Polycom 1725-31424-001 Скачать руководство пользователя страница 16 | Manualshive

Страница: 16 / 56

background image

Deployment Guide for the Polycom CX700 IP Phone

10

Equilax

Equifax Secure
Certification
Authority

8/22/2018

1024

GeoTrust

GetTrust Global CA

5/20/2022

2048

GoDaddy

GoDaddy Class 2
Certification
Authority

6/29/2034

2048

GoDaddy

http//www.valicert.c
om/

6/25/2019

1024

GoDaddy

Starfield Class 2
Certification
Authority

6/29/2034

2048

Vendor

Certificate Name

Expiry Date

Key Length

«
...
14
15
16
17
18
...
»

Содержание 1725-31424-001

Страница 1: ...R2 July 2010 1725 31424 001 Rev A Deployment Guide for the Polycom CX700 IP Phone ...

Страница 2: ...ows Windows Server Windows Vista Windows XP Office Communications Server Office Communicator and Office Live Meeting are either registered trademarks or trademarks of Microsoft Corporation in the United States and or other countries Patent Information The accompanying product is protected by one or more U S and foreign patents and or pending patent applications held by Polycom Inc and or one or mo...

Страница 3: ... Using your Polycom CX700 lets you take advantage of Microsoft Office Communications Server 2007 R2 without needing access to a computer For more information on what s new in Microsoft Office Communications Server 2007 R2 refer to http www microsoft com communicationsserver en us whats new aspx This Deployment Guide provides everything you need to deploy the Polycom CX700 in a standard Microsoft e...

Страница 4: ...Deployment Guide for the Polycom CX700 IP Phone iv ...

Страница 5: ... Security Framework Overview 6 Root CA Certificate for the Polycom CX700 Phone 7 2 Upgrading Polycom CX700 Phone within a Microsoft Office Communications Server 2007 R2 Environment 11 Introduction 12 Assumptions and Terminology 12 Background 15 Polycom CX700 Phone Upgrade Steps Summary 21 Polycom CX700 Phone Upgrade Steps Details 23 Step 1 Set Environmental Dependencies 23 Step 2 Upgrade Polycom C...

Страница 6: ...Windows Server as an NTP Time Source 43 Enabling Automatic Certificate Enrollment 45 Making the Root CA Certificate Available to a Polycom CX700 Phone 48 Installing a Public Root CA Certificate on a Polycom CX700 Phone 49 Confirming the Current Software Version 49 ...

Страница 7: ...and the improved communication and collaboration of Microsoft Office Communications Server 2007 R2 To deploy and upgrade Polycom CX700 phones you must Configure a Dynamic Host Configuration Protocol DHCP server Configure a Domain Name Service DNS and add DNS SRV records Configure a Network Time Protocol NTP server Configure certificates for the phones Configure Microsoft Office Communications Serv...

Страница 8: ...ffixes that can be appended to these DNS names For DHCP clients this can be set by assigning the DNS domain name option Option 15 and providing a single DNS suffix for the client to append and use in searches In some circumstances it is preferable that a DHCP client be configured by using multiple DNS suffixes supported with the use of DHCP Search Option 119 DHCP Search Option 119 is passed from t...

Страница 9: ... and then select 119 DNS Search List 8 Enter a list of domain suffixes in your organization delimited by a semicolon for example contoso com dev contoso com corp microsoft com 9 Click OK DNS and the Polycom CX700 IP Phone The Polycom CX700 phone will process a number of DNS records in order to locate the Microsoft Office Communications Server 2007 R2 Topics in this section include Polycom CX700 Ph...

Страница 10: ...d and configured correctly for Outlook 2007 clients to automatically connect to Exchange features such as the offline address book the Availability service and Unified Messaging UM For more information see the Exchange Server TechCenter topic How to Configure Exchange Services for the Autodiscover Service at http go microsoft com fwlink linkid 141087 Retrieving Outlook Contacts Call Logs and Voice...

Страница 11: ...requently for synchronizing computer clocks It does this by using a designated time reference The Polycom CX700 phone requires NTP to set the correct time and date for the Polycom CX700 phone NTP Time Provider The NTP provider is the standard time provider that is included with Windows Server 2003 The NTP provider in the Windows Time service consists of the following two parts NtpServer output pro...

Страница 12: ...sure that the Default Domain Policy is highlighted and then click Edit 4 Click Computer Configuration click Administrative Templates click System and then click Windows Time Service 5 Click Time Providers and in the right pane double click Enable Windows NTP Server select the Enabled button and then click OK 6 From the Group Policy Object Editor menu select File and then click Exit Server Security...

Страница 13: ...ificate Authority Solution If Microsoft Office Communications Server 2007 R2 servers use public certificates the certificates will most likely be automatically trusted by the device because the device contains the same list of trusted CAs as Windows CE The table at the end of this topic lists the public certificates that are trusted by the Polycom CX700 phone Privately Hosted Certificate Authority...

Страница 14: ...t of considerations for issuing certificates to the Polycom CX700 phone By default the uses Transport Layer Security TLS and Secure Real time Transport Protocol SRTP Requirement Trust certificates presented by Office Communications Server 2007 R2 and Exchange Server 2007 server Requirement Root certification authority CA chain certificate resides on the device No manual installation of certificate...

Страница 15: ...ates that are trusted by the Polycom CX700 phone Vendor Certificate Name Expiry Date Key Length Comodo AAA Certificate Services 12 31 2020 2048 Comodo AddTrust External CA Root 5 30 2020 2048 Cybertrust Baltimore CyberTrust Root 5 12 2025 2048 Cybertrust GlobalSign Root CA 1 28 2014 2048 Cybertrust GTE CyberTrust Global Root 8 13 2018 1024 VeriSign Class 2 Public Primary Certification Authority 8 ...

Страница 16: ... Authority 8 22 2018 1024 GeoTrust GetTrust Global CA 5 20 2022 2048 GoDaddy GoDaddy Class 2 Certification Authority 6 29 2034 2048 GoDaddy http www valicert c om 6 25 2019 1024 GoDaddy Starfield Class 2 Certification Authority 6 29 2034 2048 Vendor Certificate Name Expiry Date Key Length ...

Страница 17: ... of issues the upgrade may be a two step process which includes a hard reset of the phone to remove any pre existing phone credentials certificates chains and URLs Topics in this chapter include Introduction Polycom CX700 Phone Upgrade Steps Summary Polycom CX700 Phone Upgrade Steps Details A list of frequency asked questions can be found in Troubleshooting the Polycom CX700 Phone on page 3 39 ...

Страница 18: ...ing to signing in to the Polycom CX700 phone the following format will be used Sign in address userAlias SIPDomain Domain User name DomainFQDN userAlias For example Software Releases Corresponding Microsoft Office Communications Server OCS 2007 1 0 199 123 OCS 2007 R1 software on phones 1 0 522 101 OCS 2007 R1 download from Microsoft web site 3 5 6907 35 OCS 2007 R2 download from Microsoft web sit...

Страница 19: ...evice Update service Domain User name is analogous to the account the user signs in to Active Directory with In some environments the SIPDomain and DHCPDomain values will be the same but they are purposely kept different in the examples used here to highlight the issues that arise as a result of them being different For example depending on the firmware version a phone will look in SIPDomain for t...

Страница 20: ...e plus sign in the center This process removes any credentials certificate chains and XML configuration files and restores the phone to factory defaults The first time a user powers up the phone and signs in the phone gets in band provisioning information from the server or Enterprise pool hosting the user s account The information contains the internal and external URL of the server running Devic...

Страница 21: ...rds It also contains _sipinternaltls _tcp and _ntp _udp SRV records There is an Active Directory DNS zone called contoso com i e the DHCPDomain and created automatically during setup It will contain the pool and ucupdates r2 A records at a minimum It also hosts all machine accounts There are corresponding external DNS zones for contoso com and fabrikam com There is a reverse proxy that is publishi...

Страница 22: ...ou specified Pool01Data during setup the path would be C Pool01Data ClientUpdateStore DeviceUpdates Microsoft Office Communications Server 2007 R2 Standard Edition The installer automatically creates the DeviceUpdateFiles folder in the Web Components folder under the Office Communications Server 2007 R2 installation folder on the local computer This folder is not shared and it inherits the permiss...

Страница 23: ...The request for example http 192 168 7 81 RequestHandler ucdevice upx is sent to the Web Components Server hosting the Device Update Service and includes the MAC address and serial number of the phone issuing the request 1 The Microsoft Office Communications Server OCS 2007 R2 Device Update Service returns a response containing one of the following If no updates exists for the current version the ...

Страница 24: ...equence When Running Software Release 1 199 123 The following steps occur when you sign in to a Polycom CX700 phone running software release 1 199 123 This assumes that the Sign in address value is ocstest1 fabrikam com and the Domain User Name value is contoso com ocstest1 Action Examples Comments 1 Obtain DHCP address 2 Query DNS for time windows com and time windows com DHCPDomain A records tim...

Страница 25: ...itiates TLS connection to pool IP Address specifying which Ciphers are supported Note SHA2 is not supported 10 Pool responds with Certificate detail they exchange keys if handshake is OK Server Hello Note TLS connection is not established yet 11 Polycom CX700 phone queries DHCPDomain for AD LDAP service using DC provided by DHCP _ldap _tcp dc _msdcs contoso com 12 Polycom CX700 phone binds to AD a...

Страница 26: ...ge 2007 CAS Used for missed call notification 24 Polycom CX700 phone sends HTTP 80 POST to pool DHCPDomain for RequestHandler ucdevice upx Note This would be an HTTPS 443 POST to pool DHCPDomain for RequestHandlerExt ucdevice upx for an external OCPE device Payload contains phone vendor info 25 Pool responds with current firmware upgrade version and Internal External file path info These values ar...

Страница 27: ...he pool running Device Updater b Configure DNS for SIPDomain fabrikam com is used in the example Add A records for autodiscover fabrikam com pointed to the IP address or the Exchange CAS server used by OCS sip fabrikam com pointed to the IP address of the pool running Device Updater Add SRV records for _sipinternaltls _tcp fabrikam com pointed to the FQDN of pool running Device Update service on p...

Страница 28: ...t using the steps in Enabling Automatic Certificate Enrollment on page 3 45 Or alternatively you can enable Auto Enrollment 2 Configure Microsoft Office Communications Server OCS On the pool running the Device Update service Modify the Client Version filter to allow OCPhone devices equal to or greater than release 1 0 199 Modify Device Update Service External URLs required even if upgrading Polyco...

Страница 29: ...o 1 0 522 101 a ucupdates XML file is copied to the Polycom CX700 phone and it should not be necessary to sign back in but you will want to power cycle the phone to start the upgrade If you do sign in to the Polycom CX700 phone use your SIP URI for the Sign in Address value and your domain FQDN for the Domain User name value for example ocstest1 fabrikam com and contoso com ocstest1 respectively T...

Страница 30: ...s with is different than the domain where their domain controller is located you can configure DHCP Option 119 to include a list of all the domains to check for a DC For instructions on configuring Option 119 refer to How to Configure DHCP Option 119 on page 3 43 Step 1 2 Configure DNS The following DNS records are required for upgrading but some are only required for a specific phase for example ...

Страница 31: ... N A External IP VIP of Access Edge server A autodiscover SIPDomain N A External IP VIP of Exchange server running CAS role Note this assumes SIP URI matches the user s Primary SMTP address in Exchange A reverseProxyFQDN SIPDomain N A IP of reverse proxy specified in the ExternalBaseURL WMI setting SRV _sip _tls SIPDomain 443 FQDN of Access Edge server SRV _ntp _udp SIPDomain 123 time windows com ...

Страница 32: ...xt for the following entry under CN Certification Authorities you should see your Enterprise CA listed with a Class type of certificationAuthority Once you ve determined that your Enterprise CA is listed you can confirm that the Trusted Root certificate chain actually uploaded by double clicking on your Enterprise CA CN ContosoCA in the example and look for the cACertificate attribute It should be...

Страница 33: ...ative to running certutil and uploading the Trusted Root Certificate Chain into Active Directory you can enable the domain for certificate auto enrollment For instructions refer to Enabling Automatic Certificate Enrollment on page 3 45 Step 1 4 Configure Microsoft Office Communications Server Modify client version filter On the Pool running the Device Update service confirm that Client Version con...

Страница 34: ...running the Device Update service run cscript ConfigureExternalDownloadURLs vbs 3 The script will populate the DownloadURL StoreURL values with the FQDN of the reverse proxy server that is publishing the URLs from which remote Polycom CX700 phones will download updated image files from e g ocsrp fabrikam com and update the client version filter 4 If you plan to upgrade external Polycom CX700 phone...

Страница 35: ...the instance name from the database name as shown for example local rtc 4 This query opens one instance of this class Double click the instance To determine the correct syntax for the DB to connect to you can look at the Pool Database tab the value listed for Database Instance Name is the value you substitute for poolbackend Also double quotes work as well as single quotes ...

Страница 36: ...oreURL type https ReverseProxyFQDN DeviceUpdateFiles_Ext 7 Click Save Property and then Save Object to save the instance 8 Click Close 9 Verify that the Windows Management Instrumentation WMI values are updated by querying the class as described in step 3 The ExternalUpdatesDownloadURL and ExternalUpdatesStoreURL properties should be set to a non NULL value 10 Click Exit to close wbemtest Verify I...

Страница 37: ...iceUpdateFiles_Ext OCInterim E NU cpe nbt and verify that you can download the file If you can chances are the Polycom CX700 phone can Using a browser from outside the corporate firewall connect to https ReverseProxyFQDN RequestHandlerExt ucdevice upx and download cpe nbt xml version 1 0 Response NumOfFiles 0 NumOfFiles CurrentTime 2009 06 04T06 22 03 CurrentTime ServerVersion 3 5 6907 0 ServerVer...

Страница 38: ...ecause the 1 0 199 123 software does not recognize builds greater than 1 0 522 Step 2 1 Prepare Software Update Files There are three basic steps to this process 1 Download the UCUpdates files and uncompress them to CAB files 2 Upload the CAB files to the pool and uncompress them further to CPE files 3 Approve the CPE files In previous releases of OCS 2007 Polycom CX700 phones operating outside th...

Страница 39: ... Pending Updates tab and ensure that 1 0 522 101 is in the Pending state Do not change it at this time 7 Click the Test Devices tab and add the Polycom CX700 phone to be upgraded no spaces dashes in the MAC address Step 2 2 Upgrade the Polycom CX700 Phone from 1 0 199 123 to 1 0 522 101 Now that the necessary CPE files have been installed and a test device created it is time to upgrade the Polycom...

Страница 40: ...CX700 phones listed on the Test Devices tab can receive Pending Updates OR If no other production Polycom CX700 phones are on a build higher than 1 0 522 101 you can use Device Updater to approve the pending updates and finish flashing the software on the remaining phones running build 1 0 199 123 Once all Polycom CX700 phones are running release 1 0 522 101 and have been recalibrated go to the ne...

Страница 41: ...s them further to CPE files 3 Approve the CPE files To prepare the software update files 1 Download the Microsoft Office Communications Server OCS 2007 3 5 6907 9 Polycom CX700 phone software release UCUpdates exe here and store it on a Pool Front End server for example c UCUpdates 6907 9 2 Open a CMD window change to the directory where you downloaded the 3 5 6907 9 version of UCUpdates and run t...

Страница 42: ...minutes of inactivity or you want to expedite the process perform a reboot power cycle the phone and let it sit for five to ten minutes You can monitor the IIS and ImageUpdate Audit log files for progress status The phone will reset and go to the calibration screen There is a lag between when 3 5 6907 9 is available and when the phone can access it and the system logs the attempt Be sure to allow ...

Страница 43: ... 2007 R2 Environment 37 3 Calibrate the phone and sign in 4 Confirm the Polycom CX700 phone is running release 3 5 6907 9 by clicking About on the main menu and checking the Version information Click OK to return to the Sign in screen The Polycom CX700 phone is now ready to use ...

Страница 44: ...Deployment Guide for the Polycom CX700 IP Phone 38 ...

Страница 45: ...Issues are grouped as follows Logs Used for Troubleshooting When to Use DHCP Option 119 Configuring Windows Server as an NTP Time Source Enabling Automatic Certificate Enrollment Making the Root CA Certificate Available to a Polycom CX700 Phone Installing a Public Root CA Certificate on a Polycom CX700 Phone Confirming the Current Software Version For more troubleshooting information refer to the ...

Страница 46: ...CX700 phone connects to IIS correctly c inetpub logs LogFiles W3SVC1 _ log where _ some prefix and the current date To confirm the Polycom CX700 phone runs Locate the Device Update service correctly review the Device Update audit logs By default audit logs are located in different locations depending on Microsoft Office Communications Server 2007 R2 product type For Microsoft Office Communications...

Страница 47: ...g example provides instructions for a Polycom CX700 running build 199 with planned upgrade to build 522 Internal assumes pool running Device Update service pool01 contoso com http pool01 contoso com DeviceUpdateFiles_Int UCPhone Poly com CX700 A ENU 1 0 522 101 CPE CPE nbt When hitting this link you should get prompted to save cpe nbt if security is set properly External assumes reverse proxy FQDN...

Страница 48: ...his sequence _ldap _tcp dc _msdcs fabrikam takes the NetBIOS name directly fails _ldap _tcp dc _msdcs fabrikam fabrikam dk adds the DomainName value fails _ldap _tcp dc _msdcs fabrikam fabrikam dk adds first element in DomainSearch fails _ldap _tcp dc _msdcs fabrikam dk adds second element in DomainSearch succeeds So if dk was not added to DHCP option 119 the phone would have been unable to locate...

Страница 49: ...xes in your organization delimited by a semi colon For example contoso com corp contoso com fabrikam com 6 Click OK to close the Predefined Options and Values page Configuring Windows Server as an NTP Time Source For Windows 2008 To configure Windows 2008 Server as an NTP time source 1 Click Start Run type regedit in the list box and click OK to open the Registry editor 2 To enable the Network Tim...

Страница 50: ...ime service click Start Run or alternatively use the command prompt facility and type net stop w32time net start w32time Your time server should be now up and running For Windows 2003 To use an internal server as the authoritative time source as outlined in the section Configuring the Windows Time service to use an internal hardware clock in the document available at http support microsoft com kb ...

Страница 51: ...lt Domain Policy GPO and then click Edit 4 In the Group Policy Management Console GPMC select User Configuration Policies Windows Settings Security Settings and then click Public Key Policies 5 Double click Certificate Services Client Auto Enrollment 6 Select Enabled from the configuration model list box 7 Select one of the following three check boxes depending on requirements Renew expired certif...

Страница 52: ...on the domain object containing the Polycom CX700 phone using the following steps To configure autoenrollment Group Policy for a domain 1 Open Active Directory Users and Computers 2 Right click on the domain containing the Polycom CX700 phone and select Properties 3 Click the Group Policy tab make sure the Default Domain Policy is highlighted and click the Edit button 4 Select Computer Configurati...

Страница 53: ... com 4 Select CN Services 5 Select CN Public Key Services and check the following two objects a Click CN Certification Authorities and confirm that the name of your internal Certificate Authority is listed in the right pane with a Class type of certificationAuthority b Click CN Enrollment Services and confirm that the name of your internal Certificate Authority is listed in the right pane with a C...

Страница 54: ...ects of category certificationAuthority If the search returns any objects it will use the attribute caCertificate That attribute is assumed to hold the certificate and the device will install the certificate To get the Root CA certificate placed in the caCertificate attribute use the command certutil f dspublish Root CA certificate in cer file RootCA This command will publish the certificate as re...

Страница 55: ... need the device to ask for certificates if you do not do this the phone will use the currently installed certificate when challenged by your internal Microsoft Office Communications Server 2007 R2 servers and not search for them in Active Directory You reset the device by inserting a paper clip in the small hole on the back between the USB and headset connectors Then you can connect the device to...

Страница 56: ...Deployment Guide Polycom CX700 50 ...

Отзывы:

Нет отзывов

Похожие инструкции для 1725-31424-001

Бренд: Yealink Страницы: 8

Бренд: T-Mobile Страницы: 2

Бренд: Panasonic Страницы: 100

Бренд: Panasonic Страницы: 5

Бренд: Panasonic Страницы: 12

Бренд: Panasonic Страницы: 6

Бренд: Panasonic Страницы: 12

Бренд: Nec Casio Страницы: 390

Andi4 IPS Velvet

Бренд: iBall Страницы: 134

Бренд: Hanlong Страницы: 68

DigiWalker A701

Бренд: Mio Страницы: 168

Бренд: Avaya Страницы: 4

Бренд: Alcatel Страницы: 2

Бренд: Movilnet Страницы: 26

Бренд: KARBONN Страницы: 33

Бренд: Grandstream Networks Страницы: 2

Бренд: Telstra Страницы: 101

Бренд: TP-Link Страницы: 61

Бренды по названию

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Популярные бренды

Загрузить еще бренды