Professional Documents
Culture Documents
0 Deployment Guide
Version History
Version Date Comments Author
1.0 11/01/2018 DMA v10 Method of procedures (MOP) creation Barry Phearson
1.1 11/12/2018 Port Info added to beginning Upgrade Sections Barry Phearson
1.0 Prerequisites
This document assumes that the components described in this section are set up for a typical
deployment and configured to work within the environment provided.
Appliance Requirements:
• Polycom Rack Server 630 (R630)
• Polycom Rack Server 620 (R620)
• Polycom Rack Server 220 (R230)
• Polycom Rack Server 220 (R220)
• Required Licenses for activation
VM Requirements:
• VMWare version 5.5 or higher
• Microsoft Hyper-V 2012 or newer
• Valid NTP configuration
Before deploying your Polycom RealPresence Virtual Edition software, review the following
planning guidelines for your deployment. Unless otherwise noted, use these guidelines for all
Polycom Virtual Editions.
Polycom recommends that a virtual environment administrator install the Virtual Edition
software. After the installation of a Virtual Edition, additional configuration should be
completed by someone who understands video conferencing.
Memory Allocation
In a Microsoft Hyper-V environment, you must not overprovision memory at the hypervisor
layer. Dynamic memory for virtual machines is not supported.
Disk
Hypervisors add overhead to disk operations. For best performance, ensure that the virtual
machine can achieve the recommended IOPS listed in the following table.
Capacity information such as storage space and memory vary according to Virtual Edition.
Please see release notes for your RealPresence Virtual Edition software for the minimum
capacity requirements for your product.
Server Information:
RPAD or DMA Edge Information (FE Toolkit will require RPAD data for Edge Configuration)
• Internal address - Internal IP of access proxy settings in RPAD or DMA Edge.
• External Address: The external signal address of RPAD or DMA Edge.
• SIP proxy port - The SIP external port configured in RPAD or DMA Edge.
• SIP Registrar port - The SIP external port configured in RPAD or DMA Edge.
2.2 Scope
This process guides PGS through the best practices to be followed for installing the DMA
product. This document does not cover installation of VMware/Hyper-V environments nor
other integration with third party software.
2.3 Process
The process outlined herein strives to minimize customer downtime with specific guidelines for
field personnel performing the DMA installation or upgrades.
1. Verify that DMA meets the specified minimum release
2. Verify that RPAD meets the specified minimum release
3. Verify that VMware is at release 5.0 or above/Hyper-V role on Windows Server
2012 R2 (reported supported 2008 and up)
4. Install/Upgrade Polycom DMA Core software
5. Install DMA Edge or upgrade RPAD to DMA Edge
6. Obtain Serial number, License Server IP address, RealPresence license
information
7. Configure Polycom DMA Core
8. Configure Polycom DMA Edge
9. Configure SRV record on DNS
10. Install HA (if required)
This process document does not provide details for the following:
1. Installing and Configuring VMware (See http://www.vmware.com for a 60-day
software trial)
2. Installing SfB server and Client environment (See http://www.microsoft.com for SfB
Installation Guide.)
3. Installing or upgrading RMX software (Go to http://support.polycom.com for the
RMX Administrative Guide)
4. Installing or upgrading RPAD software (Go to http://support.polycom.com for the
RPAD Administrative Guide)
From the TOI covered by Jeff Lutkus we had learned that the following was DMA 10.0 new
features. Further details pertaining to configuration is found in later chapters of this guide.
DMA 10.0 can be setup in two ways now:
a) in an Edge Configuration in the DMZ (like the existing RealPresence Access Director product)
b) in a Core configuration inside the enterprise (like the existing RealPresence DMA product)
Support for upgrading your existing RPAD from RPAD 4.2.x for Edge configuration, as well as a
standard DMA upgrade from DMA 9.x for use as a core configuration
Allows for a single combo box configuration where you can have a single DMA in Edge
configuration in the DMZ that also will host VMR calls. In this configuration there is no need of a
second DMA in the core configuration inside the enterprise
DMA 10.0 now has the new look and feel HTML5 UI for all configurations and allows you to
configure Horizontal or Vertical Menus
DMA 10.0 in Edge configuration is now also a full-fledged Gatekeeper/Registrar. All external
endpoint registrations terminate at the Edge DMA
DMA 10.0 now provides both active/active and active/passive High Availability in both Edge and
Core configurations
DMA 10.0 has the ACL (Access Lists) feature for both Edge and Core configurations
DMA 10.0 also provides VMR based licensing apart from existing Call Licensing.
DMA 10.0 will provide new functionality to set conference thresholds per MCU to protect new
users from joining existing conferences on a busy MCU
DMA 10.0 will provide the capability to synchronize pooled conference names between RPRM,
DMA and RPCS.
DMA 10.0 will not count an extra DMA license for PCC (CSS)/Soft Blade call leg.
DMA 10.0 provides the ability to not count licenses multiple times if a call traverses a
supercluster
DMA 10.0 product release notes state the following details to help understand the maximum
values to expect with overall usage. As stated below; Because of the differences in hardware
and VM Environments, the performance information is provided for guidance purposes only
and does not represent a guarantee of any kind by Polycom.
The following will demonstrate a deployment of DMA 10.0 in vSphere Web Client version 6.5.0.
The required DMA software OVA will be required prior to completion.
VMWare - Install OVA File (15 Minutes)
From VMs and Templates view, select location to deploy software. Right click and select Deploy
OVF Template. Click the Browse option to select the OVA typically named “plcm-rpp-dma-
10.0.0-xxxx-vmdk.ova” (xxxx reflects build number). Click next.
Provide Name to be displayed within vSphere. If not Modified, the name will be in following like
format (plcm-rpp-dma-10.0.0-6979-vmdk). Click Next.
From the pop-out window, use polycom as user name and password to login
You will be prompted to change this password. First one must enter existing password then
enter new and confirm new password. Notice no character indication is seen when entering
data.
Once successfully changed, you will see a warning message. Use the tab function to select Yes.
From the main menu select Exit and allow the DMA to reboot.
Once finished, the DMA would be accessible from the defined IP address in the following
format: https://10.223.36.171:8443/dma/login
Default login information would be admin and Polycom12#$ for user name and password.
Extract the DMA software to a central location specific for this deployment. Hyper-V Manager
has defined default folder location as C:\Users\Public\Documents\Hyper-V\Virtual Hard Disks
Within this folder one should have subfolders to extract main files into to prevent problems in
the event of multiple deployments. The following for example:
Click Browse to locate folder housing the VHD files. DMA team typically names file “plcm-rpp-
dma-10.0” as seen in folder below. Select Folder
Select the Virtual Switch network to be used with the DMA configuration. By Default, the VHD
will have all 4 NIC’s enabled. You can disable or associate different Virtual Switch networks if
defined in Hyper-V. For our documentation we have the one Virtual Switch network.
Once complete, Rename the Server and then select Start from the right-hand menu choices
Use the Connect option to open console access and login using polycom as user name and
password of
Polycom. The password will not reflect characters indication for security reasons.
Select Yes
Use Polycom Management Console to set the Host name and Network settings.
DMA will ARP the address, reset network services and then display configuration with OK as
option
Select option to 7 to reboot server and save all configured settings. Then attempt to access the
web UI via configured IP address. URL Format will be https://IP_Addrfess:8443/dma
If you need to access the console connection again, you will need to use the new password
configured when first connected and acknowledge that this server was already configured.
Otherwise just access the IP address in an internet browser about 4 minutes after the restart.
During first time Setup of any new DMA you are asked to select either Core or Edge
Configuration. Also located on the first-time setup window, there is a Download Network
Configuration Utility.
Clicking on it downloads a zip file names usbGui_10.0.0.xxxx.zip. When you extract the file
locally, the dma7000-usb-gui.exe is used to configure system parameters. Out of habit, I right
click and open as Administrator.
The Node Selection is displayed to start system configuration. Select Node 1 and use the Edit
button to configure.
Select your initial deployment node type. Engineering has stated that Core must be configured
first.
Provide Host Name and Domain information then Add eth0-eth3 as required.
Routing will allow to add static routes common with split network configurations
Set the define NTP servers and GMT time specifics and click Done
On a Fresh Install of DMA (in edge configuration), the following are the default ports for the respective
services. See screenshot below:
If you run the edge wizard and specify number of simultaneous calls required as x then the port ranges
will adjust to what is required for x number of simultaneous calls using the formula (mentioned in the
Upgrade section above). See screenshot below which uses 1000 simultaneous calls and has services
bound to eth0 only:
Login to DMA and Select Help>About RealPresence DMA to confirm required software version.
Select Upload or Upload and Upgrade, double click on the required upgrade file, Confirm Action
selecting YES.
To manually load the Progress Page use URL format http://IP Address:8080/rppufstatus.html
Once completed (35 minutes) the login prompt for DMA will be seen. Login with credentials
Read and Accept the EULA to proceed. Also opt in or out to automatically send usage data to
improve this product. Click the blue question mark for further details on usage data.
On a Fresh Install of DMA (in edge configuration), the following are the default ports for the respective
services. See screenshot below:
If you run the edge wizard and specify number of simultaneous calls required as x then the port ranges
will adjust to what is required for x number of simultaneous calls using the formula (mentioned in the
Upgrade section above). See screenshot below which uses 1000 simultaneous calls and has services
bound to eth0 only:
Also note for single or two-box tunnel systems, review the following information:
1. If you have a RPAD Dell Server R620, v2 or v3, you must perform a new installation of
the DMA EDGE on the server. The RPAD R620 servers cannot be upgraded.
2. If you will upgrade a RRPAD HA pair, you must disable HA on both systems before
upgrading.
3. Post upgrade, DMA 10.0 administrator user credentials will need to be added in the
registration sharing settings to complete the upgrade.
4. Port 8443 will be required for registration sharing between DMA EDGE and DMA CORE.
5. No changes to RPAD configured port ranges are required post upgrade however, the
DMA EDGE system will display a port overlap alert for the system ephemeral port range.
After upgrading, you need to change the DMA system’s ephemeral port range to
prevent port conflicts. You do not need to make changes to your firewall.
6. The RPAD SSH passwords for the following user accounts will be migrated to DMA EDGE:
➢ polycom ➢ root ➢ rpad (the rpad user will be converted to the dmaremote user but
the password will remain the same).
NOTE: If you have a RealPresence Access Director Polycom Rack Server 620
(R620), v2 or v3 (shipped from January 2013 through June 2014), you must perform
a new installation of the RealPresence DMA system, version 10, on the server. The
RealPresence Access Director R620 servers cannot be upgraded.
Download the required UPG file which may be named like the following “rpad-4-2-x-to-dma-
10.0.0-7267-full”. From RPAD main menu, select Maintenance>Software Upgrade
Select either Upload or Upload and Upgrade option from the left menu. We will select Upload.
URL changes while upgrading (Captured below). The Status URL is IP_Address:8080/status.html
Although I started upgrade process at 11:09, the Package Installer process started at 11:14 and
ended 11:22 thus total time 14 Minutes with reboot 20 Minutes. Refresh the browser and
observe RPAD is now DMA running in Edge Configuration.
Confirm from the Alert window that there was a successful restored backup or database
Recommended practice is to create a Full New Backup from the Admin>Backup and Restore
window
Licenses (if required) will need to be assigned as next step then finalize configuration and run
test calls. From the Alert mentioning port overlap use the following steps to edit the ephemeral
(short-lived) ports.
DMA - CFS
The Legacy mode of licensing is CFS and used with the physical Dell Server hardware. Use the
http://Support.polycom.com website to Login and Download or activate new licenses.
Select Activation/Upgrade
Enter Product Serial number which is typically the Dell Service Tag and select Next.
Select the Upgrade Tab to locate the version 10.0 activation code.
Enter Activation Primary key code received from the Polycom Support Portal and click Update.
Confirm license activation on main Dashboard or the License page to reflect License Calls.
Virtual Edition DMA is licensed via Polycom RealPresence Licensing Center or Flexera. Both
Clariti and the Standalone DMA virtual licenses require an onsite License server which is found
in our Polycom Resource Manager.
Customers will need to download and deploy RPRM so there is a system ID to apply all licenses
to. Proceed to log into the licensing center and from Product List, select RealPresence Resource
Manager Virtual Edition.
Click the 10.4.0 link as latest build at the time of this document.
Use the File Name Link to download all required files. Also download the DMA 10 (which is not
seen at the time of this document) and any other updates required. Have the local VM
Administration deploy the appropriate (VMWare or Hyper-V) file to their server.
Log into the Polycom Licensing Center and select Create Server on left menu pain
Enter the System ID for License Server and make sure you change ID Type to
PUBLISHER_DEFINED. The additional Alias and Site Name is helpful for organizational
needs/requirements.
Enter the Entitlement ID or Sales Order number for which required licenses are located, then
Search.
With all items mapped for our deployment, revisit the RPRM License page and select Update
Provided port 443 is open and not blocked in or out of network, Online activation will work fine
and typically take a few minutes. If for any reason blocked, Offline activation is required and is
not covered within this document. Most customer can do Online activation.
The status will change, and confirmation is seen. Click OK to continue.
As a new deployment, the logged in user (admin in our case) will require Device Administrator
role to continue. Edit the user, add the Device Administrator (or more roles) using the down
Add button illustrated below. Once complete, log off and back in to renew menus.
If the Add button is not seen on the Instance page, repeat previous actions. Click the Add
button
From the Add Instance page, Select DMA Device Type and fields for that device type will be
visible. Fill in the first page, populate anything required on Service Integration or Servers page if
required, then Select the check box to Enable the licensing from this license server.
Clicking on the new DMA, the Allocation area opens to allow license to be provided. In this test
case we have 100 PT2PT and 100 VMR calls type licenses which we will provide. Enter the
values and click save and the REST API’s will license and license the DMA.
When all applied licenses are allocated to the DMA, the donut will be blue. 😊
Logging into the DMA, one can confirm license change from the Dashboard seen here
Follow the above steps for adding DMA EDGE to RPRM for monitoring. Virtual Edition DMA
EDGE servers will not require license allocation, but the DMA EDGE Wizard should be run to
advance and enable configuration to allow this functionality.
If this was a Migration of hardware RPAD, there will be licenses provided which should be
added to the server. DMA EDGE Wizard is also recommended in these deployments as it helps
set up the proper dial rules. See appropriate sections within this MOP for setup information.
Virtual Edition DMA is licensed via Polycom RealPresence Licensing Center or Flexera. Both
Clariti and the Standalone DMA virtual licenses require an onsite License server which is found
in our Polycom Resource Manager.
Customers will need to download and deploy RPRM so there is a system ID to apply all licenses
to. Proceed to log into the licensing center and from Product List, select RealPresence Resource
Manager Virtual Edition.
Next select RealPresence Resource Manager Virtual Edition as Platform Director is EOL and
considered Legacy.
Click the 10.4.0 link as latest build at the time of this document.
Use the File Name Link to download all required files. Also download the DMA 10 (which is not
seen at the time of this document) and any other updates required. Have the local VM
Administration deploy the appropriate (VMWare or Hyper-V) file to their server.
Log into the Polycom Licensing Center and select Create Server on left menu pain
Enter the System ID for License Server and make sure you change ID Type to
PUBLISHER_DEFINED. The additional Alias and Site Name is helpful for organizational
needs/requirements.
Enter the Entitlement ID or Sales Order number for which required licenses are located, then
Search.
Select the quantity to add to the license server for license activation. Typically, all items found
on any new order would be applied to the license server. There are only a few cases where
With all items mapped for our deployment, revisit the RPRM License page and select Update
Provided port 443 is open and not blocked in or out of network, Online activation will work fine
and typically take a few minutes. If for any reason blocked, Offline activation is required and is
not covered within this document. Most customer can do Online activation.
The status will change, and confirmation is seen. Click OK to continue.
As a new deployment, the logged in user (admin in our case) will require Device Administrator
role to continue. Edit the user, add the Device Administrator (or more roles) using the down
Add button illustrated below. Once complete, log off and back in to renew menus.
If the Add button is not seen on the Instance page, repeat previous actions. Click the Add
button
From the Add Instance page, Select DMA Device Type and fields for that device type will be
visible. Fill in the first page, populate anything required on Service Integration or Servers page if
required, then Select the check box to Enable the licensing from this license server.
Clicking on the new DMA, the Allocation area opens to allow license to be provided. In this test
case we have 10 PT2PT, 50 VMR-Hosted Calls and 36 Max number VMR’s based on license type
applied. Enter the values and click save and the REST API’s will license and license the DMA.
When all applied licenses are allocated to the DMA, the donut will be blue. 😊
Logging into the DMA, one can confirm license change from the Dashboard seen here
Follow the above steps for adding DMA EDGE to RPRM for monitoring. Virtual Edition DMA
EDGE servers will not require license allocation, but the DMA EDGE Wizard should be run to
advance and enable configuration to allow this functionality.
If this was a Migration of hardware RPAD, there will be licenses provided which should be
added to the server. DMA EDGE Wizard is also recommended in these deployments as it helps
set up the proper dial rules. See appropriate sections within this MOP for setup information.
The RPAD appliance will require a Migration Order license to convert the existing RPAD into a
DMA on the Support Portal. The CFS License received is activated like all other CFS activations
by applying against the product serial number.
The following will demonstrate process flow from our QA environment meant to emulate the
Production environment which at the time of this document, not available.
NOTE: RPAD should be activated and running version 4.2 prior to license
conversion to DMA. All RPAD licenses will be removed from the support portal
once completed.
Use the http://Support.polycom.com website to Login and Download or activate new licenses.
Select Activation/Upgrade
Enter Product Serial number which is typically the Dell Service Tag and select Next.
Once logged in use the Upgrade Tab and validate 4.2 Upgrade key code was received. If not,
click the Get button and again make sure RPAD is running version 4.2 prior to upgrades.
With RPAD running 4.2 and covered under an Active Service Agreement, we are ready to apply
the migration license. Use the Activation tab and enter migration license number and Activate.
Activated with no errors will reflect “Activation successful, new keycode generated above”
message.
Note: The Displayed keycode on the main page should be version 10.0 DMA
and you can confirm when visiting the Upgrade Tab in the support portal.
For the benefit of this MOP, working with early versions within the QA
system we have version 9.0 which will be corrected by release date.
Once DMA 10.0 keycode is retrieved, you will need to apply it to the new DMA Edge product.
The DMA Web UI is the same for activations at this point. Log into the DMA and from DMA
Menu Select Admin>Server>Licenses
Enter Activation Primary key code received from the Polycom Support Portal and click Update.
Confirm license activation on main Dashboard or the License page to reflect License Calls.
DMA Max VMR Calls Feature is also added to the RPAD Enable license feature set.
There is no expected change for any other RPAD License such as RPAD HA as alternate
configurations can be created. E.G. Qty 2 DMA Edge Servers configured with HA (active/active
or active/passive).
Now to review a typical “Al-la-cart” type license server (Non Clariti) for which the customer was
sold RPRM, DMA and RPAD. We can see for the license server that we have all licenses (New
install or existing) applied to our defined license server.
We can see that from our defined License server that the licenses are applied to the required
devices. In our example we have RPAD with 50 calls license, DMA with 200 Calls and matching
RPRM with 200. (original planned install)
Since the RPAD License feature set change mentioned above, we can now see a total of 250 Call
licenses for DMA which adds the additional 50 to cover the DMA Edge server which will replace
the RPAD 50 call license.
Expected process from this point would be to upgrade RPAD to DMA 10.0 using required file
and process defined within this MOP – “RPAD Upgrade Process”.
Once RPAD is upgraded to DMA, it is time to modify instances within RPRM License server.
NOTE: RPAD Instance in RPRM must be deleted and New DMA EDGE Instance
added for allocation. DMA EDGE Does not require any licenses when DMA EDGE
Configuration Wizard is running, and proper dial rules are built to traverse the
EDGE Server
From the Instances page, select the RPAD Instance and use the delete button.
Use the add button to create new DMA Edge Server. Fill out the Device Type, and License
Configuration pages.
Move to License>Allocation area to apply the previous qty 50 licenses to the new DMA Edge
server and click save.
Confirm the allocation on the new DMA Edge Server. Seen on the dashboard or the licensing
page, the confirmed 50 will be displayed.
For customers sold Clariti licenses the following will apply. Most important, if a new install
verify that the CORE DMA is installed and licensed first.
There have been no changes made for Clariti licenses. Once RPAD is upgraded to DMA 10.0, the
RPAD instance is required to be deleted and DMA EDGE added to RPRM License Server.
Next, add new DMA EDGE 10.0 Instance by completing the Device Type and License
Configuration pages.
From the License>Allocation area you will see the new DMA EDGE server and note that there
are no licenses to map.
Next use the DMA EDGE Configuration Wizard and verify the necessary Dial Rules are built to
allow calls to work. See section related to Clariti Licenses under new features.
The DMA 10.0 supported configurations are subject to change until DMA 10.0 is released. As
MOP is being created prior to release, the following is targeted as supported. Any specific
configuration can be sent in through Yammer and confirmed as supported or not.
Since in DMA 10.0 all features are available in either edge or core configuration the
permutations to support in DMA 10.0 are enormous. So, the following table lists the
features/configurations that are going to be supported/tested in DMA 10.0. No code will be put
in to prevent unsupported features/configurations being used at this time. Obviously, no
support will be provided for those unsupported features/configurations. This way in future if
we need to support a combination it will be straight forward.
Important Note: The DMA 10.0 supported features are subject to change until DMA 10.0 goes
GA
To add a variable:
Go to Service Config > Access Control > ACL Variables.
Click the Add button.
Complete the following fields:
Variable name: Enter a name for the variable.
Description: Enter a brief description of the type of values the variable contains.
Service Type: Select SIP, H.323, or SIP and H.323.
Value: Click the Add button to enter a value to include in this variable, such as a string,
number, or regular expression.
Click OK to add the value to the list of values.
Add more values as needed.
Click OK.
In the Condition field, click the Add button to add a condition for the rule and complete the
fields as described in the following table:
Field Description
Relation You can define multiple conditions for each rule you create.
When you define the first condition, the Relation field is not
active. When you add subsequent conditions, you can select
the relation for each condition.
•and – If a request meets all the conditions in the rule, the
action for the rule is applied to the request.
•or – If a request meets any one of the conditions in the rule,
the action for the rule is applied to the request.
Select the port to assign the ACL to and click the Edit button.
In the ACL field, select the ACL to assign to the port.
Click OK.
Click Update to save the settings.
Access Proxy
HTTPS Proxy - The access proxy feature enables external users to access different internal
HTTPS servers. The RealPresence DMA system accepts a request from a remote user, then
sends a new request on behalf of the user to the correct application server based on the HTTPS
reverse proxy settings you configure.
When the RealPresence DMA system is integrated with a Polycom RealPresence Resource
Manager system, access proxy enables remote endpoints to be provisioned and managed by
the RealPresence Resource Manager system. When the RealPresence DMA system receives a
login and provisioning request from an external endpoint, it sends the request to the HTTPS
provisioning server configured within the RealPresence Resource Manager system.
When you configure the HTTPS Proxy settings, you can add multiple HTTPS next hops. For each
next hop, you must apply a filter that’s based on the HTTPS request message header received
from the endpoint. The RealPresence DMA system uses the filter and other settings to send a
connection request to the correct internal HTTPS application server. Two filters are available:
Request-URI–The next hop is based on the Request-URI in the message header received
from the endpoint. Use the Request-URI filter only when adding a next hop to a
Polycom RealPresence Resource Manager system or a Polycom ContentConnect system.
Host header–The next hop is based on the host information in the message header received
from the endpoint. Use a host header filter when creating the next hop for various HTTPS
In the Add HTTPS Proxy Settings window, complete the fields according to the following
table:
Setting Description
Require client certificate from the When selected, the RealPresence DMA system
remote endpoint requests and verifies the certificate of the remote
endpoint.
Note: Before enabling this setting, an
administrator must install a Server SSL certificate
and trusted CA certificates on the RealPresence
DMA system. Remote clients must also install a
client certificate and trusted CA certificates.
Verify certificate from internal server When selected, the RealPresence DMA system
verifies the certificate from the internal HTTPS
server (the RealPresence Resource Manager
system, the Polycom ContentConnect system, or
RealPresence Web Suite).
Note: Before enabling this setting, an
administrator must install a Server SSL certificate
and trusted CA certificates on the RealPresence
DMA system and the RealPresence Resource
Manager system.
In the Add LDAP Proxy Settings window, complete the fields according to the following
table:
Setting Description
Next hop address The private IP address of the target LDAP server.
The RealPresence DMA system sends a new
request to the next hop IP address on behalf of
the remote client.
Next hop port The port on which the internal LDAP server listens.
Default LDAP port: 389
Require client certificate from the When selected, the RealPresence DMA system
remote endpoint requests and verifies the certificate of the remote
endpoint.
Note: Before enabling this setting, an
administrator must install a Server SSL certificate
and trusted CA certificates on the RealPresence
DMA system. Remote clients must also install a
client certificate and trusted CA certificates.
Verify certificate from internal server When selected, the RealPresence DMA system
verifies the certificate from the internal LDAP
server.
Note: Before enabling this setting, an
administrator must install a Server SSL certificate
and trusted CA certificates on the RealPresence
DMA system and the RealPresence Resource
Manager system.
XMPP Proxy - XMPP proxies can access different XMPP servers, such as the RealPresence
Resource Manager XMPP server or a different network server that provides message, presence,
or other XMPP services.
In the Add XMPP Proxy Settings window, complete the fields according to the following
table:
Setting Description
Public listening port The public port on which the RealPresence DMA
system listens for XMPP traffic.
Default XMPP port: 5222
Port range: 9950–9999
Next hop address The private IP address of the target XMPP server.
The RealPresence DMA system sends a new
request to the next hop IP address on behalf of
the remote client.
Next hop port The port on which the internal XMPP application
server listens.
Default XMPP port: 5222
Verify certificate from internal server When selected, the RealPresence DMA system
verifies the certificate from the internal XMPP
server.
Note: Before enabling this setting, an
administrator must install a Server SSL certificate
and trusted CA certificates on the RealPresence
DMA system and the RealPresence Resource
Manager system.
HTTP Tunnel Proxy - An HTTP tunnel proxy enables SIP guest users to attend web-based video
conferences hosted by the Polycom RealPresence Web Suite. Some restrictive networks block
outgoing UDP-based traffic and can limit outgoing TCP traffic to ports 80 and 443. In these
situations, if a SIP guest client cannot establish a native SIP/RTP connection to a
RealPresence Web Suite video conference, the RealPresence DMA system can act as a web
proxy to tunnel the SIP guest call on port 80, 443, or on a port in the 9950-9999 range. Once the
SIP client is connected to a meeting, the RealPresence DMA system continues to tunnel TCP
traffic, including SIP signaling, media, and Binary Floor Control Protocol (BFCP) content.
The RealPresence Web Suite client uses auto-discovery to ensure that a SIP guest call is routed
through the HTTP tunnel proxy when necessary. When a RealPresence Web Suite SIP guest user
attempts to join a meeting, auto-discovery determines if standard SIP and media ports are
reachable for the call. If not, the call is routed through the HTTP tunnel proxy.
In the Add HTTP Tunnel Proxy Settings window, complete the fields according to the
following table:
Setting Description
In the Add Passthrough Proxy Settings window, complete the fields according to the
following table:
Public listening port The public port on which the RealPresence DMA
system listens for passthrough traffic.
Default passthrough ports: 8080, 80, 443
Port range: 9950–9999
Next hop port The port on which the internal application server
listens. Can be virtually any port that app server is
running on.
Port Range Settings - You can configure the range of dynamic source ports for access proxy
services. Access proxy dynamic ports are not related to the number of calls on a license and the
full range of ports is available by default. You can specify both the first and last port numbers to
limit the range for access proxy, however, changing the first port number in the range is not
recommended.
Dynamic port ranges configured for the RealPresence DMA system must be configured
correspondingly on your firewall.
The following table summarizes dynamic source port information for the access proxy feature.
If you change the port range settings, the RealPresence DMA system validates the new settings
to ensure that no overlap occurs among any of the port range settings. Additionally, the system
checks the port ranges to confirm the following:
No first port number is less than 10000.
No last port number is greater than 60000.
For Access proxy dynamic ports, enter the Last Port number for the port range.
Click OK.
Click Yes to confirm the settings.
NOTE: Output values of calls are strictly dependent on hardware being used and
in what configuration. Common Server 220/230 has max of 200 calls in both
Core and Edge configuration. Common Server 620/630 max of 5000 calls in Core
and 1000 calls in Edge configuration.
Clariti Local Burst licenses are Flexera subscription-based licenses (not a CFS License option)
which will allow one to over subscribe resources on DMA. When added to the Clariti model
license server, the DMA license page will reflect value of true and a check mark that it is
enabled. The check mark is an active area to allow one to enable and disable usage. When
enabled, the maximum calls allowed or 5000 on Core and 1000 on Edge servers.
The License page is found Admin>Server>Licenses
With Clariti local burst Enabled (checked) the DMA would allow more than 1500 calls. With it
disabled (unchecked) call number 1501 will be denied on the above example. The Call Event
logs will reflect No License Available as failure reason. Also, if option is enabled and there are
active Local Burst calls and the administrator disables the option, the calls will remain active
until disconnected.
Clariti Meeting (MTG) licenses were originally created to compete with Cisco in APAC. Typically,
a customer would have either Clariti User licenses OR Clariti MTG Licenses and not mix them.
When first introduced, the TOI requested that there should be a minimum quantity of 5 sold
when used. This minimum quantity of 5 concurrent VMR’s will allow 125 (25 per) licensed calls
per the 5 VMR’s. The 6th VMR call will reflect an alert error message of “DMA has reached its
max licensed concurrent VMRs”.
Within the configuration of External SIP Peers and/or External H.323 Gatekeepers, there is the
field “Type” which use to just list “Other” and “Microsoft” as choices. There are now two new
types added; “DMA Licensed” and “DMA Subordinate”. This addition was created to provide a
single call license usage for calls spanning multiple DMA devices in a called path. Typically, the
DMA Core servers would be considered the DMA Licensed boxes and the DMA EDGE servers
would act as the Subordinate.
This would be how DMA EDGE would not require licenses if configured with DMA Subordinate
as type. There will be other factors involved whereas DMA EDGE hardware servers will have
licenses yet not used if configured as mentioned above.
To enable the load-balance function, check the check box and click update button on the bottom
left side of the page.
From the monitoring page you can see if currently enable, maximum capacity, last heartbeat and
software version of the PCC Servers deployed. Likewise, if Load-balance is enabled or not.
Geo-Affinity
The DMA system now provides geo-affinity for ContentConnect systems through MCU pool
configurations.
You can add both MCUs and ContentConnect systems to an MCU pool, then add the pool to a
pool order and assign it to a user conference room (VMR). When a call to the VMR lands on one
of the MCUs in the pool, the RealPresence DMA system will also look for ContentConnect
systems within the pool. If the pool has ContentConnect systems with available capacity, the
RealPresence DMA system will load balance among them by routing calls to the
ContentConnect system with the highest available capacity. If the pool does not contain any
ContentConnect systems, or if none have capacity, the RealPresence DMA system will look
within the pool order for an MCU that the call can land on. If the call successfully lands on an
MCU, the system looks for available ContentConnect systems that are in the same pool as the
MCU. If none are available, the RealPresence DMA system does not reselect an MCU but will
look for any available ContentConnect system, regardless of its geographic location. The MCU
selection is the highest priority.
This is an Edge Configuration tool only. It will create default connections required for
communication with a Core-configured DMA. This includes a SIP Peer, H.323 Neighbor, and
Registration Sharing, in addition to configuring default dial rules and ACL’s to facilitate
communications.
To begin, select Integrations>DMA Edge Wizard
Enter the Management Host Name (FQDN) or IP address of the Core DMA. Use FQDN in event
of using Super Clustering as purpose is to set up Registration Sharing.
The Signaling host name needs to be an IP as we don’t specify use host name in the network
GUI. To enter this IP address, uncheck the “Core DMA uses the same IP address for
management and signaling” box. Click Next to continue.
Next section is to enter all addresses for Core DMA’s in use. HA pairs, this should be the VIP or
virtual IP address used for signaling. For superclusters, one IP should be entered for each
cluster. As stated in the GUI, this will be used to create sites needed for communicating with
the core DMA.
If you needed to add an IP, click the add button otherwise OK.
Any additional Core DMA Signaling IP address can be edited or deleted. The main IP at this
stage cannot be edited or deleted.
The final screen provides you the configuration created and tells you to create matching items
manually on the Core DMA.
Click OK.
The manual Core Configuration is best handled within the Site Topology on the Core DMA.
Located within Service Config>Site Topology>Sites. We will use the default site in this example.
Selecting the Default site and clicking the edit button we can continue.
Click on the H.323 Routing and enter Edge IP and H.323 port information under “Allowed via
H.323-aware SBC or ALG area.
Click on the SIP Routing and enter Edge IP and H.323 port information under “Allowed via SIP-
aware SBC or ALG area. Click OK to continue.
This is the same type configuration which RPAD would have used in the past. All calls would
now traverse the DMA Edge Server.
NOTE: High Availability (HA) can be configured only after all network interfaces
have been fully defined. If HA is enabled, you must disable it to change the
network settings.
When you configure High Availability Settings, follow these requirements:
Active: Passive > Has a Hot Standby sitting Idle, Uses less IP Addresses,
Active: Active > Allows increased throughput for Media, Uses additional IP addresses
The simplest configuration would use a single NIC thus the following screenshots reflect all the
Configured Services capable on both the CORE and EDGE defined DMA servers. Again, HA
settings should only be completed once all network settings have been defined as for example
the H.323 Signaling and SIP signaling might be configured on a separate NIC.
Supported in DMA 10.0 Core and Combination box configurations, the conference template
now has Telepresence Mode and Telepresence Layout mode.
Likewise, the same settings can be found in the RMX Conference Profile as seem here.
If the RMX Collaboration Server is licensed enabled for the Telepresence option, then the follow
would be expected behavior.
Telepresence Mode is available only when CP (Continuous Presence) conferencing mode is
selected.
Supports telepresence conference rooms joining the conference:
• Auto – A conference is automatically put into telepresence mode when a telepresence
endpoint (RPX, TPX, ATX, or OTX) joins. Recommended setting.
• On – Telepresence mode is on, regardless of whether a telepresence endpoint is
present.
Telepresence Layout Mode available only when CP (Continuous Presence) conferencing mode
is selected. Not available if Telepresence Mode is No.
Specifies the layout for telepresence conferences:
• Manual – Layout is controlled manually by a conference operator using the Multipoint
Layout Application (MLA) interface.
The Room Switch Telepresence layouts normally controlled by the MLA can be managed by the
MCU to
speed updating the conference layouts in large conferences with many endpoints.
Whether the MLA or the MCU controls the Room Switch Telepresence layouts is determined by
the
MANAGE_TELEPRESENCE_ROOM_SWITCH_LAYOUTS flag. This flag must be manually added
before
changing its value. No system reset is required.
The values are:
NO (Default) - The MCU does not manage Telepresence Room Switch Layouts and they
continue to be managed by the MLA.
YES - The MCU manages Telepresence Room Switch Layouts.
Please visit the RMX or Collaboration server guides for more information
Registration Policy
DMA CORE or EDGE systems will allow multiple policies to control registration by endpoints.
DMA v10 comes with two default registration policies. These can be used as-is or you can edit
them. You can also define custom registration policies.
A registration policy must be assigned to all listening SIP and H.323 ports. When you initially
install your system, the default registration policy that’s applied to ports is based on your
system configuration – CORE or EDGE. You can keep your system’s default registration policy,
or you can create custom policies to fit your needs.
Not all registration policies must be assigned to a port. A registration policy with no port
assignment will be saved in your system but will not be used until you apply it to a port.
Next you would need to assign the new registration Policy to a SIP or H.323 port.
NOTE: If you edit the registration policy assigned to a port during active calls, the
calls may be disrupted or terminated.
In the Registration policy field, select the policy to assign to the port.
Click OK.
Click Update to save the settings.
In the Registration policy field, select the policy to assign to the port.
DMA v10 system supports sharing of endpoint registrations from an EDGE system to another
EDGE system (VPN tunnel) or to a CORE system.
DMA EDGE functions as a gatekeeper and all public endpoints will register via SIP or H.323
with the EDGE system. To enable calls from an EDGE to EDGE system or CORE system, and
vice-versa, you must configure registration sharing on the EDGE system(s). When you do so,
registrations received by the EDGE system are shared with the CORE system via the CORE
system’s REST API.
NOTE: You must also configure external H.323 neighbored gatekeepers and
external SIP peers to enable calls from the EDGE system to the CORE system.
With registration sharing enabled, an EDGE system will share the following information with
another EDGE system or a CORE system:
● New and refreshed registrations
● Terminated registrations
● Blocked registrations
● Deleted registrations
● Quarantined registrations
After registration sharing occurs, the Endpoints page on the DMA CORE system displays the
IP address of the EDGE system for shared endpoint registrations instead of the IP address of
the individual endpoints which is just like endpoints connected from behind RPAD.
In Registration Sharing Settings (at the bottom of the page), select Share registrations with
another DMA.
DMA 10.0 and RMX 8.8 now offers Cisco’s TIP (Telepresence Interoperability Protocol) version 8
support, which allows TIP endpoints to receive content at higher resolutions using the Binary
Floor Control Protocol (BFCP). Designed for use in low-bandwidth environments, BFCP enables
endpoints to provide users better coordinated access to conferencing resources. Also support
for transcoding (sending) content in a TIP virtual meeting room (VMR), so that all TIP endpoints
reserve the bandwidth required for the selected resolution and rate.
The TIP encoder endpoints in VMR conference support content transcoding. TIP encoder
supports
the following resolutions:
XGA 5fps @512K – (TIP Version 7 setting)
720p5 @768K
1080p5 @1Mbps
720p30 @2.25Mbps
1080P30@4Mbps
The TIP encoder works at one of the above resolutions only. Any TIP endpoint not supporting
the
selected rate and resolution are unable to receive the content.
TIP endpoints marked as legacy receive content when the Send Content to Legacy Endpoints
All TIP required conferences should use Continuous Presence and TIP compatibility set to Prefer
TIP(v8.1) in DMA Conference template. The setting is built into the conference template under
TIP compatibility section which is in Polycom MCU General Settings.
NOTE: If requiring support for TIP in conferences use only Prefer TIP option as
Video Only and Video and Content were legacy settings.
NOTE: The (v8.1) value in the description was an RMX version and not
specifically version 8 of TIP.
Likewise, a conference profile could be used in RMX. Selecting Prefer TIP on the Advanced tab
of the Conference Profile.
It’s recommended that you assign TURN services to only a single NIC thus you may need to
select a separate interface from the bottom of the Network Settings page. Select it and use the
edit button to enable.
Validate all IPv4 and or IPv6 settings, then click OK. System will restart.
Once restarted, go to Service Config > TURN Settings. Note that if you do not see TURN
Settings, you may be on a CORE configured server and not a DMA EDGE
Complete the fields as described in the following table. Note that not all fields are editable from
the TURN Settings page. You can use the Port Range Settings to make changes as needed.
You need to configure one TURN user to enable WebRTC clients to request TURN services for
RealPresence Web Suite mesh or bridge conferences. Once you configure the TURN user, you
must share the credentials with the system administrator for the RealPresence Web Suite
system, who will complete further configurations for that product.
The TURN service relay dynamic source ports start at 60002 and end 65535 yet are configurable
via the Port Range Settings. It is recommended to keep the same range, but you can change port
numbers. The number of ports required to support WebRTC calls can vary so allowing the range
will not hinder supported calls. Not first port number can be less than 1024 or greater than
65535.
VPN Tunnel
DMA EDGE systems supports VPN tunneling to other DMA EDGE systems using OpenVPN.
Once you configure a VPN tunnel, all communication goes through the tunnel. If the tunnel
goes down, no communication can occur until you disable, delete or rebuild the VPN tunnel on
both DMA EDGE systems.
Use of a VPN tunnel will decrease overall call capacity from approximately 1000 concurrent
calls to approximately 500 concurrent calls, depending on call settings and use.
NOTE: If you have more than one network interface (for example, signaling and
media), you need to set up multiple VPN tunnels, with one tunnel for each
service on each different network interface between the two edge systems. The
private IP address on the outside edge system must point to the public IP address
on the inside edge system. Configure like-to-like network interfaces, that is,
signaling to signaling, media to media.
Remote management IP address – the IP address of the management interface on the remote
RealPresence DMA edge-configured system.
Admin username – The administrator username used to log into the management interface of
the remote edge-configured system.
Admin password – The administrator password used to log into the management interface of
the remote edge-configured system.
Click OK to automatically configure the VPN tunnel settings on the remote system.
The VPN Status column on the VPN Tunnel Settings page of both edge systems should display
Connected, which means that the tunnel is not only established but that automated test
network traffic is being successfully sent over the tunnel and back.
NOTE: If local firewall does not allow traversal of REST API traffic, you will need
to manually configure the VPN tunnel. Recommended to add VPN Tunnel on
local EDGE server then manually configure VPN tunnel on remote. This process
will involve copying VPN Tunnel Key from local and adding to remote. DMA
Operations guide has further details.
When you configure a VPN tunnel between your RealPresence DMA EDGE systems, you need
to set up access proxy settings that enable the VPN tunnel to support provisioning.
On the outside DMA EDGE system, go to Service Config > Access Proxy Settings.
Add an HTTPS proxy and specify 443 as the Public listening port.
On the inside DMA EDGE system, go to Service Config > Access Proxy Settings.
Add an HTTPS proxy and specify 9950 as the Public listening port.
There has been a DMA 10 Channel built within the corporate Media Server and All DMA 10
videos have been posted there. They should all be downloadable and if there are any issues
with the channel, please let me know.
NOTE:
NOTE: