. Its license follows:

Copyright (c) 2009 Google Inc. All rights reserved.






- lib/punycode.js is copyright 2011 Mathias Bynens http://mathiasbynens.be/ and released under the MIT license.

* Punycode.js <http://mths.be/punycode>

* Copyright 2011 Mathias Bynens <http://mathiasbynens.be/>

* Available under MIT license <http://mths.be/mit>

- tools/gyp. GYP is a meta-build system. GYP's license follows:






THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.


Polycom, Inc. 127

- Zlib at deps/zlib. zlib's license follows:

zlib.h -- interface of the 'zlib' general purpose compression library

version 1.2.4, March 14th, 2010

Copyright (C) 1995-2010 Jean-loup Gailly and Mark Adler

This software is provided 'as-is', without any express or implied warranty In no event will the authors be held liable for any damages arising from the use of this software.

Permission is granted to anyone to use this software for any purpose, including commercial applications, and to alter it and redistribute it freely, subject to the following restrictions:

1. The origin of this software must not be misrepresented; you must not claim that you wrote the original software. If you use this software in a product, an acknowledgment in the product documentation would be appreciated but is not required.

2. Altered source versions must be plainly marked as such, and must not be misrepresented as being the original software.

3. This notice may not be removed or altered from any source distribution.

Jean-loup Gailly

Mark Adler

- npm is a package manager program located at deps/npm.

npm's license follows:

Copyright 2009-2012, Isaac Z. Schlueter (the "Original Author")


MIT +no-false-attribs License


The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. Distributions of all or part of the Software intended to be used by the recipients as they would use the unmodified Software, containing modifications that substantially alter, remove, or disable functionality of the Software, outside of the documented configuration mechanisms provided by the Software, shall be modified such that the Original Author's bug reporting e-mail addresses and urls are either replaced with the contact information of the parties responsible for the changes, or removed entirely.


Except where noted, this license applies to any and all software programs and associated documentation files created by the Original Author, when distributed with the Software.

"Node.js" and "node" trademark Joyent, Inc. npm is not officially part of the Node.js project, and is neither owned by nor officially affiliated with Joyent, Inc.

Packages published in the npm registry are not part of npm itself, are the sole property of their respective maintainers, and are not covered by this license.

"npm Logo" created by Mathias Pettersson and Brian Hammond, used with permission.

"Gubblebum Blocky" font

Copyright (c) 2007 by Tjarda Koster, http://jelloween.deviantart.com included for use in the npm website and documentation, used with permission.

This program uses "node-uuid", Copyright (c) 2010 Robert Kieffer, according to the terms of the MIT license.

This program uses "request", Copyright (c) 2011 Mikeal Rogers, according to the terms of the Apache license.

This program uses "mkdirp", Copyright (c) 2010 James Halliday, according to the terms of the MIT/X11 license.


Polycom, Inc. 128

- tools/doc/node_modules/marked. Marked is a Markdown parser. Marked's license follows:

Copyright (c) 2011-2012, Christopher Jeffrey (https://github.com/chjj/)




- test/gc/node_modules/weak. Node-weak is a node.js addon that provides garbage collector notifications. Node-weak's license follows:

Copyright (c) 2011, Ben Noordhuis <[email protected]>

Permission to use, copy, modify, and/or distribute this software for any purpose with or without fee is hereby granted, provided that the above copyright notice and this permission notice appear in all copies.

THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.

- src/ngx-queue.h. ngx-queue.h is taken from the nginx source tree. nginx's license follows:

Copyright (C) 2002-2012 Igor Sysoev

Copyright (C) 2011,2012 Nginx, Inc.




THIS SOFTWARE IS PROVIDED BY AUTHOR AND CONTRIBUTORS `ÀS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL AUTHOR OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

- wrk is located at tools/wrk. wrk's license follows:

Apache License

Version 2.0, January 2004


Polycom, Inc. 129

http://www.apache.org/licenses/

TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION

1. Definitions.

"License" shall mean the terms and conditions for use, reproduction, and distribution as defined by Sections 1 through 9 of this document.

"Licensor" shall mean the copyright owner or entity authorized by the copyright owner that is granting the License.

"Legal Entity" shall mean the union of the acting entity and all other entities that control, are controlled by, or are under common control with that entity. For the purposes of this definition, "control" means (i) the power, direct or indirect, to cause the direction or management of such entity, whether by contract or otherwise, or (ii) ownership of fifty percent (50%) or more of the outstanding shares, or (iii) beneficial ownership of such entity.

"You" (or "Your") shall mean an individual or Legal Entity exercising permissions granted by this License.

"Source" form shall mean the preferred form for making modifications, including but not limited to software source code, documentation source, and configuration files.

"Object" form shall mean any form resulting from mechanical transformation or translation of a Source form, including but not limited to compiled object code, generated documentation, and conversions to other media types.

"Work" shall mean the work of authorship, whether in Source or Object form, made available under the License, as indicated by a copyright notice that is included in or attached to the work (an example is provided in the Appendix below).

"Derivative Works" shall mean any work, whether in Source or Object form, that is based on (or derived from) the Work and for which the editorial revisions, annotations, elaborations, or other modifications represent, as a whole, an original work of authorship. For the purposes of this License, Derivative Works shall not include works that remain separable from, or merely link (or bind by name) to the interfaces of, the Work and Derivative Works thereof.

"Contribution" shall mean any work of authorship, including the original version of the Work and any modifications or additions to that Work or Derivative Works thereof, that is intentionally submitted to Licensor for inclusion in the Work by the copyright owner or by an individual or Legal Entity authorized to submit on behalf of the copyright owner. For the purposes of this definition, "submitted" means any form of electronic, verbal, or written communication sent to the Licensor or its representatives, including but not limited to communication on electronic mailing lists, source code control systems, and issue tracking systems that are managed by, or on behalf of, the Licensor for the purpose of discussing and improving the Work, but excluding communication that is conspicuously marked or otherwise designated in writing by the copyright owner as "Not a Contribution."

"Contributor" shall mean Licensor and any individual or Legal Entity on behalf of whom a Contribution has been received by Licensor and subsequently incorporated within the Work.

2. Grant of Copyright License.

Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare Derivative Works of, publicly display, publicly perform, sublicense, and distribute the Work and such Derivative Works in Source or Object form.

3. Grant of Patent License.

Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable (except as stated in this section) patent license to make, have made, use, offer to sell, sell, import, and otherwise transfer the Work, where such license applies only to those patent claims licensable by such Contributor that are necessarily infringed by their Contribution(s) alone or by combination of their Contribution(s) with the Work to which such Contribution(s) was submitted. If You institute patent litigation against any entity (including a cross-claim or counterclaim in a lawsuit) alleging that the Work or a Contribution incorporated within the Work constitutes direct or contributory patent infringement, then any patent licenses granted to You under this License for that Work shall terminate as of the date such litigation is filed.

4. Redistribution.

You may reproduce and distribute copies of the Work or Derivative Works thereof in any medium, with or without modifications, and in Source or Object form, provided that You meet the following conditions:

(a) You must give any other recipients of the Work or Derivative Works a copy of this License; and

(b) You must cause any modified files to carry prominent notices stating that You changed the files; and

(c) You must retain, in the Source form of any Derivative Works that You distribute, all copyright, patent, trademark, and attribution notices from the Source form of the Work, excluding those notices that do not pertain to any part of the Derivative Works; and

(d) If the Work includes a "NOTICE" text file as part of its distribution, then any Derivative Works that You distribute must include a readable copy of the attribution notices contained within such NOTICE file, excluding those notices


Polycom, Inc. 130

that do not pertain to any part of the Derivative Works, in at least one of the following places: within a NOTICE text file distributed as part of the Derivative Works; within the Source form or documentation, if provided along with the Derivative Works; or, within a display generated by the Derivative Works, if and wherever such third-party notices normally appear. The contents of the NOTICE file are for informational purposes only and do not modify the License. You may add Your own attribution notices within Derivative Works that You distribute, alongside or as an addendum to the NOTICE text from the Work, provided that such additional attribution notices cannot be construed as modifying the License.

You may add Your own copyright statement to Your modifications and may provide additional or different license terms and conditions for use, reproduction, or distribution of Your modifications, or for any such Derivative Works as a whole, provided Your use, reproduction, and distribution of the Work otherwise complies with the conditions stated in this License.

5. Submission of Contributions.

Unless You explicitly state otherwise, any Contribution intentionally submitted for inclusion in the Work by You to the Licensor shall be under the terms and conditions of this License, without any additional terms or conditions. Notwithstanding the above, nothing herein shall supersede or modify the terms of any separate license agreement you may have executed with Licensor regarding such Contributions.

6. Trademarks.

This License does not grant permission to use the trade names, trademarks, service marks, or product names of the Licensor, except as required for reasonable and customary use in describing the origin of the Work and reproducing the content of the NOTICE file.

7. Disclaimer of Warranty.

Unless required by applicable law or agreed to in writing, Licensor provides the Work (and each Contributor provides its Contributions) on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied, including, without limitation, any warranties or conditions of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A PARTICULAR PURPOSE. You are solely responsible for determining the appropriateness of using or redistributing the Work and assume any risks associated with Your exercise of permissions under this License.

8. Limitation of Liability.

In no event and under no legal theory, whether in tort (including negligence), contract, or otherwise, unless required by applicable law (such as deliberate and grossly negligent acts) or agreed to in writing, shall any Contributor be liable to You for damages, including any direct, indirect, special, incidental, or consequential damages of any character arising as a result of this License or out of the use or inability to use the Work (including but not limited to damages for loss of goodwill, work stoppage, computer failure or malfunction, or any and all other commercial damages or losses), even if such Contributor has been advised of the possibility of such damages.

9. Accepting Warranty or Additional Liability

While redistributing the Work or Derivative Works thereof, You may choose to offer, and charge a fee for, acceptance of support, warranty, indemnity, or other liability obligations and/or rights consistent with this License. However, in accepting such obligations, You may act only on Your own behalf and on Your sole responsibility, not on behalf of any other Contributor, and only if You agree to indemnify, defend, and hold each Contributor harmless for any liability incurred by, or claims asserted against, such Contributor by reason of your accepting any such warranty or additional liability.

END OF TERMS AND CONDITIONS

Node js

Copyright Joyent, Inc. and other Node contributors. All rights reserved.





Polycom, Inc. 131

====

This license applies to all parts of Node that are not externally maintained libraries. The externally maintained libraries used by Node are:

- V8, located at deps/v8. V8's license follows:

This license applies to all parts of V8 that are not externally maintained libraries.The externally maintained libraries used by V8 are:

- PCRE test suite, located in test/mjsunit/third_party/regexp-pcre.js.This is based on the test suite from PCRE-7.3, which is copyrighted by the University of Cambridge and Google, Inc.The copyright notice and license are embedded in regexp-pcre.js.

- Layout tests, located in test/mjsunit/third_party.These are based on layout tests from webkit.org which are copyrighted by Apple Computer, Inc. and released under a 3-clause BSD license.

- Strongtalk assembler, the basis of the files assembler-arm-inl.h, assembler-arm.cc, assembler-arm.h, assembler-ia32-inl.h, assembler-ia32.cc, assembler-ia32.h, assembler-x64-inl.h,assembler-x64.cc, assembler-x64.h,

assembler-mips-inl.h, assembler-mips.cc, assembler-mips.h, assembler.cc and assembler.h.

This code is copyrighted by Sun Microsystems Inc. and released under a 3-clause BSD license.

- Valgrind client API header, located at third_party/valgrind/valgrind.h

This release is under the BSD license.

These libraries have their own licenses; we recommend you read them as their terms may differ from the terms below.

Copyright 2006-2012, the V8 project authors. All rights reserved.






- C-Ares, an asynchronous DNS client, located at deps/cares. C-Ares license follows:

Copyright 1998 by the Massachusetts Institute of Technology.

* Permission to use, copy, modify, and distribute this software and its documentation for any purpose and without fee is hereby granted, provided that the above copyright notice appear in all copies and that both that copyright notice and this permission notice appear in supporting documentation, and that the name of M.I.T. not be used in advertising or publicity pertaining to distribution of the software without specific, written prior permission.

* M.I.T. makes no representations about the suitability of * this software for any purpose.It is provided "as is" without express or implied warranty.

- OpenSSL located at deps/openssl. OpenSSL is cryptographic software written by Eric Young ([email protected]) to provide SSL/TLS encryption. OpenSSL's license follows:

====================================================================

Copyright (c) 1998-2011 The OpenSSL Project.All rights reserved.


Polycom, Inc. 132




3. All advertising materials mentioning features or use of this software must display the following acknowledgment:

"This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit. (http://www.openssl.org/)"

4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to endorse or promote products derived from this software without prior written permission. For written permission, please contact [email protected].

5. Products derived from this software may not be called "OpenSSL" nor may "OpenSSL" appear in their names without prior written permission of the OpenSSL Project.

6. Redistributions of any form whatsoever must retain the following acknowledgment:

"This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://www.openssl.org/)"

THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT `ÀS IS'' AND ANY EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.IN NO EVENT SHALL THE OpenSSL PROJECT OR ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

====================================================================

This product includes cryptographic software written by Eric Young ([email protected]).This product includes software written by Tim Hudson ([email protected]).

- HTTP Parser, located at deps/http_parser. HTTP Parser's license follows:

http_parser.c is based on src/http/ngx_http_parse.c from NGINX copyright Igor Sysoev. Additional changes are licensed under the same terms as NGINX and copyright Joyent, Inc. and other Node contributors. All rights reserved. Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:



- Closure Linter is located at tools/closure_linter. Closure's license follows:

Copyright (c) 2007, Google Inc.



Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.


Polycom, Inc. 133

Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.

Neither the name of Google Inc. nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission.


- tools/cpplint.py is a C++ linter. Its license follows:







- lib/punycode.js is copyright 2011 Mathias Bynens http://mathiasbynens.be/ and released under the MIT license.

Punycode.js <http://mths.be/punycode>

Copyright 2011 Mathias Bynens <http://mathiasbynens.be/>

Available under MIT license <http://mths.be/mit>

- tools/gyp. GYP is a meta-build system. GYP's license follows:



Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.

Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.

Neither the name of Google Inc. nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission.

THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL


Polycom, Inc. 134

THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

- Zlib at deps/zlib. zlib's license follows:

zlib.h -- interface of the 'zlib' general purpose compression library version 1.2.4, March 14th, 2010

Copyright (C) 1995-2010 Jean-loup Gailly and Mark Adler

This software is provided 'as-is', without any express or implied warranty.In no event will the authors be held liable for any damages arising from the use of this software. Permission is granted to anyone to use this software for any purpose, including commercial applications, and to alter it and redistribute it freely, subject to the following restrictions:

1. The origin of this software must not be misrepresented; you must not claim that you wrote the original software. If you use this software in a product, an acknowledgment in the product documentation would be appreciated but is not required.

2. Altered source versions must be plainly marked as such, and must not be misrepresented as being the original software.

3. This notice may not be removed or altered from any source distribution.

Jean-loup Gailly

Mark Adler

- npm is a package manager program located at deps/npm. npm's license follows:

Copyright 2009-2012, Isaac Z. Schlueter (the "Original Author")


MIT +no-false-attribs License



Distributions of all or part of the Software intended to be used by the recipients as they would use the unmodified Software, containing modifications that substantially alter, remove, or disable functionality of the Software, outside of the documented configuration mechanisms provided by the Software, shall be modified such that the Original Author's bug reporting e-mail addresses and urls are either replaced with the contact information of the parties responsible for the changes, or removed entirely.


Except where noted, this license applies to any and all software programs and associated documentation files created by the Original Author, when distributed with the Software. "Node.js" and "node" trademark Joyent, Inc. npm is not officially part of the Node.js project, and is neither owned by nor officially affiliated with Joyent, Inc. Packages published in the npm registry are not part of npm itself, are the sole property of their respective maintainers, and are not covered by this license.

"npm Logo" created by Mathias Pettersson and Brian Hammond, used with permission.

"Gubblebum Blocky" font

Copyright (c) 2007 by Tjarda Koster, http://jelloween.deviantart.com included for use in the npm website and documentation, used with permission.


Polycom, Inc. 135

This program uses "node-uuid", Copyright (c) 2010 Robert Kieffer, according to the terms of the MIT license.

This program uses "request", Copyright (c) 2011 Mikeal Rogers, according to the terms of the Apache license.

This program uses "mkdirp",Copyright (c) 2010 James Halliday, according to the terms of the MIT/X11 license.

- tools/doc/node_modules/marked. Marked is a Markdown parser. Marked's

license follows:

Copyright (c) 2011-2012, Christopher Jeffrey (https://github.com/chjj/)




- test/gc/node_modules/weak. Node-weak is a node.js addon that provides garbage collector notifications. Node-weak's license follows:

Copyright (c) 2011, Ben Noordhuis <[email protected]>

Permission to use, copy, modify, and/or distribute this software for any purpose with or without fee is hereby granted, provided that the above copyright notice and this permission notice appear in all copies.

THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.

- src/ngx-queue.h. ngx-queue.h is taken from the nginx source tree. nginx's

license follows:

Copyright (C) 2002-2012 Igor Sysoev

Copyright (C) 2011,2012 Nginx, Inc.




THIS SOFTWARE IS PROVIDED BY AUTHOR AND CONTRIBUTORS `ÀS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.IN NO EVENT SHALL AUTHOR OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.


Polycom, Inc. 136

- wrk is located at tools/wrk. wrk's license follows:

Apache License

Version 2.0, January 2004

http://www.apache.org/licenses/

TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION

1. Definitions.

"License" shall mean the terms and conditions for use, reproduction, and distribution as defined by Sections 1 through 9 of this document.

"Licensor" shall mean the copyright owner or entity authorized by the copyright owner that is granting the License.

"Legal Entity" shall mean the union of the acting entity and all other entities that control, are controlled by, or are under common control with that entity. For the purposes of this definition, "control" means (i) the power, direct or indirect, to cause the direction or management of such entity, whether by contract or otherwise, or (ii) ownership of fifty percent (50%) or more of the outstanding shares, or (iii) beneficial ownership of such entity.

"You" (or "Your") shall mean an individual or Legal Entity exercising permissions granted by this License.

"Source" form shall mean the preferred form for making modifications, including but not limited to software source code, documentation source, and configuration files.

"Object" form shall mean any form resulting from mechanical transformation or translation of a Source form, including but not limited to compiled object code, generated documentation, and conversions to other media types.

"Work" shall mean the work of authorship, whether in Source or Object form, made available under the License, as indicated by a copyright notice that is included in or attached to the work (an example is provided in the Appendix below).

"Derivative Works" shall mean any work, whether in Source or Object form, that is based on (or derived from) the Work and for which the editorial revisions, annotations, elaborations, or other modifications represent, as a whole, an original work of authorship. For the purposes of this License, Derivative Works shall not include works that remain separable from, or merely link (or bind by name) to the interfaces of, the Work and Derivative Works thereof.

"Contribution" shall mean any work of authorship, including the original version of the Work and any modifications or additions to that Work or Derivative Works thereof, that is intentionally submitted to Licensor for inclusion in the Work by the copyright owner or by an individual or Legal Entity authorized to submit on behalf of the copyright owner. For the purposes of this definition, "submitted" means any form of electronic, verbal, or written communication sent to the Licensor or its representatives, including but not limited to communication on electronic mailing lists, source code control systems, and issue tracking systems that are managed by, or on behalf of, the Licensor for the purpose of discussing and improving the Work, but excluding communication that is conspicuously marked or otherwise designated in writing by the copyright owner as "Not a Contribution."

"Contributor" shall mean Licensor and any individual or Legal Entity on behalf of whom a Contribution has been received by Licensor and subsequently incorporated within the Work.

2. Grant of Copyright License.

Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare Derivative Works of, publicly display, publicly perform, sublicense, and distribute the Work and such Derivative Works in Source or Object form.

3. Grant of Patent License.

Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable (except as stated in this section) patent license to make, have made, use, offer to sell, sell, import, and otherwise transfer the Work, where such license applies only to those patent claims licensable by such Contributor that are necessarily infringed by their Contribution(s) alone or by combination of their Contribution(s) with the Work to which such Contribution(s) was submitted. If You institute patent litigation against any entity (including a cross-claim or counterclaim in a lawsuit) alleging that the Work or a Contribution incorporated within the Work constitutes direct or contributory patent infringement, then any patent licenses granted to You under this License for that Work shall terminate as of the date such litigation is filed.

4. Redistribution.

You may reproduce and distribute copies of the Work or Derivative Works thereof in any medium, with or without modifications, and in Source or Object form, provided that You meet the following conditions:

(a) You must give any other recipients of the Work or Derivative Works a copy of this License; and


Polycom, Inc. 137

(b) You must cause any modified files to carry prominent noticesstating that You changed the files; and

(c) You must retain, in the Source form of any Derivative Works that You distribute, all copyright, patent, trademark, and attribution notices from the Source form of the Work, excluding those notices that do not pertain to any part of the Derivative Works; and

(d) If the Work includes a "NOTICE" text file as part of its distribution, then any Derivative Works that You distribute must include a readable copy of the attribution notices contained within such NOTICE file, excluding those notices that do not pertain to any part of the Derivative Works, in at least one of the following places: within a NOTICE text file distributed as part of the Derivative Works; within the Source form or documentation, if provided along with the Derivative Works; or, within a display generated by the Derivative Works, if and wherever such third-party notices normally appear. The contents of the NOTICE file are for informational purposes only and do not modify the License. You may add Your own attribution notices within Derivative Works that You distribute, alongside or as an addendum to the NOTICE text from the Work, provided that such additional attribution notices cannot be construed as modifying the License.

You may add Your own copyright statement to Your modifications and may provide additional or different license terms and conditions for use, reproduction, or distribution of Your modifications, or for any such Derivative Works as a whole, provided Your use, reproduction, and distribution of the Work otherwise complies with the conditions stated in this License.

5. Submission of Contributions.

Unless You explicitly state otherwise, any Contribution intentionally submitted for inclusion in the Work by You to the Licensor shall be under the terms and conditions of this License, without any additional terms or conditions. Notwithstanding the above, nothing herein shall supersede or modify the terms of any separate license agreement you may have executed with Licensor regarding such Contributions.

6. Trademarks.

This License does not grant permission to use the trade names, trademarks, service marks, or product names of the Licensor, except as required for reasonable and customary use in describing the origin of the Work and reproducing the content of the NOTICE file.

7. Disclaimer of Warranty.

Unless required by applicable law or agreed to in writing, Licensor provides the Work (and each Contributor provides its Contributions) on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied, including, without limitation, any warranties or conditions of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A PARTICULAR PURPOSE. You are solely responsible for determining the appropriateness of using or redistributing the Work and assume any risks associated with Your exercise of permissions under this License.

8. Limitation of Liability.

In no event and under no legal theory, whether in tort (including negligence), contract, or otherwise, unless required by applicable law (such as deliberate and grossly negligent acts) or agreed to in writing, shall any Contributor be liable to You for damages, including any direct, indirect, special, incidental, or consequential damages of any character arising as a result of this License or out of the use or inability to use the Work (including but not limited to damages for loss of goodwill, work stoppage, computer failure or malfunction, or any and all other commercial damages or losses), even if such Contributor has been advised of the possibility of such damages.

9. Accepting Warranty or Additional Liability.

While redistributing the Work or Derivative Works thereof, You may choose to offer, and charge a fee for, acceptance of support, warranty, indemnity, or other liability obligations and/or rights consistent with this License. However, in accepting such obligations, You may act only on Your own behalf and on Your sole responsibility, not on behalf of any other Contributor, and only if You agree to indemnify, defend, and hold each Contributor harmless for any liability incurred by, or claims asserted against, such Contributor by reason of your accepting any such warranty or additional liability.