configuration guide - realpresence meeting director ... · realpresence meeting director workflow...

RealPresence Meeting Director Workflow Server Feature | Release 1.7.0 | Dec 2018 | 3725-85824-001A

1

Configuration Guide – RealPresence Meeting Director

Workflow Server Feature


2

Copyright© 2018, Polycom, Inc. All rights reserved. No part of this document may be reproduced, translated into another language or format, or transmitted in any form or by any means, electronic or mechanical, for any purpose, without the express written permission of Polycom, Inc. 6001 America Center Drive San Jose, CA 95002 USA Trademarks Polycom®, the Polycom logo and the names and marks associated with Polycom products are trademarks and/or service marks of Polycom, Inc., and are registered and/or common law marks in the United States and various other countries.

All other trademarks are property of their respective owners. No portion hereof may be reproduced or transmitted in any form or by any means, for any purpose other than the recipient's personal use, without the express written permission of Polycom. Disclaimer While Polycom uses reasonable efforts to include accurate and up-to-date information in this document, Polycom makes no warranties or representations as to its accuracy. Polycom assumes no liability or responsibility for any typographical or other errors or omissions in the content of this document. Limitation of Liability Polycom and/or its respective suppliers make no representations about the suitability of the information contained in this document for any purpose. Information is provided "as is" without warranty of any kind and is subject to change without notice. The entire risk arising out of its use remains with the recipient. In no event shall Polycom and/or its respective suppliers be liable for any direct, consequential, incidental, special, punitive or other damages whatsoever (including without limitation, damages for loss of business profits, business interruption, or loss of business information), even if Polycom has been advised of the possibility of such damages. End User License Agreement BY USING THIS PRODUCT, YOU ARE AGREEING TO THE TERMS OF THE END USER LICENSE AGREEMENT (EULA) AT: http://documents.polycom.com/indexes/licenses. IF YOU DO NOT AGREE TO THE TERMS OF THE EULA, DO NOT USE THE PRODUCT, AND YOU MAY RETURN IT IN THE ORIGINAL PACKAGING TO THE SELLER FROM WHOM YOU PURCHASED THE PRODUCT. Patent Information The accompanying product may be protected by one or more U.S. and foreign patents and/or pending patent applications held by Polycom, Inc. Open Source Software Used in this Product This product may contain open source software. You may receive the open source software from Polycom up to three (3) years after the distribution date of the applicable product or software at a charge not greater than the cost to Polycom of shipping or distributing the software to you. To receive software information, as well as the open source software code used in this product, contact Polycom by email at [email protected]. Customer Feedback We are striving to improve our documentation quality and we appreciate your feedback. Email your opinions and comments to [email protected]. Polycom Support Visit the Polycom Support Center for End User License Agreements, software downloads, product documents, product licenses, troubleshooting tips, service requests, and more.


3

INFORMATION ELEMENTS .................................................................................................................................. 4

REALPRESENCE MEETING DIRECTOR FEATURE OVERVIEW ....................................................................................... 5

REQUIRED SKILLS .............................................................................................................................................. 8

HARDWARE AND SOFTWARE DEPENDENCIES ......................................................................................................... 8

REQUIREMENTS ............................................................................................................................................... 9

MICROSOFT EXCHANGE ROOM RESOURCE MAILBOX REQUIREMENTS FOR POLYCOM GROUP SERIES AND HDXS ............ 10

MICROSOFT EXCHANGE SERVICE MAILBOX REQUIREMENTS FOR REALPRESENCE MEETING DIRECTOR .......................... 12

MICROSOFT WINDOWS SERVER 2016 INSTANCE REQUIREMENTS .......................................................................... 13

POLYCOM GROUP SERIES AND HDX CONFIGURATION REQUIREMENTS .................................................................... 13

DNS REQUIREMENTS ...................................................................................................................................... 13

HTTP FORWARDING PROXY REQUIREMENTS (OPTIONAL) ..................................................................................... 14

FIREWALL REQUIREMENTS (OPTIONAL) .............................................................................................................. 14

OBTAINING THE POLYCOM WORKFLOW SERVER SOFTWARE .................................................................................. 15

INSTALLING POLYCOM WORKFLOW SERVER ........................................................................................................ 15

CONFIGURE WORKFLOW SERVER CALENDARING FOR REALPRESENCE MEETING DIRECTOR AND ONE TOUCH DIAL .......... 16

CONFIGURE REALPRESENCE MEETING DIRECTOR FEATURE .................................................................................... 20

(OPTIONAL) ENABLING EASY SCHEDULE APP ON REALPRESENCE MEETING DIRECTOR WORKFLOW SERVER INSTANCE ..... 25

DOWNLOAD THE EASY SCHEDULE APP FOR OUTLOOK ADD-IN MANIFEST ................................................................ 32

CREATE AND INSTALL WORKFLOW SERVER PUBLIC AND PRIVATE KEYS INFRASTRUCTURE (PKI) .................................... 32

INSTALL AND CUSTOMIZE EASY SCHEDULE APP WORKFLOW SERVER TEMPLATES ....................................................... 36

INSTALL EASY SCHEDULE APP MANIFEST VIA EXCHANGE CONTROL PANEL (ECP) ....................................................... 38

CONFIGURE PC BROWSER LOCAL INTRANET SITES ................................................................................................ 39

ASSIGN WORKFLOW SERVER AD ACCOUNT DMA PROVISIONER ROLE ..................................................................... 39

CREATING REALPRESENCE MEETING DIRECTOR LOCAL USER ACCOUNTS .................................................................. 40

ASSOCIATING REALPRESENCE MEETING DIRECTOR LOGON WITH AD GROUP(S) MEMBERSHIP .................................... 41

CONFIGURING GROUP SERIES AND/OR HDX ONE TOUCH DIAL CALENDARING .......................................................... 42

VALIDATE REALPRESENCE MEETING DIRECTOR, ONE TOUCH DIAL AND EASY SCHEDULE CONFIGURATION ..................... 45

TASK LIST ...................................................................................................................................................... 48

(OPTIONAL) HTTP FORWARDING PROXY CONFIGURATION .................................................................................... 50

PRIVACY ....................................................................................................................................................... 51

REALPRESENCE MEETING DIRECTOR OPERATIONAL GUIDE .................................................................................... 54


4

REVISION HISTORY

Revision Date Author Details

Release 1.7.0

November 26, 2018 [email protected] 1.7.0 release

INFORMATION ELEMENTS

Polycom guides may contain the following icons to alert you to important information.

Name Icon Description

Note

The Note icon highlights information of interest or important information needed to be successful in accomplishing a procedure or to understand a concept.

User Tip

The User Tip icon highlights techniques, shortcuts, or productivity related tips for users.

Caution

The Caution icon highlights information you need to know to avoid a hazard that could potentially impact device performance, App functionality, or successful feature configuration.

Warning

The Warning icon highlights an action you must perform (or avoid) to prevent issues which may cause you to lose information or your configuration setup, and/or affect phone, video, or network performance.

Web Info

The Web Info icon highlights supplementary information available online such as documents or downloads on support.Polycom.com or other locations.

Troubleshooting

The Troubleshooting icon highlights information which may help you solve a relevant problem or to refer you to other relevant troubleshooting resources.

Settings/Decision Required

The Settings icon highlights settings you may need to choose for a specific behavior, to enable a specific feature, or to access customization options.

Polycom Best Practices

Polycom icon references recommendations for best practices.


5

REALPRESENCE MEETING DIRECTOR FEATURE OVERVIEW The RealPresence Meeting Director App is a browser-based Video Admin tool purchasable feature delivered via Polycom Workflow Server. The App enables management of videoconferences scheduled on the Polycom DMA via the Polycom Easy Schedule App. The RealPresence Meeting Director calendar displays the day’s scheduled videoconferences, with a convenient filtering tool enabling Video Admins to easily locate a given meeting.

Having located the meeting, the Video Admin is provided with the typical tools required for day to day management of conferences:

• Mute/Unmute All – Toggles between muting or un-muting all participants connected to the RMX hosted conference

• Local/Unlock – Toggles between enabling and preventing new participants from connecting to the RMX hosted conference

• Connect All – Is available when there are one or more internally invited rooms in an idle state. Selecting instructs the associated Group Series or HDX devices to dial the DMA conference ID.

• Terminate Conference – Is available when there are one or more codecs connected to the DMA conference ID. Selecting Terminate All ends the RMX hosted conference

• Meeting Layout – Enables changing of the RMX hosted conference layout, and assignment of participants to cells

• Personal Layout – Enables assigning a participant connected to a RMX hosted conference a personal layout, and assignment of participants to cells

• Dial/Disconnect – Locally invited rooms equipped with a Polycom Group Series or HDX device • Disconnect – Any unwanted participants connected to the Easy Schedule conference • Microphone Mute - Toggles between muting or un-muting the microphone(s) of locally invited

rooms equipped with a Polycom Group Series or HDX device • Active Speaker – An icon indicating the current active speaker. This is particularly useful for

identifying noisy participants or in making the active speaker a presenter


6

Meeting Director interacts with the following devices:

• Control of Polycom HDXs via the Telnet and HTTP/HTTPS APIs • Control of Polycom Group Series via the HTTP/HTTPS RESTful APIs • Control of Polycom DMA via the HTTPS RESTful API • Control of Polycom RMXs via the HTTP/HTTPS RESTful APIs • Retrieval of calendar entries from Microsoft Exchange Web Services (EWS) via HTTPS for rooms

equipped with a Polycom Group Series or HDX device • User Authentication and Active Directory group membership via an LDAP/LDAPS connection to a

domain controller

Workflow Server retrieves the Exchange room resource mailbox calendar folders via Exchange Web Services (EWS) for all internal rooms equipped with a Polycom HDX or Group Series devices. Workflow Server parses each calendar item to determine whether the entry is an Easy Schedule invite. The Video Admin connects to RealPresence Meeting Director via the URL https://<workflowServerEnvironmentFqdn>/director. The admin may login with either a Workflow Server local user account assigned to the “mdgroup”, or their domain\username. For domain credentials workflow Server authenticates against AD using LDAPS connection and checks whether the user is a member of a group defined against the Workflow Server “mdLdapGroup”. RealPresence Meeting Director displays the current days Easy Schedule meetings which include one or more invited internal rooms. The admin selects to manage conference. RealPrsence Meeting Director retrieves the conference from DMA, populates the list of devices with the internally invited rooms and any other devices connected to the conference. RealPresence Meeting Director provides a visual indication of the active speaker, controls for managing the conference via DMA, managing the RMX


7

layouts including assigning participants to cells, and device specific functions such as dialing and microphone mute toggle for any internally invited rooms containing a Polycom Group Series or HDX device. EASY SCHEDULE & ONE TOUCH DIAL FEATURE OVERVIEW With Easy Schedule users schedule meetings via Microsoft Outlook or Outlook Web Application (OWA), inviting attendees and rooms. Prior to sending the invite the organizer simply selects the Polycom Easy Schedule button with the Outlook or OWA calendar ribbon.

Easy Schedule retrieves the organizers DMA VMR or creates for the organizer a DMA scheduled conference and adds the join information to the body of the invitation.

Easy Schedule is typically used in conjunction with Polycom Workflow Server One Touch Dial (OTD) App to display calendar invites and join button on Polycom Group Series and HDX devices.


8

Polycom Group Series Example

REQUIRED SKILLS

Deploying RealPresence Meeting Director requires planning and knowledge of H.323 and SIP videoconferencing technology, Polycom Group Series and HDX devices, Polycom’s RealPresence Platform / Clariti solution, Microsoft Exchange server and Active Directory. Note, this guide does not provide full administrative or maintenance procedures for Polycom devices or Microsoft Exchange email and calendaring, for full administrative procedures, consult the respective manufacturer’s documentation. This document assumes the reader has knowledge of the following:

• H.323 gatekeeper/SIP registrar call control, and Session Border Controller (SBC) solutions • Polycom Group Series and HDX devices • Polycom RealPresence Platform / Clariti solution DMA and RMX devices • Microsoft Exchange server • Microsoft Active Directory

HARDWARE AND SOFTWARE DEPENDENCIES

Meeting Director has the following hardware and software dependencies: • Polycom Workflow Server App revision 1.7.0 or later • Windows Server 2016 to host the Polycom Workflow Server App

o 2 CPU’s or better o 8GB RAM or better o Google Chrome web browser for configuration of Meeting Director

• HDX devices with software release 3.1.12 or later • Group Series devices with release 6.1.6.1 or later • RealPresence DMA with release 9.0.1 or later • Polycom RMX with release 8.7.4 or later • Microsoft Office 365 or on-premise Exchange Server • H.323/SIP call control platform, such as Polycom DMA • Network Time Protocol (NTP services) for the Windows 2016 Server hosting the Polycom

Workflow Server App, and HDX devices


9

REQUIREMENTS Deployment of RealPresence Meeting Director requires the following:

• Exchange room resource mailbox for each room containing a Polycom Group Series or HDX. DeleteComments attribute of Exchange calendar processing must be set to false for each room resource mailbox associated with a Polycom Group Series or HDX

• Polycom Workflow Server Easy Schedule App • Exchange user mailbox for Meeting Director, Easy Schedule and optionally One Touch Dial to

perform calendar retrieval of room resource mailboxes. Account must be assigned Exchange Application Impersonation role

• Optional DNS A or CNAME record resolvable to the Windows 2016 Server hosting the Workflow Server App

• Optional account for authenticating with HTTP forwarding proxy for deployments using a forwarding proxy for calendar retrieval from Office365 Exchange Online

• Active Directory account with read permissions for the domain/forest, for authenticating RealPresence Meeting Director users

• Network Access o Microsoft Remote Desktop (RDP) access to the Window Server hosting the Workflow

Server App for performing configuration tasks o HTTPS access to the Windows 2016 Server hosting the Workflow Server by Video Admins o HTTP/HTTPS and Telnet (TCP/24) access to the Polycom Group Series and HDX devices

from the Windows 2016 Server hosting the Workflow Server App o HTTP/HTTPS access to the Polycom RMX devices from the Windows 2016 Server hosting

the Workflow Server App o HTTPS (TCP/8443) access to the Polycom DMA devices from the Windows 2016 Server

hosting the Workflow Server App o HTTPS (or indirect via an HTTP forwarding proxy) access to Microsoft Exchange Web

Services (EWS) from the Windows 2016 Server hosting the Workflow Server o NTP access to a network time source from the Windows 2016 Server hosting the

Workflow Server App o LDAP/LDAPS access to a domain controller for authenticating RealPresence Meeting

Director users and checking AD group membership o DNS access from the Windows 2016 Server hosting the Workflow Server


10

MICROSOFT EXCHANGE ROOM RESOURCE MAILBOX REQUIREMENTS FOR POLYCOM GROUP SERIES AND HDXS

A room resource mailbox is required for each room containing a Group Series or HDX device. The room resource mailbox is created using the PowerShell cmdlet:

New-Mailbox -UserPrincipalName [email protected] -Alias room101 -Name "Meeting Room 101" -Room The Exchange mail tip feature may be used to educate users that the room is equipped with a videoconferencing device. For example, the mail tip may be configured via the Exchange PowerShell cmdlet as follows:

Set-Mailbox -Identity room101 -MailTip "This room is equipped with a videoconferencing device. Please send a Polycom Easy Schedule Meeting request”

UPDATE SCREENSHOT WITH MAILTIP ABOVE

A detailed explanation of mailbox creation and associated attributes is available via the Microsoft TechNet website.

For room and equipment resource mailboxes created using the PowerShell cmdlet, the Microsoft calendar attendant and resource booking attendant are enabled via PowerShell cmdlet. The calendar attendant default behavior is to delete the body (comments) of accepted meeting invitations, thereby removing the join instructions added by Polycom Easy Schedule. This behavior is disabled via the PowerShell cmdlet.

Set-CalendarProcessing –identity room101 –AutomateProcessing AutoAccept –deleteComments $false

The calendar attendant by default replaces the meeting subject with the name of the meeting organizer. Though this does not impact operation of the solution, this behavior may also be disabled using the PowerShell cmdlet:


11

Set-CalendarProcessing –identity room101 –DeleteSubject $false –AddOrganizerToSubject $false

A detailed explanation of the Set-CalendarProcessing PowerShell cmdlet and associated attributes is available via the Microsoft TechNet website.

Microsoft Outlook 2010 introduced room finder functionality enabling users to locate an available room within a given location through the association of room resource mailboxes with distribution groups. In this example Meeting Room 101 will be assigned to distribution group Videoconferencing Rooms using the PowerShell cmdlet:

Add-DistributionGroupMember –Identity “Videoconferencing Rooms” –Member room101

An overview of the room finder feature is available via the blog Get a Room! Enable Room Finder with Room List Distribution Groups posted on the Microsoft TechNet website.


12

MICROSOFT EXCHANGE SERVICE MAILBOX REQUIREMENTS FOR REALPRESENCE MEETING DIRECTOR

RealPresence Meeting Director feature requires Workflow Server to be assigned an Exchange user mailbox for retrieval calendar entries sent to the Polycom Group Series and HDX equipped rooms. The service account and mailbox are created using the PowerShell cmdlet:

New-Mailbox -Alias workflow.server -Name "Workflow Server" -FirstName Workflow -LastName Server -DisplayName "Workflow Server" -UserPrincipalName [email protected] -Password (ConvertTo-SecureString -String Polycom12#$ -AsPlainText -Force)

A detailed explanation of Microsoft New-Mailbox PowerShell cmdlet and associated attributes is available via the Microsoft TechNet website.

The password of the service account it will be set to never expire using the AD PowerShell cmdlet: Set-AdUser –Identity workflow.server -PasswordNeverExpires $true

A detailed explanation of Microsoft Set-ADUser PowerShell cmdlet and associated attributes is available via the Microsoft TechNet website.

Workflow Server utilizes the Exchange role-based access control (RBAC) Application Impersonation role for retrieval of the calendar items of the room resource mailboxes. The role is created and assigned to the Workflow Server using the PowerShell cmdlet:

New-ManagementRoleAssignment -name:WorkflowServerImpersonation -Role:ApplicationImpersonation -User:workflow.server

A detailed explanation of Microsoft Exchange Application Impersonal Role PowerShell cmdlet and associated attributes is available via the Office Dev Center website.


13

MICROSOFT WINDOWS SERVER 2016 INSTANCE REQUIREMENTS RealPresence Meeting Director is a feature of Workflow Server, a Windows Server application. The Windows Server 2016 instance made available for hosting the application must be allocated at least the following resources:

• 2 vCPUs 4Ghz reservation or better • 8GB RAM or better • 40GB storage or better

Workflow Server requires installation of Google Chrome web browser for performing configuration tasks.

RealPresence Meeting Director is configured to listen for HTTPS web page requests from Video Admins on TCP port 443. The app automatically assigns a TCP/443 exclusion to Windows Firewall.

Windows Server Internet Information Services (IIS) role is not a requirement for the Workflow Server. Installation of IIS may conflict with Workflow Server if it listens for HTTPS connections on TCP port 443.

POLYCOM GROUP SERIES AND HDX CONFIGURATION REQUIREMENTS

RealPresence Meeting Director supports Polycom Group Series software release 6.1.6.1 or later and HDX software releases 3.1.12 and later. RealPresence Meeting Director communicates with the devices using HTTP or HTTPS, and the Telnet API interface on TCP port 24. The security profile must be set to medium, low or minimum (default), and the security mode checkbox must be unchecked.

Selecting the high or maximum-security profile options, forces selection of the security mode checkbox, which disables support for Telnet and is therefore not supported. For further information on security profiles and the security mode checkbox refer to the Group Series and HDX Administrator’s Guide.

DNS REQUIREMENTS

RealPresence Meeting Director Video Admins and the Easy Schedule add-in use a fully qualified domain name (FQDN) for interacting via HTTPS with Workflow Server. A DNS ‘A’ or CNAME record resolving to the Windows Server instance hosting the Workflow Server App is therefore required.

Workflow Server uses the HOST field of the HTTP header received to match the configured Workflow Server environment. As the environment is configured with an FQDN, attempting to access the Easy Schedule or Meeting Director features by IPv4 address will fail. The Workflow Server logs will display ‘404 error, environment not found’.


14

HTTP FORWARDING PROXY REQUIREMENTS (OPTIONAL)

Workflow Server supports all Microsoft supported Exchange deployments. Workflow Server may be configured to derive Internet connectivity via a HTTP forwarding proxy, for use in environments comprising of a forwarding proxy and Microsoft Office 365 Exchange Online hosted mailboxes. Workflow Server supports configuration of the Proxy URL and TCP port or configuration via a proxy auto-config (PAC) file URL, configuration of authentication credentials or anonymous use.

For deployments requiring authentication with a HTTP forwarding proxy, Polycom recommends using the same AD account as used by the Workflow Server for calendar retrieval

FIREWALL REQUIREMENTS (OPTIONAL)

For deployments where the Windows Server hosting Workflow Server resides in a firewall DMZ, the following firewall rule set must be implemented:

• Routed Microsoft RDP (TCP/3389) access to the Window Server hosting Workflow Server from computers on the internal network. RDP is required for performing configuration tasks

• Routed HTTPS (TCP/443) access to the Windows Server hosting Workflow Server from the computers on the internal network for accessing the Meeting Director and Easy Schedule functionality

• Routed HTTP (TCP/80), HTTPS (TCP/443) and Telnet (TCP/24) access to the Polycom Group Series and HDX devices from the Windows Server hosting Workflow Server

• Routed HTTP (TCP/80), HTTPS (TCP/443) access to the Polycom RMX devices from the Windows Server hosting Workflow Server

• Routed HTTPS (TCP/8443) access to the Polycom DMA devices from the Windows Server hosting Workflow Server

• Routed HTTPS (TCP/443) access to Microsoft Exchange Web Services (EWS) from the Windows 2016 Server hosting Workflow Server. For Microsoft Office365 Exchange Online deployments, the server will require routed HTTPS access to the Internet or routed TCP access to a HTTP forwarding proxy on the appropriate port, and any associated server used for retrieval of the proxy auto-config (PAC) file

• LDAP/LDAPS (TCP/389 & TCP/636) access to a domain controller for authenticating RealPresence Meeting Director users and checking AD group membership

• Routed NTP (UDP/123) access to a network time source from the Windows Server hosting Workflow Server

• Routed DNS (TCP&UDP/53) access to DNS services from the Windows Server hosting Workflow Server


15

OBTAINING THE POLYCOM WORKFLOW SERVER SOFTWARE

Polycom distributes the Workflow Server application via support.polycom.com. https://support.polycom.com/content/support/north-america/usa/en/support/network/workflow-server/polycom-workflow-server.html

Installation of Workflow Server features such as RealPresence Meeting Director is performed by Polycom Global Services.

Selecting the Workflow Server Software link, prompts the user to sign-in. Once signed in, the user is provided with links for the current and previous releases of Workflow Server software. Touch Plus feature requires Workflow Server software release 1.7.0 or later. The first time a user attempts to download the Workflow Server software they will be prompted to

enter the download password. The password can be obtained from the Polycom Global Services project team.

INSTALLING POLYCOM WORKFLOW SERVER

Workflow Server is made available by Polycom as a MSI file for installation on a Windows Server 2016 operating system. To install the application requires a logon to the server with Administrator privileges. The Workflow Server installation wizard guides the installer to select an installation folder. The application is installed and configured to run as a service, using the Local System account, and automatically start on startup.

Once installed, configuration of Workflow Server is performed with Google Chrome web browser, via the URL https://localhost/admin. To access the configuration interface login with the default username and password admin.

Admin UI sessions expire after 90 minutes of inactivity. Activity comprises of either selecting save or selecting a tab. Performing configuration without selecting save within 90 minutes will result in the configuration settings being lost, therefore select save frequently whilst performing configuration tasks.


16

CONFIGURE WORKFLOW SERVER CALENDARING FOR REALPRESENCE MEETING DIRECTOR AND ONE TOUCH DIAL

RealPresence Meeting Director feature leverages the Workflow Server calendaring functionality for retrieval of the room calendars associated with Polycom Group Series and HDX devices. Within this configuration example the functionality will also be used for both Easy Schedule and One Touch Dial join button functionality.

Note, both Easy Schedule and One Touch Dial are highly configurable, capable of supporting many different calendaring configurations. The following sample configuration enables calendar retrieval from Microsoft Office365 Exchange Online, with click-to-join for Easy Schedule deployments. For other deployment examples refer to the Polycom support website.

Polycom Workflow Server configuration guides are available via the support.polycom.com website.

Workflow Server uses environments to define the processing of RealPresence Meeting Director, Easy Schedule and One Touch Dial requests. To create an environment, select the environment tab, followed by + Add new. The service fully qualified domain name (FQDN) field defines the name of the Workflow Server environment. The environment may be defined as a FQDN or an IPv4 address.

Workflow Server uses the HOST field of the HTTP header received from RealPresence Meeting Director, Easy Schedule and One Touch Dial requests to match an environment. If the Workflow Server environment is configured with an FQDN, and RealPresence Meeting Director users, Polycom Group Series or HDXs attempt to communicate using an IPv4 address, the request will fail. The Workflow Server logs will display ‘404 error, environment not found’.


17

The settings properties drop down menu is used to define the attributes to be configured within the environment.

The Calendar Provider, Rules and Credentials attributes are used within this configuration example. Having selected the desired attributes reselect properties to hide the menu and continue with the configuration.

The Calendar Provider defaults to cloud calendar server.

For Office 365 Exchange Online deployments, select o365 from the drop-down list of providers.

Credentials define how Meeting Director, Easy Schedule and One Touch Dial authenticate with Workflow Server, and the credentials used by Workflow Server for performing functions such as calendar retrieval.


18

A realm (Realm 1) must be added to the configuration.

Select properties for the realm and check the Realm or Domain, and Users options. Select properties a second time to minimize.

The realm field is configured to match the domain of the credentials sent by the entity requesting calendaring services.

Microsoft does not require an O365 subscription or Exchange Client Access License (CAL) for room/equipment resource mailboxes if the associated AD user object is disabled. Setting

the realm as local enables Meeting Director and One Touch Dial to perform authentication locally within Workflow Server, negating the need to enable the AD object associated with Exchange Room Resource mailboxes.

The challenge user and challenge password fields of users are configured to match the credentials sent by the entity requesting calendaring services.

In this configuration example Workflow Server will be configured to match any username, therefore the challenge user will be populated with asterisk. The password will be set to a common password such as Polycom12#$, to be used by all entities requesting calendaring services.


19

The credentials section of users is used to define the credentials used by Workflow Server to perform authentication for retrieval of calendar entries or domain authentication. Select properties and check the username, password and impersonation options. Select properties a second time to minimize.

The username field is configured with the user principle name (UPN) of the Office 365 Exchange Online account to be used by Workflow Server for authenticating with Office 365 Exchange Online for retrieval of the room resource calendar items. Populating the username as a UPN enables Office 365 to use the domain suffix of the username to determine the tenancy.

The password field is populated with the associated password of the username above.

Impersonation instructs One Touch Dial to use the Exchange Application Impersonation role via Exchange Web Services, for retrieval of calendar entries.

One Touch Dial match rules define the meeting invitation types to be enabled with a join button. Workflow Server does not require a match rule for matching Easy Schedule invites, therefore configuration of match rules will be skipped in this document.

Select Save to save the configuration. This completes configuration of the RealPresence Meeting Director and One Touch Dial calendaring.


20

CONFIGURE REALPRESENCE MEETING DIRECTOR FEATURE The RealPresence Meeting Director feature is enabled on Workflow Server via the System Services tab.

Within System Services, select the meetingdirector service. If enabled is reported within the text entry field as false, change the configuration value to true, and select save.

The sessionTimeout attribute defines in milliseconds sessions expire after 90 minutes of inactivity. If sessionTimeout is removed Meeting Director defaults to 5 minutes.

If upgrading from an earlier release of Workflow Server it may be necessary to manually add the ‘meetingdirector’ service.

Rooms define the locations equipped with a Polycom Group Series or HDX and are used by RealPresence Meeting Director to discover Easy Schedule invitations. The configuration of Rooms comprises of:

• The email address of the corresponding Exchange room resource mailbox calendar • IP address, username and password for the Group Series or HDX. To create a Room, select the

Rooms tab, followed by + Add new.

The Room Settings properties drop down menu is used to define the attributes to be configured. Check all options except user credentials, followed by properties a second time to minimize.

The Enabled checkbox is used to enable or disable the RealPresence Meeting Director feature for a given Room and should be enabled. When disabled, RealPresence Meeting Director will not discover Easy Schedule Meeting invites sent to this room.

The name and description fields are used to provide a friendly name and additional information related to the room.

The environment field defines the Workflow Server environment to be used by RealPresence Meeting Director for retrieval and processing of calendar


21

entries. The environment created in the RealPresence Meeting Director and One Touch Dial calendaring configuration section will be selected from the dropdown.

Mailbox properties set the attributes used to define the retrieval of calendar entries via the Workflow Server environment.

From the Properties menu check all options except Auto Connect. Select Properties a second time to minimize the menu.

For each Room the mailbox settings are configured as follows.

The email field is used to define the primary SMTP email address for the room.

Domain, username and password define the credentials for authenticating with the Workflow Server environment. The domain is configured as local to match the realm/domain setting defined during the RealPresence Meeting Director and One Touch Dial calendaring configuration. The username maybe set to any value, matching the asterisk (wildcard) defined during the One Touch Dial configuration. The password is set to Polycom12#$ to match the value defined during the One Touch Dial configuration.

Poll frequency defines the polling interval used by Touch Plus to check for calendar updates of the subscribed room resource mailbox.

Subscription timeout defines in minutes the time to live sent to Exchange for the mailbox subscription. The attribute supports values of between 1 and 1440. The recommended value is 1440 (24 hours).


22

Devices define the Group Series or HDX to be controlled for a given RealPresence Meeting Director Room.

The name field is populated with a descriptive name for the Group Series or HDX. The device type is set as Group Series or HDX from the dropdown menu. Protocol defines the protocol used for sending API commands to the Group Series or HDX and can be set as HTTP or HTTPS. IP defines the IPv4 address of the Group Series or HDX. Username and password define the admin credentials of the Group Series or HDX.

Meeting Director uses the HDX Telnet API - TCP/24 to track the device state. In a later release all HDX API commands will be sent using Telnet.

Device types other than Polycom Group Series and HDX are currently not supported.

Select Save to save the room configuration. Repeat as necessary for all rooms equipped with a Group Series or HDX.


23

RealPresence Meeting Director enables Video Admins to perform both codec and conference control operations. To interact with conferences the Polycom DMA devices and RMX credentials must be defined within the Workflow Server environment Advanced Options.

To enable Advanced Options, select the Environment Settings Properties, check Advanced Options and select Properties a further time to minimize the menu.

Select Advanced Options Properties.

Uncheck all options except RMX and DMA Lookup Settings. Select Properties a further time to minimize the menu.

When a Video Admin chooses to interact with an Easy Schedule conference, RealPresence Meeting Director queries DMA for a conference with the same ID. To do so Meeting Director requires the IPv4 address or FQDN of the DMA cluster/super cluster and user credentials for an account assigned the provisioner role. The Easy Schedule app creates or retrieves DMA conferences against the Active Directory user object of the meeting organizer. Consequently, RealPresence Meeting Director requires an Active Directory assigned the provisioner role on DMA. To add the DMA cluster/super cluster, select + DMA Lookup under DMA Lookup Settings.

Select Properties for DMA Lookup 1, uncheck all options except Server, Username, Password and API version. Select properties a further time to minimize.


24

The DMA settings are configured as follows.

Server defines the URL for accessing the DMA API. For DMA releases prior to 9.0.1 the API was only available via TCP port 8443.

Username defines the Active Directory DOMAIN\Username assigned the provisioner role on DMA.

Password is the password for the Active Directory user account.

API version defines the DMA API version used for interacting with the DMA. Version 3.4.0 is supported by DMA

releases 6.4 and later.

Caution. The DMA domain is case sensitive, therefore the NETBIOS name must be defined in upper case.

Note. DMA does not require an API license for management by Workflow Server.

When a Video Admin wishes to modify the video layout of an Easy Schedule conference, RealPresence Meeting Director retrieves the conference from the RMX. DMA provides to RealPresence Meeting Director the IPv4 address of the RMX hosting the conference. However, to login RealPresence Meeting Director requires a user assigned the user role.

The credentials added under the RMX section of the Environment Advanced Options must be valid for all RMXs.


25

(OPTIONAL) ENABLING EASY SCHEDULE APP ON REALPRESENCE MEETING DIRECTOR WORKFLOW SERVER INSTANCE The Easy Schedule, RealPresence Meeting Director and One Touch Dial apps may be deployed as a single instance of Workflow Server. This section is targeted at new deployments whereby Easy Schedule and RealPresence Meeting Director will be deployed together. Consequently, this section details adding Easy Schedule to a RealPresence Meeting Director configuration. For Easy Schedule only deployments, refer to the Easy Schedule configuration guide available on support.polycom.com.

Easy Schedule enables users to send meeting invitations via Microsoft Outlook/OWA for DMA scheduled conferences and/or personal Virtual Meeting Rooms. The Easy Schedule add-in establishes an HTTPS connection to Workflow Server, passing the users credentials for retrieval and/or creation of conferences. Workflow Server requires an LDAP connection to Active Directory to authenticate/validate the user and retrieve location information. The Active Directory connection is defined within the environment credentials section, through the addition of a second realm.

Select the Realm 2 Properties, check all options and select Properties a 2nd time to minimize.

Realm 2 is configured as follows:

The Realm or Domain field is populated with the Active Directory NETBIOS domain name. The name is used to match authentication requests from the Easy Schedule add-in for Microsoft Outlook. Select Save to store the configuration.

Alternative Domains may be used to define additional NETBIOS domains.

Alternative Domains may also be used to define the internal email domains. The email domains are used by Easy Schedule for selection of the internal versus external meeting templates.

Server defines the FQDN of the Active Directory domain controller. The

domain controller is defined as an LDAP or LDAPS connection. The path may be used to limit usage to


26

user objects within a given container. The domain controller is used to perform authentication and retrieval of the authenticated users Active Directory Country attribute.

Users is used to define the Workflow Server Active Directory service account for retrieval of a given users Country attribute.

The + User option is selected to add a user to the configuration.

The challenge User and Challenge Password fields are left blank.

The credentials Properties option is selected. Username and Password are checked. Properties is selected a second time to minimize.

The credentials section is populated with the Workflow Server Active Directory Service Account.

The username field is populated as NETBIOS domain name \ Username.

The password for the associated account is entered in the password field. The Workflow server will display an asterisk for each character entered.

There is currently a Workflow Server limitation whereby for Easy Schedule deployments Realm1 must be the Realm used for authenticating requests from the Easy Schedule add-in.

Select the up arrow new to Realm2 to promote to Realm1 and demote the realm using local authentication to Realm2.


27

Note. For Easy Schedule deployments Realm1 must be the Realm used for authenticating requests from the Easy Schedule add-in

Note. RealPresence Meeting Director uses the LDAP connection for authenticating users entering their domain credentials, and for checking AD group membership.

Advanced options define the interactions between the Workflow Server and the Polycom RealPresence platform DMA and are also used to define the Easy Schedule Monitor Mailbox.

Select Advanced Options, Properties button. Check the dmaLookAhead and Easy Schedule Monitored Mailbox options. Select Properties a second time to minimize.

The Easy Schedule monitored mailbox will be added as an invited attendee to the ‘To’ field during creation/modification of a meeting invitation by the Easy Schedule add-in for Outlook / Outlook Web Application. The monitored mailbox enables the Easy Schedule app to track scheduling changes without the user needing to reselect the Easy Schedule add-in.

Email is the primary SMTP of the Easy Schedule monitored mailbox.

Domain is used by Workflow Server to match a realm. For Office 365 deployments, the Realm 1 Local Domain is matched, as the corresponding Realm user credentials were defined as a UPN, enabling Exchange Online to derive the tenancy.

Username and Password is used by Workflow Server to authenticate the request for services. For Office 365 deployments this matches the local realm and therefore any username is accepted as long as the password matches the common password defined under the challenge password.

Poll Frequency is the polling interval at which the Workflow Server Easy Schedule app checks the monitored mailbox for meeting invitations.

Workflow server polls Exchange for Easy Schedule meeting invitations sent to the monitored mailbox with a start and/or end date 24-hours prior, or up to 7 days after the current date and time.

The Easy Schedule monitored mailbox is used in conjunction with the DMA Lookahead attribute to define when meetings should be updated on DMA. The attribute defaults to 12 hours and should be changed to 168 hours (7 days) for the Easy Schedule environment.


28

The scheduled start and end date and time of single occurrence meetings or first occurrence for reoccurring meetings that fall within the DMA look

ahead are compared with the meeting created on DMA by the Easy Schedule add-in. If the date and or time differs the meeting is updated. This functionality enables users to move the scheduled start date for meetings forward by any amount or move back by up to 7 days without the need to reselect the Easy Schedule button prior to sending the update.

Note. Support for moving meetings to a date 8 or more days later from the previous scheduled start time will be added in a later release.

For reoccurring meetings, the scheduled end date is updated as the date of the last occurrence. If no scheduled end date is set for the series, Workflow server compares the scheduled end date with the current date and time. If the end date is less than 2 months in the future, Workflow Server changes the current end date and time to be 1 year from the current date and time.

The DMA Lookup Settings is used by Easy Schedule to define the scheduling options and information returned to the Easy Schedule add-in for Microsoft Outlook.

Select DMA Lookup 1, Properties and check all options except Signaling prefix, Video Connection Information and Max Concurrent Sessions. Select Properties a second time to minimize.

Decision Required. All Easy Schedule attributes have been selected for this deployment example. Once you have reviewed the documentation selected only the attributes needed for your deployment.

VMR Type defines the conference choices available to the Easy Schedule App add-in for Outlook user.

Static enables retrieval of the users personal Virtual Meeting Rooms (VMR) from DMA. Random enables the user to create scheduled DMA conferences. When random is selected within the Easy Schedule App add-in for Outlook a random number will be generated and assigned as the conference ID.


29

By default, Easy Schedule permits the user to select the DMA template to be used with scheduled (random) conferences.

Defining a template instructs Easy Schedule to remove user selection and force template selection of the defined template.

The Early Join and Late Finish attributes are used in conjunction with Random DMA scheduled conferences.

When Random is selected within the Easy Schedule App add-in for Outlook, the App generates a random number for assignment as the conference ID. The conference is scheduled on DMA for the

designated start and end date and time. The Early Join and Late Finish attribute extend the start and end time by the number of minutes defined.

Note. DMA does not end the conference and disconnect participants at the designated end date and time. Once the end time is reached participants are no longer able to join the ongoing conference. The conference does not end until the last participant disconnects.

MCU Pool Orders enable the Country attribute of Active Directory user objects to be associated with a DMA MCU Pool Order.

This feature enables selection of a Polycom RMX or RPCS in the same region as the meeting organizer. If the country attribute does not match, the DMA Conference Manager Default MCU pool order is selected.


30

VMR Options enable/disable features available within the Easy Schedule App add-in for Outlook.

Selecting Meeting Passcode enables the organizer to assign a participant pin to random conferences, by providing a Meeting Passcode entry field. If the field is left empty a passcode is not assigned. If the Meeting passcode number field is added and populated a random passcode is automatically generated and assigned to every conference.

The Chairperson Passcode and Chairperson Passcode number field also function as above.

The Chairperson required to start meeting option enables the organizer to place attendees in the Polycom RMX/RPCS lobby until the chairperson joins. The attendees will hear hold music.

Selecting VMR Range and the VMR number range options enables the Administrator to define the number range used for generation of Easy Schedule random conference ID’s. If this feature is not enabled, an ID will be generated from the range 9999 – 1000000.

Settings. If the Chairperson required to start meeting option is selected the Chairperson Passcode option should also be selected.

Endpoint Access is used to populate the hyperlinks within the invite for joining conferences.

Browser is used for deployments equipped with Polycom WebSuite browser conferencing solution. The URL contains the FQDN of the WebSuite MEA server appended with either /{conferenceRoomIdentifier} which inserts the DMA VMR / scheduled conference ID, or /{dialInNumber} which inserts the DMA conference

prefix plus VMR / scheduled conference ID.

Video is used for deployments with Lync/Skype for Business integration with a static route and match URI for joining DMA hosted conferences, and/or deployments with RealPresence Desktop/Mobile. The URL is typically populated with the protocol (sip:, h323:, tel:) {conferenceRoomIdentifier} or {dialInNumber} @ DMA/RPAD call server domain.


31

The Easy Schedule App template files support auto population of up to two telephone numbers. Additional and/or regional telephone numbers may be added by manually editing the templates.

In additional to the Endpoint Access hyperlinks, the Workflow Server Easy Schedule App templates use several other attributes for populating data.

Prefix is used to include the DMA prefix in the Meeting ID:, Internal and external videoconferencing room join instructions.

Signaling postfix is used to include the RPAD domain suffix for external videoconferencing room join instructions.

External IP is used to include the RPAD IPv4 address for external videoconferencing room join instructions.

Helpdesk email account is used to define the email address to be added to the attendee list.

The email address is added/removed from the attendee address by selecting the Helpdesk assistance required checkbox within the Easy

Schedule App add-in for Outlook.

When a user of Easy Schedule add-in for Outlook or OWA connects to the workflow server it attempts to match the Outlook or Browser language to the corresponding named Workflow Server Easy Schedule App templates.

If a match is not found the Easy Schedule App will default to use the English US (en-US) template files. The default template language may be overridden by defining an alternate language.


32

DOWNLOAD THE EASY SCHEDULE APP FOR OUTLOOK ADD-IN MANIFEST Each add-in for Microsoft Exchange and Outlook 2013 or later is described by an XML manifest, a document that provides information about the add-in, and identifies the location of the add-in user interface HTML file. The manifest is obtained by browsing to https://environmentFQDN/outlook2013sp1manifest

The resulting XML is displayed with the browser. Right click the page, select save as, and save the file as type XML.

CREATE AND INSTALL WORKFLOW SERVER PUBLIC AND PRIVATE KEYS INFRASTRUCTURE (PKI) To enable the Easy Schedule App add-in for Outlook and OWA to function correctly, the Workflow Server environment requires a public key (certificate) signed by a certificate authority trusted by the PC’s. For deployments where the PC’s are all domain joined an internal certificate authority may be used. For deployments where users may use their own devices a commercial certificate authority must be used.

The example contained within this section details the process for creating and exporting a private key and public key signed by Active Directory certificate services. Active Directory’s default webserver template does not permit exporting the private key, therefore a new template must be created.

On the server hosting active directory certificate services open the Certificate template snap in via start > search > certtmpl.msc. Select the Web Server template, right click and select duplicate template. Select the General Tab and rename Web Server Exportable Private Key and check Publish certificate in Active Directory. Select the Request Handling tab and check allow private key to be exported. Select Ok.


33

Open Server manager > tools > certificate authority. Select the certificate templates folder, right click and select new certificate template to issue.

Select the template created in the previous step and select ok to publish. The template should appear in the list of templates.

For deployments using Microsoft Exchange OWA in conjunction with Google Chrome web browser, the certificate must include the environment FQDN in the Subject Alternate Name (SAN), otherwise a browser warning will appear. Enable support for requesting SANs via Active Directory Certificate Services requires executing the following Windows PowerShell cmdlet on the Windows CA server:

certutil -setreg policy\EditFlags +EDITF_ATTRIBUTESUBJECTALTNAME2

Info. The following Microsoft TechNet article provides additional information on enablement of SANs. https://technet.microsoft.com/en-us/library/ff625722(ws.10).aspx


34

To generate the certificate, browse to activate directory certificate services on the certificate authority server. Select Request a certificate, advanced certificate request, create and submit a request to this CA.

Select Web Server Exportable Private key as the certificate template type.

Enter the FQDN of the environment in the name field.

Populate the country/region as appropriate.

Select create new key set.

Select Mark keys as exportable.

Select PKCS10

In the attributes field enter san:dns= appended with the Easy Schedule environment FQDN. Additional SAN entries can be added by appending with &dns=.

For example san:dns=workflowserver.myrpp.cloud&dns=workflowserver

Select submit.

Select install this certificate.

Select start > search > mmc. Add the certificates snap-in for type current user. Browse to the personal > certificates container and find the certificate created. Right click, select all tasks > export. Choose to export the private key, and include all certificates in the path. Export as type PKCS#12 (PFX). Assign a password and choose a file location.


35

Download a tool such as the Digi Cert Utility for exporting from the PFX the public and private keys https://www.digicert.com/util/.

Launch the applicate from the same location as the PFX. Highlight the PFX, select export and check the key file option. Save the files to an appropriate location.

Copy the .crt and .key file to workflow server c:\programdata\polycom\WorkflowServer\ssl folder.

Restart the workflow server windows service to apply the certificates.


36

INSTALL AND CUSTOMIZE EASY SCHEDULE APP WORKFLOW SERVER TEMPLATES The Easy Schedule App add-in for Microsoft Outlook supports the following languages:

Locale Code Windows Language EN-US English (USA) FR-FR French (France) FR-BE French (Belgium) FR-CA French (Canadian) FR-CH French (Switzerland) FR-001 French (World) DE-DE German (Germany) DE-AT German (Austria) DE-CH German (Switzerland) ES-ES Spanish (Spain) EX-MX Spanish (Mexico) ES-HN Spanish (Honduras) ES-AR Spanish (Argentina) CS-CZ Czech (Czech Republic)

The Easy Schedule App add-in attempts to match the operating system language. If the locale matches the list above the corresponding language is used for the Easy Schedule user interface. If the locale does not produce a match the Easy Schedule App uses the default language defined against the Environment > Advanced Options > DMA Lookup > default Language attribute. If no language is set the language defaults to EN-US.

The Easy Schedule App retrieves from Workflow Server the templates for populating the comments (body) of the meeting invitation. The App attempts to match the locale and text format; HTML, RTF or TXT against a template name and type. If the attendee list includes external email domain(s) Workflow Server attempts to locate a template appended with –External.

The templates should be copied to a folder named templates in c:\programdata\Polycom\WorkflowServer\. Polycom provides the 6 default EN-US files which customers may edit and/or use as a template for other supported languages. The templates contain a number of XML attributes that are replaced by the Easy Schedule App. The table below describes each attribute.

XML Attribute Function <AGENDA/> Instructs Easy Schedule where to insert any text

entered within the body/comments of the invitation prior to selecting the Easy Schedule button

<DIALIN_PREFIX/> Is the Environment > Advanced Options > DMA Lookup > Prefix attribute. Is typically populated with the DMA prefix

<VMR_NUMBER/> Is the VMR or Schedule DMA conference ID <MEETING_PASSWORD/> Is the DMA conference passcode


37

<AUDIO_NUMBER1/> Is the first telephone number defined within the Environment > Advanced Options > DMA Lookup >Endpoint Access list

<AUDIO_NUMBER2/> Is the second telephone number defined within the Environment > Advanced Options > DMA Lookup >Endpoint Access list

<VIDEO_NUMBER/> Is the video entry defined within the Environment > Advanced Options > DMA Lookup >Endpoint Access list

<MOL/> Is the video entry defined within the Environment > Advanced Options > DMA Lookup >Endpoint Access list

<SIGNALING_PREFIX/> Is the Environment > Advanced Options > DMA Lookup > Signaling Prefix attribute. This is typically not used

<SIGNALING_POSTFIX/> Is the Environment > Advanced Options > DMA Lookup > Signaling Postfix attribute. This is typically the SIP and H.323 domain suffix that resolves to the RPAD

<EXTERNAL_IP/> Is the Environment > Advanced Options > DMA Lookup > External IP attribute. This is typically the Internet routable IP address of the RPAD

Caution. The Workflow Server reads the templates on startup of the service, therefore if the templates are replaced or modified the service must be restarted.


38

INSTALL EASY SCHEDULE APP MANIFEST VIA EXCHANGE CONTROL PANEL (ECP) The Easy Schedule App add-in for Outlook is distributed to Outlook 2013 or later clients and the Exchange 2013 or later OWA via the Exchange Control Panel (ECP). Browse and login to ECP. Select organization > add-ins, add from file. Select the manifest file and the preferred user defaults.

For deployments where the add-in is not added automatically to Outlook, select File, manage add-ins and deploy via OWA.


39

Web Info. For further information on deploying add-ins consult the Microsoft Support site. https://support.office.com/en-us/article/Deploy-Office-Add-ins-in-the-Office-365-Admin-Center-737e8c86-be63-44d7-bf02-492fa7cd9c3f?ui=en-US&rs=en-US&ad=US

CONFIGURE PC BROWSER LOCAL INTRANET SITES The Easy Schedule App add-in for Outlook and Office 365 Single Sign On (SSO) requires the Workflow Server environment FQDN to be defined under Internet Explorer Local Intranet sites. The FQDN may be added as individual FQDN or encompassed by a wildcard e.g. https://*.myrpp.net encompasses easyschedule.myrpp.net.

ASSIGN WORKFLOW SERVER AD ACCOUNT DMA PROVISIONER ROLE Login to DMA with an Active Directory user account assigned the admin role. Select User > Users. Uncheck local users only, enter the name of the account in the search field and select search. Highlight the Workflow Server Activity Directory user and select Edit. Select the associated roles tab and assign the Provisioner role. Select Ok.


40

CREATING REALPRESENCE MEETING DIRECTOR LOCAL USER ACCOUNTS Local user accounts for RealPresence Meeting Director are created by editing the localusers.js file located in the folder c:\programdata\polycom\worflowserver\config\ of the Windows Server hosting the Workflow Server App. For each user requiring access to the server, RealPresence Meeting Director requires the following JSON attributes:

• “displayName”: The name to display in the Meeting Director UI when the user is logged in

• “name”: Username for logging into Meeting Director • “password”: Password for the account in clear text or base64 encoded • “groups”:[] MDGroup provides permission to login to Meeting Director

Below is an example for adding a user named John Doe: { "displayName": "John Doe", "password": "Polycom12#$", "name": "jdoe", "groups": [ "MDGroup" ] }


41

ASSOCIATING REALPRESENCE MEETING DIRECTOR LOGON WITH AD GROUP(S) MEMBERSHIP RealPresence Meeting Director supports login by Video Admins using their AD domain credentials. Login is limited through AD Group membership, by defining the distinguished name of one or more AD groups under the “mdLdapGroup” attribute of the localgroups.js file located in the folder c:\programdata\polycom\worflowserver\config\ of the Windows Server hosting the Workflow Server App. The configuration is as follows:

Open Active Directory Users and Computers. Select the View menu and check the Advanced Features option as shown.

Using Active Directory Users and Computers locate or create the desired Active directory security group. Right click the object and select properties.

Select the Attribute Editor tab and locate the distinguishedName attribute.

Double click the attribute and copy the value.

Edit the c:\programdata\polycom\worflowserver\config\localGroups.js file and locate the "mdLdapGroup" : [] attribute. Enter between the square brackets the distinguished name value in double quotations. Multiple groups are defined with a comma between the end and start quotations of multiple groups. RealPresence Meeting Director will perform an OR if two or more groups exist.

"mdLdapGroup": [“CN=Meeting Director,CN=Users, DC=myrpp,DC=cloud”, “CN=Video Admins ,CN=Users, DC=myrpp,DC=cloud”]


42

CONFIGURING GROUP SERIES AND/OR HDX ONE TOUCH DIAL CALENDARING Polycom Group Series and HDX codecs may derive calendaring configuration through manual configuration or via Polycom RealPresence Resource Manager (RPRM) provisioning.

In the following example, the Group Series and HDX are manually configured to derive the Exchange room resource mailbox calendar via the Workflow Server environment using the realm local and challenge password. The configuration is as follows:

• Enable Calendaring service: Checked

• Microsoft Exchange server address: Workflow Server environment FQDN

• Domain: local

• User Name: anything

• Password: OTD environment challengePassword

• Mailbox: SMTP address of the room resource mailbox

• Meeting reminder time: As desired

• Play meeting reminder tone: As desired

• Show private meetings: As desired

Group Series Example

Group Series calendaring service is configured via the admin settings > servers > calendaring service menu.


43

The Group Series must be configured with an accurate date and time, and the correct time zone/GMT offset to ensure calendar entries displayed by the device match the local time.

Group Series time zone/GMT offset is configured via the web interface of the device admin settings > general settings > date and time menu.

Polycom recommends the devices be configured to derive time from a time server supporting NTP. Setting the time server as auto will configure the device to derive time from ntp.polycom.com.

HDX Example

HDX calendaring service is configured via the admin settings > global services > calendaring service menu.


44

The HDX must be configured with an accurate date and time, and the correct time zone/GMT offset to ensure calendar entries displayed by the device match the local time.

HDX time zone/GMT offset is configured via the web interface of the device admin settings > general settings > date and time menu.

Polycom recommends the devices be configured to derive time from a time server supporting NTP. Setting the time server as auto will configure the device to derive time from ntp.polycom.com.


45

VALIDATE REALPRESENCE MEETING DIRECTOR, ONE TOUCH DIAL AND EASY SCHEDULE CONFIGURATION The Workflow Server Status tab is used to validate the configuration.

Listed under the environment workflowserver.myrpp.cloud in the example shown, are the In and Locations folders.

The In (active) list reports successful calendar retrieval connections to Microsoft Exchange. If Workflow Server is unable to perform the calendar retrieval for a given room or the Easy Schedule monitored mailbox, it will be listed temporarily under “In authenticated” if the entity provided valid credentials or In unauthenticated if the credentials provided did not match the Workflow

Server challenge auth realm/domain, username and password fields.

The locations tab lists each successfully authenticated RealPresence Meeting Director room and the status of the corresponding Group Series or HDX. If Workflow Server is unable to communicate with the Group Series or HDX the status will be reported as Offline.


46

Easy Schedule functionality can be tested via the Outlook and/or OWA add-in. Create a new meeting with for the same day with an end date in the future, add 1 or more rooms equipped with Group Series and/or HDX videoconferencing devices, and select the Easy button to populate the body of the invitation with the DMA hosted conference join information.


47

RealPresence Meeting Director functionality can be testing in a Google Chrome web browser by browsing to https://<environmentFQDN>/director. If configured correctly, Meeting Director will prompt the user for credentials.

Login with the local user plcmuser Polycom12#$, or domain\username and confirm you see the Easy Schedule meeting invite in the calendar.


48

TASK LIST The following task list may be used tracking the activities required for successful deployment of Meeting Director.

Task Notes Windows Server Tasks

Creation of Windows Server 2016 instance with 2x CPUs, 8GB RAM and Google Chrome Web browser

Assign videoconferencing admin performing configuration admin/team rights for the host and remote desktop connectivity

Microsoft Exchange Tasks Creation of Microsoft Exchange room resource mailbox for each room equipped with a Polycom Group Series and/or HDX videoconferencing device

Configuration of Microsoft Exchange Calendar Processing -DeleteComments attribute as false for all room resource mailboxes associated with a Group Series and/or HDX

Creation of Microsoft AD user account, password set to never expire and Exchange user mailbox for Polycom One Touch Dial feature

Creation of Microsoft Exchange Application Impersonation role with default write scope. Assign One Touch Dial user account Application Impersonation role

Deploy Easy Schedule manifest /add-in via Exchange Control Panel (for installations without existing Easy Schedule deployment)

Network Services Tasks Create a DNS record for Polycom Workflow Server resolving to the Windows Server 2016 host where the application will be installed

(Optional) Implement firewall rules as defined in the network requirements section, for deployments whereby workflow server is to be deployed within a firewall DMZ

(Optional) Provide HTTP proxy configuration details for deployments whereby workflow server is to retrieve calendar entries from Office365 Exchange Online and the organization uses an HTTP forwarding proxy

Private/Public Key Infrastructure (Certificates) Create a private key and signed public key / certificate for Workflow Server

Videoconferencing Team Tasks Create a list of rooms equipped with Group Series and/or HDXs, comprising of room name, primary SMTP address of room resource mailbox, HDX IPv4 address and admin password


49

Download Workflow Server software release 1.7.0 or later from support.polycom.com and copy to the Windows Server 2016


50

(OPTIONAL) HTTP FORWARDING PROXY CONFIGURATION For deployments where by Workflow Server is to retrieve calendar entries from Office365 Exchange Online and the organization uses an HTTP forwarding proxy, the proxy must be defined within the One Touch Dial configuration. Select the Environments tab, followed by the environment created during the Meeting Director and One Touch Dial configuration. Select Settings Properties, check the Forward Proxy option and select properties a further time to minimize the properties options.

Select the Froward Proxy properties, to add the attributes required for the deployment.

The Proxy URL and port field is used/required for deployments where the proxy settings will not be configured using a proxy auto-config (PAC) file. For example, a Squid forwarding proxy could be defined as http://squid.myrpp.cloud:3129

The Proxy Auto-Config (PAC) field is used/required whereby the forwarding proxy settings are to be derived from a .pac file. The field defines the path to the file. For example, http://server.myrpp.cloud/proxy-auto-config.pac

The Proxy credentials are used to define the username and password for deployments whereby the host must authenticate with the

proxy. For example, the username may be defined as domain\user or as a UPN.

For deployments using a forward proxy, Workflow Server will attempt to route all HTTP packets to the forwarding proxy, unless the host is defined by a proxy exclusion rule within a PAC file. This includes HTTP packets to HDXs for Touch Plus functionality. It is therefore recommended to use a PAC file for all deployments including a forwarding proxy.


51

PRIVACY Polycom Workflow Server processes, displays and stores Personally Identifiable Information in delivery of it features. The information shown within the user interface and logs relates to the processing of calendar entries.

1. Privacy-related options

Option name in UI Available settings Location in UI Clear logs Yes Logs tab of admin UI access via https://localhost/admin

2. How Data Subject Rights are supported

Data Subject Right Method of support Right to be informed of the following:

Polycom Workflow Server accesses and may generate log files containing the following information:

• Information contained in calendar entries, such as organizer, attendees and room names and email addresses, information populated in the subject or body, conference URIs

• Domain account information for calendar retrieval or generation of calendar entries

• IP addresses of personal or room devices when performing calendar retrieval

The above personal data is used for retrieval and displaying calendar entries on videoconferencing devices via the Polycom OTD and Touch Plus features, Scheduling videoconferences via the Easy Schedule feature, and in managing conferences via the RealPresence Meeting Director feature. Personal data may be written to the Workflow Server logs or configuration files. The data can be accessed for review by downloading the logs from the Workflow Server Admin UI Logs tab, downloading the configuration from the Admin UI Tools tab, and browsing to the c:\programdata\polycom\workflow server folder. Information written to the app.log files comprises of 4 log files rotated when the server restarts, every 2 hours, when a file reaches 200 megabytes or when the combined file size of the 4 logs reaches 800 megabytes. Information written to the configuration and log files is not shared automatically. A user with access to the server may review the log files and configuration and may elect to download and share with Polycom or a partner for support purposes. Before doing so they should review and delete any personal information. Data Subjects have a right to be notified when their data has been processed without authorization. The product administrator is able to monitor and identify when security anomalies have occurred. See the "How an admin can be informed of any security anomalies (including data breach)" table in this guide. By using the Products and Services or providing Personal Information to us, you agree that we may communicate with you electronically regarding security, privacy, and administrative issues relating to your use of the Products and Services. If we learn of a security system’s breach, we may attempt to notify you electronically by


52

posting a notice on the Services or sending an email to you. You may have a legal right to receive this notice in writing. To receive free written notice of a security breach (or to withdraw your consent from receiving electronic notice), please notify us at [email protected].

Right to access (view and / or obtain a copy of all personal data for a specific data subject)

Personal data may be written to the Workflow Server logs or configuration files. The data can be accessed for review by downloading the logs from the Workflow Server Admin UI Logs tab, downloading the configuration from the Admin UI Tools tab, and browsing to the c:\programdata\polycom\workflow server folder.

Right to rectification (make corrections to inaccurate or incomplete personal data)

Personal data may be written to the Workflow Server logs. Typically, the personal information such as name and email address are received from the organizations Microsoft active directory and/or Microsoft Exchange environments. Corrections should be made by contacting your local IT support.

Right to erasure (remove all personal data)

Personal data may be written to the Workflow Server logs or configuration files. The data can be accessed for review by downloading the logs from the Workflow Server Admin UI Logs tab, downloading the configuration from the Admin UI Tools tab, and browsing to the c:\programdata\polycom\workflow server folder. Information may be deleted by deleting the Workflow Server logs and/or uninstalling the workflow server application using add/remove programs and after successfully uninstalled deleting the c:\programdata\polycom\workflow server folder.

Right to data portability (receive a copy of all personal data in a commonly used, machine-readable format)

Personal data may be written to the Workflow Server logs or configuration files. The data can be accessed for review by downloading the logs from the Workflow Server Admin UI Logs tab, downloading the configuration from the Admin UI Tools tab, and browsing to the c:\programdata\polycom\workflow server folder.

3. Purposes for processing personal data

Personal Data Category

Type of Personal Data

Purpose of Processing Interface type

Calendar entries

name email address

Displaying calendars on videoconferencing devices, scheduling of videoconferences

Web UI writing to log files for troubleshooting


53

4. How admin can be informed of any security anomalies (including data breach)

Security anomaly type

Where to check Recommended frequency to check

System crash OTD enabled Videoconferencing devices no longer display calendar, Users or Easy Schedule, RealPresence Meeting Director or Touch Plus report user interface no longer responding Error will appear in system log file

Upon report from user of an issue. Check log file just after reboot

5. How customer personal data is deleted

Data type Steps to delete Deletion method

User credentials If using Workflow Server local user accounts, delete credentials from c:\programdata\polycom\workflowserver\config\localusers.js

Deleting the file and saving overwrites the original

User calendar for display on videoconferencing device

If using a personal Cisco videoconferencing device, delete the agent from Workflow Server admin UI. If using a Polycom device, delete the user credentials from calendaring config page or remove calendar provisioning from RealPresence Resource Manager configuration

Deleting the agent overwrites the original agents.js file

Log files Personal data may be written to the Workflow Server logs. The logs can be deleted from the admin UI Logs tab

Files are rewritten as blank files


54

REALPRESENCE MEETING DIRECTOR OPERATIONAL GUIDE Video Admins login to RealPresence Meeting Director via the URL https://<environmentFQDN>/director. For example, https://workflowserver.myrpp.cloud/director. RealPresence Meeting Director prompts the user for their login credentials.

Users login with either a local user account such as the default account plcmuser, or the domain credentials by entering domain\username.


55

RealPresence Meeting Director monitors the Exchange Room Resource mailboxes associated with the Group Series and HDX videoconferencing devices for Easy Schedule invitations, providing a calendared view of the day’s videoconferences.

RealPresence Meeting Director only displays Easy Schedule meetings, reporting the status of meetings as follows:

• In Preparation - Meetings scheduled to start in the next 10 minutes • In Progress – Meetings with a scheduled start in the past and end in the

future • Not Started – Meetings with a scheduled start more than 10 minutes in the

future • Is Finished – Meetings with a scheduled end in the past

The count shows the number of internally invited rooms equipped with a Group Series or HDX videoconferencing device

The video admin may filter the view to only display results based upon an invited attendee, room, subject or DMA conference ID.

Selecting a calendar entry provides a summary of the meeting, listing the invited attendees, rooms, subject and DMA conference ID.


56

Selecting Manage Meeting retrieves the associated conference from DMA, displays any internally invited rooms equipped with a Group Series or HDX, plus any other participants connected to the conference.

Displayed across the top of the manage meeting screen are the DMA/RMX conference controls: • Mute/Unmute All – Toggles between muting or un-muting all participants connected to the RMX

hosted conference • Local/Unlock – Toggles between enabling and preventing new participants from connecting to

the RMX hosted conference • Connect All – Is available when there are one or more internally invited rooms in an idle state.

Selecting instructs the associated Group Series or HDX devices to dial the DMA conference ID. • Terminate Conference – Is available when there are one or more codecs connected to the DMA

conference ID. Selecting Terminate All ends the RMX hosted conference • Meeting Layout – Enables changing of the RMX hosted conference layout, and assignment of

participants to cells


57

Directly beneath the DMA/RMX conference controls, RealPresence Meeting Director displays the meeting time bar. The bar displays the elapsed time and the scheduled time. The schedule time is displayed in the GMT offset of the PC and shows overall duration of the conference against the original scheduled time. The remaining time is shown is gray.

Once the conference scheduled end time has passed, the additional time and elapsed time are shown in red.

Within the room control pane, RealPresence Meeting Director lists any internally invited rooms associated with a Polycom Group Series or HDX, plus all other participants connected to the DMA conference. For internally invited rooms equipped with a Group Series or HDX the following controls are available:

When Idle the connect button appears

When connected to the wrong conference a yellow warning sign appears. Hovering over the sign displays the conference ID to which the device is connected. The disconnect and mic mute toggle buttons are available

When connected to the conference the disconnect, device microphone toggle, conference mute toggle and more actions buttons are available

The more actions button enables assignment of a personal video layout for the RMX hosted conference

For all other connected participants, the following controls are available:

The disconnect, conference mute toggle and more actions buttons are available


58

The more actions button enables assignment of a personal video layout for the RMX hosted conference

RealPresence Meeting Director provides a visual representation of the current active speaker. This feature is useful in determining in large conferences an unwanted noise source, or the current presenter

configuration guide - realpresence meeting director ... · realpresence meeting director workflow...

Documents