Users, Connections, and Notes
Polycom®, Inc. 472
3 If the FQDN in the received certificate matches that associated with application-user, and the
password is correct, the connection proceeds.
Guidelines for defining a machine account
● Application-users are only supported when TLS security is enabled and Request peer certificate is
selected. TLS security cannot be disabled until all application-user accounts have been deleted from
the system.
● For Secure Communications, an administrator must set up on the Collaboration Server system a
machine account for the RealPresence DMA system with which it interacts. This machine account
must include a fully-qualified domain name (FQDN) for the RealPresence DMA system.
● Application-user names are the same as regular user names.
Example: the DMA application could have an application-user name of DMA1.
● The FQDN can be used to associate all user types: Administrator, Operator with the FQDN of a
server.
● Multiple application-users can be configured the same FQDN name if multiple applications are
hosted on the same server
● If the system is downgraded the application-user’s FQDN information is not deleted from the
Collaboration Server’s user records.
● A System Flag, PASS_EXP_DAYS_MACHINE, enables the administrator to change the password
expiration period of application-user’s independently of regular users. The default flag value is 365
days.
● The server hosting an application-user whose password is about to expire will receive a login
response stating the number of days until the application-user’s password expires. This is determined
by the value of the PASSWORD_EXPIRATION_WARNING_DAYS System Flag. The earliest
warning can be displayed 14 days before the password is due to expire and the latest warning can
be displayed 7 days before passwords are due to expire. An Active Alarm is created stating the
number of days before the password is due to expire.
● The MIN_PWD_CHANGE_FREQUENCY_IN_DAYS System Flag does not effect application-user
accounts. Applications typically manage their own password change frequency.
● If an application-user identifies itself with an incorrect FQDN, its account will not be locked, however
the event is written to the Auditor Event File.
● If an application-user identifies itself with a correct FQDN and an incorrect password, its account will
be locked and the event written to the Auditor Event File.
● An application-user cannot be the last administrator in the system. The last administrator must be
regular user.
● User names are not case sensitive.
Monitoring
● An application-user and its connection is represented by a specific icon.
Active Directory
● When working with Active Directory, the RealPresence DMA system cannot be registered within
Active Directory as regular users. The RealPresence DMA system application-users must be
manually.
● The only restriction is that TLS mode is enabled together with client certificate validation.