Polycom RealPresence Resource Manager System Operations Guide Directory Management Supported Configurations
460 Polycom, Inc.
• Administration: Active Directory users and their Active Directory group
memberships are managed through your Active Directory. RealPresence
Resource Manager system local users are managed through the
RealPresence Resource Manager system's web interface.
• Security: Local accounts have their own passwords, which are stored on
the RealPresence Resource Manager system. Active Directory user
accounts maintain the same users' Active Directory credentials and
password complexity policies, which are validated by the domain
controllers.
How Global Catalog Searches Work
When you integrate the RealPresence Resource Manager system with Active
Directory, you can configure it to integrate in one of two ways:
• It can access a specific global catalog server by host name or IP address
(not recommended, due to a lack of redundancy).
If you select this option, the domain name that you specify for the
RealPresence Resource Manager system must match the DNS name suffix
of the Global Catalog server (example: dc1.polycom.com configured as the
Global Catalog, then you must enter polycom.com as the domain name of
the RealPresence Resource Manager system server).
• It can auto-discover the server by querying the DNS for the closest Global
Catalog server (strongly recommended).
If you select this option, you can specify any domain in the Active
Directory forest in the Domain Name criteria for the RealPresence
Resource Manager system server. The DNS server must contain Active
Directory-specific entries.
It is recommended that you enter the forest root DNS domain name.
When configured to auto-discover the server, every time the RealPresence
Resource Manager system needs to bind to a Global Catalog server for LDAP
queries, the RealPresence Resource Manager system performs the following.
• Uses Microsoft's LDAP Ping mechanism to determine the site in which the
system is located.
• Uses a DNS SRV record query to find a Global Catalog server within the
same site.
• Connects to the Global Catalog on the domain controller and queries for
the object in question and any relevant information (such as GUID, userID,
name, phone number).
You can secure the connection between the RealPresence Resource Manager
system and the Active Directory server's Global Catalog using LDAP-S (via
outbound TCP/UDP port 3269) or Start TLS (via outbound 3268 TCP/UDP).
To implement the secure connection, the appropriate ports must be open on
any network equipment between the Global Catalog and the RealPresence
Resource Manager system.
